======================================================
WARNING: possible circular locking dependency detected
6.8.0-rc5-syzkaller-00329-gab0a97cffa0b #0 Not tainted
------------------------------------------------------
syz-executor.3/2055 is trying to acquire lock:
ffff88802d393530 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline]
ffff88802d393530 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137

but task is already holding lock:
ffffc900013342e0 (&h->lhash2[i].lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffffc900013342e0 (&h->lhash2[i].lock){+.+.}-{2:2}, at: inet_diag_dump_icsk+0x39f/0x1f80 net/ipv4/inet_diag.c:1038

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&h->lhash2[i].lock){+.+.}-{2:2}:
       lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
       __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
       _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
       spin_lock include/linux/spinlock.h:351 [inline]
       __inet_hash+0x335/0xbe0 net/ipv4/inet_hashtables.c:743
       inet_csk_listen_start+0x23a/0x320 net/ipv4/inet_connection_sock.c:1261
       __inet_listen_sk+0x2a2/0x770 net/ipv4/af_inet.c:217
       inet_listen+0xa3/0x110 net/ipv4/af_inet.c:239
       rds_tcp_listen_init+0x3fd/0x5a0 net/rds/tcp_listen.c:316
       rds_tcp_init_net+0x141/0x320 net/rds/tcp.c:577
       ops_init+0x352/0x610 net/core/net_namespace.c:136
       __register_pernet_operations net/core/net_namespace.c:1214 [inline]
       register_pernet_operations+0x2cb/0x660 net/core/net_namespace.c:1283
       register_pernet_device+0x33/0x80 net/core/net_namespace.c:1370
       rds_tcp_init+0x62/0xd0 net/rds/tcp.c:735
       do_one_initcall+0x238/0x830 init/main.c:1236
       do_initcall_level+0x157/0x210 init/main.c:1298
       do_initcalls+0x3f/0x80 init/main.c:1314
       kernel_init_freeable+0x42f/0x5d0 init/main.c:1551
       kernel_init+0x1d/0x2a0 init/main.c:1441
       ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
       ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242

-> #0 (k-sk_lock-AF_INET6){+.+.}-{0:0}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain+0x18ca/0x58e0 kernel/locking/lockdep.c:3869
       __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137
       lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
       lock_sock_fast include/net/sock.h:1723 [inline]
       subflow_get_info+0x166/0xd20 net/mptcp/diag.c:28
       tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline]
       tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137
       inet_sk_diag_fill+0x10ed/0x1e00 net/ipv4/inet_diag.c:345
       inet_diag_dump_icsk+0x55b/0x1f80 net/ipv4/inet_diag.c:1061
       __inet_diag_dump+0x211/0x3a0 net/ipv4/inet_diag.c:1263
       netlink_dump+0x59b/0xc80 net/netlink/af_netlink.c:2264
       __netlink_dump_start+0x5df/0x790 net/netlink/af_netlink.c:2370
       netlink_dump_start include/linux/netlink.h:338 [inline]
       inet_diag_handler_cmd+0x1de/0x2b0 net/ipv4/inet_diag.c:1426
       sock_diag_rcv_msg+0xe7/0x410
       netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
       sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280
       netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
       netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
       netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908
       sock_sendmsg_nosec net/socket.c:730 [inline]
       __sock_sendmsg+0x221/0x270 net/socket.c:745
       sock_write_iter+0x2dd/0x400 net/socket.c:1160
       do_iter_readv_writev+0x46c/0x640
       vfs_writev+0x395/0xbb0 fs/read_write.c:971
       do_writev+0x1b1/0x350 fs/read_write.c:1018
       do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
       __do_fast_syscall_32+0xbd/0x120 arch/x86/entry/common.c:321
       do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:346
       entry_SYSENTER_compat_after_hwframe+0x7c/0x86

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&h->lhash2[i].lock);
                               lock(k-sk_lock-AF_INET6);
                               lock(&h->lhash2[i].lock);
  lock(k-sk_lock-AF_INET6);

 *** DEADLOCK ***

5 locks held by syz-executor.3/2055:
 #0: ffffffff8f381788 (sock_diag_mutex){+.+.}-{3:3}, at: sock_diag_rcv+0x1b/0x40 net/core/sock_diag.c:279
 #1: ffffffff8f3815e8 (sock_diag_table_mutex){+.+.}-{3:3}, at: __sock_diag_cmd net/core/sock_diag.c:233 [inline]
 #1: ffffffff8f3815e8 (sock_diag_table_mutex){+.+.}-{3:3}, at: sock_diag_rcv_msg+0x21e/0x410 net/core/sock_diag.c:269
 #2: ffff88801ea16680 (nlk_cb_mutex-SOCK_DIAG){+.+.}-{3:3}, at: netlink_dump+0xde/0xc80 net/netlink/af_netlink.c:2211
 #3: ffffffff8f4650e8 (inet_diag_table_mutex){+.+.}-{3:3}, at: inet_diag_lock_handler net/ipv4/inet_diag.c:63 [inline]
 #3: ffffffff8f4650e8 (inet_diag_table_mutex){+.+.}-{3:3}, at: __inet_diag_dump+0x191/0x3a0 net/ipv4/inet_diag.c:1261
 #4: ffffc900013342e0 (&h->lhash2[i].lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #4: ffffc900013342e0 (&h->lhash2[i].lock){+.+.}-{2:2}, at: inet_diag_dump_icsk+0x39f/0x1f80 net/ipv4/inet_diag.c:1038

stack backtrace:
CPU: 1 PID: 2055 Comm: syz-executor.3 Not tainted 6.8.0-rc5-syzkaller-00329-gab0a97cffa0b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain+0x18ca/0x58e0 kernel/locking/lockdep.c:3869
 __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137
 lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
 lock_sock_fast include/net/sock.h:1723 [inline]
 subflow_get_info+0x166/0xd20 net/mptcp/diag.c:28
 tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline]
 tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137
 inet_sk_diag_fill+0x10ed/0x1e00 net/ipv4/inet_diag.c:345
 inet_diag_dump_icsk+0x55b/0x1f80 net/ipv4/inet_diag.c:1061
 __inet_diag_dump+0x211/0x3a0 net/ipv4/inet_diag.c:1263
 netlink_dump+0x59b/0xc80 net/netlink/af_netlink.c:2264
 __netlink_dump_start+0x5df/0x790 net/netlink/af_netlink.c:2370
 netlink_dump_start include/linux/netlink.h:338 [inline]
 inet_diag_handler_cmd+0x1de/0x2b0 net/ipv4/inet_diag.c:1426
 sock_diag_rcv_msg+0xe7/0x410
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280
 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
 netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:745
 sock_write_iter+0x2dd/0x400 net/socket.c:1160
 do_iter_readv_writev+0x46c/0x640
 vfs_writev+0x395/0xbb0 fs/read_write.c:971
 do_writev+0x1b1/0x350 fs/read_write.c:1018
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0xbd/0x120 arch/x86/entry/common.c:321
 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:346
 entry_SYSENTER_compat_after_hwframe+0x7c/0x86
RIP: 0023:0xf72d6579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f5ed05ac EFLAGS: 00000206 ORIG_RAX: 0000000000000092
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: sleeping function called from invalid context at net/core/sock.c:3553
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2055, name: syz-executor.3
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
INFO: lockdep is turned off.
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 1 PID: 2055 Comm: syz-executor.3 Not tainted 6.8.0-rc5-syzkaller-00329-gab0a97cffa0b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
 __might_resched+0x5d3/0x780 kernel/sched/core.c:10176
 __lock_sock_fast+0x31/0xe0 net/core/sock.c:3553
 lock_sock_fast include/net/sock.h:1725 [inline]
 subflow_get_info+0x172/0xd20 net/mptcp/diag.c:28
 tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline]
 tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137
 inet_sk_diag_fill+0x10ed/0x1e00 net/ipv4/inet_diag.c:345
 inet_diag_dump_icsk+0x55b/0x1f80 net/ipv4/inet_diag.c:1061
 __inet_diag_dump+0x211/0x3a0 net/ipv4/inet_diag.c:1263
 netlink_dump+0x59b/0xc80 net/netlink/af_netlink.c:2264
 __netlink_dump_start+0x5df/0x790 net/netlink/af_netlink.c:2370
 netlink_dump_start include/linux/netlink.h:338 [inline]
 inet_diag_handler_cmd+0x1de/0x2b0 net/ipv4/inet_diag.c:1426
 sock_diag_rcv_msg+0xe7/0x410
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280
 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
 netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:745
 sock_write_iter+0x2dd/0x400 net/socket.c:1160
 do_iter_readv_writev+0x46c/0x640
 vfs_writev+0x395/0xbb0 fs/read_write.c:971
 do_writev+0x1b1/0x350 fs/read_write.c:1018
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0xbd/0x120 arch/x86/entry/common.c:321
 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:346
 entry_SYSENTER_compat_after_hwframe+0x7c/0x86
RIP: 0023:0xf72d6579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f5ed05ac EFLAGS: 00000206 ORIG_RAX: 0000000000000092
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess), 2 bytes skipped:
   0:	10 06                	adc    %al,(%rsi)
   2:	03 74 b4 01          	add    0x1(%rsp,%rsi,4),%esi
   6:	10 07                	adc    %al,(%rdi)
   8:	03 74 b0 01          	add    0x1(%rax,%rsi,4),%esi
   c:	10 08                	adc    %cl,(%rax)
   e:	03 74 d8 01          	add    0x1(%rax,%rbx,8),%esi
  1e:	00 51 52             	add    %dl,0x52(%rcx)
  21:	55                   	push   %rbp
  22:	89 e5                	mov    %esp,%ebp
  24:	0f 34                	sysenter
  26:	cd 80                	int    $0x80
* 28:	5d                   	pop    %rbp <-- trapping instruction
  29:	5a                   	pop    %rdx
  2a:	59                   	pop    %rcx
  2b:	c3                   	ret
  2c:	90                   	nop
  2d:	90                   	nop
  2e:	90                   	nop
  2f:	90                   	nop
  30:	90                   	nop
  31:	90                   	nop
  32:	90                   	nop
  33:	90                   	nop
  34:	90                   	nop
  35:	90                   	nop
  36:	90                   	nop
  37:	90                   	nop
  38:	90                   	nop
  39:	90                   	nop
  3a:	90                   	nop
  3b:	90                   	nop
  3c:	90                   	nop
  3d:	90                   	nop