syzbot has found a reproducer for the following issue on: HEAD commit: d4560686726f Merge tag 'for_linus' of git://git.kernel.org.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=119f30f5980000 kernel config: https://syzkaller.appspot.com/x/.config?x=505ed4a1dd93463a dashboard link: https://syzkaller.appspot.com/bug?extid=c75d1de73d3b8b76272f compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17e2fc5d980000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16307a7d980000 Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-d4560686.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/3304e311b45d/vmlinux-d4560686.xz kernel image: https://storage.googleapis.com/syzbot-assets/c5fa8d141fd4/bzImage-d4560686.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+c75d1de73d3b8b76272f@xxxxxxxxxxxxxxxxxxxxxxxxx ====================================================== WARNING: possible circular locking dependency detected 6.11.0-rc2-syzkaller-00013-gd4560686726f #0 Not tainted ------------------------------------------------------ syz-executor492/5336 is trying to acquire lock: ffffffff8fa20ee8 (rtnl_mutex){+.+.}-{3:3}, at: smc_vlan_by_tcpsk+0x251/0x620 net/smc/smc_core.c:1853 but task is already holding lock: ffff888033d60258 (sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1607 [inline] ffff888033d60258 (sk_lock-AF_INET6){+.+.}-{0:0}, at: smc_connect+0xd5/0x760 net/smc/af_smc.c:1650 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (sk_lock-AF_INET6){+.+.}-{0:0}: lock_sock_nested+0x3a/0xf0 net/core/sock.c:3543 lock_sock include/net/sock.h:1607 [inline] sockopt_lock_sock net/core/sock.c:1061 [inline] sockopt_lock_sock+0x54/0x70 net/core/sock.c:1052 do_ipv6_setsockopt+0x216a/0x47b0 net/ipv6/ipv6_sockglue.c:567 ipv6_setsockopt+0xe3/0x1a0 net/ipv6/ipv6_sockglue.c:993 udpv6_setsockopt+0x7d/0xd0 net/ipv6/udp.c:1702 do_sock_setsockopt+0x222/0x480 net/socket.c:2324 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347 __do_sys_setsockopt net/socket.c:2356 [inline] __se_sys_setsockopt net/socket.c:2353 [inline] __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (rtnl_mutex){+.+.}-{3:3}: check_prev_add kernel/locking/lockdep.c:3133 [inline] check_prevs_add kernel/locking/lockdep.c:3252 [inline] validate_chain kernel/locking/lockdep.c:3868 [inline] __lock_acquire+0x24ed/0x3cb0 kernel/locking/lockdep.c:5142 lock_acquire kernel/locking/lockdep.c:5759 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5724 __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752 smc_vlan_by_tcpsk+0x251/0x620 net/smc/smc_core.c:1853 __smc_connect+0x44d/0x4830 net/smc/af_smc.c:1522 smc_connect+0x2fc/0x760 net/smc/af_smc.c:1702 __sys_connect_file+0x15f/0x1a0 net/socket.c:2061 __sys_connect+0x149/0x170 net/socket.c:2078 __do_sys_connect net/socket.c:2088 [inline] __se_sys_connect net/socket.c:2085 [inline] __x64_sys_connect+0x72/0xb0 net/socket.c:2085 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sk_lock-AF_INET6); lock(rtnl_mutex); lock(sk_lock-AF_INET6); lock(rtnl_mutex); *** DEADLOCK *** 1 lock held by syz-executor492/5336: #0: ffff888033d60258 (sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1607 [inline] #0: ffff888033d60258 (sk_lock-AF_INET6){+.+.}-{0:0}, at: smc_connect+0xd5/0x760 net/smc/af_smc.c:1650 stack backtrace: CPU: 1 UID: 0 PID: 5336 Comm: syz-executor492 Not tainted 6.11.0-rc2-syzkaller-00013-gd4560686726f #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119 check_noncircular+0x31a/0x400 kernel/locking/lockdep.c:2186 check_prev_add kernel/locking/lockdep.c:3133 [inline] check_prevs_add kernel/locking/lockdep.c:3252 [inline] validate_chain kernel/locking/lockdep.c:3868 [inline] __lock_acquire+0x24ed/0x3cb0 kernel/locking/lockdep.c:5142 lock_acquire kernel/locking/lockdep.c:5759 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5724 __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752 smc_vlan_by_tcpsk+0x251/0x620 net/smc/smc_core.c:1853 __smc_connect+0x44d/0x4830 net/smc/af_smc.c:1522 smc_connect+0x2fc/0x760 net/smc/af_smc.c:1702 __sys_connect_file+0x15f/0x1a0 net/socket.c:2061 __sys_connect+0x149/0x170 net/socket.c:2078 __do_sys_connect net/socket.c:2088 [inline] __se_sys_connect net/socket.c:2085 [inline] __x64_sys_connect+0x72/0xb0 net/socket.c:2085 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f6fc285ad49 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffeaafd57c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f6fc285ad49 RDX: 000000000000001c RSI: 0000000020000200 RDI: 0000000000000004 RBP: 00000000000f4240 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffeaafd5820 R13: 00007f6fc28a8406 R14: 0000000000000003 R15: 00007ffeaafd5800 </TASK> --- If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing.
