pkg/report/testdata/linux/report/186 - platform/external/syzkaller - Git at Google

 # Note: 185-188 have the same root cause.
 TITLE: possible deadlock in do_ipv6_setsockopt

 [   53.842308] ======================================================
 [   53.848617] WARNING: possible circular locking dependency detected
 [   53.854929] 4.15.0+ #221 Not tainted
 [   53.858633] ------------------------------------------------------
 [   53.864938] syz-executor3/5627 is trying to acquire lock:
 [   53.870468]  (sk_lock-AF_INET6){+.+.}, at: [<000000005bcb19be>] do_ipv6_setsockopt.isra.8+0x3c5/0x39d0
 [   53.879944]
 [   53.879944] but task is already holding lock:
 [   53.885893]  (rtnl_mutex){+.+.}, at: [<000000001f0e7db0>] rtnl_lock+0x17/0x20
 [   53.893173]
 [   53.893173] which lock already depends on the new lock.
 [   53.893173]
 [   53.901483]
 [   53.901483] the existing dependency chain (in reverse order) is:
 [   53.909081]
 [   53.909081] -> #2 (rtnl_mutex){+.+.}:
 [   53.914395]        __mutex_lock+0x16f/0x1a80
 [   53.918789]        mutex_lock_nested+0x16/0x20
 [   53.923353]        rtnl_lock+0x17/0x20
 [   53.927224]        unregister_netdevice_notifier+0x91/0x4e0
 [   53.932921]        clusterip_tg_destroy+0x389/0x6e0
 [   53.937916]        cleanup_entry+0x218/0x350
 [   53.942305]        __do_replace+0x79d/0xa50
 [   53.946603]        do_ipt_set_ctl+0x40f/0x5f0
 [   53.951071]        nf_setsockopt+0x67/0xc0
 [   53.955277]        ip_setsockopt+0x97/0xa0
 [   53.959482]        tcp_setsockopt+0x82/0xd0
 [   53.963786]        sock_common_setsockopt+0x95/0xd0
 [   53.968783]        SyS_setsockopt+0x189/0x360
 [   53.973254]        entry_SYSCALL_64_fastpath+0x29/0xa0
 [   53.978498]
 [   53.978498] -> #1 (&xt[i].mutex){+.+.}:
 [   53.983939]        __mutex_lock+0x16f/0x1a80
 [   53.988318]        mutex_lock_nested+0x16/0x20
 [   53.992872]        xt_find_table_lock+0x3e/0x3e0
 [   53.997596]        xt_request_find_table_lock+0x28/0xc0
 [   54.002948]        get_info+0x154/0x690
 [   54.006899]        do_ip6t_get_ctl+0x159/0xaf0
 [   54.011454]        nf_getsockopt+0x6a/0xc0
 [   54.015661]        ipv6_getsockopt+0x1df/0x2e0
 [   54.020215]        tcp_getsockopt+0x82/0xd0
 [   54.024511]        sock_common_getsockopt+0x95/0xd0
 [   54.029521]        SyS_getsockopt+0x178/0x340
 [   54.034019]        entry_SYSCALL_64_fastpath+0x29/0xa0
 [   54.039289]
 [   54.039289] -> #0 (sk_lock-AF_INET6){+.+.}:
 [   54.045095]        lock_acquire+0x1d5/0x580
 [   54.049404]        lock_sock_nested+0xc2/0x110
 [   54.053975]        do_ipv6_setsockopt.isra.8+0x3c5/0x39d0
 [   54.059482]        ipv6_setsockopt+0xd7/0x130
 [   54.063949]        rawv6_setsockopt+0x4a/0xf0
 [   54.068425]        sock_common_setsockopt+0x95/0xd0
 [   54.073415]        SyS_setsockopt+0x189/0x360
 [   54.077879]        entry_SYSCALL_64_fastpath+0x29/0xa0
 [   54.083122]
 [   54.083122] other info that might help us debug this:
 [   54.083122]
 [   54.091320] Chain exists of:
 [   54.091320]   sk_lock-AF_INET6 --> &xt[i].mutex --> rtnl_mutex
 [   54.091320]
 [   54.101614]  Possible unsafe locking scenario:
 [   54.101614]
 [   54.107654]        CPU0                    CPU1
 [   54.112299]        ----                    ----
 [   54.116940]   lock(rtnl_mutex);
 [   54.120195]                                lock(&xt[i].mutex);
 [   54.126138]                                lock(rtnl_mutex);
 [   54.131908]   lock(sk_lock-AF_INET6);
 [   54.135683]
 [   54.135683]  *** DEADLOCK ***
 [   54.135683]
 [   54.141717] 1 lock held by syz-executor3/5627:
 [   54.146270]  #0:  (rtnl_mutex){+.+.}, at: [<000000001f0e7db0>] rtnl_lock+0x17/0x20
 [   54.153968]
 [   54.153968] stack backtrace:
 [   54.158438] CPU: 0 PID: 5627 Comm: syz-executor3 Not tainted 4.15.0+ #221
 [   54.165346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 [   54.174686] Call Trace:
 [   54.177254]  dump_stack+0x194/0x257
 [   54.180856]  ? arch_local_irq_restore+0x53/0x53
 [   54.185512]  print_circular_bug.isra.38+0x2cd/0x2dc
 [   54.190524]  ? save_trace+0xe0/0x2b0
 [   54.194214]  __lock_acquire+0x30a8/0x3e00
 [   54.198353]  ? debug_check_no_locks_freed+0x3c0/0x3c0
 [   54.203528]  ? rtnl_lock+0x17/0x20
 [   54.207054]  ? __mutex_lock+0x16f/0x1a80
 [   54.211090]  ? rtnl_lock+0x17/0x20
 [   54.214607]  ? rtnl_lock+0x17/0x20
 [   54.218122]  ? print_irqtrace_events+0x270/0x270
 [   54.222857]  ? __lock_acquire+0x664/0x3e00
 [   54.227069]  ? print_irqtrace_events+0x270/0x270
 [   54.231804]  ? check_noncircular+0x20/0x20
 [   54.236020]  ? print_irqtrace_events+0x270/0x270
 [   54.240759]  ? debug_check_no_locks_freed+0x3c0/0x3c0
 [   54.245923]  ? check_noncircular+0x20/0x20
 [   54.250131]  ? __lock_acquire+0x664/0x3e00
 [   54.254341]  ? find_held_lock+0x35/0x1d0
 [   54.258377]  lock_acquire+0x1d5/0x580
 [   54.262160]  ? lock_sock_nested+0xa3/0x110
 [   54.266373]  ? lock_acquire+0x1d5/0x580
 [   54.270321]  ? do_ipv6_setsockopt.isra.8+0x3c5/0x39d0
 [   54.275490]  ? lock_release+0xa40/0xa40
 [   54.279442]  ? trace_event_raw_event_sched_switch+0x800/0x800
 [   54.285297]  ? trace_event_raw_event_sched_switch+0x800/0x800
 [   54.291156]  ? do_raw_spin_trylock+0x190/0x190
 [   54.295716]  ? __enqueue_entity+0x109/0x1e0
 [   54.300019]  ? lock_sock_nested+0x44/0x110
 [   54.304241]  lock_sock_nested+0xc2/0x110
 [   54.308291]  ? do_ipv6_setsockopt.isra.8+0x3c5/0x39d0
 [   54.313455]  do_ipv6_setsockopt.isra.8+0x3c5/0x39d0
 [   54.318444]  ? ipv6_update_options+0x330/0x330
 [   54.323000]  ? lock_downgrade+0x980/0x980
 [   54.327128]  ? check_noncircular+0x20/0x20
 [   54.331333]  ? load_balance+0x34c0/0x34c0
 [   54.335452]  ? check_noncircular+0x20/0x20
 [   54.339657]  ? compat_start_thread+0x80/0x80
 [   54.344041]  ? do_raw_spin_trylock+0x190/0x190
 [   54.348615]  ? find_held_lock+0x35/0x1d0
 [   54.352657]  ? avc_has_perm+0x35e/0x680
 [   54.356601]  ? lock_downgrade+0x980/0x980
 [   54.360719]  ? lock_release+0xa40/0xa40
 [   54.364665]  ? lock_downgrade+0x980/0x980
 [   54.368783]  ? lock_release+0xa40/0xa40
 [   54.372728]  ? __lock_is_held+0xb6/0x140
 [   54.376764]  ? avc_has_perm+0x43e/0x680
 [   54.380723]  ? avc_has_perm_noaudit+0x520/0x520
 [   54.385371]  ? iterate_fd+0x3f0/0x3f0
 [   54.389152]  ? lock_downgrade+0x980/0x980
 [   54.393272]  ? __lock_is_held+0xb6/0x140
 [   54.397304]  ? schedule+0xf5/0x430
 [   54.400818]  ? sock_has_perm+0x2a4/0x420
 [   54.404847]  ? selinux_secmark_relabel_packet+0xc0/0xc0
 [   54.410180]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
 [   54.415859]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
 [   54.421103]  ? alloc_file+0x27e/0x390
 [   54.424874]  ipv6_setsockopt+0xd7/0x130
 [   54.428817]  ? ipv6_setsockopt+0xd7/0x130
 [   54.432936]  rawv6_setsockopt+0x4a/0xf0
 [   54.436883]  sock_common_setsockopt+0x95/0xd0
 [   54.441349]  SyS_setsockopt+0x189/0x360
 [   54.445294]  ? SyS_recv+0x40/0x40
 [   54.448720]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
 [   54.453538]  ? trace_hardirqs_on_caller+0x421/0x5c0
 [   54.458530]  ? trace_hardirqs_on_thunk+0x1a/0x1c
 [   54.463255]  entry_SYSCALL_64_fastpath+0x29/0xa0
 [   54.467980] RIP: 0033:0x453299
 [   54.471138] RSP: 002b:00007f426abc9c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
 [   54.478825] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
 [   54.486067] RDX: 0000000000000001 RSI: 0000000000000029 RDI: 0000000000000013
 [   54.493317] RBP: 00000000000005cd R08: 0000000000000004 R09: 0000000000000000
 [   54.500565] R10: 000000002095affc R11: 0000000000000212 R12: 00000000006f7bd8
 [   54.507812] R13: 00000000ffffffff R14: 00007f426abca6d4 R15: 0000000000000000
	# Note: 185-188 have the same root cause.
	TITLE: possible deadlock in do_ipv6_setsockopt

	[ 53.842308] ======================================================
	[ 53.848617] WARNING: possible circular locking dependency detected
	[ 53.854929] 4.15.0+ #221 Not tainted
	[ 53.858633] ------------------------------------------------------
	[ 53.864938] syz-executor3/5627 is trying to acquire lock:
	[ 53.870468] (sk_lock-AF_INET6){+.+.}, at: [<000000005bcb19be>] do_ipv6_setsockopt.isra.8+0x3c5/0x39d0
	[ 53.879944]
	[ 53.879944] but task is already holding lock:
	[ 53.885893] (rtnl_mutex){+.+.}, at: [<000000001f0e7db0>] rtnl_lock+0x17/0x20
	[ 53.893173]
	[ 53.893173] which lock already depends on the new lock.
	[ 53.893173]
	[ 53.901483]
	[ 53.901483] the existing dependency chain (in reverse order) is:
	[ 53.909081]
	[ 53.909081] -> #2 (rtnl_mutex){+.+.}:
	[ 53.914395] __mutex_lock+0x16f/0x1a80
	[ 53.918789] mutex_lock_nested+0x16/0x20
	[ 53.923353] rtnl_lock+0x17/0x20
	[ 53.927224] unregister_netdevice_notifier+0x91/0x4e0
	[ 53.932921] clusterip_tg_destroy+0x389/0x6e0
	[ 53.937916] cleanup_entry+0x218/0x350
	[ 53.942305] __do_replace+0x79d/0xa50
	[ 53.946603] do_ipt_set_ctl+0x40f/0x5f0
	[ 53.951071] nf_setsockopt+0x67/0xc0
	[ 53.955277] ip_setsockopt+0x97/0xa0
	[ 53.959482] tcp_setsockopt+0x82/0xd0
	[ 53.963786] sock_common_setsockopt+0x95/0xd0
	[ 53.968783] SyS_setsockopt+0x189/0x360
	[ 53.973254] entry_SYSCALL_64_fastpath+0x29/0xa0
	[ 53.978498]
	[ 53.978498] -> #1 (&xt[i].mutex){+.+.}:
	[ 53.983939] __mutex_lock+0x16f/0x1a80
	[ 53.988318] mutex_lock_nested+0x16/0x20
	[ 53.992872] xt_find_table_lock+0x3e/0x3e0
	[ 53.997596] xt_request_find_table_lock+0x28/0xc0
	[ 54.002948] get_info+0x154/0x690
	[ 54.006899] do_ip6t_get_ctl+0x159/0xaf0
	[ 54.011454] nf_getsockopt+0x6a/0xc0
	[ 54.015661] ipv6_getsockopt+0x1df/0x2e0
	[ 54.020215] tcp_getsockopt+0x82/0xd0
	[ 54.024511] sock_common_getsockopt+0x95/0xd0
	[ 54.029521] SyS_getsockopt+0x178/0x340
	[ 54.034019] entry_SYSCALL_64_fastpath+0x29/0xa0
	[ 54.039289]
	[ 54.039289] -> #0 (sk_lock-AF_INET6){+.+.}:
	[ 54.045095] lock_acquire+0x1d5/0x580
	[ 54.049404] lock_sock_nested+0xc2/0x110
	[ 54.053975] do_ipv6_setsockopt.isra.8+0x3c5/0x39d0
	[ 54.059482] ipv6_setsockopt+0xd7/0x130
	[ 54.063949] rawv6_setsockopt+0x4a/0xf0
	[ 54.068425] sock_common_setsockopt+0x95/0xd0
	[ 54.073415] SyS_setsockopt+0x189/0x360
	[ 54.077879] entry_SYSCALL_64_fastpath+0x29/0xa0
	[ 54.083122]
	[ 54.083122] other info that might help us debug this:
	[ 54.083122]
	[ 54.091320] Chain exists of:
	[ 54.091320] sk_lock-AF_INET6 --> &xt[i].mutex --> rtnl_mutex
	[ 54.091320]
	[ 54.101614] Possible unsafe locking scenario:
	[ 54.101614]
	[ 54.107654] CPU0 CPU1
	[ 54.112299] ---- ----
	[ 54.116940] lock(rtnl_mutex);
	[ 54.120195] lock(&xt[i].mutex);
	[ 54.126138] lock(rtnl_mutex);
	[ 54.131908] lock(sk_lock-AF_INET6);
	[ 54.135683]
	[ 54.135683] * DEADLOCK *
	[ 54.135683]
	[ 54.141717] 1 lock held by syz-executor3/5627:
	[ 54.146270] #0: (rtnl_mutex){+.+.}, at: [<000000001f0e7db0>] rtnl_lock+0x17/0x20
	[ 54.153968]
	[ 54.153968] stack backtrace:
	[ 54.158438] CPU: 0 PID: 5627 Comm: syz-executor3 Not tainted 4.15.0+ #221
	[ 54.165346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
	[ 54.174686] Call Trace:
	[ 54.177254] dump_stack+0x194/0x257
	[ 54.180856] ? arch_local_irq_restore+0x53/0x53
	[ 54.185512] print_circular_bug.isra.38+0x2cd/0x2dc
	[ 54.190524] ? save_trace+0xe0/0x2b0
	[ 54.194214] __lock_acquire+0x30a8/0x3e00
	[ 54.198353] ? debug_check_no_locks_freed+0x3c0/0x3c0
	[ 54.203528] ? rtnl_lock+0x17/0x20
	[ 54.207054] ? __mutex_lock+0x16f/0x1a80
	[ 54.211090] ? rtnl_lock+0x17/0x20
	[ 54.214607] ? rtnl_lock+0x17/0x20
	[ 54.218122] ? print_irqtrace_events+0x270/0x270
	[ 54.222857] ? __lock_acquire+0x664/0x3e00
	[ 54.227069] ? print_irqtrace_events+0x270/0x270
	[ 54.231804] ? check_noncircular+0x20/0x20
	[ 54.236020] ? print_irqtrace_events+0x270/0x270
	[ 54.240759] ? debug_check_no_locks_freed+0x3c0/0x3c0
	[ 54.245923] ? check_noncircular+0x20/0x20
	[ 54.250131] ? __lock_acquire+0x664/0x3e00
	[ 54.254341] ? find_held_lock+0x35/0x1d0
	[ 54.258377] lock_acquire+0x1d5/0x580
	[ 54.262160] ? lock_sock_nested+0xa3/0x110
	[ 54.266373] ? lock_acquire+0x1d5/0x580
	[ 54.270321] ? do_ipv6_setsockopt.isra.8+0x3c5/0x39d0
	[ 54.275490] ? lock_release+0xa40/0xa40
	[ 54.279442] ? trace_event_raw_event_sched_switch+0x800/0x800
	[ 54.285297] ? trace_event_raw_event_sched_switch+0x800/0x800
	[ 54.291156] ? do_raw_spin_trylock+0x190/0x190
	[ 54.295716] ? __enqueue_entity+0x109/0x1e0
	[ 54.300019] ? lock_sock_nested+0x44/0x110
	[ 54.304241] lock_sock_nested+0xc2/0x110
	[ 54.308291] ? do_ipv6_setsockopt.isra.8+0x3c5/0x39d0
	[ 54.313455] do_ipv6_setsockopt.isra.8+0x3c5/0x39d0
	[ 54.318444] ? ipv6_update_options+0x330/0x330
	[ 54.323000] ? lock_downgrade+0x980/0x980
	[ 54.327128] ? check_noncircular+0x20/0x20
	[ 54.331333] ? load_balance+0x34c0/0x34c0
	[ 54.335452] ? check_noncircular+0x20/0x20
	[ 54.339657] ? compat_start_thread+0x80/0x80
	[ 54.344041] ? do_raw_spin_trylock+0x190/0x190
	[ 54.348615] ? find_held_lock+0x35/0x1d0
	[ 54.352657] ? avc_has_perm+0x35e/0x680
	[ 54.356601] ? lock_downgrade+0x980/0x980
	[ 54.360719] ? lock_release+0xa40/0xa40
	[ 54.364665] ? lock_downgrade+0x980/0x980
	[ 54.368783] ? lock_release+0xa40/0xa40
	[ 54.372728] ? __lock_is_held+0xb6/0x140
	[ 54.376764] ? avc_has_perm+0x43e/0x680
	[ 54.380723] ? avc_has_perm_noaudit+0x520/0x520
	[ 54.385371] ? iterate_fd+0x3f0/0x3f0
	[ 54.389152] ? lock_downgrade+0x980/0x980
	[ 54.393272] ? __lock_is_held+0xb6/0x140
	[ 54.397304] ? schedule+0xf5/0x430
	[ 54.400818] ? sock_has_perm+0x2a4/0x420
	[ 54.404847] ? selinux_secmark_relabel_packet+0xc0/0xc0
	[ 54.410180] ? selinux_netlbl_socket_setsockopt+0x10c/0x460
	[ 54.415859] ? selinux_netlbl_sock_rcv_skb+0x730/0x730
	[ 54.421103] ? alloc_file+0x27e/0x390
	[ 54.424874] ipv6_setsockopt+0xd7/0x130
	[ 54.428817] ? ipv6_setsockopt+0xd7/0x130
	[ 54.432936] rawv6_setsockopt+0x4a/0xf0
	[ 54.436883] sock_common_setsockopt+0x95/0xd0
	[ 54.441349] SyS_setsockopt+0x189/0x360
	[ 54.445294] ? SyS_recv+0x40/0x40
	[ 54.448720] ? entry_SYSCALL_64_fastpath+0x5/0xa0
	[ 54.453538] ? trace_hardirqs_on_caller+0x421/0x5c0
	[ 54.458530] ? trace_hardirqs_on_thunk+0x1a/0x1c
	[ 54.463255] entry_SYSCALL_64_fastpath+0x29/0xa0
	[ 54.467980] RIP: 0033:0x453299
	[ 54.471138] RSP: 002b:00007f426abc9c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
	[ 54.478825] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
	[ 54.486067] RDX: 0000000000000001 RSI: 0000000000000029 RDI: 0000000000000013
	[ 54.493317] RBP: 00000000000005cd R08: 0000000000000004 R09: 0000000000000000
	[ 54.500565] R10: 000000002095affc R11: 0000000000000212 R12: 00000000006f7bd8
	[ 54.507812] R13: 00000000ffffffff R14: 00007f426abca6d4 R15: 0000000000000000