pkg/report/testdata/linux/report/185 - platform/external/syzkaller - Git at Google

 # Note: 185-188 have the same root cause.
 TITLE: possible deadlock in do_ip_setsockopt

 [   36.345030] ======================================================
 [   36.351334] WARNING: possible circular locking dependency detected
 [   36.357637] 4.15.0+ #221 Not tainted
 [   36.357648] xt_TCPMSS: Only works on TCP SYN packets
 [   36.361324] ------------------------------------------------------
 [   36.361330] syz-executor5/5807 is trying to acquire lock:
 [   36.361332]  (sk_lock-AF_INET){+.+.}, at: [<0000000046bbd7df>] do_ip_setsockopt.isra.12+0x1d9/0x3210
 [   36.361358]
 [   36.361358] but task is already holding lock:
 [   36.361360]  (rtnl_mutex){+.+.}, at: [<00000000366b10e7>] rtnl_lock+0x17/0x20
 [   36.361378]
 [   36.361378] which lock already depends on the new lock.
 [   36.361378]
 [   36.361380]
 [   36.361380] the existing dependency chain (in reverse order) is:
 [   36.361382]
 [   36.361382] -> #2 (rtnl_mutex){+.+.}:
 [   36.421860]        __mutex_lock+0x16f/0x1a80
 [   36.426252]        mutex_lock_nested+0x16/0x20
 [   36.430819]        rtnl_lock+0x17/0x20
 [   36.434693]        unregister_netdevice_notifier+0x91/0x4e0
 [   36.440382]        clusterip_tg_destroy+0x389/0x6e0
 [   36.445370]        cleanup_entry+0x218/0x350
 [   36.449755]        __do_replace+0x79d/0xa50
 [   36.454049]        do_ipt_set_ctl+0x40f/0x5f0
 [   36.458514]        nf_setsockopt+0x67/0xc0
 [   36.462717]        ip_setsockopt+0x97/0xa0
 [   36.466920]        tcp_setsockopt+0x82/0xd0
 [   36.471210]        sock_common_setsockopt+0x95/0xd0
 [   36.476198]        SyS_setsockopt+0x189/0x360
 [   36.480666]        entry_SYSCALL_64_fastpath+0x29/0xa0
 [   36.485909]
 [   36.485909] -> #1 (&xt[i].mutex){+.+.}:
 [   36.491343]        __mutex_lock+0x16f/0x1a80
 [   36.495724]        mutex_lock_nested+0x16/0x20
 [   36.500282]        xt_find_table_lock+0x3e/0x3e0
 [   36.505016]        xt_request_find_table_lock+0x28/0xc0
 [   36.510357]        get_info+0x154/0x690
 [   36.514303]        do_ipt_get_ctl+0x159/0xac0
 [   36.518767]        nf_getsockopt+0x6a/0xc0
 [   36.522973]        ip_getsockopt+0x15c/0x220
 [   36.527357]        tcp_getsockopt+0x82/0xd0
 [   36.531657]        sock_common_getsockopt+0x95/0xd0
 [   36.536644]        SyS_getsockopt+0x178/0x340
 [   36.541108]        entry_SYSCALL_64_fastpath+0x29/0xa0
 [   36.546349]
 [   36.546349] -> #0 (sk_lock-AF_INET){+.+.}:
 [   36.552040]        lock_acquire+0x1d5/0x580
 [   36.556332]        lock_sock_nested+0xc2/0x110
 [   36.560883]        do_ip_setsockopt.isra.12+0x1d9/0x3210
 [   36.566302]        ip_setsockopt+0x3a/0xa0
 [   36.570505]        raw_setsockopt+0xb7/0xd0
 [   36.574796]        sock_common_setsockopt+0x95/0xd0
 [   36.579784]        SyS_setsockopt+0x189/0x360
 [   36.584247]        entry_SYSCALL_64_fastpath+0x29/0xa0
 [   36.589488]
 [   36.589488] other info that might help us debug this:
 [   36.589488]
 [   36.597597] Chain exists of:
 [   36.597597]   sk_lock-AF_INET --> &xt[i].mutex --> rtnl_mutex
 [   36.597597]
 [   36.607798]  Possible unsafe locking scenario:
 [   36.607798]
 [   36.613823]        CPU0                    CPU1
 [   36.618462]        ----                    ----
 [   36.623095]   lock(rtnl_mutex);
 [   36.626343]                                lock(&xt[i].mutex);
 [   36.632282]                                lock(rtnl_mutex);
 [   36.638050]   lock(sk_lock-AF_INET);
 [   36.641735]
 [   36.641735]  *** DEADLOCK ***
 [   36.641735]
 [   36.647767] 1 lock held by syz-executor5/5807:
 [   36.652314]  #0:  (rtnl_mutex){+.+.}, at: [<00000000366b10e7>] rtnl_lock+0x17/0x20
 [   36.660004]
 [   36.660004] stack backtrace:
 [   36.664481] CPU: 0 PID: 5807 Comm: syz-executor5 Not tainted 4.15.0+ #221
 [   36.671375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 [   36.680701] Call Trace:
 [   36.683264]  dump_stack+0x194/0x257
 [   36.686868]  ? arch_local_irq_restore+0x53/0x53
 [   36.691519]  print_circular_bug.isra.38+0x2cd/0x2dc
 [   36.696505]  ? save_trace+0xe0/0x2b0
 [   36.700192]  __lock_acquire+0x30a8/0x3e00
 [   36.704321]  ? debug_check_no_locks_freed+0x3c0/0x3c0
 [   36.709487]  ? rtnl_lock+0x17/0x20
 [   36.713000]  ? __mutex_lock+0x16f/0x1a80
 [   36.717038]  ? rtnl_lock+0x17/0x20
 [   36.720549]  ? rtnl_lock+0x17/0x20
 [   36.724059]  ? __lock_acquire+0x664/0x3e00
 [   36.728264]  ? mutex_lock_io_nested+0x1900/0x1900
 [   36.733076]  ? print_irqtrace_events+0x270/0x270
 [   36.737809]  ? check_noncircular+0x20/0x20
 [   36.742028]  ? print_irqtrace_events+0x270/0x270
 [   36.746755]  ? debug_check_no_locks_freed+0x3c0/0x3c0
 [   36.751914]  ? do_raw_spin_trylock+0x190/0x190
 [   36.756464]  ? do_raw_spin_trylock+0x190/0x190
 [   36.761022]  ? check_noncircular+0x20/0x20
 [   36.765234]  ? check_noncircular+0x20/0x20
 [   36.769439]  ? find_held_lock+0x35/0x1d0
 [   36.773472]  lock_acquire+0x1d5/0x580
 [   36.777244]  ? lock_sock_nested+0xa3/0x110
 [   36.781447]  ? lock_acquire+0x1d5/0x580
 [   36.785392]  ? do_ip_setsockopt.isra.12+0x1d9/0x3210
 [   36.790467]  ? lock_release+0xa40/0xa40
 [   36.794411]  ? trace_event_raw_event_sched_switch+0x800/0x800
 [   36.800263]  ? trace_event_raw_event_sched_switch+0x800/0x800
 [   36.806116]  ? do_raw_spin_trylock+0x190/0x190
 [   36.810670]  ? lock_sock_nested+0x44/0x110
 [   36.814876]  lock_sock_nested+0xc2/0x110
 [   36.818908]  ? do_ip_setsockopt.isra.12+0x1d9/0x3210
 [   36.823984]  do_ip_setsockopt.isra.12+0x1d9/0x3210
 [   36.828884]  ? ip_ra_control+0x5c0/0x5c0
 [   36.832920]  ? check_noncircular+0x20/0x20
 [   36.837127]  ? compat_start_thread+0x80/0x80
 [   36.841505]  ? do_raw_spin_trylock+0x190/0x190
 [   36.846059]  ? find_held_lock+0x35/0x1d0
 [   36.850094]  ? avc_has_perm+0x35e/0x680
 [   36.854039]  ? lock_downgrade+0x980/0x980
 [   36.858158]  ? lock_release+0xa40/0xa40
 [   36.862100]  ? lock_downgrade+0x980/0x980
 [   36.866218]  ? lock_release+0xa40/0xa40
 [   36.870162]  ? __lock_is_held+0xb6/0x140
 [   36.874198]  ? avc_has_perm+0x43e/0x680
 [   36.878143]  ? avc_has_perm_noaudit+0x520/0x520
 [   36.882812]  ? iterate_fd+0x3f0/0x3f0
 [   36.886590]  ? lock_downgrade+0x980/0x980
 [   36.890714]  ? __lock_is_held+0xb6/0x140
 [   36.894755]  ? schedule+0xf5/0x430
 [   36.898275]  ? sock_has_perm+0x2a4/0x420
 [   36.902307]  ? selinux_secmark_relabel_packet+0xc0/0xc0
 [   36.907651]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
 [   36.913333]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
 [   36.918582]  ? alloc_file+0x27e/0x390
 [   36.922357]  ip_setsockopt+0x3a/0xa0
 [   36.926045]  raw_setsockopt+0xb7/0xd0
 [   36.929819]  sock_common_setsockopt+0x95/0xd0
 [   36.934287]  SyS_setsockopt+0x189/0x360
 [   36.938234]  ? SyS_recv+0x40/0x40
 [   36.941656]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
 [   36.946469]  ? trace_hardirqs_on_caller+0x421/0x5c0
 [   36.951456]  ? trace_hardirqs_on_thunk+0x1a/0x1c
 [   36.956183]  entry_SYSCALL_64_fastpath+0x29/0xa0
 [   36.960907] RIP: 0033:0x453299
 [   36.964070] RSP: 002b:00007f5666182c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
 [   36.971749] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
 [   36.978990] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000013
 [   36.986231] RBP: 00000000000005c9 R08: 0000000000000004 R09: 0000000000000000
 [   36.993468] R10: 0000000020000000 R11: 0000000000000212 R12: 00000000006f7b78
 [   37.000707] R13: 00000000ffffffff R14: 00007f56661836d4 R15: 0000000000000000
	# Note: 185-188 have the same root cause.
	TITLE: possible deadlock in do_ip_setsockopt

	[ 36.345030] ======================================================
	[ 36.351334] WARNING: possible circular locking dependency detected
	[ 36.357637] 4.15.0+ #221 Not tainted
	[ 36.357648] xt_TCPMSS: Only works on TCP SYN packets
	[ 36.361324] ------------------------------------------------------
	[ 36.361330] syz-executor5/5807 is trying to acquire lock:
	[ 36.361332] (sk_lock-AF_INET){+.+.}, at: [<0000000046bbd7df>] do_ip_setsockopt.isra.12+0x1d9/0x3210
	[ 36.361358]
	[ 36.361358] but task is already holding lock:
	[ 36.361360] (rtnl_mutex){+.+.}, at: [<00000000366b10e7>] rtnl_lock+0x17/0x20
	[ 36.361378]
	[ 36.361378] which lock already depends on the new lock.
	[ 36.361378]
	[ 36.361380]
	[ 36.361380] the existing dependency chain (in reverse order) is:
	[ 36.361382]
	[ 36.361382] -> #2 (rtnl_mutex){+.+.}:
	[ 36.421860] __mutex_lock+0x16f/0x1a80
	[ 36.426252] mutex_lock_nested+0x16/0x20
	[ 36.430819] rtnl_lock+0x17/0x20
	[ 36.434693] unregister_netdevice_notifier+0x91/0x4e0
	[ 36.440382] clusterip_tg_destroy+0x389/0x6e0
	[ 36.445370] cleanup_entry+0x218/0x350
	[ 36.449755] __do_replace+0x79d/0xa50
	[ 36.454049] do_ipt_set_ctl+0x40f/0x5f0
	[ 36.458514] nf_setsockopt+0x67/0xc0
	[ 36.462717] ip_setsockopt+0x97/0xa0
	[ 36.466920] tcp_setsockopt+0x82/0xd0
	[ 36.471210] sock_common_setsockopt+0x95/0xd0
	[ 36.476198] SyS_setsockopt+0x189/0x360
	[ 36.480666] entry_SYSCALL_64_fastpath+0x29/0xa0
	[ 36.485909]
	[ 36.485909] -> #1 (&xt[i].mutex){+.+.}:
	[ 36.491343] __mutex_lock+0x16f/0x1a80
	[ 36.495724] mutex_lock_nested+0x16/0x20
	[ 36.500282] xt_find_table_lock+0x3e/0x3e0
	[ 36.505016] xt_request_find_table_lock+0x28/0xc0
	[ 36.510357] get_info+0x154/0x690
	[ 36.514303] do_ipt_get_ctl+0x159/0xac0
	[ 36.518767] nf_getsockopt+0x6a/0xc0
	[ 36.522973] ip_getsockopt+0x15c/0x220
	[ 36.527357] tcp_getsockopt+0x82/0xd0
	[ 36.531657] sock_common_getsockopt+0x95/0xd0
	[ 36.536644] SyS_getsockopt+0x178/0x340
	[ 36.541108] entry_SYSCALL_64_fastpath+0x29/0xa0
	[ 36.546349]
	[ 36.546349] -> #0 (sk_lock-AF_INET){+.+.}:
	[ 36.552040] lock_acquire+0x1d5/0x580
	[ 36.556332] lock_sock_nested+0xc2/0x110
	[ 36.560883] do_ip_setsockopt.isra.12+0x1d9/0x3210
	[ 36.566302] ip_setsockopt+0x3a/0xa0
	[ 36.570505] raw_setsockopt+0xb7/0xd0
	[ 36.574796] sock_common_setsockopt+0x95/0xd0
	[ 36.579784] SyS_setsockopt+0x189/0x360
	[ 36.584247] entry_SYSCALL_64_fastpath+0x29/0xa0
	[ 36.589488]
	[ 36.589488] other info that might help us debug this:
	[ 36.589488]
	[ 36.597597] Chain exists of:
	[ 36.597597] sk_lock-AF_INET --> &xt[i].mutex --> rtnl_mutex
	[ 36.597597]
	[ 36.607798] Possible unsafe locking scenario:
	[ 36.607798]
	[ 36.613823] CPU0 CPU1
	[ 36.618462] ---- ----
	[ 36.623095] lock(rtnl_mutex);
	[ 36.626343] lock(&xt[i].mutex);
	[ 36.632282] lock(rtnl_mutex);
	[ 36.638050] lock(sk_lock-AF_INET);
	[ 36.641735]
	[ 36.641735] * DEADLOCK *
	[ 36.641735]
	[ 36.647767] 1 lock held by syz-executor5/5807:
	[ 36.652314] #0: (rtnl_mutex){+.+.}, at: [<00000000366b10e7>] rtnl_lock+0x17/0x20
	[ 36.660004]
	[ 36.660004] stack backtrace:
	[ 36.664481] CPU: 0 PID: 5807 Comm: syz-executor5 Not tainted 4.15.0+ #221
	[ 36.671375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
	[ 36.680701] Call Trace:
	[ 36.683264] dump_stack+0x194/0x257
	[ 36.686868] ? arch_local_irq_restore+0x53/0x53
	[ 36.691519] print_circular_bug.isra.38+0x2cd/0x2dc
	[ 36.696505] ? save_trace+0xe0/0x2b0
	[ 36.700192] __lock_acquire+0x30a8/0x3e00
	[ 36.704321] ? debug_check_no_locks_freed+0x3c0/0x3c0
	[ 36.709487] ? rtnl_lock+0x17/0x20
	[ 36.713000] ? __mutex_lock+0x16f/0x1a80
	[ 36.717038] ? rtnl_lock+0x17/0x20
	[ 36.720549] ? rtnl_lock+0x17/0x20
	[ 36.724059] ? __lock_acquire+0x664/0x3e00
	[ 36.728264] ? mutex_lock_io_nested+0x1900/0x1900
	[ 36.733076] ? print_irqtrace_events+0x270/0x270
	[ 36.737809] ? check_noncircular+0x20/0x20
	[ 36.742028] ? print_irqtrace_events+0x270/0x270
	[ 36.746755] ? debug_check_no_locks_freed+0x3c0/0x3c0
	[ 36.751914] ? do_raw_spin_trylock+0x190/0x190
	[ 36.756464] ? do_raw_spin_trylock+0x190/0x190
	[ 36.761022] ? check_noncircular+0x20/0x20
	[ 36.765234] ? check_noncircular+0x20/0x20
	[ 36.769439] ? find_held_lock+0x35/0x1d0
	[ 36.773472] lock_acquire+0x1d5/0x580
	[ 36.777244] ? lock_sock_nested+0xa3/0x110
	[ 36.781447] ? lock_acquire+0x1d5/0x580
	[ 36.785392] ? do_ip_setsockopt.isra.12+0x1d9/0x3210
	[ 36.790467] ? lock_release+0xa40/0xa40
	[ 36.794411] ? trace_event_raw_event_sched_switch+0x800/0x800
	[ 36.800263] ? trace_event_raw_event_sched_switch+0x800/0x800
	[ 36.806116] ? do_raw_spin_trylock+0x190/0x190
	[ 36.810670] ? lock_sock_nested+0x44/0x110
	[ 36.814876] lock_sock_nested+0xc2/0x110
	[ 36.818908] ? do_ip_setsockopt.isra.12+0x1d9/0x3210
	[ 36.823984] do_ip_setsockopt.isra.12+0x1d9/0x3210
	[ 36.828884] ? ip_ra_control+0x5c0/0x5c0
	[ 36.832920] ? check_noncircular+0x20/0x20
	[ 36.837127] ? compat_start_thread+0x80/0x80
	[ 36.841505] ? do_raw_spin_trylock+0x190/0x190
	[ 36.846059] ? find_held_lock+0x35/0x1d0
	[ 36.850094] ? avc_has_perm+0x35e/0x680
	[ 36.854039] ? lock_downgrade+0x980/0x980
	[ 36.858158] ? lock_release+0xa40/0xa40
	[ 36.862100] ? lock_downgrade+0x980/0x980
	[ 36.866218] ? lock_release+0xa40/0xa40
	[ 36.870162] ? __lock_is_held+0xb6/0x140
	[ 36.874198] ? avc_has_perm+0x43e/0x680
	[ 36.878143] ? avc_has_perm_noaudit+0x520/0x520
	[ 36.882812] ? iterate_fd+0x3f0/0x3f0
	[ 36.886590] ? lock_downgrade+0x980/0x980
	[ 36.890714] ? __lock_is_held+0xb6/0x140
	[ 36.894755] ? schedule+0xf5/0x430
	[ 36.898275] ? sock_has_perm+0x2a4/0x420
	[ 36.902307] ? selinux_secmark_relabel_packet+0xc0/0xc0
	[ 36.907651] ? selinux_netlbl_socket_setsockopt+0x10c/0x460
	[ 36.913333] ? selinux_netlbl_sock_rcv_skb+0x730/0x730
	[ 36.918582] ? alloc_file+0x27e/0x390
	[ 36.922357] ip_setsockopt+0x3a/0xa0
	[ 36.926045] raw_setsockopt+0xb7/0xd0
	[ 36.929819] sock_common_setsockopt+0x95/0xd0
	[ 36.934287] SyS_setsockopt+0x189/0x360
	[ 36.938234] ? SyS_recv+0x40/0x40
	[ 36.941656] ? entry_SYSCALL_64_fastpath+0x5/0xa0
	[ 36.946469] ? trace_hardirqs_on_caller+0x421/0x5c0
	[ 36.951456] ? trace_hardirqs_on_thunk+0x1a/0x1c
	[ 36.956183] entry_SYSCALL_64_fastpath+0x29/0xa0
	[ 36.960907] RIP: 0033:0x453299
	[ 36.964070] RSP: 002b:00007f5666182c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
	[ 36.971749] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
	[ 36.978990] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000013
	[ 36.986231] RBP: 00000000000005c9 R08: 0000000000000004 R09: 0000000000000000
	[ 36.993468] R10: 0000000020000000 R11: 0000000000000212 R12: 00000000006f7b78
	[ 37.000707] R13: 00000000ffffffff R14: 00007f56661836d4 R15: 0000000000000000