possible deadlock in do_ip

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	possible deadlock in do_ip_getsockopt netfilter				22	2273d	2277d	4/26	fixed on 2018/02/04 23:45
upstream	possible deadlock in do_ip_getsockopt (2) netfilter				206	2251d	2266d	4/26	fixed on 2018/02/26 20:04

IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready ====================================================== [ INFO: possible circular locking dependency detected ] 4.9.111-g03c70fe #6 Not tainted ------------------------------------------------------- syz-executor0/14870 is trying to acquire lock: (sk_lock-AF_INET){+.+.+.}, at: [<ffffffff833431f7>] lock_sock include/net/sock.h:1404 [inline] (sk_lock-AF_INET){+.+.+.}, at: [<ffffffff833431f7>] do_ip_getsockopt+0x167/0x1600 net/ipv4/ip_sockglue.c:1317 but task is already holding lock: (rtnl_mutex){+.+.+.}, at: [<ffffffff830b4937>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 __mutex_lock_common kernel/locking/mutex.c:521 [inline] mutex_lock_nested+0xc0/0x870 kernel/locking/mutex.c:621 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 mrtsock_destruct+0x3b/0x1e0 net/ipv4/ipmr.c:1231 ip_ra_control+0x2c2/0x420 net/ipv4/ip_sockglue.c:360 do_ip_setsockopt.isra.13+0x15ff/0x2b10 net/ipv4/ip_sockglue.c:1137 ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240 raw_setsockopt+0xb7/0xd0 net/ipv4/raw.c:833 sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706 SYSC_setsockopt net/socket.c:1772 [inline] SyS_setsockopt+0x166/0x260 net/socket.c:1751 do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282 entry_SYSCALL_64_after_swapgs+0x5d/0xdb check_prev_add kernel/locking/lockdep.c:1828 [inline] check_prevs_add kernel/locking/lockdep.c:1938 [inline] validate_chain kernel/locking/lockdep.c:2265 [inline] __lock_acquire+0x3019/0x4070 kernel/locking/lockdep.c:3345 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 lock_sock_nested+0xc6/0x120 net/core/sock.c:2511 lock_sock include/net/sock.h:1404 [inline] do_ip_getsockopt+0x167/0x1600 net/ipv4/ip_sockglue.c:1317 ip_getsockopt+0x91/0x180 net/ipv4/ip_sockglue.c:1545 tcp_getsockopt+0x88/0xe0 net/ipv4/tcp.c:3106 sock_common_getsockopt+0x9a/0xe0 net/core/sock.c:2665 SYSC_getsockopt net/socket.c:1803 [inline] SyS_getsockopt+0x150/0x240 net/socket.c:1785 do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282 entry_SYSCALL_64_after_swapgs+0x5d/0xdb other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(rtnl_mutex); lock(sk_lock-AF_INET); lock(rtnl_mutex); lock(sk_lock-AF_INET); *** DEADLOCK *** 1 lock held by syz-executor0/14870: #0: (rtnl_mutex){+.+.+.}, at: [<ffffffff830b4937>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 stack backtrace: CPU: 0 PID: 14870 Comm: syz-executor0 Not tainted 4.9.111-g03c70fe #6 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a1f17688 ffffffff81eb2729 ffffffff855e7800 ffffffff8559d0a0 ffffffff855e7800 ffff8801d9b868e8 ffff8801d9b86000 ffff8801a1f176d0 ffffffff814263a4 0000000000000001 00000000d9b86000 0000000000000001 Call Trace: [<ffffffff81eb2729>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81eb2729>] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [<ffffffff814263a4>] print_circular_bug.cold.51+0x1bd/0x27d kernel/locking/lockdep.c:1202 [<ffffffff81239189>] check_prev_add kernel/locking/lockdep.c:1828 [inline] [<ffffffff81239189>] check_prevs_add kernel/locking/lockdep.c:1938 [inline] [<ffffffff81239189>] validate_chain kernel/locking/lockdep.c:2265 [inline] [<ffffffff81239189>] __lock_acquire+0x3019/0x4070 kernel/locking/lockdep.c:3345 [<ffffffff8123ac50>] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 [<ffffffff830236a6>] lock_sock_nested+0xc6/0x120 net/core/sock.c:2511 [<ffffffff833431f7>] lock_sock include/net/sock.h:1404 [inline] [<ffffffff833431f7>] do_ip_getsockopt+0x167/0x1600 net/ipv4/ip_sockglue.c:1317 [<ffffffff83344721>] ip_getsockopt+0x91/0x180 net/ipv4/ip_sockglue.c:1545 [<ffffffff83364328>] tcp_getsockopt+0x88/0xe0 net/ipv4/tcp.c:3106 [<ffffffff8301c34a>] sock_common_getsockopt+0x9a/0xe0 net/core/sock.c:2665 [<ffffffff83019760>] SYSC_getsockopt net/socket.c:1803 [inline] [<ffffffff83019760>] SyS_getsockopt+0x150/0x240 net/socket.c:1785 [<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282 [<ffffffff839f8cd3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb FAT-fs (loop0): bogus number of reserved sectors FAT-fs (loop0): Can't find a valid FAT filesystem FAT-fs (loop0): bogus number of reserved sectors FAT-fs (loop0): Can't find a valid FAT filesystem FAT-fs (loop0): bogus number of reserved sectors FAT-fs (loop0): Can't find a valid FAT filesystem FAT-fs (loop2): bogus number of reserved sectors FAT-fs (loop2): Can't find a valid FAT filesystem FAT-fs (loop5): bogus number of reserved sectors FAT-fs (loop5): Can't find a valid FAT filesystem FAT-fs (loop7): bogus number of reserved sectors FAT-fs (loop7): Can't find a valid FAT filesystem FAT-fs (loop0): bogus number of reserved sectors FAT-fs (loop0): Can't find a valid FAT filesystem FAT-fs (loop1): bogus number of reserved sectors FAT-fs (loop1): Can't find a valid FAT filesystem FAT-fs (loop7): bogus number of reserved sectors FAT-fs (loop7): Can't find a valid FAT filesystem syz-executor2 (15161) used greatest stack depth: 22240 bytes left syz-executor1 (15186) used greatest stack depth: 22000 bytes left IPVS: Creating netns size=2536 id=24 IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready FAT-fs (loop2): bogus number of reserved sectors FAT-fs (loop5): bogus number of reserved sectors FAT-fs (loop5): Can't find a valid FAT filesystem FAT-fs (loop1): bogus number of reserved sectors FAT-fs (loop1): Can't find a valid FAT filesystem FAT-fs (loop7): bogus number of reserved sectors FAT-fs (loop7): Can't find a valid FAT filesystem FAT-fs (loop0): bogus number of reserved sectors FAT-fs (loop0): Can't find a valid FAT filesystem FAT-fs (loop2): Can't find a valid FAT filesystem FAT-fs (loop1): bogus number of reserved sectors FAT-fs (loop1): Can't find a valid FAT filesystem FAT-fs (loop5): bogus number of reserved sectors FAT-fs (loop5): Can't find a valid FAT filesystem EXT4-fs (sda1): re-mounted. Opts: init_itable=8,,errors=continue FAT-fs (loop2): bogus number of reserved sectors EXT4-fs (sda1): re-mounted. Opts: init_itable=8,,errors=continue FAT-fs (loop2): Can't find a valid FAT filesystem EXT4-fs (sda1): re-mounted. Opts: init_itable=8,,errors=continue

Crashes (4):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Manager
2018/07/05 17:08	https://android.googlesource.com/kernel/common android-4.9	03c70feafdb2	d3b2a0e2	.config	console log	report	ci-android-49-kasan-gce-root
2018/06/17 17:01	https://android.googlesource.com/kernel/common android-4.9	a4230beab30a	27c5f59f	.config	console log	report	ci-android-49-kasan-gce-root
2018/05/30 10:59	https://android.googlesource.com/kernel/common android-4.9	7fd40752c316	2f93b54f	.config	console log	report	ci-android-49-kasan-gce-root
2018/05/30 07:06	https://android.googlesource.com/kernel/common android-4.9	7fd40752c316	2f93b54f	.config	console log	report	ci-android-49-kasan-gce-root

Crashes (4):

Assets (help?)