possible deadlock in do_ipv6

Kernel	Title	Repro	Cause bisect	Count	Last	Reported	Patched	Status
upstream	possible deadlock in do_ipv6_setsockopt (4) net	C	error	3668	2h09m	269d	0/28	upstream: reported C repro on 2024/07/10 16:04
upstream	possible deadlock in do_ipv6_setsockopt (2) netfilter			3642	2597d	2613d	4/28	fixed on 2018/02/26 20:04
upstream	possible deadlock in do_ipv6_setsockopt (3) net			1	1469d	1468d	0/28	auto-closed as invalid on 2021/07/26 21:07
upstream	possible deadlock in do_ipv6_setsockopt netfilter	C		109	2618d	2625d	22/28	closed as dup on 2018/01/30 13:59

====================================================== [ INFO: possible circular locking dependency detected ] 4.4.162+ #120 Not tainted ------------------------------------------------------- syz-executor2/17087 is trying to acquire lock: (rtnl_mutex){+.+.+.}, at: [ 448.759020] binder: 17093:17094 ioctl 4028700f 200001c0 returned -22 binder: 17093:17095 ioctl 4028700f 200001c0 returned -22 [<ffffffff822664d7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 but task is already holding lock: (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff825f6a12>] lock_sock include/net/sock.h:1493 [inline] (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff825f6a12>] do_ipv6_setsockopt.isra.4+0x252/0x2d50 net/ipv6/ipv6_sockglue.c:166 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: [<ffffffff81202cde>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [<ffffffff821dc1b6>] lock_sock_nested+0xc6/0x120 net/core/sock.c:2459 [<ffffffff825f6992>] lock_sock include/net/sock.h:1493 [inline] [<ffffffff825f6992>] do_ipv6_setsockopt.isra.4+0x1d2/0x2d50 net/ipv6/ipv6_sockglue.c:166 [<ffffffff825f95a7>] ipv6_setsockopt+0x97/0x130 net/ipv6/ipv6_sockglue.c:904 [<ffffffff823f0c18>] tcp_setsockopt+0x88/0xe0 net/ipv4/tcp.c:2643 [<ffffffff821d63ba>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2659 [<ffffffff821d3df6>] SYSC_setsockopt net/socket.c:1780 [inline] [<ffffffff821d3df6>] SyS_setsockopt+0x166/0x260 net/socket.c:1759 [<ffffffff827121a1>] entry_SYSCALL_64_fastpath+0x1e/0x9a [<ffffffff811ff0fc>] check_prev_add kernel/locking/lockdep.c:1853 [inline] [<ffffffff811ff0fc>] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [<ffffffff811ff0fc>] validate_chain kernel/locking/lockdep.c:2144 [inline] [<ffffffff811ff0fc>] __lock_acquire+0x3e6c/0x5f10 kernel/locking/lockdep.c:3213 [<ffffffff81202cde>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [<ffffffff82706c2b>] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [<ffffffff82706c2b>] mutex_lock_nested+0xbb/0x8d0 kernel/locking/mutex.c:621 [<ffffffff822664d7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 [<ffffffff82630b5e>] ipv6_sock_mc_close+0x10e/0x350 net/ipv6/mcast.c:288 [<ffffffff825f74c7>] do_ipv6_setsockopt.isra.4+0xd07/0x2d50 net/ipv6/ipv6_sockglue.c:202 [<ffffffff825f95a7>] ipv6_setsockopt+0x97/0x130 net/ipv6/ipv6_sockglue.c:904 [<ffffffff8260e41a>] udpv6_setsockopt+0x4a/0x90 net/ipv6/udp.c:1436 [<ffffffff821d63ba>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2659 [<ffffffff821d3df6>] SYSC_setsockopt net/socket.c:1780 [inline] [<ffffffff821d3df6>] SyS_setsockopt+0x166/0x260 net/socket.c:1759 [<ffffffff827121a1>] entry_SYSCALL_64_fastpath+0x1e/0x9a other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sk_lock-AF_INET6); lock(rtnl_mutex); lock(sk_lock-AF_INET6); lock(rtnl_mutex); *** DEADLOCK *** 1 lock held by syz-executor2/17087: #0: (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff825f6a12>] lock_sock include/net/sock.h:1493 [inline] #0: (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff825f6a12>] do_ipv6_setsockopt.isra.4+0x252/0x2d50 net/ipv6/ipv6_sockglue.c:166 stack backtrace: CPU: 0 PID: 17087 Comm: syz-executor2 Not tainted 4.4.162+ #120 0000000000000000 034b4dac15a52b69 ffff8801c169f5a8 ffffffff81aa526d ffffffff83a857b0 ffffffff83ac3eb0 ffffffff83a857b0 ffff8800b5a8e7e8 ffff8800b5a8df00 ffff8801c169f5f0 ffffffff813a834a 0000000000000001 Call Trace: [<ffffffff81aa526d>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81aa526d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [<ffffffff813a834a>] print_circular_bug.cold.34+0x2f7/0x432 kernel/locking/lockdep.c:1226 [<ffffffff811ff0fc>] check_prev_add kernel/locking/lockdep.c:1853 [inline] [<ffffffff811ff0fc>] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [<ffffffff811ff0fc>] validate_chain kernel/locking/lockdep.c:2144 [inline] [<ffffffff811ff0fc>] __lock_acquire+0x3e6c/0x5f10 kernel/locking/lockdep.c:3213 [<ffffffff81202cde>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [<ffffffff82706c2b>] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [<ffffffff82706c2b>] mutex_lock_nested+0xbb/0x8d0 kernel/locking/mutex.c:621 [<ffffffff822664d7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 [<ffffffff82630b5e>] ipv6_sock_mc_close+0x10e/0x350 net/ipv6/mcast.c:288 [<ffffffff825f74c7>] do_ipv6_setsockopt.isra.4+0xd07/0x2d50 net/ipv6/ipv6_sockglue.c:202 [<ffffffff825f95a7>] ipv6_setsockopt+0x97/0x130 net/ipv6/ipv6_sockglue.c:904 [<ffffffff8260e41a>] udpv6_setsockopt+0x4a/0x90 net/ipv6/udp.c:1436 [<ffffffff821d63ba>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2659 [<ffffffff821d3df6>] SYSC_setsockopt net/socket.c:1780 [inline] [<ffffffff821d3df6>] SyS_setsockopt+0x166/0x260 net/socket.c:1759 [<ffffffff827121a1>] entry_SYSCALL_64_fastpath+0x1e/0x9a binder: 17129:17130 ioctl 4028700f 200001c0 returned -22 device lo left promiscuous mode audit: type=1400 audit(1541745560.570:30): avc: denied { relabelto } for pid=17438 comm="syz-executor1" name="UNIX" dev="sockfs" ino=66336 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ksm_device_t:s0 tclass=unix_dgram_socket permissive=1

Crashes (7):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Manager
2018/11/09 06:39	https://android.googlesource.com/kernel/common android-4.4	64102d341c13	8fd01d3a	.config	console log	report	ci-android-44-kasan-gce
2018/10/29 09:55	https://android.googlesource.com/kernel/common android-4.4	c4b00eb70496	9ca2afa1	.config	console log	report	ci-android-44-kasan-gce
2018/10/26 08:07	https://android.googlesource.com/kernel/common android-4.4	c4b00eb70496	a8292de9	.config	console log	report	ci-android-44-kasan-gce
2018/11/12 00:01	https://android.googlesource.com/kernel/common android-4.4	0ca3fcabdc05	7b5f8621	.config	console log	report	ci-android-44-kasan-gce-386
2018/10/30 15:24	https://android.googlesource.com/kernel/common android-4.4	c4b00eb70496	8dbb755a	.config	console log	report	ci-android-44-kasan-gce-386
2018/10/15 17:10	https://android.googlesource.com/kernel/common android-4.4	8e7f196597f3	8cd30605	.config	console log	report	ci-android-44-kasan-gce-386
2018/07/22 22:54	https://android.googlesource.com/kernel/common android-4.4	1b37d68f4c82	8cc079c3	.config	console log	report	ci-android-44-kasan-gce-386

Crashes (7):

Assets (help?)