syzbot


possible deadlock in do_tcp_setsockopt

Status: auto-closed as invalid on 2021/10/08 10:18
Reported-by: syzbot+b22de9395f7370b50aef@syzkaller.appspotmail.com
First crash: 841d, last: 381d

Sample crash report:
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
======================================================
WARNING: possible circular locking dependency detected
4.14.235-syzkaller #0 Not tainted
------------------------------------------------------
kworker/u4:3/472 is trying to acquire lock:
 (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff860fd59b>] lock_sock include/net/sock.h:1471 [inline]
 (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff860fd59b>] do_tcp_setsockopt.constprop.0+0xfb/0x1c10 net/ipv4/tcp.c:2562

but task is already holding lock:
 ((&(&cp->cp_send_w)->work)){+.+.}, at: [<ffffffff81363aa6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 ((&(&cp->cp_send_w)->work)){+.+.}:
       flush_work+0xad/0x770 kernel/workqueue.c:2889
       __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2964
       rds_tcp_reset_callbacks+0x18d/0x450 net/rds/tcp.c:167
       rds_tcp_accept_one+0x61a/0x8b0 net/rds/tcp_listen.c:194
       rds_tcp_accept_worker+0x4d/0x70 net/rds/tcp.c:407
       process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
       worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
       kthread+0x30d/0x420 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

-> #0 (k-sk_lock-AF_INET){+.+.}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       lock_sock_nested+0xb7/0x100 net/core/sock.c:2796
       lock_sock include/net/sock.h:1471 [inline]
       do_tcp_setsockopt.constprop.0+0xfb/0x1c10 net/ipv4/tcp.c:2562
       tcp_setsockopt net/ipv4/tcp.c:2830 [inline]
       tcp_setsockopt+0xa7/0xc0 net/ipv4/tcp.c:2822
       kernel_setsockopt+0xfb/0x1b0 net/socket.c:3396
       rds_tcp_cork net/rds/tcp_send.c:43 [inline]
       rds_tcp_xmit_path_prepare+0xaf/0xe0 net/rds/tcp_send.c:50
       rds_send_xmit+0x1ae/0x1c00 net/rds/send.c:187
       rds_send_worker+0x6d/0x240 net/rds/threads.c:189
       process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
       worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
       kthread+0x30d/0x420 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock((&(&cp->cp_send_w)->work));
                               lock(k-sk_lock-AF_INET);
                               lock((&(&cp->cp_send_w)->work));
  lock(k-sk_lock-AF_INET);

 *** DEADLOCK ***

2 locks held by kworker/u4:3/472:
 #0:  ("%s""krdsd"){+.+.}, at: [<ffffffff81363a70>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087
 #1:  ((&(&cp->cp_send_w)->work)){+.+.}, at: [<ffffffff81363aa6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091

stack backtrace:
CPU: 0 PID: 472 Comm: kworker/u4:3 Not tainted 4.14.235-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: krdsd rds_send_worker
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 lock_sock_nested+0xb7/0x100 net/core/sock.c:2796
 lock_sock include/net/sock.h:1471 [inline]
 do_tcp_setsockopt.constprop.0+0xfb/0x1c10 net/ipv4/tcp.c:2562
 tcp_setsockopt net/ipv4/tcp.c:2830 [inline]
 tcp_setsockopt+0xa7/0xc0 net/ipv4/tcp.c:2822
 kernel_setsockopt+0xfb/0x1b0 net/socket.c:3396
 rds_tcp_cork net/rds/tcp_send.c:43 [inline]
 rds_tcp_xmit_path_prepare+0xaf/0xe0 net/rds/tcp_send.c:50
 rds_send_xmit+0x1ae/0x1c00 net/rds/send.c:187
 rds_send_worker+0x6d/0x240 net/rds/threads.c:189
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_0
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
WARNING: can't dereference registers at 00000000000003a5 for ip retint_user+0x8/0x18
input: syz1 as /devices/virtual/input/input5
input: syz1 as /devices/virtual/input/input6
input: syz1 as /devices/virtual/input/input7
input: syz1 as /devices/virtual/input/input9
input: syz1 as /devices/virtual/input/input10
input: syz1 as /devices/virtual/input/input11
ip_tables: iptables: counters copy to user failed while replacing table
ip_tables: iptables: counters copy to user failed while replacing table
Unable to determine destination address.
Unable to determine destination address.
befs: (loop2): No write support. Marking filesystem read-only
befs: (loop2): invalid magic header
befs: (loop2): No write support. Marking filesystem read-only
befs: (loop2): invalid magic header
input: syz1 as /devices/virtual/input/input12
befs: (loop2): No write support. Marking filesystem read-only
input: syz1 as /devices/virtual/input/input13
befs: (loop2): invalid magic header
hrtimer: interrupt took 29920 ns
befs: (loop2): No write support. Marking filesystem read-only
befs: (loop2): invalid magic header
befs: (loop2): No write support. Marking filesystem read-only
befs: (loop2): invalid magic header
can: request_module (can-proto-0) failed.
can: request_module (can-proto-0) failed.
print_req_error: I/O error, dev loop5, sector 0

Crashes (47):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-14 2021/06/10 10:17 linux-4.14.y a6b2dae3ee3a 1ba81399 .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/05/17 23:42 linux-4.14.y 7d7d1c0ab3eb a343ba6b .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/05/15 11:01 linux-4.14.y 7d7d1c0ab3eb 93f844de .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/05/11 19:05 linux-4.14.y 7d7d1c0ab3eb b3c3bb8e .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/05/08 01:31 linux-4.14.y 7d7d1c0ab3eb bc5434be .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/05/07 15:29 linux-4.14.y 7d7d1c0ab3eb f6da8120 .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/05/05 19:30 linux-4.14.y 7d7d1c0ab3eb 06c27ff5 .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/05/04 16:28 linux-4.14.y 7d7d1c0ab3eb 06c27ff5 .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/04/25 22:56 linux-4.14.y cf256fbcbe34 2a82f1b3 .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/04/09 18:42 linux-4.14.y 0cc244011f40 6a81331a .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/04/06 04:39 linux-4.14.y bd634aa64163 6a81331a .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/03/20 09:52 linux-4.14.y cb83ddcd5332 e45f5621 .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/03/18 18:28 linux-4.14.y cb83ddcd5332 7216542e .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/03/06 06:58 linux-4.14.y 397a88b2cc86 e4b4d570 .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/02/25 14:10 linux-4.14.y 3242aa3a635c 76f7fc95 .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/02/25 06:15 linux-4.14.y 3242aa3a635c fcc6d71b .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/02/11 12:19 linux-4.14.y 2c8a3fceddf0 a52ee10a .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/02/03 08:39 linux-4.14.y 2c8a3fceddf0 624dad51 .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/02/01 02:17 linux-4.14.y 2c8a3fceddf0 fc9fd31e .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/01/24 14:43 linux-4.14.y 2d2791fce891 52e37319 .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/01/20 03:37 linux-4.14.y 2762b48e9611 63631df1 .config log report info possible deadlock in do_tcp_setsockopt
ci2-linux-4-14 2021/01/11 10:45 linux-4.14.y ec822b3e8bf4 2c1f2513 .config log report info
ci2-linux-4-14 2021/01/08 03:58 linux-4.14.y 1752938529c6 c104d4a3 .config log report info
ci2-linux-4-14 2021/01/06 23:48 linux-4.14.y 1752938529c6 c104d4a3 .config log report info
ci2-linux-4-14 2021/01/06 11:26 linux-4.14.y 1752938529c6 fff20c29 .config log report info
ci2-linux-4-14 2021/01/04 10:35 linux-4.14.y 1752938529c6 79264ae3 .config log report info
ci2-linux-4-14 2020/12/29 02:34 linux-4.14.y 3f2ecb86cb90 8259d56c .config log report info
ci2-linux-4-14 2020/12/28 14:55 linux-4.14.y 3f2ecb86cb90 8259d56c .config log report info
ci2-linux-4-14 2020/12/16 23:07 linux-4.14.y 3f2ecb86cb90 04201c06 .config log report info
ci2-linux-4-14 2020/12/09 02:04 linux-4.14.y 47cbf4cc32db 40cc414d .config log report info
ci2-linux-4-14 2020/12/07 20:35 linux-4.14.y c196b3a9c83a 51a9082e .config log report info
ci2-linux-4-14 2020/12/07 06:05 linux-4.14.y c196b3a9c83a c521566d .config log report info
ci2-linux-4-14 2020/12/03 12:07 linux-4.14.y c196b3a9c83a 59ad4022 .config log report info
ci2-linux-4-14 2020/12/02 17:01 linux-4.14.y c196b3a9c83a eff43e99 .config log report info
ci2-linux-4-14 2020/11/30 15:46 linux-4.14.y 87335852c5d9 76831598 .config log report info
ci2-linux-4-14 2020/11/27 21:08 linux-4.14.y 87335852c5d9 486f93ef .config log report info
ci2-linux-4-14 2020/11/22 05:14 linux-4.14.y 8961076ed318 0d27f508 .config log report info
ci2-linux-4-14 2020/09/30 17:07 linux-4.14.y cbfa1702aaf6 8516f6d3 .config log report info
ci2-linux-4-14 2020/09/17 09:30 linux-4.14.y cbfa1702aaf6 8247808b .config log report info
ci2-linux-4-14 2020/09/15 15:17 linux-4.14.y cbfa1702aaf6 9e681632 .config log report info
ci2-linux-4-14 2020/09/09 16:39 linux-4.14.y 2f166cdcf8a9 0ea7a887 .config log report
ci2-linux-4-14 2020/09/04 01:52 linux-4.14.y 2f166cdcf8a9 abf9ba4f .config log report
ci2-linux-4-14 2020/06/18 07:49 linux-4.14.y b850307b279c d45a4d69 .config log report
ci2-linux-4-14 2020/05/30 16:39 linux-4.14.y 4f68020fef1c 6f3e1c7c .config log report
ci2-linux-4-14 2020/04/27 14:38 linux-4.14.y 050272a0423e 0ce7569e .config log report
ci2-linux-4-14 2020/03/25 06:32 linux-4.14.y 01364dad1d45 41f049cc .config log report
ci2-linux-4-14 2020/03/07 22:02 linux-4.14.y 78d697fc93f9 2e9971bb .config log report