ipt_CLUSTERIP: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead ====================================================== WARNING: possible circular locking dependency detected 4.15.0+ #292 Not tainted ------------------------------------------------------ syz-executor6/5279 is trying to acquire lock: (sk_lock-AF_INET){+.+.}, at: [<00000000ae3ef57b>] lock_sock include/net/sock.h:1461 [inline] (sk_lock-AF_INET){+.+.}, at: [<00000000ae3ef57b>] do_ip_setsockopt.isra.12+0x1d9/0x3210 net/ipv4/ip_sockglue.c:646 but task is already holding lock: (rtnl_mutex){+.+.}, at: [<000000004db2f26f>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (rtnl_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 register_netdevice_notifier+0xad/0x860 net/core/dev.c:1607 clusterip_config_init net/ipv4/netfilter/ipt_CLUSTERIP.c:261 [inline] clusterip_tg_check+0xeb9/0x1570 net/ipv4/netfilter/ipt_CLUSTERIP.c:478 xt_check_target+0x22c/0x7d0 net/netfilter/x_tables.c:845 check_target net/ipv4/netfilter/ip_tables.c:513 [inline] find_check_entry.isra.8+0x8c8/0xcb0 net/ipv4/netfilter/ip_tables.c:554 translate_table+0xed1/0x1610 net/ipv4/netfilter/ip_tables.c:725 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline] do_ipt_set_ctl+0x370/0x5f0 net/ipv4/netfilter/ip_tables.c:1675 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1260 sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4104 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 -> #0 (sk_lock-AF_INET){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920 lock_sock_nested+0xc2/0x110 net/core/sock.c:2780 lock_sock include/net/sock.h:1461 [inline] do_ip_setsockopt.isra.12+0x1d9/0x3210 net/ipv4/ip_sockglue.c:646 ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1252 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2905 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(rtnl_mutex); lock(sk_lock-AF_INET); lock(rtnl_mutex); lock(sk_lock-AF_INET); *** DEADLOCK *** 1 lock held by syz-executor6/5279: #0: (rtnl_mutex){+.+.}, at: [<000000004db2f26f>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 stack backtrace: CPU: 0 PID: 5279 Comm: syz-executor6 Not tainted 4.15.0+ #292 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug.isra.38+0x2cd/0x2dc kernel/locking/lockdep.c:1223 check_prev_add kernel/locking/lockdep.c:1863 [inline] check_prevs_add kernel/locking/lockdep.c:1976 [inline] validate_chain kernel/locking/lockdep.c:2417 [inline] __lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3431 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920 lock_sock_nested+0xc2/0x110 net/core/sock.c:2780 lock_sock include/net/sock.h:1461 [inline] do_ip_setsockopt.isra.12+0x1d9/0x3210 net/ipv4/ip_sockglue.c:646 ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1252 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2905 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007f57b6be2c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299 RDX: 000000000000002c RSI: 0000000000000000 RDI: 0000000000000013 RBP: 00000000000003d9 R08: 0000000000000118 R09: 0000000000000000 R10: 0000000020004000 R11: 0000000000000212 R12: 00000000006f4cf8 R13: 00000000ffffffff R14: 00007f57b6be36d4 R15: 0000000000000000 audit: type=1400 audit(1517583211.605:15): avc: denied { dac_override } for pid=5281 comm="syz-executor0" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517583211.690:16): avc: denied { prog_load } for pid=5296 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1517583211.717:17): avc: denied { dac_read_search } for pid=5293 comm="syz-executor0" capability=2 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517583211.738:18): avc: denied { prog_run } for pid=5296 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1517583211.739:19): avc: denied { ipc_owner } for pid=5315 comm="syz-executor4" capability=15 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1326 audit(1517583211.837:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5339 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517583211.838:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5339 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517583211.841:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5339 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=145 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517583211.841:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5339 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517583211.845:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5339 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=2 compat=0 ip=0x40d591 code=0x7ffc0000 netlink: 'syz-executor3': attribute type 1 has an invalid length. QAT: Invalid ioctl binder: 5507:5509 got transaction with invalid offset (41, min 0 max 80) or object. binder: 5507:5509 transaction failed 29201/-22, size 80-8 line 3020 QAT: Invalid ioctl binder: BINDER_SET_CONTEXT_MGR already set binder: 5507:5514 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29201 sctp: [Deprecated]: syz-executor7 (pid 5573) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor7 (pid 5573) Use of int in maxseg socket option. Use struct sctp_assoc_value instead irq bypass consumer (token 00000000c05d460a) registration fails: -16 Cannot find add_set index 0 as target Cannot find add_set index 0 as target syz-executor0 (5823) used greatest stack depth: 15504 bytes left rfkill: input handler disabled rfkill: input handler enabled encrypted_key: master key parameter 'ྻ˜@Ì?‹si|M­nؽ™]GDáó %TÊ—€õ<”˜”ò‰øxä ‘ÇqÜjÕo|áS¬`!‡S~õdUz !é»K@,ÙF¨3ß›%J8h"¬IóûR' is invalid encrypted_key: master key parameter 'ྻ˜@Ì?‹si|M­nؽ™]GDáó %TÊ—€õ<”˜”ò‰øxä ‘ÇqÜjÕo|áS¬`!‡S~õdUz !é»K@,ÙF¨3ß›%J8h"¬IóûR' is invalid QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl binder: 6226:6233 transaction failed 29189/-22, size 0-0 line 2842 binder: undelivered TRANSACTION_ERROR: 29189 mmap: syz-executor7 (6308) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. QAT: Invalid ioctl QAT: Invalid ioctl kauditd_printk_skb: 113 callbacks suppressed audit: type=1400 audit(1517583216.716:138): avc: denied { map_create } for pid=6407 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 device eql entered promiscuous mode capability: warning: `syz-executor7' uses deprecated v2 capabilities in a way that may be insecure encrypted_key: master key parameter 'Ç©Z!Ý°=rƒ¬\aÕK¨’'àbó' is invalid SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59 sclass=netlink_route_socket pig=6591 comm=syz-executor5 encrypted_key: master key parameter 'Ç©Z!Ý°=rƒ¬\aÕK¨’'àbó' is invalid SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59 sclass=netlink_route_socket pig=6591 comm=syz-executor5 audit: type=1400 audit(1517583217.696:139): avc: denied { map_read map_write } for pid=6736 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1517583217.726:140): avc: denied { setgid } for pid=6741 comm="syz-executor6" capability=6 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. audit: type=1400 audit(1517583217.789:141): avc: denied { ioctl } for pid=6733 comm="syz-executor7" path="socket:[17516]" dev="sockfs" ino=17516 ioctlcmd=0x7437 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1517583217.829:142): avc: denied { map } for pid=6770 comm="syz-executor0" path="pipe:[17538]" dev="pipefs" ino=17538 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=fifo_file permissive=1 capability: warning: `syz-executor4' uses 32-bit capabilities (legacy support in use) netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. audit: type=1400 audit(1517583217.971:143): avc: denied { setfcap } for pid=6800 comm="syz-executor6" capability=31 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 x86/PAT: syz-executor5:6808 map pfn RAM range req write-combining for [mem 0x1db3f0000-0x1db3f1fff], got write-back netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. syz-executor0 uses obsolete (PF_INET,SOCK_PACKET) netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51411 sclass=netlink_route_socket pig=6940 comm=syz-executor0 netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. binder: 6967:6970 IncRefs 0 refcount change on invalid ref 0 ret -22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51411 sclass=netlink_route_socket pig=6940 comm=syz-executor0 binder: 6967:6978 IncRefs 0 refcount change on invalid ref 0 ret -22 audit: type=1326 audit(1517583218.552:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6984 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517583218.579:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6984 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=2 compat=0 ip=0x40d591 code=0x7ffc0000 audit: type=1326 audit(1517583218.580:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6984 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517583218.581:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6984 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. device eql entered promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. SELinux: failed to load policy syz-executor6: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) syz-executor6 cpuset=/ mems_allowed=0 CPU: 0 PID: 7126 Comm: syz-executor6 Not tainted 4.15.0+ #292 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3306 __vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vmalloc+0x45/0x50 mm/vmalloc.c:1840 sel_write_load+0x1f5/0x1910 security/selinux/selinuxfs.c:495 __vfs_write+0xef/0x970 fs/read_write.c:480 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007f57b6be2c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299 RDX: 0000000000000000 RSI: 00000000200f8fd1 RDI: 0000000000000013 RBP: 0000000000000627 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f8448 R13: 00000000ffffffff R14: 00007f57b6be36d4 R15: 0000000000000000 Mem-Info: active_anon:89570 inactive_anon:64 isolated_anon:0 active_file:3533 inactive_file:8267 isolated_file:0 unevictable:0 dirty:158 writeback:0 unstable:0 slab_reclaimable:7405 slab_unreclaimable:91704 mapped:24146 shmem:70 pagetables:712 bounce:0 free:1400920 free_pcp:525 free_cma:0 Node 0 active_anon:356240kB inactive_anon:256kB active_file:14132kB inactive_file:33068kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:96584kB dirty:632kB writeback:0kB shmem:280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 167936kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2868 6378 6378 Node 0 DMA32 free:2939248kB min:30316kB low:37892kB high:45468kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2939956kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:708kB local_pcp:56kB free_cma:0kB lowmem_reserve[]: 0 0 3510 3510 Node 0 Normal free:2649036kB min:37100kB low:46372kB high:55644kB active_anon:358296kB inactive_anon:256kB active_file:14132kB inactive_file:33068kB unevictable:0kB writepending:632kB present:4718592kB managed:3594332kB mlocked:0kB kernel_stack:3744kB pagetables:2848kB bounce:0kB free_pcp:1368kB local_pcp:708kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 4*4kB (UM) 2*8kB (M) 1*16kB (U) 2*32kB (M) 2*64kB (UM) 3*128kB (UM) 3*256kB (UM) 4*512kB (UM) 3*1024kB (UM) 2*2048kB (UM) 715*4096kB (M) = 2939248kB Node 0 Normal: 289*4kB (UM) 91*8kB (UM) 1300*16kB (UME) 525*32kB (UME) 111*64kB (UME) 52*128kB (UME) 34*256kB (UME) 11*512kB (UME) 33*1024kB (UME) 2*2048kB (UE) 621*4096kB (M) = 2649084kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11872 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965969 pages RAM 0 pages HighMem/MovableOnly 328420 pages reserved syz-executor6: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) syz-executor6 cpuset=/ mems_allowed=0 CPU: 1 PID: 7128 Comm: syz-executor6 Not tainted 4.15.0+ #292 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3306 __vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vmalloc+0x45/0x50 mm/vmalloc.c:1840 sel_write_load+0x1f5/0x1910 security/selinux/selinuxfs.c:495 __vfs_write+0xef/0x970 fs/read_write.c:480 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007f57b6bc1c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000453299 RDX: 0000000000000000 RSI: 00000000200f8fd1 RDI: 0000000000000015 RBP: 000000000000008b R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006efda8 R13: 00000000ffffffff R14: 00007f57b6bc26d4 R15: 0000000000000006 SELinux: failed to load policy netlink: 'syz-executor6': attribute type 1 has an invalid length. netlink: 'syz-executor6': attribute type 1 has an invalid length. QAT: Invalid ioctl xt_l2tp: v2 tid > 0xffff: 4294967295 xt_l2tp: v2 tid > 0xffff: 4294967295