9pnet: p9_fd_create_tcp (9128): problem connecting socket to 127.0.0.1 ====================================================== [ INFO: possible circular locking dependency detected ] 4.9.118-g47b77b8 #20 Not tainted ------------------------------------------------------- syz-executor0/9150 is trying to acquire lock: (sk_lock-AF_INET){+.+.+.}, at: [] lock_sock include/net/sock.h:1404 [inline] (sk_lock-AF_INET){+.+.+.}, at: [] do_ip_setsockopt.isra.14+0x12a/0x2b10 net/ipv4/ip_sockglue.c:639 but task is already holding lock: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 __mutex_lock_common kernel/locking/mutex.c:521 [inline] mutex_lock_nested+0xc0/0x870 kernel/locking/mutex.c:621 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 mrtsock_destruct+0x3b/0x1e0 net/ipv4/ipmr.c:1231 ip_ra_control+0x2c2/0x420 net/ipv4/ip_sockglue.c:363 do_ip_setsockopt.isra.14+0x15ff/0x2b10 net/ipv4/ip_sockglue.c:1140 ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1243 raw_setsockopt+0xb7/0xd0 net/ipv4/raw.c:833 sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706 SYSC_setsockopt net/socket.c:1773 [inline] SyS_setsockopt+0x166/0x260 net/socket.c:1752 do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282 entry_SYSCALL_64_after_swapgs+0x5d/0xdb check_prev_add kernel/locking/lockdep.c:1828 [inline] check_prevs_add kernel/locking/lockdep.c:1938 [inline] validate_chain kernel/locking/lockdep.c:2265 [inline] __lock_acquire+0x3019/0x4070 kernel/locking/lockdep.c:3345 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 lock_sock_nested+0xc6/0x120 net/core/sock.c:2511 lock_sock include/net/sock.h:1404 [inline] do_ip_setsockopt.isra.14+0x12a/0x2b10 net/ipv4/ip_sockglue.c:639 ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1243 tcp_setsockopt+0x88/0xe0 net/ipv4/tcp.c:2758 sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706 SYSC_setsockopt net/socket.c:1773 [inline] SyS_setsockopt+0x166/0x260 net/socket.c:1752 do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282 entry_SYSCALL_64_after_swapgs+0x5d/0xdb other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(rtnl_mutex); lock(sk_lock-AF_INET); lock(rtnl_mutex); lock(sk_lock-AF_INET); *** DEADLOCK *** 1 lock held by syz-executor0/9150: #0: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 stack backtrace: CPU: 0 PID: 9150 Comm: syz-executor0 Not tainted 4.9.118-g47b77b8 #20 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a640f748 ffffffff81eb4b89 ffffffff855e79b0 ffffffff8559cef0 ffffffff855e79b0 ffff88019cc0e8e8 ffff88019cc0e000 ffff8801a640f790 ffffffff814265d4 0000000000000001 000000009cc0e000 0000000000000001 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_circular_bug.cold.51+0x1bd/0x27d kernel/locking/lockdep.c:1202 [] check_prev_add kernel/locking/lockdep.c:1828 [inline] [] check_prevs_add kernel/locking/lockdep.c:1938 [inline] [] validate_chain kernel/locking/lockdep.c:2265 [inline] [] __lock_acquire+0x3019/0x4070 kernel/locking/lockdep.c:3345 [] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 [] lock_sock_nested+0xc6/0x120 net/core/sock.c:2511 [] lock_sock include/net/sock.h:1404 [inline] [] do_ip_setsockopt.isra.14+0x12a/0x2b10 net/ipv4/ip_sockglue.c:639 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1243 [] tcp_setsockopt+0x88/0xe0 net/ipv4/tcp.c:2758 [] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1773 [inline] [] SyS_setsockopt+0x166/0x260 net/socket.c:1752 [] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb syz-executor4 uses obsolete (PF_INET,SOCK_PACKET) binder_alloc: 9174: binder_alloc_buf, no vma binder: 9174:9177 transaction failed 29189/-3, size 0-0 line 3136 binder: BINDER_SET_CONTEXT_MGR already set binder: 9174:9183 ioctl 40046207 0 returned -16 binder: 9174:9183 got transaction to invalid handle binder_alloc: 9174: binder_alloc_buf, no vma binder: 9174:9177 transaction failed 29189/-3, size 24-8 line 3136 binder: 9174:9183 transaction failed 29201/-22, size 0-0 line 3013 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 7 to 9174:9177 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder_alloc: 9191: binder_alloc_buf, no vma binder: 9191:9193 transaction failed 29189/-3, size 0-0 line 3136 binder: release 9191:9193 transaction 14 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE tc_ctl_action: received NO action attribs binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 14, target dead binder_alloc: 9196: binder_alloc_buf, no vma binder: 9196:9197 transaction failed 29189/-3, size 0-0 line 3136 binder: release 9196:9197 transaction 19 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 19, target dead binder_alloc: 9198: binder_alloc_buf, no vma binder: 9198:9200 transaction failed 29189/-3, size 0-0 line 3136 binder: release 9198:9200 transaction 24 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 24, target dead binder_alloc: 9202: binder_alloc_buf, no vma binder: 9202:9203 transaction failed 29189/-3, size 0-0 line 3136 binder: release 9202:9203 transaction 29 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 29, target dead binder_alloc: 9204: binder_alloc_buf, no vma binder: 9204:9205 transaction failed 29189/-3, size 0-0 line 3136 binder: release 9204:9205 transaction 34 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 34, target dead binder: release 9207:9208 transaction 39 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 39, target dead binder: release 9210:9211 transaction 43 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 43, target dead binder_alloc: 9216: binder_alloc_buf, no vma binder: 9216:9218 transaction failed 29189/-3, size 0-0 line 3136 binder: BINDER_SET_CONTEXT_MGR already set binder: 9219:9220 ioctl 40046207 0 returned -16 binder: release 9216:9218 transaction 47 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 47, target dead binder: 9219:9227 transaction failed 29189/-22, size 24-8 line 3013 binder: undelivered TRANSACTION_ERROR: 29189 IPVS: Creating netns size=2536 id=14 IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready binder_alloc: 9613: binder_alloc_buf, no vma binder: 9613:9615 transaction failed 29189/-3, size 0-0 line 3136 binder: 9618:9622 got transaction to invalid handle binder: 9618:9622 transaction failed 29201/-22, size 0-0 line 3013 binder: release 9618:9622 transaction 57 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: BINDER_SET_CONTEXT_MGR already set binder: 9626:9630 ioctl 40046207 0 returned -16 binder: release 9626:9630 transaction 61 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: 9635:9640 got transaction to invalid handle binder: 9635:9640 transaction failed 29201/-22, size 0-0 line 3013 binder: release 9635:9640 transaction 64 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: 9660:9663 got transaction to invalid handle binder: 9660:9663 transaction failed 29201/-22, size 0-0 line 3013 binder: release 9660:9663 transaction 68 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: 9658:9664 got transaction to invalid handle binder: 9658:9664 transaction failed 29201/-22, size 0-0 line 3013 binder: release 9658:9664 transaction 72 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: release 9613:9615 transaction 53 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 53, target dead binder_alloc: 9688: binder_alloc_buf, no vma binder: 9688:9692 transaction failed 29189/-3, size 0-0 line 3136 binder: 9683:9693 got transaction to invalid handle binder: 9683:9693 transaction failed 29201/-22, size 0-0 line 3013 binder: BINDER_SET_CONTEXT_MGR already set binder: 9684:9694 ioctl 40046207 0 returned -16 binder_alloc: 9688: binder_alloc_buf, no vma binder: 9684:9694 transaction failed 29189/-3, size 24-8 line 3136 binder: 9684:9694 got transaction to invalid handle binder: 9684:9694 transaction failed 29201/-22, size 0-0 line 3013 binder: BINDER_SET_CONTEXT_MGR already set binder: 9704:9707 ioctl 40046207 0 returned -16 binder_alloc: 9688: binder_alloc_buf, no vma binder: 9704:9707 transaction failed 29189/-3, size 24-8 line 3136 binder_alloc: 9688: binder_alloc_buf, no vma binder: 9708:9709 transaction failed 29189/-3, size 24-8 line 3136 binder: 9708:9709 got transaction to invalid handle binder: 9708:9709 transaction failed 29201/-22, size 0-0 line 3013 binder: BINDER_SET_CONTEXT_MGR already set binder: 9711:9722 ioctl 40046207 0 returned -16 binder_alloc: 9688: binder_alloc_buf, no vma binder: 9721:9729 transaction failed 29189/-3, size 24-8 line 3136 binder: BINDER_SET_CONTEXT_MGR already set binder: 9718:9726 ioctl 40046207 0 returned -16 binder_alloc: 9688: binder_alloc_buf, no vma binder: 9718:9726 transaction failed 29189/-3, size 24-8 line 3136 binder: 9718:9726 got transaction to invalid handle binder: 9718:9726 transaction failed 29201/-22, size 0-0 line 3013 binder_alloc: 9688: binder_alloc_buf, no vma binder: 9735:9739 transaction failed 29189/-3, size 24-8 line 3136 binder: BINDER_SET_CONTEXT_MGR already set binder: 9760:9766 ioctl 40046207 0 returned -16 binder_alloc: 9688: binder_alloc_buf, no vma binder: 9760:9766 transaction failed 29189/-3, size 24-8 line 3136 binder: 9760:9766 got transaction to invalid handle binder: 9760:9766 transaction failed 29201/-22, size 0-0 line 3013 binder_alloc: 9688: binder_alloc_buf, no vma binder: 9761:9771 transaction failed 29189/-3, size 24-8 line 3136 binder: BINDER_SET_CONTEXT_MGR already set binder: 9773:9781 ioctl 40046207 0 returned -16 binder_alloc: 9688: binder_alloc_buf, no vma binder: 9773:9781 transaction failed 29189/-3, size 24-8 line 3136 binder: 9773:9781 got transaction to invalid handle binder: 9773:9781 transaction failed 29201/-22, size 0-0 line 3013 binder: send failed reply for transaction 57, target dead binder: send failed reply for transaction 61, target dead binder: send failed reply for transaction 64, target dead binder: send failed reply for transaction 68, target dead binder: send failed reply for transaction 72, target dead binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder: release 9683:9693 transaction 81 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 77 to 9688:9692 binder: send failed reply for transaction 81, target dead binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: 9802:9803 transaction failed 29189/-22, size 24-8 line 3013 binder_alloc: 9804: binder_alloc_buf, no vma binder: 9804:9808 transaction failed 29189/-3, size 0-0 line 3136 binder: release 9804:9808 transaction 101 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 101, target dead binder: 9816:9819 transaction failed 29189/-22, size 24-8 line 3013 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: 9842:9845 transaction failed 29189/-22, size 24-8 line 3013 binder: undelivered TRANSACTION_ERROR: 29189 binder: 9857:9860 transaction failed 29189/-22, size 24-8 line 3013 binder: 9863:9868 transaction failed 29189/-22, size 24-8 line 3013 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder_alloc: 9876: binder_alloc_buf, no vma binder: 9876:9882 transaction failed 29189/-3, size 0-0 line 3136 binder: release 9876:9882 transaction 110 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 110, target dead binder: send failed reply for transaction 114 to 9886:9902 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189