1# Note: 185-188 have the same root cause.
2TITLE: possible deadlock in rtnl_lock
3
4[   82.159264] ======================================================
5[   82.165575] WARNING: possible circular locking dependency detected
6[   82.171877] 4.15.0+ #221 Not tainted
7[   82.175574] ------------------------------------------------------
8[   82.181875] syz-executor0/4217 is trying to acquire lock:
9[   82.187393]  (rtnl_mutex){+.+.}, at: [<00000000ac220e5b>] rtnl_lock+0x17/0x20
10[   82.194670]
11[   82.194670] but task is already holding lock:
12[   82.200628]  (&xt[i].mutex){+.+.}, at: [<000000008835a5fc>] xt_find_table_lock+0x3e/0x3e0
13[   82.208949]
14[   82.208949] which lock already depends on the new lock.
15[   82.208949]
16[   82.217245]
17[   82.217245] the existing dependency chain (in reverse order) is:
18[   82.224847]
19[   82.224847] -> #2 (&xt[i].mutex){+.+.}:
20[   82.230301]        __mutex_lock+0x16f/0x1a80
21[   82.234698]        mutex_lock_nested+0x16/0x20
22[   82.239270]        xt_find_revision+0xc9/0x2b0
23[   82.243836]        do_ip6t_get_ctl+0x963/0xaf0
24[   82.248402]        nf_getsockopt+0x6a/0xc0
25[   82.252628]        ipv6_getsockopt+0x1df/0x2e0
26[   82.257181]        tcp_getsockopt+0x82/0xd0
27[   82.261478]        sock_common_getsockopt+0x95/0xd0
28[   82.266465]        SyS_getsockopt+0x178/0x340
29[   82.270931]        entry_SYSCALL_64_fastpath+0x29/0xa0
30[   82.276178]
31[   82.276178] -> #1 (sk_lock-AF_INET6){+.+.}:
32[   82.281955]        lock_sock_nested+0xc2/0x110
33[   82.286511]        do_ipv6_setsockopt.isra.8+0x3c5/0x39d0
34[   82.292020]        ipv6_setsockopt+0xd7/0x130
35[   82.296485]        rawv6_setsockopt+0x4a/0xf0
36[   82.300951]        sock_common_setsockopt+0x95/0xd0
37[   82.305938]        SyS_setsockopt+0x189/0x360
38[   82.310404]        entry_SYSCALL_64_fastpath+0x29/0xa0
39[   82.315648]
40[   82.315648] -> #0 (rtnl_mutex){+.+.}:
41[   82.320904]        lock_acquire+0x1d5/0x580
42[   82.325195]        __mutex_lock+0x16f/0x1a80
43[   82.329577]        mutex_lock_nested+0x16/0x20
44[   82.334133]        rtnl_lock+0x17/0x20
45[   82.337991]        unregister_netdevice_notifier+0x91/0x4e0
46[   82.343677]        clusterip_tg_destroy+0x389/0x6e0
47[   82.348665]        cleanup_entry+0x218/0x350
48[   82.353041]        __do_replace+0x79d/0xa50
49[   82.357330]        do_ipt_set_ctl+0x40f/0x5f0
50[   82.361794]        nf_setsockopt+0x67/0xc0
51[   82.365998]        ip_setsockopt+0x97/0xa0
52[   82.370210]        tcp_setsockopt+0x82/0xd0
53[   82.374503]        sock_common_setsockopt+0x95/0xd0
54[   82.379488]        SyS_setsockopt+0x189/0x360
55[   82.383951]        entry_SYSCALL_64_fastpath+0x29/0xa0
56[   82.389194]
57[   82.389194] other info that might help us debug this:
58[   82.389194]
59[   82.397306] Chain exists of:
60[   82.397306]   rtnl_mutex --> sk_lock-AF_INET6 --> &xt[i].mutex
61[   82.397306]
62[   82.407594]  Possible unsafe locking scenario:
63[   82.407594]
64[   82.413618]        CPU0                    CPU1
65[   82.418255]        ----                    ----
66[   82.422888]   lock(&xt[i].mutex);
67[   82.426310]                                lock(sk_lock-AF_INET6);
68[   82.432596]                                lock(&xt[i].mutex);
69[   82.438536]   lock(rtnl_mutex);
70[   82.441786]
71[   82.441786]  *** DEADLOCK ***
72[   82.441786]
73[   82.447816] 1 lock held by syz-executor0/4217:
74[   82.452362]  #0:  (&xt[i].mutex){+.+.}, at: [<000000008835a5fc>] xt_find_table_lock+0x3e/0x3e0
75[   82.461090]
76[   82.461090] stack backtrace:
77[   82.465557] CPU: 1 PID: 4217 Comm: syz-executor0 Not tainted 4.15.0+ #221
78[   82.472450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
79[   82.481772] Call Trace:
80[   82.484336]  dump_stack+0x194/0x257
81[   82.487933]  ? arch_local_irq_restore+0x53/0x53
82[   82.492576]  print_circular_bug.isra.38+0x2cd/0x2dc
83[   82.497565]  ? save_trace+0xe0/0x2b0
84[   82.501250]  __lock_acquire+0x30a8/0x3e00
85[   82.505369]  ? print_irqtrace_events+0x270/0x270
86[   82.510099]  ? debug_check_no_locks_freed+0x3c0/0x3c0
87[   82.515261]  ? print_irqtrace_events+0x270/0x270
88[   82.519990]  ? print_irqtrace_events+0x270/0x270
89[   82.524718]  ? __lock_acquire+0x664/0x3e00
90[   82.528924]  ? __lock_acquire+0x664/0x3e00
91[   82.533130]  ? __is_insn_slot_addr+0x1fc/0x330
92[   82.537685]  ? lock_downgrade+0x980/0x980
93[   82.541808]  ? lock_release+0xa40/0xa40
94[   82.545754]  ? bpf_prog_kallsyms_find+0xbd/0x440
95[   82.550483]  ? modules_open+0xa0/0xa0
96[   82.554254]  ? trace_raw_output_xdp_redirect_map_err+0x440/0x440
97[   82.560369]  ? lock_downgrade+0x980/0x980
98[   82.564492]  ? __free_insn_slot+0x5c0/0x5c0
99[   82.568782]  ? check_noncircular+0x20/0x20
100[   82.572986]  lock_acquire+0x1d5/0x580
101[   82.576759]  ? lock_acquire+0x1d5/0x580
102[   82.580705]  ? rtnl_lock+0x17/0x20
103[   82.584218]  ? lock_release+0xa40/0xa40
104[   82.588707]  ? trace_event_raw_event_sched_switch+0x800/0x800
105[   82.594565]  ? unwind_get_return_address+0x61/0xa0
106[   82.599467]  ? rcu_note_context_switch+0x710/0x710
107[   82.604377]  ? __might_sleep+0x95/0x190
108[   82.608332]  ? rtnl_lock+0x17/0x20
109[   82.611847]  __mutex_lock+0x16f/0x1a80
110[   82.615706]  ? rtnl_lock+0x17/0x20
111[   82.619216]  ? save_trace+0xe0/0x2b0
112[   82.622903]  ? rtnl_lock+0x17/0x20
113[   82.626412]  ? __lock_acquire+0x36c0/0x3e00
114[   82.630709]  ? mutex_lock_io_nested+0x1900/0x1900
115[   82.635524]  ? debug_check_no_locks_freed+0x3c0/0x3c0
116[   82.640685]  ? debug_check_no_locks_freed+0x3c0/0x3c0
117[   82.645848]  ? __free_insn_slot+0x5c0/0x5c0
118[   82.650143]  ? is_bpf_text_address+0xa4/0x120
119[   82.654611]  ? rcutorture_record_progress+0x10/0x10
120[   82.659602]  ? is_bpf_text_address+0xa4/0x120
121[   82.664066]  ? kernel_text_address+0x102/0x140
122[   82.668618]  ? __kernel_text_address+0xd/0x40
123[   82.673084]  ? unwind_get_return_address+0x61/0xa0
124[   82.677988]  ? depot_save_stack+0x12c/0x490
125[   82.682284]  ? check_noncircular+0x20/0x20
126[   82.686491]  ? check_noncircular+0x20/0x20
127[   82.690702]  ? save_stack+0x43/0xd0
128[   82.694302]  ? kasan_kmalloc+0xad/0xe0
129[   82.698160]  ? __kmalloc_node+0x47/0x70
130[   82.702111]  ? xt_replace_table+0x23c/0x9d0
131[   82.706405]  ? __do_replace+0x2e3/0xa50
132[   82.710350]  ? do_ipt_set_ctl+0x40f/0x5f0
133[   82.714473]  mutex_lock_nested+0x16/0x20
134[   82.718504]  ? mutex_lock_nested+0x16/0x20
135[   82.722710]  rtnl_lock+0x17/0x20
136[   82.726050]  unregister_netdevice_notifier+0x91/0x4e0
137[   82.731212]  ? clusterip_tg_destroy+0x36a/0x6e0
138[   82.735852]  ? lock_downgrade+0x980/0x980
139[   82.739970]  ? register_netdevice_notifier+0x860/0x860
140[   82.745218]  ? __lock_is_held+0xb6/0x140
141[   82.749254]  ? mark_held_locks+0xaf/0x100
142[   82.753381]  ? do_raw_spin_trylock+0x190/0x190
143[   82.757944]  ? __local_bh_enable_ip+0x121/0x230
144[   82.762586]  ? trace_hardirqs_on_caller+0x421/0x5c0
145[   82.767574]  ? clusterip_tg_destroy+0x350/0x6e0
146[   82.772215]  ? trace_hardirqs_on+0xd/0x10
147[   82.776333]  clusterip_tg_destroy+0x389/0x6e0
148[   82.780799]  ? free_modinfo_version+0x70/0x70
149[   82.785264]  ? clusterip_tg+0xa40/0xa40
150[   82.789207]  ? cpumask_next+0x24/0x30
151[   82.792980]  ? __lock_is_held+0xb6/0x140
152[   82.797015]  ? clusterip_tg+0xa40/0xa40
153[   82.800967]  cleanup_entry+0x218/0x350
154[   82.804823]  ? cleanup_match+0x220/0x220
155[   82.808858]  ? find_next_bit+0x27/0x30
156[   82.812721]  __do_replace+0x79d/0xa50
157[   82.816495]  ? compat_table_info+0x470/0x470
158[   82.820879]  ? kasan_check_write+0x14/0x20
159[   82.825087]  ? _copy_from_user+0x99/0x110
160[   82.829207]  do_ipt_set_ctl+0x40f/0x5f0
161[   82.833153]  ? translate_compat_table+0x1b90/0x1b90
162[   82.838141]  ? __handle_mm_fault+0x3ce0/0x3ce0
163[   82.842701]  ? mutex_unlock+0xd/0x10
164[   82.846389]  ? nf_sockopt_find.constprop.0+0x1a7/0x220
165[   82.851640]  nf_setsockopt+0x67/0xc0
166[   82.855329]  ip_setsockopt+0x97/0xa0
167[   82.859017]  tcp_setsockopt+0x82/0xd0
168[   82.862792]  sock_common_setsockopt+0x95/0xd0
169[   82.867258]  SyS_setsockopt+0x189/0x360
170[   82.871203]  ? SyS_recv+0x40/0x40
171[   82.874629]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
172[   82.879442]  ? trace_hardirqs_on_caller+0x421/0x5c0
173[   82.884436]  ? trace_hardirqs_on_thunk+0x1a/0x1c
174[   82.889170]  entry_SYSCALL_64_fastpath+0x29/0xa0
175[   82.893895] RIP: 0033:0x455d8a
176[   82.897058] RSP: 002b:0000000000a2f598 EFLAGS: 00000206 ORIG_RAX: 0000000000000036
177[   82.904739] RAX: ffffffffffffffda RBX: 00000000006f8a40 RCX: 0000000000455d8a
178[   82.911978] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000013
179[   82.919220] RBP: 00000000006f8a40 R08: 00000000000002d8 R09: 0000000000000001
180[   82.926461] R10: 00000000006f8e68 R11: 0000000000000206 R12: 0000000000000013
181[   82.933703] R13: 00000000006fb9e8 R14: 00000000000140a1 R15: 0000000000000001
182