[syzbot] [net?] possible deadlock in rtnl_lock (8)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+51cf7cc5f9ffc1006ef2@syzkaller.appspotmail.com>
To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
	 linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
	pabeni@redhat.com,  syzkaller-bugs@googlegroups.com
Subject: [syzbot] [net?] possible deadlock in rtnl_lock (8)
Date: Sun, 18 Aug 2024 20:49:26 -0700	[thread overview]
Message-ID: <0000000000000311430620013217@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    1fb918967b56 Merge tag 'for-6.11-rc3-tag' of git://git.ker..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=129dd7d9980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=804764788c03071f
dashboard link: https://syzkaller.appspot.com/bug?extid=51cf7cc5f9ffc1006ef2
compiler:       aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-1fb91896.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7b8fac7b5b8b/vmlinux-1fb91896.xz
kernel image: https://storage.googleapis.com/syzbot-assets/676950a147e6/Image-1fb91896.gz.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+51cf7cc5f9ffc1006ef2@syzkaller.appspotmail.com

======================================================
WARNING: possible circular locking dependency detected
6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 Not tainted
------------------------------------------------------
syz.0.5481/17612 is trying to acquire lock:
ffff8000880033a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x1c/0x28 net/core/rtnetlink.c:79

but task is already holding lock:
ffff000010332b50 (&smc->clcsock_release_lock){+.+.}-{3:3}, at: smc_setsockopt+0xd8/0xcec net/smc/af_smc.c:3064

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&smc->clcsock_release_lock){+.+.}-{3:3}:
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x134/0x840 kernel/locking/mutex.c:752
       mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:804
       smc_switch_to_fallback+0x34/0x80c net/smc/af_smc.c:902
       smc_sendmsg+0xe4/0x8f8 net/smc/af_smc.c:2779
       sock_sendmsg_nosec net/socket.c:730 [inline]
       __sock_sendmsg+0xc8/0x168 net/socket.c:745
       __sys_sendto+0x1a8/0x254 net/socket.c:2204
       __do_sys_sendto net/socket.c:2216 [inline]
       __se_sys_sendto net/socket.c:2212 [inline]
       __arm64_sys_sendto+0xc0/0x134 net/socket.c:2212
       __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
       invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:49
       el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:132
       do_el0_svc+0x40/0x58 arch/arm64/kernel/syscall.c:151
       el0_svc+0x50/0x180 arch/arm64/kernel/entry-common.c:712
       el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598

-> #1 (sk_lock-AF_INET){+.+.}-{0:0}:
       lock_sock_nested+0x38/0xe8 net/core/sock.c:3543
       lock_sock include/net/sock.h:1607 [inline]
       sockopt_lock_sock net/core/sock.c:1061 [inline]
       sockopt_lock_sock+0x58/0x74 net/core/sock.c:1052
       do_ip_setsockopt+0xe0/0x2358 net/ipv4/ip_sockglue.c:1078
       ip_setsockopt+0x34/0x9c net/ipv4/ip_sockglue.c:1417
       raw_setsockopt+0x7c/0x2e0 net/ipv4/raw.c:845
       sock_common_setsockopt+0x70/0xe0 net/core/sock.c:3735
       do_sock_setsockopt+0x17c/0x354 net/socket.c:2324
       __sys_setsockopt+0xdc/0x178 net/socket.c:2347
       __do_sys_setsockopt net/socket.c:2356 [inline]
       __se_sys_setsockopt net/socket.c:2353 [inline]
       __arm64_sys_setsockopt+0xa4/0x100 net/socket.c:2353
       __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
       invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:49
       el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:132
       do_el0_svc+0x40/0x58 arch/arm64/kernel/syscall.c:151
       el0_svc+0x50/0x180 arch/arm64/kernel/entry-common.c:712
       el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598

-> #0 (rtnl_mutex){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3133 [inline]
       check_prevs_add kernel/locking/lockdep.c:3252 [inline]
       validate_chain kernel/locking/lockdep.c:3868 [inline]
       __lock_acquire+0x2aa4/0x6340 kernel/locking/lockdep.c:5142
       lock_acquire kernel/locking/lockdep.c:5759 [inline]
       lock_acquire+0x48c/0x7a4 kernel/locking/lockdep.c:5724
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x134/0x840 kernel/locking/mutex.c:752
       mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:804
       rtnl_lock+0x1c/0x28 net/core/rtnetlink.c:79
       do_ipv6_setsockopt+0x1a04/0x3814 net/ipv6/ipv6_sockglue.c:566
       ipv6_setsockopt+0xc8/0x140 net/ipv6/ipv6_sockglue.c:993
       tcp_setsockopt+0x90/0xcc net/ipv4/tcp.c:3768
       sock_common_setsockopt+0x70/0xe0 net/core/sock.c:3735
       smc_setsockopt+0x150/0xcec net/smc/af_smc.c:3072
       do_sock_setsockopt+0x17c/0x354 net/socket.c:2324
       __sys_setsockopt+0xdc/0x178 net/socket.c:2347
       __do_sys_setsockopt net/socket.c:2356 [inline]
       __se_sys_setsockopt net/socket.c:2353 [inline]
       __arm64_sys_setsockopt+0xa4/0x100 net/socket.c:2353
       __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
       invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:49
       el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:132
       do_el0_svc+0x40/0x58 arch/arm64/kernel/syscall.c:151
       el0_svc+0x50/0x180 arch/arm64/kernel/entry-common.c:712
       el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598

other info that might help us debug this:

Chain exists of:
  rtnl_mutex --> sk_lock-AF_INET --> &smc->clcsock_release_lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&smc->clcsock_release_lock);
                               lock(sk_lock-AF_INET);
                               lock(&smc->clcsock_release_lock);
  lock(rtnl_mutex);

 *** DEADLOCK ***

1 lock held by syz.0.5481/17612:
 #0: ffff000010332b50 (&smc->clcsock_release_lock){+.+.}-{3:3}, at: smc_setsockopt+0xd8/0xcec net/smc/af_smc.c:3064

stack backtrace:
CPU: 1 UID: 0 PID: 17612 Comm: syz.0.5481 Not tainted 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0
Hardware name: linux,dummy-virt (DT)
Call trace:
 dump_backtrace+0x9c/0x11c arch/arm64/kernel/stacktrace.c:317
 show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:324
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0xa4/0xf4 lib/dump_stack.c:119
 dump_stack+0x1c/0x28 lib/dump_stack.c:128
 print_circular_bug+0x420/0x6f8 kernel/locking/lockdep.c:2059
 check_noncircular+0x2dc/0x364 kernel/locking/lockdep.c:2186
 check_prev_add kernel/locking/lockdep.c:3133 [inline]
 check_prevs_add kernel/locking/lockdep.c:3252 [inline]
 validate_chain kernel/locking/lockdep.c:3868 [inline]
 __lock_acquire+0x2aa4/0x6340 kernel/locking/lockdep.c:5142
 lock_acquire kernel/locking/lockdep.c:5759 [inline]
 lock_acquire+0x48c/0x7a4 kernel/locking/lockdep.c:5724
 __mutex_lock_common kernel/locking/mutex.c:608 [inline]
 __mutex_lock+0x134/0x840 kernel/locking/mutex.c:752
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:804
 rtnl_lock+0x1c/0x28 net/core/rtnetlink.c:79
 do_ipv6_setsockopt+0x1a04/0x3814 net/ipv6/ipv6_sockglue.c:566
 ipv6_setsockopt+0xc8/0x140 net/ipv6/ipv6_sockglue.c:993
 tcp_setsockopt+0x90/0xcc net/ipv4/tcp.c:3768
 sock_common_setsockopt+0x70/0xe0 net/core/sock.c:3735
 smc_setsockopt+0x150/0xcec net/smc/af_smc.c:3072
 do_sock_setsockopt+0x17c/0x354 net/socket.c:2324
 __sys_setsockopt+0xdc/0x178 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __arm64_sys_setsockopt+0xa4/0x100 net/socket.c:2353
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:49
 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x40/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x50/0x180 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

next             reply	other threads:[~2024-08-19  3:49 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-19  3:49 syzbot [this message]
2024-09-08  8:12 ` [syzbot] [net?] possible deadlock in rtnl_lock (8) syzbot
2024-09-09  8:02   ` Eric Dumazet
2024-09-09 11:44     ` Wenjia Zhang
2024-09-10  5:55       ` D. Wythe
2024-09-10  6:36         ` Eric Dumazet
2024-09-10  6:58           ` D. Wythe
2024-09-11  8:52 ` [syzbot] " syzbot
2024-09-11  9:42 ` syzbot
2024-09-11  9:48 ` syzbot
2024-09-11 10:15 ` syzbot
2024-09-11 10:22 ` syzbot
2024-09-11 11:33 ` syzbot
2024-09-11 12:27 ` syzbot
     [not found] <a29d13cf-c55f-4658-bfb9-99f48a0d65c2@linux.alibaba.com>
2024-09-11  9:34 ` syzbot
     [not found] <bcb5d5d6-fac4-4297-91bf-2d40fb023153@linux.alibaba.com>
2024-09-11  9:44 ` syzbot
     [not found] <2d1b512d-c591-46b4-8dce-9990f6154dc0@linux.alibaba.com>
2024-09-11 10:00 ` syzbot
     [not found] <818d52f9-d557-45b5-9711-a672ea7c7bf1@linux.alibaba.com>
2024-09-11 10:24 ` syzbot
     [not found] <59cf8d3e-2e3a-4ff3-93f5-216fa6052a66@linux.alibaba.com>
2024-09-11 10:34 ` syzbot
     [not found] <6631d99a-2dda-454d-8b55-5c207754c8a8@linux.alibaba.com>
2024-09-11 12:07 ` syzbot
     [not found] <a05c9ba4-d7e3-4c0b-859a-3f55ad6e594e@linux.alibaba.com>
2024-09-11 13:04 ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0000000000000311430620013217@google.com \
    --to=syzbot+51cf7cc5f9ffc1006ef2@syzkaller.appspotmail.com \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.