syzbot

 sign-in | mailing list | source | docs
🐞 Open [196] 🐞 Fixed [42] 🐞 Invalid [470] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

possible deadlock in do_ip_setsockopt

Status: public: reported C repro on 2019/04/11 08:44
Reported-by: syzbot+064cee1e1d47853c27ff@syzkaller.appspotmail.com
First crash: 2196d, last: 2090d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream possible deadlock in do_ip_setsockopt netfilter C 467 2279d 2287d 0/26 closed as dup on 2018/01/30 13:58
upstream possible deadlock in do_ip_setsockopt (2) netfilter 59 2276d 2278d 4/26 fixed on 2018/02/07 13:26
upstream possible deadlock in do_ip_setsockopt (3) netfilter 3731 2259d 2275d 4/26 fixed on 2018/02/26 20:04

Sample crash report:
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)

======================================================
[ INFO: possible circular locking dependency detected ]
4.9.109-ga4230be #48 Not tainted
-------------------------------------------------------
syz-executor240/3796 is trying to acquire lock:
 (sk_lock-AF_INET){+.+.+.}, at: [<ffffffff8334669a>] lock_sock include/net/sock.h:1404 [inline]
 (sk_lock-AF_INET){+.+.+.}, at: [<ffffffff8334669a>] do_ip_setsockopt.isra.13+0x12a/0x2b10 net/ipv4/ip_sockglue.c:636
but task is already holding lock:
 (rtnl_mutex){+.+.+.}, at: [<ffffffff830b5937>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

       lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
       __mutex_lock_common kernel/locking/mutex.c:521 [inline]
       mutex_lock_nested+0xc0/0x870 kernel/locking/mutex.c:621
       rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
       mrtsock_destruct+0x3b/0x1e0 net/ipv4/ipmr.c:1231
       ip_ra_control+0x2c2/0x420 net/ipv4/ip_sockglue.c:360
       do_ip_setsockopt.isra.13+0x15ff/0x2b10 net/ipv4/ip_sockglue.c:1137
       ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240
       raw_setsockopt+0xb7/0xd0 net/ipv4/raw.c:833
       sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706
       SYSC_setsockopt net/socket.c:1772 [inline]
       SyS_setsockopt+0x166/0x260 net/socket.c:1751
       do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
       entry_SYSCALL_64_after_swapgs+0x5d/0xdb

       check_prev_add kernel/locking/lockdep.c:1828 [inline]
       check_prevs_add kernel/locking/lockdep.c:1938 [inline]
       validate_chain kernel/locking/lockdep.c:2265 [inline]
       __lock_acquire+0x3019/0x4070 kernel/locking/lockdep.c:3345
       lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
       lock_sock_nested+0xc6/0x120 net/core/sock.c:2511
       lock_sock include/net/sock.h:1404 [inline]
       do_ip_setsockopt.isra.13+0x12a/0x2b10 net/ipv4/ip_sockglue.c:636
       ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240
       udp_setsockopt+0x4a/0x90 net/ipv4/udp.c:2091
       sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706
       SYSC_setsockopt net/socket.c:1772 [inline]
       SyS_setsockopt+0x166/0x260 net/socket.c:1751
       do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
       entry_SYSCALL_64_after_swapgs+0x5d/0xdb

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(rtnl_mutex);
                               lock(sk_lock-AF_INET);
                               lock(rtnl_mutex);
  lock(sk_lock-AF_INET);

 *** DEADLOCK ***

1 lock held by syz-executor240/3796:
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff830b5937>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70

stack backtrace:
CPU: 1 PID: 3796 Comm: syz-executor240 Not tainted 4.9.109-ga4230be #48
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801da3b7758 ffffffff81eb3e29 ffffffff855e7b60 ffffffff8559cef0
 ffffffff855e7b60 ffff8801c81508e8 ffff8801c8150000 ffff8801da3b77a0
 ffffffff814262d4 0000000000000001 00000000c8150000 0000000000000001
Call Trace:
 [<ffffffff81eb3e29>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81eb3e29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff814262d4>] print_circular_bug.cold.51+0x1bd/0x27d kernel/locking/lockdep.c:1202
 [<ffffffff81239179>] check_prev_add kernel/locking/lockdep.c:1828 [inline]
 [<ffffffff81239179>] check_prevs_add kernel/locking/lockdep.c:1938 [inline]
 [<ffffffff81239179>] validate_chain kernel/locking/lockdep.c:2265 [inline]
 [<ffffffff81239179>] __lock_acquire+0x3019/0x4070 kernel/locking/lockdep.c:3345
 [<ffffffff8123ac40>] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
 [<ffffffff830246a6>] lock_sock_nested+0xc6/0x120 net/core/sock.c:2511
 [<ffffffff8334669a>] lock_sock include/net/sock.h:1404 [inline]
 [<ffffffff8334669a>] do_ip_setsockopt.isra.13+0x12a/0x2b10 net/ipv4/ip_sockglue.c:636
 [<ffffffff833490ba>] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240
 [<ffffffff833f7b1a>] udp_setsockopt+0x4a/0x90 net/ipv4/udp.c:2091
 [<ffffffff8301d75a>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706
 [<ffffffff8301a516>] SYSC_setsockopt net/socket.c:1772 [inline]
 [<ffffffff8301a516>] SyS_setsockopt+0x166/0x260 net/socket.c:1751

Crashes (101):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/06/17 17:57 https://android.googlesource.com/kernel/common android-4.9 a4230beab30a 27c5f59f .config console log report syz C ci-android-49-kasan-gce-root
2018/05/17 17:55 https://android.googlesource.com/kernel/common android-4.9 73fdfa38c59d 90c54c49 .config console log report syz C ci-android-49-kasan-gce-root
2018/08/12 20:49 https://android.googlesource.com/kernel/common android-4.9 9dc978d43ec7 7a88b141 .config console log report ci-android-49-kasan-gce-root
2018/08/07 06:59 https://android.googlesource.com/kernel/common android-4.9 47b77b8d01c4 1beb8136 .config console log report ci-android-49-kasan-gce-root
2018/07/08 15:05 https://android.googlesource.com/kernel/common android-4.9 03c70feafdb2 c9a7a4dc .config console log report ci-android-49-kasan-gce-root
2018/07/08 14:01 https://android.googlesource.com/kernel/common android-4.9 03c70feafdb2 c9a7a4dc .config console log report ci-android-49-kasan-gce-root
2018/07/07 22:37 https://android.googlesource.com/kernel/common android-4.9 03c70feafdb2 ab89aea9 .config console log report ci-android-49-kasan-gce-root
2018/07/06 19:41 https://android.googlesource.com/kernel/common android-4.9 03c70feafdb2 9636bc93 .config console log report ci-android-49-kasan-gce-root
2018/07/05 23:49 https://android.googlesource.com/kernel/common android-4.9 03c70feafdb2 d3b2a0e2 .config console log report ci-android-49-kasan-gce-root
2018/07/05 20:36 https://android.googlesource.com/kernel/common android-4.9 03c70feafdb2 d3b2a0e2 .config console log report ci-android-49-kasan-gce-root
2018/07/05 02:27 https://android.googlesource.com/kernel/common android-4.9 03c70feafdb2 e1b966c6 .config console log report ci-android-49-kasan-gce-root
2018/07/04 11:21 https://android.googlesource.com/kernel/common android-4.9 03c70feafdb2 317fc8ea .config console log report ci-android-49-kasan-gce-root
2018/07/04 09:32 https://android.googlesource.com/kernel/common android-4.9 03c70feafdb2 317fc8ea .config console log report ci-android-49-kasan-gce-root
2018/07/02 20:45 https://android.googlesource.com/kernel/common android-4.9 00a0bcbfcfb6 574780b0 .config console log report ci-android-49-kasan-gce-root
2018/07/02 18:44 https://android.googlesource.com/kernel/common android-4.9 00a0bcbfcfb6 574780b0 .config console log report ci-android-49-kasan-gce-root
2018/07/02 06:54 https://android.googlesource.com/kernel/common android-4.9 00a0bcbfcfb6 dba0b50e .config console log report ci-android-49-kasan-gce-root
2018/07/01 23:11 https://android.googlesource.com/kernel/common android-4.9 00a0bcbfcfb6 dba0b50e .config console log report ci-android-49-kasan-gce-root
2018/07/01 16:11 https://android.googlesource.com/kernel/common android-4.9 00a0bcbfcfb6 dba0b50e .config console log report ci-android-49-kasan-gce-root
2018/07/01 08:42 https://android.googlesource.com/kernel/common android-4.9 00a0bcbfcfb6 dba0b50e .config console log report ci-android-49-kasan-gce-root
2018/07/01 00:47 https://android.googlesource.com/kernel/common android-4.9 00a0bcbfcfb6 dba0b50e .config console log report ci-android-49-kasan-gce-root
2018/06/29 22:20 https://android.googlesource.com/kernel/common android-4.9 00a0bcbfcfb6 dba0b50e .config console log report ci-android-49-kasan-gce-root
2018/06/29 10:18 https://android.googlesource.com/kernel/common android-4.9 00a0bcbfcfb6 dba0b50e .config console log report ci-android-49-kasan-gce-root
2018/06/29 07:38 https://android.googlesource.com/kernel/common android-4.9 00a0bcbfcfb6 dba0b50e .config console log report ci-android-49-kasan-gce-root
2018/06/28 16:04 https://android.googlesource.com/kernel/common android-4.9 00a0bcbfcfb6 dba0b50e .config console log report ci-android-49-kasan-gce-root
2018/06/26 01:38 https://android.googlesource.com/kernel/common android-4.9 7143cbff9ce1 2064fc5c .config console log report ci-android-49-kasan-gce-root
2018/06/25 23:29 https://android.googlesource.com/kernel/common android-4.9 7cecc756ceae 2064fc5c .config console log report ci-android-49-kasan-gce-root
2018/06/25 17:59 https://android.googlesource.com/kernel/common android-4.9 7cecc756ceae 2064fc5c .config console log report ci-android-49-kasan-gce-root
2018/06/25 04:03 https://android.googlesource.com/kernel/common android-4.9 7cecc756ceae 2064fc5c .config console log report ci-android-49-kasan-gce-root
2018/06/24 18:34 https://android.googlesource.com/kernel/common android-4.9 7cecc756ceae 2064fc5c .config console log report ci-android-49-kasan-gce-root
2018/06/24 10:18 https://android.googlesource.com/kernel/common android-4.9 7cecc756ceae 2064fc5c .config console log report ci-android-49-kasan-gce-root
2018/06/23 10:08 https://android.googlesource.com/kernel/common android-4.9 7cecc756ceae 2064fc5c .config console log report ci-android-49-kasan-gce-root
2018/06/22 09:20 https://android.googlesource.com/kernel/common android-4.9 e1815b3eba5b 095ef806 .config console log report ci-android-49-kasan-gce-root
2018/06/22 05:56 https://android.googlesource.com/kernel/common android-4.9 e1815b3eba5b 095ef806 .config console log report ci-android-49-kasan-gce-root
2018/06/21 17:40 https://android.googlesource.com/kernel/common android-4.9 e1815b3eba5b 095ef806 .config console log report ci-android-49-kasan-gce-root
2018/06/21 01:44 https://android.googlesource.com/kernel/common android-4.9 e1815b3eba5b 095ef806 .config console log report ci-android-49-kasan-gce-root
2018/06/19 19:58 https://android.googlesource.com/kernel/common android-4.9 e1815b3eba5b 732e4256 .config console log report ci-android-49-kasan-gce-root
2018/06/19 06:50 https://android.googlesource.com/kernel/common android-4.9 e1815b3eba5b 45c54f75 .config console log report ci-android-49-kasan-gce-root
2018/06/18 21:21 https://android.googlesource.com/kernel/common android-4.9 a4230beab30a 45c54f75 .config console log report ci-android-49-kasan-gce-root
2018/06/18 02:01 https://android.googlesource.com/kernel/common android-4.9 a4230beab30a 27c5f59f .config console log report ci-android-49-kasan-gce-root
2018/06/17 07:14 https://android.googlesource.com/kernel/common android-4.9 a4230beab30a 27c5f59f .config console log report ci-android-49-kasan-gce-root
2018/06/16 19:57 https://android.googlesource.com/kernel/common android-4.9 a4230beab30a 27c5f59f .config console log report ci-android-49-kasan-gce-root
2018/06/15 14:44 https://android.googlesource.com/kernel/common android-4.9 b7d377b4640b 27c5f59f .config console log report ci-android-49-kasan-gce-root
2018/04/28 12:17 https://android.googlesource.com/kernel/common android-4.9 71fce1edd26d d5a5d045 .config console log report ci-android-49-kasan-gce-root
* Struck through repros no longer work on HEAD.