syzbot


WARNING: locking bug in inet_autobind

Status: fixed on 2023/06/08 14:41
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+94cc2a66fc228b23f360@syzkaller.appspotmail.com
Fix commit: 0b2c59720e65 l2tp: close all race conditions in l2tp_tunnel_register()
First crash: 1972d, last: 649d
Cause bisection: introduced by (bisect log) :
commit c0d9271ecbd891cdeb0fad1edcdd99ee717a655f
Author: Yong Zhao <Yong.Zhao@amd.com>
Date: Fri Feb 1 23:36:21 2019 +0000

  drm/amdgpu: Delete user queue doorbell variables

Crash: WARNING: locking bug in inet_autobind (log)
Repro: syz .config
  
Fix bisection: failed (error log, bisect log)
  
Duplicate bugs (2)
duplicates (2):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
WARNING: locking bug in tomoyo_supervisor tomoyo syz done 1 1640d 1636d 0/28 closed as dup on 2020/04/17 04:38
WARNING: locking bug in inet_send_prepare net C 1 649d 645d 28/28 closed as dup on 2023/01/03 07:32
Discussions (8)
Title Replies (including bot) Last reply
[Patch net v3 0/2] l2tp: fix race conditions in l2tp_tunnel_register() 10 (10) 2023/01/17 10:57
[Patch net v2 0/2] l2tp: fix race conditions in l2tp_tunnel_register() 5 (5) 2023/01/12 13:18
[Patch net 0/2] l2tp: fix race conditions in l2tp_tunnel_register() 11 (11) 2023/01/10 06:49
WARNING: locking bug in inet_autobind 10 (14) 2023/01/03 22:12
[PATCH net] l2tp: Don't sleep and disable BH under writer-side sk_callback_lock 15 (15) 2022/11/24 10:27
[PATCH] lockdep: report name and key when look_up_lock_class() got confused 6 (6) 2022/09/21 08:01
Reminder: 2 open syzbot bugs in "net/l2tp" subsystem 1 (1) 2019/07/24 02:45
Re: WARNING: locking bug in inet_autobind 1 (1) 2019/05/22 03:21
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 WARNING: locking bug in inet_autobind (2) 1 1635d 1635d 0/1 auto-closed as invalid on 2020/08/15 18:15
linux-4.14 WARNING: locking bug in inet_autobind 1 1923d 1923d 0/1 auto-closed as invalid on 2019/11/01 17:53
linux-4.19 WARNING: locking bug in inet_autobind C error 45 621d 1426d 0/1 upstream: reported C repro on 2020/11/12 14:20
Last patch testing requests (13)
Created Duration User Patch Repo Result
2023/01/03 16:25 14m xiyou.wangcong@gmail.com https://github.com/congwang/linux.git net report log
2023/01/02 20:30 15m xiyou.wangcong@gmail.com https://github.com/congwang/linux.git net report log
2022/12/29 10:16 22m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 1b929c02afd3 report log
2022/12/27 04:31 7m retest repro upstream error
2022/12/27 00:31 18m retest repro upstream report log
2022/12/27 00:31 14m retest repro net-old report log
2022/12/27 00:31 15m retest repro net-next-old report log
2022/09/19 06:18 16m penguin-kernel@i-love.sakura.ne.jp patch upstream OK log
2022/09/17 21:29 10m retest repro net-old report log
2022/09/13 04:27 15m retest repro upstream OK log
2022/09/13 01:27 15m retest repro upstream OK log
2022/08/31 03:27 19m retest repro upstream OK log
2022/08/09 18:13 9m gautammenghani201@gmail.com upstream error

Sample crash report:
------------[ cut here ]------------
Looking for class "l2tp_sock" with key l2tp_socket_class, but found a different class "slock-AF_INET6" with the same key
WARNING: CPU: 0 PID: 7280 at kernel/locking/lockdep.c:937 look_up_lock_class+0x97/0x110 kernel/locking/lockdep.c:937
Modules linked in:
CPU: 0 PID: 7280 Comm: syz-executor835 Not tainted 6.2.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:look_up_lock_class+0x97/0x110 kernel/locking/lockdep.c:937
Code: 17 48 81 fa e0 e5 f6 8f 74 59 80 3d 5d bc 57 04 00 75 50 48 c7 c7 00 4d 4c 8a 48 89 04 24 c6 05 49 bc 57 04 01 e8 a9 42 b9 ff <0f> 0b 48 8b 04 24 eb 31 9c 5a 80 e6 02 74 95 e8 45 38 02 fa 85 c0
RSP: 0018:ffffc9000b5378b8 EFLAGS: 00010082
RAX: 0000000000000000 RBX: ffffffff91c06a00 RCX: 0000000000000000
RDX: ffff8880292d0000 RSI: ffffffff8166721c RDI: fffff520016a6f09
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000201 R11: 20676e696b6f6f4c R12: 0000000000000000
R13: ffff88802a5820b0 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f1fd7a97700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000100 CR3: 0000000078ab4000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 register_lock_class+0xbe/0x1120 kernel/locking/lockdep.c:1289
 __lock_acquire+0x109/0x56d0 kernel/locking/lockdep.c:4934
 lock_acquire kernel/locking/lockdep.c:5668 [inline]
 lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
 _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
 spin_lock_bh include/linux/spinlock.h:355 [inline]
 lock_sock_nested+0x5f/0xf0 net/core/sock.c:3473
 lock_sock include/net/sock.h:1725 [inline]
 inet_autobind+0x1a/0x190 net/ipv4/af_inet.c:177
 inet_send_prepare net/ipv4/af_inet.c:813 [inline]
 inet_send_prepare+0x325/0x4e0 net/ipv4/af_inet.c:807
 inet6_sendmsg+0x43/0xe0 net/ipv6/af_inet6.c:655
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg+0xd3/0x120 net/socket.c:734
 __sys_sendto+0x23a/0x340 net/socket.c:2117
 __do_sys_sendto net/socket.c:2129 [inline]
 __se_sys_sendto net/socket.c:2125 [inline]
 __x64_sys_sendto+0xe1/0x1b0 net/socket.c:2125
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f1fd78538b9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1fd7a971f8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f1fd78f0038 RCX: 00007f1fd78538b9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f1fd78f0030 R08: 0000000020000100 R09: 000000000000001c
R10: 0000000004008000 R11: 0000000000000212 R12: 00007f1fd78f003c
R13: 00007f1fd79ffc8f R14: 00007f1fd7a97300 R15: 0000000000022000
 </TASK>

Crashes (103):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/12/29 06:25 upstream 1b929c02afd3 44712fbc .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING: locking bug in inet_autobind
2021/10/26 18:15 upstream 3906fe9bb7f1 d50eb50a .config console log report syz ci-upstream-kasan-gce WARNING: locking bug in inet_autobind
2021/10/06 03:25 upstream f6274b06e326 0a63fd36 .config console log report syz ci-upstream-kasan-gce-root WARNING: locking bug in inet_autobind
2021/04/01 08:37 linux-next 931294922e65 6a81331a .config console log report syz ci-upstream-linux-next-kasan-gce-root WARNING: locking bug in inet_autobind
2020/11/23 02:13 upstream a349e4c65960 0d27f508 .config console log report syz ci-upstream-kasan-gce
2020/06/25 05:56 upstream 7ae77150d94d 54566aff .config console log report syz ci-upstream-kasan-gce-root
2020/04/10 20:48 upstream c0cc271173b2 a8c6a3f8 .config console log report syz ci-upstream-kasan-gce-root
2020/04/01 19:28 upstream 1a323ea5356e a34e2c33 .config console log report syz ci-upstream-kasan-gce
2019/09/19 21:16 upstream b41dae061bbd eb940044 .config console log report syz ci-upstream-kasan-gce
2019/06/06 20:28 upstream 156c05917e09 698773cb .config console log report syz ci-upstream-kasan-gce-smack-root
2020/10/14 16:26 net-old 1e40d75ef90c fc7735a2 .config console log report syz ci-upstream-net-this-kasan-gce
2020/10/12 09:08 net-next-old bc081a693a56 4a77ae0b .config console log report syz ci-upstream-net-kasan-gce
2019/06/06 01:50 net-next-old 2a99283cb7c1 bfb4a51e .config console log report syz ci-upstream-net-kasan-gce
2019/05/21 08:30 net-next-old f49aa1de9836 8285069f .config console log report syz ci-upstream-net-kasan-gce
2020/09/07 04:23 linux-next 7a6956579ce6 abf9ba4f .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/06/16 03:33 linux-next f4788d37bc84 442206d7 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2020/11/30 01:26 upstream aae5ab854e38 a0092f9d .config console log report syz ci-upstream-kasan-gce-386
2020/10/07 13:28 upstream c85fb28b6f99 1880b4a9 .config console log report syz ci-qemu-upstream-386
2020/09/01 11:19 upstream b51594df17d0 d5a3ae1f .config console log report syz ci-upstream-kasan-gce-386
2021/12/24 03:28 upstream 76657eaef4a7 6caa12e4 .config console log report info ci-upstream-kasan-gce WARNING: locking bug in inet_autobind
2021/12/09 05:11 upstream 2a987e65025e a4a2a501 .config console log report info ci-upstream-kasan-gce WARNING: locking bug in inet_autobind
2021/11/13 15:32 upstream 66f4beaa6c1d 83f5c9b5 .config console log report info ci-upstream-kasan-gce WARNING: locking bug in inet_autobind
2021/11/08 07:49 upstream 6b75d88fa81b 4c1be0be .config console log report info ci-upstream-kasan-gce-root WARNING: locking bug in inet_autobind
2021/11/05 01:59 upstream 7ddb58cb0eca 4c1be0be .config console log report info ci-upstream-kasan-gce WARNING: locking bug in inet_autobind
2021/11/01 09:28 upstream 8bb7eca972ad 098b5d53 .config console log report info ci-upstream-kasan-gce WARNING: locking bug in inet_autobind
2021/11/01 05:22 upstream 8bb7eca972ad 098b5d53 .config console log report info ci-qemu-upstream WARNING: locking bug in inet_autobind
2021/08/22 17:12 upstream 9ff50bf2f2ff b599f2fc .config console log report info ci-upstream-kasan-gce WARNING: locking bug in inet_autobind
2021/07/12 23:45 upstream 7fef2edf7cc7 f415556d .config console log report info ci-upstream-kasan-gce-root WARNING: locking bug in inet_autobind
2021/05/17 20:26 upstream d07f6ca923ea a2eb125d .config console log report info ci-upstream-kasan-gce WARNING: locking bug in inet_autobind
2021/03/27 20:38 upstream 0f4498cef9f5 a8529b82 .config console log report info ci-upstream-kasan-gce WARNING: locking bug in inet_autobind
2021/03/24 09:17 upstream 7acac4b3196c e613994b .config console log report info ci-upstream-kasan-gce WARNING: locking bug in inet_autobind
2021/02/20 14:21 upstream f40ddce88593 3e5ed8b4 .config console log report info ci-upstream-kasan-gce WARNING: locking bug in inet_autobind
2021/01/19 16:07 upstream 1e2a199f6ccd 63631df1 .config console log report info ci-upstream-kasan-gce WARNING: locking bug in inet_autobind
2021/01/19 06:49 upstream 1e2a199f6ccd 63631df1 .config console log report info ci-upstream-kasan-gce WARNING: locking bug in inet_autobind
2022/01/19 03:35 upstream 99613159ad74 731a2d23 .config console log report info ci-upstream-kasan-gce-386 WARNING: locking bug in inet_autobind
2021/12/03 04:27 upstream a51e3ac43ddb 61f86278 .config console log report info ci-upstream-kasan-gce-386 WARNING: locking bug in inet_autobind
2021/11/29 03:27 upstream d06c942efea4 63eeac02 .config console log report info ci-upstream-kasan-gce-386 WARNING: locking bug in inet_autobind
2021/06/15 05:05 net-old 49a10c7b1762 1ba81399 .config console log report info ci-upstream-net-this-kasan-gce WARNING: locking bug in inet_autobind
2022/04/16 22:16 net-next-old 0339d25a2807 8bcc32a6 .config console log report info ci-upstream-net-kasan-gce WARNING: locking bug in inet_autobind
2021/04/13 10:40 net-next-old c82eaa4064f3 bfeda1b1 .config console log report info ci-upstream-net-kasan-gce WARNING: locking bug in inet_autobind
2021/08/25 15:11 linux-next 372b2891c15a b599f2fc .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING: locking bug in inet_autobind
2021/07/28 22:10 linux-next 42d0b5f52c9b 9a4781d4 .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING: locking bug in inet_autobind
2021/02/03 13:08 linux-next fb2a9c320987 624dad51 .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING: locking bug in inet_autobind
2021/01/11 17:56 upstream 7c53f6b671f4 2c1f2513 .config console log report info ci-upstream-kasan-gce
2020/09/28 11:53 upstream a1b8638ba132 6bfdbe89 .config console log report info ci-upstream-kasan-gce
2020/09/25 20:15 upstream 171d4ff79f96 4a006f63 .config console log report info ci-upstream-kasan-gce
2020/09/24 08:25 upstream c9c9e6a49f89 54289b08 .config console log report info ci-upstream-kasan-gce
2020/09/06 00:25 upstream 9322c47b21b9 abf9ba4f .config console log report ci-upstream-kasan-gce
2020/08/25 05:17 upstream 6a9dc5fd6170 344da168 .config console log report ci-upstream-kasan-gce
2020/08/14 06:22 upstream 990f227371a4 54ce1ed6 .config console log report ci-upstream-kasan-gce
2019/11/16 23:34 upstream 6c9594bdd474 d5696d51 .config console log report ci-upstream-kasan-gce
2019/11/13 03:16 upstream 100d46bd72ec 048f2d49 .config console log report ci-upstream-kasan-gce
2019/11/12 00:38 upstream 31f4f5b495a6 048f2d49 .config console log report ci-upstream-kasan-gce
2019/11/08 08:11 upstream 847120f859cc 1e35461e .config console log report ci-upstream-kasan-gce-root
2019/10/31 20:30 upstream e472c64aa4fa a41ca8fa .config console log report ci-upstream-kasan-gce
2019/10/19 13:10 upstream b9959c7a347d 8c88c9c1 .config console log report ci-upstream-kasan-gce-root
2020/12/26 18:37 upstream 40f78232f973 821e0b09 .config console log report info ci-upstream-kasan-gce-386
2020/07/06 00:00 upstream 7cc2a8ea1048 51095195 .config console log report ci-upstream-kasan-gce-386
2020/05/24 12:31 upstream 423b8baf18a8 96c92ad3 .config console log report ci-upstream-kasan-gce-386
2019/11/22 04:14 upstream 81429eb8d9ca 8098ea0f .config console log report ci-upstream-kasan-gce-386
2020/05/23 21:00 net-old d04322a0da1e 9682898d .config console log report ci-upstream-net-this-kasan-gce
2020/05/14 03:58 net-old 99addbe31f55 a885920d .config console log report ci-upstream-net-this-kasan-gce
2019/09/28 09:10 net-old faeacb6ddb13 d8074e0b .config console log report ci-upstream-net-this-kasan-gce
2019/09/24 07:17 net-old 34b4688425d9 c68252d2 .config console log report ci-upstream-net-this-kasan-gce
2020/04/09 06:24 net-next-old 63bef48fd6c9 a8c6a3f8 .config console log report ci-upstream-net-kasan-gce
2019/11/14 06:24 net-next-old 90bc72b13c08 048f2d49 .config console log report ci-upstream-net-kasan-gce
2019/10/12 19:17 net-next-old 524900a212f4 426631dd .config console log report ci-upstream-net-kasan-gce
2019/05/16 00:34 net-next-old 35c99ffa20ed 051c49fe .config console log report ci-upstream-net-kasan-gce
2020/08/23 23:57 linux-next 494d311a82bb cef5ae68 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/04/26 02:44 linux-next ac935d227366 b8bb8e5f .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.