syzbot


possible deadlock in l2tp_tunnel_register

Status: fixed on 2023/04/11 15:30
Reported-by: syzbot+d7b787d5630e0803b334@syzkaller.appspotmail.com
Fix commit: 4bb736b40475 l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()
First crash: 359d, last: 357d
Fix bisection: fixed by (bisect log) :
commit 4bb736b40475528ac1aa8c98b368563618488a70
Author: Shigeru Yoshida <syoshida@redhat.com>
Date: Thu Feb 16 16:37:10 2023 +0000

  l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()

  
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream possible deadlock in l2tp_tunnel_register (2) net C 153 361d 370d 22/26 fixed on 2023/06/08 14:41
linux-5.15 possible deadlock in l2tp_tunnel_register C done 41 357d 359d 3/3 fixed on 2023/04/11 15:29
upstream possible deadlock in l2tp_tunnel_register net C error 9492 370d 470d 22/26 fixed on 2023/02/24 13:50

Sample crash report:
============================================
WARNING: possible recursive locking detected
6.1.15-syzkaller #0 Not tainted
--------------------------------------------
syz-executor140/4306 is trying to acquire lock:
ffff0000d4d5e130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1721 [inline]
ffff0000d4d5e130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: l2tp_tunnel_register+0x888/0x19f8 net/l2tp/l2tp_core.c:1483

but task is already holding lock:
ffff0000cf697130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1721 [inline]
ffff0000cf697130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0x53c/0x1348 net/l2tp/l2tp_ppp.c:675

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(sk_lock-AF_PPPOX);
  lock(sk_lock-AF_PPPOX);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

1 lock held by syz-executor140/4306:
 #0: ffff0000cf697130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1721 [inline]
 #0: ffff0000cf697130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0x53c/0x1348 net/l2tp/l2tp_ppp.c:675

stack backtrace:
CPU: 0 PID: 4306 Comm: syz-executor140 Not tainted 6.1.15-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 __lock_acquire+0x6310/0x764c kernel/locking/lockdep.c:5055
 lock_acquire+0x2f8/0x8dc kernel/locking/lockdep.c:5668
 lock_sock_nested+0x78/0x138 net/core/sock.c:3448
 lock_sock include/net/sock.h:1721 [inline]
 l2tp_tunnel_register+0x888/0x19f8 net/l2tp/l2tp_core.c:1483
 pppol2tp_connect+0x944/0x1348 net/l2tp/l2tp_ppp.c:723
 __sys_connect_file net/socket.c:1979 [inline]
 __sys_connect+0x268/0x290 net/socket.c:1996
 __do_sys_connect net/socket.c:2006 [inline]
 __se_sys_connect net/socket.c:2003 [inline]
 __arm64_sys_connect+0x7c/0x94 net/socket.c:2003
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581

Crashes (44):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/03/08 11:25 linux-6.1.y 42616e0f09fb d2b00170 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/10 00:40 linux-6.1.y 42616e0f09fb f08b59ac .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/10 08:22 linux-6.1.y 42616e0f09fb 5205ef30 .config console log report info ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/10 01:53 linux-6.1.y 42616e0f09fb f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/09 23:19 linux-6.1.y 42616e0f09fb f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/09 19:52 linux-6.1.y 42616e0f09fb f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/09 10:57 linux-6.1.y 42616e0f09fb f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/09 08:12 linux-6.1.y 42616e0f09fb f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/09 00:31 linux-6.1.y 42616e0f09fb 4fc6d98d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/08 22:00 linux-6.1.y 42616e0f09fb 4fc6d98d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/08 20:34 linux-6.1.y 42616e0f09fb 4fc6d98d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/08 19:39 linux-6.1.y 42616e0f09fb 4fc6d98d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/08 19:02 linux-6.1.y 42616e0f09fb 4fc6d98d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/08 17:04 linux-6.1.y 42616e0f09fb 4fc6d98d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/08 08:33 linux-6.1.y 42616e0f09fb d2b00170 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/08 06:14 linux-6.1.y 42616e0f09fb d2b00170 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/08 04:15 linux-6.1.y 42616e0f09fb d2b00170 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/07 23:54 linux-6.1.y 42616e0f09fb d7ea8bc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/07 23:46 linux-6.1.y 42616e0f09fb d7ea8bc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/07 22:30 linux-6.1.y 42616e0f09fb d7ea8bc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/07 21:38 linux-6.1.y 42616e0f09fb d7ea8bc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/07 19:02 linux-6.1.y 42616e0f09fb d7ea8bc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in l2tp_tunnel_register
2023/03/10 05:55 linux-6.1.y 42616e0f09fb f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/10 01:49 linux-6.1.y 42616e0f09fb f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/10 00:15 linux-6.1.y 42616e0f09fb f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/09 22:41 linux-6.1.y 42616e0f09fb f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/09 08:39 linux-6.1.y 42616e0f09fb f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/09 08:11 linux-6.1.y 42616e0f09fb f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/08 18:01 linux-6.1.y 42616e0f09fb 4fc6d98d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/08 18:01 linux-6.1.y 42616e0f09fb 4fc6d98d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/08 16:32 linux-6.1.y 42616e0f09fb 4fc6d98d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/08 16:00 linux-6.1.y 42616e0f09fb 4fc6d98d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/08 04:41 linux-6.1.y 42616e0f09fb d2b00170 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/08 04:35 linux-6.1.y 42616e0f09fb d2b00170 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/08 04:16 linux-6.1.y 42616e0f09fb d2b00170 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/08 03:55 linux-6.1.y 42616e0f09fb d2b00170 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/07 22:41 linux-6.1.y 42616e0f09fb d7ea8bc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/07 22:31 linux-6.1.y 42616e0f09fb d7ea8bc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/07 21:39 linux-6.1.y 42616e0f09fb d7ea8bc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/07 20:49 linux-6.1.y 42616e0f09fb d7ea8bc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/07 20:45 linux-6.1.y 42616e0f09fb d7ea8bc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
2023/03/07 19:06 linux-6.1.y 42616e0f09fb d7ea8bc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in l2tp_tunnel_register
* Struck through repros no longer work on HEAD.