syzbot


BUG: spinlock recursion in release_sock

Status: fixed on 2019/11/27 15:57
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+e67cf584b5e6b35a8ffa@syzkaller.appspotmail.com
Fix commit: 5d92e631b8be net/tls: partially revert fix transition through disconnect with close
First crash: 1771d, last: 1770d
Cause bisection: introduced by (bisect log) :
commit 8822e270d697010e6a4fd42a319dbefc33db91e1
Author: John Hurley <john.hurley@netronome.com>
Date: Sun Jul 7 14:01:54 2019 +0000

  net: core: move push MPLS functionality from OvS to core helper

Crash: general protection fault in send_hsr_supervision_frame (log)
Repro: C syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
BUG: spinlock recursion in release_sock 1 (3) 2019/07/25 14:32

Sample crash report:
BUG: spinlock recursion on CPU#0, syz-executor112/9318
 lock: 0xffff888093f24d08, .magic: dead4ead, .owner: syz-executor112/9318, .owner_cpu: 0
CPU: 0 PID: 9318 Comm: syz-executor112 Not tainted 5.3.0-rc1-next-20190724 #50
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 spin_dump.cold+0x81/0xe6 kernel/locking/spinlock_debug.c:67
 spin_bug kernel/locking/spinlock_debug.c:75 [inline]
 debug_spin_lock_before kernel/locking/spinlock_debug.c:84 [inline]
 do_raw_spin_lock+0x252/0x2e0 kernel/locking/spinlock_debug.c:112
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:136 [inline]
 _raw_spin_lock_bh+0x3b/0x50 kernel/locking/spinlock.c:175
 spin_lock_bh include/linux/spinlock.h:343 [inline]
 release_sock+0x20/0x1c0 net/core/sock.c:2932
 wait_on_pending_writer+0x20f/0x420 net/tls/tls_main.c:91
 tls_sk_proto_cleanup+0x2c5/0x3e0 net/tls/tls_main.c:295
 tls_sk_proto_unhash+0x90/0x3f0 net/tls/tls_main.c:330
 tcp_set_state+0x5b9/0x7d0 net/ipv4/tcp.c:2235
 tcp_done+0xe2/0x320 net/ipv4/tcp.c:3824
 tcp_reset+0x132/0x500 net/ipv4/tcp_input.c:4080
 tcp_validate_incoming+0xa2d/0x1660 net/ipv4/tcp_input.c:5440
 tcp_rcv_established+0x6b5/0x1e70 net/ipv4/tcp_input.c:5648
 tcp_v6_do_rcv+0x41e/0x12c0 net/ipv6/tcp_ipv6.c:1356
 tcp_v6_rcv+0x31f1/0x3500 net/ipv6/tcp_ipv6.c:1588
 ip6_protocol_deliver_rcu+0x2fe/0x1660 net/ipv6/ip6_input.c:397
 ip6_input_finish+0x84/0x170 net/ipv6/ip6_input.c:438
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip6_input+0xe4/0x3f0 net/ipv6/ip6_input.c:447
 dst_input include/net/dst.h:442 [inline]
 ip6_rcv_finish+0x1de/0x2f0 net/ipv6/ip6_input.c:76
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ipv6_rcv+0x10e/0x420 net/ipv6/ip6_input.c:272
 __netif_receive_skb_one_core+0x113/0x1a0 net/core/dev.c:4999
 __netif_receive_skb+0x2c/0x1d0 net/core/dev.c:5113
 process_backlog+0x206/0x750 net/core/dev.c:5924
 napi_poll net/core/dev.c:6347 [inline]
 net_rx_action+0x508/0x10c0 net/core/dev.c:6413
 __do_softirq+0x262/0x98c kernel/softirq.c:292
 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1080
 </IRQ>
 do_softirq.part.0+0x11a/0x170 kernel/softirq.c:337
 do_softirq kernel/softirq.c:329 [inline]
 __local_bh_enable_ip+0x211/0x270 kernel/softirq.c:189
 local_bh_enable include/linux/bottom_half.h:32 [inline]
 inet_csk_listen_stop+0x1e0/0x850 net/ipv4/inet_connection_sock.c:993
 tcp_close+0xd5b/0x10e0 net/ipv4/tcp.c:2338
 inet_release+0xed/0x200 net/ipv4/af_inet.c:427
 inet6_release+0x53/0x80 net/ipv6/af_inet6.c:470
 __sock_release+0xce/0x280 net/socket.c:590
 sock_close+0x1e/0x30 net/socket.c:1268
 __fput+0x2ff/0x890 fs/file_table.c:280
 ____fput+0x16/0x20 fs/file_table.c:313
 task_work_run+0x145/0x1c0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop+0x316/0x380 arch/x86/entry/common.c:163
 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:274 [inline]
 do_syscall_64+0x65f/0x760 arch/x86/entry/common.c:300
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x406571
Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 24 1a 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007ffea23fca50 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000406571
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00000000006dcc20 R08: 0000000000000140 R09: 0000000000000140
R10: 00007ffea23fca80 R11: 0000000000000293 R12: 00007ffea23fcab0
R13: 00000000006dcc2c R14: 000000000000002d R15: 0000000000000007

Crashes (116):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/07/25 07:04 linux-next 9e6dfe8045f8 32329ceb .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/07/24 17:27 linux-next 9e6dfe8045f8 32329ceb .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/07/24 16:57 linux-next 9e6dfe8045f8 32329ceb .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/07/24 12:22 linux-next 9e6dfe8045f8 32329ceb .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/07/24 11:54 linux-next 9e6dfe8045f8 32329ceb .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/07/24 11:53 linux-next 9e6dfe8045f8 32329ceb .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/07/25 16:14 linux-next 13bf6d6a51df 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/25 12:27 linux-next 13bf6d6a51df 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/25 11:14 linux-next 13bf6d6a51df 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/25 09:32 linux-next 13bf6d6a51df 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/25 08:23 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/25 05:40 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/25 04:07 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/25 02:53 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 22:07 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 21:53 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 20:26 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 19:05 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 16:40 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 15:00 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 14:05 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:57 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:56 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:56 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:54 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:53 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:50 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:48 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:48 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:47 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:41 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:41 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:40 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:39 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:36 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:33 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:32 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:30 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:28 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:25 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:21 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:20 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:17 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:12 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:10 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:06 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:05 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:02 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 10:02 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/24 09:58 linux-next 9e6dfe8045f8 32329ceb .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.