syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [142] 🐞 Fixed [16] 🐞 Invalid [163] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | possible deadlock in do_ipv6_setsockopt (2) netfilter | 3642 | 2253d | 2268d | 4/26 | fixed on 2018/02/26 20:04 | |||
| upstream | possible deadlock in do_ipv6_setsockopt (3) net | 1 | 1125d | 1124d | 0/26 | auto-closed as invalid on 2021/07/26 21:07 | |||
| upstream | possible deadlock in do_ipv6_setsockopt netfilter | C | 109 | 2274d | 2281d | 22/26 | closed as dup on 2018/01/30 13:59 |
======================================================
[ INFO: possible circular locking dependency detected ]
4.4.162+ #120 Not tainted
-------------------------------------------------------
syz-executor2/17087 is trying to acquire lock:
(rtnl_mutex){+.+.+.}, at: [ 448.759020] binder: 17093:17094 ioctl 4028700f 200001c0 returned -22
binder: 17093:17095 ioctl 4028700f 200001c0 returned -22
[<ffffffff822664d7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
but task is already holding lock:
(sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff825f6a12>] lock_sock include/net/sock.h:1493 [inline]
(sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff825f6a12>] do_ipv6_setsockopt.isra.4+0x252/0x2d50 net/ipv6/ipv6_sockglue.c:166
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
[<ffffffff81202cde>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
[<ffffffff821dc1b6>] lock_sock_nested+0xc6/0x120 net/core/sock.c:2459
[<ffffffff825f6992>] lock_sock include/net/sock.h:1493 [inline]
[<ffffffff825f6992>] do_ipv6_setsockopt.isra.4+0x1d2/0x2d50 net/ipv6/ipv6_sockglue.c:166
[<ffffffff825f95a7>] ipv6_setsockopt+0x97/0x130 net/ipv6/ipv6_sockglue.c:904
[<ffffffff823f0c18>] tcp_setsockopt+0x88/0xe0 net/ipv4/tcp.c:2643
[<ffffffff821d63ba>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2659
[<ffffffff821d3df6>] SYSC_setsockopt net/socket.c:1780 [inline]
[<ffffffff821d3df6>] SyS_setsockopt+0x166/0x260 net/socket.c:1759
[<ffffffff827121a1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
[<ffffffff811ff0fc>] check_prev_add kernel/locking/lockdep.c:1853 [inline]
[<ffffffff811ff0fc>] check_prevs_add kernel/locking/lockdep.c:1958 [inline]
[<ffffffff811ff0fc>] validate_chain kernel/locking/lockdep.c:2144 [inline]
[<ffffffff811ff0fc>] __lock_acquire+0x3e6c/0x5f10 kernel/locking/lockdep.c:3213
[<ffffffff81202cde>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
[<ffffffff82706c2b>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
[<ffffffff82706c2b>] mutex_lock_nested+0xbb/0x8d0 kernel/locking/mutex.c:621
[<ffffffff822664d7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
[<ffffffff82630b5e>] ipv6_sock_mc_close+0x10e/0x350 net/ipv6/mcast.c:288
[<ffffffff825f74c7>] do_ipv6_setsockopt.isra.4+0xd07/0x2d50 net/ipv6/ipv6_sockglue.c:202
[<ffffffff825f95a7>] ipv6_setsockopt+0x97/0x130 net/ipv6/ipv6_sockglue.c:904
[<ffffffff8260e41a>] udpv6_setsockopt+0x4a/0x90 net/ipv6/udp.c:1436
[<ffffffff821d63ba>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2659
[<ffffffff821d3df6>] SYSC_setsockopt net/socket.c:1780 [inline]
[<ffffffff821d3df6>] SyS_setsockopt+0x166/0x260 net/socket.c:1759
[<ffffffff827121a1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sk_lock-AF_INET6);
lock(rtnl_mutex);
lock(sk_lock-AF_INET6);
lock(rtnl_mutex);
*** DEADLOCK ***
1 lock held by syz-executor2/17087:
#0: (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff825f6a12>] lock_sock include/net/sock.h:1493 [inline]
#0: (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffff825f6a12>] do_ipv6_setsockopt.isra.4+0x252/0x2d50 net/ipv6/ipv6_sockglue.c:166
stack backtrace:
CPU: 0 PID: 17087 Comm: syz-executor2 Not tainted 4.4.162+ #120
0000000000000000 034b4dac15a52b69 ffff8801c169f5a8 ffffffff81aa526d
ffffffff83a857b0 ffffffff83ac3eb0 ffffffff83a857b0 ffff8800b5a8e7e8
ffff8800b5a8df00 ffff8801c169f5f0 ffffffff813a834a 0000000000000001
Call Trace:
[<ffffffff81aa526d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81aa526d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff813a834a>] print_circular_bug.cold.34+0x2f7/0x432 kernel/locking/lockdep.c:1226
[<ffffffff811ff0fc>] check_prev_add kernel/locking/lockdep.c:1853 [inline]
[<ffffffff811ff0fc>] check_prevs_add kernel/locking/lockdep.c:1958 [inline]
[<ffffffff811ff0fc>] validate_chain kernel/locking/lockdep.c:2144 [inline]
[<ffffffff811ff0fc>] __lock_acquire+0x3e6c/0x5f10 kernel/locking/lockdep.c:3213
[<ffffffff81202cde>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
[<ffffffff82706c2b>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
[<ffffffff82706c2b>] mutex_lock_nested+0xbb/0x8d0 kernel/locking/mutex.c:621
[<ffffffff822664d7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
[<ffffffff82630b5e>] ipv6_sock_mc_close+0x10e/0x350 net/ipv6/mcast.c:288
[<ffffffff825f74c7>] do_ipv6_setsockopt.isra.4+0xd07/0x2d50 net/ipv6/ipv6_sockglue.c:202
[<ffffffff825f95a7>] ipv6_setsockopt+0x97/0x130 net/ipv6/ipv6_sockglue.c:904
[<ffffffff8260e41a>] udpv6_setsockopt+0x4a/0x90 net/ipv6/udp.c:1436
[<ffffffff821d63ba>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2659
[<ffffffff821d3df6>] SYSC_setsockopt net/socket.c:1780 [inline]
[<ffffffff821d3df6>] SyS_setsockopt+0x166/0x260 net/socket.c:1759
[<ffffffff827121a1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
binder: 17129:17130 ioctl 4028700f 200001c0 returned -22
device lo left promiscuous mode
audit: type=1400 audit(1541745560.570:30): avc: denied { relabelto } for pid=17438 comm="syz-executor1" name="UNIX" dev="sockfs" ino=66336 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ksm_device_t:s0 tclass=unix_dgram_socket permissive=1
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2018/11/09 06:39 | https://android.googlesource.com/kernel/common android-4.4 | 64102d341c13 | 8fd01d3a | .config | console log | report | ci-android-44-kasan-gce | |||||
| 2018/10/29 09:55 | https://android.googlesource.com/kernel/common android-4.4 | c4b00eb70496 | 9ca2afa1 | .config | console log | report | ci-android-44-kasan-gce | |||||
| 2018/10/26 08:07 | https://android.googlesource.com/kernel/common android-4.4 | c4b00eb70496 | a8292de9 | .config | console log | report | ci-android-44-kasan-gce | |||||
| 2018/11/12 00:01 | https://android.googlesource.com/kernel/common android-4.4 | 0ca3fcabdc05 | 7b5f8621 | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
| 2018/10/30 15:24 | https://android.googlesource.com/kernel/common android-4.4 | c4b00eb70496 | 8dbb755a | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
| 2018/10/15 17:10 | https://android.googlesource.com/kernel/common android-4.4 | 8e7f196597f3 | 8cd30605 | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
| 2018/07/22 22:54 | https://android.googlesource.com/kernel/common android-4.4 | 1b37d68f4c82 | 8cc079c3 | .config | console log | report | ci-android-44-kasan-gce-386 |