syzbot

 sign-in | mailing list | source | docs
🐞 Open [1130] 🐞 Fixed [4212] 🐞 Invalid [9343] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

WARNING: locking bug in ip6_datagram_connect

Status: upstream: reported syz repro on 2020/12/01 10:11
Reported-by: syzbot+d3af95d2506e1511dcc1@syzkaller.appspotmail.com
First crash: 894d, last: 67d

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: WARNING: locking bug in inet_autobind (log)
Repro: syz .config

Fix bisection: the fix commit could be any of (bisect log):
  6efb943b8616 Linux 5.13-rc1
  50be9417e23a Merge tag 'io_uring-5.14-2021-07-09' of git://git.kernel.dk/linux-block
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 WARNING: locking bug in ip6_datagram_connect 1 568d 568d 0/1 auto-closed as invalid on 2021/09/13 10:50
linux-4.19 WARNING: locking bug in ip6_datagram_connect (2) 1 85d 85d 0/1 upstream: reported on 2022/09/11 17:32
Patch testing requests:
Created Duration User Patch Repo Result
2022/09/29 20:30 16m retest repro upstream report log

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 18778 at kernel/locking/lockdep.c:895 look_up_lock_class kernel/locking/lockdep.c:895 [inline]
WARNING: CPU: 0 PID: 18778 at kernel/locking/lockdep.c:895 register_lock_class+0x1fb/0x1180 kernel/locking/lockdep.c:1244
Modules linked in:
CPU: 0 PID: 18778 Comm: syz-executor.3 Not tainted 5.13.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:look_up_lock_class kernel/locking/lockdep.c:895 [inline]
RIP: 0010:register_lock_class+0x1fb/0x1180 kernel/locking/lockdep.c:1244
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 98 0c 00 00 4d 3b 67 18 74 0b 49 81 3f c0 93 42 8f 74 02 <0f> 0b 85 ed 0f 84 20 01 00 00 f6 44 24 04 01 0f 85 15 01 00 00 83
RSP: 0018:ffffc9000aa3fa48 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 1ffff92001547f50 RCX: ffffffff90773720
RDX: 1ffff11005992caf RSI: 0000000000000000 RDI: ffff88802cc96578
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 000000000000062b R12: ffffffff8a683660
R13: ffffffff90ae8800 R14: ffffffff9026fd00 R15: ffff88802cc96560
FS:  00007f4bf26fe700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000568000 CR3: 00000000153b4000 CR4: 0000000000350ef0
Call Trace:
 __lock_acquire+0x102/0x5230 kernel/locking/lockdep.c:4781
 lock_acquire kernel/locking/lockdep.c:5512 [inline]
 lock_acquire+0x1ab/0x740 kernel/locking/lockdep.c:5477
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
 _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:175
 spin_lock_bh include/linux/spinlock.h:359 [inline]
 lock_sock_nested+0x40/0x120 net/core/sock.c:3057
 lock_sock include/net/sock.h:1610 [inline]
 ip6_datagram_connect+0x1d/0x40 net/ipv6/datagram.c:271
 inet_dgram_connect+0x154/0x2d0 net/ipv4/af_inet.c:580
 __sys_connect_file+0x155/0x1a0 net/socket.c:1837
 __sys_connect+0x161/0x190 net/socket.c:1854
 __do_sys_connect net/socket.c:1864 [inline]
 __se_sys_connect net/socket.c:1861 [inline]
 __x64_sys_connect+0x6f/0xb0 net/socket.c:1861
 do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665f9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4bf26fe188 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004665f9
RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000005
RBP: 00000000004bfce1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008
R13: 00007ffe4571146f R14: 00007f4bf26fe300 R15: 0000000000022000

Crashes (12):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2021/05/10 10:33 upstream 6efb943b8616 bc5434be .config log report syz WARNING: locking bug in ip6_datagram_connect
ci-upstream-linux-next-kasan-gce-root 2021/10/18 16:33 linux-next 60e8840126bd 0c5d9412 .config log report syz WARNING: locking bug in ip6_datagram_connect
ci-upstream-kasan-gce-selinux-root 2020/11/24 09:10 upstream d5beb3140f91 1ab681a4 .config log report syz
ci-upstream-kasan-gce-root 2021/11/11 22:35 upstream debe436e77c7 75b04091 .config log report info WARNING: locking bug in ip6_datagram_connect
ci-upstream-kasan-gce 2021/03/19 21:48 upstream 8b12a62a4e3e 2af9d324 .config log report info WARNING: locking bug in ip6_datagram_connect
ci-upstream-linux-next-kasan-gce-root 2021/10/18 13:18 linux-next 60e8840126bd 0c5d9412 .config log report info WARNING: locking bug in ip6_datagram_connect
ci-upstream-kasan-gce 2021/01/17 01:18 upstream 0da0a8a0a0e1 65a7a854 .config log report info
ci-upstream-kasan-gce 2021/01/12 03:18 upstream a0d54b4f5b21 2c1f2513 .config log report info
ci-upstream-kasan-gce-smack-root 2020/09/17 10:22 upstream 5925fa68fe82 8247808b .config log report info
ci-upstream-kasan-gce 2020/09/07 08:39 upstream a8205e310011 abf9ba4f .config log report
ci-upstream-kasan-gce-selinux-root 2020/09/01 04:19 upstream f75aef392f86 d5a3ae1f .config log report
ci-upstream-kasan-gce-root 2020/06/25 05:25 upstream 7ae77150d94d 54566aff .config log report
* Struck through repros no longer work on HEAD.