WARNING: locking bug in lock_sock_nested
8 views
Skip to first unread message
syzbot
Apr 13, 2019, 8:02:19 PM4/13/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 024f962d Revert "binder: add missing binder_unlock()"
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=10480b53800000
kernel config: https://syzkaller.appspot.com/x/.config?x=9abc1725c387656
dashboard link: https://syzkaller.appspot.com/bug?extid=5d03ab5990e105dc90ab
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=112f2b53800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+5d03ab...@syzkaller.appspotmail.com
IPVS: Creating netns size=2552 id=5
IPVS: Creating netns size=2552 id=6
IPVS: Creating netns size=2552 id=7
IPVS: Creating netns size=2552 id=8
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4192 at kernel/locking/lockdep.c:728
look_up_lock_class kernel/locking/lockdep.c:728 [inline]()
WARNING: CPU: 1 PID: 4192 at kernel/locking/lockdep.c:728
register_lock_class kernel/locking/lockdep.c:750 [inline]()
WARNING: CPU: 1 PID: 4192 at kernel/locking/lockdep.c:728
__lock_acquire+0x3055/0x4b50 kernel/locking/lockdep.c:3101()
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 4192 Comm: syz-executor6 Not tainted 4.4.119-g024f962 #26
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 47826dba128b9550 ffff8801d8cff5e8 ffffffff81d0402d
ffffffff83843b40 ffff8801d8cff6c0 ffffffff83855920 0000000000000009
00000000000002d8 ffff8801d8cff6b0 ffffffff8141aaea 0000000041b58ab3
Call Trace:
[<ffffffff81d0402d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d0402d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff8141aaea>] panic+0x1aa/0x388 kernel/panic.c:112
[<ffffffff8112d885>] warn_slowpath_common+0x125/0x140 kernel/panic.c:455
[<ffffffff8112dae9>] warn_slowpath_null+0x29/0x30 kernel/panic.c:492
[<ffffffff8123a465>] look_up_lock_class kernel/locking/lockdep.c:728
[inline]
[<ffffffff8123a465>] register_lock_class kernel/locking/lockdep.c:750
[inline]
[<ffffffff8123a465>] __lock_acquire+0x3055/0x4b50
kernel/locking/lockdep.c:3101
[<ffffffff8123d7ce>] lock_acquire+0x15e/0x460 kernel/locking/lockdep.c:3592
[<ffffffff837728fa>] __raw_spin_lock_bh
include/linux/spinlock_api_smp.h:137 [inline]
[<ffffffff837728fa>] _raw_spin_lock_bh+0x3a/0x50
kernel/locking/spinlock.c:175
[<ffffffff82df40f3>] spin_lock_bh include/linux/spinlock.h:307 [inline]
[<ffffffff82df40f3>] lock_sock_nested+0x43/0x120 net/core/sock.c:2451
[<ffffffff830f9e8a>] lock_sock include/net/sock.h:1493 [inline]
[<ffffffff830f9e8a>] do_ip_getsockopt+0x16a/0x1530
net/ipv4/ip_sockglue.c:1295
[<ffffffff830fb2df>] ip_getsockopt+0x8f/0x180 net/ipv4/ip_sockglue.c:1520
[<ffffffff831a0ea5>] udp_getsockopt+0x45/0x80 net/ipv4/udp.c:2226
[<ffffffff82df1a05>] sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2618
[<ffffffff82def13a>] SYSC_getsockopt net/socket.c:1798 [inline]
[<ffffffff82def13a>] SyS_getsockopt+0x14a/0x230 net/socket.c:1780
[<ffffffff8377361f>] entry_SYSCALL_64_fastpath+0x1c/0x98
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 024f962d Revert "binder: add missing binder_unlock()"
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=10480b53800000
kernel config: https://syzkaller.appspot.com/x/.config?x=9abc1725c387656
dashboard link: https://syzkaller.appspot.com/bug?extid=5d03ab5990e105dc90ab
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=112f2b53800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+5d03ab...@syzkaller.appspotmail.com
IPVS: Creating netns size=2552 id=5
IPVS: Creating netns size=2552 id=6
IPVS: Creating netns size=2552 id=7
IPVS: Creating netns size=2552 id=8
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4192 at kernel/locking/lockdep.c:728
look_up_lock_class kernel/locking/lockdep.c:728 [inline]()
WARNING: CPU: 1 PID: 4192 at kernel/locking/lockdep.c:728
register_lock_class kernel/locking/lockdep.c:750 [inline]()
WARNING: CPU: 1 PID: 4192 at kernel/locking/lockdep.c:728
__lock_acquire+0x3055/0x4b50 kernel/locking/lockdep.c:3101()
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 4192 Comm: syz-executor6 Not tainted 4.4.119-g024f962 #26
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 47826dba128b9550 ffff8801d8cff5e8 ffffffff81d0402d
ffffffff83843b40 ffff8801d8cff6c0 ffffffff83855920 0000000000000009
00000000000002d8 ffff8801d8cff6b0 ffffffff8141aaea 0000000041b58ab3
Call Trace:
[<ffffffff81d0402d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d0402d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff8141aaea>] panic+0x1aa/0x388 kernel/panic.c:112
[<ffffffff8112d885>] warn_slowpath_common+0x125/0x140 kernel/panic.c:455
[<ffffffff8112dae9>] warn_slowpath_null+0x29/0x30 kernel/panic.c:492
[<ffffffff8123a465>] look_up_lock_class kernel/locking/lockdep.c:728
[inline]
[<ffffffff8123a465>] register_lock_class kernel/locking/lockdep.c:750
[inline]
[<ffffffff8123a465>] __lock_acquire+0x3055/0x4b50
kernel/locking/lockdep.c:3101
[<ffffffff8123d7ce>] lock_acquire+0x15e/0x460 kernel/locking/lockdep.c:3592
[<ffffffff837728fa>] __raw_spin_lock_bh
include/linux/spinlock_api_smp.h:137 [inline]
[<ffffffff837728fa>] _raw_spin_lock_bh+0x3a/0x50
kernel/locking/spinlock.c:175
[<ffffffff82df40f3>] spin_lock_bh include/linux/spinlock.h:307 [inline]
[<ffffffff82df40f3>] lock_sock_nested+0x43/0x120 net/core/sock.c:2451
[<ffffffff830f9e8a>] lock_sock include/net/sock.h:1493 [inline]
[<ffffffff830f9e8a>] do_ip_getsockopt+0x16a/0x1530
net/ipv4/ip_sockglue.c:1295
[<ffffffff830fb2df>] ip_getsockopt+0x8f/0x180 net/ipv4/ip_sockglue.c:1520
[<ffffffff831a0ea5>] udp_getsockopt+0x45/0x80 net/ipv4/udp.c:2226
[<ffffffff82df1a05>] sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2618
[<ffffffff82def13a>] SYSC_getsockopt net/socket.c:1798 [inline]
[<ffffffff82def13a>] SyS_getsockopt+0x14a/0x230 net/socket.c:1780
[<ffffffff8377361f>] entry_SYSCALL_64_fastpath+0x1c/0x98
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages