syz-executor350/5129 is trying to acquire lock:
ffff8880186e2070 (&nr_node->node_lock){+…}-{2:2}, at: spin_lock_bh
include/linux/spinlock.h:356 [inline]
ffff8880186e2070 (&nr_node->node_lock){+…}-{2:2}, at: nr_node_lock
include/net/netrom.h:152 [inline]
ffff8880186e2070 (&nr_node->node_lock){+…}-{2:2}, at: nr_dec_obs
net/netrom/nr_route.c:464 [inline]
ffff8880186e2070 (&nr_node->node_lock){+…}-{2:2}, at:
nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
but task is already holding lock:
ffffffff8f7053b8 (nr_node_list_lock){+…}-{2:2}, at: spin_lock_bh
include/linux/spinlock.h:356 [inline]
ffffffff8f7053b8 (nr_node_list_lock){+…}-{2:2}, at: nr_dec_obs
net/netrom/nr_route.c:462 [inline]
ffffffff8f7053b8 (nr_node_list_lock){+…}-{2:2}, at:
nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (nr_node_list_lock){+…}-{2:2}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
nr_remove_node net/netrom/nr_route.c:299 [inline]
nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355
nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683
sock_do_ioctl+0x158/0x460 net/socket.c:1222
sock_ioctl+0x629/0x8e0 net/socket.c:1341
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:904 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&nr_node->node_lock){+…}-{2:2}:
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
__lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
nr_node_lock include/net/netrom.h:152 [inline]
nr_dec_obs net/netrom/nr_route.c:464 [inline]
nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
sock_do_ioctl+0x158/0x460 net/socket.c:1222
sock_ioctl+0x629/0x8e0 net/socket.c:1341
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:904 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(nr_node_list_lock);
lock(&nr_node->node_lock);
lock(nr_node_list_lock);
lock(&nr_node->node_lock);
*** DEADLOCK***
1 lock held by syz-executor350/5129:
#0: ffffffff8f7053b8 (nr_node_list_lock){+…}-{2:2}, at: spin_lock_bh
include/linux/spinlock.h:356 [inline]
#0: ffffffff8f7053b8 (nr_node_list_lock){+…}-{2:2}, at: nr_dec_obs
net/netrom/nr_route.c:462 [inline]
#0: ffffffff8f70
—truncated—
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6 (6.10-rc1)
git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691
git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7
git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5
git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3
git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5
git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de
git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d
git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6
git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8
launchpad.net/bugs/cve/CVE-2024-38589
nvd.nist.gov/vuln/detail/CVE-2024-38589
security-tracker.debian.org/tracker/CVE-2024-38589
www.cve.org/CVERecord?id=CVE-2024-38589