Re: [syzbot] [net?] possible deadlock in do_ipv6_setsockopt (4)
From: Hillf Danton
Date: Mon Feb 03 2025 - 03:07:49 EST
On Sun, 02 Feb 2025 14:01:18 -0800
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: c2933b2befe2 Merge tag 'net-6.14-rc1' of git://git.kernel...
> git tree: net-next
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12c69724580000
#syz test
--- x/net/smc/af_smc.c
+++ y/net/smc/af_smc.c
@@ -1597,6 +1597,7 @@ static void smc_connect_work(struct work
rc = 0;
}
release_sock(smc->clcsock->sk);
+ rtnl_lock();
lock_sock(&smc->sk);
if (rc != 0 || smc->sk.sk_err) {
smc->sk.sk_state = SMC_CLOSED;
@@ -1624,6 +1625,7 @@ out:
}
}
release_sock(&smc->sk);
+ rtnl_unlock();
}
int smc_connect(struct socket *sock, struct sockaddr *addr,
@@ -1641,6 +1643,7 @@ int smc_connect(struct socket *sock, str
if (addr->sa_family != AF_INET && addr->sa_family != AF_INET6)
goto out_err;
+ rtnl_lock();
lock_sock(sk);
switch (sock->state) {
default:
@@ -1703,6 +1706,7 @@ connected:
sock->state = SS_CONNECTED;
out:
release_sock(sk);
+ rtnl_unlock();
out_err:
return rc;
}
--- x/net/smc/smc_core.c
+++ y/net/smc/smc_core.c
@@ -1888,6 +1888,7 @@ int smc_vlan_by_tcpsk(struct socket *clc
struct net_device *ndev;
int rc = 0;
+ ASSERT_RTNL();
ini->vlan_id = 0;
if (!dst) {
rc = -ENOTCONN;
@@ -1905,9 +1906,7 @@ int smc_vlan_by_tcpsk(struct socket *clc
}
priv.data = (void *)&ini->vlan_id;
- rtnl_lock();
netdev_walk_all_lower_dev(ndev, smc_vlan_by_tcpsk_walk, &priv);
- rtnl_unlock();
out_rel:
dst_release(dst);
--