syzbot


WARNING: suspicious RCU usage in rt6_check_expired

Status: fixed on 2018/07/09 18:05
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+2422c9e35796659d2273@syzkaller.appspotmail.com
Fix commit: c3c14da0288d net/ipv6: add rcu locking to ip6_negative_advice
First crash: 2405d, last: 2403d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH net-next 0/2] net/ipv6: couple of fixes for rcu change to from 6 (6) 2018/04/24 15:56
WARNING: suspicious RCU usage in rt6_check_expired 2 (3) 2018/04/23 15:10

Sample crash report:
netlink: 25 bytes leftover after parsing attributes in process `syz-executor2'.

=============================
WARNING: suspicious RCU usage
4.17.0-rc1+ #15 Not tainted
-----------------------------
net/ipv6/route.c:410 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor1/26916:
 #0: 0000000012d363e1 (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1469 [inline]
 #0: 0000000012d363e1 (sk_lock-AF_INET6){+.+.}, at: sock_setsockopt+0x19c/0x1fe0 net/core/sock.c:717

stack backtrace:
CPU: 1 PID: 26916 Comm: syz-executor1 Not tainted 4.17.0-rc1+ #15
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1b9/0x294 lib/dump_stack.c:113
 lockdep_rcu_suspicious+0x14a/0x153 kernel/locking/lockdep.c:4592
 rt6_check_expired+0x38b/0x3e0 net/ipv6/route.c:410
 ip6_negative_advice+0x67/0xc0 net/ipv6/route.c:2204
 dst_negative_advice include/net/sock.h:1786 [inline]
 sock_setsockopt+0x138f/0x1fe0 net/core/sock.c:1051
 __sys_setsockopt+0x2df/0x390 net/socket.c:1899
 __do_sys_setsockopt net/socket.c:1914 [inline]
 __se_sys_setsockopt net/socket.c:1911 [inline]
 __x64_sys_setsockopt+0xbe/0x150 net/socket.c:1911
 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x455389
RSP: 002b:00007fc5e81dbc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fc5e81dc6d4 RCX: 0000000000455389
RDX: 0000000000000035 RSI: 0000000000000001 RDI: 0000000000000013
RBP: 000000000072bf58 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000020000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000005ff R14: 00000000006fc088 R15: 0000000000000001
netlink: 17 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 17 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 17 bytes leftover after parsing attributes in process `syz-executor4'.
kernel msg: ebtables bug: please report to author: Wrong len argument
netlink: 17 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 'syz-executor7': attribute type 21 has an invalid length.
netlink: 'syz-executor7': attribute type 21 has an invalid length.
netlink: 17 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 17 bytes leftover after parsing attributes in process `syz-executor4'.
IPVS: ftp: loaded support on port[0] = 21
netlink: 17 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 17 bytes leftover after parsing attributes in process `syz-executor4'.
device lo entered promiscuous mode
device lo entered promiscuous mode
netlink: 17 bytes leftover after parsing attributes in process `syz-executor4'.

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/04/23 18:33 net-next-old a56e6bcd34b5 0d8e591c .config console log report ci-upstream-net-kasan-gce
2018/04/22 17:58 net-next-old e0ada51db907 d23fcf6c .config console log report ci-upstream-net-kasan-gce
2018/04/22 06:52 net-next-old 0638eb573cde d23fcf6c .config console log report ci-upstream-net-kasan-gce
2018/04/22 06:14 net-next-old 0638eb573cde d23fcf6c .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.