syzbot

 sign-in | mailing list | source | docs
🐞 Open [106]
🐞 Fixed [1]
🐞 Invalid [166]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

WARNING: suspicious RCU usage in fib6_del

Status: public: reported C repro on 2019/04/11 00:00
Reported-by: syzbot+3910d4a3c6b18ef62c8d@syzkaller.appspotmail.com
First crash: 2148d, last: 1820d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING: suspicious RCU usage in fib6_del net 1 1851d 1851d 0/28 closed as invalid on 2019/11/19 23:24
upstream WARNING: suspicious RCU usage in fib6_del (2) net 1 1535d 1535d 15/28 fixed on 2020/10/10 01:52

Sample crash report:
random: sshd: uninitialized urandom read (32 bytes read)
audit: type=1400 audit(1552224420.658:7): avc:  denied  { map } for  pid=1785 comm="syz-executor103" path="/root/syz-executor103657884" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
netlink: 8 bytes leftover after parsing attributes in process `syz-executor103'.
=============================
WARNING: suspicious RCU usage
4.14.105+ #29 Not tainted
-----------------------------
net/ipv6/ip6_fib.c:1590 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
4 locks held by syz-executor103/1786:
 #0:  (rtnl_mutex){+.+.}, at: [<ffffffffbc2d4d14>] tun_detach drivers/net/tun.c:585 [inline]
 #0:  (rtnl_mutex){+.+.}, at: [<ffffffffbc2d4d14>] tun_chr_close+0x34/0x60 drivers/net/tun.c:2661
 #1:  (&(&net->ipv6.fib6_gc_lock)->rlock){+...}, at: [<ffffffffbcaedd7f>] spin_trylock_bh include/linux/spinlock.h:377 [inline]
 #1:  (&(&net->ipv6.fib6_gc_lock)->rlock){+...}, at: [<ffffffffbcaedd7f>] fib6_run_gc+0x1ff/0x2a0 net/ipv6/ip6_fib.c:1939
 #2:  (rcu_read_lock){....}, at: [<ffffffffbcae51b0>] __fib6_clean_all+0x0/0x230 net/ipv6/ip6_fib.c:1823
 #3:  (&tb->tb6_lock){++..}, at: [<ffffffffbcae528e>] __fib6_clean_all+0xde/0x230 net/ipv6/ip6_fib.c:1837

stack backtrace:
CPU: 0 PID: 1786 Comm: syz-executor103 Not tainted 4.14.105+ #29
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xb9/0x10e lib/dump_stack.c:53
 fib6_del+0x8c2/0xbe0 net/ipv6/ip6_fib.c:1590
 fib6_clean_node+0x270/0x440 net/ipv6/ip6_fib.c:1777
 fib6_walk_continue+0x3a5/0x5f0 net/ipv6/ip6_fib.c:1703
 fib6_walk+0x8d/0xe0 net/ipv6/ip6_fib.c:1748
 fib6_clean_tree+0xd4/0x110 net/ipv6/ip6_fib.c:1822
 __fib6_clean_all+0xf5/0x230 net/ipv6/ip6_fib.c:1838
 fib6_clean_all net/ipv6/ip6_fib.c:1849 [inline]
 fib6_run_gc+0x104/0x2a0 net/ipv6/ip6_fib.c:1947
 ndisc_netdev_event+0x32b/0x3d0 net/ipv6/ndisc.c:1779
 notifier_call_chain+0x10c/0x1a0 kernel/notifier.c:93

Crashes (35):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/03/10 13:29 android-4.14 b11964adfe4c 12365b99 .config console log report syz C ci-android-414-kasan-gce-root
2019/11/28 05:20 android-4.14 714ada7cabc7 0d63f89c .config console log report ci-android-414-kasan-gce-root
2019/04/11 10:22 android-4.14 95196d1bad3f e955ac50 .config console log report ci-android-414-kasan-gce-root
2019/03/22 04:30 android-4.14 cfbe30be85c4 dce6e62f .config console log report ci-android-414-kasan-gce-root
2019/03/17 19:43 android-4.14 8ed9bc6e6401 ba18afea .config console log report ci-android-414-kasan-gce-root
2019/03/16 19:33 android-4.14 8ed9bc6e6401 bab43553 .config console log report ci-android-414-kasan-gce-root
2019/03/16 11:12 android-4.14 8ed9bc6e6401 bab43553 .config console log report ci-android-414-kasan-gce-root
2019/03/16 03:34 android-4.14 8ed9bc6e6401 bab43553 .config console log report ci-android-414-kasan-gce-root
2019/03/15 06:40 android-4.14 8ed9bc6e6401 d72db19b .config console log report ci-android-414-kasan-gce-root
2019/03/15 05:37 android-4.14 8ed9bc6e6401 d72db19b .config console log report ci-android-414-kasan-gce-root
2019/03/09 06:50 android-4.14 b11964adfe4c 12365b99 .config console log report ci-android-414-kasan-gce-root
2019/03/03 06:56 android-4.14 934272e9380b 1c0e457a .config console log report ci-android-414-kasan-gce-root
2019/02/27 09:38 android-4.14 38aeba63ed0d f2468c12 .config console log report ci-android-414-kasan-gce-root
2019/02/26 03:13 android-4.14 6fd50f70fd4c 8022bafd .config console log report ci-android-414-kasan-gce-root
2019/02/25 03:26 android-4.14 6bdf39bb26fd 7a06e792 .config console log report ci-android-414-kasan-gce-root
2019/02/18 15:45 android-4.14 4a739e3530cc 59f36113 .config console log report ci-android-414-kasan-gce-root
2019/02/18 11:43 android-4.14 4a739e3530cc 59f36113 .config console log report ci-android-414-kasan-gce-root
2019/02/17 15:14 android-4.14 4a739e3530cc 3e98cc30 .config console log report ci-android-414-kasan-gce-root
2019/02/12 14:39 android-4.14 d86c0425437e 6ecc6d0f .config console log report ci-android-414-kasan-gce-root
2019/02/12 10:15 android-4.14 d86c0425437e 65a0d619 .config console log report ci-android-414-kasan-gce-root
2019/02/10 17:44 android-4.14 57de59b3cf53 b4f792e4 .config console log report ci-android-414-kasan-gce-root
2019/02/07 15:08 android-4.14 16edd85b6013 aa4feb03 .config console log report ci-android-414-kasan-gce-root
2019/02/05 08:08 android-4.14 dcc2cc75ff5c d672172c .config console log report ci-android-414-kasan-gce-root
2019/02/01 05:03 android-4.14 63d1657d00e0 0e8ea0a3 .config console log report ci-android-414-kasan-gce-root
2019/01/30 02:54 android-4.14 63d1657d00e0 aa432daf .config console log report ci-android-414-kasan-gce-root
2019/01/29 20:42 android-4.14 63d1657d00e0 aa432daf .config console log report ci-android-414-kasan-gce-root
2019/01/27 11:51 android-4.14 70014b13c28c c73f090a .config console log report ci-android-414-kasan-gce-root
2019/01/27 11:10 android-4.14 70014b13c28c c73f090a .config console log report ci-android-414-kasan-gce-root
2019/01/26 19:15 android-4.14 70014b13c28c c73f090a .config console log report ci-android-414-kasan-gce-root
2019/01/04 14:02 android-4.14 3c207c880674 7da23925 .config console log report ci-android-414-kasan-gce-root
2019/01/04 11:14 android-4.14 3c207c880674 7da23925 .config console log report ci-android-414-kasan-gce-root
2019/01/04 08:30 android-4.14 3c207c880674 7da23925 .config console log report ci-android-414-kasan-gce-root
2019/01/04 04:36 android-4.14 3c207c880674 7da23925 .config console log report ci-android-414-kasan-gce-root
2019/01/04 04:33 android-4.14 3c207c880674 7da23925 .config console log report ci-android-414-kasan-gce-root
2019/01/04 02:05 android-4.14 3c207c880674 7da23925 .config console log report ci-android-414-kasan-gce-root
* Struck through repros no longer work on HEAD.