syzbot


WARNING: suspicious RCU usage in fib6_del

Status: closed as invalid on 2019/11/19 23:24
Subsystems: net
[Documentation on labels]
First crash: 1866d, last: 1866d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-414 WARNING: suspicious RCU usage in fib6_del C 35 1834d 2065d 0/1 public: reported C repro on 2019/04/11 00:00
upstream WARNING: suspicious RCU usage in fib6_del (2) net 1 1549d 1549d 15/28 fixed on 2020/10/10 01:52

Sample crash report:
=============================
WARNING: suspicious RCU usage
5.4.0-rc5 #0 Not tainted
-----------------------------
net/ipv6/ip6_fib.c:1899 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
4 locks held by syz-executor.5/18718:
 #0: ffffffff88b04cd0 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff88b04cd0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x83c/0xd40 net/core/rtnetlink.c:5220
 #1: ffff88805a128c10 (&(&net->ipv6.fib6_gc_lock)->rlock){+...}, at: spin_trylock_bh include/linux/spinlock.h:398 [inline]
 #1: ffff88805a128c10 (&(&net->ipv6.fib6_gc_lock)->rlock){+...}, at: fib6_run_gc+0x51/0x2b0 net/ipv6/ip6_fib.c:2212
 #2: ffffffff888d4040 (rcu_read_lock){....}, at: rcu_lock_acquire+0xd/0x40 include/linux/rcupdate.h:208
 #3: ffff888077f29c30 (&(&tb->tb6_lock)->rlock){+...}, at: spin_lock_bh include/linux/spinlock.h:343 [inline]
 #3: ffff888077f29c30 (&(&tb->tb6_lock)->rlock){+...}, at: __fib6_clean_all+0x172/0x700 net/ipv6/ip6_fib.c:2145

stack backtrace:
CPU: 1 PID: 18718 Comm: syz-executor.5 Not tainted 5.4.0-rc5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d8/0x2f8 lib/dump_stack.c:113
 lockdep_rcu_suspicious+0x156/0x1c0 kernel/locking/lockdep.c:5438
 fib6_del+0xc2/0xdf0 net/ipv6/ip6_fib.c:1898
 fib6_clean_node+0x2ab/0x500 net/ipv6/ip6_fib.c:2080
 fib6_walk_continue+0x64c/0x890 net/ipv6/ip6_fib.c:2002
 fib6_walk net/ipv6/ip6_fib.c:2050 [inline]
 fib6_clean_tree net/ipv6/ip6_fib.c:2130 [inline]
 __fib6_clean_all+0x3ff/0x700 net/ipv6/ip6_fib.c:2146
 fib6_clean_all net/ipv6/ip6_fib.c:2157 [inline]
 fib6_run_gc+0xfd/0x2b0 net/ipv6/ip6_fib.c:2220
 ndisc_netdev_event+0x114/0x2f0 net/ipv6/ndisc.c:1784
 notifier_call_chain kernel/notifier.c:95 [inline]
 __raw_notifier_call_chain kernel/notifier.c:396 [inline]
 raw_notifier_call_chain+0xec/0x190 kernel/notifier.c:403
 call_netdevice_notifiers_info net/core/dev.c:1749 [inline]
 call_netdevice_notifiers_extack net/core/dev.c:1761 [inline]
 call_netdevice_notifiers+0xa6/0xf0 net/core/dev.c:1775
 do_setlink+0x9ea/0x36c0 net/core/rtnetlink.c:2493
 __rtnl_newlink net/core/rtnetlink.c:3129 [inline]
 rtnl_newlink+0x14de/0x1af0 net/core/rtnetlink.c:3254
 rtnetlink_rcv_msg+0x889/0xd40 net/core/rtnetlink.c:5223
 netlink_rcv_skb+0x19e/0x3d0 net/netlink/af_netlink.c:2477
 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:5241
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x787/0x8f0 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x994/0xc50 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg net/socket.c:657 [inline]
 sock_write_iter+0x2a6/0x3a0 net/socket.c:989
 do_iter_readv_writev+0x651/0x8e0 include/linux/fs.h:1889
 do_iter_write+0x180/0x590 fs/read_write.c:970
 vfs_writev fs/read_write.c:1015 [inline]
 do_writev+0x239/0x490 fs/read_write.c:1058
 __do_sys_writev fs/read_write.c:1131 [inline]
 __se_sys_writev fs/read_write.c:1128 [inline]
 __x64_sys_writev+0x7d/0x90 fs/read_write.c:1128
 do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459f39
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fb595b96c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39
RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb595b976d4
R13: 00000000004c76b0 R14: 00000000004e28d8 R15: 00000000ffffffff

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/27 21:04 upstream d6d5df1db6e9 25bb509e .config console log report ci-upstream-kasan-gce-smack-root
* Struck through repros no longer work on HEAD.