Hi:
A bug was found by syzkaller when fuzzing linux kernel rds protocol.
kernel info:
version: Linux 4.12-rc7
commit: c0bc126f97fb929b3ae02c1c62322645d70eb408
crash info:
================================================================================================
WARNING: CPU: 1 PID: 26282 at net/rds/recv.c:139 rds_conn_peer_gen_update net/rds/recv.c:139 [inline]
WARNING: CPU: 1 PID: 26282 at net/rds/recv.c:139 rds_recv_hs_exthdrs+0x42a/0x4d0 net/rds/recv.c:230
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 26282 Comm: syzkaller129215 Not tainted 4.12.0-rc7+ #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0xb3/0x117 lib/dump_stack.c:52
panic+0x1bc/0x39d kernel/panic.c:180
__warn+0x1cc/0x1f0 kernel/panic.c:541
report_bug+0x221/0x2e0 lib/bug.c:183
fixup_bug+0x3f/0x90 arch/x86/kernel/traps.c:190
do_trap_no_signal arch/x86/kernel/traps.c:224 [inline]
do_trap+0x13f/0x3f0 arch/x86/kernel/traps.c:273
do_error_trap+0x11c/0x1f0 arch/x86/kernel/traps.c:310
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:323
invalid_op+0x1e/0x30 arch/x86/entry/entry_64.S:844
RIP: 0010:rds_conn_peer_gen_update net/rds/recv.c:139 [inline]
RIP: 0010:rds_recv_hs_exthdrs+0x42a/0x4d0 net/rds/recv.c:230
RSP: 0018:ffff88006c57f588 EFLAGS: 00010297
RAX: ffff88003be1c200 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: dffffc0000000000 RDI: ffffffff842d7f0c
RBP: ffff88006c57f6c0 R08: 1ffffffff085afe1 R09: dffffc0000000000
R10: 0000000000000000 R11: 0000000000000007 R12: ffff88006c379f78
R13: dffffc0000000000 R14: ffffffff842d7ee0 R15: 0000000000000007
rds_recv_incoming+0x4e1/0x10d0 net/rds/recv.c:343
rds_loop_xmit+0x156/0x310 net/rds/loop.c:82
rds_send_xmit+0xbab/0x1e80 net/rds/send.c:349
rds_sendmsg+0x1d55/0x2020 net/rds/send.c:1187
sock_sendmsg_nosec net/socket.c:633 [inline]
sock_sendmsg+0xcc/0x110 net/socket.c:643
___sys_sendmsg+0x7df/0x940 net/socket.c:1997
__sys_sendmsg+0xce/0x170 net/socket.c:2031
SYSC_sendmsg net/socket.c:2042 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2038
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x43c839
RSP: 002b:00007f3465ecbcd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000006d3d44 RCX: 000000000043c839
RDX: 0000000000000000 RSI: 0000000020008fc8 RDI: 0000000000000003
RBP: 0000000000000046 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f3465ecc9c0 R15: 00007f3465ecc700
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
=======================================================================================================
Some useful files are attached.