============================= WARNING: suspicious RCU usage 4.15.0-rc5+ #179 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1106 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by syz-executor3/10018: #0: (rtnl_mutex){+.+.}, at: [<000000000dad403f>] rtnl_lock net/core/rtnetlink.c:74 [inline] #0: (rtnl_mutex){+.+.}, at: [<000000000dad403f>] rtnetlink_rcv_msg+0x508/0xb10 net/core/rtnetlink.c:4519 #1: (rcu_read_lock){....}, at: [<00000000c1aa3f16>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1562 #2: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000f3b1936f>] spin_lock_bh include/linux/spinlock.h:315 [inline] #2: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000f3b1936f>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1957 stack backtrace: CPU: 1 PID: 10018 Comm: syz-executor3 Not tainted 4.15.0-rc5+ #179 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 __fib6_update_sernum_upto_root.isra.5+0x19a/0x1e0 net/ipv6/ip6_fib.c:1105 fib6_update_sernum_upto_root+0x130/0x180 net/ipv6/ip6_fib.c:1119 fib6_ifup+0x131/0x180 net/ipv6/route.c:3491 fib6_clean_node+0x389/0x580 net/ipv6/ip6_fib.c:1891 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1817 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1865 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1942 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1958 fib6_clean_all+0x27/0x30 net/ipv6/ip6_fib.c:1969 rt6_sync_up+0x15e/0x1c0 net/ipv6/route.c:3507 addrconf_notify+0x1a68/0x2310 net/ipv6/addrconf.c:3453 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x32/0x70 net/core/dev.c:1696 __dev_notify_flags+0x394/0x430 net/core/dev.c:6935 dev_change_flags+0xf5/0x140 net/core/dev.c:6957 do_setlink+0xa39/0x3d40 net/core/rtnetlink.c:2256 rtnl_group_changelink net/core/rtnetlink.c:2704 [inline] rtnl_newlink+0xd2b/0x1ab0 net/core/rtnetlink.c:2855 rtnetlink_rcv_msg+0x57f/0xb10 net/core/rtnetlink.c:4522 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4540 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 sock_write_iter+0x31a/0x5d0 net/socket.c:907 call_write_iter include/linux/fs.h:1772 [inline] do_iter_readv_writev+0x525/0x7f0 fs/read_write.c:653 do_iter_write+0x154/0x540 fs/read_write.c:932 vfs_writev+0x18a/0x340 fs/read_write.c:977 do_writev+0xfc/0x2a0 fs/read_write.c:1012 SYSC_writev fs/read_write.c:1085 [inline] SyS_writev+0x27/0x30 fs/read_write.c:1082 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f41b9a69c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9 RDX: 100000000000024e RSI: 0000000020e16000 RDI: 0000000000000013 RBP: 0000000000000583 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f64e8 R13: 00000000ffffffff R14: 00007f41b9a6a6d4 R15: 0000000000000000 ============================= WARNING: suspicious RCU usage 4.15.0-rc5+ #179 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1113 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by syz-executor3/10018: #0: (rtnl_mutex){+.+.}, at: [<000000000dad403f>] rtnl_lock net/core/rtnetlink.c:74 [inline] #0: (rtnl_mutex){+.+.}, at: [<000000000dad403f>] rtnetlink_rcv_msg+0x508/0xb10 net/core/rtnetlink.c:4519 #1: (rcu_read_lock){....}, at: [<00000000c1aa3f16>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1562 #2: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000f3b1936f>] spin_lock_bh include/linux/spinlock.h:315 [inline] #2: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000f3b1936f>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1957 stack backtrace: CPU: 1 PID: 10018 Comm: syz-executor3 Not tainted 4.15.0-rc5+ #179 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 __fib6_update_sernum_upto_root.isra.5+0x12c/0x1e0 net/ipv6/ip6_fib.c:1112 fib6_update_sernum_upto_root+0x130/0x180 net/ipv6/ip6_fib.c:1119 fib6_ifup+0x131/0x180 net/ipv6/route.c:3491 fib6_clean_node+0x389/0x580 net/ipv6/ip6_fib.c:1891 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1817 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1865 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1942 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1958 fib6_clean_all+0x27/0x30 net/ipv6/ip6_fib.c:1969 rt6_sync_up+0x15e/0x1c0 net/ipv6/route.c:3507 addrconf_notify+0x1a68/0x2310 net/ipv6/addrconf.c:3453 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x32/0x70 net/core/dev.c:1696 __dev_notify_flags+0x394/0x430 net/core/dev.c:6935 dev_change_flags+0xf5/0x140 net/core/dev.c:6957 do_setlink+0xa39/0x3d40 net/core/rtnetlink.c:2256 rtnl_group_changelink net/core/rtnetlink.c:2704 [inline] rtnl_newlink+0xd2b/0x1ab0 net/core/rtnetlink.c:2855 rtnetlink_rcv_msg+0x57f/0xb10 net/core/rtnetlink.c:4522 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4540 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 sock_write_iter+0x31a/0x5d0 net/socket.c:907 call_write_iter include/linux/fs.h:1772 [inline] do_iter_readv_writev+0x525/0x7f0 fs/read_write.c:653 do_iter_write+0x154/0x540 fs/read_write.c:932 vfs_writev+0x18a/0x340 fs/read_write.c:977 do_writev+0xfc/0x2a0 fs/read_write.c:1012 SYSC_writev fs/read_write.c:1085 [inline] SyS_writev+0x27/0x30 fs/read_write.c:1082 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f41b9a69c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9 RDX: 100000000000024e RSI: 0000000020e16000 RDI: 0000000000000013 RBP: 0000000000000583 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f64e8 R13: 00000000ffffffff R14: 00007f41b9a6a6d4 R15: 0000000000000000 netlink: 'syz-executor3': attribute type 27 has an invalid length. nla_parse: 10 callbacks suppressed netlink: 16 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor2'. sctp: [Deprecated]: syz-executor6 (pid 10207) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead netlink: 'syz-executor1': attribute type 1 has an invalid length. netlink: 'syz-executor1': attribute type 1 has an invalid length. netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 17 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 17 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 'syz-executor2': attribute type 1 has an invalid length. netlink: 'syz-executor2': attribute type 1 has an invalid length. netlink: 66 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 66 bytes leftover after parsing attributes in process `syz-executor1'. sctp: [Deprecated]: syz-executor1 (pid 10738) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead netlink: 'syz-executor6': attribute type 1 has an invalid length. netlink: 'syz-executor6': attribute type 1 has an invalid length. netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'. RDS: rds_bind could not find a transport for 224.0.0.1, load rds_tcp or rds_rdma? sctp: [Deprecated]: syz-executor3 (pid 10997) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor3 (pid 11022) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead PF_BRIDGE: br_mdb_parse() with invalid ifindex PF_BRIDGE: br_mdb_parse() with invalid ifindex sctp: [Deprecated]: syz-executor3 (pid 11522) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor3 (pid 11522) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead nla_parse: 11 callbacks suppressed netlink: 11 bytes leftover after parsing attributes in process `syz-executor1'. RDS: rds_bind could not find a transport for 224.0.0.2, load rds_tcp or rds_rdma? device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode netlink: 'syz-executor1': attribute type 1 has an invalid length. netlink: 'syz-executor1': attribute type 1 has an invalid length. netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. device gre0 entered promiscuous mode netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor6'. tc_ctl_action: received NO action attribs netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 17 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 17 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 'syz-executor5': attribute type 1 has an invalid length. netlink: 'syz-executor5': attribute type 1 has an invalid length. sctp: [Deprecated]: syz-executor0 (pid 12523) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor6 (pid 12531) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor6 (pid 12531) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor0 (pid 12536) Use of int in max_burst socket option. Use struct sctp_assoc_value instead openvswitch: netlink: Either Ethernet header or EtherType is required. openvswitch: netlink: Either Ethernet header or EtherType is required. netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.