lowmem_reserve[]: 0 0 0 0 ============================= WARNING: suspicious RCU usage 4.15.0-rc9+ #206 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1731 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 4 locks held by swapper/1/0: #0: ((&net->ipv6.ip6_fib_timer)){+.-.}, at: [<00000000ca8f4f91>] lockdep_copy_map include/linux/lockdep.h:178 [inline] #0: ((&net->ipv6.ip6_fib_timer)){+.-.}, at: [<00000000ca8f4f91>] call_timer_fn+0x1c6/0x820 kernel/time/timer.c:1308 #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<0000000059cde598>] spin_lock_bh include/linux/spinlock.h:315 [inline] #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<0000000059cde598>] fib6_run_gc+0x9d/0x3c0 net/ipv6/ip6_fib.c:2043 #2: (rcu_read_lock){....}, at: [<000000007f8f90bf>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1583 #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000f324874b>] spin_lock_bh include/linux/spinlock.h:315 [inline] #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000f324874b>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1984 stack backtrace: CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.15.0-rc9+ #206 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 fib6_del+0xc9c/0x12c0 net/ipv6/ip6_fib.c:1730 fib6_clean_node+0x42e/0x580 net/ipv6/ip6_fib.c:1921 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1844 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1892 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1969 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1985 fib6_clean_all net/ipv6/ip6_fib.c:1996 [inline] fib6_run_gc+0x16b/0x3c0 net/ipv6/ip6_fib.c:2052 fib6_gc_timer_cb+0x20/0x30 net/ipv6/ip6_fib.c:2069 call_timer_fn+0x228/0x820 kernel/time/timer.c:1318 expire_timers kernel/time/timer.c:1355 [inline] __run_timers+0x7ee/0xb70 kernel/time/timer.c:1658 run_timer_softirq+0x4c/0x70 kernel/time/timer.c:1684 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:541 [inline] smp_apic_timer_interrupt+0x16b/0x700 arch/x86/kernel/apic/apic.c:1052 apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:937 RIP: 0010:native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:54 RSP: 0018:ffff8801d9f77cb0 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff11 RAX: dffffc0000000000 RBX: 1ffff1003b3eef99 RCX: 0000000000000000 RDX: 1ffffffff0d19190 RSI: 0000000000000001 RDI: ffffffff868c8c80 RBP: ffff8801d9f77cb0 R08: ffffffff8163e130 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 R13: ffff8801d9f77d68 R14: ffffffff8703fe20 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:93 [inline] default_idle+0xbf/0x460 arch/x86/kernel/process.c:355 arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:346 default_idle_call+0x36/0x90 kernel/sched/idle.c:98 cpuidle_idle_call kernel/sched/idle.c:156 [inline] do_idle+0x24a/0x3b0 kernel/sched/idle.c:246 cpu_startup_entry+0x104/0x120 kernel/sched/idle.c:351 start_secondary+0x40a/0x590 arch/x86/kernel/smpboot.c:268 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 3*4kB (M) 1*8kB (M) 1*16kB (M) 1*32kB (M) 2*64kB (M) 4*128kB (M) 4*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 716*4096kB (M) = 2941636kB Node 0 Normal: 565*4kB (UME) 888*8kB (UME) 960*16kB (UM) 757*32kB (UME) 468*64kB (UME) 243*128kB (UME) 79*256kB (UM) 68*512kB (UME) 37*1024kB (UM) 24*2048kB (UME) 638*4096kB (UM) = 2865332kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 12612 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 327769 pages reserved netlink: 'syz-executor3': attribute type 25 has an invalid length. netlink: 'syz-executor3': attribute type 25 has an invalid length. netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 'syz-executor6': attribute type 2 has an invalid length. netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. sctp: [Deprecated]: syz-executor3 (pid 5144) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. sctp: [Deprecated]: syz-executor3 (pid 5160) Use of int in maxseg socket option. Use struct sctp_assoc_value instead do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app netlink: 'syz-executor0': attribute type 21 has an invalid length. sctp: [Deprecated]: syz-executor1 (pid 5333) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor1 (pid 5333) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 'syz-executor4': attribute type 1 has an invalid length. RDS: rds_bind could not find a transport for 172.20.0.170, load rds_tcp or rds_rdma? netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor4'. IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready netlink: 9 bytes leftover after parsing attributes in process `syz-executor4'. FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 1 PID: 6197 Comm: syz-executor3 Not tainted 4.15.0-rc9+ #206 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3289 [inline] kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:983 [inline] nlmsg_new include/net/netlink.h:511 [inline] inet6_ifa_notify net/ipv6/addrconf.c:4975 [inline] __ipv6_ifa_notify+0x117/0xaa0 net/ipv6/addrconf.c:5535 ipv6_ifa_notify+0xd9/0x1c0 net/ipv6/addrconf.c:5579 ipv6_del_addr+0x472/0xb70 net/ipv6/addrconf.c:1254 inet6_addr_del+0x2ff/0x5b0 net/ipv6/addrconf.c:2928 addrconf_del_ifaddr+0x139/0x1c0 net/ipv6/addrconf.c:2973 inet6_ioctl+0x86/0x1e0 net/ipv6/af_inet6.c:525 sock_do_ioctl+0x65/0xb0 net/socket.c:958 sock_ioctl+0x2c2/0x440 net/socket.c:1055 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x452f19 RSP: 002b:00007fcef25b7c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fcef25b7aa0 RCX: 0000000000452f19 RDX: 0000000020000000 RSI: 0000000000008936 RDI: 0000000000000013 RBP: 00007fcef25b7a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b7c96 R13: 00007fcef25b7bc8 R14: 00000000004b7c96 R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 6266 Comm: syz-executor3 Not tainted 4.15.0-rc9+ #206 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3289 [inline] kmem_cache_alloc_node_trace+0x5a/0x750 mm/slab.c:3651 __do_kmalloc_node mm/slab.c:3671 [inline] __kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3686 __kmalloc_reserve.isra.39+0x41/0xd0 net/core/skbuff.c:137 __alloc_skb+0x13b/0x780 net/core/skbuff.c:205 alloc_skb include/linux/skbuff.h:983 [inline] nlmsg_new include/net/netlink.h:511 [inline] inet6_ifa_notify net/ipv6/addrconf.c:4975 [inline] __ipv6_ifa_notify+0x117/0xaa0 net/ipv6/addrconf.c:5535 ipv6_ifa_notify+0xd9/0x1c0 net/ipv6/addrconf.c:5579 ipv6_del_addr+0x472/0xb70 net/ipv6/addrconf.c:1254 inet6_addr_del+0x2ff/0x5b0 net/ipv6/addrconf.c:2928 addrconf_del_ifaddr+0x139/0x1c0 net/ipv6/addrconf.c:2973 inet6_ioctl+0x86/0x1e0 net/ipv6/af_inet6.c:525 sock_do_ioctl+0x65/0xb0 net/socket.c:958 sock_ioctl+0x2c2/0x440 net/socket.c:1055 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x452f19 RSP: 002b:00007fcef25b7c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fcef25b7aa0 RCX: 0000000000452f19 RDX: 0000000020000000 RSI: 0000000000008936 RDI: 0000000000000013 RBP: 00007fcef25b7a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b7c96 R13: 00007fcef25b7bc8 R14: 00000000004b7c96 R15: 0000000000000000 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6338 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6343 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=88 sclass=netlink_xfrm_socket pig=6454 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=88 sclass=netlink_xfrm_socket pig=6454 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6603 comm=syz-executor7 netlink: 'syz-executor7': attribute type 21 has an invalid length. netlink: 'syz-executor7': attribute type 21 has an invalid length. sctp: [Deprecated]: syz-executor0 (pid 7359) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor0 (pid 7359) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead netlink: 9 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 'syz-executor7': attribute type 20 has an invalid length. netlink: 9 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 'syz-executor7': attribute type 20 has an invalid length. netlink: 28 bytes leftover after parsing attributes in process `syz-executor0'. Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.