============================= WARNING: suspicious RCU usage 4.14.0-rc5+ #141 Not tainted ----------------------------- ./include/linux/inetdevice.h:230 suspicious rcu_dereference_protected() usage! other info that might help us debug this: IPv6: ADDRCONF(NETDEV_UP): syz3: link is not ready rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor5/19409: #0: (rcu_read_lock){....}, at: [] inet_rtm_getroute+0xaa0/0x2d70 net/ipv4/route.c:2738 stack backtrace: CPU: 1 PID: 19409 Comm: syz-executor5 Not tainted 4.14.0-rc5+ #141 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4665 __in_dev_get_rtnl include/linux/inetdevice.h:230 [inline] fib_dump_info+0x1136/0x13d0 net/ipv4/fib_semantics.c:1377 inet_rtm_getroute+0xf97/0x2d70 net/ipv4/route.c:2785 rtnetlink_rcv_msg+0x51c/0x1090 net/core/rtnetlink.c:4237 netlink_rcv_skb+0x216/0x440 net/netlink/af_netlink.c:2409 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4261 netlink_unicast_kernel net/netlink/af_netlink.c:1273 [inline] netlink_unicast+0x4e8/0x6f0 net/netlink/af_netlink.c:1299 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1862 sock_sendmsg_nosec net/socket.c:633 [inline] sock_sendmsg+0xca/0x110 net/socket.c:643 sock_write_iter+0x31a/0x5d0 net/socket.c:912 call_write_iter include/linux/fs.h:1770 [inline] new_sync_write fs/read_write.c:468 [inline] __vfs_write+0x684/0x970 fs/read_write.c:481 vfs_write+0x189/0x510 fs/read_write.c:543 SYSC_write fs/read_write.c:588 [inline] SyS_write+0xef/0x220 fs/read_write.c:580 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x452719 RSP: 002b:00007f8715f80be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452719 RDX: 0000000000000024 RSI: 0000000020226000 RDI: 0000000000000014 RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f65f0 R13: 00000000ffffffff R14: 00007f8715f816d4 R15: 0000000000000000 device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=19473 comm=syz-executor5 device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=19486 comm=syz-executor5 audit: type=1326 audit(1508592490.863:5831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=19507 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452719 code=0xffff0000 Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable audit: type=1326 audit(1508592491.006:5832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=19507 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452719 code=0xffff0000 Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable audit: type=1326 audit(1508592491.670:5833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=19644 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452719 code=0xffff0000 netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. IPv6: Can't replace route, no match found netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. IPv6: Can't replace route, no match found SELinux: unrecognized netlink message: protocol=0 nlmsg_type=25105 sclass=netlink_route_socket pig=19696 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=25105 sclass=netlink_route_socket pig=19696 comm=syz-executor1 netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'. device gre0 entered promiscuous mode audit: type=1326 audit(1508592492.961:5834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=19833 comm="syz-executor7" exe="/root/syz-executor7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452719 code=0xffff0000 *** Guest State *** sg_write: data in/out 822404280/197 bytes for SCSI command 0x12-- guessing data in; program syz-executor6 not setting count and/or reply_len properly sg_write: data in/out 213832448/199 bytes for SCSI command 0xf-- guessing data in; program syz-executor6 not setting count and/or reply_len properly sg_write: data in/out 822404280/197 bytes for SCSI command 0x12-- guessing data in; program syz-executor6 not setting count and/or reply_len properly sg_write: data in/out 213832448/199 bytes for SCSI command 0xf-- guessing data in; program syz-executor6 not setting count and/or reply_len properly CR0: actual=0x0000000080000031, shadow=0x0000000080000011, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871 CR3 = 0x0000000000002000 RSP = 0x0000000000000f80 RIP = 0x000000000000001c RFLAGS=0x00000082 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810 CS: sel=0x0050, attr=0x0209d, limit=0x0000ffff, base=0x0000000000000000 DS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 SS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 ES: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 audit: type=1326 audit(1508592493.322:5835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=19833 comm="syz-executor7" exe="/root/syz-executor7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452719 code=0xffff0000 FS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x000001ff, base=0x0000000000003800 TR: sel=0x00d8, attr=0x0008b, limit=0x000001ff, base=0x0000000000003a00 EFER = 0x0000000000004501 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811ba1f3 RSP = 0xffff8801d33df4c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007fd176ba3700 GSBase=ffff8801db300000 TRBase=ffff8801db322cc0 GDTBase=ffffffffff576000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=00000001c71dd000 CR4=00000000001426e0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84d1fdb0 EFER = 0x0000000000000d01 PAT = 0x0000000000000000 *** Control State *** PinBased=0000003f CPUBased=b6986dfa SecondaryExec=0000004a EntryControls=0000d3ff ExitControls=0023efff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000306 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000001 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffac565b270b EPT pointer = 0x00000001d9fde01e kvm: pic: level sensitive irq not supported kvm [19972]: vcpu0, guest rIP: 0xfff0 Hyper-V uhandled wrmsr: 0x40000020 data 0x400 netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 0 PID: 20145 Comm: syz-executor5 Not tainted 4.14.0-rc5+ #141 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:31 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3559 dst_alloc+0x11f/0x1a0 net/core/dst.c:107 rt_dst_alloc+0xe9/0x540 net/ipv4/route.c:1496 __mkroute_output net/ipv4/route.c:2238 [inline] ip_route_output_key_hash_rcu+0xa40/0x2c20 net/ipv4/route.c:2466 ip_route_output_key_hash+0x20b/0x370 net/ipv4/route.c:2295 __ip_route_output_key include/net/route.h:125 [inline] ip_route_output_flow+0x26/0xa0 net/ipv4/route.c:2549 udp_sendmsg+0x19b8/0x2cd0 net/ipv4/udp.c:1022 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:762 sock_sendmsg_nosec net/socket.c:633 [inline] sock_sendmsg+0xca/0x110 net/socket.c:643 SYSC_sendto+0x352/0x5a0 net/socket.c:1750 SyS_sendto+0x40/0x50 net/socket.c:1718 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x452719 RSP: 002b:00007f8715f80be8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452719 RDX: 0000000000000000 RSI: 0000000020f64fff RDI: 0000000000000013 RBP: 0000000000000082 R08: 0000000020375ff0 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f4f10 R13: 0000000000000014 R14: 0000000000758098 R15: ffffffffffffffff SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=20158 comm=syz-executor2 device lo left promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=20173 comm=syz-executor2 device lo entered promiscuous mode device lo left promiscuous mode netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor2'. device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode QAT: Invalid ioctl netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode kvm [20291]: vcpu0, guest rIP: 0x912c Hyper-V uhandled wrmsr: 0x40000020 data 0x400 kvm [20291]: vcpu0, guest rIP: 0x912c Hyper-V uhandled wrmsr: 0x40000020 data 0x400 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=20426 comm=syz-executor1 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device gre0 entered promiscuous mode device lo entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=20515 comm=syz-executor6 QAT: Invalid ioctl QAT: Invalid ioctl device lo left promiscuous mode device lo entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl audit: type=1326 audit(1508592497.583:5836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=20591 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452719 code=0xffff0000 device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode audit: type=1326 audit(1508592497.716:5837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=20591 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452719 code=0xffff0000 netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. device gre0 entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode sctp: [Deprecated]: syz-executor7 (pid 20786) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. device gre0 entered promiscuous mode netlink: 6 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 6 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 6 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 6 bytes leftover after parsing attributes in process `syz-executor7'. syz0: Invalid MTU 537735136 requested, hw max 65535 netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. dccp_v4_rcv: dropped packet with invalid checksum syz0: Invalid MTU 537735136 requested, hw max 65535 dccp_v4_rcv: dropped packet with invalid checksum netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'.