============================= WARNING: suspicious RCU usage 4.17.0-rc1+ #16 Not tainted ----------------------------- net/ipv6/route.c:1550 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by syz-executor5/9212: #0: 00000000e4a1e078 (&(ptlock_ptr(page))->rlock#2){+.+.}, at: spin_lock include/linux/spinlock.h:310 [inline] #0: 00000000e4a1e078 (&(ptlock_ptr(page))->rlock#2){+.+.}, at: zap_pte_range mm/memory.c:1298 [inline] #0: 00000000e4a1e078 (&(ptlock_ptr(page))->rlock#2){+.+.}, at: zap_pmd_range mm/memory.c:1441 [inline] #0: 00000000e4a1e078 (&(ptlock_ptr(page))->rlock#2){+.+.}, at: zap_pud_range mm/memory.c:1470 [inline] #0: 00000000e4a1e078 (&(ptlock_ptr(page))->rlock#2){+.+.}, at: zap_p4d_range mm/memory.c:1491 [inline] #0: 00000000e4a1e078 (&(ptlock_ptr(page))->rlock#2){+.+.}, at: unmap_page_range+0x99b/0x2200 mm/memory.c:1512 #1: 00000000ac811c9c ((&n->timer)){+.-.}, at: lockdep_copy_map include/linux/lockdep.h:178 [inline] #1: 00000000ac811c9c ((&n->timer)){+.-.}, at: call_timer_fn+0x1bb/0x940 kernel/time/timer.c:1316 #2: 00000000eea4745f (rcu_read_lock){....}, at: ip6_link_failure+0xfe/0x790 net/ipv6/route.c:2227 stack backtrace: CPU: 0 PID: 9212 Comm: syz-executor5 Not tainted 4.17.0-rc1+ #16 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 syz-executor4 (9201) used greatest stack depth: 13400 bytes left Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 lockdep_rcu_suspicious+0x14a/0x153 kernel/locking/lockdep.c:4592 rt6_remove_exception_rt+0x416/0x4d0 net/ipv6/route.c:1549 ip6_link_failure+0x484/0x790 net/ipv6/route.c:2231 dst_link_failure include/net/dst.h:427 [inline] ndisc_error_report+0xd1/0x1c0 net/ipv6/ndisc.c:695 neigh_invalidate+0x246/0x550 net/core/neighbour.c:891 neigh_timer_handler+0xaf9/0xde0 net/core/neighbour.c:977 call_timer_fn+0x230/0x940 kernel/time/timer.c:1326 expire_timers kernel/time/timer.c:1363 [inline] __run_timers+0x79e/0xc50 kernel/time/timer.c:1666 run_timer_softirq+0x4c/0x70 kernel/time/timer.c:1692 __do_softirq+0x2e0/0xaf5 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x1d1/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:525 [inline] smp_apic_timer_interrupt+0x17e/0x710 arch/x86/kernel/apic/apic.c:1052 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863 RIP: 0010:__read_once_size include/linux/compiler.h:188 [inline] RIP: 0010:compound_head include/linux/page-flags.h:142 [inline] RIP: 0010:PageAnon include/linux/page-flags.h:413 [inline] RIP: 0010:zap_pte_range mm/memory.c:1327 [inline] RIP: 0010:zap_pmd_range mm/memory.c:1441 [inline] RIP: 0010:zap_pud_range mm/memory.c:1470 [inline] RIP: 0010:zap_p4d_range mm/memory.c:1491 [inline] RIP: 0010:unmap_page_range+0xb9c/0x2200 mm/memory.c:1512 RSP: 0018:ffff880198f0ebc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: dead000000000100 RBX: ffff880199b9b388 RCX: ffff880198f0f140 RDX: ffff880198f0edb8 RSI: ffffffff81a7ba36 RDI: ffff880198f0f158 RBP: ffff880198f0f060 R08: ffff880198e2c200 R09: fffff94000e02793 R10: fffff94000e02793 R11: ffffea0007013c9b R12: ffffea0007013cc0 R13: 00007f25b5a72000 R14: dffffc0000000000 R15: ffff880198f0edb8 unmap_single_vma+0x1a0/0x310 mm/memory.c:1557 unmap_vmas+0x120/0x1f0 mm/memory.c:1587 exit_mmap+0x265/0x570 mm/mmap.c:3038 __mmput kernel/fork.c:962 [inline] mmput+0x251/0x610 kernel/fork.c:983 exit_mm kernel/exit.c:544 [inline] do_exit+0xe98/0x2730 kernel/exit.c:852 do_group_exit+0x16f/0x430 kernel/exit.c:968 get_signal+0x886/0x1960 kernel/signal.c:2469 do_signal+0x98/0x2040 arch/x86/kernel/signal.c:810 exit_to_usermode_loop+0x28a/0x310 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline] syscall_return_slowpath arch/x86/entry/common.c:265 [inline] do_syscall_64+0x6ac/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455389 RSP: 002b:00007f25b4007ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000072bf80 RCX: 0000000000455389 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000072bf80 RBP: 000000000072bf80 R08: 0000000000000000 R09: 000000000072bf58 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000a3e81f R14: 00007f25b40089c0 R15: 0000000000000001 device bridge0 entered promiscuous mode device bridge0 left promiscuous mode netlink: 'syz-executor0': attribute type 1 has an invalid length. netlink: 'syz-executor0': attribute type 6 has an invalid length. netlink: 'syz-executor0': attribute type 1 has an invalid length. netlink: 'syz-executor0': attribute type 6 has an invalid length. kernel msg: ebtables bug: please report to author: Wrong nr. of counters requested kernel msg: ebtables bug: please report to author: Wrong len argument kernel msg: ebtables bug: please report to author: Wrong len argument netlink: 32 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 32 bytes leftover after parsing attributes in process `syz-executor2'. TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. IPVS: ftp: loaded support on port[0] = 21 openvswitch: netlink: Message has 4 unknown bytes. IPVS: set_ctl: invalid protocol: 46 224.0.0.2:20003 lblc IPVS: set_ctl: invalid protocol: 46 224.0.0.2:20003 lblc netlink: 20 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 180 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 180 bytes leftover after parsing attributes in process `syz-executor6'. IPVS: ftp: loaded support on port[0] = 21 netlink: 'syz-executor3': attribute type 2 has an invalid length. A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check. netlink: 'syz-executor3': attribute type 2 has an invalid length. A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check.