============================= WARNING: suspicious RCU usage 5.3.0-rc7+ #0 Not tainted ----------------------------- include/net/sch_generic.h:492 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 5 locks held by syz-executor.5/24625: #0: 00000000af632691 (vmap_area_lock){+.+.}, at: spin_lock include/linux/spinlock.h:338 [inline] #0: 00000000af632691 (vmap_area_lock){+.+.}, at: alloc_vmap_area+0x1d7/0x2070 mm/vmalloc.c:1106 #1: 0000000034deff12 ((&br->hello_timer)){+.-.}, at: lockdep_copy_map include/linux/lockdep.h:175 [inline] #1: 0000000034deff12 ((&br->hello_timer)){+.-.}, at: call_timer_fn+0xe0/0x780 kernel/time/timer.c:1312 #2: 0000000001af2ea9 (&(&br->lock)->rlock){+.-.}, at: spin_lock include/linux/spinlock.h:338 [inline] #2: 0000000001af2ea9 (&(&br->lock)->rlock){+.-.}, at: br_hello_timer_expired+0x21/0x190 net/bridge/br_stp_timer.c:35 #3: 00000000cfe8a214 (rcu_read_lock_bh){....}, at: __dev_queue_xmit+0x20a/0x3650 net/core/dev.c:3804 #4: 00000000db44f143 (&(&sch->q.lock)->rlock){+.-.}, at: spin_lock include/linux/spinlock.h:338 [inline] #4: 00000000db44f143 (&(&sch->q.lock)->rlock){+.-.}, at: __dev_xmit_skb net/core/dev.c:3502 [inline] #4: 00000000db44f143 (&(&sch->q.lock)->rlock){+.-.}, at: __dev_queue_xmit+0x14b8/0x3650 net/core/dev.c:3838 stack backtrace: CPU: 1 PID: 24625 Comm: syz-executor.5 Not tainted 5.3.0-rc7+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:5357 qdisc_root include/net/sch_generic.h:492 [inline] netem_enqueue+0x1cfb/0x2d80 net/sched/sch_netem.c:479 __dev_xmit_skb net/core/dev.c:3527 [inline] __dev_queue_xmit+0x15d2/0x3650 net/core/dev.c:3838 dev_queue_xmit+0x18/0x20 net/core/dev.c:3902 br_send_bpdu_finish net/bridge/br_stp_bpdu.c:32 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] br_send_bpdu.isra.0.constprop.0+0x5ce/0xa70 net/bridge/br_stp_bpdu.c:59 br_send_config_bpdu+0x68c/0x7a0 net/bridge/br_stp_bpdu.c:120 br_transmit_config.part.0+0x517/0x780 net/bridge/br_stp.c:203 br_transmit_config net/bridge/br_stp.c:364 [inline] br_config_bpdu_generation+0x1d2/0x230 net/bridge/br_stp.c:362 br_hello_timer_expired+0xab/0x190 net/bridge/br_stp_timer.c:37 call_timer_fn+0x1ac/0x780 kernel/time/timer.c:1322 expire_timers kernel/time/timer.c:1366 [inline] __run_timers kernel/time/timer.c:1685 [inline] __run_timers kernel/time/timer.c:1653 [inline] run_timer_softirq+0x697/0x17a0 kernel/time/timer.c:1698 __do_softirq+0x262/0x98c kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x19b/0x1e0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:537 [inline] smp_apic_timer_interrupt+0x1a3/0x610 arch/x86/kernel/apic/apic.c:1133 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:830 RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x50 kernel/kcov.c:95 Code: 89 25 d4 8c 39 09 41 bc f4 ff ff ff e8 6d 9f e9 ff 48 c7 05 be 8c 39 09 00 00 00 00 e9 77 e9 ff ff 90 90 90 90 90 90 90 90 90 <55> 48 89 e5 65 48 8b 04 25 40 fe 01 00 65 8b 15 a4 88 8f 7e 81 e2 RSP: 0018:ffff88807e59f5f8 EFLAGS: 00000287 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000002 RBX: ffff8880a8929f20 RCX: ffffffff81a27dbd RDX: ffffc9000c799000 RSI: ffffc9000c448000 RDI: 0000000000000006 RBP: ffff88807e59f638 R08: ffff888093e06080 R09: ffffed100fcb3eb7 R10: ffffed100fcb3eb6 R11: 0000000000000003 R12: ffffc9000c598000 R13: dffffc0000000000 R14: ffffc9000c448000 R15: ffffc9000c799000 alloc_vmap_area+0xb75/0x2070 mm/vmalloc.c:1120 __get_vm_area_node+0x179/0x3a0 mm/vmalloc.c:2057 __vmalloc_node_range+0xd4/0x7d0 mm/vmalloc.c:2483 __vmalloc_node mm/vmalloc.c:2543 [inline] __vmalloc_node_flags mm/vmalloc.c:2557 [inline] vmalloc+0x6b/0x90 mm/vmalloc.c:2582 translate_table+0xfe5/0x1e50 net/bridge/netfilter/ebtables.c:890 do_replace_finish+0x9a1/0x21f0 net/bridge/netfilter/ebtables.c:991 do_replace+0x382/0x420 net/bridge/netfilter/ebtables.c:1118 do_ebt_set_ctl+0xe6/0x110 net/bridge/netfilter/ebtables.c:1469 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x77/0xd0 net/netfilter/nf_sockopt.c:115 ip_setsockopt net/ipv4/ip_sockglue.c:1260 [inline] ip_setsockopt+0xdf/0x100 net/ipv4/ip_sockglue.c:1240 udp_setsockopt+0x68/0xb0 net/ipv4/udp.c:2605 sock_common_setsockopt+0x94/0xd0 net/core/sock.c:3142 __sys_setsockopt+0x261/0x4c0 net/socket.c:2084 __do_sys_setsockopt net/socket.c:2100 [inline] __se_sys_setsockopt net/socket.c:2097 [inline] __x64_sys_setsockopt+0xbe/0x150 net/socket.c:2097 do_syscall_64+0xfd/0x6a0 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4598e9 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fe238db1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004598e9 RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 00000000000002b0 R09: 0000000000000000 R10: 0000000020000000 R11: 0000000000000246 R12: 00007fe238db26d4 R13: 00000000004c79ee R14: 00000000004dd4d0 R15: 00000000ffffffff