============================= WARNING: suspicious RCU usage 4.16.0+ #5 Not tainted ----------------------------- kernel/sched/core.c:6153 Illegal context switch in RCU-bh read-side critical section! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 4 locks held by kworker/0:4/7960: #0: 00000000d7f2c79c ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: __write_once_size include/linux/compiler.h:215 [inline] #0: 00000000d7f2c79c ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 00000000d7f2c79c ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 00000000d7f2c79c ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:57 [inline] #0: 00000000d7f2c79c ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 00000000d7f2c79c ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 00000000d7f2c79c ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: process_one_work+0xaef/0x1b50 kernel/workqueue.c:2116 #1: 000000009203fb85 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: process_one_work+0xb46/0x1b50 kernel/workqueue.c:2120 #2: 00000000403b4d59 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 #3: 00000000c63bc8f4 (rcu_read_lock_bh){....}, at: ipv6_ifa_notify+0x0/0x210 net/ipv6/addrconf.c:5621 netlink: 20 bytes leftover after parsing attributes in process `syz-executor3'. stack backtrace: CPU: 0 PID: 7960 Comm: kworker/0:4 Not tainted 4.16.0+ #5 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: ipv6_addrconf addrconf_dad_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 lockdep_rcu_suspicious+0x14a/0x153 kernel/locking/lockdep.c:4592 ___might_sleep+0x2e7/0x320 kernel/sched/core.c:6153 __might_sleep+0x95/0x190 kernel/sched/core.c:6141 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3378 [inline] kmem_cache_alloc_trace+0x2bc/0x780 mm/slab.c:3618 kmalloc include/linux/slab.h:512 [inline] kzalloc include/linux/slab.h:701 [inline] fib6_info_alloc+0xbb/0x280 net/ipv6/ip6_fib.c:152 ip6_route_info_create+0x7bf/0x3240 net/ipv6/route.c:2891 ip6_route_add+0x23/0xb0 net/ipv6/route.c:3030 addrconf_prefix_route.isra.47+0x4f7/0x6f0 net/ipv6/addrconf.c:2347 __ipv6_ifa_notify+0x591/0xa00 net/ipv6/addrconf.c:5620 ipv6_ifa_notify+0xff/0x210 net/ipv6/addrconf.c:5650 addrconf_dad_completed+0xeb/0xbf0 net/ipv6/addrconf.c:4083 addrconf_dad_begin net/ipv6/addrconf.c:3889 [inline] addrconf_dad_work+0x873/0x1300 net/ipv6/addrconf.c:3991 process_one_work+0xc1e/0x1b50 kernel/workqueue.c:2145 worker_thread+0x1cc/0x1440 kernel/workqueue.c:2279 kthread+0x345/0x410 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:411 BUG: sleeping function called from invalid context at mm/slab.h:421 in_atomic(): 1, irqs_disabled(): 0, pid: 7960, name: kworker/0:4 4 locks held by kworker/0:4/7960: #0: 00000000d7f2c79c ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: __write_once_size include/linux/compiler.h:215 [inline] #0: 00000000d7f2c79c ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 00000000d7f2c79c ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 00000000d7f2c79c ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:57 [inline] #0: 00000000d7f2c79c ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 00000000d7f2c79c ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 00000000d7f2c79c ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: process_one_work+0xaef/0x1b50 kernel/workqueue.c:2116 #1: 000000009203fb85 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: process_one_work+0xb46/0x1b50 kernel/workqueue.c:2120 #2: 00000000403b4d59 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 #3: 00000000c63bc8f4 (rcu_read_lock_bh){....}, at: ipv6_ifa_notify+0x0/0x210 net/ipv6/addrconf.c:5621 CPU: 0 PID: 7960 Comm: kworker/0:4 Not tainted 4.16.0+ #5 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: ipv6_addrconf addrconf_dad_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 ___might_sleep.cold.88+0x11f/0x13a kernel/sched/core.c:6188 __might_sleep+0x95/0x190 kernel/sched/core.c:6141 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3378 [inline] kmem_cache_alloc_trace+0x2bc/0x780 mm/slab.c:3618 kmalloc include/linux/slab.h:512 [inline] kzalloc include/linux/slab.h:701 [inline] fib6_info_alloc+0xbb/0x280 net/ipv6/ip6_fib.c:152 ip6_route_info_create+0x7bf/0x3240 net/ipv6/route.c:2891 ip6_route_add+0x23/0xb0 net/ipv6/route.c:3030 addrconf_prefix_route.isra.47+0x4f7/0x6f0 net/ipv6/addrconf.c:2347 __ipv6_ifa_notify+0x591/0xa00 net/ipv6/addrconf.c:5620 ipv6_ifa_notify+0xff/0x210 net/ipv6/addrconf.c:5650 addrconf_dad_completed+0xeb/0xbf0 net/ipv6/addrconf.c:4083 addrconf_dad_begin net/ipv6/addrconf.c:3889 [inline] addrconf_dad_work+0x873/0x1300 net/ipv6/addrconf.c:3991 process_one_work+0xc1e/0x1b50 kernel/workqueue.c:2145 worker_thread+0x1cc/0x1440 kernel/workqueue.c:2279 kthread+0x345/0x410 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:411 netlink: 20 bytes leftover after parsing attributes in process `syz-executor3'. IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 netlink: 'syz-executor5': attribute type 20 has an invalid length. netlink: 17 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 'syz-executor5': attribute type 20 has an invalid length. netlink: 17 bytes leftover after parsing attributes in process `syz-executor5'. bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered forwarding state IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state IPVS: set_ctl: invalid protocol: 127 0.0.0.0:20000 sh TCP: request_sock_TCPv6: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. IPVS: set_ctl: invalid protocol: 127 0.0.0.0:20000 sh netlink: 'syz-executor2': attribute type 1 has an invalid length. netlink: 'syz-executor2': attribute type 1 has an invalid length.