============================= WARNING: suspicious RCU usage 4.15.0-rc5+ #178 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1106 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by syz-executor2/1646: #0: (rtnl_mutex){+.+.}, at: [<00000000958b3a9a>] rtnl_lock net/core/rtnetlink.c:74 [inline] #0: (rtnl_mutex){+.+.}, at: [<00000000958b3a9a>] rtnetlink_rcv_msg+0x508/0xb10 net/core/rtnetlink.c:4519 #1: (rcu_read_lock){....}, at: [<00000000b6d3d502>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1562 #2: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000ce941b6f>] spin_lock_bh include/linux/spinlock.h:315 [inline] #2: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000ce941b6f>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1957 stack backtrace: CPU: 1 PID: 1646 Comm: syz-executor2 Not tainted 4.15.0-rc5+ #178 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 __fib6_update_sernum_upto_root.isra.5+0x19a/0x1e0 net/ipv6/ip6_fib.c:1105 fib6_update_sernum_upto_root+0x130/0x180 net/ipv6/ip6_fib.c:1119 fib6_ifup+0x131/0x180 net/ipv6/route.c:3491 fib6_clean_node+0x389/0x580 net/ipv6/ip6_fib.c:1891 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1817 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1865 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1942 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1958 fib6_clean_all+0x27/0x30 net/ipv6/ip6_fib.c:1969 rt6_sync_up+0x15e/0x1c0 net/ipv6/route.c:3507 addrconf_notify+0x3f6/0x2310 net/ipv6/addrconf.c:3490 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x32/0x70 net/core/dev.c:1696 call_netdevice_notifiers net/core/dev.c:1714 [inline] __dev_notify_flags+0x15d/0x430 net/core/dev.c:6921 dev_change_flags+0xf5/0x140 net/core/dev.c:6957 do_setlink+0xa39/0x3d40 net/core/rtnetlink.c:2256 rtnl_newlink+0xf5a/0x1ab0 net/core/rtnetlink.c:2849 rtnetlink_rcv_msg+0x57f/0xb10 net/core/rtnetlink.c:4522 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4540 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 sock_write_iter+0x31a/0x5d0 net/socket.c:907 call_write_iter include/linux/fs.h:1772 [inline] do_iter_readv_writev+0x525/0x7f0 fs/read_write.c:653 do_iter_write+0x154/0x540 fs/read_write.c:932 vfs_writev+0x18a/0x340 fs/read_write.c:977 do_writev+0xfc/0x2a0 fs/read_write.c:1012 SYSC_writev fs/read_write.c:1085 [inline] SyS_writev+0x27/0x30 fs/read_write.c:1082 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fc313724c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007fc313725700 RCX: 0000000000452ac9 RDX: 0000000000000001 RSI: 00000000204ac000 RDI: 0000000000000013 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a2f7ef R14: 00007fc3137259c0 R15: 0000000000000000 ============================= WARNING: suspicious RCU usage 4.15.0-rc5+ #178 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1113 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by syz-executor2/1646: #0: (rtnl_mutex){+.+.}, at: [<00000000958b3a9a>] rtnl_lock net/core/rtnetlink.c:74 [inline] #0: (rtnl_mutex){+.+.}, at: [<00000000958b3a9a>] rtnetlink_rcv_msg+0x508/0xb10 net/core/rtnetlink.c:4519 #1: (rcu_read_lock){....}, at: [<00000000b6d3d502>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1562 #2: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000ce941b6f>] spin_lock_bh include/linux/spinlock.h:315 [inline] #2: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000ce941b6f>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1957 stack backtrace: CPU: 1 PID: 1646 Comm: syz-executor2 Not tainted 4.15.0-rc5+ #178 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 __fib6_update_sernum_upto_root.isra.5+0x12c/0x1e0 net/ipv6/ip6_fib.c:1112 fib6_update_sernum_upto_root+0x130/0x180 net/ipv6/ip6_fib.c:1119 fib6_ifup+0x131/0x180 net/ipv6/route.c:3491 fib6_clean_node+0x389/0x580 net/ipv6/ip6_fib.c:1891 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1817 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1865 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1942 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1958 fib6_clean_all+0x27/0x30 net/ipv6/ip6_fib.c:1969 rt6_sync_up+0x15e/0x1c0 net/ipv6/route.c:3507 addrconf_notify+0x3f6/0x2310 net/ipv6/addrconf.c:3490 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x32/0x70 net/core/dev.c:1696 call_netdevice_notifiers net/core/dev.c:1714 [inline] __dev_notify_flags+0x15d/0x430 net/core/dev.c:6921 dev_change_flags+0xf5/0x140 net/core/dev.c:6957 do_setlink+0xa39/0x3d40 net/core/rtnetlink.c:2256 rtnl_newlink+0xf5a/0x1ab0 net/core/rtnetlink.c:2849 rtnetlink_rcv_msg+0x57f/0xb10 net/core/rtnetlink.c:4522 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4540 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 sock_write_iter+0x31a/0x5d0 net/socket.c:907 call_write_iter include/linux/fs.h:1772 [inline] do_iter_readv_writev+0x525/0x7f0 fs/read_write.c:653 do_iter_write+0x154/0x540 fs/read_write.c:932 vfs_writev+0x18a/0x340 fs/read_write.c:977 do_writev+0xfc/0x2a0 fs/read_write.c:1012 SYSC_writev fs/read_write.c:1085 [inline] SyS_writev+0x27/0x30 fs/read_write.c:1082 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fc313724c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007fc313725700 RCX: 0000000000452ac9 RDX: 0000000000000001 RSI: 00000000204ac000 RDI: 0000000000000013 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a2f7ef R14: 00007fc3137259c0 R15: 0000000000000000 netlink: 'syz-executor0': attribute type 16 has an invalid length. netlink: 'syz-executor0': attribute type 16 has an invalid length. do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=1802 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=25 sclass=netlink_tcpdiag_socket pig=1874 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=25 sclass=netlink_tcpdiag_socket pig=1900 comm=syz-executor5 sctp: [Deprecated]: syz-executor2 (pid 1951) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor2 (pid 1951) Use of int in maxseg socket option. Use struct sctp_assoc_value instead nla_parse: 11 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 25 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 25 bytes leftover after parsing attributes in process `syz-executor4'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=2218 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=2255 comm=syz-executor5 netlink: 11 bytes leftover after parsing attributes in process `syz-executor4'. device lo entered promiscuous mode device lo left promiscuous mode sctp: [Deprecated]: syz-executor5 (pid 2650) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor5 (pid 2650) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9478 sclass=netlink_route_socket pig=2690 comm=syz-executor6 netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. openvswitch: netlink: Either Ethernet header or EtherType is required. openvswitch: netlink: Either Ethernet header or EtherType is required. netlink: 'syz-executor5': attribute type 18 has an invalid length. netlink: 'syz-executor5': attribute type 18 has an invalid length. netlink: 'syz-executor3': attribute type 1 has an invalid length. netlink: 'syz-executor3': attribute type 1 has an invalid length. tc_dump_action: action bad kind netlink: 'syz-executor6': attribute type 1 has an invalid length. SELinux: unrecognized netlink message: protocol=4 nlmsg_type=23420 sclass=netlink_tcpdiag_socket pig=3626 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=23420 sclass=netlink_tcpdiag_socket pig=3609 comm=syz-executor1 nla_parse: 11 callbacks suppressed netlink: 40 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 40 bytes leftover after parsing attributes in process `syz-executor7'. Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable netlink: 13 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor3'. sctp: [Deprecated]: syz-executor7 (pid 3872) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor7 (pid 3872) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead netlink: 'syz-executor7': attribute type 1 has an invalid length. netlink: 'syz-executor7': attribute type 1 has an invalid length. netlink: 14 bytes leftover after parsing attributes in process `syz-executor2'. PF_BRIDGE: br_mdb_parse() with invalid ifindex netlink: 'syz-executor4': attribute type 10 has an invalid length.