IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready

=============================
WARNING: suspicious RCU usage
4.15.0-rc5+ #178 Not tainted
-----------------------------
net/ipv6/ip6_fib.c:1106 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
3 locks held by syz-executor4/6380:
 #0:  (rtnl_mutex){+.+.}, at: [<0000000075bdd064>] rtnl_lock net/core/rtnetlink.c:74 [inline]
 #0:  (rtnl_mutex){+.+.}, at: [<0000000075bdd064>] rtnetlink_rcv_msg+0x508/0xb10 net/core/rtnetlink.c:4519
 #1:  (rcu_read_lock){....}, at: [<00000000e8881b1e>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1562
 #2:  (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000081cfd0d>] spin_lock_bh include/linux/spinlock.h:315 [inline]
 #2:  (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000081cfd0d>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1957

stack backtrace:
CPU: 1 PID: 6380 Comm: syz-executor4 Not tainted 4.15.0-rc5+ #178
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585
 __fib6_update_sernum_upto_root.isra.5+0x19a/0x1e0 net/ipv6/ip6_fib.c:1105
 fib6_update_sernum_upto_root+0x130/0x180 net/ipv6/ip6_fib.c:1119
 fib6_ifup+0x131/0x180 net/ipv6/route.c:3491
 fib6_clean_node+0x389/0x580 net/ipv6/ip6_fib.c:1891
 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1817
 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1865
 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1942
 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1958
 fib6_clean_all+0x27/0x30 net/ipv6/ip6_fib.c:1969
 rt6_sync_up+0x15e/0x1c0 net/ipv6/route.c:3507
 addrconf_notify+0x1a68/0x2310 net/ipv6/addrconf.c:3453
 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93
 __raw_notifier_call_chain kernel/notifier.c:394 [inline]
 raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401
 call_netdevice_notifiers_info+0x32/0x70 net/core/dev.c:1696
 __dev_notify_flags+0x394/0x430 net/core/dev.c:6935
 dev_change_flags+0xf5/0x140 net/core/dev.c:6957
 do_setlink+0xa39/0x3d40 net/core/rtnetlink.c:2256
 rtnl_group_changelink net/core/rtnetlink.c:2704 [inline]
 rtnl_newlink+0xd2b/0x1ab0 net/core/rtnetlink.c:2855
 rtnetlink_rcv_msg+0x57f/0xb10 net/core/rtnetlink.c:4522
 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441
 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4540
 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline]
 netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334
 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897
 sock_sendmsg_nosec net/socket.c:628 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:638
 sock_write_iter+0x31a/0x5d0 net/socket.c:907
 call_write_iter include/linux/fs.h:1772 [inline]
 do_iter_readv_writev+0x525/0x7f0 fs/read_write.c:653
 do_iter_write+0x154/0x540 fs/read_write.c:932
 vfs_writev+0x18a/0x340 fs/read_write.c:977
 do_writev+0xfc/0x2a0 fs/read_write.c:1012
 SYSC_writev fs/read_write.c:1085 [inline]
 SyS_writev+0x27/0x30 fs/read_write.c:1082
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452ac9
RSP: 002b:00007f20b065fc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9
RDX: 0000000000000001 RSI: 0000000020e16000 RDI: 0000000000000013
RBP: 0000000000000583 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f64e8
R13: 00000000ffffffff R14: 00007f20b06606d4 R15: 0000000000000000

=============================
WARNING: suspicious RCU usage
4.15.0-rc5+ #178 Not tainted
-----------------------------
net/ipv6/ip6_fib.c:1113 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
3 locks held by syz-executor4/6380:
 #0:  (rtnl_mutex){+.+.}, at: [<0000000075bdd064>] rtnl_lock net/core/rtnetlink.c:74 [inline]
 #0:  (rtnl_mutex){+.+.}, at: [<0000000075bdd064>] rtnetlink_rcv_msg+0x508/0xb10 net/core/rtnetlink.c:4519
 #1:  (rcu_read_lock){....}, at: [<00000000e8881b1e>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1562
 #2:  (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000081cfd0d>] spin_lock_bh include/linux/spinlock.h:315 [inline]
 #2:  (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000081cfd0d>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1957

stack backtrace:
CPU: 1 PID: 6380 Comm: syz-executor4 Not tainted 4.15.0-rc5+ #178
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585
 __fib6_update_sernum_upto_root.isra.5+0x12c/0x1e0 net/ipv6/ip6_fib.c:1112
 fib6_update_sernum_upto_root+0x130/0x180 net/ipv6/ip6_fib.c:1119
 fib6_ifup+0x131/0x180 net/ipv6/route.c:3491
 fib6_clean_node+0x389/0x580 net/ipv6/ip6_fib.c:1891
 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1817
 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1865
 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1942
 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1958
 fib6_clean_all+0x27/0x30 net/ipv6/ip6_fib.c:1969
 rt6_sync_up+0x15e/0x1c0 net/ipv6/route.c:3507
 addrconf_notify+0x1a68/0x2310 net/ipv6/addrconf.c:3453
 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93
 __raw_notifier_call_chain kernel/notifier.c:394 [inline]
 raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401
 call_netdevice_notifiers_info+0x32/0x70 net/core/dev.c:1696
 __dev_notify_flags+0x394/0x430 net/core/dev.c:6935
 dev_change_flags+0xf5/0x140 net/core/dev.c:6957
 do_setlink+0xa39/0x3d40 net/core/rtnetlink.c:2256
 rtnl_group_changelink net/core/rtnetlink.c:2704 [inline]
 rtnl_newlink+0xd2b/0x1ab0 net/core/rtnetlink.c:2855
 rtnetlink_rcv_msg+0x57f/0xb10 net/core/rtnetlink.c:4522
 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441
 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4540
 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline]
 netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334
 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897
 sock_sendmsg_nosec net/socket.c:628 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:638
 sock_write_iter+0x31a/0x5d0 net/socket.c:907
 call_write_iter include/linux/fs.h:1772 [inline]
 do_iter_readv_writev+0x525/0x7f0 fs/read_write.c:653
 do_iter_write+0x154/0x540 fs/read_write.c:932
 vfs_writev+0x18a/0x340 fs/read_write.c:977
 do_writev+0xfc/0x2a0 fs/read_write.c:1012
 SYSC_writev fs/read_write.c:1085 [inline]
 SyS_writev+0x27/0x30 fs/read_write.c:1082
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452ac9
RSP: 002b:00007f20b065fc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9
RDX: 0000000000000001 RSI: 0000000020e16000 RDI: 0000000000000013
RBP: 0000000000000583 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f64e8
R13: 00000000ffffffff R14: 00007f20b06606d4 R15: 0000000000000000
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=18 sclass=netlink_audit_socket pig=6400 comm=syz-executor3
netlink: 'syz-executor4': attribute type 27 has an invalid length.
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
nla_parse: 6 callbacks suppressed
netlink: 72 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 72 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 14 bytes leftover after parsing attributes in process `syz-executor2'.
PF_BRIDGE: br_mdb_parse() with invalid ifindex
device sit0 entered promiscuous mode
sctp: [Deprecated]: syz-executor1 (pid 6831) Use of int in max_burst socket option deprecated.
Use struct sctp_assoc_value instead
sctp: [Deprecated]: syz-executor1 (pid 6844) Use of int in max_burst socket option deprecated.
Use struct sctp_assoc_value instead
dccp_v4_rcv: dropped packet with invalid checksum
dccp_v4_rcv: dropped packet with invalid checksum
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 7148 Comm: syz-executor6 Not tainted 4.15.0-rc5+ #178
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3289 [inline]
 kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632
 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:983 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1180 [inline]
 netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1872
 sock_sendmsg_nosec net/socket.c:628 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:638
 sock_write_iter+0x31a/0x5d0 net/socket.c:907
 call_write_iter include/linux/fs.h:1772 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:482
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452ac9
RSP: 002b:00007f8e25cfbc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f8e25cfbaa0 RCX: 0000000000452ac9
RDX: 0000000000000026 RSI: 00000000202a4fda RDI: 0000000000000013
RBP: 00007f8e25cfba90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a
R13: 00007f8e25cfbbc8 R14: 00000000004b767a R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 7182 Comm: syz-executor6 Not tainted 4.15.0-rc5+ #178
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3289 [inline]
 kmem_cache_alloc_node_trace+0x5a/0x750 mm/slab.c:3651
 __do_kmalloc_node mm/slab.c:3671 [inline]
 __kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3686
 __kmalloc_reserve.isra.39+0x41/0xd0 net/core/skbuff.c:137
 __alloc_skb+0x13b/0x780 net/core/skbuff.c:205
 alloc_skb include/linux/skbuff.h:983 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1180 [inline]
 netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1872
 sock_sendmsg_nosec net/socket.c:628 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:638
 sock_write_iter+0x31a/0x5d0 net/socket.c:907
 call_write_iter include/linux/fs.h:1772 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:482
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452ac9
RSP: 002b:00007f8e25cfbc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f8e25cfbaa0 RCX: 0000000000452ac9
RDX: 0000000000000026 RSI: 00000000202a4fda RDI: 0000000000000013
RBP: 00007f8e25cfba90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a
R13: 00007f8e25cfbbc8 R14: 00000000004b767a R15: 0000000000000000
netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7234 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7238 comm=syz-executor6
netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'.
openvswitch: netlink: Message has 1 unknown bytes.
netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'.
openvswitch: netlink: Message has 1 unknown bytes.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4847 sclass=netlink_route_socket pig=7291 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7 sclass=netlink_route_socket pig=7291 comm=syz-executor6
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 'syz-executor3': attribute type 6 has an invalid length.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4847 sclass=netlink_route_socket pig=7309 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7 sclass=netlink_route_socket pig=7291 comm=syz-executor6
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 'syz-executor3': attribute type 6 has an invalid length.
lo: Invalid MTU -1145372672 requested, hw min 0
lo: Invalid MTU -1145372672 requested, hw min 0
sctp: [Deprecated]: syz-executor0 (pid 7349) Use of int in maxseg socket option.
Use struct sctp_assoc_value instead
sctp: [Deprecated]: syz-executor0 (pid 7372) Use of int in maxseg socket option.
Use struct sctp_assoc_value instead
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pig=7396 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pig=7396 comm=syz-executor3
netlink: 'syz-executor7': attribute type 3 has an invalid length.
netlink: 'syz-executor7': attribute type 3 has an invalid length.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7644 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7644 comm=syz-executor6
nla_parse: 7 callbacks suppressed
netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 164 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 164 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 17 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 11 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 13 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 13 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 11 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 'syz-executor5': attribute type 25 has an invalid length.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8040 sclass=netlink_route_socket pig=8417 comm=syz-executor6
device lo entered promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8040 sclass=netlink_route_socket pig=8417 comm=syz-executor6