=============================== [ INFO: suspicious RCU usage. ] 4.4.114-gfe09418 #3 Not tainted ------------------------------- include/linux/inetdevice.h:205 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 3 locks held by syzkaller669405/4046: #0: (&mm->mmap_sem){++++++}, at: [] vm_mmap_pgoff+0x13b/0x1c0 mm/util.c:271 #1: (((&im->timer))){+.-...}, at: [] lockdep_copy_map include/linux/lockdep.h:165 [inline] #1: (((&im->timer))){+.-...}, at: [] call_timer_fn+0xdc/0x860 kernel/time/timer.c:1175 #2: (&(&im->lock)->rlock){+.-...}, at: [] spin_lock_bh include/linux/spinlock.h:307 [inline] #2: (&(&im->lock)->rlock){+.-...}, at: [] igmpv3_send_report+0x39/0x3e0 net/ipv4/igmp.c:594 stack backtrace: CPU: 1 PID: 4046 Comm: syzkaller669405 Not tainted 4.4.114-gfe09418 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 c5ab0c125d28b3e7 ffff8801db307970 ffffffff81d02e6d ffff8801d9300000 0000000000000000 0000000000000001 ffffffff83cf6280 00000000160000e0 ffff8801db3079a0 ffffffff81232df9 ffff8801d956f000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] lockdep_rcu_suspicious+0x139/0x180 kernel/locking/lockdep.c:4305 [] __in_dev_get_rcu include/linux/inetdevice.h:205 [inline] [] igmpv3_get_srcaddr net/ipv4/igmp.c:335 [inline] [] igmpv3_newpack+0xc3c/0xe80 net/ipv4/igmp.c:395 [] add_grhead.isra.30+0x235/0x300 net/ipv4/igmp.c:438 [] add_grec+0x93a/0xe70 net/ipv4/igmp.c:560 [] igmpv3_send_report+0x7f/0x3e0 net/ipv4/igmp.c:599 [] igmp_send_report+0x95e/0xc30 net/ipv4/igmp.c:716 [] igmp_timer_expire+0x29d/0x3d0 net/ipv4/igmp.c:824 [] call_timer_fn+0x18b/0x860 kernel/time/timer.c:1185 [] __run_timers kernel/time/timer.c:1261 [inline] [] run_timer_softirq+0x604/0xbb0 kernel/time/timer.c:1444 [] __do_softirq+0x227/0xa38 kernel/softirq.c:273 [] invoke_softirq kernel/softirq.c:350 [inline] [] irq_exit+0x119/0x140 kernel/softirq.c:391 [] exiting_irq arch/x86/include/asm/apic.h:653 [inline] [] smp_apic_timer_interrupt+0x7b/0xa0 arch/x86/kernel/apic/apic.c:926 [] apic_timer_interrupt+0xa0/0xb0 arch/x86/entry/entry_64.S:737 [] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:812 [inline] [] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline] [] ? _raw_spin_unlock_irqrestore+0x5f/0x70 kernel/locking/spinlock.c:191 [] __debug_check_no_obj_freed lib/debugobjects.c:710 [inline] [] debug_check_no_obj_freed+0x2d2/0x9b0 lib/debugobjects.c:726 [] free_pages_prepare+0x4a9/0xb30 mm/page_alloc.c:1049 [] __free_pages_ok+0x1c/0xbd0 mm/page_alloc.c:1064 [] free_compound_page+0x5e/0x70 mm/page_alloc.c:504 [] __put_compound_page+0xa1/0xf0 mm/swap.c:89 [] put_compound_page+0xdb/0xb80 mm/swap.c:249 [] release_pages+0x110/0x4f0 mm/swap.c:926 [] free_pages_and_swap_cache+0x102/0x140 mm/swap_state.c:266 [] tlb_flush_mmu_free+0xb4/0x160 mm/memory.c:255 [] tlb_flush_mmu mm/memory.c:264 [inline] [] tlb_finish_mmu+0x23/0xa0 mm/memory.c:275 [] unmap_region+0x250/0x330 mm/mmap.c:2470 [] do_munmap+0x70f/0xec0 mm/mmap.c:2664 [] mmap_region+0x423/0x1250 mm/mmap.c:1605 [] do_mmap+0x4fd/0x9d0 mm/mmap.c:1441 [] do_mmap_pgoff include/linux/mm.h:1915 [inline] [] vm_mmap_pgoff+0x16e/0x1c0 mm/util.c:272 [] SYSC_mmap_pgoff mm/mmap.c:1491 [inline] [] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1449 [] SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] [] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 [] entry_SYSCALL_64_fastpath+0x1c/0x98