=============================== [ INFO: suspicious RCU usage. ] 4.9.205-syzkaller #0 Not tainted ------------------------------- include/linux/inetdevice.h:205 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 4 locks held by syz-executor.3/7307: #0: (rcu_read_lock_bh){......}, at: [<000000009b781439>] ip_finish_output2+0x20b/0x1280 net/ipv4/ip_output.c:198 #1: (rcu_read_lock_bh){......}, at: [<00000000b4d3a609>] __dev_queue_xmit+0x1d4/0x1bd0 net/core/dev.c:3407 #2: (_xmit_TUNNEL6#2){+.-...}, at: [<000000005aaf89f0>] spin_lock include/linux/spinlock.h:302 [inline] #2: (_xmit_TUNNEL6#2){+.-...}, at: [<000000005aaf89f0>] __netif_tx_lock include/linux/netdevice.h:3573 [inline] #2: (_xmit_TUNNEL6#2){+.-...}, at: [<000000005aaf89f0>] __dev_queue_xmit+0x1116/0x1bd0 net/core/dev.c:3469 #3: (slock-AF_INET){+.-...}, at: [<0000000094322540>] spin_trylock include/linux/spinlock.h:312 [inline] #3: (slock-AF_INET){+.-...}, at: [<0000000094322540>] icmp_xmit_lock net/ipv4/icmp.c:220 [inline] #3: (slock-AF_INET){+.-...}, at: [<0000000094322540>] __icmp_send+0x48b/0x1420 net/ipv4/icmp.c:656 stack backtrace: CPU: 0 PID: 7307 Comm: syz-executor.3 Not tainted 4.9.205-syzkaller #0 ffff8801c7ba6dd8 ffffffff81b55e6b ffff8801bfc10c80 0000000000000000 0000000000000002 00000000000000cd ffff8801a1f75f00 ffff8801c7ba6e08 ffffffff81406997 ffff8801bfc10cd8 ffff8801c7ba6f28 ffff8801cade6600 Call Trace: [<00000000e13f4b91>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000e13f4b91>] dump_stack+0xcb/0x130 lib/dump_stack.c:56 [<000000002f2689d8>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4458 [<0000000064c7c979>] __in_dev_get_rcu include/linux/inetdevice.h:205 [inline] [<0000000064c7c979>] fib_compute_spec_dst+0x6c4/0xcc0 net/ipv4/fib_frontend.c:284 [<000000000e006a3e>] __ip_options_echo+0x4be/0x13e0 net/ipv4/ip_options.c:177 [<000000007e16de3d>] __icmp_send+0x648/0x1420 net/ipv4/icmp.c:685 [<000000006f708415>] ipv4_send_dest_unreach net/ipv4/route.c:1203 [inline] [<000000006f708415>] ipv4_link_failure+0x460/0x850 net/ipv4/route.c:1210 [<00000000613d0cf2>] dst_link_failure include/net/dst.h:490 [inline] [<00000000613d0cf2>] vti6_xmit net/ipv6/ip6_vti.c:522 [inline] [<00000000613d0cf2>] vti6_tnl_xmit+0xb08/0x17f0 net/ipv6/ip6_vti.c:561 [<00000000132e087f>] __netdev_start_xmit include/linux/netdevice.h:4072 [inline] [<00000000132e087f>] netdev_start_xmit include/linux/netdevice.h:4081 [inline] [<00000000132e087f>] xmit_one net/core/dev.c:2977 [inline] [<00000000132e087f>] dev_hard_start_xmit+0x195/0x8b0 net/core/dev.c:2993 [<00000000d483534a>] __dev_queue_xmit+0x11a3/0x1bd0 net/core/dev.c:3473 [<00000000d3eb14e1>] dev_queue_xmit+0x18/0x20 net/core/dev.c:3506 [<00000000508c3340>] neigh_direct_output+0x16/0x20 net/core/neighbour.c:1368 [<00000000e5d26d38>] dst_neigh_output include/net/dst.h:470 [inline] [<00000000e5d26d38>] ip_finish_output2+0x6a2/0x1280 net/ipv4/ip_output.c:225 [<000000008dbd29f7>] ip_finish_output+0x3c4/0xce0 net/ipv4/ip_output.c:313 [<00000000db71f61b>] NF_HOOK_COND include/linux/netfilter.h:246 [inline] [<00000000db71f61b>] ip_output+0x1ec/0x5b0 net/ipv4/ip_output.c:401 [<00000000046b3610>] dst_output include/net/dst.h:507 [inline] [<00000000046b3610>] NF_HOOK_THRESH include/linux/netfilter.h:232 [inline] [<00000000046b3610>] NF_HOOK include/linux/netfilter.h:255 [inline] [<00000000046b3610>] raw_send_hdrinc net/ipv4/raw.c:421 [inline] [<00000000046b3610>] raw_sendmsg+0x1c5c/0x23e0 net/ipv4/raw.c:643 [<000000002f4de322>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:766 [<000000008731bca7>] sock_sendmsg_nosec net/socket.c:649 [inline] [<000000008731bca7>] sock_sendmsg+0xbe/0x110 net/socket.c:659 [<000000005af496b5>] sock_write_iter+0x235/0x3d0 net/socket.c:857 [<000000006573f2e0>] new_sync_write fs/read_write.c:498 [inline] [<000000006573f2e0>] __vfs_write+0x3c1/0x560 fs/read_write.c:511 [<00000000b8e12b9a>] vfs_write+0x185/0x520 fs/read_write.c:559 [<00000000ad0b826a>] SYSC_write fs/read_write.c:607 [inline] [<00000000ad0b826a>] SyS_write+0x121/0x270 fs/read_write.c:599 [<00000000bb2fca10>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<0000000002e13699>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb out of order segment: rcv_next 8B8F7CBE seq 8B8F8006 - 8B8F806E out of order segment: rcv_next 8B8F7CBE seq 8B8F806E - 8B8F80C2 prune_queue: c=8b8f7bf6 out of order segment: rcv_next 8B8F7CBE seq 8B8F80C2 - 8B8F8116 prune_queue: c=8b8f7bf6 out of order segment: rcv_next 8B8F7DDA seq 8B8F7DE2 - 8B8F7DFE prune_queue: c=8b8f7bf6 out of order segment: rcv_next 8B8F7DDA seq 8B8F7E66 - 8B8F7ECE out of order segment: rcv_next 8B8F7DDA seq 8B8F7ECE - 8B8F7F22 out of order segment: rcv_next 8B8F7DDA seq 8B8F7F22 - 8B8F7F76 prune_queue: c=8b8f7bf6 out of order segment: rcv_next 8B8F7DDA seq 8B8F7F76 - 8B8F7FCA out of order segment: rcv_next 8B8F7DDA seq 8B8F7FCA - 8B8F8006 out of order segment: rcv_next 8B8F7DDA seq 8B8F8116 - 8B8F816A out of order segment: rcv_next 8B8F7DDA seq 8B8F816A - 8B8F81B6 out of order segment: rcv_next 8B8F7DDA seq 8B8F81B6 - 8B8F8202 prune_queue: c=8b8f7bf6 ofo requeuing : rcv_next 8B8F7DE2 seq 8B8F7DE2 - 8B8F80C2 out of order segment: rcv_next 8B8F80C2 seq 8B8F8202 - 8B8F825E out of order segment: rcv_next 8B8F80C2 seq 8B8F825E - 8B8F82BA out of order segment: rcv_next 8B8F80C2 seq 8B8F82BA - 8B8F8316 out of order segment: rcv_next 8B8F80C2 seq 8B8F8316 - 8B8F8372 out of order segment: rcv_next 8B8F80C2 seq 8B8F8372 - 8B8F83CE out of order segment: rcv_next 8B8F80C2 seq 8B8F83CE - 8B8F842A out of order segment: rcv_next 8B8F80C2 seq 8B8F842A - 8B8F8486 out of order segment: rcv_next 8B8F80C2 seq 8B8F8486 - 8B8F84E2 out of order segment: rcv_next 8B8F80C2 seq 8B8F84E2 - 8B8F853E out of order segment: rcv_next 8B8F80C2 seq 8B8F853E - 8B8F859A out of order segment: rcv_next 8B8F80C2 seq 8B8F859A - 8B8F85F6 out of order segment: rcv_next 8B8F80C2 seq 8B8F85F6 - 8B8F8652 out of order segment: rcv_next 8B8F80C2 seq 8B8F8652 - 8B8F86AE out of order segment: rcv_next 8B8F80C2 seq 8B8F86AE - 8B8F870A out of order segment: rcv_next 8B8F80C2 seq 8B8F870A - 8B8F8766 out of order segment: rcv_next 8B8F80C2 seq 8B8F8766 - 8B8F87C2 out of order segment: rcv_next 8B8F80C2 seq 8B8F87C2 - 8B8F881E out of order segment: rcv_next 8B8F80C2 seq 8B8F881E - 8B8F887A out of order segment: rcv_next 8B8F80C2 seq 8B8F887A - 8B8F88D6 out of order segment: rcv_next 8B8F80C2 seq 8B8F88D6 - 8B8F8932 out of order segment: rcv_next 8D46D3A2 seq 8D46D4E2 - 8D46D5AA audit_printk_skb: 141 callbacks suppressed audit: type=1400 audit(2000000441.790:1937): avc: denied { write } for pid=7378 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000441.790:1938): avc: denied { write } for pid=7378 comm="syz-executor.2" path="socket:[101735]" dev="sockfs" ino=101735 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000441.790:1939): avc: denied { write } for pid=7378 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000442.160:1940): avc: denied { create } for pid=7353 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(2000000442.160:1941): avc: denied { write } for pid=7353 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 out of order segment: rcv_next 8D46D3A2 seq 8D46D6EA - 8D46D752 out of order segment: rcv_next 8D46D3A2 seq 8D46D752 - 8D46D7A6 prune_queue: c=8d46d2da out of order segment: rcv_next 8D46D3A2 seq 8D46D7A6 - 8D46D7FA prune_queue: c=8d46d2da out of order segment: rcv_next 8D46D4BE seq 8D46D4C6 - 8D46D4E2 prune_queue: c=8d46d2da out of order segment: rcv_next 8D46D4BE seq 8D46D54A - 8D46D5B2 out of order segment: rcv_next 8D46D4BE seq 8D46D5B2 - 8D46D606 out of order segment: rcv_next 8D46D4BE seq 8D46D606 - 8D46D65A prune_queue: c=8d46d2da out of order segment: rcv_next 8D46D4BE seq 8D46D65A - 8D46D6AE out of order segment: rcv_next 8D46D4BE seq 8D46D6AE - 8D46D6EA out of order segment: rcv_next 8D46D4BE seq 8D46D7FA - 8D46D84E out of order segment: rcv_next 8D46D4BE seq 8D46D84E - 8D46D89A out of order segment: rcv_next 8D46D4BE seq 8D46D89A - 8D46D8E6 prune_queue: c=8d46d2da ofo requeuing : rcv_next 8D46D4C6 seq 8D46D4C6 - 8D46D7A6 out of order segment: rcv_next 8D46D7A6 seq 8D46D8E6 - 8D46D942 out of order segment: rcv_next 8D46D7A6 seq 8D46D942 - 8D46D99E out of order segment: rcv_next 8D46D7A6 seq 8D46D99E - 8D46D9FA out of order segment: rcv_next 8D46D7A6 seq 8D46D9FA - 8D46DA56 out of order segment: rcv_next 8D46D7A6 seq 8D46DA56 - 8D46DAB2 out of order segment: rcv_next 8D46D7A6 seq 8D46DAB2 - 8D46DB0E out of order segment: rcv_next 8D46D7A6 seq 8D46DB0E - 8D46DB6A out of order segment: rcv_next 8D46D7A6 seq 8D46DB6A - 8D46DBC6 out of order segment: rcv_next 8D46D7A6 seq 8D46DBC6 - 8D46DC22 out of order segment: rcv_next 8D46D7A6 seq 8D46DC22 - 8D46DC7E out of order segment: rcv_next 8D46D7A6 seq 8D46DC7E - 8D46DCDA out of order segment: rcv_next 8D46D7A6 seq 8D46DCDA - 8D46DD36 out of order segment: rcv_next 8D46D7A6 seq 8D46DD36 - 8D46DD92 out of order segment: rcv_next 8D46D7A6 seq 8D46DD92 - 8D46DDEE out of order segment: rcv_next 8D46D7A6 seq 8D46DDEE - 8D46DE4A out of order segment: rcv_next 8D46D7A6 seq 8D46DE4A - 8D46DEA6 out of order segment: rcv_next 8D46D7A6 seq 8D46DEA6 - 8D46DF02 out of order segment: rcv_next 8D46D7A6 seq 8D46DF02 - 8D46DF5E out of order segment: rcv_next 8D46D7A6 seq 8D46DF5E - 8D46DFBA out of order segment: rcv_next 8D46D7A6 seq 8D46DFBA - 8D46E016 audit: type=1400 audit(2000000442.730:1942): avc: denied { create } for pid=7428 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000442.740:1943): avc: denied { write } for pid=7428 comm="syz-executor.2" path="socket:[102868]" dev="sockfs" ino=102868 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000442.740:1944): avc: denied { write } for pid=7428 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000442.750:1945): avc: denied { write } for pid=7428 comm="syz-executor.2" path="socket:[102868]" dev="sockfs" ino=102868 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(2000000442.760:1946): avc: denied { write } for pid=7428 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc prune_queue: c=8ec3c7bc out of order segment: rcv_next 8FC8C0C6 seq 8FC8C206 - 8FC8C2CE out of order segment: rcv_next 8FC8C0C6 seq 8FC8C40E - 8FC8C476 out of order segment: rcv_next 8FC8C0C6 seq 8FC8C476 - 8FC8C4CA out of order segment: rcv_next 8FC8C0C6 seq 8FC8C4CA - 8FC8C51E out of order segment: rcv_next 8FC8C0C6 seq 8FC8C51E - 8FC8C572 out of order segment: rcv_next 8FC8C0C6 seq 8FC8C572 - 8FC8C5C6 out of order segment: rcv_next 8FC8C0C6 seq 8FC8C5C6 - 8FC8C61A out of order segment: rcv_next 8FC8C0C6 seq 8FC8C61A - 8FC8C66E out of order segment: rcv_next 8FC8C0C6 seq 8FC8C66E - 8FC8C6C2 out of order segment: rcv_next 8FC8C0C6 seq 8FC8C6C2 - 8FC8C716 out of order segment: rcv_next 8FC8C0C6 seq 8FC8C716 - 8FC8C76A out of order segment: rcv_next 8FC8C0C6 seq 8FC8C76A - 8FC8C7BE out of order segment: rcv_next 8FC8C0C6 seq 8FC8C7BE - 8FC8C812 out of order segment: rcv_next 8FC8C0C6 seq 8FC8C812 - 8FC8C866 out of order segment: rcv_next 8FC8C0C6 seq 8FC8C866 - 8FC8C8BA out of order segment: rcv_next 8FC8C0C6 seq 8FC8C8BA - 8FC8C90E out of order segment: rcv_next 8FC8C0C6 seq 8FC8C90E - 8FC8C962 out of order segment: rcv_next 8FC8C0C6 seq 8FC8C962 - 8FC8C9B6 out of order segment: rcv_next 8FC8C0C6 seq 8FC8C9B6 - 8FC8CA0A out of order segment: rcv_next 8FC8C0C6 seq 8FC8CA0A - 8FC8CA5E out of order segment: rcv_next 8FC8C0C6 seq 8FC8CA5E - 8FC8CAB2 out of order segment: rcv_next 8FC8C0C6 seq 8FC8CAB2 - 8FC8CB06 out of order segment: rcv_next 8FC8C0C6 seq 8FC8CB06 - 8FC8CB5A out of order segment: rcv_next 8FC8C0C6 seq 8FC8CB5A - 8FC8CBAE out of order segment: rcv_next 8FC8C0C6 seq 8FC8CBAE - 8FC8CC02 out of order segment: rcv_next 8FC8C0C6 seq 8FC8CC02 - 8FC8CC56 out of order segment: rcv_next 8FC8C0C6 seq 8FC8CC56 - 8FC8CCAA out of order segment: rcv_next 8FC8C0C6 seq 8FC8CCAA - 8FC8CCFE out of order segment: rcv_next 8FC8C0C6 seq 8FC8CCFE - 8FC8CD52 out of order segment: rcv_next 8FC8C0C6 seq 8FC8CD52 - 8FC8CDA6 out of order segment: rcv_next 8FC8C0C6 seq 8FC8CDA6 - 8FC8CDFA out of order segment: rcv_next 8FC8C0C6 seq 8FC8CDFA - 8FC8CE4E out of order segment: rcv_next 8FC8C0C6 seq 8FC8CE4E - 8FC8CEA2 out of order segment: rcv_next 8FC8C0C6 seq 8FC8CEA2 - 8FC8CEF6 out of order segment: rcv_next 8FC8C0C6 seq 8FC8CEF6 - 8FC8CF4A out of order segment: rcv_next 8FC8C0C6 seq 8FC8CF4A - 8FC8CF9E out of order segment: rcv_next 8FC8C0C6 seq 8FC8CF9E - 8FC8CFF2 out of order segment: rcv_next 8FC8C0C6 seq 8FC8CFF2 - 8FC8D046 out of order segment: rcv_next 8FC8C0C6 seq 8FC8D046 - 8FC8D09A out of order segment: rcv_next 8FC8C0C6 seq 8FC8D09A - 8FC8D0EE out of order segment: rcv_next 8FC8C0C6 seq 8FC8D0EE - 8FC8D142 out of order segment: rcv_next 8FC8C0C6 seq 8FC8D142 - 8FC8D196 out of order segment: rcv_next 8FC8C0C6 seq 8FC8D196 - 8FC8D1EA out of order segment: rcv_next 8FC8C0C6 seq 8FC8D1EA - 8FC8D23E out of order segment: rcv_next 8FC8C0C6 seq 8FC8D23E - 8FC8D292 out of order segment: rcv_next 8FC8C0C6 seq 8FC8D292 - 8FC8D2E6 out of order segment: rcv_next 8FC8C0C6 seq 8FC8D2E6 - 8FC8D33A out of order segment: rcv_next 8FC8C0C6 seq 8FC8D33A - 8FC8D38E out of order segment: rcv_next 8FC8C0C6 seq 8FC8D38E - 8FC8D3E2 out of order segment: rcv_next 8FC8C0C6 seq 8FC8D3E2 - 8FC8D436 out of order segment: rcv_next 8FC8C0C6 seq 8FC8D436 - 8FC8D48A out of order segment: rcv_next 8FC8C0C6 seq 8FC8D48A - 8FC8D4DE out of order segment: rcv_next 8FC8C0C6 seq 8FC8D4DE - 8FC8D532