=============================== [ INFO: suspicious RCU usage. ] 4.9.205-syzkaller #0 Not tainted ------------------------------- include/linux/inetdevice.h:205 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 4 locks held by syz-executor.4/18486: #0: (rcu_read_lock_bh){......}, at: [<000000001a0c0e30>] ip_finish_output2+0x20b/0x1280 net/ipv4/ip_output.c:198 #1: (rcu_read_lock_bh){......}, at: [<00000000f09db268>] __dev_queue_xmit+0x1d4/0x1bd0 net/core/dev.c:3407 #2: (_xmit_TUNNEL6#2){+.-...}, at: [<00000000747f2cac>] spin_lock include/linux/spinlock.h:302 [inline] #2: (_xmit_TUNNEL6#2){+.-...}, at: [<00000000747f2cac>] __netif_tx_lock include/linux/netdevice.h:3573 [inline] #2: (_xmit_TUNNEL6#2){+.-...}, at: [<00000000747f2cac>] __dev_queue_xmit+0x1116/0x1bd0 net/core/dev.c:3469 #3: (slock-AF_INET){+.-...}, at: [<00000000ca15d730>] spin_trylock include/linux/spinlock.h:312 [inline] #3: (slock-AF_INET){+.-...}, at: [<00000000ca15d730>] icmp_xmit_lock net/ipv4/icmp.c:220 [inline] #3: (slock-AF_INET){+.-...}, at: [<00000000ca15d730>] __icmp_send+0x48b/0x1420 net/ipv4/icmp.c:656 stack backtrace: CPU: 0 PID: 18486 Comm: syz-executor.4 Not tainted 4.9.205-syzkaller #0 ffff8801ada2edd8 ffffffff81b55e6b ffff88019e25d3c0 0000000000000000 0000000000000002 00000000000000cd ffff8801a6622f80 ffff8801ada2ee08 ffffffff81406997 ffff88019e25d418 ffff8801ada2ef28 ffff8801d50c9100 Call Trace: [<0000000035b526c5>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000035b526c5>] dump_stack+0xcb/0x130 lib/dump_stack.c:56 [<0000000089727264>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4458 [<00000000b8c1ae48>] __in_dev_get_rcu include/linux/inetdevice.h:205 [inline] [<00000000b8c1ae48>] fib_compute_spec_dst+0x6c4/0xcc0 net/ipv4/fib_frontend.c:284 [<000000003e2bb9ab>] __ip_options_echo+0x4be/0x13e0 net/ipv4/ip_options.c:177 [<00000000223aa021>] __icmp_send+0x648/0x1420 net/ipv4/icmp.c:685 [<00000000013eea46>] ipv4_send_dest_unreach net/ipv4/route.c:1203 [inline] [<00000000013eea46>] ipv4_link_failure+0x460/0x850 net/ipv4/route.c:1210 [<000000006d145fb6>] dst_link_failure include/net/dst.h:490 [inline] [<000000006d145fb6>] vti6_xmit net/ipv6/ip6_vti.c:522 [inline] [<000000006d145fb6>] vti6_tnl_xmit+0xb08/0x17f0 net/ipv6/ip6_vti.c:561 [<0000000035c77bb9>] __netdev_start_xmit include/linux/netdevice.h:4072 [inline] [<0000000035c77bb9>] netdev_start_xmit include/linux/netdevice.h:4081 [inline] [<0000000035c77bb9>] xmit_one net/core/dev.c:2977 [inline] [<0000000035c77bb9>] dev_hard_start_xmit+0x195/0x8b0 net/core/dev.c:2993 [<00000000680c8fe7>] __dev_queue_xmit+0x11a3/0x1bd0 net/core/dev.c:3473 [<000000008a183805>] dev_queue_xmit+0x18/0x20 net/core/dev.c:3506 [<0000000091e93759>] neigh_direct_output+0x16/0x20 net/core/neighbour.c:1368 [<00000000c8539760>] dst_neigh_output include/net/dst.h:470 [inline] [<00000000c8539760>] ip_finish_output2+0x6a2/0x1280 net/ipv4/ip_output.c:225 [<000000008353ae90>] ip_finish_output+0x3c4/0xce0 net/ipv4/ip_output.c:313 [<0000000081e98d45>] NF_HOOK_COND include/linux/netfilter.h:246 [inline] [<0000000081e98d45>] ip_output+0x1ec/0x5b0 net/ipv4/ip_output.c:401 [<00000000cd02c756>] dst_output include/net/dst.h:507 [inline] [<00000000cd02c756>] NF_HOOK_THRESH include/linux/netfilter.h:232 [inline] [<00000000cd02c756>] NF_HOOK include/linux/netfilter.h:255 [inline] [<00000000cd02c756>] raw_send_hdrinc net/ipv4/raw.c:421 [inline] [<00000000cd02c756>] raw_sendmsg+0x1c5c/0x23e0 net/ipv4/raw.c:643 [<000000005a222c79>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:766 [<000000008b8634fb>] sock_sendmsg_nosec net/socket.c:649 [inline] [<000000008b8634fb>] sock_sendmsg+0xbe/0x110 net/socket.c:659 [<000000009b17a2c3>] sock_write_iter+0x235/0x3d0 net/socket.c:857 [<000000007d96ccad>] new_sync_write fs/read_write.c:498 [inline] [<000000007d96ccad>] __vfs_write+0x3c1/0x560 fs/read_write.c:511 [<000000008e9a90e8>] vfs_write+0x185/0x520 fs/read_write.c:559 [<00000000f5565d76>] SYSC_write fs/read_write.c:607 [inline] [<00000000f5565d76>] SyS_write+0x121/0x270 fs/read_write.c:599 [<0000000006e42983>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000ceb6d971>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. FAT-fs (loop2): Unrecognized mount option "dmask}00000000000000000000002" or missing value audit_printk_skb: 39 callbacks suppressed audit: type=1400 audit(1575194413.332:145): avc: denied { create } for pid=18527 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575194413.362:146): avc: denied { create } for pid=18533 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575194413.472:147): avc: denied { prog_load } for pid=18541 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=0 audit: type=1400 audit(1575194413.472:148): avc: denied { create } for pid=18533 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575194413.522:149): avc: denied { prog_load } for pid=18541 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=0 audit: type=1400 audit(1575194413.572:150): avc: denied { associate } for pid=18546 comm="syz-executor.1" name="/" dev="sysfs" ino=1 scontext=system_u:object_r:locale_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=filesystem permissive=0 FAT-fs (loop2): Unrecognized mount option "dmask}00000000000000000000002" or missing value audit: type=1400 audit(1575194413.632:151): avc: denied { create } for pid=18564 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575194413.692:152): avc: denied { create } for pid=18569 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575194413.962:153): avc: denied { create } for pid=18606 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575194413.972:154): avc: denied { create } for pid=18614 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 FAT-fs (loop2): bogus number of reserved sectors FAT-fs (loop2): Can't find a valid FAT filesystem FAT-fs (loop2): bogus number of reserved sectors FAT-fs (loop2): Can't find a valid FAT filesystem FAT-fs (loop2): Unrecognized mount option "time_offset=-;GE`$g;n$" or missing value FAT-fs (loop2): Unrecognized mount option "time_offset=-;GE`$g;n$" or missing value FAT-fs (loop2): bogus number of reserved sectors FAT-fs (loop2): Can't find a valid FAT filesystem FAT-fs (loop2): bogus number of reserved sectors FAT-fs (loop2): Can't find a valid FAT filesystem FAT-fs (loop2): bogus number of reserved sectors FAT-fs (loop2): Can't find a valid FAT filesystem FAT-fs (loop2): bogus number of reserved sectors FAT-fs (loop2): Can't find a valid FAT filesystem FAT-fs (loop2): bogus number of reserved sectors FAT-fs (loop2): Can't find a valid FAT filesystem FAT-fs (loop2): Unrecognized mount option "dmask=00000000000000D00000002" or missing value FAT-fs (loop2): Unrecognized mount option "dmask=00000000000000D00000002" or missing value A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. FAT-fs (loop2): Unrecognized mount option "timX_offset=-" or missing value FAT-fs (loop2): Unrecognized mount option "timX_offset=-" or missing value FAT-fs (loop2): bogus number of reserved sectors FAT-fs (loop2): Can't find a valid FAT filesystem FAT-fs (loop2): Unrecognized mount option "time_offset=-m樾|)H9MuMK}B\N$ܝR Lh7@O" or missing value FAT-fs (loop2): Unrecognized mount option "time_offset=-m樾|)H9MuMK}B\N$ܝR Lh7@O" or missing value FAT-fs (loop2): Unrecognized mount option "dmask=0000000000000000000oeepage=737" or missing value FAT-fs (loop2): Unrecognized mount option "dmask=0000000000000000000oeepage=737" or missing value FAT-fs (loop2): bogus number of reserved sectors FAT-fs (loop2): Can't find a valid FAT filesystem FAT-fs (loop2): bogus number of reserved sectors FAT-fs (loop2): Can't find a valid FAT filesystem FAT-fs (loop2): bogus number of reserved sectors FAT-fs (loop2): Can't find a valid FAT filesystem FAT-fs (loop2): bogus number of reserved sectors FAT-fs (loop2): Can't find a valid FAT filesystem audit_printk_skb: 231 callbacks suppressed audit: type=1400 audit(1575194418.352:232): avc: denied { create } for pid=19322 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575194418.442:233): avc: denied { create } for pid=19340 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575194418.482:234): avc: denied { create } for pid=19347 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575194418.492:235): avc: denied { create } for pid=19353 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575194418.562:236): avc: denied { create } for pid=19362 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 FAT-fs (loop2): Unrecognized mount option "time_" or missing value audit: type=1400 audit(1575194418.612:237): avc: denied { create } for pid=19379 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 FAT-fs (loop2): Unrecognized mount option "time_" or missing value audit: type=1400 audit(1575194418.802:238): avc: denied { create } for pid=19394 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575194418.802:239): avc: denied { create } for pid=19392 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575194418.842:240): avc: denied { create } for pid=19391 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1575194418.952:241): avc: denied { create } for pid=19415 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 FAT-fs (loop2): bogus number of reserved sectors FAT-fs (loop2): Can't find a valid FAT filesystem