=============================== [ INFO: suspicious RCU usage. ] 4.9.205-syzkaller #0 Not tainted ------------------------------- include/linux/inetdevice.h:205 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 4 locks held by syz-executor.1/10024: #0: (rcu_read_lock_bh){......}, at: [<00000000515b887a>] ip_finish_output2+0x20b/0x1280 net/ipv4/ip_output.c:198 #1: (rcu_read_lock_bh){......}, at: [<00000000a1d81057>] __dev_queue_xmit+0x1d4/0x1bd0 net/core/dev.c:3407 #2: (_xmit_TUNNEL6#2){+.-...}, at: [<00000000e696558f>] spin_lock include/linux/spinlock.h:302 [inline] #2: (_xmit_TUNNEL6#2){+.-...}, at: [<00000000e696558f>] __netif_tx_lock include/linux/netdevice.h:3573 [inline] #2: (_xmit_TUNNEL6#2){+.-...}, at: [<00000000e696558f>] __dev_queue_xmit+0x1116/0x1bd0 net/core/dev.c:3469 #3: (slock-AF_INET){+.-...}, at: [<000000003313e9aa>] spin_trylock include/linux/spinlock.h:312 [inline] #3: (slock-AF_INET){+.-...}, at: [<000000003313e9aa>] icmp_xmit_lock net/ipv4/icmp.c:220 [inline] #3: (slock-AF_INET){+.-...}, at: [<000000003313e9aa>] __icmp_send+0x48b/0x1420 net/ipv4/icmp.c:656 stack backtrace: CPU: 1 PID: 10024 Comm: syz-executor.1 Not tainted 4.9.205-syzkaller #0 ffff8801d6886dd8 ffffffff81b55e6b ffff8801c5878780 0000000000000000 0000000000000002 00000000000000cd ffff8801a147af80 ffff8801d6886e08 ffffffff81406997 ffff8801c58787d8 ffff8801d6886f28 ffff8801a1ac5500 Call Trace: [<0000000052fc3ecd>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000052fc3ecd>] dump_stack+0xcb/0x130 lib/dump_stack.c:56 [<000000008f4f7cc9>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4458 [<00000000f952c3ae>] __in_dev_get_rcu include/linux/inetdevice.h:205 [inline] [<00000000f952c3ae>] fib_compute_spec_dst+0x6c4/0xcc0 net/ipv4/fib_frontend.c:284 [<00000000007fb9ce>] __ip_options_echo+0x4be/0x13e0 net/ipv4/ip_options.c:177 [<0000000024da6e5c>] __icmp_send+0x648/0x1420 net/ipv4/icmp.c:685 [<00000000aae25e28>] ipv4_send_dest_unreach net/ipv4/route.c:1203 [inline] [<00000000aae25e28>] ipv4_link_failure+0x460/0x850 net/ipv4/route.c:1210 audit_printk_skb: 57 callbacks suppressed audit: type=1400 audit(1575363503.398:700): avc: denied { create } for pid=10026 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575363503.408:701): avc: denied { write } for pid=10026 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 device lo entered promiscuous mode [<00000000743712ce>] dst_link_failure include/net/dst.h:490 [inline] [<00000000743712ce>] vti6_xmit net/ipv6/ip6_vti.c:522 [inline] [<00000000743712ce>] vti6_tnl_xmit+0xb08/0x17f0 net/ipv6/ip6_vti.c:561 [<000000004130c255>] __netdev_start_xmit include/linux/netdevice.h:4072 [inline] [<000000004130c255>] netdev_start_xmit include/linux/netdevice.h:4081 [inline] [<000000004130c255>] xmit_one net/core/dev.c:2977 [inline] [<000000004130c255>] dev_hard_start_xmit+0x195/0x8b0 net/core/dev.c:2993 [<000000005ef63d3c>] __dev_queue_xmit+0x11a3/0x1bd0 net/core/dev.c:3473 [<0000000007ced43c>] dev_queue_xmit+0x18/0x20 net/core/dev.c:3506 [<00000000094a8af7>] neigh_direct_output+0x16/0x20 net/core/neighbour.c:1368 [<00000000ea23bd62>] dst_neigh_output include/net/dst.h:470 [inline] [<00000000ea23bd62>] ip_finish_output2+0x6a2/0x1280 net/ipv4/ip_output.c:225 [<00000000076ff14b>] ip_finish_output+0x3c4/0xce0 net/ipv4/ip_output.c:313 [<00000000af3c6323>] NF_HOOK_COND include/linux/netfilter.h:246 [inline] [<00000000af3c6323>] ip_output+0x1ec/0x5b0 net/ipv4/ip_output.c:401 [<00000000fd7af6e6>] dst_output include/net/dst.h:507 [inline] [<00000000fd7af6e6>] NF_HOOK_THRESH include/linux/netfilter.h:232 [inline] [<00000000fd7af6e6>] NF_HOOK include/linux/netfilter.h:255 [inline] [<00000000fd7af6e6>] raw_send_hdrinc net/ipv4/raw.c:421 [inline] [<00000000fd7af6e6>] raw_sendmsg+0x1c5c/0x23e0 net/ipv4/raw.c:643 [<00000000e9c430b9>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:766 [<0000000063ff9bb0>] sock_sendmsg_nosec net/socket.c:649 [inline] [<0000000063ff9bb0>] sock_sendmsg+0xbe/0x110 net/socket.c:659 [<00000000abe6a1e2>] sock_write_iter+0x235/0x3d0 net/socket.c:857 [<00000000b067747b>] new_sync_write fs/read_write.c:498 [inline] [<00000000b067747b>] __vfs_write+0x3c1/0x560 fs/read_write.c:511 audit: type=1400 audit(1575363503.788:702): avc: denied { read } for pid=10026 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [<0000000042e19c6e>] vfs_write+0x185/0x520 fs/read_write.c:559 [<00000000d35aa7ef>] SYSC_write fs/read_write.c:607 [inline] [<00000000d35aa7ef>] SyS_write+0x121/0x270 fs/read_write.c:599 [<000000005b23156c>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000d7602388>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb device lo left promiscuous mode device lo left promiscuous mode audit: type=1400 audit(1575363504.068:703): avc: denied { create } for pid=10038 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575363504.158:704): avc: denied { write } for pid=10038 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575363504.448:705): avc: denied { read } for pid=10038 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575363504.458:706): avc: denied { create } for pid=10049 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575363504.468:707): avc: denied { write } for pid=10049 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575363504.498:708): avc: denied { create } for pid=10054 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575363504.518:709): avc: denied { write } for pid=10054 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode audit_printk_skb: 87 callbacks suppressed audit: type=1400 audit(1575363511.158:739): avc: denied { create } for pid=10375 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575363511.188:740): avc: denied { write } for pid=10375 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575363511.248:741): avc: denied { read } for pid=10375 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 device lo entered promiscuous mode device lo left promiscuous mode audit: type=1400 audit(1575363511.558:742): avc: denied { create } for pid=10381 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 device lo entered promiscuous mode audit: type=1400 audit(1575363511.688:743): avc: denied { create } for pid=10382 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575363511.698:744): avc: denied { write } for pid=10382 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575363511.718:745): avc: denied { create } for pid=10380 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575363511.728:746): avc: denied { write } for pid=10380 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575363511.738:747): avc: denied { create } for pid=10383 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575363511.748:748): avc: denied { write } for pid=10383 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode