============================= WARNING: suspicious RCU usage 4.16.0-rc1+ #224 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor3/13476: #0: (sk_lock-AF_INET6){+.+.}, at: [<000000005cf5471c>] lock_sock include/net/sock.h:1463 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<000000005cf5471c>] sock_setsockopt+0x16b/0x1af0 net/core/sock.c:717 stack backtrace: CPU: 0 PID: 13476 Comm: syz-executor3 Not tainted 4.16.0-rc1+ #224 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 ireq_opt_deref include/net/inet_sock.h:135 [inline] inet_csk_route_req+0x824/0xca0 net/ipv4/inet_connection_sock.c:543 dccp_v4_send_response+0xa7/0x650 net/dccp/ipv4.c:485 dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1410 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x86a/0xa70 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:908 [inline] __release_sock+0x124/0x360 net/core/sock.c:2271 release_sock+0xa4/0x2a0 net/core/sock.c:2786 sock_setsockopt+0x528/0x1af0 net/core/sock.c:1068 compat_sock_setsockopt.constprop.6+0xae/0x3d0 net/compat.c:383 C_SYSC_setsockopt net/compat.c:400 [inline] compat_SyS_setsockopt+0x34a/0x410 net/compat.c:386 do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] do_fast_syscall_32+0x3ec/0xf9f arch/x86/entry/common.c:392 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7feec79 RSP: 002b:00000000f77ea09c EFLAGS: 00000286 ORIG_RAX: 000000000000016e RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000000001 RDX: 000000000000001a RSI: 0000000020ce1ff8 RDI: 0000000000000008 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 ============================= WARNING: suspicious RCU usage 4.16.0-rc1+ #224 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor3/13476: #0: (sk_lock-AF_INET6){+.+.}, at: [<000000005cf5471c>] lock_sock include/net/sock.h:1463 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<000000005cf5471c>] sock_setsockopt+0x16b/0x1af0 net/core/sock.c:717 stack backtrace: CPU: 0 PID: 13476 Comm: syz-executor3 Not tainted 4.16.0-rc1+ #224 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 ireq_opt_deref include/net/inet_sock.h:135 [inline] dccp_v4_send_response+0x4b6/0x650 net/dccp/ipv4.c:496 dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1410 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x86a/0xa70 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:908 [inline] __release_sock+0x124/0x360 net/core/sock.c:2271 release_sock+0xa4/0x2a0 net/core/sock.c:2786 sock_setsockopt+0x528/0x1af0 net/core/sock.c:1068 compat_sock_setsockopt.constprop.6+0xae/0x3d0 net/compat.c:383 C_SYSC_setsockopt net/compat.c:400 [inline] compat_SyS_setsockopt+0x34a/0x410 net/compat.c:386 do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] do_fast_syscall_32+0x3ec/0xf9f arch/x86/entry/common.c:392 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7feec79 RSP: 002b:00000000f77ea09c EFLAGS: 00000286 ORIG_RAX: 000000000000016e RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000000001 RDX: 000000000000001a RSI: 0000000020ce1ff8 RDI: 0000000000000008 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 *** Guest State *** CR0: actual=0xffffffff9ffffffc, shadow=0xfffffffffffffffc, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871 CR3 = 0x0000000000000000 PDPTR0 = 0x0000000000000000 PDPTR1 = 0x0000000000000000 PDPTR2 = 0x0000000000000000 PDPTR3 = 0x0000004000000000 RSP = 0x0000000000000000 RIP = 0x0000000000008000 RFLAGS=0x00010002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 GDTR: limit=0x00000000, base=0x0000000000000000 LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 IDTR: limit=0x00000000, base=0x0000000000000000 TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000008 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811cd915 RSP = 0xffff8801cceff3d8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=0000000000000000 GSBase=ffff8801db400000 TRBase=fffffe0000003000 GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 CR0=0000000080050033 CR3=00000001b1ed5005 CR4=00000000001626f0 Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff85a01e70 EFER = 0x0000000000000d01 PAT = 0x0000000000000000 *** Control State *** PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2 EntryControls=0000d1ff ExitControls=0023efff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=80000306 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffccb1053e29 EPT pointer = 0x00000001c75d601e QAT: Invalid ioctl QAT: Invalid ioctl binder: 13696:13705 tried to acquire reference to desc 0, got 1 instead QAT: Invalid ioctl sctp: [Deprecated]: syz-executor4 (pid 13703) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead QAT: Invalid ioctl sctp: [Deprecated]: syz-executor4 (pid 13703) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead encrypted_key: insufficient parameters specified encrypted_key: insufficient parameters specified openvswitch: netlink: Message has 8 unknown bytes. openvswitch: netlink: Message has 8 unknown bytes. SELinux: policydb magic number 0x3fdcbe1b does not match expected magic number 0xf97cff8c SELinux: failed to load policy audit: type=1400 audit(1518721327.884:74): avc: denied { setopt } for pid=13920 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 IPVS: Scheduler module ip_vs_ not found device eql entered promiscuous mode audit: type=1400 audit(1518721328.460:75): avc: denied { create } for pid=14064 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1 audit: type=1400 audit(1518721328.493:76): avc: denied { net_admin } for pid=4235 comm="syz-executor6" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1518721328.525:77): avc: denied { dac_override } for pid=14076 comm="syz-executor5" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1518721328.587:78): avc: denied { net_raw } for pid=14077 comm="syz-executor6" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1518721328.715:79): avc: denied { sys_admin } for pid=14092 comm="syz-executor2" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1518721328.753:80): avc: denied { dac_read_search } for pid=14093 comm="syz-executor1" capability=2 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 binder: 14196:14207 BC_FREE_BUFFER u0000000020000000 matched unreturned buffer binder_alloc: 14196:14207 FREE_BUFFER u0000000020000000 user freed buffer twice binder: 14196:14207 BC_FREE_BUFFER u0000000020000000 no match binder: BINDER_SET_CONTEXT_MGR already set binder_alloc: 14196: binder_alloc_buf, no vma binder: 14196:14229 transaction failed 29189/-3, size 0-0 line 2957 binder: 14196:14216 ioctl 40046207 0 returned -16 binder: 14196:14207 BC_FREE_BUFFER u0000000020000000 no match binder: 14196:14230 BC_FREE_BUFFER u0000000020000000 no match binder: undelivered TRANSACTION_ERROR: 29189 binder: release 14196:14207 transaction 28 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 28, target dead device syz7 entered promiscuous mode device syz7 left promiscuous mode audit: type=1400 audit(1518721329.910:81): avc: denied { ioctl } for pid=14319 comm="syz-executor4" path="socket:[71113]" dev="sockfs" ino=71113 ioctlcmd=0x89a0 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 device syz7 entered promiscuous mode audit: type=1400 audit(1518721330.519:82): avc: denied { prog_run } for pid=14458 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1518721330.797:83): avc: denied { setgid } for pid=14539 comm="syz-executor5" capability=6 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 device syz3 entered promiscuous mode x86/PAT: syz-executor5:15031 map pfn RAM range req write-combining for [mem 0x1cb2c0000-0x1cb2c3fff], got write-back device eql entered promiscuous mode x86/PAT: syz-executor5:15031 map pfn RAM range req write-combining for [mem 0x1cb3a0000-0x1cb3a3fff], got write-back audit: type=1400 audit(1518721333.662:84): avc: denied { dyntransition } for pid=15107 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0,c1 tclass=process permissive=1