xt_LED: No 'id' parameter given. dccp_invalid_packet: pskb_may_pull failed ===================================== WARNING: bad unlock balance detected! 4.16.0-rc2+ #323 Not tainted ------------------------------------- syz-executor2/5885 is trying to release lock (rcu_read_lock_bh) at: [] rcu_read_unlock_bh include/linux/rcupdate.h:722 [inline] [] hashlimit_mt_common.isra.10+0x1beb/0x2610 net/netfilter/xt_hashlimit.c:777 but there are no more locks to release! other info that might help us debug this: 1 lock held by syz-executor2/5885: #0: (rcu_read_lock){....}, at: [<00000000c5989092>] nf_hook include/linux/netfilter.h:206 [inline] #0: (rcu_read_lock){....}, at: [<00000000c5989092>] __ip6_local_out+0x2f1/0xaa0 net/ipv6/output_core.c:164 stack backtrace: CPU: 0 PID: 5885 Comm: syz-executor2 Not tainted 4.16.0-rc2+ #323 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_unlock_imbalance_bug+0x12f/0x140 kernel/locking/lockdep.c:3484 __lock_release kernel/locking/lockdep.c:3691 [inline] lock_release+0x6fe/0xa40 kernel/locking/lockdep.c:3939 rcu_lock_release include/linux/rcupdate.h:249 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:724 [inline] hashlimit_mt_common.isra.10+0x1c08/0x2610 net/netfilter/xt_hashlimit.c:777 hashlimit_mt+0x78/0x90 net/netfilter/xt_hashlimit.c:846 ip6t_do_table+0x98d/0x1a30 net/ipv6/netfilter/ip6_tables.c:319 ip6table_raw_hook+0x65/0x80 net/ipv6/netfilter/ip6table_raw.c:42 nf_hook_entry_hookfn include/linux/netfilter.h:120 [inline] nf_hook_slow+0xba/0x1a0 net/netfilter/core.c:483 nf_hook include/linux/netfilter.h:243 [inline] __ip6_local_out+0x517/0xaa0 net/ipv6/output_core.c:164 ip6_local_out+0x2d/0x160 net/ipv6/output_core.c:174 ip6_send_skb+0xa1/0x330 net/ipv6/ip6_output.c:1677 udp_v6_send_skb+0x5ee/0xf70 net/ipv6/udp.c:1044 udpv6_sendmsg+0x2835/0x3400 net/ipv6/udp.c:1316 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:764 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x453da9 RSP: 002b:00007f19a6859c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f19a685a6d4 RCX: 0000000000453da9 RDX: 00000000000001df RSI: 0000000020867000 RDI: 0000000000000014 RBP: 000000000072bea0 R08: 000000002064afe4 R09: 000000000000001c R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004ba R14: 00000000006f7210 R15: 0000000000000000 device eql entered promiscuous mode Cannot find set identified by id 7 to match Cannot find set identified by id 7 to match QAT: Invalid ioctl syz-executor0 uses obsolete (PF_INET,SOCK_PACKET) device eql entered promiscuous mode bridge0: port 1(gretap0) entered blocking state bridge0: port 1(gretap0) entered disabled state device gretap0 entered promiscuous mode bridge0: port 1(gretap0) entered blocking state bridge0: port 1(gretap0) entered forwarding state binder: 6331 RLIMIT_NICE not set binder: 6326:6331 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 6331 RLIMIT_NICE not set IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready binder: 6347 RLIMIT_NICE not set binder: 6326:6349 BC_DEAD_BINDER_DONE 0000000000000003 not found kauditd_printk_skb: 45 callbacks suppressed audit: type=1400 audit(1519229624.077:67): avc: denied { create } for pid=6392 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1519229624.082:68): avc: denied { write } for pid=6392 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1519229624.084:69): avc: denied { setopt } for pid=6392 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1519229624.193:70): avc: denied { bind } for pid=6414 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 xt_SECMARK: invalid mode: 0 xt_SECMARK: invalid mode: 0 *** Guest State *** CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000f80 RIP = 0x0000000000008000 RFLAGS=0x00000002 DR7 = 0xffff9002002444c7 Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810 CS: sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000 DS: sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000 SS: sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000 ES: sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000 FS: sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x00000000, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000008 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811cd915 RSP = 0xffff8801ad9e73b8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f91eaf64700 GSBase=ffff8801db500000 TRBase=fffffe0000034000 GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 CR0=0000000080050033 CR3=00000001b5bff001 CR4=00000000001626e0 Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff85a01e70 EFER = 0x0000000000000d01 PAT = 0x0000000000000000 *** Control State *** PinBased=0000003f CPUBased=b599edfa SecondaryExec=000000ca EntryControls=0000d1ff ExitControls=0023efff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffe35879bd69 EPT pointer = 0x00000001c738b01e tc_ctl_action: received NO action attribs tc_ctl_action: received NO action attribs audit: type=1400 audit(1519229624.597:71): avc: denied { ipc_owner } for pid=6478 comm="syz-executor2" capability=15 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1519229624.962:72): avc: denied { write } for pid=6601 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1519229624.997:73): avc: denied { map } for pid=6627 comm="syz-executor2" path="/dev/binder0" dev="devtmpfs" ino=1158 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 audit: type=1400 audit(1519229624.998:74): avc: denied { call } for pid=6627 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: send failed reply for transaction 9 to 6627:6629 binder: send failed reply for transaction 11 to 6627:6629 binder: undelivered TRANSACTION_ERROR: 29189 xt_CT: You must specify a L4 protocol, and not use inversions on it. xt_CT: No such helper "pptp" xt_CT: You must specify a L4 protocol, and not use inversions on it. xt_CT: No such helper "pptp" audit: type=1400 audit(1519229625.257:75): avc: denied { prog_run } for pid=6697 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1519229625.359:76): avc: denied { create } for pid=6724 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 IPVS: ftp: loaded support on port[0] = 21 IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready mmap: syz-executor4 (6945) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. ip6t_srh: unknown srh match flags FFFF ip6t_srh: unknown srh match flags FFFF netlink: 'syz-executor6': attribute type 1 has an invalid length. netlink: 'syz-executor6': attribute type 1 has an invalid length. device eql entered promiscuous mode do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7283 comm=syz-executor6 binder: release 7275:7284 transaction 13 out, still active binder: unexpected work type, 4, not freed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7283 comm=syz-executor6 binder: undelivered TRANSACTION_COMPLETE SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7283 comm=syz-executor6 binder: BINDER_SET_CONTEXT_MGR already set SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7283 comm=syz-executor6 binder: 7275:7294 ioctl 40046207 0 returned -16 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7283 comm=syz-executor6 binder_alloc: 7275: binder_alloc_buf, no vma SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7283 comm=syz-executor6 binder: 7275:7284 transaction failed 29189/-3, size 40-8 line 2957 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7283 comm=syz-executor6 binder: undelivered TRANSACTION_ERROR: 29189 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7283 comm=syz-executor6 binder: send failed reply for transaction 13, target dead SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7283 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7283 comm=syz-executor6 xt_connbytes: Forcing CT accounting to be enabled Cannot find add_set index 0 as target QAT: Invalid ioctl QAT: Invalid ioctl RDS: rds_bind could not find a transport for 0.0.0.1, load rds_tcp or rds_rdma? RDS: rds_bind could not find a transport for 0.0.0.1, load rds_tcp or rds_rdma? QAT: Invalid ioctl QAT: Invalid ioctl device eql entered promiscuous mode dccp_xmit_packet: Payload too large (65423) for featneg. dccp_close: ABORT with 65423 bytes unread QAT: Invalid ioctl netlink: 'syz-executor4': attribute type 1 has an invalid length. netlink: 'syz-executor4': attribute type 1 has an invalid length. QAT: Invalid ioctl syz-executor2 (8066) used greatest stack depth: 16400 bytes left kauditd_printk_skb: 14 callbacks suppressed audit: type=1400 audit(1519229629.386:91): avc: denied { bind } for pid=8111 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 audit: type=1400 audit(1519229629.516:92): avc: denied { bind } for pid=8150 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1519229629.528:93): avc: denied { map } for pid=8153 comm="syz-executor7" path="socket:[22320]" dev="sockfs" ino=22320 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=rawip_socket permissive=1 PPPIOCDETACH file->f_count=2 audit: type=1400 audit(1519229629.568:94): avc: denied { getopt } for pid=8150 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 PPPIOCDETACH file->f_count=2 rfkill: input handler disabled audit: type=1326 audit(1519229629.633:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8189 comm="syz-executor2" exe="/root/syz-executor2" sig=9 arch=c000003e syscall=202 compat=0 ip=0x453da9 code=0x0 rfkill: input handler enabled audit: type=1326 audit(1519229629.699:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8189 comm="syz-executor2" exe="/root/syz-executor2" sig=9 arch=c000003e syscall=202 compat=0 ip=0x453da9 code=0x0 audit: type=1400 audit(1519229629.764:97): avc: denied { setopt } for pid=8226 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1519229629.799:98): avc: denied { ioctl } for pid=8226 comm="syz-executor5" path="socket:[22709]" dev="sockfs" ino=22709 ioctlcmd=0x8980 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 binder: 8251:8253 got reply transaction with no transaction stack binder: 8251:8253 transaction failed 29201/-71, size 0-16 line 2757 binder: undelivered TRANSACTION_ERROR: 29201 x_tables: ip_tables: MASQUERADE target: used from hooks PREROUTING, but only usable from POSTROUTING x_tables: ip_tables: MASQUERADE target: used from hooks PREROUTING, but only usable from POSTROUTING SELinux: Invalid class 85 mmap: syz-executor0 (8428): VmData 18468864 exceed data ulimit 1. Update limits or use boot option ignore_rlimit_data. TCP: request_sock_TCPv6: Possible SYN flooding on port 20010. Sending cookies. Check SNMP counters. QAT: Invalid ioctl QAT: Invalid ioctl kvm [8501]: vcpu0, guest rIP: 0xfff0 ignored wrmsr: 0x11e data 0x0 kvm [8501]: vcpu0, guest rIP: 0xfff0 ignored wrmsr: 0x11e data 0x0 xt_connbytes: Forcing CT accounting to be enabled device eql entered promiscuous mode xt_TPROXY: Can be used only in combination with either -p tcp or -p udp xt_TPROXY: Can be used only in combination with either -p tcp or -p udp IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 audit: type=1400 audit(1519229631.436:99): avc: denied { ipc_lock } for pid=8784 comm="syz-executor5" capability=14 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 IPv4: Oversized IP packet from 127.0.0.1 QAT: Invalid ioctl IPv4: Oversized IP packet from 127.0.0.1