R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 ============================= WARNING: suspicious RCU usage 4.15.0-rc2+ #116 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor4/13882: #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000c01c23fc>] lock_sock include/net/sock.h:1465 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000c01c23fc>] inet_csk_wait_for_connect net/ipv4/inet_connection_sock.c:409 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000c01c23fc>] inet_csk_accept+0x4f0/0xd70 net/ipv4/inet_connection_sock.c:456 stack backtrace: CPU: 1 PID: 13882 Comm: syz-executor4 Not tainted 4.15.0-rc2+ #116 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4675 ireq_opt_deref include/net/inet_sock.h:135 [inline] inet_csk_route_req+0x82a/0xca0 net/ipv4/inet_connection_sock.c:544 dccp_v4_send_response+0xa7/0x640 net/dccp/ipv4.c:485 dccp_v4_conn_request+0x9f4/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1350 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xeb/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x81a/0x9b0 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:911 [inline] __release_sock+0x124/0x360 net/core/sock.c:2264 release_sock+0xa4/0x2a0 net/core/sock.c:2779 inet_csk_accept+0x99c/0xd70 net/ipv4/inet_connection_sock.c:480 inet_accept+0x12c/0x930 net/ipv4/af_inet.c:698 SYSC_accept4+0x384/0x850 net/socket.c:1573 SyS_accept4+0x2c/0x40 net/socket.c:1523 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 RIP: 0023:0xf7f6ac79 RSP: 002b:00000000f776608c EFLAGS: 00000296 ORIG_RAX: 000000000000016c RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 0000000020000000 RDX: 0000000020691ffc RSI: 0000000000080800 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 ============================= WARNING: suspicious RCU usage 4.15.0-rc2+ #116 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor4/13882: #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000c01c23fc>] lock_sock include/net/sock.h:1465 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000c01c23fc>] inet_csk_wait_for_connect net/ipv4/inet_connection_sock.c:409 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000c01c23fc>] inet_csk_accept+0x4f0/0xd70 net/ipv4/inet_connection_sock.c:456 stack backtrace: lo_write_bvec: 42 callbacks suppressed loop: Write error at byte offset 0, length 512. print_req_error: 42 callbacks suppressed print_req_error: I/O error, dev loop0, sector 0 buffer_io_error: 42 callbacks suppressed Buffer I/O error on dev loop0, logical block 0, lost async page write CPU: 1 PID: 13882 Comm: syz-executor4 Not tainted 4.15.0-rc2+ #116 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4675 ireq_opt_deref include/net/inet_sock.h:135 [inline] dccp_v4_send_response+0x4b0/0x640 net/dccp/ipv4.c:496 dccp_v4_conn_request+0x9f4/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1350 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xeb/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x81a/0x9b0 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:911 [inline] __release_sock+0x124/0x360 net/core/sock.c:2264 release_sock+0xa4/0x2a0 net/core/sock.c:2779 inet_csk_accept+0x99c/0xd70 net/ipv4/inet_connection_sock.c:480 inet_accept+0x12c/0x930 net/ipv4/af_inet.c:698 SYSC_accept4+0x384/0x850 net/socket.c:1573 SyS_accept4+0x2c/0x40 net/socket.c:1523 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 RIP: 0023:0xf7f6ac79 RSP: 002b:00000000f776608c EFLAGS: 00000296 ORIG_RAX: 000000000000016c RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 0000000020000000 RDX: 0000000020691ffc RSI: 0000000000080800 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write QAT: Invalid ioctl loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write device lo entered promiscuous mode sg_write: data in/out 327644/118 bytes for SCSI command 0xec-- guessing data in; program syz-executor6 not setting count and/or reply_len properly sg_write: data in/out 327644/118 bytes for SCSI command 0xec-- guessing data in; program syz-executor6 not setting count and/or reply_len properly binder: BINDER_SET_CONTEXT_MGR already set binder: 14708:14725 ioctl 40046207 0 returned -16 binder_alloc: 14708: binder_alloc_buf, no vma binder: 14708:14731 transaction failed 29189/-3, size 0-0 line 2870 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 14708:14710 transaction 540 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 540, target dead netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 14920 Comm: syz-executor4 Not tainted 4.15.0-rc2+ #116 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3371 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3545 sock_alloc_inode+0x70/0x300 net/socket.c:250 alloc_inode+0x65/0x180 fs/inode.c:208 new_inode_pseudo+0x69/0x190 fs/inode.c:890 sock_alloc+0x41/0x270 net/socket.c:565 SYSC_accept4+0x112/0x850 net/socket.c:1542 SyS_accept4+0x2c/0x40 net/socket.c:1523 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 RIP: 0023:0xf7f6ac79 RSP: 002b:00000000f776608c EFLAGS: 00000296 ORIG_RAX: 000000000000016c RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 0000000020000000 RDX: 0000000020691ffc RSI: 0000000000080800 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 binder_alloc: 14922: binder_alloc_buf, no vma binder: 14922:14934 transaction failed 29189/-3, size 0-0 line 2870 binder: BINDER_SET_CONTEXT_MGR already set binder: 14922:14934 ioctl 40046207 0 returned -16 binder_alloc: 14922: binder_alloc_buf, no vma binder: 14922:14934 transaction failed 29189/-3, size 0-0 line 2870 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 lo_write_bvec: 97 callbacks suppressed loop: Write error at byte offset 0, length 512. print_req_error: 97 callbacks suppressed print_req_error: I/O error, dev loop0, sector 0 buffer_io_error: 97 callbacks suppressed Buffer I/O error on dev loop0, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write QAT: Invalid ioctl QAT: Invalid ioctl CPU: 1 PID: 14950 Comm: syz-executor4 Not tainted 4.15.0-rc2+ #116 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3371 [inline] kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3611 kmalloc include/linux/slab.h:499 [inline] sock_alloc_inode+0xb4/0x300 net/socket.c:253 alloc_inode+0x65/0x180 fs/inode.c:208 new_inode_pseudo+0x69/0x190 fs/inode.c:890 sock_alloc+0x41/0x270 net/socket.c:565 SYSC_accept4+0x112/0x850 net/socket.c:1542 SyS_accept4+0x2c/0x40 net/socket.c:1523 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 RIP: 0023:0xf7f6ac79 RSP: 002b:00000000f776608c EFLAGS: 00000296 ORIG_RAX: 000000000000016c RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 0000000020000000 RDX: 0000000020691ffc RSI: 0000000000080800 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 loop: Write error at byte offset 0, length 512. print_req_error: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write audit: type=1326 audit(1512381157.774:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=15190 comm="syz-executor2" exe="/root/syz-executor2" sig=9 arch=40000003 syscall=240 compat=1 ip=0xf7f13c79 code=0x0 audit: type=1326 audit(1512381157.902:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=15190 comm="syz-executor2" exe="/root/syz-executor2" sig=9 arch=40000003 syscall=240 compat=1 ip=0xf7f13c79 code=0x0 QAT: Invalid ioctl binder: 15289:15293 ioctl c018620b 20000fe8 returned -14 binder: 15289:15293 ioctl c018620b 202dd000 returned -14 binder: 15289:15293 unknown command -786563880 binder: 15289:15293 ioctl c0306201 20008fd0 returned -22 binder: 15289:15293 got reply transaction with bad transaction stack, transaction 546 has target 15289:0 binder: 15289:15293 transaction failed 29201/-71, size 0-0 line 2685 QAT: Invalid ioctl binder: 15289:15335 ioctl c018620b 20000fe8 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 15289:15327 ioctl 40046207 0 returned -16 binder: 15289:15327 unknown command -786563880 binder: 15289:15327 ioctl c0306201 20008fd0 returned -22 binder_alloc: 15289: binder_alloc_buf, no vma binder: 15289:15335 transaction failed 29189/-3, size 0-0 line 2870 binder: 15289:15346 got reply transaction with no transaction stack binder: 15289:15346 transaction failed 29201/-71, size 0-0 line 2670 binder: release 15289:15293 transaction 546 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 546, target dead binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 QAT: Invalid ioctl QAT: Invalid ioctl sg_write: data in/out 893428/16 bytes for SCSI command 0x7b-- guessing data in; program syz-executor7 not setting count and/or reply_len properly QAT: Invalid ioctl QAT: Invalid ioctl device gre0 entered promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 16005 Comm: syz-executor1 Not tainted 4.15.0-rc2+ #116 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3371 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3545 getname_flags+0xcb/0x580 fs/namei.c:138 getname+0x19/0x20 fs/namei.c:209 do_sys_open+0x2e7/0x6d0 fs/open.c:1053 C_SYSC_open fs/open.c:1096 [inline] compat_SyS_open+0x2a/0x40 fs/open.c:1094 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 RIP: 0023:0xf7fcec79 RSP: 002b:00000000f77ca08c EFLAGS: 00000296 ORIG_RAX: 0000000000000005 RAX: ffffffffffffffda RBX: 0000000020782000 RCX: 0000000000040002 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000