===================================== WARNING: bad unlock balance detected! 4.16.0-rc2+ #323 Not tainted xt_helper: cannot load conntrack support for proto=7 ------------------------------------- syz-executor6/5460 is trying to release lock (rcu_read_lock_bh) at: [] rcu_read_unlock_bh include/linux/rcupdate.h:722 [inline] [] hashlimit_mt_common.isra.10+0x1beb/0x2610 net/netfilter/xt_hashlimit.c:777 but there are no more locks to release! other info that might help us debug this: 3 locks held by syz-executor6/5460: #0: (sk_lock-AF_INET6){+.+.}, at: [<000000007ee2b64e>] lock_sock include/net/sock.h:1463 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<000000007ee2b64e>] sctp_connect+0x23/0xf0 net/sctp/socket.c:4294 #1: (rcu_read_lock){....}, at: [<00000000d1857602>] read_pnet include/net/net_namespace.h:280 [inline] #1: (rcu_read_lock){....}, at: [<00000000d1857602>] sock_net include/net/sock.h:2305 [inline] #1: (rcu_read_lock){....}, at: [<00000000d1857602>] ip_queue_xmit+0x9e/0x18e0 net/ipv4/ip_output.c:429 #2: (rcu_read_lock){....}, at: [<00000000041f9469>] nf_hook include/linux/netfilter.h:206 [inline] #2: (rcu_read_lock){....}, at: [<00000000041f9469>] __ip_local_out+0x29b/0xa30 net/ipv4/ip_output.c:113 stack backtrace: CPU: 1 PID: 5460 Comm: syz-executor6 Not tainted 4.16.0-rc2+ #323 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_unlock_imbalance_bug+0x12f/0x140 kernel/locking/lockdep.c:3484 __lock_release kernel/locking/lockdep.c:3691 [inline] lock_release+0x6fe/0xa40 kernel/locking/lockdep.c:3939 rcu_lock_release include/linux/rcupdate.h:249 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:724 [inline] hashlimit_mt_common.isra.10+0x1c08/0x2610 net/netfilter/xt_hashlimit.c:777 hashlimit_mt_v2+0x496/0x710 net/netfilter/xt_hashlimit.c:837 ipt_do_table+0xa90/0x1950 net/ipv4/netfilter/ip_tables.c:296 iptable_filter_hook+0x65/0x80 net/ipv4/netfilter/iptable_filter.c:41 nf_hook_entry_hookfn include/linux/netfilter.h:120 [inline] nf_hook_slow+0xba/0x1a0 net/netfilter/core.c:483 nf_hook include/linux/netfilter.h:243 [inline] __ip_local_out+0x4c1/0xa30 net/ipv4/ip_output.c:113 ip_local_out+0x2d/0x160 net/ipv4/ip_output.c:122 ip_queue_xmit+0x8c0/0x18e0 net/ipv4/ip_output.c:504 sctp_v4_xmit+0x108/0x140 net/sctp/protocol.c:992 sctp_packet_transmit+0x225e/0x3750 net/sctp/output.c:638 sctp_outq_flush+0xabb/0x4060 net/sctp/outqueue.c:911 sctp_outq_uncork+0x5a/0x70 net/sctp/outqueue.c:776 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1807 [inline] sctp_side_effects net/sctp/sm_sideeffect.c:1210 [inline] sctp_do_sm+0x4e0/0x6ed0 net/sctp/sm_sideeffect.c:1181 sctp_primitive_ASSOCIATE+0x9d/0xd0 net/sctp/primitive.c:88 __sctp_connect+0x829/0xca0 net/sctp/socket.c:1235 sctp_connect+0xb4/0xf0 net/sctp/socket.c:4307 inet_dgram_connect+0x16b/0x1f0 net/ipv4/af_inet.c:542 SYSC_connect+0x213/0x4a0 net/socket.c:1639 SyS_connect+0x24/0x30 net/socket.c:1620 do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x453da9 RSP: 002b:00007f488694ec68 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 00007f488694f6d4 RCX: 0000000000453da9 RDX: 0000000000000010 RSI: 0000000020003ff0 RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000059 R14: 00000000006f08f8 R15: 0000000000000000 xt_helper: cannot load conntrack support for proto=7 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=40 sclass=netlink_xfrm_socket pig=5493 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=40 sclass=netlink_xfrm_socket pig=5493 comm=syz-executor3 capability: warning: `syz-executor4' uses 32-bit capabilities (legacy support in use) ip6t_rpfilter: match only valid in the 'raw' or 'mangle' tables, not '%aw'. ip6t_rpfilter: match only valid in the 'raw' or 'mangle' tables, not '%aw'. QAT: Invalid ioctl QAT: Invalid ioctl openvswitch: netlink: Message has 8 unknown bytes. syz-executor4 uses obsolete (PF_INET,SOCK_PACKET) openvswitch: netlink: Message has 8 unknown bytes. kvm [5750]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0x187 data 0x1000000 binder: 5765:5771 ioctl 4c82 0 returned -22 syz-executor3 (5773): attempted to duplicate a private mapping with mremap. This is not supported. mmap: syz-executor3 (5773) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. raw_sendmsg: syz-executor6 forgot to set AF_INET. Fix it! binder: send failed reply for transaction 2 to 5765:5771 netlink: 'syz-executor4': attribute type 1 has an invalid length. binder: 5765:5794 ioctl 4c82 0 returned -22 binder_alloc: 5765: binder_alloc_buf, no vma binder: 5765:5771 transaction failed 29189/-3, size 0-0 line 2957 netlink: 'syz-executor4': attribute type 1 has an invalid length. netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. binder: 5836:5842 ioctl c0306201 20008fd0 returned -11 binder: BINDER_SET_CONTEXT_MGR already set binder: 5836:5846 ioctl 40046207 0 returned -16 QAT: Invalid ioctl QAT: Invalid ioctl snd_dummy snd_dummy.0: control 120:0:0:Î:0 is already present IPVS: ftp: loaded support on port[0] = 21 IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready kauditd_printk_skb: 20 callbacks suppressed audit: type=1400 audit(1519220525.811:42): avc: denied { map } for pid=6214 comm="syz-executor7" path="/dev/input/event2" dev="devtmpfs" ino=155 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file permissive=1 audit: type=1400 audit(1519220525.817:43): avc: denied { net_admin } for pid=4213 comm="syz-executor4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1519220525.884:44): avc: denied { map } for pid=6241 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 xt_ecn: cannot match TCP bits in rule for non-tcp packets audit: type=1400 audit(1519220525.884:45): avc: denied { net_admin } for pid=6240 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 xt_ecn: cannot match TCP bits in rule for non-tcp packets audit: type=1400 audit(1519220525.949:47): avc: denied { net_admin } for pid=4214 comm="syz-executor2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1519220525.949:46): avc: denied { net_admin } for pid=6033 comm="syz-executor6" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1519220525.952:48): avc: denied { net_admin } for pid=4214 comm="syz-executor2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1519220525.952:49): avc: denied { net_admin } for pid=4214 comm="syz-executor2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1519220525.976:50): avc: denied { net_admin } for pid=4208 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1519220525.976:51): avc: denied { net_admin } for pid=4208 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 netlink: 'syz-executor5': attribute type 21 has an invalid length. netlink: 'syz-executor5': attribute type 21 has an invalid length. device syz6 entered promiscuous mode device syz6 left promiscuous mode device syz6 entered promiscuous mode device syz6 left promiscuous mode binder: 6610:6612 ioctl c0306201 20008fd0 returned -11 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl PF_BRIDGE: br_mdb_parse() with unknown ifindex xt_connbytes: Forcing CT accounting to be enabled PF_BRIDGE: br_mdb_parse() with unknown ifindex NFQUEUE: number of total queues is 0 NFQUEUE: number of total queues is 0 Cannot find add_set index 0 as target Cannot find add_set index 0 as target encrypted_key: insufficient parameters specified ipt_CLUSTERIP: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead kauditd_printk_skb: 1582 callbacks suppressed audit: type=1400 audit(1519220530.812:1634): avc: denied { net_admin } for pid=4214 comm="syz-executor2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1519220530.819:1635): avc: denied { map } for pid=7155 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1519220530.819:1636): avc: denied { map } for pid=7155 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1519220530.819:1637): avc: denied { net_admin } for pid=4206 comm="syz-executor7" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1519220530.819:1638): avc: denied { map } for pid=7152 comm="modprobe" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1519220530.819:1639): avc: denied { map } for pid=7156 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1519220530.819:1640): avc: denied { map } for pid=7156 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1519220530.843:1641): avc: denied { net_admin } for pid=7158 comm="syz-executor5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1519220530.865:1642): avc: denied { net_admin } for pid=4213 comm="syz-executor4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1519220530.865:1643): avc: denied { net_admin } for pid=4214 comm="syz-executor2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 xt_connbytes: Forcing CT accounting to be enabled Cannot find add_set index 0 as target Cannot find add_set index 0 as target