=============================
WARNING: suspicious RCU usage
4.14.0-rc6+ #151 Not tainted
-----------------------------
./include/linux/inetdevice.h:230 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor5/15708:
#0: (rcu_read_lock){....}, at: [<ffffffff84029440>] inet_rtm_getroute+0xaa0/0x2d70 net/ipv4/route.c:2738
stack backtrace:
CPU: 0 PID: 15708 Comm: syz-executor5 Not tainted 4.14.0-rc6+ #151
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4665
__in_dev_get_rtnl include/linux/inetdevice.h:230 [inline]
fib_dump_info+0x1136/0x13d0 net/ipv4/fib_semantics.c:1377
inet_rtm_getroute+0xf97/0x2d70 net/ipv4/route.c:2785
rtnetlink_rcv_msg+0x51c/0x1090 net/core/rtnetlink.c:4240
netlink_rcv_skb+0x216/0x440 net/netlink/af_netlink.c:2409
rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4264
netlink_unicast_kernel net/netlink/af_netlink.c:1273 [inline]
netlink_unicast+0x4e8/0x6f0 net/netlink/af_netlink.c:1299
netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1862
sock_sendmsg_nosec net/socket.c:633 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:643
sock_write_iter+0x31a/0x5d0 net/socket.c:912
call_write_iter include/linux/fs.h:1770 [inline]
new_sync_write fs/read_write.c:468 [inline]
__vfs_write+0x684/0x970 fs/read_write.c:481
vfs_write+0x189/0x510 fs/read_write.c:543
SYSC_write fs/read_write.c:588 [inline]
SyS_write+0xef/0x220 fs/read_write.c:580
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x452869
RSP: 002b:00007f5e5e829be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452869
RDX: 0000000000000024 RSI: 0000000020226000 RDI: 0000000000000015
RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000
R13: 0000000000a6f7ff R14: 00007f5e5e82a9c0 R15: 0000000000000000
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=65535 sclass=netlink_audit_socket pig=15745 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=30 sclass=netlink_audit_socket pig=15745 comm=syz-executor2
tmpfs: Bad mount option qü]gĀ4ÆG
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=65535 sclass=netlink_audit_socket pig=15745 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=30 sclass=netlink_audit_socket pig=15761 comm=syz-executor2
netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'.
kvm: pic: non byte read
kvm: pic: non byte read
kvm: pic: non byte read
kvm: pic: non byte read
kvm: pic: non byte read
kvm: pic: non byte read
kvm: pic: non byte read
kvm: pic: non byte read
kvm: pic: non byte read
kvm: pic: non byte read
netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'.
tmpfs: Bad mount option qü]gĀ4ÆG
rpcbind: RPC call returned error 22
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
rpcbind: RPC call returned error 22
rpcbind: RPC call returned error 22
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
device lo left promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
device gre0 entered promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
dccp_invalid_packet: pskb_may_pull failed
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
QAT: Invalid ioctl
device lo entered promiscuous mode
QAT: Invalid ioctl
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
QAT: Invalid ioctl
QAT: Invalid ioctl
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
dccp_invalid_packet: pskb_may_pull failed
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
nla_parse: 12 callbacks suppressed
netlink: 21 bytes leftover after parsing attributes in process `syz-executor3'.
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'.
device lo left promiscuous mode
netlink: 21 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 13 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 13 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'.
device gre0 entered promiscuous mode
netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'.
IPv6: Can't replace route, no match found
IPv6: Can't replace route, no match found
FAULT_FLAG_ALLOW_RETRY missing 31
CPU: 1 PID: 16554 Comm: syz-executor0 Not tainted 4.14.0-rc6+ #151
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
handle_userfault+0x11ec/0x23a0 fs/userfaultfd.c:427
do_anonymous_page mm/memory.c:3135 [inline]
handle_pte_fault mm/memory.c:3908 [inline]
__handle_mm_fault+0x3823/0x39c0 mm/memory.c:4034
handle_mm_fault+0x334/0x8d0 mm/memory.c:4071
__do_page_fault+0x5bd/0xd60 arch/x86/mm/fault.c:1444
do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1520
page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1066
RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 arch/x86/lib/copy_user_64.S:66
RSP: 0018:ffff8801d804fe38 EFLAGS: 00010202
RAX: ffffed003b009fd5 RBX: 0000000000000008 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffff8801d804fea0 RDI: 0000000020002000
RBP: ffff8801d804fe68 R08: 0000001f0000001e R09: ffffed003b009fd5
R10: 0000000000000001 R11: ffffed003b009fd4 R12: 0000000020002000
R13: ffff8801d804fea0 R14: 00007ffffffff000 R15: 0000000020002008
copy_to_user include/linux/uaccess.h:154 [inline]
SYSC_pipe2 fs/pipe.c:846 [inline]
SyS_pipe2 fs/pipe.c:838 [inline]
SYSC_pipe fs/pipe.c:862 [inline]
SyS_pipe+0xfd/0x2e0 fs/pipe.c:860
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x452869
RSP: 002b:00007f433a768be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000016
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452869
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020002000
RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f6e78
R13: 00000000ffffffff R14: 00007f433a7696d4 R15: 0000000000000000
device syz7 left promiscuous mode
dccp_v6_rcv: dropped packet with invalid checksum
dccp_v6_rcv: dropped packet with invalid checksum
audit: type=1326 audit(1509237309.645:4011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=16799 comm="syz-executor4" exe="/root/syz-executor4" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0x0
audit: type=1326 audit(1509237309.775:4012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=16799 comm="syz-executor4" exe="/root/syz-executor4" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0x0
irq bypass consumer (token ffff8801d146a780) registration fails: -16
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51847 sclass=netlink_route_socket pig=16898 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51847 sclass=netlink_route_socket pig=16898 comm=syz-executor1
sctp: [Deprecated]: syz-executor6 (pid 16893) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead
sctp: [Deprecated]: syz-executor6 (pid 16929) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead
audit: type=1326 audit(1509237310.752:4013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=17054 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0x7ffc0000
audit: type=1326 audit(1509237310.752:4014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=17054 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0x7ffc0000
audit: type=1326 audit(1509237310.753:4015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=17054 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=41 compat=0 ip=0x452869 code=0x7ffc0000
audit: type=1326 audit(1509237310.753:4016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=17054 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0x7ffc0000
audit: type=1326 audit(1509237310.753:4017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=17054 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0x7ffc0000
audit: type=1326 audit(1509237310.755:4018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=17054 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=55 compat=0 ip=0x452869 code=0x7ffc0000
audit: type=1326 audit(1509237310.756:4019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=17054 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0x7ffc0000
device gre0 entered promiscuous mode
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
device gre0 entered promiscuous mode
nla_parse: 9 callbacks suppressed
netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'.
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl