============================= WARNING: suspicious RCU usage 4.15.0+ #308 Not tainted ----------------------------- ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor2/5576: #0: (rcu_read_lock){....}, at: [<000000004c7baf8f>] __rds_conn_create+0xe46/0x1b50 net/rds/connection.c:218 stack backtrace: CPU: 1 PID: 5576 Comm: syz-executor2 Not tainted 4.15.0+ #308 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 rcu_preempt_sleep_check include/linux/rcupdate.h:301 [inline] ___might_sleep+0x385/0x470 kernel/sched/core.c:6093 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc_trace+0x299/0x740 mm/slab.c:3605 kmalloc include/linux/slab.h:512 [inline] kzalloc include/linux/slab.h:701 [inline] rds_loop_conn_alloc+0xc8/0x380 net/rds/loop.c:126 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 rds_sendmsg+0xda3/0x2390 net/rds/send.c:1126 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007f6342b20c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f6342b216d4 RCX: 0000000000453a59 RDX: 0000000000000000 RSI: 000000002056a000 RDI: 0000000000000013 RBP: 000000000071bea0 R08: 0000000020dfcff0 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004b9 R14: 00000000006f71f8 R15: 0000000000000000 BUG: sleeping function called from invalid context at mm/slab.h:420 in_atomic(): 1, irqs_disabled(): 0, pid: 5576, name: syz-executor2 TCP: request_sock_TCP: Possible SYN flooding on port 20001. Sending cookies. Check SNMP counters. 1 lock held by syz-executor2/5576: #0: (rcu_read_lock){....}, at: [<000000004c7baf8f>] __rds_conn_create+0xe46/0x1b50 net/rds/connection.c:218 CPU: 1 PID: 5576 Comm: syz-executor2 Not tainted 4.15.0+ #308 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6128 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc_trace+0x299/0x740 mm/slab.c:3605 kmalloc include/linux/slab.h:512 [inline] kzalloc include/linux/slab.h:701 [inline] rds_loop_conn_alloc+0xc8/0x380 net/rds/loop.c:126 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 rds_sendmsg+0xda3/0x2390 net/rds/send.c:1126 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007f6342b20c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f6342b216d4 RCX: 0000000000453a59 RDX: 0000000000000000 RSI: 000000002056a000 RDI: 0000000000000013 RBP: 000000000071bea0 R08: 0000000020dfcff0 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004b9 R14: 00000000006f71f8 R15: 0000000000000000 netlink: 'syz-executor6': attribute type 4 has an invalid length. netlink: 17 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 'syz-executor6': attribute type 4 has an invalid length. netlink: 17 bytes leftover after parsing attributes in process `syz-executor6'. device eql entered promiscuous mode QAT: Invalid ioctl syz-executor4 (5615) used greatest stack depth: 16048 bytes left netlink: 'syz-executor0': attribute type 4 has an invalid length. netlink: 17 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 'syz-executor0': attribute type 4 has an invalid length. netlink: 17 bytes leftover after parsing attributes in process `syz-executor0'. audit: type=1400 audit(1518349674.305:29): avc: denied { prog_run } for pid=5794 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1518349674.306:30): avc: denied { write } for pid=5794 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=socket permissive=1 audit: type=1400 audit(1518349674.400:31): avc: denied { map } for pid=5834 comm="syz-executor0" path=2F6D656D66643A6C6F202864656C6574656429 dev="tmpfs" ino=15902 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 audit: type=1400 audit(1518349674.475:32): avc: denied { map } for pid=5846 comm="syz-executor3" path="/selinux/commit_pending_bools" dev="selinuxfs" ino=11 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=file permissive=1 audit: type=1400 audit(1518349674.502:33): avc: denied { read } for pid=5844 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 capability: warning: `syz-executor2' uses deprecated v2 capabilities in a way that may be insecure FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 1 PID: 6076 Comm: syz-executor6 Tainted: G W 4.15.0+ #308 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3539 ptlock_alloc+0x24/0x70 mm/memory.c:4728 ptlock_init include/linux/mm.h:1796 [inline] pgtable_page_ctor include/linux/mm.h:1830 [inline] pte_alloc_one+0x59/0x100 arch/x86/mm/pgtable.c:32 __pte_alloc+0x2a/0x310 mm/memory.c:654 do_anonymous_page mm/memory.c:3141 [inline] handle_pte_fault mm/memory.c:3977 [inline] __handle_mm_fault+0x2d06/0x3ce0 mm/memory.c:4103 handle_mm_fault+0x35c/0x970 mm/memory.c:4140 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1426 do_page_fault+0xee/0x730 arch/x86/mm/fault.c:1501 page_fault+0x2c/0x60 arch/x86/entry/entry_64.S:1155 RIP: 0010:copy_user_generic_unrolled+0x86/0xc0 arch/x86/lib/copy_user_64.S:65 RSP: 0018:ffff8801bf9f76d0 EFLAGS: 00010206 RAX: ffffed0037f3ef00 RBX: 0000000020001f9e RCX: 0000000000000005 RDX: 0000000000000000 RSI: 0000000020001f9e RDI: ffff8801bf9f77d8 RBP: ffff8801bf9f7700 R08: ffffed0037f3ef00 R09: ffffed0037f3ef00 R10: 0000000000000005 R11: ffffed0037f3eeff R12: 0000000000000028 R13: ffff8801bf9f77d8 R14: 00007ffffffff000 R15: 0000000020001fc6 copy_from_user include/linux/uaccess.h:147 [inline] ip6mr_ioctl+0x477/0x880 net/ipv6/ip6mr.c:1886 rawv6_ioctl+0x139/0x240 net/ipv6/raw.c:1197 inet6_ioctl+0x19e/0x1e0 net/ipv6/af_inet6.c:534 sock_do_ioctl+0xef/0x390 net/socket.c:958 sock_ioctl+0x36b/0x610 net/socket.c:1081 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007ff5c61c6c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ff5c61c76d4 RCX: 0000000000453a59 RDX: 0000000020001f9e RSI: 00000000000089e0 RDI: 0000000000000013 RBP: 000000000071bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 R13: 000000000000039a R14: 00000000006f5710 R15: 0000000000000000 TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. capability: warning: `syz-executor1' uses 32-bit capabilities (legacy support in use) dccp_close: ABORT with 65423 bytes unread IPVS: length: 696 != 8 TCP: request_sock_TCPv6: Possible SYN flooding on port 20014. Sending cookies. Check SNMP counters. mmap: syz-executor1 (6356) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. kauditd_printk_skb: 7 callbacks suppressed audit: type=1400 audit(1518349676.673:41): avc: denied { setuid } for pid=6355 comm="syz-executor4" capability=7 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 *** Guest State *** CR0: actual=0xffffffff9ffffffc, shadow=0xfffffffffffffffc, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871 CR3 = 0x0000000000000000 PDPTR0 = 0x0000000700000001 PDPTR1 = 0x0000000000000000 PDPTR2 = 0x0000000000000000 PDPTR3 = 0x0000000700000001 RSP = 0x0000000000000000 RIP = 0x000000000000fff0 RFLAGS=0x00010002 DR7 = 0x0000000000000400 audit: type=1400 audit(1518349676.761:42): avc: denied { ioctl } for pid=6387 comm="syz-executor7" path="socket:[17147]" dev="sockfs" ino=17147 ioctlcmd=0x64a1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 GDTR: limit=0x00000000, base=0x0000000000000000 LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 IDTR: limit=0x00000000, base=0x0000000000000000 TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811cca95 RSP = 0xffff8801af5573b8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f959c000700 GSBase=ffff8801db400000 TRBase=fffffe0000003000 GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 CR0=0000000080050033 CR3=00000001c2e4c004 CR4=00000000001626f0 IPv4: Oversized IP packet from 127.0.0.1 Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff85a019f0 EFER = 0x0000000000000d01 PAT = 0x0000000000000000 *** Control State *** PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2 EntryControls=0000d1ff ExitControls=0023efff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=80000306 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffe7aaf2451c EPT pointer = 0x00000001bd48a01e IPv4: Oversized IP packet from 127.0.0.1 audit: type=1400 audit(1518349677.513:43): avc: denied { map } for pid=6548 comm="syz-executor4" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=18476 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=1 dccp_invalid_packet: pskb_may_pull failed dccp_invalid_packet: pskb_may_pull failed QAT: Invalid ioctl QAT: Invalid ioctl do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table audit: type=1400 audit(1518349678.355:44): avc: denied { connect } for pid=6771 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 syz-executor4 (6762) used greatest stack depth: 14976 bytes left audit: type=1400 audit(1518349678.674:45): avc: denied { create } for pid=6825 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1 TCP: request_sock_TCPv6: Possible SYN flooding on port 20022. Sending cookies. Check SNMP counters. ptrace attach of "/root/syz-executor3"[4210] was attempted by "/root/syz-executor3"[6905] audit: type=1400 audit(1518349679.036:46): avc: denied { map } for pid=6928 comm="syz-executor2" path="/dev/binder0" dev="devtmpfs" ino=9149 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 binder_alloc: binder_alloc_mmap_handler: 6928 20004000-20005000 already mapped failed -16 xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables audit: type=1400 audit(1518349679.527:47): avc: denied { getrlimit } for pid=7078 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=process permissive=1 device eql entered promiscuous mode device eql entered promiscuous mode audit: type=1400 audit(1518349680.168:48): avc: denied { setattr } for pid=7234 comm="syz-executor2" name="setgroups" dev="proc" ino=19291 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=file permissive=1 encrypted_key: insufficient parameters specified netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. audit: type=1400 audit(1518349680.565:49): avc: denied { getattr } for pid=7334 comm="syz-executor0" name="NETLINK" dev="sockfs" ino=19772 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 xt_connbytes: Forcing CT accounting to be enabled ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 audit: type=1400 audit(1518349680.923:50): avc: denied { accept } for pid=7452 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 net_ratelimit: 3 callbacks suppressed dccp_close: ABORT with 1 bytes unread RDS: rds_bind could not find a transport for 224.0.0.1, load rds_tcp or rds_rdma? kauditd_printk_skb: 1 callbacks suppressed audit: type=1400 audit(1518349681.687:52): avc: denied { ipc_lock } for pid=7657 comm="syz-executor4" capability=14 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 ipt_REJECT: TCP_RESET invalid for non-tcp binder: 7700:7706 got transaction to invalid handle binder: 7700:7706 transaction failed 29201/-22, size 0-0 line 2842 netlink: 'syz-executor1': attribute type 18 has an invalid length.