============================= WARNING: suspicious RCU usage 4.15.0-rc9+ #284 Not tainted ----------------------------- net/tipc/bearer.c:177 suspicious rcu_dereference_protected() usage! binder: 23290:23297 transaction failed 29189/-22, size 0-0 line 2788 binder: 23290:23297 ioctl c0306201 20000000 returned -14 binder: 23290:23297 transaction failed 29189/-22, size 0-0 line 2788 binder: 23290:23305 ioctl c0306201 20000000 returned -14 binder: undelivered TRANSACTION_ERROR: 29189 other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor4/23275: dccp_xmit_packet: Payload too large (65423) for featneg. Protocol error: SET target dimension is over the limit! Protocol error: SET target dimension is over the limit! dccp_close: ABORT with 65423 bytes unread #0: (cb_lock){++++}, at: [<00000000f4672e4e>] genl_rcv+0x19/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<00000000c7c02ef9>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<00000000c7c02ef9>] genl_rcv_msg+0x115/0x140 net/netlink/genetlink.c:622 stack backtrace: CPU: 0 PID: 23275 Comm: syz-executor4 Not tainted 4.15.0-rc9+ #284 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4587 tipc_bearer_find+0x2b4/0x3b0 net/tipc/bearer.c:177 tipc_nl_compat_link_set+0x329/0x9f0 net/tipc/netlink_compat.c:729 __tipc_nl_compat_doit net/tipc/netlink_compat.c:288 [inline] tipc_nl_compat_doit+0x15b/0x670 net/tipc/netlink_compat.c:335 tipc_nl_compat_handle net/tipc/netlink_compat.c:1119 [inline] tipc_nl_compat_recv+0x1135/0x18f0 net/tipc/netlink_compat.c:1201 genl_family_rcv_msg+0x7b7/0xfb0 net/netlink/genetlink.c:599 genl_rcv_msg+0xb2/0x140 net/netlink/genetlink.c:624 netlink_rcv_skb+0x14b/0x380 net/netlink/af_netlink.c:2409 genl_rcv+0x28/0x40 net/netlink/genetlink.c:635 netlink_unicast_kernel net/netlink/af_netlink.c:1275 [inline] netlink_unicast+0x4ee/0x700 net/netlink/af_netlink.c:1301 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1864 sock_sendmsg_nosec net/socket.c:638 [inline] sock_sendmsg+0xca/0x110 net/socket.c:648 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2028 __sys_sendmsg+0xe5/0x210 net/socket.c:2062 SYSC_sendmsg net/socket.c:2073 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2069 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007f1cc092bc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299 RDX: 0000000000000000 RSI: 0000000020003000 RDI: 0000000000000013 RBP: 00000000000003d6 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f4cb0 R13: 00000000ffffffff R14: 00007f1cc092c6d4 R15: 0000000000000000 QAT: Invalid ioctl netlink: 'syz-executor0': attribute type 21 has an invalid length. netlink: 'syz-executor0': attribute type 21 has an invalid length. binder: 23617:23621 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: binder_alloc_mmap_handler: 23617 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 23617:23621 ioctl 40046207 0 returned -16 binder: 23617:23632 ERROR: BC_REGISTER_LOOPER called without request binder: release 23617:23632 transaction 152 out, still active binder: unexpected work type, 4, not freed binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 152, target dead kauditd_printk_skb: 152 callbacks suppressed audit: type=1400 audit(1517213693.448:1578): avc: denied { map } for pid=23649 comm="syz-executor7" path="socket:[55769]" dev="sockfs" ino=55769 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=tcp_socket permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 23651:23674 ioctl 40046207 0 returned -16 netlink: 28 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 28 bytes leftover after parsing attributes in process `syz-executor5'. binder: 23745:23753 tried to acquire reference to desc 0, got 1 instead binder: tried to use weak ref as strong ref binder: 23745:23753 Acquire 1 refcount change on invalid ref 1 ret -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 23745:23764 ioctl 40046207 0 returned -16 binder: 23745:23780 tried to acquire reference to desc 0, got 1 instead binder: BINDER_SET_CONTEXT_MGR already set binder: 23745:23753 ioctl 40046207 0 returned -16 audit: type=1326 audit(1517213694.200:1579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23783 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517213694.203:1580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23783 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517213694.221:1581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23783 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=2 compat=0 ip=0x40d591 code=0x7ffc0000 audit: type=1326 audit(1517213694.222:1582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23783 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517213694.222:1583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23783 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517213694.225:1584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23783 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=9 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517213694.225:1585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23783 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517213694.226:1586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23783 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517213694.234:1587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23783 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=9 compat=0 ip=0x453299 code=0x7ffc0000 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pig=23852 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pig=23863 comm=syz-executor1 Protocol error: SET target dimension is over the limit! xt_cgroup: invalid path, errno=-2 futex_wake_op: syz-executor4 tries to shift op by -1; fix this program sock: sock_set_timeout: `syz-executor1' (pid 24445) tries to set negative timeout sock: sock_set_timeout: `syz-executor1' (pid 24470) tries to set negative timeout openvswitch: netlink: Flow get message rejected, Key attribute missing. openvswitch: netlink: Flow get message rejected, Key attribute missing. binder: 24765 RLIMIT_NICE not set binder: undelivered transaction 166, process died. binder: undelivered TRANSACTION_COMPLETE binder: 24765 RLIMIT_NICE not set binder: 24763:24767 transaction failed 29189/-22, size 0-0 line 2788 binder: undelivered TRANSACTION_ERROR: 29189 kauditd_printk_skb: 221 callbacks suppressed audit: type=1326 audit(1517213699.235:1807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24794 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 ptrace attach of "/root/syz-executor5"[3732] was attempted by "/root/syz-executor5"[24803] audit: type=1326 audit(1517213699.266:1808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24794 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=118 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517213699.268:1809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24794 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517213699.269:1810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24794 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517213699.269:1811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24794 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=9 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517213699.272:1812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24794 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517213699.286:1813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24794 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=317 compat=0 ip=0x453299 code=0x7ffc0000 bpf: check failed: parse error bpf: check failed: parse error A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. audit: type=1326 audit(1517213700.375:1814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=25015 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517213700.375:1815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=25015 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517213700.432:1816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=25015 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=9 compat=0 ip=0x453299 code=0x7ffc0000 QAT: Invalid ioctl QAT: Invalid ioctl binder_alloc: binder_alloc_mmap_handler: 25048 2011a000-2051a000 already mapped failed -16 device bridge0 entered promiscuous mode