============================= WARNING: suspicious RCU usage 4.16.0-rc1+ #309 Not tainted ----------------------------- ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor0/5387: #0: (rcu_read_lock){....}, at: [<00000000b5a46b5f>] __rds_conn_create+0xe46/0x1b50 net/rds/connection.c:218 stack backtrace: CPU: 0 PID: 5387 Comm: syz-executor0 Not tainted 4.16.0-rc1+ #309 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 rcu_preempt_sleep_check include/linux/rcupdate.h:301 [inline] ___might_sleep+0x385/0x470 kernel/sched/core.c:6093 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc+0x2a2/0x760 mm/slab.c:3539 rds_tcp_conn_alloc+0xa7/0x4e0 net/rds/tcp.c:296 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 rds_sendmsg+0xda3/0x2390 net/rds/send.c:1126 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007f363c5c3c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f363c5c46d4 RCX: 0000000000453a59 RDX: 0000000000000000 RSI: 0000000020218000 RDI: 0000000000000013 RBP: 000000000071bea0 R08: 0000000020062000 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004b9 R14: 00000000006f71f8 R15: 0000000000000000 BUG: sleeping function called from invalid context at mm/slab.h:420 in_atomic(): 1, irqs_disabled(): 0, pid: 5387, name: syz-executor0 1 lock held by syz-executor0/5387: #0: (rcu_read_lock){....}, at: [<00000000b5a46b5f>] __rds_conn_create+0xe46/0x1b50 net/rds/connection.c:218 CPU: 0 PID: 5387 Comm: syz-executor0 Not tainted 4.16.0-rc1+ #309 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6128 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc+0x2a2/0x760 mm/slab.c:3539 rds_tcp_conn_alloc+0xa7/0x4e0 net/rds/tcp.c:296 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 rds_sendmsg+0xda3/0x2390 net/rds/send.c:1126 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007f363c5c3c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f363c5c46d4 RCX: 0000000000453a59 RDX: 0000000000000000 RSI: 0000000020218000 RDI: 0000000000000013 RBP: 000000000071bea0 R08: 0000000020062000 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004b9 R14: 00000000006f71f8 R15: 0000000000000000 audit: type=1400 audit(1518435416.864:25): avc: denied { map } for pid=5431 comm="syz-executor1" path="/dev/binder1" dev="devtmpfs" ino=138 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 mmap: syz-executor1 (5436) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. binder_alloc: binder_alloc_mmap_handler: 5431 201ed000-201ef000 already mapped failed -16 xt_connbytes: Forcing CT accounting to be enabled audit: type=1400 audit(1518435417.150:26): avc: denied { setuid } for pid=5490 comm="syz-executor6" capability=7 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1518435417.597:27): avc: denied { map_create } for pid=5601 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. audit: type=1400 audit(1518435417.623:28): avc: denied { map_read map_write } for pid=5601 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1518435417.833:29): avc: denied { map } for pid=5640 comm="syz-executor4" path="/selinux/mls" dev="selinuxfs" ino=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=file permissive=1 QAT: Invalid ioctl SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36689 sclass=netlink_route_socket pig=5676 comm=syz-executor3 QAT: Invalid ioctl NFS: bad mount option value specified: v34 NFS: bad mount option value specified: v34 Cannot find set identified by id 0 to match Cannot find set identified by id 0 to match audit: type=1400 audit(1518435418.404:30): avc: denied { map } for pid=5776 comm="syz-executor2" path=2F6D656D66643A6D643573756D6D3573756D2D7D6281657689656C696E55782F5E5D202864656C6574656429 dev="tmpfs" ino=15792 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 audit: type=1400 audit(1518435418.507:31): avc: denied { setfcap } for pid=5791 comm="syz-executor1" capability=31 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 devpts: called with bogus options QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl TCP: request_sock_TCP: Possible SYN flooding on port 20006. Sending cookies. Check SNMP counters. x_tables: ip_tables: osf match: only valid for protocol 6 x_tables: ip_tables: osf match: only valid for protocol 6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=19527 sclass=netlink_route_socket pig=6063 comm=syz-executor6 netlink: 28 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 28 bytes leftover after parsing attributes in process `syz-executor5'. kauditd_printk_skb: 5 callbacks suppressed audit: type=1400 audit(1518435420.691:37): avc: denied { setgid } for pid=6338 comm="syz-executor4" capability=6 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1518435420.789:38): avc: denied { setopt } for pid=6357 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1518435421.390:39): avc: denied { set_context_mgr } for pid=6466 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 6466:6476 ioctl 40046207 0 returned -16 audit: type=1400 audit(1518435421.470:40): avc: denied { call } for pid=6466 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 6466:6489 BC_FREE_BUFFER u0000000020000000 matched unreturned buffer binder_alloc: 6466:6489 FREE_BUFFER u0000000020000000 user freed buffer twice binder: 6466:6489 BC_FREE_BUFFER u0000000020000000 no match binder: BINDER_SET_CONTEXT_MGR already set binder: 6466:6508 ioctl 40046207 0 returned -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 6466:6489 ioctl 40046207 0 returned -16 binder_alloc: 6466: binder_alloc_buf, no vma binder: 6466:6508 transaction failed 29189/-3, size 0-0 line 2957 binder: 6466:6489 BC_FREE_BUFFER u0000000020000000 no match binder: undelivered TRANSACTION_ERROR: 29189 binder: release 6466:6476 transaction 2 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 2, target dead IPv4: Oversized IP packet from 127.0.0.1 audit: type=1400 audit(1518435421.767:41): avc: denied { map } for pid=6524 comm="syz-executor3" path="/dev/dsp" dev="devtmpfs" ino=177 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file permissive=1 sock: sock_set_timeout: `syz-executor1' (pid 6542) tries to set negative timeout IPv4: Oversized IP packet from 127.0.0.1 binder: 6548:6552 ioctl 4010ae94 208f1000 returned -22 binder: 6548:6563 ioctl 4010ae94 208f1000 returned -22 Cannot find add_set index 0 as target binder_alloc: binder_alloc_mmap_handler: 6567 20000000-20002000 already mapped failed -16 raw_sendmsg: syz-executor1 forgot to set AF_INET. Fix it! Cannot find add_set index 0 as target IPv4: Oversized IP packet from 127.0.0.1 netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. device eql entered promiscuous mode device eql entered promiscuous mode audit: type=1400 audit(1518435422.446:42): avc: denied { map } for pid=6699 comm="syz-executor4" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=17241 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=1 device syz3 entered promiscuous mode audit: type=1326 audit(1518435422.792:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6758 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453a59 code=0x7ffc0000 audit: type=1326 audit(1518435422.793:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6758 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453a59 code=0x7ffc0000 audit: type=1326 audit(1518435422.796:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6758 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=254 compat=0 ip=0x453a59 code=0x7ffc0000 audit: type=1326 audit(1518435422.796:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6758 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453a59 code=0x7ffc0000 netlink: 16 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. xt_HL: invalid or unknown mode 3 device eql entered promiscuous mode device eql entered promiscuous mode xt_l2tp: v2 doesn't support IP mode xt_l2tp: v2 doesn't support IP mode