============================= WARNING: suspicious RCU usage 4.15.0-rc9+ #281 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor2/7947: #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000e6002d1d>] lock_sock include/net/sock.h:1461 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000e6002d1d>] do_ipv6_setsockopt.isra.9+0x23d/0x39a0 net/ipv6/ipv6_sockglue.c:167 stack backtrace: CPU: 1 PID: 7947 Comm: syz-executor2 Not tainted 4.15.0-rc9+ #281 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ireq_opt_deref include/net/inet_sock.h:135 [inline] inet_csk_route_req+0x82a/0xca0 net/ipv4/inet_connection_sock.c:544 dccp_v4_send_response+0xa7/0x650 net/dccp/ipv4.c:485 dccp_v4_conn_request+0x9f4/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1350 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x823/0x9c0 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:907 [inline] __release_sock+0x124/0x360 net/core/sock.c:2264 release_sock+0xa4/0x2a0 net/core/sock.c:2779 do_ipv6_setsockopt.isra.9+0x50a/0x39a0 net/ipv6/ipv6_sockglue.c:898 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922 dccp_setsockopt+0x85/0xd0 net/dccp/proto.c:573 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968 SYSC_setsockopt net/socket.c:1831 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1810 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x452f19 RSP: 002b:00007fb8db5a0c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007fb8db5a1700 RCX: 0000000000452f19 RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000013 RBP: 0000000000a2f850 R08: 0000000000000020 R09: 0000000000000000 R10: 0000000020f3c000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a2f7cf R14: 00007fb8db5a19c0 R15: 0000000000000002 ============================= WARNING: suspicious RCU usage 4.15.0-rc9+ #281 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor2/7947: #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000e6002d1d>] lock_sock include/net/sock.h:1461 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000e6002d1d>] do_ipv6_setsockopt.isra.9+0x23d/0x39a0 net/ipv6/ipv6_sockglue.c:167 stack backtrace: CPU: 1 PID: 7947 Comm: syz-executor2 Not tainted 4.15.0-rc9+ #281 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ireq_opt_deref include/net/inet_sock.h:135 [inline] dccp_v4_send_response+0x4b6/0x650 net/dccp/ipv4.c:496 dccp_v4_conn_request+0x9f4/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1350 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x823/0x9c0 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:907 [inline] __release_sock+0x124/0x360 net/core/sock.c:2264 release_sock+0xa4/0x2a0 net/core/sock.c:2779 do_ipv6_setsockopt.isra.9+0x50a/0x39a0 net/ipv6/ipv6_sockglue.c:898 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922 dccp_setsockopt+0x85/0xd0 net/dccp/proto.c:573 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968 SYSC_setsockopt net/socket.c:1831 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1810 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x452f19 RSP: 002b:00007fb8db5a0c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007fb8db5a1700 RCX: 0000000000452f19 RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000013 RBP: 0000000000a2f850 R08: 0000000000000020 R09: 0000000000000000 R10: 0000000020f3c000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a2f7cf R14: 00007fb8db5a19c0 R15: 0000000000000002 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31381 sclass=netlink_route_socket pig=7995 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31381 sclass=netlink_route_socket pig=7995 comm=syz-executor1 autofs4:pid:8077:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(3590324411.0), cmd(0x0000937e) autofs4:pid:8077:validate_dev_ioctl: invalid device control module version supplied for cmd(0x0000937e) dccp_close: ABORT with 4294967275 bytes unread netlink: 16 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 'syz-executor7': attribute type 4 has an invalid length. netlink: 'syz-executor7': attribute type 4 has an invalid length. skbuff: bad partial csum: csum=65535/65535 len=14 skbuff: bad partial csum: csum=65535/65535 len=14 syz-executor3 (8361) used greatest stack depth: 15408 bytes left futex_wake_op: syz-executor4 tries to shift op by -1; fix this program futex_wake_op: syz-executor4 tries to shift op by -1; fix this program netlink: 12 bytes leftover after parsing attributes in process `syz-executor0'. tc_dump_action: action bad kind netlink: 12 bytes leftover after parsing attributes in process `syz-executor0'. tc_dump_action: action bad kind QAT: Invalid ioctl QAT: Invalid ioctl dccp_close: ABORT with 13 bytes unread kauditd_printk_skb: 79 callbacks suppressed audit: type=1326 audit(1517006764.235:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8638 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452f19 code=0x7ffc0000 audit: type=1326 audit(1517006764.235:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8638 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452f19 code=0x7ffc0000 audit: type=1326 audit(1517006764.236:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8638 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=246 compat=0 ip=0x452f19 code=0x7ffc0000 audit: type=1326 audit(1517006764.237:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8638 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452f19 code=0x7ffc0000 audit: type=1326 audit(1517006764.241:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8638 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452f19 code=0x7ffc0000 audit: type=1326 audit(1517006764.242:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8638 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452f19 code=0x7ffc0000 audit: type=1326 audit(1517006764.247:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8638 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=305 compat=0 ip=0x452f19 code=0x7ffc0000 audit: type=1326 audit(1517006764.248:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8638 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452f19 code=0x7ffc0000 audit: type=1326 audit(1517006764.248:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8638 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452f19 code=0x7ffc0000 binder: 8679:8684 BC_FREE_BUFFER u0000000000000000 no match binder: 8679:8700 BC_FREE_BUFFER u0000000000000000 no match kvm [8792]: vcpu0, guest rIP: 0xfff0 Hyper-V unhandled rdmsr: 0x40000085 kvm [8792]: vcpu0, guest rIP: 0xfff0 Hyper-V unhandled rdmsr: 0x40000085 binder: 8871:8887 unknown command 0 binder: 8871:8887 ioctl c0306201 2000a000 returned -22 audit: type=1400 audit(1517006765.871:454): avc: denied { getattr } for pid=8895 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 binder: 8871:8899 ioctl c0306201 20445000 returned -14 binder: release 8871:8899 transaction 25 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 25, target dead netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. device syz0 entered promiscuous mode netlink: 12 bytes leftover after parsing attributes in process `syz-executor6'. tc_dump_action: action bad kind device syz0 left promiscuous mode netlink: 'syz-executor5': attribute type 3 has an invalid length. netlink: 'syz-executor5': attribute type 3 has an invalid length. mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium QAT: Invalid ioctl QAT: Invalid ioctl SELinux: failed to load policy SELinux: failed to load policy netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'. openvswitch: netlink: Flow set message rejected, Key attribute missing. binder: BINDER_SET_CONTEXT_MGR already set binder: 9281:9282 ioctl 40046207 0 returned -16 binder_alloc: 9281: binder_alloc_buf, no vma binder: 9281:9299 transaction failed 29189/-3, size 40-8 line 2903 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 9281:9282 transaction 27 out, still active binder: send failed reply for transaction 27, target dead netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'. openvswitch: netlink: Flow set message rejected, Key attribute missing. device eql entered promiscuous mode binder: 9391:9401 ioctl 40046205 0 returned -22 x86/PAT: syz-executor5:9482 map pfn RAM range req write-combining for [mem 0x1ce679000-0x1ce679fff], got write-back QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl binder: 9597 RLIMIT_NICE not set binder: 9597 RLIMIT_NICE not set binder: release 9594:9597 transaction 32 in, still active binder: send failed reply for transaction 32 to 9594:9607 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'.