NFS: bad mount option value specified: vþ ============================= WARNING: suspicious RCU usage 4.15.0-rc6-next-20180102+ #86 Not tainted ----------------------------- net/netfilter/ipset/ip_set_core.c:2057 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by kworker/u4:1/21: #0: ((wq_completion)"%s""netns"){+.+.}, at: [<00000000dff6ec6e>] process_one_work+0x71f/0x14a0 kernel/workqueue.c:2083 #1: (net_cleanup_work){+.+.}, at: [<000000009f85a884>] process_one_work+0x757/0x14a0 kernel/workqueue.c:2087 #2: (net_mutex){+.+.}, at: [<000000002c4bc83e>] cleanup_net+0x139/0x8b0 net/core/net_namespace.c:450 stack backtrace: CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 4.15.0-rc6-next-20180102+ #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x137/0x198 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ip_set_net_exit+0x2c6/0x480 net/netfilter/ipset/ip_set_core.c:2057 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:142 cleanup_net+0x3f3/0x8b0 net/core/net_namespace.c:484 process_one_work+0x801/0x14a0 kernel/workqueue.c:2112 worker_thread+0xe0/0x1010 kernel/workqueue.c:2246 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524 QAT: Invalid ioctl QAT: Invalid ioctl device eql entered promiscuous mode device syz0 entered promiscuous mode syz-executor2 uses obsolete (PF_INET,SOCK_PACKET) netlink: 9 bytes leftover after parsing attributes in process `syz-executor7'. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. netlink: 9 bytes leftover after parsing attributes in process `syz-executor7'. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. device lo entered promiscuous mode IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=5475 comm=syz-executor7 ptrace attach of "/root/syz-executor3"[3696] was attempted by "/root/syz-executor3"[5479] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=5485 comm=syz-executor7 ptrace attach of "/root/syz-executor3"[3696] was attempted by "/root/syz-executor3"[5490] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=260 sclass=netlink_route_socket pig=5538 comm=syz-executor2 device syz0 entered promiscuous mode kauditd_printk_skb: 95 callbacks suppressed audit: type=1400 audit(1514913738.395:224): avc: denied { setattr } for pid=5618 comm="syz-executor1" name="mountinfo" dev="proc" ino=17660 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=file permissive=1 audit: type=1326 audit(1514913738.444:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5624 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 device eql entered promiscuous mode audit: type=1326 audit(1514913738.444:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5624 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913738.455:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5624 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913738.459:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5624 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913738.462:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5624 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=2 compat=0 ip=0x40ce01 code=0x7ffc0000 audit: type=1326 audit(1514913738.462:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5624 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913738.462:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5624 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913738.465:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5624 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=317 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913738.466:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=5624 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 netlink: 'syz-executor4': attribute type 1 has an invalid length. netlink: 'syz-executor4': attribute type 1 has an invalid length. device eql entered promiscuous mode openvswitch: netlink: Key type 1795 is out of range max 29 binder_alloc: binder_alloc_mmap_handler: 5833 209a1000-209a4000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 5833 209a1000-209a4000 already mapped failed -16 openvswitch: netlink: Key type 1795 is out of range max 29 semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. The task syz-executor5 (5911) triggered the difference, watch for misbehavior. binder: BINDER_SET_CONTEXT_MGR already set binder: 5922:5943 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 device syz4 entered promiscuous mode binder: 5922:5924 ioctl 40046207 0 returned -16 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 0 PID: 5977 Comm: syz-executor6 Not tainted 4.15.0-rc6-next-20180102+ #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x137/0x198 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x4d4/0x580 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3539 __build_skb+0x35/0x2d0 net/core/skbuff.c:281 __napi_alloc_skb+0x173/0x2c0 net/core/skbuff.c:482 napi_alloc_skb include/linux/skbuff.h:2643 [inline] napi_get_frags+0x61/0x130 net/core/dev.c:5060 tun_napi_alloc_frags drivers/net/tun.c:1327 [inline] tun_get_user+0x1571/0x4680 drivers/net/tun.c:1668 tun_chr_write_iter+0xb9/0x160 drivers/net/tun.c:1836 call_write_iter include/linux/fs.h:1775 [inline] do_iter_readv_writev+0x3a9/0x5b0 fs/read_write.c:653 do_iter_write+0x154/0x540 fs/read_write.c:932 vfs_writev+0x158/0x2d0 fs/read_write.c:977 do_writev+0xe1/0x240 fs/read_write.c:1012 SYSC_writev fs/read_write.c:1085 [inline] SyS_writev+0x27/0x30 fs/read_write.c:1082 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x4529a1 RSP: 002b:00007f2861a82b80 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007f2861a82aa0 RCX: 00000000004529a1 RDX: 0000000000000001 RSI: 00007f2861a82bd0 RDI: 0000000000000012 RBP: 00007f2861a82a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000066 R11: 0000000000000293 R12: 00000000004b767a R13: 00007f2861a82bc8 R14: 00000000004b767a R15: 0000000000000000 QAT: Invalid ioctl FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 6001 Comm: syz-executor6 Not tainted 4.15.0-rc6-next-20180102+ #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x137/0x198 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x4d4/0x580 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3539 secpath_dup+0x2a/0x1c0 net/xfrm/xfrm_input.c:120 secpath_set+0x80/0x140 net/xfrm/xfrm_input.c:147 xfrm_input+0x24a/0x2670 net/xfrm/xfrm_input.c:308 xfrm6_rcv_spi+0xa8/0xd0 net/ipv6/xfrm6_input.c:31 xfrm6_tunnel_rcv+0xda/0x110 net/ipv6/xfrm6_tunnel.c:239 tunnel6_rcv+0x100/0x250 net/ipv6/tunnel6.c:109 ip6_input_finish+0x2fc/0x1560 net/ipv6/ip6_input.c:284 NF_HOOK include/linux/netfilter.h:288 [inline] ip6_input+0xcd/0x340 net/ipv6/ip6_input.c:327 dst_input include/net/dst.h:449 [inline] ip6_rcv_finish+0x151/0x640 net/ipv6/ip6_input.c:71 NF_HOOK include/linux/netfilter.h:288 [inline] ipv6_rcv+0xe49/0x1cf0 net/ipv6/ip6_input.c:208 __netif_receive_skb_core+0x13df/0x2c80 net/core/dev.c:4499 __netif_receive_skb+0x2c/0x1b0 net/core/dev.c:4564 netif_receive_skb_internal+0xfd/0x580 net/core/dev.c:4638 napi_frags_finish net/core/dev.c:5079 [inline] napi_gro_frags+0x4ad/0x940 net/core/dev.c:5152 tun_get_user+0x2271/0x4680 drivers/net/tun.c:1791 tun_chr_write_iter+0xb9/0x160 drivers/net/tun.c:1836 call_write_iter include/linux/fs.h:1775 [inline] do_iter_readv_writev+0x3a9/0x5b0 fs/read_write.c:653 do_iter_write+0x154/0x540 fs/read_write.c:932 vfs_writev+0x158/0x2d0 fs/read_write.c:977 do_writev+0xe1/0x240 fs/read_write.c:1012 SYSC_writev fs/read_write.c:1085 [inline] SyS_writev+0x27/0x30 fs/read_write.c:1082 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x4529a1 RSP: 002b:00007f2861a82b80 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007f2861a82aa0 RCX: 00000000004529a1 RDX: 0000000000000001 RSI: 00007f2861a82bd0 RDI: 0000000000000012 RBP: 00007f2861a82a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000066 R11: 0000000000000293 R12: 00000000004b767a R13: 00007f2861a82bc8 R14: 00000000004b767a R15: 0000000000000000 netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. IPv6: NLM_F_CREATE should be specified when creating new route netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor5'. binder: 6337:6339 got reply transaction with no transaction stack binder: 6337:6339 transaction failed 29201/-71, size 0-8 line 2760 binder: 6337:6348 got reply transaction with no transaction stack binder: 6337:6348 transaction failed 29201/-71, size 0-8 line 2760 netlink: 'syz-executor7': attribute type 29 has an invalid length. netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. ptrace attach of "/root/syz-executor4"[3701] was attempted by "/root/syz-executor4"[6428] ptrace attach of "/root/syz-executor4"[3701] was attempted by "/root/syz-executor4"[6437] binder: BINDER_SET_CONTEXT_MGR already set binder: 6443:6470 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 6443:6457 ioctl 40046207 0 returned -16 device gre0 entered promiscuous mode handle_userfault: 23 callbacks suppressed FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 6539 Comm: syz-executor3 Not tainted 4.15.0-rc6-next-20180102+ #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x137/0x198 lib/dump_stack.c:53 handle_userfault+0x744/0x1750 fs/userfaultfd.c:430 do_anonymous_page mm/memory.c:3171 [inline] handle_pte_fault mm/memory.c:3945 [inline] __handle_mm_fault+0x2fc5/0x3210 mm/memory.c:4071 handle_mm_fault+0x305/0x840 mm/memory.c:4108 __do_page_fault+0x59e/0xca0 arch/x86/mm/fault.c:1429 do_page_fault+0x78/0x490 arch/x86/mm/fault.c:1504 page_fault+0x2c/0x60 arch/x86/entry/entry_64.S:1243 RIP: 0010:fault_in_pages_readable include/linux/pagemap.h:601 [inline] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 lib/iov_iter.c:421 RSP: 0018:ffff8801d96efa08 EFLAGS: 00010246 RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff821c64c1 RDX: 00000000000000c9 RSI: ffffc9000363a000 RDI: ffff8801d96efd30 RBP: ffff8801d96efae8 R08: 0000000000000000 R09: 0000000000000000 R10: ffff8801d96ef978 R11: 0000000000000000 R12: 1ffff1003b2ddf44 R13: ffff8801d96efac0 R14: 0000000000000000 R15: ffff8801d96efd28 generic_perform_write+0x195/0x4a0 mm/filemap.c:3128 __generic_file_write_iter+0x366/0x5b0 mm/filemap.c:3263 generic_file_write_iter+0x2f0/0x630 mm/filemap.c:3291 call_write_iter include/linux/fs.h:1775 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x550/0x740 fs/read_write.c:482 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xd4/0x1a0 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f056334dc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9 RDX: 000000000000001c RSI: 0000000020011fd2 RDI: 0000000000000014 RBP: 0000000000000059 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ee8f8 R13: 00000000ffffffff R14: 00007f056334e6d4 R15: 0000000000000000 audit: type=1326 audit(1514913744.729:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6597 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913744.763:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6597 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=85 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913744.763:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6597 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913744.764:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6597 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913744.764:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6597 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=54 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913744.764:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6597 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913744.765:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6597 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=306 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913744.765:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6597 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1514913744.765:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6597 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x452ac9 code=0x7ffc0000 QAT: Invalid ioctl QAT: Invalid ioctl capability: warning: `syz-executor0' uses deprecated v2 capabilities in a way that may be insecure hrtimer: interrupt took 36382 ns pit: kvm: requested 5866 ns i8254 timer period limited to 500000 ns pit: kvm: requested 5866 ns i8254 timer period limited to 500000 ns ptrace attach of "/root/syz-executor2"[3698] was attempted by "/root/syz-executor2"[6859] ptrace attach of "/root/syz-executor2"[3698] was attempted by "/root/syz-executor2"[6859] binder: 6870:6878 ERROR: BC_REGISTER_LOOPER called without request binder: 6870:6878 ERROR: BC_ENTER_LOOPER called after BC_REGISTER_LOOPER binder: 6870:6878 ERROR: BC_REGISTER_LOOPER called without request binder: 6870:6878 ERROR: BC_ENTER_LOOPER called after BC_REGISTER_LOOPER netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 14 bytes leftover after parsing attributes in process `syz-executor7'. SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pig=6925 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pig=6928 comm=syz-executor3 device eql entered promiscuous mode sock: process `syz-executor2' is using obsolete setsockopt SO_BSDCOMPAT binder: 7063:7067 BC_REQUEST_DEATH_NOTIFICATION invalid ref 2 binder: 7063:7067 unknown command 0 binder: 7063:7067 ioctl c0306201 20990000 returned -22 binder_alloc: binder_alloc_mmap_handler: 7063 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 7063:7081 ioctl 40046207 0 returned -16 binder: 7063:7092 BC_REQUEST_DEATH_NOTIFICATION invalid ref 2 binder: 7063:7092 unknown command 0 binder: 7063:7092 ioctl c0306201 20990000 returned -22 binder: 7111:7113 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 7111:7113 DecRefs 0 refcount change on invalid ref 1 ret -22