Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable ============================= WARNING: suspicious RCU usage 4.15.0-rc9+ #188 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor1/2056: #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000c97f5c45>] lock_sock include/net/sock.h:1461 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000c97f5c45>] do_ipv6_setsockopt.isra.9+0x23d/0x39a0 net/ipv6/ipv6_sockglue.c:167 stack backtrace: CPU: 1 PID: 2056 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #188 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ireq_opt_deref include/net/inet_sock.h:135 [inline] inet_csk_route_req+0x82a/0xca0 net/ipv4/inet_connection_sock.c:544 dccp_v4_send_response+0xa7/0x650 net/dccp/ipv4.c:485 dccp_v4_conn_request+0x9f4/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1350 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x823/0x9c0 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:907 [inline] __release_sock+0x124/0x360 net/core/sock.c:2264 release_sock+0xa4/0x2a0 net/core/sock.c:2779 do_ipv6_setsockopt.isra.9+0x50a/0x39a0 net/ipv6/ipv6_sockglue.c:898 compat_ipv6_setsockopt+0xfc/0x1e0 net/ipv6/ipv6_sockglue.c:957 inet_csk_compat_setsockopt+0x95/0x120 net/ipv4/inet_connection_sock.c:1042 compat_dccp_setsockopt+0x40/0x70 net/dccp/proto.c:586 compat_sock_common_setsockopt+0xb2/0x140 net/core/sock.c:2979 C_SYSC_setsockopt net/compat.c:403 [inline] compat_SyS_setsockopt+0x17c/0x410 net/compat.c:386 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129 RIP: 0023:0xf7f92c79 RSP: 002b:00000000f778e08c EFLAGS: 00000296 ORIG_RAX: 000000000000016e RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 0000000000000029 RDX: 0000000000000020 RSI: 0000000020bbb000 RDI: 0000000000000020 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 ============================= WARNING: suspicious RCU usage 4.15.0-rc9+ #188 Not tainted Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor1/2056: #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000c97f5c45>] lock_sock include/net/sock.h:1461 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000c97f5c45>] do_ipv6_setsockopt.isra.9+0x23d/0x39a0 net/ipv6/ipv6_sockglue.c:167 stack backtrace: CPU: 1 PID: 2056 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #188 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ireq_opt_deref include/net/inet_sock.h:135 [inline] dccp_v4_send_response+0x4b6/0x650 net/dccp/ipv4.c:496 dccp_v4_conn_request+0x9f4/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1350 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x823/0x9c0 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:907 [inline] __release_sock+0x124/0x360 net/core/sock.c:2264 release_sock+0xa4/0x2a0 net/core/sock.c:2779 do_ipv6_setsockopt.isra.9+0x50a/0x39a0 net/ipv6/ipv6_sockglue.c:898 compat_ipv6_setsockopt+0xfc/0x1e0 net/ipv6/ipv6_sockglue.c:957 inet_csk_compat_setsockopt+0x95/0x120 net/ipv4/inet_connection_sock.c:1042 compat_dccp_setsockopt+0x40/0x70 net/dccp/proto.c:586 compat_sock_common_setsockopt+0xb2/0x140 net/core/sock.c:2979 C_SYSC_setsockopt net/compat.c:403 [inline] compat_SyS_setsockopt+0x17c/0x410 net/compat.c:386 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129 RIP: 0023:0xf7f92c79 RSP: 002b:00000000f778e08c EFLAGS: 00000296 ORIG_RAX: 000000000000016e RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 0000000000000029 RDX: 0000000000000020 RSI: 0000000020bbb000 RDI: 0000000000000020 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 binder: 2126:2128 transaction failed 29189/-22, size 0-0 line 2788 binder: undelivered TRANSACTION_ERROR: 29189 binder: 2126:2136 transaction failed 29189/-22, size 0-0 line 2788 binder: undelivered TRANSACTION_ERROR: 29189 audit: type=1401 audit(1516832989.386:248): op=setxattr invalid_context="',-em0self&vboxnet1-em0" audit: type=1401 audit(1516832989.417:249): op=setxattr invalid_context="',-em0self&vboxnet1-em0" audit: type=1400 audit(1516832989.767:250): avc: denied { bind } for pid=2356 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. device eql entered promiscuous mode audit: type=1400 audit(1516832991.239:251): avc: denied { map } for pid=2628 comm="syz-executor3" path="/selinux/mls" dev="selinuxfs" ino=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=file permissive=1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 binder: 2653:2661 ERROR: BC_REGISTER_LOOPER called without request binder: 2661 RLIMIT_NICE not set device eql entered promiscuous mode binder: 2661 RLIMIT_NICE not set binder: 2661 RLIMIT_NICE not set binder: BINDER_SET_CONTEXT_MGR already set binder: 2653:2669 ERROR: BC_REGISTER_LOOPER called without request binder: 2669 RLIMIT_NICE not set binder: 2653:2661 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 191, process died. device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 2708 Comm: syz-executor6 Not tainted 4.15.0-rc9+ #188 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3289 [inline] kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:983 [inline] alloc_skb_with_frags+0x10d/0x750 net/core/skbuff.c:5147 sock_alloc_send_pskb+0x787/0x9b0 net/core/sock.c:2078 tun_alloc_skb drivers/net/tun.c:1364 [inline] tun_get_user+0x91c/0x3710 drivers/net/tun.c:1653 tun_chr_write_iter+0xb9/0x160 drivers/net/tun.c:1809 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x684/0x970 fs/read_write.c:482 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129 RIP: 0023:0xf7fafc79 RSP: 002b:00000000f77ab08c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 0000000020b3bfa0 RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 device eql entered promiscuous mode device eql entered promiscuous mode IPv4: Oversized IP packet from 127.0.0.1 autofs4:pid:2813:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(3590324411.0), cmd(0x0000937e) autofs4:pid:2813:validate_dev_ioctl: invalid device control module version supplied for cmd(0x0000937e) autofs4:pid:2828:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(3590324411.0), cmd(0x0000937e) autofs4:pid:2828:validate_dev_ioctl: invalid device control module version supplied for cmd(0x0000937e) device eql entered promiscuous mode IPVS: length: 24 != 8 device eql entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode sock: process `syz-executor4' is using obsolete getsockopt SO_BSDCOMPAT device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode binder: 3098:3100 got transaction with too large buffer binder: 3098:3100 transaction failed 29201/-22, size 80-16 line 3062 binder: 3098:3109 ioctl c0086421 2038e000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 3098:3115 ioctl 40046207 0 returned -16 binder_alloc: 3098: binder_alloc_buf, no vma binder: 3098:3109 transaction failed 29189/-3, size 80-16 line 2903 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 device eql entered promiscuous mode audit: type=1400 audit(1516832994.024:252): avc: denied { map } for pid=3153 comm="syz-executor6" path="socket:[75697]" dev="sockfs" ino=75697 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=tcp_socket permissive=1 audit: type=1400 audit(1516832994.060:253): avc: denied { map } for pid=3156 comm="syz-executor1" path="/dev/usbmon0" dev="devtmpfs" ino=8916 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usbmon_device_t:s0 tclass=chr_file permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3196 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3196 comm=syz-executor4 device eql entered promiscuous mode device eql entered promiscuous mode sg_write: data in/out 458716/32 bytes for SCSI command 0x0-- guessing data in; program syz-executor4 not setting count and/or reply_len properly device eql entered promiscuous mode sg_write: data in/out 458716/32 bytes for SCSI command 0x0-- guessing data in; program syz-executor4 not setting count and/or reply_len properly device eql entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl device eql entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl audit: type=1400 audit(1516832995.141:254): avc: denied { getattr } for pid=3438 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode audit: type=1326 audit(1516832995.486:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=3550 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fcec79 code=0x0 device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode audit: type=1400 audit(1516832995.977:256): avc: denied { accept } for pid=3720 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 device eql entered promiscuous mode device eql entered promiscuous mode do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app device eql entered promiscuous mode do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode audit: type=1400 audit(1516832996.953:257): avc: denied { create } for pid=3970 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1516832996.954:258): avc: denied { write } for pid=3970 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 device eql entered promiscuous mode audit: type=1400 audit(1516832996.954:259): avc: denied { net_admin } for pid=3970 comm="syz-executor4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1516832997.024:260): avc: denied { map } for pid=3985 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 audit: type=1400 audit(1516832997.152:261): avc: denied { dac_override } for pid=3950 comm="syz-executor1" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 device eql entered promiscuous mode audit: type=1400 audit(1516832997.306:262): avc: denied { prog_load } for pid=4001 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 4027 Comm: syz-executor2 Not tainted 4.15.0-rc9+ #188 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3289 [inline] kmem_cache_alloc_node_trace+0x5a/0x750 mm/slab.c:3651 kmalloc_node include/linux/slab.h:537 [inline] kzalloc_node include/linux/slab.h:699 [inline] __get_vm_area_node+0xae/0x340 mm/vmalloc.c:1402 __vmalloc_node_range+0xa3/0x650 mm/vmalloc.c:1754 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vmalloc+0x45/0x50 mm/vmalloc.c:1840 kvm_vcpu_ioctl_set_cpuid+0x1b7/0xa00 arch/x86/kvm/cpuid.c:203 kvm_arch_vcpu_ioctl+0x2256/0x4740 arch/x86/kvm/x86.c:3530