============================= WARNING: suspicious RCU usage 4.15.0+ #217 Not tainted ----------------------------- ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor2/6152: #0: (rcu_read_lock){....}, at: [<00000000fd36abba>] __rds_conn_create+0xe46/0x1b50 net/rds/connection.c:218 stack backtrace: CPU: 1 PID: 6152 Comm: syz-executor2 Not tainted 4.15.0+ #217 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 rcu_preempt_sleep_check include/linux/rcupdate.h:301 [inline] ___might_sleep+0x385/0x470 kernel/sched/core.c:6093 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc+0x2a2/0x760 mm/slab.c:3539 rds_tcp_conn_alloc+0xa7/0x4e0 net/rds/tcp.c:296 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 rds_sendmsg+0xda3/0x2390 net/rds/send.c:1126 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] do_fast_syscall_32+0x3ee/0xfa1 arch/x86/entry/common.c:392 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129 RIP: 0023:0xf7f37c79 RSP: 002b:00000000f773309c EFLAGS: 00000286 ORIG_RAX: 0000000000000171 RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000020fc2000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002069affb RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 BUG: sleeping function called from invalid context at mm/slab.h:420 in_atomic(): 1, irqs_disabled(): 0, pid: 6152, name: syz-executor2 1 lock held by syz-executor2/6152: #0: (rcu_read_lock){....}, at: [<00000000fd36abba>] __rds_conn_create+0xe46/0x1b50 net/rds/connection.c:218 CPU: 1 PID: 6152 Comm: syz-executor2 Not tainted 4.15.0+ #217 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6128 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc+0x2a2/0x760 mm/slab.c:3539 rds_tcp_conn_alloc+0xa7/0x4e0 net/rds/tcp.c:296 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 rds_sendmsg+0xda3/0x2390 net/rds/send.c:1126 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] do_fast_syscall_32+0x3ee/0xfa1 arch/x86/entry/common.c:392 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129 RIP: 0023:0xf7f37c79 RSP: 002b:00000000f773309c EFLAGS: 00000286 ORIG_RAX: 0000000000000171 RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000020fc2000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002069affb RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 QAT: Invalid ioctl QAT: Invalid ioctl kauditd_printk_skb: 7 callbacks suppressed audit: type=1400 audit(1518276620.872:34): avc: denied { read } for pid=6331 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1518276620.988:35): avc: denied { name_connect } for pid=6353 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 audit: type=1400 audit(1518276621.265:36): avc: denied { create } for pid=6423 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_iscsi_socket permissive=1 netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. QAT: Invalid ioctl QAT: Invalid ioctl netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. QAT: Invalid ioctl QAT: Invalid ioctl netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. audit: type=1400 audit(1518276621.718:37): avc: denied { map } for pid=6536 comm="syz-executor2" path="/52/file0/bus" dev="ramfs" ino=16982 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ramfs_t:s0 tclass=file permissive=1 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl Cannot find add_set index 0 as target dccp_v4_rcv: dropped packet with invalid checksum dccp_v4_rcv: dropped packet with invalid checksum Cannot find add_set index 0 as target binder: 6706:6710 IncRefs 0 refcount change on invalid ref 0 ret -22 binder: 6706:6737 IncRefs 0 refcount change on invalid ref 0 ret -22 audit: type=1400 audit(1518276622.603:38): avc: denied { getopt } for pid=6749 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 Cannot find add_set index 0 as target Cannot find add_set index 0 as target netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. CPU: 0 PID: 6989 Comm: syz-executor1 Tainted: G W 4.15.0+ #217 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc_node mm/slab.c:3286 [inline] kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3629 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:983 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1180 [inline] netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1872 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2046 __sys_sendmsg+0xe5/0x210 net/socket.c:2080 C_SYSC_sendmsg net/compat.c:739 [inline] compat_SyS_sendmsg+0x2a/0x40 net/compat.c:737 do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] do_fast_syscall_32+0x3ee/0xfa1 arch/x86/entry/common.c:392 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129 RIP: 0023:0xf7f95c79 RSP: 002b:00000000f779109c EFLAGS: 00000286 ORIG_RAX: 0000000000000172 RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000020011fc8 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 7034 Comm: syz-executor1 Tainted: G W 4.15.0+ #217 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc_node mm/slab.c:3286 [inline] kmem_cache_alloc_node_trace+0x5a/0x760 mm/slab.c:3648 __do_kmalloc_node mm/slab.c:3668 [inline] __kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3683 __kmalloc_reserve.isra.39+0x41/0xd0 net/core/skbuff.c:137 __alloc_skb+0x13b/0x780 net/core/skbuff.c:205 alloc_skb include/linux/skbuff.h:983 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1180 [inline] netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1872 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2046 __sys_sendmsg+0xe5/0x210 net/socket.c:2080 C_SYSC_sendmsg net/compat.c:739 [inline] compat_SyS_sendmsg+0x2a/0x40 net/compat.c:737 do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] do_fast_syscall_32+0x3ee/0xfa1 arch/x86/entry/common.c:392 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129 RIP: 0023:0xf7f95c79 RSP: 002b:00000000f779109c EFLAGS: 00000286 ORIG_RAX: 0000000000000172 RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000020011fc8 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 7074 Comm: syz-executor1 Tainted: G W 4.15.0+ #217 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3539 skb_clone+0x1ae/0x480 net/core/skbuff.c:1279 netlink_skb_clone include/linux/netlink.h:144 [inline] nfnetlink_rcv_batch net/netfilter/nfnetlink.c:297 [inline] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:493 [inline] nfnetlink_rcv+0x686/0x1920 net/netfilter/nfnetlink.c:511 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2046 __sys_sendmsg+0xe5/0x210 net/socket.c:2080 C_SYSC_sendmsg net/compat.c:739 [inline] compat_SyS_sendmsg+0x2a/0x40 net/compat.c:737 do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] do_fast_syscall_32+0x3ee/0xfa1 arch/x86/entry/common.c:392 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129 RIP: 0023:0xf7f95c79 RSP: 002b:00000000f779109c EFLAGS: 00000286 ORIG_RAX: 0000000000000172 RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000020011fc8 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 7086 Comm: syz-executor5 Tainted: G W 4.15.0+ #217 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3365 [inline] __do_kmalloc mm/slab.c:3703 [inline] __kmalloc_track_caller+0x5f/0x760 mm/slab.c:3720 memdup_user+0x2c/0x90 mm/util.c:160 strndup_user+0x62/0xb0 mm/util.c:217 keyctl_keyring_search+0xa7/0x360 security/keys/keyctl.c:675 C_SYSC_keyctl security/keys/compat.c:88 [inline] compat_SyS_keyctl+0x1b0/0x2c0 security/keys/compat.c:59 do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] do_fast_syscall_32+0x3ee/0xfa1 arch/x86/entry/common.c:392 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129 RIP: 0023:0xf7f30c79 RSP: 002b:00000000f772c09c EFLAGS: 00000286 ORIG_RAX: 0000000000000120 RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000ffffffff RDX: 0000000020f82ff3 RSI: 0000000020858ffb RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 audit: type=1400 audit(1518276626.245:39): avc: denied { setopt } for pid=7101 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1518276626.328:40): avc: denied { getopt } for pid=7131 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1518276626.414:41): avc: denied { getattr } for pid=7148 comm="syz-executor1" name="NETLINK" dev="sockfs" ino=19573 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1518276626.948:42): avc: denied { ioctl } for pid=7268 comm="syz-executor4" path="socket:[18923]" dev="sockfs" ino=18923 ioctlcmd=0x8937 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1518276627.213:43): avc: denied { setgid } for pid=7338 comm="syz-executor5" capability=6 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63512 sclass=netlink_route_socket pig=7346 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63512 sclass=netlink_route_socket pig=7349 comm=syz-executor4 audit: type=1400 audit(1518276627.541:44): avc: denied { name_bind } for pid=7394 comm="syz-executor4" src=20019 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 audit: type=1400 audit(1518276627.541:45): avc: denied { node_bind } for pid=7394 comm="syz-executor4" src=20019 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl