============================= binder: 10034:10044 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 WARNING: suspicious RCU usage 4.15.0+ #307 Not tainted ----------------------------- ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor3/10038: #0: (rcu_read_lock){....}, at: [<00000000dc9ab2b2>] __rds_conn_create+0xe46/0x1b50 net/rds/connection.c:218 stack backtrace: CPU: 1 PID: 10038 Comm: syz-executor3 Not tainted 4.15.0+ #307 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 rcu_preempt_sleep_check include/linux/rcupdate.h:301 [inline] ___might_sleep+0x385/0x470 kernel/sched/core.c:6093 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc_trace+0x299/0x740 mm/slab.c:3605 kmalloc include/linux/slab.h:512 [inline] kzalloc include/linux/slab.h:701 [inline] rds_loop_conn_alloc+0xc8/0x380 net/rds/loop.c:126 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 rds_sendmsg+0xda3/0x2390 net/rds/send.c:1126 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007f39681f3c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f39681f46d4 RCX: 0000000000453a59 RDX: 0000000000000000 RSI: 0000000020dbf000 RDI: 0000000000000013 RBP: 000000000071bea0 R08: 0000000020b2d000 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004b9 R14: 00000000006f71f8 R15: 0000000000000000 CPU: 0 PID: 10039 Comm: syz-executor2 Not tainted 4.15.0+ #307 BUG: sleeping function called from invalid context at mm/slab.h:420 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 in_atomic(): 1, irqs_disabled(): 0, pid: 10038, name: syz-executor3 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 1 lock held by syz-executor3/10038: #0: ( rcu_read_lock should_failslab+0xec/0x120 mm/failslab.c:32 ){....} slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3365 [inline] __do_kmalloc mm/slab.c:3703 [inline] __kmalloc_track_caller+0x5f/0x760 mm/slab.c:3720 , at: [<00000000dc9ab2b2>] __rds_conn_create+0xe46/0x1b50 net/rds/connection.c:218 memdup_user+0x2c/0x90 mm/util.c:160 map_update_elem kernel/bpf/syscall.c:671 [inline] SYSC_bpf kernel/bpf/syscall.c:1872 [inline] SyS_bpf+0x1f48/0x4860 kernel/bpf/syscall.c:1843 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007f40df8c6c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007f40df8c76d4 RCX: 0000000000453a59 RDX: 0000000000000020 RSI: 00000000207f2fe0 RDI: 0000000000000002 RBP: 000000000071bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 R13: 0000000000000040 R14: 00000000006f06a0 R15: 0000000000000000 CPU: 1 PID: 10038 Comm: syz-executor3 Not tainted 4.15.0+ #307 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6128 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc_trace+0x299/0x740 mm/slab.c:3605 kmalloc include/linux/slab.h:512 [inline] kzalloc include/linux/slab.h:701 [inline] rds_loop_conn_alloc+0xc8/0x380 net/rds/loop.c:126 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 rds_sendmsg+0xda3/0x2390 net/rds/send.c:1126 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007f39681f3c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f39681f46d4 RCX: 0000000000453a59 RDX: 0000000000000000 RSI: 0000000020dbf000 RDI: 0000000000000013 RBP: 000000000071bea0 R08: 0000000020b2d000 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004b9 R14: 00000000006f71f8 R15: 0000000000000000 audit: type=1400 audit(1518303777.807:65): avc: denied { getrlimit } for pid=10120 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=process permissive=1 syz-executor7 (10237): /proc/10232/oom_adj is deprecated, please use /proc/10232/oom_score_adj instead. x86/PAT: syz-executor6:10285 map pfn RAM range req write-combining for [mem 0x1b43d0000-0x1b43d1fff], got write-back x86/PAT: syz-executor6:10311 map pfn RAM range req write-combining for [mem 0x1b3d50000-0x1b3d51fff], got write-back QAT: failed to copy from user cfg_data. QAT: failed to copy from user cfg_data. QAT: Invalid ioctl audit: type=1400 audit(1518303779.304:66): avc: denied { ipc_lock } for pid=10487 comm="syz-executor7" capability=14 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 QAT: Invalid ioctl audit: type=1400 audit(1518303779.669:67): avc: denied { call } for pid=10571 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 xt_CONNSECMARK: target only valid in the 'mangle' or 'security' tables, not 'filter'. binder_alloc: binder_alloc_mmap_handler: 10571 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 10571:10578 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 10, process died. audit: type=1400 audit(1518303780.109:68): avc: denied { setopt } for pid=10673 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59973 sclass=netlink_xfrm_socket pig=10906 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59973 sclass=netlink_xfrm_socket pig=10915 comm=syz-executor3 openvswitch: netlink: Flow set message rejected, Key attribute missing. openvswitch: netlink: Flow set message rejected, Key attribute missing. Cannot find add_set index 0 as target syz-executor5 uses obsolete (PF_INET,SOCK_PACKET) audit: type=1400 audit(1518303783.448:69): avc: denied { net_bind_service } for pid=11531 comm="syz-executor5" capability=10 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1518303783.561:70): avc: denied { getopt } for pid=11586 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 binder: 11621:11622 ioctl c018620b 2009cfe8 returned -14 audit: type=1400 audit(1518303783.803:71): avc: denied { create } for pid=11647 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 x_tables: ip_tables: osf match: only valid for protocol 6 x_tables: ip_tables: osf match: only valid for protocol 6 x_tables: ip_tables: osf match: only valid for protocol 6 binder: 11943:11948 transaction failed 29189/-22, size 0-0 line 2842 x_tables: ip_tables: osf match: only valid for protocol 6 binder: 11943:11948 transaction failed 29189/-22, size 0-0 line 2842 binder: undelivered TRANSACTION_ERROR: 29189 x_tables: ip_tables: osf match: only valid for protocol 6 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 12023 Comm: syz-executor7 Tainted: G W 4.15.0+ #307 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3539 sctp_bucket_create net/sctp/socket.c:7654 [inline] sctp_get_port_local+0x9cd/0x13b0 net/sctp/socket.c:7413 sctp_get_port+0x13f/0x1b0 net/sctp/socket.c:7462 inet_autobind+0xaa/0x180 net/ipv4/af_inet.c:182 inet_sendmsg+0x4de/0x5e0 net/ipv4/af_inet.c:761 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007fac4758ac68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007fac4758b6d4 RCX: 0000000000453a59 RDX: 0000000000000001 RSI: 000000002053a000 RDI: 0000000000000014 RBP: 000000000071bea0 R08: 0000000020a76000 R09: 000000000000001c R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 R13: 00000000000004ba R14: 00000000006f7210 R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 12042 Comm: syz-executor7 Tainted: G W 4.15.0+ #307 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 x_tables: ip_tables: osf match: only valid for protocol 6 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc_trace+0x4b/0x740 mm/slab.c:3605 kmalloc include/linux/slab.h:512 [inline] kzalloc include/linux/slab.h:701 [inline] sctp_add_bind_addr+0xd8/0x460 net/sctp/bind_addr.c:159 sctp_do_bind+0x312/0x540 net/sctp/socket.c:440 sctp_autobind+0x179/0x200 net/sctp/socket.c:7718 sctp_sendmsg+0x2a71/0x35e0 net/sctp/socket.c:1827 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:764 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007fac4758ac68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007fac4758b6d4 RCX: 0000000000453a59 RDX: 0000000000000001 RSI: 000000002053a000 RDI: 0000000000000014 RBP: 000000000071bea0 R08: 0000000020a76000 R09: 000000000000001c R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 R13: 00000000000004ba R14: 00000000006f7210 R15: 0000000000000001 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 12066 Comm: syz-executor7 Tainted: G W 4.15.0+ #307 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 x_tables: ip_tables: osf match: only valid for protocol 6 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc_trace+0x4b/0x740 mm/slab.c:3605 kmalloc include/linux/slab.h:512 [inline] kzalloc include/linux/slab.h:701 [inline] sctp_association_new+0x114/0x2130 net/sctp/associola.c:308