============================= WARNING: suspicious RCU usage 4.15.0-rc9+ #284 Not tainted ----------------------------- net/tipc/bearer.c:177 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor4/6563: #0: (cb_lock){++++}, at: [<000000003232da63>] genl_rcv+0x19/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000001a6b575c>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000001a6b575c>] genl_rcv_msg+0x115/0x140 net/netlink/genetlink.c:622 stack backtrace: CPU: 0 PID: 6563 Comm: syz-executor4 Not tainted 4.15.0-rc9+ #284 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4587 tipc_bearer_find+0x2b4/0x3b0 net/tipc/bearer.c:177 tipc_nl_compat_link_set+0x329/0x9f0 net/tipc/netlink_compat.c:729 __tipc_nl_compat_doit net/tipc/netlink_compat.c:288 [inline] tipc_nl_compat_doit+0x15b/0x670 net/tipc/netlink_compat.c:335 tipc_nl_compat_handle net/tipc/netlink_compat.c:1119 [inline] tipc_nl_compat_recv+0x1135/0x18f0 net/tipc/netlink_compat.c:1201 genl_family_rcv_msg+0x7b7/0xfb0 net/netlink/genetlink.c:599 genl_rcv_msg+0xb2/0x140 net/netlink/genetlink.c:624 netlink_rcv_skb+0x14b/0x380 net/netlink/af_netlink.c:2409 genl_rcv+0x28/0x40 net/netlink/genetlink.c:635 netlink_unicast_kernel net/netlink/af_netlink.c:1275 [inline] netlink_unicast+0x4ee/0x700 net/netlink/af_netlink.c:1301 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1864 sock_sendmsg_nosec net/socket.c:638 [inline] sock_sendmsg+0xca/0x110 net/socket.c:648 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2028 __sys_sendmsg+0xe5/0x210 net/socket.c:2062 SYSC_sendmsg net/socket.c:2073 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2069 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007f5d44b27c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299 RDX: 0000000000000000 RSI: 0000000020003000 RDI: 0000000000000013 RBP: 0000000000000627 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f8448 R13: 00000000ffffffff R14: 00007f5d44b286d4 R15: 0000000000000000 device eql entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl sctp: [Deprecated]: syz-executor0 (pid 6719) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor0 (pid 6727) Use of int in maxseg socket option. Use struct sctp_assoc_value instead SELinux: unrecognized netlink message: protocol=4 nlmsg_type=28 sclass=netlink_tcpdiag_socket pig=6742 comm=syz-executor2 Protocol error: SET target dimension is over the limit! Protocol error: SET target dimension is over the limit! binder: 7035:7039 transaction failed 29189/-22, size 0-0 line 2788 binder: undelivered TRANSACTION_ERROR: 29189 binder: 7035:7039 ERROR: BC_REGISTER_LOOPER called without request binder: 7039 RLIMIT_NICE not set binder: 7035:7039 transaction failed 29189/-22, size 0-0 line 2788 binder_alloc: binder_alloc_mmap_handler: 7035 20000000-20002000 already mapped failed -16 binder: 7035:7059 ERROR: BC_REGISTER_LOOPER called without request binder: 7059 RLIMIT_NICE not set binder: 7078:7084 Release 1 refcount change on invalid ref 4 ret -22 binder: 7078:7084 got reply transaction with no transaction stack binder: 7078:7084 transaction failed 29201/-71, size 80-40 line 2703 binder: 7084 RLIMIT_NICE not set binder: 7078:7084 Release 1 refcount change on invalid ref 4 ret -22 binder: 7078:7084 got reply transaction with no transaction stack binder: 7078:7084 transaction failed 29201/-71, size 80-40 line 2703 binder: 7084 RLIMIT_NICE not set binder: undelivered TRANSACTION_ERROR: 29189 binder: 7119:7126 ERROR: BC_REGISTER_LOOPER called without request binder: 7119:7132 ERROR: BC_REGISTER_LOOPER called without request xt_LED: No 'id' parameter given. kauditd_printk_skb: 78 callbacks suppressed audit: type=1326 audit(1517209132.874:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7231 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209132.874:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7231 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209132.875:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7231 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=41 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209132.876:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7231 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209132.882:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7231 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209132.883:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7231 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=59 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209132.887:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7231 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209132.890:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7231 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=47 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209132.892:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7231 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209132.893:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7231 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=136 compat=0 ip=0x453299 code=0x7ffc0000 xt_LED: No 'id' parameter given. QAT: Invalid ioctl QAT: Invalid ioctl device eql entered promiscuous mode binder: send failed reply for transaction 12 to 7491:7496 binder: 7491:7496 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 7491:7496 BC_INCREFS_DONE u00000000204edf8a node 13 cookie mismatch 0000000000000000 != 0000000000000001 device eql entered promiscuous mode binder: 7491:7515 BC_INCREFS_DONE node 17 has no pending increfs request binder: release 7491:7515 transaction 16 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 16, target dead sock: sock_set_timeout: `syz-executor4' (pid 7551) tries to set negative timeout sock: sock_set_timeout: `syz-executor4' (pid 7560) tries to set negative timeout device eql entered promiscuous mode x_tables: ip_tables: icmp match: only valid for protocol 1 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=24909 sclass=netlink_xfrm_socket pig=7624 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=24909 sclass=netlink_xfrm_socket pig=7625 comm=syz-executor1 sctp: [Deprecated]: syz-executor4 (pid 7621) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead x_tables: ip_tables: icmp match: only valid for protocol 1 sctp: [Deprecated]: syz-executor4 (pid 7621) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead binder: 7752 RLIMIT_NICE not set binder: 7752 RLIMIT_NICE not set binder: release 7747:7752 transaction 20 in, still active binder: send failed reply for transaction 20 to 7747:7760 binder: BINDER_SET_CONTEXT_MGR already set binder: 7747:7760 unknown command 0 binder: 7747:7760 ioctl c0306201 2000a000 returned -22 binder: 7747:7752 ioctl 40046207 0 returned -16 binder_alloc: 7747: binder_alloc_buf, no vma binder: 7747:7764 transaction failed 29189/-3, size 0-0 line 2903 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 Protocol error: SET target dimension is over the limit! device eql entered promiscuous mode dccp_close: ABORT with 4294967275 bytes unread netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. QAT: Invalid ioctl binder: 8116:8123 IncRefs 0 refcount change on invalid ref 0 ret -22 QAT: Invalid ioctl l2tp_core: tunl 59: sockfd_lookup(fd=0) returned -88 binder: 8116:8123 BC_FREE_BUFFER u0000000000000000 no match l2tp_core: tunl 59: sockfd_lookup(fd=0) returned -88 binder: 8116:8123 unknown command 0 binder: 8116:8123 ioctl c0306201 2098ffd0 returned -22 binder: 8116:8135 IncRefs 0 refcount change on invalid ref 0 ret -22 binder: 8116:8135 BC_FREE_BUFFER u0000000000000000 no match binder: 8116:8135 got transaction to invalid handle binder: 8116:8135 transaction failed 29201/-22, size 0-0 line 2788 device eql entered promiscuous mode TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. dccp_invalid_packet: P.Data Offset(4) too small dccp_invalid_packet: P.Data Offset(4) too small binder: 8424 RLIMIT_NICE not set binder_alloc: 8419: binder_alloc_buf, no vma binder: 8419:8425 transaction failed 29189/-3, size 0-0 line 2903 binder: BINDER_SET_CONTEXT_MGR already set binder: 8419:8427 ioctl 40046207 0 returned -16 binder: 8426 RLIMIT_NICE not set binder_alloc: 8419: binder_alloc_buf, no vma binder: 8419:8428 transaction failed 29189/-3, size 0-0 line 2903 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 netlink: 'syz-executor2': attribute type 1 has an invalid length. netlink: 'syz-executor2': attribute type 1 has an invalid length. kauditd_printk_skb: 46 callbacks suppressed audit: type=1326 audit(1517209139.021:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8482 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209139.071:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8482 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=55 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209139.073:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8482 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209139.075:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8482 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209139.103:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8482 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209139.103:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8482 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209139.104:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8482 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209139.107:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8482 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=317 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209139.128:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8482 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517209139.128:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8482 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 device eql entered promiscuous mode