9pnet: Could not find request transport: føÿrfdno=0x0000000000000003 ============================= syz-executor.1 cpuset=syz1 mems_allowed=0-1 WARNING: suspicious RCU usage 4.14.141 #37 Not tainted CPU: 0 PID: 10836 Comm: syz-executor.1 Not tainted 4.14.141 #37 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x138/0x197 lib/dump_stack.c:53 warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3248 __vmalloc_node_range mm/vmalloc.c:1786 [inline] __vmalloc_node_range+0x3c3/0x6a0 mm/vmalloc.c:1746 __vmalloc_node mm/vmalloc.c:1815 [inline] __vmalloc_node_flags mm/vmalloc.c:1829 [inline] vmalloc+0x46/0x50 mm/vmalloc.c:1851 sel_write_load+0x1a0/0x1050 security/selinux/selinuxfs.c:495 __vfs_write+0x105/0x6b0 fs/read_write.c:480 vfs_write+0x198/0x500 fs/read_write.c:544 SYSC_write fs/read_write.c:590 [inline] SyS_write+0xfd/0x230 fs/read_write.c:582 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x459879 RSP: 002b:00007fc8d5992c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc8d59936d4 R13: 00000000004c9b08 R14: 00000000004e1248 R15: 00000000ffffffff ----------------------------- net/tipc/bearer.c:177 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor.4/10839: #0: (cb_lock){++++}, at: [] genl_rcv+0x1a/0x40 net/netlink/genetlink.c:635 Mem-Info: active_anon:130345 inactive_anon:10872 isolated_anon:0 active_file:12905 inactive_file:11505 isolated_file:0 unevictable:1024 dirty:350 writeback:0 unstable:0 slab_reclaimable:12824 slab_unreclaimable:109258 mapped:59037 shmem:250 pagetables:2382 bounce:0 free:1241905 free_pcp:185 free_cma:0 #1: (genl_mutex){+.+.}, at: [] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [] genl_rcv_msg+0x119/0x150 net/netlink/genetlink.c:623 stack backtrace: CPU: 0 PID: 10839 Comm: syz-executor.4 Not tainted 4.14.141 #37 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x138/0x197 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:4662 tipc_bearer_find+0x20a/0x300 net/tipc/bearer.c:177 tipc_nl_compat_link_set+0x433/0xbf0 net/tipc/netlink_compat.c:797 __tipc_nl_compat_doit net/tipc/netlink_compat.c:306 [inline] tipc_nl_compat_doit+0x1a2/0x550 net/tipc/netlink_compat.c:354 tipc_nl_compat_handle net/tipc/netlink_compat.c:1198 [inline] tipc_nl_compat_recv+0x9ec/0xb20 net/tipc/netlink_compat.c:1280 genl_family_rcv_msg+0x614/0xc30 net/netlink/genetlink.c:600 genl_rcv_msg+0xb4/0x150 net/netlink/genetlink.c:625 netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432 genl_rcv+0x29/0x40 net/netlink/genetlink.c:636 netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline] netlink_unicast+0x45d/0x640 net/netlink/af_netlink.c:1312 netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xce/0x110 net/socket.c:656 ___sys_sendmsg+0x70a/0x840 net/socket.c:2062 __sys_sendmsg+0xb9/0x140 net/socket.c:2096 SYSC_sendmsg net/socket.c:2107 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2103 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 Node 0 active_anon:521380kB inactive_anon:43488kB active_file:51476kB inactive_file:46020kB unevictable:4096kB isolated(anon):0kB isolated(file):0kB mapped:236148kB dirty:1392kB writeback:0kB shmem:1000kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 212992kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no entry_SYSCALL_64_after_hwframe+0x42/0xb7 Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no RIP: 0033:0x459879 RSP: 002b:00007ffbce050c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffbce0516d4 R13: 00000000004c7492 R14: 00000000004dcbe0 R15: 00000000ffffffff Node 0 DMA free:15908kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2580 2580 2580 Node 0 DMA32 free:1163304kB min:36468kB low:45584kB high:54700kB active_anon:523376kB inactive_anon:43484kB active_file:51476kB inactive_file:46020kB unevictable:4096kB writepending:1392kB present:3129332kB managed:2644888kB mlocked:4096kB kernel_stack:9248kB pagetables:9572kB bounce:0kB free_pcp:1028kB local_pcp:536kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 1 Normal free:3786256kB min:53420kB low:66772kB high:80124kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:8kB present:3932160kB managed:3870208kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 3486*4kB (UME) 352*8kB (UME) 324*16kB (UME) 220*32kB (UME) 46*64kB (UM) 105*128kB (UME) 38*256kB (UME) 8*512kB (UM) 1*1024kB (M) 3*2048kB (M) 269*4096kB (UM) = 1168184kB Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB Node 1 Normal: 44*4kB (UME) 318*8kB (UE) 265*16kB (UME) 51*32kB (UME) 16*64kB (UME) 11*128kB (UE) 3*256kB (UM) 4*512kB (UE) 2*1024kB (ME) 5*2048kB (UME) 918*4096kB (M) = 3786256kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 24659 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 333228 pages reserved 0 pages cma reserved syz-executor.1: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) syz-executor.1 cpuset=syz1 mems_allowed=0-1 CPU: 1 PID: 10832 Comm: syz-executor.1 Not tainted 4.14.141 #37 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x138/0x197 lib/dump_stack.c:53 warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3248 __vmalloc_node_range mm/vmalloc.c:1786 [inline] __vmalloc_node_range+0x3c3/0x6a0 mm/vmalloc.c:1746 __vmalloc_node mm/vmalloc.c:1815 [inline] __vmalloc_node_flags mm/vmalloc.c:1829 [inline] vmalloc+0x46/0x50 mm/vmalloc.c:1851 sel_write_load+0x1a0/0x1050 security/selinux/selinuxfs.c:495 __vfs_write+0x105/0x6b0 fs/read_write.c:480 vfs_write+0x198/0x500 fs/read_write.c:544 SYSC_write fs/read_write.c:590 [inline] SyS_write+0xfd/0x230 fs/read_write.c:582 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 audit: type=1804 audit(1567256223.408:85): pid=10882 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir951997751/syzkaller.sAVB2I/130/bus" dev="sda1" ino=17001 res=1 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x459879 RSP: 002b:00007fc8d5992c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc8d59936d4 R13: 00000000004c9b08 R14: 00000000004e1248 R15: 00000000ffffffff mkiss: ax0: crc mode is auto. FAT-fs (loop0): Unrecognized mount option "shortname=LÛxed" or missing value SQUASHFS error: squashfs_read_data failed to read block 0x0 squashfs: SQUASHFS error: unable to read squashfs_super_block audit: type=1400 audit(1567256224.708:86): avc: denied { sys_ptrace } for pid=10948 comm="ps" capability=19 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=cap_userns permissive=1 FAT-fs (loop0): Unrecognized mount option "shortname=LÛxed" or missing value SQUASHFS error: squashfs_read_data failed to read block 0x0 squashfs: SQUASHFS error: unable to read squashfs_super_block vhci_hcd: default hub control req: 3000 v0000 i0000 l0 vhci_hcd: default hub control req: 3000 v0000 i0000 l0 IPVS: ftp: loaded support on port[0] = 21 audit: type=1400 audit(1567256226.898:87): avc: denied { map } for pid=11033 comm="syz-executor.1" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13263 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state device hsr_slave_1 left promiscuous mode device hsr_slave_0 left promiscuous mode team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed bond0 (unregistering): Releasing backup interface bond_slave_1 bond0 (unregistering): Releasing backup interface bond_slave_0 bond0 (unregistering): Released all slaves rxrpc: AF_RXRPC: Leaked local ffff8880936f1200 {1} ------------[ cut here ]------------ kernel BUG at net/rxrpc/local_object.c:405! invalid opcode: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 1 PID: 22 Comm: kworker/u4:1 Not tainted 4.14.141 #37 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net task: ffff8880a9e3c5c0 task.stack: ffff8880a9e48000 RIP: 0010:rxrpc_destroy_all_locals+0xee/0xfa net/rxrpc/local_object.c:405 RSP: 0018:ffff8880a9e4fbc8 EFLAGS: 00010292 RAX: dffffc0000000000 RBX: ffff888065270900 RCX: 0000000000000003 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000286 RBP: ffff8880a9e4fbf0 R08: fffffbfff12356e0 R09: ffff8880a9e3c5c0 R10: dffffc0000000000 R11: 0000000000000000 R12: ffff888065270920 R13: ffff888065270920 R14: ffff888065270930 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000a75e58 CR3: 0000000098ccf000 CR4: 00000000001426e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Call Trace: rxrpc_exit_net+0x15d/0x270 net/rxrpc/net_ns.c:78 ops_exit_list.isra.0+0xaa/0x150 net/core/net_namespace.c:142 cleanup_net+0x3ba/0x880 net/core/net_namespace.c:484 process_one_work+0x863/0x1600 kernel/workqueue.c:2114 worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248 kthread+0x319/0x430 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 Code: 00 00 00 00 00 fc ff df 48 83 eb 20 e8 1c 98 c6 fb 4c 8d 6b 20 4d 39 ec 0f 85 52 00 00 00 e8 0a 98 c6 fb 4c 89 f7 e8 82 ea 84 00 <0f> 0b 4c 89 e7 e8 28 48 f0 fb eb c0 e8 f1 97 c6 fb 48 c7 c7 40 RIP: rxrpc_destroy_all_locals+0xee/0xfa net/rxrpc/local_object.c:405 RSP: ffff8880a9e4fbc8 ---[ end trace 8efdf094ba9a5dfb ]---