============================= netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. WARNING: suspicious RCU usage 4.15.0+ #308 Not tainted ----------------------------- ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section! other info that might help us debug this: netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor0/8462: #0: (rcu_read_lock){....}, at: [<0000000047b069cd>] __rds_conn_create+0xe46/0x1b50 net/rds/connection.c:218 stack backtrace: CPU: 0 PID: 8462 Comm: syz-executor0 Not tainted 4.15.0+ #308 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 rcu_preempt_sleep_check include/linux/rcupdate.h:301 [inline] ___might_sleep+0x385/0x470 kernel/sched/core.c:6093 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc+0x2a2/0x760 mm/slab.c:3539 rds_tcp_conn_alloc+0xa7/0x4e0 net/rds/tcp.c:296 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 rds_sendmsg+0xda3/0x2390 net/rds/send.c:1126 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2046 __sys_sendmsg+0xe5/0x210 net/socket.c:2080 SYSC_sendmsg net/socket.c:2091 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2087 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007fbdd6ae5c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fbdd6ae66d4 RCX: 0000000000453a59 RDX: 0000000000000000 RSI: 0000000020006fc8 RDI: 0000000000000013 RBP: 000000000071bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004b5 R14: 00000000006f7198 R15: 0000000000000000 BUG: sleeping function called from invalid context at mm/slab.h:420 in_atomic(): 1, irqs_disabled(): 0, pid: 8462, name: syz-executor0 1 lock held by syz-executor0/8462: #0: (rcu_read_lock){....}, at: [<0000000047b069cd>] __rds_conn_create+0xe46/0x1b50 net/rds/connection.c:218 CPU: 0 PID: 8462 Comm: syz-executor0 Not tainted 4.15.0+ #308 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6128 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc+0x2a2/0x760 mm/slab.c:3539 rds_tcp_conn_alloc+0xa7/0x4e0 net/rds/tcp.c:296 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 rds_sendmsg+0xda3/0x2390 net/rds/send.c:1126 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2046 __sys_sendmsg+0xe5/0x210 net/socket.c:2080 SYSC_sendmsg net/socket.c:2091 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2087 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007fbdd6ae5c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fbdd6ae66d4 RCX: 0000000000453a59 RDX: 0000000000000000 RSI: 0000000020006fc8 RDI: 0000000000000013 RBP: 000000000071bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004b5 R14: 00000000006f7198 R15: 0000000000000000 atomic_op 0000000065015ce0 conn xmit_atomic (null) netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. audit: type=1400 audit(1518380018.756:61): avc: denied { create } for pid=8568 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=72 sclass=netlink_xfrm_socket pig=8662 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=72 sclass=netlink_xfrm_socket pig=8662 comm=syz-executor2 SELinux: policydb magic number 0x942af8ae does not match expected magic number 0xf97cff8c audit: type=1400 audit(1518380019.226:62): avc: denied { create } for pid=8682 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 QAT: Invalid ioctl SELinux: failed to load policy audit: type=1400 audit(1518380019.268:63): avc: denied { read } for pid=8682 comm="syz-executor3" path="socket:[23153]" dev="sockfs" ino=23153 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 SELinux: policydb magic number 0x942af8ae does not match expected magic number 0xf97cff8c SELinux: failed to load policy QAT: Invalid ioctl BUG: sleeping function called from invalid context at mm/slab.h:420 in_atomic(): 1, irqs_disabled(): 0, pid: 8836, name: syz-executor4 1 lock held by syz-executor4/8836: #0: (rcu_read_lock){....}, at: [<0000000047b069cd>] __rds_conn_create+0xe46/0x1b50 net/rds/connection.c:218 CPU: 1 PID: 8836 Comm: syz-executor4 Tainted: G W 4.15.0+ #308 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6128 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc_trace+0x299/0x740 mm/slab.c:3605 kmalloc include/linux/slab.h:512 [inline] kzalloc include/linux/slab.h:701 [inline] rds_loop_conn_alloc+0xc8/0x380 net/rds/loop.c:126 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 rds_sendmsg+0xda3/0x2390 net/rds/send.c:1126 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007fcd4c880c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007fcd4c8816d4 RCX: 0000000000453a59 RDX: 0000000000000075 RSI: 0000000020ef2000 RDI: 0000000000000013 RBP: 000000000071bea0 R08: 0000000020e6bff0 R09: 0000000000000010 R10: 0000000000000040 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004b9 R14: 00000000006f71f8 R15: 0000000000000000 xt_connbytes: Forcing CT accounting to be enabled netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. device eql entered promiscuous mode skbuff: bad partial csum: csum=0/65535 len=28 xt_DSCP: dscp fc out of range xt_DSCP: dscp fc out of range IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 9pnet_virtio: no channels available for device ./file0 dccp_invalid_packet: P.Data Offset(118) too large dccp_invalid_packet: P.Data Offset(118) too large QAT: Invalid ioctl QAT: Invalid ioctl audit: type=1400 audit(1518380024.315:64): avc: denied { ioctl } for pid=9434 comm="syz-executor3" path="socket:[25128]" dev="sockfs" ino=25128 ioctlcmd=0x4503 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 audit: type=1400 audit(1518380024.347:65): avc: denied { create } for pid=9436 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_scsitransport_socket permissive=1 IPv6: Can't replace route, no match found IPv6: Can't replace route, no match found xt_connbytes: Forcing CT accounting to be enabled audit: type=1400 audit(1518380024.776:66): avc: denied { ioctl } for pid=9527 comm="syz-executor4" path="socket:[26198]" dev="sockfs" ino=26198 ioctlcmd=0x89b0 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 netlink: 57 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 57 bytes leftover after parsing attributes in process `syz-executor3'. audit: type=1400 audit(1518380025.211:67): avc: denied { map } for pid=9631 comm="syz-executor6" path="socket:[26284]" dev="sockfs" ino=26284 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=socket permissive=1 x_tables: ip6_tables: eui64 match: used from hooks PREROUTING/POSTROUTING, but only valid from PREROUTING/INPUT/FORWARD Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable x_tables: ip6_tables: eui64 match: used from hooks PREROUTING/POSTROUTING, but only valid from PREROUTING/INPUT/FORWARD audit: type=1400 audit(1518380025.277:68): avc: denied { getopt } for pid=9653 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1518380025.471:69): avc: denied { read } for pid=9706 comm="syz-executor4" path="socket:[25358]" dev="sockfs" ino=25358 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 TCP: request_sock_TCP: Possible SYN flooding on port 20014. Sending cookies. Check SNMP counters. audit: type=1400 audit(1518380026.222:70): avc: denied { net_admin } for pid=4222 comm="syz-executor6" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1518380026.227:71): avc: denied { net_raw } for pid=9886 comm="syz-executor4" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1518380026.318:72): avc: denied { net_admin } for pid=4218 comm="syz-executor3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1518380026.336:73): avc: denied { net_raw } for pid=9899 comm="syz-executor5" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 netlink: 'syz-executor0': attribute type 1 has an invalid length. netlink: 'syz-executor0': attribute type 1 has an invalid length. ALSA: seq fatal error: cannot create timer (-16) sctp: [Deprecated]: syz-executor5 (pid 10159) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor5 (pid 10159) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead