=============================
WARNING: suspicious RCU usage
4.16.0-rc5+ #352 Not tainted
-----------------------------
./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor5/6511:
 #0:  (sk_lock-AF_INET6){+.+.}, at: [<0000000091aa9404>] lock_sock include/net/sock.h:1463 [inline]
 #0:  (sk_lock-AF_INET6){+.+.}, at: [<0000000091aa9404>] do_ipv6_setsockopt.isra.8+0x23d/0x39d0 net/ipv6/ipv6_sockglue.c:167

stack backtrace:
CPU: 0 PID: 6511 Comm: syz-executor5 Not tainted 4.16.0-rc5+ #352
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x24d lib/dump_stack.c:53
 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592
 ireq_opt_deref include/net/inet_sock.h:135 [inline]
 inet_csk_route_req+0x824/0xca0 net/ipv4/inet_connection_sock.c:543
 dccp_v4_send_response+0xa7/0x650 net/dccp/ipv4.c:485
 dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633
 dccp_v6_conn_request+0xd30/0x1410 net/dccp/ipv6.c:317
 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612
 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682
 dccp_v6_do_rcv+0x86a/0xa70 net/dccp/ipv6.c:578
 sk_backlog_rcv include/net/sock.h:908 [inline]
 __release_sock+0x124/0x360 net/core/sock.c:2271
 release_sock+0xa4/0x2a0 net/core/sock.c:2786
 do_ipv6_setsockopt.isra.8+0x50a/0x39d0 net/ipv6/ipv6_sockglue.c:898
 ipv6_setsockopt+0xd7/0x130 net/ipv6/ipv6_sockglue.c:922
 dccp_setsockopt+0x85/0xd0 net/dccp/proto.c:576
 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975
 SYSC_setsockopt net/socket.c:1849 [inline]
 SyS_setsockopt+0x189/0x360 net/socket.c:1828
 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x453e69
RSP: 002b:00007f3b69e32c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f3b69e336d4 RCX: 0000000000453e69
RDX: 0000000000000023 RSI: 0000000000000029 RDI: 0000000000000013
RBP: 000000000072bea0 R08: 00000000000000e8 R09: 0000000000000000
R10: 0000000020000300 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000512 R14: 00000000006f7a50 R15: 0000000000000000

=============================
WARNING: suspicious RCU usage
4.16.0-rc5+ #352 Not tainted
-----------------------------
./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor5/6511:
 #0:  (sk_lock-AF_INET6){+.+.}, at: [<0000000091aa9404>] lock_sock include/net/sock.h:1463 [inline]
 #0:  (sk_lock-AF_INET6){+.+.}, at: [<0000000091aa9404>] do_ipv6_setsockopt.isra.8+0x23d/0x39d0 net/ipv6/ipv6_sockglue.c:167

stack backtrace:
CPU: 0 PID: 6511 Comm: syz-executor5 Not tainted 4.16.0-rc5+ #352
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x24d lib/dump_stack.c:53
 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592
 ireq_opt_deref include/net/inet_sock.h:135 [inline]
 dccp_v4_send_response+0x4b6/0x650 net/dccp/ipv4.c:496
 dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633
 dccp_v6_conn_request+0xd30/0x1410 net/dccp/ipv6.c:317
 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612
 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682
 dccp_v6_do_rcv+0x86a/0xa70 net/dccp/ipv6.c:578
 sk_backlog_rcv include/net/sock.h:908 [inline]
 __release_sock+0x124/0x360 net/core/sock.c:2271
 release_sock+0xa4/0x2a0 net/core/sock.c:2786
 do_ipv6_setsockopt.isra.8+0x50a/0x39d0 net/ipv6/ipv6_sockglue.c:898
 ipv6_setsockopt+0xd7/0x130 net/ipv6/ipv6_sockglue.c:922
 dccp_setsockopt+0x85/0xd0 net/dccp/proto.c:576
 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975
 SYSC_setsockopt net/socket.c:1849 [inline]
 SyS_setsockopt+0x189/0x360 net/socket.c:1828
 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x453e69
RSP: 002b:00007f3b69e32c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f3b69e336d4 RCX: 0000000000453e69
RDX: 0000000000000023 RSI: 0000000000000029 RDI: 0000000000000013
RBP: 000000000072bea0 R08: 00000000000000e8 R09: 0000000000000000
R10: 0000000020000300 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000512 R14: 00000000006f7a50 R15: 0000000000000000
netlink: 'syz-executor1': attribute type 29 has an invalid length.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 'syz-executor1': attribute type 29 has an invalid length.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 'syz-executor1': attribute type 29 has an invalid length.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 'syz-executor1': attribute type 29 has an invalid length.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'.
kauditd_printk_skb: 2330 callbacks suppressed
audit: type=1400 audit(1520925870.233:2483): avc:  denied  { net_admin } for  pid=4283 comm="syz-executor0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520925870.233:2484): avc:  denied  { net_admin } for  pid=4289 comm="syz-executor6" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520925870.236:2485): avc:  denied  { net_admin } for  pid=4283 comm="syz-executor0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520925870.239:2486): avc:  denied  { map } for  pid=6633 comm="modprobe" path="/etc/ld.so.cache" dev="sda1" ino=2503 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
audit: type=1400 audit(1520925870.264:2487): avc:  denied  { map } for  pid=6614 comm="modprobe" path="/lib/x86_64-linux-gnu/libc-2.13.so" dev="sda1" ino=2784 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
audit: type=1400 audit(1520925870.266:2488): avc:  denied  { net_admin } for  pid=4283 comm="syz-executor0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520925870.269:2489): avc:  denied  { map } for  pid=6633 comm="modprobe" path="/lib/x86_64-linux-gnu/libkmod.so.2.1.3" dev="sda1" ino=2811 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
audit: type=1400 audit(1520925870.272:2490): avc:  denied  { net_admin } for  pid=4283 comm="syz-executor0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520925870.276:2491): avc:  denied  { map } for  pid=6633 comm="modprobe" path="/lib/x86_64-linux-gnu/libkmod.so.2.1.3" dev="sda1" ino=2811 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
audit: type=1400 audit(1520925870.279:2492): avc:  denied  { net_admin } for  pid=4283 comm="syz-executor0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
QAT: Invalid ioctl
QAT: Invalid ioctl
syz-executor1 (6712): /proc/6706/oom_adj is deprecated, please use /proc/6706/oom_score_adj instead.
binder: 6736:6741 ioctl c0306201 20004000 returned -14
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6736:6749 ioctl c0306201 20007fd0 returned -14
binder_alloc: binder_alloc_mmap_handler: 6736 20000000-20001000 already mapped failed -16
binder: 6736:6747 ioctl 40046207 0 returned -16
binder_alloc: 6736: binder_alloc_buf, no vma
binder: 6736:6753 transaction failed 29189/-3, size 0-0 line 2963
binder: release 6736:6741 transaction 2 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
binder: send failed reply for transaction 2, target dead
kernel msg: ebtables bug: please report to author: Wrong len argument
kernel msg: ebtables bug: please report to author: Wrong len argument
SELinux:  policydb string length 855638024 does not match expected length 8
SELinux: failed to load policy
SELinux:  policydb string length 855638024 does not match expected length 8
SELinux: failed to load policy
xt_cluster: you have exceeded the maximum number of cluster nodes (1377 > 32)
xt_cluster: you have exceeded the maximum number of cluster nodes (1377 > 32)
sctp: [Deprecated]: syz-executor2 (pid 7015) Use of int in maxseg socket option.
Use struct sctp_assoc_value instead
QAT: Invalid ioctl
SELinux: failed to load policy
QAT: Invalid ioctl
QAT: Invalid ioctl
binder_alloc: binder_alloc_mmap_handler: 7008 20000000-20002000 already mapped failed -16
SELinux: failed to load policy
sctp: [Deprecated]: syz-executor2 (pid 7031) Use of int in maxseg socket option.
Use struct sctp_assoc_value instead
QAT: Invalid ioctl
netlink: 'syz-executor1': attribute type 6 has an invalid length.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 'syz-executor1': attribute type 6 has an invalid length.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'.
binder: 7167:7172 got transaction with invalid handle, 0
binder: 7167:7172 transaction failed 29201/-22, size 56-8 line 3055
*** Guest State ***
CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
CR3 = 0x00000000fffbc000
RSP = 0x0000000000000000  RIP = 0x000000000000fff0
RFLAGS=0x00000002         DR7 = 0x0000000000000400
Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
binder: BINDER_SET_CONTEXT_MGR already set
GDTR:                           limit=0x0000ffff, base=0x0000000000000000
binder_alloc: binder_alloc_mmap_handler: 7167 20000000-20002000 already mapped failed -16
LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
IDTR:                           limit=0x0000ffff, base=0x0000000000000000
TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
EFER =     0x0000000000000000  PAT = 0x0007040600070406
DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
Interruptibility = 00000000  ActivityState = 00000000
*** Host State ***
RIP = 0xffffffff811cda46  RSP = 0xffff8801a171f3b8
CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
FSBase=00007f3b69e33700 GSBase=ffff8801db300000 TRBase=fffffe0000034000
binder: 7167:7203 ioctl 40046207 0 returned -16
GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
CR0=0000000080050033 CR3=00000001d4a65004 CR4=00000000001626e0
Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff85e01630
EFER = 0x0000000000000d01  PAT = 0x0000000000000000
*** Control State ***
PinBased=0000003f CPUBased=b599edfe SecondaryExec=000000c2
EntryControls=0000d1ff ExitControls=0023efff
ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
        reason=80000021 qualification=0000000000000000
IDTVectoring: info=00000000 errcode=00000000
TSC Offset = 0xffffffe0cacca88e
EPT pointer = 0x00000001c43f401e
binder: BINDER_SET_CONTEXT_MGR already set
binder: 7204:7207 ioctl c0306201 20008000 returned -14
binder_alloc: 7167: binder_alloc_buf, no vma
binder: 7204:7206 ioctl 40046207 0 returned -16
binder: 7167:7209 transaction failed 29189/-3, size 56-8 line 2963
binder: undelivered TRANSACTION_ERROR: 29201
binder: 7204:7206 ioctl c010640c 20000080 returned -22
binder_alloc: binder_alloc_mmap_handler: 7204 20000000-20002000 already mapped failed -16
binder: 7204:7207 ioctl c0306201 20008000 returned -14
binder: undelivered TRANSACTION_ERROR: 29189
binder: 7204:7211 ioctl c010640c 20000080 returned -22
QAT: Invalid ioctl
QAT: Invalid ioctl
kauditd_printk_skb: 2574 callbacks suppressed
audit: type=1400 audit(1520925875.329:2784): avc:  denied  { map_create } for  pid=7432 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
audit: type=1400 audit(1520925875.367:2785): avc:  denied  { map } for  pid=7453 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
audit: type=1400 audit(1520925875.401:2786): avc:  denied  { setattr } for  pid=7434 comm="syz-executor0" name="pagemap" dev="proc" ino=19631 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=file permissive=1
audit: type=1400 audit(1520925875.406:2787): avc:  denied  { getopt } for  pid=7459 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1520925875.408:2788): avc:  denied  { write } for  pid=7459 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1520925875.429:2789): avc:  denied  { map_read map_write } for  pid=7462 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
audit: type=1400 audit(1520925875.583:2790): avc:  denied  { net_admin } for  pid=4291 comm="syz-executor2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520925875.627:2791): avc:  denied  { net_raw } for  pid=7463 comm="syz-executor6" capability=13  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520925875.830:2792): avc:  denied  { prog_load } for  pid=7530 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
audit: type=1400 audit(1520925875.885:2793): avc:  denied  { set_context_mgr } for  pid=7545 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
binder: 7545:7550 unknown command -931489811
binder: 7545:7550 ioctl c0306201 20012000 returned -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 7545:7546 ioctl 40046207 0 returned -16