============================= WARNING: suspicious RCU usage 4.16.0-rc3+ #333 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor1/12619: #0: (rtnl_mutex){+.+.}, at: [<0000000007ce379e>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 #1: (sk_lock-AF_INET6){+.+.}, at: [<0000000021398e4a>] lock_sock include/net/sock.h:1463 [inline] #1: (sk_lock-AF_INET6){+.+.}, at: [<0000000021398e4a>] do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167 stack backtrace: CPU: 1 PID: 12619 Comm: syz-executor1 Not tainted 4.16.0-rc3+ #333 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 ireq_opt_deref include/net/inet_sock.h:135 [inline] inet_csk_route_req+0x824/0xca0 net/ipv4/inet_connection_sock.c:543 dccp_v4_send_response+0xa7/0x650 net/dccp/ipv4.c:485 dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1410 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x86a/0xa70 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:908 [inline] __release_sock+0x124/0x360 net/core/sock.c:2271 release_sock+0xa4/0x2a0 net/core/sock.c:2786 do_ipv6_setsockopt.isra.8+0x50a/0x39d0 net/ipv6/ipv6_sockglue.c:898 ipv6_setsockopt+0xd7/0x130 net/ipv6/ipv6_sockglue.c:922 dccp_setsockopt+0x85/0xd0 net/dccp/proto.c:576 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x453d69 RSP: 002b:00007fb1ac7e1c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007fb1ac7e26d4 RCX: 0000000000453d69 RDX: 000000000000002f RSI: 0000000000000029 RDI: 0000000000000015 RBP: 000000000072bf58 R08: 0000000000000108 R09: 0000000000000000 R10: 0000000020000440 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000509 R14: 00000000006f7978 R15: 0000000000000001 ============================= WARNING: suspicious RCU usage 4.16.0-rc3+ #333 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor1/12619: #0: (rtnl_mutex){+.+.}, at: [<0000000007ce379e>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 #1: (sk_lock-AF_INET6){+.+.}, at: [<0000000021398e4a>] lock_sock include/net/sock.h:1463 [inline] #1: (sk_lock-AF_INET6){+.+.}, at: [<0000000021398e4a>] do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167 stack backtrace: CPU: 1 PID: 12619 Comm: syz-executor1 Not tainted 4.16.0-rc3+ #333 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 ireq_opt_deref include/net/inet_sock.h:135 [inline] dccp_v4_send_response+0x4b6/0x650 net/dccp/ipv4.c:496 dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1410 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x86a/0xa70 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:908 [inline] __release_sock+0x124/0x360 net/core/sock.c:2271 release_sock+0xa4/0x2a0 net/core/sock.c:2786 do_ipv6_setsockopt.isra.8+0x50a/0x39d0 net/ipv6/ipv6_sockglue.c:898 ipv6_setsockopt+0xd7/0x130 net/ipv6/ipv6_sockglue.c:922 dccp_setsockopt+0x85/0xd0 net/dccp/proto.c:576 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x453d69 RSP: 002b:00007fb1ac7e1c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007fb1ac7e26d4 RCX: 0000000000453d69 RDX: 000000000000002f RSI: 0000000000000029 RDI: 0000000000000015 RBP: 000000000072bf58 R08: 0000000000000108 R09: 0000000000000000 R10: 0000000020000440 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000509 R14: 00000000006f7978 R15: 0000000000000001 netlink: 'syz-executor5': attribute type 18 has an invalid length. netlink: 'syz-executor5': attribute type 18 has an invalid length. Dead loop on virtual device ip6_vti0, fix it urgently! CUSE: DEVNAME unspecified Dead loop on virtual device ip6_vti0, fix it urgently! IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready 8021q: adding VLAN 0 to HW filter on device bond0 IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready binder: 13117:13128 unknown command 124347123 binder: 13117:13128 ioctl c0306201 20007000 returned -22 binder_alloc: binder_alloc_mmap_handler: 13117 20000000-20002000 already mapped failed -16 binder: 13117:13141 unknown command 124347123 binder: BINDER_SET_CONTEXT_MGR already set binder: 13117:13141 ioctl c0306201 20007000 returned -22 binder: 13117:13128 ioctl 40046207 0 returned -16 audit: type=1400 audit(1519868216.154:82): avc: denied { bind } for pid=13219 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=socket permissive=1 netlink: 6 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 6 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor3'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pig=13326 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pig=13337 comm=syz-executor6 audit: type=1400 audit(1519868216.480:83): avc: denied { fsetid } for pid=13320 comm="syz-executor1" capability=4 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 binder: 13377:13390 ioctl c0306201 20000240 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 13377:13394 ioctl 40046207 0 returned -16 binder: 13377:13400 ioctl c0306201 20000240 returned -14 binder: 13440:13443 ioctl c0306201 20008000 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 13440:13452 ioctl 40046207 0 returned -16 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=24 sclass=netlink_audit_socket pig=13570 comm=syz-executor5 netlink: 'syz-executor0': attribute type 1 has an invalid length. binder_alloc: binder_alloc_mmap_handler: 13687 20000000-20003000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 13687:13688 ioctl 40046207 0 returned -16 binder_alloc: 13687: binder_alloc_buf, no vma binder: 13687:13697 transaction failed 29189/-3, size 0-0 line 2963 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 13687:13688 transaction 25 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 25, target dead xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0 audit: type=1400 audit(1519868219.054:84): avc: denied { relabelto } for pid=13892 comm="syz-executor7" name="UDPv6" dev="sockfs" ino=35217 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:netcontrol_device_t:s0 tclass=udp_socket permissive=1 audit: type=1400 audit(1519868219.232:85): avc: denied { getattr } for pid=13933 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=18098 sclass=netlink_route_socket pig=14031 comm=syz-executor1 binder: 14103:14107 transaction failed 29189/-22, size 0-0 line 2848 binder: 14103:14107 ioctl c0306201 2001bfd0 returned -14 binder: 14103:14107 transaction failed 29189/-22, size 0-0 line 2848 binder: undelivered TRANSACTION_ERROR: 29189 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=46 sclass=netlink_xfrm_socket pig=14136 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=46 sclass=netlink_xfrm_socket pig=14136 comm=syz-executor4 audit: type=1400 audit(1519868220.885:86): avc: denied { setfcap } for pid=14314 comm="vboxnet1(" capability=31 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 kernel msg: ebtables bug: please report to author: Wrong len argument kernel msg: ebtables bug: please report to author: entry offsets not in right order xt_connbytes: Forcing CT accounting to be enabled x_tables: ip_tables: SNAT target: used from hooks PREROUTING/POSTROUTING, but only usable from INPUT/POSTROUTING binder: 14651:14659 BC_CLEAR_DEATH_NOTIFICATION invalid ref -1915424296 binder: BINDER_SET_CONTEXT_MGR already set binder: 14651:14659 ioctl 40046207 0 returned -16 binder: 14651:14694 BC_CLEAR_DEATH_NOTIFICATION invalid ref -1915424296