binder: 8940:8942 ioctl ae 20000100 returned -22 veth1: Invalid MTU -5 requested, hw min 68 veth1: Invalid MTU -5 requested, hw min 68 ============================= WARNING: suspicious RCU usage 4.17.0-rc7+ #78 Not tainted ----------------------------- include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor3/8958: #0: 00000000e9ed5b03 (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1469 [inline] #0: 00000000e9ed5b03 (sk_lock-AF_INET6){+.+.}, at: sock_fasync+0x85/0x220 net/socket.c:1173 stack backtrace: CPU: 0 PID: 8958 Comm: syz-executor3 Not tainted 4.17.0-rc7+ #78 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 lockdep_rcu_suspicious+0x14a/0x153 kernel/locking/lockdep.c:4592 ireq_opt_deref include/net/inet_sock.h:135 [inline] inet_csk_route_req+0x957/0xda0 net/ipv4/inet_connection_sock.c:543 binder: 8940:8942 unknown command 0 dccp_v4_send_response+0xac/0x6c0 net/dccp/ipv4.c:485 binder: 8940:8942 ioctl c0306201 20007000 returned -22 dccp_v4_conn_request+0xc66/0x1360 net/dccp/ipv4.c:634 binder: 8940:8942 ioctl 400454cb 1 returned -22 dccp_v6_conn_request+0xda3/0x1640 net/dccp/ipv6.c:317 binder: 8940:8968 ioctl ae 20000100 returned -22 binder: BINDER_SET_CONTEXT_MGR already set dccp_rcv_state_process+0x6de/0x1a0e net/dccp/input.c:612 binder: 8940:8942 ioctl 40046207 0 returned -16 dccp_v4_do_rcv+0x102/0x180 net/dccp/ipv4.c:683 dccp_v6_do_rcv+0x935/0xb60 net/dccp/ipv6.c:579 binder: 8940:8969 unknown command 0 sk_backlog_rcv include/net/sock.h:909 [inline] __release_sock+0x12f/0x3a0 net/core/sock.c:2335 release_sock+0xa4/0x2b0 net/core/sock.c:2850 sock_fasync+0x11e/0x220 net/socket.c:1182 binder: 8940:8969 ioctl c0306201 20007000 returned -22 __fput+0x664/0x890 fs/file_table.c:206 ____fput+0x15/0x20 fs/file_table.c:243 task_work_run+0x1e4/0x290 kernel/task_work.c:113 binder: BINDER_SET_CONTEXT_MGR already set tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x2bd/0x310 arch/x86/entry/common.c:166 binder: 8940:8968 ioctl 40046207 0 returned -16 prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline] syscall_return_slowpath arch/x86/entry/common.c:265 [inline] do_syscall_64+0x6ac/0x800 arch/x86/entry/common.c:290 binder: 8940:8942 ioctl 400454cb 1 returned -22 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455a09 RSP: 002b:00007f93134d3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 00007f93134d46d4 RCX: 0000000000455a09 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000015 RBP: 000000000072bf50 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000053 R14: 00000000006f5868 R15: 0000000000000001 ============================= WARNING: suspicious RCU usage 4.17.0-rc7+ #78 Not tainted ----------------------------- include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor3/8958: #0: 00000000e9ed5b03 (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1469 [inline] #0: 00000000e9ed5b03 (sk_lock-AF_INET6){+.+.}, at: sock_fasync+0x85/0x220 net/socket.c:1173 stack backtrace: CPU: 0 PID: 8958 Comm: syz-executor3 Not tainted 4.17.0-rc7+ #78 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 lockdep_rcu_suspicious+0x14a/0x153 kernel/locking/lockdep.c:4592 ireq_opt_deref include/net/inet_sock.h:135 [inline] dccp_v4_send_response+0x526/0x6c0 net/dccp/ipv4.c:496 dccp_v4_conn_request+0xc66/0x1360 net/dccp/ipv4.c:634 dccp_v6_conn_request+0xda3/0x1640 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x6de/0x1a0e net/dccp/input.c:612 dccp_v4_do_rcv+0x102/0x180 net/dccp/ipv4.c:683 dccp_v6_do_rcv+0x935/0xb60 net/dccp/ipv6.c:579 sk_backlog_rcv include/net/sock.h:909 [inline] __release_sock+0x12f/0x3a0 net/core/sock.c:2335 release_sock+0xa4/0x2b0 net/core/sock.c:2850 sock_fasync+0x11e/0x220 net/socket.c:1182 __fput+0x664/0x890 fs/file_table.c:206 ____fput+0x15/0x20 fs/file_table.c:243 task_work_run+0x1e4/0x290 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x2bd/0x310 arch/x86/entry/common.c:166 prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline] syscall_return_slowpath arch/x86/entry/common.c:265 [inline] do_syscall_64+0x6ac/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455a09 RSP: 002b:00007f93134d3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 00007f93134d46d4 RCX: 0000000000455a09 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000015 RBP: 000000000072bf50 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000053 R14: 00000000006f5868 R15: 0000000000000001 FAT-fs (loop1): Unrecognized mount option "p lo ՚ %!ytq3'vv~XsB~[è" or missing value FAT-fs (loop3): Unrecognized mount option "gid=" or missing value FAT-fs (loop4): Directory bread(block 2563) failed netlink: 17 bytes leftover after parsing attributes in process `syz-executor2'. IPv6: Can't replace route, no match found FAT-fs (loop4): Directory bread(block 2564) failed netlink: 17 bytes leftover after parsing attributes in process `syz-executor2'. FAT-fs (loop4): Directory bread(block 2565) failed FAT-fs (loop4): Directory bread(block 2566) failed FAT-fs (loop4): Directory bread(block 2567) failed FAT-fs (loop4): Directory bread(block 2568) failed FAT-fs (loop4): Directory bread(block 2569) failed IPv6: Can't replace route, no match found FAT-fs (loop4): Directory bread(block 2570) failed FAT-fs (loop4): Directory bread(block 2571) failed FAT-fs (loop4): Directory bread(block 2572) failed binder: 9229:9230 BC_FREE_BUFFER u0000000000000000 no match binder: 9241:9242 ERROR: BC_REGISTER_LOOPER called without request EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities binder: 9229:9250 BC_FREE_BUFFER u0000000000000000 no match binder_alloc: binder_alloc_mmap_handler: 9241 20001000-20004000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 9241:9242 ioctl 40046207 0 returned -16 binder_alloc: 9241: binder_alloc_buf, no vma binder: 9241:9242 transaction failed 29189/-3, size 0-0 line 2971 binder: 9241:9253 ERROR: BC_REGISTER_LOOPER called without request binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 11, process died. binder: undelivered TRANSACTION_COMPLETE Unknown ioctl 22025 Unknown ioctl 22025 netlink: 20 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 20 bytes leftover after parsing attributes in process `syz-executor7'. bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT irq bypass consumer (token 00000000dc786ce6) registration fails: -16 irq bypass consumer (token 0000000072157675) registration fails: -16 pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns REISERFS warning (device loop0): super-6513 reiserfs_parse_options: quotafile must be on filesystem root. REISERFS warning (device loop0): super-6513 reiserfs_parse_options: quotafile must be on filesystem root. *** Guest State *** CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x0000000000000000 RSP = 0x0000000000000000 RIP = 0x0000000000000000 RFLAGS=0x0001a202 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GDTR: limit=0x0000ffff, base=0x0000000000000000 LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 IDTR: limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811f744c RSP = 0xffff8801cac97390 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007fee64bc5700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 CR0=0000000080050033 CR3=00000001bc027000 CR4=00000000001426f0 Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87801380 EFER = 0x0000000000000d01 PAT = 0x0000000000000000 *** Control State *** PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3 EntryControls=0000d1ff ExitControls=0023efff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffb741b6acf2 TPR Threshold = 0x00 EPT pointer = 0x00000001ab8f701e syz-executor6 (9551) used greatest stack depth: 12832 bytes left netlink: 20 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 'syz-executor6': attribute type 1 has an invalid length. netlink: 20 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 'syz-executor6': attribute type 1 has an invalid length. netlink: 20 bytes leftover after parsing attributes in process `syz-executor6'. EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 1 not in group (block 0)! EXT4-fs (loop1): group descriptors corrupted! EXT4-fs (loop1): Unrecognized mount option " " or missing value