============================= WARNING: suspicious RCU usage 4.16.0-rc5+ #264 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor6/15051: #0: (sk_lock-AF_INET6){+.+.}, at: [<000000005ec58891>] lock_sock include/net/sock.h:1463 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<000000005ec58891>] sock_setsockopt+0x16b/0x1b10 net/core/sock.c:717 stack backtrace: CPU: 0 PID: 15051 Comm: syz-executor6 Not tainted 4.16.0-rc5+ #264 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 ireq_opt_deref include/net/inet_sock.h:135 [inline] inet_csk_route_req+0x824/0xca0 net/ipv4/inet_connection_sock.c:543 dccp_v4_send_response+0xa7/0x650 net/dccp/ipv4.c:485 dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1410 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x86a/0xa70 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:908 [inline] __release_sock+0x124/0x360 net/core/sock.c:2271 release_sock+0xa4/0x2a0 net/core/sock.c:2786 sock_setsockopt+0x528/0x1b10 net/core/sock.c:1068 compat_sock_setsockopt.constprop.6+0xae/0x3d0 net/compat.c:383 C_SYSC_setsockopt net/compat.c:400 [inline] compat_SyS_setsockopt+0x34a/0x410 net/compat.c:386 do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] do_fast_syscall_32+0x3ec/0xf9f arch/x86/entry/common.c:392 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7ff7c99 RSP: 002b:00000000f77f309c EFLAGS: 00000286 ORIG_RAX: 000000000000016e RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 0000000000000001 RDX: 000000000000001a RSI: 0000000020000040 RDI: 0000000000000008 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 ============================= WARNING: suspicious RCU usage 4.16.0-rc5+ #264 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor6/15051: #0: (sk_lock-AF_INET6){+.+.}, at: [<000000005ec58891>] lock_sock include/net/sock.h:1463 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<000000005ec58891>] sock_setsockopt+0x16b/0x1b10 net/core/sock.c:717 stack backtrace: CPU: 0 PID: 15051 Comm: syz-executor6 Not tainted 4.16.0-rc5+ #264 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 binder: 15099:15100 unknown command 2638092 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 binder: 15099:15100 ioctl c0306201 20000540 returned -22 ireq_opt_deref include/net/inet_sock.h:135 [inline] dccp_v4_send_response+0x4b6/0x650 net/dccp/ipv4.c:496 binder: 15099:15100 unknown command 2638092 dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633 binder: 15099:15100 ioctl c0306201 20000540 returned -22 dccp_v6_conn_request+0xd30/0x1410 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x86a/0xa70 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:908 [inline] __release_sock+0x124/0x360 net/core/sock.c:2271 release_sock+0xa4/0x2a0 net/core/sock.c:2786 sock_setsockopt+0x528/0x1b10 net/core/sock.c:1068 compat_sock_setsockopt.constprop.6+0xae/0x3d0 net/compat.c:383 C_SYSC_setsockopt net/compat.c:400 [inline] compat_SyS_setsockopt+0x34a/0x410 net/compat.c:386 do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] do_fast_syscall_32+0x3ec/0xf9f arch/x86/entry/common.c:392 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7ff7c99 RSP: 002b:00000000f77f309c EFLAGS: 00000286 ORIG_RAX: 000000000000016e RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 0000000000000001 RDX: 000000000000001a RSI: 0000000020000040 RDI: 0000000000000008 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 tc_dump_action: action bad kind tc_dump_action: action bad kind x86/PAT: syz-executor2:15170 map pfn RAM range req write-combining for [mem 0x1ac650000-0x1ac653fff], got write-back x86/PAT: syz-executor2:15180 map pfn RAM range req write-combining for [mem 0x1ac650000-0x1ac653fff], got write-back A link change request failed with some changes committed already. Interface ip6gre0 may have been left with an inconsistent configuration, please check. sctp: [Deprecated]: syz-executor4 (pid 15257) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead audit: type=1400 audit(1521127508.566:97): avc: denied { map } for pid=15328 comm="syz-executor7" path="/dev/fuse" dev="devtmpfs" ino=9462 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fuse_device_t:s0 tclass=chr_file permissive=1 x86/PAT: syz-executor6:15460 map pfn RAM range req write-combining for [mem 0x1ac7c0000-0x1ac7c3fff], got write-back x86/PAT: syz-executor6:15460 map pfn RAM range req write-combining for [mem 0x1ac650000-0x1ac653fff], got write-back binder: 15575 RLIMIT_NICE not set binder: 15575 RLIMIT_NICE not set binder: 15566:15579 got reply transaction with bad transaction stack, transaction 59 has target 15566:15575 binder: 15566:15579 transaction failed 29201/-71, size 281474976710656-32 line 2778 binder: 15566:15583 ioctl c0306201 20004000 returned -14 binder: release 15566:15575 transaction 59 in, still active binder: send failed reply for transaction 59 to 15566:15579 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=17 sclass=netlink_tcpdiag_socket pig=15647 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=17 sclass=netlink_tcpdiag_socket pig=15647 comm=syz-executor6 netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. x86/PAT: syz-executor6:15721 map pfn RAM range req write-combining for [mem 0x1ac650000-0x1ac653fff], got write-back binder: BINDER_SET_CONTEXT_MGR already set binder: 15715:15728 ioctl 40046207 0 returned -16 x86/PAT: syz-executor6:15721 map pfn RAM range req write-combining for [mem 0x1ac7c0000-0x1ac7c3fff], got write-back SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7255 sclass=netlink_route_socket pig=15757 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7255 sclass=netlink_route_socket pig=15770 comm=syz-executor0 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl binder: 16092:16094 unknown command -225852872 binder: 16092:16094 ioctl c0306201 20012000 returned -22 binder: 16092:16098 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 16092:16098 unknown command -225852872 binder: 16092:16098 ioctl c0306201 20012000 returned -22 binder: 16092:16094 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 can: request_module (can-proto-0) failed. can: request_module (can-proto-0) failed. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=44119 sclass=netlink_route_socket pig=16459 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=44119 sclass=netlink_route_socket pig=16461 comm=syz-executor3 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 16477 Comm: syz-executor7 Not tainted 4.16.0-rc5+ #264 encrypted_key: insufficient parameters specified Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 encrypted_key: insufficient parameters specified Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 handle_userfault+0xbd9/0x2490 fs/userfaultfd.c:430 do_anonymous_page mm/memory.c:3163 [inline] handle_pte_fault mm/memory.c:3977 [inline] __handle_mm_fault+0x2dfa/0x38c0 mm/memory.c:4103 handle_mm_fault+0x44a/0xb10 mm/memory.c:4140 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1422 do_page_fault+0xee/0x730 arch/x86/mm/fault.c:1497 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1151 RIP: 0010:copy_user_generic_unrolled+0x86/0xc0 arch/x86/lib/copy_user_64.S:65 RSP: 0018:ffff8801d78e7b48 EFLAGS: 00010202 RAX: ffffed003af1cf77 RBX: 0000000020013000 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 0000000020013000 RDI: ffff8801d78e7bb0 RBP: ffff8801d78e7b78 R08: ffffed003af1cf77 R09: ffffed003af1cf77 R10: 0000000000000001 R11: ffffed003af1cf76 R12: 0000000000000008 R13: ffff8801d78e7bb0 R14: 00007ffffffff000 R15: 0000000020013008 copy_from_user include/linux/uaccess.h:147 [inline] __compat_get_timespec64 kernel/compat.c:129 [inline] compat_get_timespec64+0x124/0x240 kernel/compat.c:154 do_compat_pselect fs/select.c:1315 [inline] C_SYSC_pselect6 fs/select.c:1368 [inline] compat_SyS_pselect6+0x190/0x630 fs/select.c:1353 do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] do_fast_syscall_32+0x3ec/0xf9f arch/x86/entry/common.c:392 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7fb3c99 RSP: 002b:00000000f77af09c EFLAGS: 00000286 ORIG_RAX: 0000000000000134 RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 0000000020011fc0 RDX: 0000000020011000 RSI: 0000000020003000 RDI: 0000000020013000 RBP: 0000000020001ff8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 binder: 16585:16587 ioctl 8922 20000140 returned -22 binder: 16585:16587 ioctl 8922 20000140 returned -22