============================= WARNING: suspicious RCU usage 4.15.0-rc9+ #215 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor1/13343: #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000e682a8b5>] lock_sock include/net/sock.h:1463 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000e682a8b5>] sock_setsockopt+0x16b/0x1af0 net/core/sock.c:717 stack backtrace: CPU: 1 PID: 13343 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #215 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ireq_opt_deref include/net/inet_sock.h:135 [inline] inet_csk_route_req+0x824/0xca0 net/ipv4/inet_connection_sock.c:544 dccp_v4_send_response+0xa7/0x650 net/dccp/ipv4.c:485 dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1410 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x86a/0xa70 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:908 [inline] __release_sock+0x124/0x360 net/core/sock.c:2274 release_sock+0xa4/0x2a0 net/core/sock.c:2789 sock_setsockopt+0x528/0x1af0 net/core/sock.c:1068 SYSC_setsockopt net/socket.c:1845 [inline] SyS_setsockopt+0x2ff/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007fa19e627c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000453299 RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000013 RBP: 00000000000005cc R08: 0000000000000010 R09: 0000000000000000 R10: 0000000020ca3000 R11: 0000000000000212 R12: 00000000006f7bc0 R13: 00000000ffffffff R14: 00007fa19e6286d4 R15: 0000000000000002 ============================= WARNING: suspicious RCU usage 4.15.0-rc9+ #215 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor1/13343: #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000e682a8b5>] lock_sock include/net/sock.h:1463 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000e682a8b5>] sock_setsockopt+0x16b/0x1af0 net/core/sock.c:717 stack backtrace: CPU: 1 PID: 13343 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #215 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ireq_opt_deref include/net/inet_sock.h:135 [inline] dccp_v4_send_response+0x4b6/0x650 net/dccp/ipv4.c:496 dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1410 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x86a/0xa70 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:908 [inline] __release_sock+0x124/0x360 net/core/sock.c:2274 release_sock+0xa4/0x2a0 net/core/sock.c:2789 sock_setsockopt+0x528/0x1af0 net/core/sock.c:1068 SYSC_setsockopt net/socket.c:1845 [inline] SyS_setsockopt+0x2ff/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007fa19e627c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000453299 RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000013 RBP: 00000000000005cc R08: 0000000000000010 R09: 0000000000000000 R10: 0000000020ca3000 R11: 0000000000000212 R12: 00000000006f7bc0 R13: 00000000ffffffff R14: 00007fa19e6286d4 R15: 0000000000000002 sctp: [Deprecated]: syz-executor3 (pid 13369) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead xt_cgroup: both path and classid specified xt_cgroup: both path and classid specified sctp: [Deprecated]: syz-executor3 (pid 13390) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead l2tp_core: tunl 1: fd 19 wrong protocol, got 1, expected 17 l2tp_core: tunl 1: fd 19 wrong protocol, got 1, expected 17 ============================= WARNING: suspicious RCU usage 4.15.0-rc9+ #215 Not tainted ----------------------------- net/tipc/bearer.c:177 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor5/13661: #0: (cb_lock){++++}, at: [<00000000e6dbc318>] genl_rcv+0x19/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<00000000ce6b91ba>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<00000000ce6b91ba>] genl_rcv_msg+0x115/0x140 net/netlink/genetlink.c:622 stack backtrace: CPU: 0 PID: 13661 Comm: syz-executor5 Not tainted 4.15.0-rc9+ #215 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 tipc_bearer_find+0x2b4/0x3b0 net/tipc/bearer.c:177 tipc_nl_compat_link_set+0x329/0x9f0 net/tipc/netlink_compat.c:729 __tipc_nl_compat_doit net/tipc/netlink_compat.c:288 [inline] tipc_nl_compat_doit+0x15b/0x670 net/tipc/netlink_compat.c:335 tipc_nl_compat_handle net/tipc/netlink_compat.c:1119 [inline] tipc_nl_compat_recv+0x1135/0x18f0 net/tipc/netlink_compat.c:1201 genl_family_rcv_msg+0x7b7/0xfb0 net/netlink/genetlink.c:599 genl_rcv_msg+0xb2/0x140 net/netlink/genetlink.c:624 netlink_rcv_skb+0x14b/0x380 net/netlink/af_netlink.c:2442 genl_rcv+0x28/0x40 net/netlink/genetlink.c:635 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2046 __sys_sendmsg+0xe5/0x210 net/socket.c:2080 SYSC_sendmsg net/socket.c:2091 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2087 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007ffbb882bc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007ffbb882c700 RCX: 0000000000453299 RDX: 0000000000000000 RSI: 0000000020003000 RDI: 0000000000000013 RBP: 0000000000a2f3c0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a2f33f R14: 00007ffbb882c9c0 R15: 0000000000000005 xt_CT: You must specify a L4 protocol, and not use inversions on it. xt_CT: You must specify a L4 protocol, and not use inversions on it. netlink: 'syz-executor2': attribute type 1 has an invalid length. netlink: 'syz-executor2': attribute type 1 has an invalid length. device syz5 entered promiscuous mode device syz5 left promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. sctp: [Deprecated]: syz-executor7 (pid 14058) Use of int in maxseg socket option. Use struct sctp_assoc_value instead audit: type=1400 audit(1517287881.277:72): avc: denied { map } for pid=14070 comm="syz-executor5" path="socket:[28070]" dev="sockfs" ino=28070 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_route_socket permissive=1 netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'. x_tables: ip_tables: icmp match: only valid for protocol 1 xt_SECMARK: invalid security context 'system_u:' xt_SECMARK: invalid security context 'system_u:' x_tables: ip_tables: icmp match: only valid for protocol 1 can: request_module (can-proto-5) failed. can: request_module (can-proto-5) failed. ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x1 ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x1 netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. device syz0 left promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 device syz0 entered promiscuous mode IPv6: Can't replace route, no match found IPv6: Can't replace route, no match found device syz7 entered promiscuous mode device syz7 left promiscuous mode SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1025 sclass=netlink_xfrm_socket pig=14824 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1025 sclass=netlink_xfrm_socket pig=14836 comm=syz-executor4 can: request_module (can-proto-5) failed. mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium can: request_module (can-proto-5) failed. netlink: 'syz-executor6': attribute type 16 has an invalid length. netlink: 'syz-executor6': attribute type 16 has an invalid length. 8021q: VLANs not supported on lo 8021q: VLANs not supported on lo sctp: [Deprecated]: syz-executor3 (pid 15149) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor3 (pid 15164) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 'syz-executor7': attribute type 1 has an invalid length. dccp_invalid_packet: P.Data Offset(172) too large Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable xt_CONNSECMARK: invalid mode: 0 nla_parse: 10 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. xt_CONNSECMARK: invalid mode: 0 Cannot find del_set index 0 as target netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium audit: type=1400 audit(1517287886.579:73): avc: denied { shutdown } for pid=15579 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 x_tables: ip_tables: ipcomp match: only valid for protocol 108 x_tables: ip_tables: ipcomp match: only valid for protocol 108 l2tp_ppp: sess 59/0: set debug=eaff5b7f TCP: request_sock_TCP: Possible SYN flooding on port 20022. Sending cookies. Check SNMP counters.