Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable netlink: 68 bytes leftover after parsing attributes in process `syz-executor3'. ============================= WARNING: suspicious RCU usage 4.15.0-rc8+ #203 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor0/26536: #0: (sk_lock-AF_INET6){+.+.}, at: [<0000000022ba6390>] lock_sock include/net/sock.h:1463 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<0000000022ba6390>] do_ipv6_setsockopt.isra.9+0x23d/0x39a0 net/ipv6/ipv6_sockglue.c:167 stack backtrace: CPU: 1 PID: 26536 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #203 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ireq_opt_deref include/net/inet_sock.h:135 [inline] inet_csk_route_req+0x824/0xca0 net/ipv4/inet_connection_sock.c:544 dccp_v4_send_response+0xa7/0x650 net/dccp/ipv4.c:485 dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1350 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x823/0x9c0 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:908 [inline] __release_sock+0x124/0x360 net/core/sock.c:2274 release_sock+0xa4/0x2a0 net/core/sock.c:2789 do_ipv6_setsockopt.isra.9+0x50a/0x39a0 net/ipv6/ipv6_sockglue.c:898 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922 dccp_setsockopt+0x85/0xd0 net/dccp/proto.c:576 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1823 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1802 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x452ef9 RSP: 002b:00007f565aff8c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ef9 RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000013 RBP: 00000000000005cb R08: 0000000000000020 R09: 0000000000000000 R10: 0000000020073fe0 R11: 0000000000000212 R12: 00000000006f7ba8 R13: 00000000ffffffff R14: 00007f565aff96d4 R15: 0000000000000000 ============================= WARNING: suspicious RCU usage 4.15.0-rc8+ #203 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor0/26536: #0: (sk_lock-AF_INET6){+.+.}, at: [<0000000022ba6390>] lock_sock include/net/sock.h:1463 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<0000000022ba6390>] do_ipv6_setsockopt.isra.9+0x23d/0x39a0 net/ipv6/ipv6_sockglue.c:167 stack backtrace: CPU: 1 PID: 26536 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #203 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ireq_opt_deref include/net/inet_sock.h:135 [inline] dccp_v4_send_response+0x4b6/0x650 net/dccp/ipv4.c:496 dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1350 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x823/0x9c0 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:908 [inline] __release_sock+0x124/0x360 net/core/sock.c:2274 release_sock+0xa4/0x2a0 net/core/sock.c:2789 do_ipv6_setsockopt.isra.9+0x50a/0x39a0 net/ipv6/ipv6_sockglue.c:898 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922 dccp_setsockopt+0x85/0xd0 net/dccp/proto.c:576 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1823 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1802 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x452ef9 RSP: 002b:00007f565aff8c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ef9 RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000013 RBP: 00000000000005cb R08: 0000000000000020 R09: 0000000000000000 R10: 0000000020073fe0 R11: 0000000000000212 R12: 00000000006f7ba8 R13: 00000000ffffffff R14: 00007f565aff96d4 R15: 0000000000000000 netlink: 12 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 416 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 416 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 416 bytes leftover after parsing attributes in process `syz-executor0'. SELinux: unrecognized netlink message: protocol=9 nlmsg_type=64 sclass=netlink_audit_socket pig=27136 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=64 sclass=netlink_audit_socket pig=27144 comm=syz-executor6 sctp: [Deprecated]: syz-executor0 (pid 27240) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor0 (pid 27240) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor6 (pid 27315) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor6 (pid 27315) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 324 bytes leftover after parsing attributes in process `syz-executor7'. Trying to set illegal importance in message Trying to set illegal importance in message SELinux: unrecognized netlink message: protocol=4 nlmsg_type=33 sclass=netlink_tcpdiag_socket pig=27851 comm=syz-executor5 dccp_close: ABORT with 40 bytes unread SELinux: unrecognized netlink message: protocol=4 nlmsg_type=33 sclass=netlink_tcpdiag_socket pig=27866 comm=syz-executor5 sctp: [Deprecated]: syz-executor5 (pid 27938) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor5 (pid 27950) Use of int in max_burst socket option. Use struct sctp_assoc_value instead SELinux: unrecognized netlink message: protocol=9 nlmsg_type=58 sclass=netlink_audit_socket pig=27986 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=58 sclass=netlink_audit_socket pig=27999 comm=syz-executor3 netlink: 'syz-executor3': attribute type 3 has an invalid length. SELinux: unrecognized netlink message: protocol=9 nlmsg_type=514 sclass=netlink_audit_socket pig=28312 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=514 sclass=netlink_audit_socket pig=28329 comm=syz-executor0 l2tp_core: tunl 4: fd 19 wrong protocol, got 1, expected 17 l2tp_core: tunl 4: fd 19 wrong protocol, got 1, expected 17 can: request_module (can-proto-3) failed. netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. can: request_module (can-proto-3) failed. netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. RDS: rds_bind could not find a transport for 172.20.7.170, load rds_tcp or rds_rdma? device syz7 entered promiscuous mode l2tp_core: tunl 4: fd 19 wrong protocol, got 1, expected 17 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1792 sclass=netlink_route_socket pig=28726 comm=syz-executor7 IPVS: length: 24 != 8 IPVS: length: 24 != 8 device syz5 entered promiscuous mode device syz5 left promiscuous mode audit: type=1400 audit(1516634334.867:76): avc: denied { bind } for pid=28974 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 audit: type=1400 audit(1516634334.867:77): avc: denied { getattr } for pid=28974 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 sctp: [Deprecated]: syz-executor0 (pid 29188) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor0 (pid 29196) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor0 (pid 29196) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor0 (pid 29188) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor6 (pid 29234) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor6 (pid 29234) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor1 (pid 29314) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor1 (pid 29323) Use of int in max_burst socket option. Use struct sctp_assoc_value instead