SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2556 sclass=netlink_route_socket pig=20853 comm=syz-executor.5 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. =============================== [ INFO: suspicious RCU usage. ] 4.9.205-syzkaller #0 Not tainted ------------------------------- include/linux/inetdevice.h:205 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 4 locks held by syz-executor.2/20857: #0: (rcu_read_lock_bh){......}, at: [<0000000097910e9d>] ip_finish_output2+0x20b/0x1280 net/ipv4/ip_output.c:198 #1: (rcu_read_lock_bh){......}, at: [<00000000584e5521>] __dev_queue_xmit+0x1d4/0x1bd0 net/core/dev.c:3407 #2: (_xmit_TUNNEL6#2){+.-...}, at: [<00000000aed3bfef>] spin_lock include/linux/spinlock.h:302 [inline] #2: (_xmit_TUNNEL6#2){+.-...}, at: [<00000000aed3bfef>] __netif_tx_lock include/linux/netdevice.h:3573 [inline] #2: (_xmit_TUNNEL6#2){+.-...}, at: [<00000000aed3bfef>] __dev_queue_xmit+0x1116/0x1bd0 net/core/dev.c:3469 #3: (slock-AF_INET){+.-...}, at: [<000000009744ef1d>] spin_trylock include/linux/spinlock.h:312 [inline] #3: (slock-AF_INET){+.-...}, at: [<000000009744ef1d>] icmp_xmit_lock net/ipv4/icmp.c:220 [inline] #3: (slock-AF_INET){+.-...}, at: [<000000009744ef1d>] __icmp_send+0x48b/0x1420 net/ipv4/icmp.c:656 stack backtrace: CPU: 1 PID: 20857 Comm: syz-executor.2 Not tainted 4.9.205-syzkaller #0 ffff8801d8566dd8 ffffffff81b55e6b ffff8801cb2d5c80 0000000000000000 0000000000000002 00000000000000cd ffff8801d8545f00 ffff8801d8566e08 ffffffff81406997 ffff8801cb2d5cd8 ffff8801d8566f28 ffff8801ab248000 Call Trace: [<00000000ea57b53f>] __dump_stack lib/dump_stack.c:15 [inline] [<00000000ea57b53f>] dump_stack+0xcb/0x130 lib/dump_stack.c:56 audit: type=1400 audit(1575210945.502:1239): avc: denied { set_context_mgr } for pid=20858 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1575210945.502:1240): avc: denied { call } for pid=20858 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 20858:20861 got transaction with invalid offsets ptr binder: 20858:20861 transaction failed 29201/-14, size 120-24 line 3507 [<00000000696eede2>] lockdep_rcu_suspicious.cold+0x10a/0x149 kernel/locking/lockdep.c:4458 [<000000008c8a8e2e>] __in_dev_get_rcu include/linux/inetdevice.h:205 [inline] [<000000008c8a8e2e>] fib_compute_spec_dst+0x6c4/0xcc0 net/ipv4/fib_frontend.c:284 [<00000000bf77926b>] __ip_options_echo+0x4be/0x13e0 net/ipv4/ip_options.c:177 binder: undelivered TRANSACTION_ERROR: 29201 [<00000000386ea003>] __icmp_send+0x648/0x1420 net/ipv4/icmp.c:685 binder: 20858:20864 ioctl c0306201 200002c0 returned -14 [<00000000d64ec616>] ipv4_send_dest_unreach net/ipv4/route.c:1203 [inline] [<00000000d64ec616>] ipv4_link_failure+0x460/0x850 net/ipv4/route.c:1210 [<0000000081897fd1>] dst_link_failure include/net/dst.h:490 [inline] [<0000000081897fd1>] vti6_xmit net/ipv6/ip6_vti.c:522 [inline] [<0000000081897fd1>] vti6_tnl_xmit+0xb08/0x17f0 net/ipv6/ip6_vti.c:561 [<00000000adda8c26>] __netdev_start_xmit include/linux/netdevice.h:4072 [inline] [<00000000adda8c26>] netdev_start_xmit include/linux/netdevice.h:4081 [inline] [<00000000adda8c26>] xmit_one net/core/dev.c:2977 [inline] [<00000000adda8c26>] dev_hard_start_xmit+0x195/0x8b0 net/core/dev.c:2993 [<0000000052f7cfb7>] __dev_queue_xmit+0x11a3/0x1bd0 net/core/dev.c:3473 [<000000006a5884cb>] dev_queue_xmit+0x18/0x20 net/core/dev.c:3506 [<00000000eb36af02>] neigh_direct_output+0x16/0x20 net/core/neighbour.c:1368 [<000000009a1d31b9>] dst_neigh_output include/net/dst.h:470 [inline] [<000000009a1d31b9>] ip_finish_output2+0x6a2/0x1280 net/ipv4/ip_output.c:225 [<000000003cbe9452>] ip_finish_output+0x3c4/0xce0 net/ipv4/ip_output.c:313 [<00000000f42dd3d7>] NF_HOOK_COND include/linux/netfilter.h:246 [inline] [<00000000f42dd3d7>] ip_output+0x1ec/0x5b0 net/ipv4/ip_output.c:401 [<000000000aa6d479>] dst_output include/net/dst.h:507 [inline] [<000000000aa6d479>] NF_HOOK_THRESH include/linux/netfilter.h:232 [inline] [<000000000aa6d479>] NF_HOOK include/linux/netfilter.h:255 [inline] [<000000000aa6d479>] raw_send_hdrinc net/ipv4/raw.c:421 [inline] [<000000000aa6d479>] raw_sendmsg+0x1c5c/0x23e0 net/ipv4/raw.c:643 [<000000004cd85bbd>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:766 [<00000000c12957e6>] sock_sendmsg_nosec net/socket.c:649 [inline] [<00000000c12957e6>] sock_sendmsg+0xbe/0x110 net/socket.c:659 [<00000000e4a5292f>] sock_write_iter+0x235/0x3d0 net/socket.c:857 [<0000000013ccf445>] new_sync_write fs/read_write.c:498 [inline] [<0000000013ccf445>] __vfs_write+0x3c1/0x560 fs/read_write.c:511 [<000000001b8e49f1>] vfs_write+0x185/0x520 fs/read_write.c:559 [<0000000023163627>] SYSC_write fs/read_write.c:607 [inline] [<0000000023163627>] SyS_write+0x121/0x270 fs/read_write.c:599 [<000000009d08f857>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000d226772d>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. binder: 20890:20892 got transaction with invalid offsets ptr binder: 20890:20892 transaction failed 29201/-14, size 120-24 line 3507 binder: 20888:20899 got transaction with invalid offset (-9064047352438805997, min 0 max 120) or object. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=20895 comm=syz-executor.5 binder: 20888:20899 transaction failed 29201/-22, size 120-24 line 3379 binder: undelivered TRANSACTION_ERROR: 29201 binder: 20903:20905 got transaction with invalid offsets ptr binder: 20903:20905 transaction failed 29201/-14, size 120-24 line 3507 binder: undelivered TRANSACTION_ERROR: 29201 binder: 20907:20911 got transaction with invalid offsets ptr binder: 20907:20911 transaction failed 29201/-14, size 120-24 line 3507 binder: undelivered TRANSACTION_ERROR: 29201 binder: 20907:20911 ioctl c0306201 200002c0 returned -14 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=20910 comm=syz-executor.5 binder: 20888:20917 got transaction with invalid offset (-9064047352438805997, min 0 max 120) or object. binder: 20888:20917 transaction failed 29201/-22, size 120-24 line 3379 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29201 binder: 20921:20922 got transaction with invalid offsets ptr binder: 20921:20922 transaction failed 29201/-14, size 120-24 line 3507 binder: 20921:20922 ioctl c0306201 200002c0 returned -14 binder_alloc: 20929: binder_alloc_buf size 2305843834655879360 failed, no address space binder: undelivered TRANSACTION_ERROR: 29201 binder: 20931:20932 got transaction with invalid offsets ptr binder: 20931:20932 transaction failed 29201/-14, size 120-24 line 3507 binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) binder: 20929:20933 transaction failed 29201/-28, size 120-24 line 3284 binder: undelivered TRANSACTION_ERROR: 29201 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56129 sclass=netlink_route_socket pig=20936 comm=syz-executor.5 binder: undelivered TRANSACTION_ERROR: 29201 binder_alloc: 20929: binder_alloc_buf size 2305843834655879360 failed, no address space binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) binder: 20929:20942 transaction failed 29201/-28, size 120-24 line 3284 binder: undelivered TRANSACTION_ERROR: 29201 audit_printk_skb: 93 callbacks suppressed audit: type=1400 audit(1575210949.502:1272): avc: denied { set_context_mgr } for pid=20953 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1575210949.502:1273): avc: denied { set_context_mgr } for pid=20952 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1575210949.502:1274): avc: denied { call } for pid=20952 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 20952:20956 got transaction with invalid offsets ptr binder: 20952:20956 transaction failed 29201/-14, size 120-24 line 3507 audit: type=1400 audit(1575210949.562:1275): avc: denied { create } for pid=20954 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575210949.572:1276): avc: denied { write } for pid=20954 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=20964 comm=syz-executor.5 binder: undelivered TRANSACTION_ERROR: 29201 binder: 20955:20965 transaction failed 29189/-22, size 120-24 line 3138 binder: undelivered TRANSACTION_ERROR: 29189 audit: type=1400 audit(1575210949.972:1277): avc: denied { set_context_mgr } for pid=20968 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1575210950.002:1278): avc: denied { create } for pid=20969 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575210950.002:1279): avc: denied { write } for pid=20969 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1575210950.202:1280): avc: denied { set_context_mgr } for pid=20980 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1575210950.222:1281): avc: denied { call } for pid=20980 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 20980:20981 got transaction with invalid offsets ptr binder: 20980:20981 transaction failed 29201/-14, size 120-24 line 3507 binder: undelivered TRANSACTION_ERROR: 29201 binder: 20987:20989 got transaction with invalid offsets ptr binder: 20987:20989 transaction failed 29201/-14, size 120-24 line 3507 binder: undelivered TRANSACTION_ERROR: 29201 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31689 sclass=netlink_route_socket pig=20993 comm=syz-executor.5 binder: 21009:21010 got transaction with invalid offsets ptr binder: 21006:21011 got transaction with invalid offsets ptr binder: 21006:21011 transaction failed 29201/-14, size 120-24 line 3507 binder: undelivered TRANSACTION_ERROR: 29201 binder: 21008:21012 ioctl c0306201 200002c0 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 21008:21014 ioctl 40046207 0 returned -16 binder: 21009:21010 transaction failed 29201/-14, size 120-24 line 3507 binder: 21009:21010 ioctl c0306201 200002c0 returned -14 binder: undelivered TRANSACTION_ERROR: 29201 binder: 21020:21022 got transaction with invalid offsets ptr binder: 21020:21022 transaction failed 29201/-14, size 120-24 line 3507 binder: undelivered TRANSACTION_ERROR: 29201 binder_alloc: 21023: binder_alloc_buf size 536871248 failed, no address space binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) binder: 21023:21027 transaction failed 29201/-28, size 120-24 line 3284 binder: 21030:21031 got transaction with invalid offsets ptr binder: 21030:21031 transaction failed 29201/-14, size 120-24 line 3507 binder: undelivered TRANSACTION_ERROR: 29201 binder: 21023:21027 ioctl c0306201 200002c0 returned -14 binder: undelivered TRANSACTION_ERROR: 29201 binder: 21034:21037 got transaction with invalid offsets ptr binder: 21034:21037 transaction failed 29201/-14, size 120-24 line 3507 binder_alloc: 21023: binder_alloc_buf size 536871248 failed, no address space binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) binder: 21023:21038 transaction failed 29201/-28, size 120-24 line 3284 binder: 21023:21038 ioctl c0306201 200002c0 returned -14 binder: undelivered TRANSACTION_ERROR: 29201 binder: 21040:21042 got transaction with invalid offsets ptr binder: 21040:21042 transaction failed 29201/-14, size 120-24 line 3507 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47711 sclass=netlink_route_socket pig=21044 comm=syz-executor.5 binder: undelivered TRANSACTION_ERROR: 29201 binder: 21034:21037 ioctl c0306201 200002c0 returned -14 binder: undelivered TRANSACTION_ERROR: 29201 binder: 21060:21064 got transaction with invalid offsets ptr binder: 21058:21063 unknown command 447354952 binder: 21058:21063 ioctl c0306201 200002c0 returned -22 binder: 21061:21065 got transaction with invalid offsets ptr binder: 21061:21065 transaction failed 29201/-14, size 120-24 line 3507 binder: undelivered TRANSACTION_ERROR: 29201 binder: 21058:21066 unknown command 447354952 binder: 21058:21066 ioctl c0306201 200002c0 returned -22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6932 sclass=netlink_route_socket pig=21068 comm=syz-executor.5 audit_printk_skb: 123 callbacks suppressed audit: type=1400 audit(1575210954.612:1323): avc: denied { set_context_mgr } for pid=21070 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1575210954.612:1324): avc: denied { call } for pid=21070 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 21070:21074 got transaction with invalid offsets ptr binder: 21070:21074 transaction failed 29201/-14, size 120-24 line 3507 binder: undelivered TRANSACTION_ERROR: 29201 audit: type=1400 audit(1575210954.682:1325): avc: denied { set_context_mgr } for pid=21072 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1575210954.702:1326): avc: denied { call } for pid=21072 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 21072:21075 got transaction with invalid offsets ptr binder: 21072:21075 transaction failed 29201/-14, size 120-24 line 3507 binder: 21072:21075 ioctl c0306201 200002c0 returned -14 binder: undelivered TRANSACTION_ERROR: 29201 audit: type=1400 audit(1575210954.732:1327): avc: denied { set_context_mgr } for pid=21072 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1575210954.732:1328): avc: denied { call } for pid=21072 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 21072:21076 got transaction with invalid offsets ptr binder: 21072:21076 transaction failed 29201/-14, size 120-24 line 3507 binder: 21072:21076 ioctl c0306201 200002c0 returned -14