============================= WARNING: suspicious RCU usage 4.15.0+ #221 Not tainted ----------------------------- net/tipc/bearer.c:177 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor1/8354: #0: (cb_lock){++++}, at: [<000000006ab30512>] genl_rcv+0x19/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<00000000cc7f517a>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<00000000cc7f517a>] genl_rcv_msg+0x115/0x140 net/netlink/genetlink.c:622 stack backtrace: CPU: 0 PID: 8354 Comm: syz-executor1 Not tainted 4.15.0+ #221 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 tipc_bearer_find+0x2b4/0x3b0 net/tipc/bearer.c:177 tipc_nl_compat_link_set+0x329/0x9f0 net/tipc/netlink_compat.c:729 __tipc_nl_compat_doit net/tipc/netlink_compat.c:288 [inline] tipc_nl_compat_doit+0x15b/0x670 net/tipc/netlink_compat.c:335 tipc_nl_compat_handle net/tipc/netlink_compat.c:1119 [inline] tipc_nl_compat_recv+0x1135/0x18f0 net/tipc/netlink_compat.c:1201 genl_family_rcv_msg+0x7b7/0xfb0 net/netlink/genetlink.c:599 genl_rcv_msg+0xb2/0x140 net/netlink/genetlink.c:624 netlink_rcv_skb+0x14b/0x380 net/netlink/af_netlink.c:2442 genl_rcv+0x28/0x40 net/netlink/genetlink.c:635 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2046 __sys_sendmsg+0xe5/0x210 net/socket.c:2080 SYSC_sendmsg net/socket.c:2091 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2087 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x4537d9 RSP: 002b:00007f5ad59fdc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 00000000004537d9 RDX: 0000000000000000 RSI: 0000000020003000 RDI: 0000000000000013 RBP: 00000000000005ca R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f7b90 R13: 00000000ffffffff R14: 00007f5ad59fe6d4 R15: 0000000000000000 device bridge0 entered promiscuous mode audit: type=1400 audit(1518205299.046:29): avc: denied { accept } for pid=8390 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1518205299.083:30): avc: denied { getopt } for pid=8390 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 device bridge0 left promiscuous mode TCP: request_sock_TCPv6: Possible SYN flooding on port 20014. Sending cookies. Check SNMP counters. device bridge0 entered promiscuous mode TCP: request_sock_TCPv6: Possible SYN flooding on port 20014. Sending cookies. Check SNMP counters. device bridge0 left promiscuous mode TCP: request_sock_TCPv6: Possible SYN flooding on port 20014. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20014. Sending cookies. Check SNMP counters. device bridge0 entered promiscuous mode device bridge0 left promiscuous mode TCP: request_sock_TCPv6: Possible SYN flooding on port 20014. Sending cookies. Check SNMP counters. device bridge0 entered promiscuous mode device bridge0 entered promiscuous mode device bridge0 left promiscuous mode device bridge0 left promiscuous mode TCP: request_sock_TCPv6: Possible SYN flooding on port 20014. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20014. Sending cookies. Check SNMP counters. device bridge0 entered promiscuous mode device bridge0 left promiscuous mode device bridge0 entered promiscuous mode device bridge0 left promiscuous mode netlink: 16 bytes leftover after parsing attributes in process `syz-executor1'. tc_dump_action: action bad kind netlink: 16 bytes leftover after parsing attributes in process `syz-executor1'. tc_dump_action: action bad kind netlink: 16 bytes leftover after parsing attributes in process `syz-executor1'. tc_dump_action: action bad kind netlink: 16 bytes leftover after parsing attributes in process `syz-executor1'. tc_dump_action: action bad kind validate_nla: 17 callbacks suppressed netlink: 'syz-executor7': attribute type 10 has an invalid length. netlink: 'syz-executor7': attribute type 10 has an invalid length. xt_SECMARK: invalid security context 'system_u:object_r%ldconfig_cache_t -0' xt_SECMARK: invalid security context 'system_u:object_r%ldconfig_cache_t -0' xt_SECMARK: invalid security context 'system_u:object_r%ldconfig_cache_t -0' xt_SECMARK: invalid security context 'system_u:object_r%ldconfig_cache_t -0' xt_SECMARK: invalid security context 'system_u:object_r%ldconfig_cache_t -0' audit: type=1400 audit(1518205302.323:31): avc: denied { setopt } for pid=9220 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=socket permissive=1 netlink: 'syz-executor3': attribute type 21 has an invalid length. netlink: 'syz-executor3': attribute type 6 has an invalid length. netlink: 'syz-executor3': attribute type 21 has an invalid length. netlink: 'syz-executor3': attribute type 6 has an invalid length. netlink: 'syz-executor3': attribute type 21 has an invalid length. netlink: 'syz-executor3': attribute type 6 has an invalid length. netlink: 'syz-executor3': attribute type 21 has an invalid length. netlink: 'syz-executor3': attribute type 6 has an invalid length. sctp: [Deprecated]: syz-executor5 (pid 9433) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor5 (pid 9433) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor5 (pid 9457) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor3 (pid 9465) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor5 (pid 9482) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor3 (pid 9486) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor5 (pid 9521) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor3 (pid 9525) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead audit: type=1400 audit(1518205304.407:32): avc: denied { map } for pid=9771 comm="syz-executor6" path="socket:[25128]" dev="sockfs" ino=25128 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=unix_dgram_socket permissive=1 syz-executor3 (9863) used greatest stack depth: 15056 bytes left validate_nla: 14 callbacks suppressed netlink: 'syz-executor6': attribute type 21 has an invalid length. netlink: 7 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 'syz-executor6': attribute type 21 has an invalid length. netlink: 7 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 'syz-executor6': attribute type 21 has an invalid length. net_ratelimit: 31 callbacks suppressed dccp_xmit_packet: Payload too large (65423) for featneg. dccp_xmit_packet: Payload too large (65423) for featneg. dccp_xmit_packet: Payload too large (65423) for featneg. dccp_xmit_packet: Payload too large (65423) for featneg. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20006. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20006. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20006. Sending cookies. Check SNMP counters.