SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12239 comm=syz-executor.0 =============================== [ INFO: suspicious RCU usage. ] 4.9.141+ #1 Not tainted ------------------------------- net/ipv6/ip6_fib.c:1471 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 6 locks held by syz-executor.0/12204: #0: (&mm->mmap_sem){++++++}, at: [] __do_page_fault+0x272/0xa60 arch/x86/mm/fault.c:1335 #1: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [] spin_lock include/linux/spinlock.h:302 [inline] #1: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [] wp_page_copy+0x597/0x12a0 mm/memory.c:2186 #2: (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [] lockdep_copy_map include/linux/lockdep.h:165 [inline] #2: (((&net->ipv6.ip6_fib_timer))){+.-...}, at: [] call_timer_fn+0xda/0x6e0 kernel/time/timer.c:1309 #3: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-...}, at: [] spin_lock_bh include/linux/spinlock.h:307 [inline] #3: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-...}, at: [] fib6_run_gc+0xa5/0x2c0 net/ipv6/ip6_fib.c:1816 #4: (rcu_read_lock){......}, at: [] __fib6_clean_all+0x0/0x220 net/ipv6/ip6_fib.c:1703 #5: (&tb->tb6_lock){++--..}, at: [] __fib6_clean_all+0xe0/0x220 net/ipv6/ip6_fib.c:1717 stack backtrace: CPU: 0 PID: 12204 Comm: syz-executor.0 Not tainted 4.9.141+ #1 ffff8801db6078c8 ffffffff81b42e79 ffff8801ca61df00 0000000000000000 0000000000000002 ffffffff82cc2480 ffffed003b6c0f67 ffff8801db6078f8 ffffffff813fe948 ffff8801d32e8700 ffff8801db607ae8 ffff8801d32e8700 Call Trace: [ 463.921194] [] __dump_stack lib/dump_stack.c:15 [inline] [ 463.921194] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] lockdep_rcu_suspicious.cold.32+0x110/0x141 kernel/locking/lockdep.c:4455 [] fib6_del+0x810/0xb10 net/ipv6/ip6_fib.c:1470 [] fib6_clean_node+0x220/0x4c0 net/ipv6/ip6_fib.c:1657 [] fib6_walk_continue+0x3e5/0x640 net/ipv6/ip6_fib.c:1583 [] fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1628 [] fib6_clean_tree+0xd3/0x110 net/ipv6/ip6_fib.c:1702 [] __fib6_clean_all+0xf9/0x220 net/ipv6/ip6_fib.c:1718 [] fib6_clean_all net/ipv6/ip6_fib.c:1729 [inline] [] fib6_run_gc+0x117/0x2c0 net/ipv6/ip6_fib.c:1826 [] fib6_gc_timer_cb+0x1c/0x20 net/ipv6/ip6_fib.c:1841 [] call_timer_fn+0x163/0x6e0 kernel/time/timer.c:1319 [] expire_timers+0x234/0x580 kernel/time/timer.c:1359 [] __run_timers kernel/time/timer.c:1674 [inline] [] run_timer_softirq+0x208/0x5e0 kernel/time/timer.c:1687 [] __do_softirq+0x20e/0x964 kernel/softirq.c:288 [] invoke_softirq kernel/softirq.c:368 [inline] [] irq_exit+0x11c/0x150 kernel/softirq.c:409 [] exiting_irq arch/x86/include/asm/apic.h:669 [inline] [] smp_apic_timer_interrupt+0x81/0xb0 arch/x86/kernel/apic/apic.c:962 [] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:648 [ 464.186847] [] ? rep_nop arch/x86/include/asm/processor.h:589 [inline] [ 464.186847] [] ? cpu_relax arch/x86/include/asm/processor.h:594 [inline] [ 464.186847] [] ? csd_lock_wait kernel/smp.c:96 [inline] [ 464.186847] [] ? smp_call_function_single+0x11b/0x360 kernel/smp.c:288 [] smp_call_function_many+0x57d/0x6a0 kernel/smp.c:420 [] native_flush_tlb_others+0xd4/0x510 arch/x86/mm/tlb.c:340 [] flush_tlb_others arch/x86/include/asm/paravirt.h:325 [inline] [] flush_tlb_mm_range+0x10c/0x440 arch/x86/mm/tlb.c:406 [] flush_tlb_page arch/x86/include/asm/tlbflush.h:300 [inline] [] ptep_clear_flush+0xe4/0x110 mm/pgtable-generic.c:80 [] wp_page_copy+0x80b/0x12a0 mm/memory.c:2206 [] do_wp_page+0x817/0x2010 mm/memory.c:2390 [] handle_pte_fault mm/memory.c:3531 [inline] [] __handle_mm_fault mm/memory.c:3603 [inline] [] handle_mm_fault+0xfcb/0x2350 mm/memory.c:3640 [] __do_page_fault+0x403/0xa60 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x25/0x30 arch/x86/entry/entry_64.S:951 [] __sys_recvmmsg+0x25d/0x6f0 net/socket.c:2249 [] SYSC_recvmmsg net/socket.c:2325 [inline] [] SyS_recvmmsg+0x199/0x1c0 net/socket.c:2314 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. input: syz1 as /devices/virtual/input/input43 input: syz1 as /devices/virtual/input/input44 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=13105 sclass=netlink_route_socket pig=12407 comm=syz-executor.2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=13105 sclass=netlink_route_socket pig=12407 comm=syz-executor.2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26989 sclass=netlink_route_socket pig=12407 comm=syz-executor.2 audit: type=1400 audit(1554637339.482:99): avc: denied { create } for pid=12433 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. audit: type=1400 audit(1554637342.532:100): avc: denied { map_create } for pid=12544 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1554637342.562:101): avc: denied { map_read map_write } for pid=12544 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1