============================= WARNING: suspicious RCU usage 4.15.0+ #306 Not tainted ----------------------------- net/tipc/bearer.c:177 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor2/6961: #0: (cb_lock){++++}, at: [<00000000d82b636d>] genl_rcv+0x19/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<000000008df9bc09>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<000000008df9bc09>] genl_rcv_msg+0x115/0x140 net/netlink/genetlink.c:622 stack backtrace: CPU: 1 PID: 6961 Comm: syz-executor2 Not tainted 4.15.0+ #306 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 tipc_bearer_find+0x2b4/0x3b0 net/tipc/bearer.c:177 tipc_nl_compat_link_set+0x329/0x9f0 net/tipc/netlink_compat.c:729 __tipc_nl_compat_doit net/tipc/netlink_compat.c:288 [inline] tipc_nl_compat_doit+0x15b/0x670 net/tipc/netlink_compat.c:335 tipc_nl_compat_handle net/tipc/netlink_compat.c:1119 [inline] tipc_nl_compat_recv+0x1135/0x18f0 net/tipc/netlink_compat.c:1201 genl_family_rcv_msg+0x7b7/0xfb0 net/netlink/genetlink.c:599 genl_rcv_msg+0xb2/0x140 net/netlink/genetlink.c:624 netlink_rcv_skb+0x14b/0x380 net/netlink/af_netlink.c:2442 genl_rcv+0x28/0x40 net/netlink/genetlink.c:635 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2046 __sys_sendmsg+0xe5/0x210 net/socket.c:2080 SYSC_sendmsg net/socket.c:2091 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2087 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x4537d9 RSP: 002b:00007f094388ec58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 00000000004537d9 RDX: 0000000000000000 RSI: 0000000020003000 RDI: 0000000000000013 RBP: 00000000000004a6 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f6030 R13: 00000000ffffffff R14: 00007f094388f6d4 R15: 0000000000000000 ipt_ECN: new ECT codepoint 5 out of mask ipt_ECN: new ECT codepoint 5 out of mask xt_limit: Overflow, try lower: 2147483649/34958 device syz5 entered promiscuous mode xt_limit: Overflow, try lower: 2147483649/34958 ip6t_srh: unknown srh invflags 3E20 ip6t_srh: unknown srh invflags 3E20 ip6t_srh: unknown srh invflags 3E20 xt_HMARK: spi-mask and port-mask can't be combined ip6t_srh: unknown srh invflags 3E20 netlink: 'syz-executor1': attribute type 21 has an invalid length. xt_HMARK: spi-mask and port-mask can't be combined netlink: 'syz-executor1': attribute type 21 has an invalid length. netlink: 'syz-executor1': attribute type 46 has an invalid length. netlink: 'syz-executor1': attribute type 46 has an invalid length. netlink: 'syz-executor1': attribute type 46 has an invalid length. audit: type=1400 audit(1518205727.581:29): avc: denied { name_connect } for pid=7207 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 bpf: check failed: parse error bpf: check failed: parse error netlink: 'syz-executor6': attribute type 2 has an invalid length. netlink: 'syz-executor6': attribute type 2 has an invalid length. xt_l2tp: invalid flags combination: 8 xt_l2tp: invalid flags combination: 8 xt_l2tp: invalid flags combination: 8 xt_l2tp: invalid flags combination: 8 xt_l2tp: invalid flags combination: 8 xt_l2tp: invalid flags combination: 8 netlink: 'syz-executor2': attribute type 10 has an invalid length. netlink: 'syz-executor2': attribute type 10 has an invalid length. netlink: 'syz-executor2': attribute type 10 has an invalid length. netlink: 'syz-executor2': attribute type 10 has an invalid length. xt_CT: You must specify a L4 protocol, and not use inversions on it. xt_CT: You must specify a L4 protocol, and not use inversions on it. xt_TPROXY: Can be used only in combination with either -p tcp or -p udp xt_TPROXY: Can be used only in combination with either -p tcp or -p udp xt_CT: You must specify a L4 protocol, and not use inversions on it. xt_TPROXY: Can be used only in combination with either -p tcp or -p udp xt_TPROXY: Can be used only in combination with either -p tcp or -p udp xt_TPROXY: Can be used only in combination with either -p tcp or -p udp xt_TPROXY: Can be used only in combination with either -p tcp or -p udp xt_TPROXY: Can be used only in combination with either -p tcp or -p udp xt_TPROXY: Can be used only in combination with either -p tcp or -p udp xt_l2tp: missing protocol rule (udp|l2tpip) xt_l2tp: missing protocol rule (udp|l2tpip) xt_l2tp: missing protocol rule (udp|l2tpip) nla_parse: 101 callbacks suppressed netlink: 16 bytes leftover after parsing attributes in process `syz-executor1'. xt_l2tp: invalid flags combination: 0 netlink: 16 bytes leftover after parsing attributes in process `syz-executor6'. tc_ctl_action: received NO action attribs netlink: 16 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor6'. tc_ctl_action: received NO action attribs xt_l2tp: invalid flags combination: 0 xt_l2tp: invalid flags combination: 0 netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. bpf: check failed: parse error bpf: check failed: parse error x_tables: ip6_tables: MASQUERADE target: used from hooks PREROUTING/INPUT/OUTPUT, but only usable from POSTROUTING x_tables: ip6_tables: MASQUERADE target: used from hooks PREROUTING/INPUT/OUTPUT, but only usable from POSTROUTING netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. audit: type=1400 audit(1518205732.279:30): avc: denied { read } for pid=8743 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. xt_SECMARK: target only valid in the 'mangle' or 'security' tables, not 'filter'. xt_SECMARK: target only valid in the 'mangle' or 'security' tables, not 'filter'. raw_sendmsg: syz-executor1 forgot to set AF_INET. Fix it! netlink: 'syz-executor1': attribute type 8 has an invalid length. audit: type=1400 audit(1518205732.679:31): avc: denied { map } for pid=8862 comm="syz-executor7" path="socket:[21374]" dev="sockfs" ino=21374 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=packet_socket permissive=1 netlink: 'syz-executor1': attribute type 8 has an invalid length. netlink: 'syz-executor1': attribute type 8 has an invalid length. ip_tunnel: non-ECT from 172.20.0.170 with TOS=0x2 netlink: 'syz-executor1': attribute type 8 has an invalid length. netlink: 'syz-executor1': attribute type 8 has an invalid length. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pig=9022 comm=syz-executor0 audit: type=1400 audit(1518205733.229:32): avc: denied { map } for pid=9018 comm="syz-executor1" path="socket:[22092]" dev="sockfs" ino=22092 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_route_socket permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9025 comm=syz-executor0 netlink: 'syz-executor7': attribute type 8 has an invalid length. netlink: 'syz-executor7': attribute type 8 has an invalid length. SELinux: unrecognized netlink message: protocol=4 nlmsg_type=35 sclass=netlink_tcpdiag_socket pig=9241 comm=syz-executor2 bridge0: port 1(ip6gretap0) entered blocking state bridge0: port 1(ip6gretap0) entered disabled state device ip6gretap0 entered promiscuous mode bridge0: port 1(ip6gretap0) entered blocking state bridge0: port 1(ip6gretap0) entered forwarding state IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready xt_SECMARK: invalid mode: 0 xt_SECMARK: invalid mode: 0 netlink: 'syz-executor6': attribute type 16 has an invalid length. device bridge0 entered promiscuous mode netlink: 'syz-executor6': attribute type 16 has an invalid length. device bridge0 entered promiscuous mode tc_dump_action: action bad kind ip6tnl0: Invalid MTU 11 requested, hw min 68 Cannot find add_set index 0 as target Cannot find add_set index 0 as target Cannot find add_set index 0 as target xt_policy: input policy not valid in POSTROUTING and OUTPUT Cannot find add_set index 0 as target xt_policy: input policy not valid in POSTROUTING and OUTPUT Cannot find add_set index 0 as target xt_policy: input policy not valid in POSTROUTING and OUTPUT Cannot find add_set index 0 as target xt_policy: input policy not valid in POSTROUTING and OUTPUT xt_policy: input policy not valid in POSTROUTING and OUTPUT xt_policy: input policy not valid in POSTROUTING and OUTPUT