SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket pig=24797 comm=syz-executor6 ============================= WARNING: suspicious RCU usage 4.14.0-rc5-next-20171018+ #36 Not tainted ----------------------------- ./include/linux/inetdevice.h:231 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor1/24787: SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=24797 comm=syz-executor6 #0: (rcu_read_lock){....}, at: [] inet_rtm_getroute+0xaa0/0x2d70 net/ipv4/route.c:2738 stack backtrace: SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=24797 comm=syz-executor6 CPU: 1 PID: 24787 Comm: syz-executor1 Not tainted 4.14.0-rc5-next-20171018+ #36 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4662 __in_dev_get_rtnl include/linux/inetdevice.h:231 [inline] fib_dump_info+0x1136/0x13d0 net/ipv4/fib_semantics.c:1368 inet_rtm_getroute+0xf97/0x2d70 net/ipv4/route.c:2785 rtnetlink_rcv_msg+0x51c/0x1020 net/core/rtnetlink.c:4334 netlink_rcv_skb+0x216/0x440 net/netlink/af_netlink.c:2409 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4358 netlink_unicast_kernel net/netlink/af_netlink.c:1273 [inline] netlink_unicast+0x4e8/0x6f0 net/netlink/af_netlink.c:1299 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1862 sock_sendmsg_nosec net/socket.c:632 [inline] sock_sendmsg+0xca/0x110 net/socket.c:642 sock_write_iter+0x31a/0x5d0 net/socket.c:911 call_write_iter include/linux/fs.h:1770 [inline] new_sync_write fs/read_write.c:468 [inline] __vfs_write+0x684/0x970 fs/read_write.c:481 vfs_write+0x189/0x510 fs/read_write.c:543 SYSC_write fs/read_write.c:588 [inline] SyS_write+0xef/0x220 fs/read_write.c:580 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x452869 RSP: 002b:00007f0993c88be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452869 RDX: 0000000000000025 RSI: 00000000209f2000 RDI: 0000000000000015 RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006efac8 R13: 0000000000000005 R14: 0000000000758090 R15: 0000000000000000 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket pig=24797 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=24815 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=24823 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=24848 comm=syz-executor5 netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. IPv6: Can't replace route, no match found netlink: 11 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. IPv6: Can't replace route, no match found netlink: 11 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor5'. kvm: apic: phys broadcast and lowest prio selinux_nlmsg_perm: 1 callbacks suppressed SELinux: unrecognized netlink message: protocol=4 nlmsg_type=1792 sclass=netlink_tcpdiag_socket pig=24941 comm=syz-executor0 kvm [24946]: vcpu0, guest rIP: 0xfff0 ignored wrmsr: 0x11e data 0x0 xprt_adjust_timeout: rq_timeout = 0! netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. kvm: apic: phys broadcast and lowest prio SELinux: unrecognized netlink message: protocol=4 nlmsg_type=1792 sclass=netlink_tcpdiag_socket pig=24941 comm=syz-executor0 kvm [24946]: vcpu0, guest rIP: 0xfff0 ignored wrmsr: 0x11e data 0x0 SELinux: failure in selinux_parse_skb(), unable to parse packet xprt_adjust_timeout: rq_timeout = 0! netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. ALSA: seq fatal error: cannot create timer (-22) sctp: [Deprecated]: syz-executor3 (pid 25102) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor3 (pid 25102) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead 9pnet_virtio: no channels available for device ./bus sctp: [Deprecated]: syz-executor3 (pid 25102) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor3 (pid 25120) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead sock: sock_set_timeout: `syz-executor2' (pid 25152) tries to set negative timeout sctp: [Deprecated]: syz-executor1 (pid 25172) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sock: sock_set_timeout: `syz-executor3' (pid 25203) tries to set negative timeout sctp: [Deprecated]: syz-executor1 (pid 25209) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sock: sock_set_timeout: `syz-executor3' (pid 25234) tries to set negative timeout sctp: [Deprecated]: syz-executor6 (pid 25256) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead kauditd_printk_skb: 81 callbacks suppressed audit: type=1326 audit(1509301919.325:1705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=25264 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0xffff0000 sctp: [Deprecated]: syz-executor6 (pid 25265) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead dccp_invalid_packet: invalid packet type dccp_invalid_packet: invalid packet type audit: type=1326 audit(1509301919.494:1706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=25264 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0xffff0000 sctp: [Deprecated]: syz-executor7 (pid 25282) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor7 (pid 25329) Use of int in maxseg socket option. Use struct sctp_assoc_value instead audit: type=1326 audit(1509301919.866:1707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=25334 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0xffff0000 audit: type=1326 audit(1509301920.060:1708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=25334 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0xffff0000 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19 sclass=netlink_audit_socket pig=25403 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19 sclass=netlink_audit_socket pig=25403 comm=syz-executor7 device gre0 entered promiscuous mode FAULT_FLAG_ALLOW_RETRY missing 20 CPU: 0 PID: 25582 Comm: syz-executor0 Not tainted 4.14.0-rc5-next-20171018+ #36 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 handle_userfault+0x11ec/0x23a0 fs/userfaultfd.c:427 shmem_getpage_gfp+0x2992/0x3730 mm/shmem.c:1729 shmem_fault+0x2b9/0x960 mm/shmem.c:1997 __do_fault+0xeb/0x30f mm/memory.c:3196 do_read_fault mm/memory.c:3606 [inline] do_fault mm/memory.c:3706 [inline] handle_pte_fault mm/memory.c:3936 [inline] __handle_mm_fault+0x1b9b/0x39c0 mm/memory.c:4060 handle_mm_fault+0x334/0x8d0 mm/memory.c:4097 faultin_page mm/gup.c:502 [inline] __get_user_pages+0x50c/0x15f0 mm/gup.c:699 __get_user_pages_locked mm/gup.c:910 [inline] __get_user_pages_unlocked mm/gup.c:984 [inline] get_user_pages_unlocked+0x23d/0x460 mm/gup.c:1009 get_user_pages_fast+0x1b4/0x340 mm/gup.c:1771 get_futex_key+0x461/0x1d50 kernel/futex.c:547 futex_wake_op kernel/futex.c:1618 [inline] do_futex+0xe91/0x20d0 kernel/futex.c:3476 SYSC_futex kernel/futex.c:3526 [inline] SyS_futex+0x260/0x390 kernel/futex.c:3494 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x452869 RSP: 002b:00007effeeb87be8 EFLAGS: 00000212 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452869 RDX: 00000000000000d3 RSI: 0000000000000005 RDI: 0000000020012ffc RBP: 0000000000000082 R08: 00000000203cfffc R09: 00000000000000ff R10: 0000000020060ff0 R11: 0000000000000212 R12: 00000000006f4328 R13: 00000000ffffffff R14: 00007effeeb886d4 R15: 0000000000000000 nla_parse: 2 callbacks suppressed netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=25617 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=65535 sclass=netlink_audit_socket pig=25655 comm=syz-executor5 audit: type=1326 audit(1509301922.761:1709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=25661 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0xffff0000 netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'. SELinux: unrecognized netlink message: protocol=9 nlmsg_type=65535 sclass=netlink_audit_socket pig=25655 comm=syz-executor5 audit: type=1326 audit(1509301922.908:1710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=25661 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0xffff0000 netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl audit: type=1326 audit(1509301923.528:1711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=25772 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0x7ff00000 audit: type=1326 audit(1509301923.557:1712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=25772 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=5 compat=0 ip=0x452869 code=0x7ff00000 audit: type=1326 audit(1509301923.557:1713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=25772 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0x7ff00000 kauditd_printk_skb: 326 callbacks suppressed audit: type=1326 audit(1509301924.733:2040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=25903 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0x0 audit: type=1326 audit(1509301924.803:2041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=25936 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0xffff0000 audit: type=1326 audit(1509301924.887:2042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=25903 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0x0 audit: type=1326 audit(1509301924.910:2043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=25936 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0xffff0000 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl audit: type=1326 audit(1509301925.924:2044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=26140 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0xffff0000 audit: type=1326 audit(1509301925.986:2045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=26140 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0x0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=26151 comm=syz-executor6 audit: type=1326 audit(1509301926.069:2046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=26140 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0xffff0000 audit: type=1326 audit(1509301926.093:2047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=26140 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0x0