netlink: 11 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor5'. ============================= WARNING: suspicious RCU usage 4.15.0-rc5+ #177 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1702 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 4 locks held by syz-executor4/23572: #0: (rtnl_mutex){+.+.}, at: [<00000000438b7814>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<000000001aeebfbb>] spin_trylock_bh include/linux/spinlock.h:370 [inline] #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<000000001aeebfbb>] fib6_run_gc+0x2b7/0x3c0 net/ipv6/ip6_fib.c:2008 #2: (rcu_read_lock){....}, at: [<00000000edbb143d>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1560 #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000b0df596b>] spin_lock_bh include/linux/spinlock.h:315 [inline] #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000b0df596b>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1948 stack backtrace: CPU: 1 PID: 23572 Comm: syz-executor4 Not tainted 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 fib6_del+0xcaa/0x11b0 net/ipv6/ip6_fib.c:1701 fib6_clean_node+0x3aa/0x4f0 net/ipv6/ip6_fib.c:1892 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1815 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1863 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1933 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1949 fib6_clean_all net/ipv6/ip6_fib.c:1960 [inline] fib6_run_gc+0x16b/0x3c0 net/ipv6/ip6_fib.c:2016 ndisc_netdev_event+0x3c2/0x4a0 net/ipv6/ndisc.c:1776 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x32/0x70 net/core/dev.c:1696 call_netdevice_notifiers net/core/dev.c:1714 [inline] dev_close_many+0x3fb/0x850 net/core/dev.c:1492 rollback_registered_many+0x4d5/0xe20 net/core/dev.c:7285 rollback_registered+0x1be/0x3c0 net/core/dev.c:7350 unregister_netdevice_queue+0x2e3/0x5f0 net/core/dev.c:8343 mif6_delete+0x50d/0x620 net/ipv6/ip6mr.c:825 ip6_mroute_setsockopt+0xfef/0x35b0 net/ipv6/ip6mr.c:1720 do_ipv6_setsockopt.isra.9+0x2f0/0x39a0 net/ipv6/ipv6_sockglue.c:163 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922 rawv6_setsockopt+0x4a/0xf0 net/ipv6/raw.c:1060 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1821 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1800 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fe43264fc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000452ac9 RDX: 00000000000000cb RSI: 0000000000000029 RDI: 0000000000000016 RBP: 00000000000003a3 R08: 0000000000000004 R09: 0000000000000000 R10: 0000000020d61000 R11: 0000000000000212 R12: 00000000006f37e8 R13: 00000000ffffffff R14: 00007fe4326506d4 R15: 0000000000000005 ============================= WARNING: suspicious RCU usage 4.15.0-rc5+ #177 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1729 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 4 locks held by syz-executor4/23572: #0: (rtnl_mutex){+.+.}, at: [<00000000438b7814>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<000000001aeebfbb>] spin_trylock_bh include/linux/spinlock.h:370 [inline] #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<000000001aeebfbb>] fib6_run_gc+0x2b7/0x3c0 net/ipv6/ip6_fib.c:2008 #2: (rcu_read_lock){....}, at: [<00000000edbb143d>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1560 #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000b0df596b>] spin_lock_bh include/linux/spinlock.h:315 [inline] #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000b0df596b>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1948 stack backtrace: CPU: 1 PID: 23572 Comm: syz-executor4 Not tainted 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 fib6_del+0x425/0x11b0 net/ipv6/ip6_fib.c:1728 fib6_clean_node+0x3aa/0x4f0 net/ipv6/ip6_fib.c:1892 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1815 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1863 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1933 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1949 fib6_clean_all net/ipv6/ip6_fib.c:1960 [inline] fib6_run_gc+0x16b/0x3c0 net/ipv6/ip6_fib.c:2016 ndisc_netdev_event+0x3c2/0x4a0 net/ipv6/ndisc.c:1776 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x32/0x70 net/core/dev.c:1696 call_netdevice_notifiers net/core/dev.c:1714 [inline] dev_close_many+0x3fb/0x850 net/core/dev.c:1492 rollback_registered_many+0x4d5/0xe20 net/core/dev.c:7285 rollback_registered+0x1be/0x3c0 net/core/dev.c:7350 unregister_netdevice_queue+0x2e3/0x5f0 net/core/dev.c:8343 mif6_delete+0x50d/0x620 net/ipv6/ip6mr.c:825 ip6_mroute_setsockopt+0xfef/0x35b0 net/ipv6/ip6mr.c:1720 do_ipv6_setsockopt.isra.9+0x2f0/0x39a0 net/ipv6/ipv6_sockglue.c:163 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922 rawv6_setsockopt+0x4a/0xf0 net/ipv6/raw.c:1060 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1821 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1800 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fe43264fc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000452ac9 RDX: 00000000000000cb RSI: 0000000000000029 RDI: 0000000000000016 RBP: 00000000000003a3 R08: 0000000000000004 R09: 0000000000000000 R10: 0000000020d61000 R11: 0000000000000212 R12: 00000000006f37e8 R13: 00000000ffffffff R14: 00007fe4326506d4 R15: 0000000000000005 ============================= WARNING: suspicious RCU usage 4.15.0-rc5+ #177 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1639 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 4 locks held by syz-executor4/23572: #0: (rtnl_mutex){+.+.}, at: [<00000000438b7814>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<000000001aeebfbb>] spin_trylock_bh include/linux/spinlock.h:370 [inline] #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<000000001aeebfbb>] fib6_run_gc+0x2b7/0x3c0 net/ipv6/ip6_fib.c:2008 #2: (rcu_read_lock){....}, at: [<00000000edbb143d>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1560 #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000b0df596b>] spin_lock_bh include/linux/spinlock.h:315 [inline] #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000b0df596b>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1948 stack backtrace: CPU: 1 PID: 23572 Comm: syz-executor4 Not tainted 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 fib6_del_route net/ipv6/ip6_fib.c:1638 [inline] fib6_del+0xd18/0x11b0 net/ipv6/ip6_fib.c:1731 fib6_clean_node+0x3aa/0x4f0 net/ipv6/ip6_fib.c:1892 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1815 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1863 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1933 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1949 fib6_clean_all net/ipv6/ip6_fib.c:1960 [inline] fib6_run_gc+0x16b/0x3c0 net/ipv6/ip6_fib.c:2016 ndisc_netdev_event+0x3c2/0x4a0 net/ipv6/ndisc.c:1776 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x32/0x70 net/core/dev.c:1696 call_netdevice_notifiers net/core/dev.c:1714 [inline] dev_close_many+0x3fb/0x850 net/core/dev.c:1492 rollback_registered_many+0x4d5/0xe20 net/core/dev.c:7285 rollback_registered+0x1be/0x3c0 net/core/dev.c:7350 unregister_netdevice_queue+0x2e3/0x5f0 net/core/dev.c:8343 mif6_delete+0x50d/0x620 net/ipv6/ip6mr.c:825 ip6_mroute_setsockopt+0xfef/0x35b0 net/ipv6/ip6mr.c:1720 do_ipv6_setsockopt.isra.9+0x2f0/0x39a0 net/ipv6/ipv6_sockglue.c:163 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922 rawv6_setsockopt+0x4a/0xf0 net/ipv6/raw.c:1060 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1821 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1800 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fe43264fc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000452ac9 RDX: 00000000000000cb RSI: 0000000000000029 RDI: 0000000000000016 RBP: 00000000000003a3 R08: 0000000000000004 R09: 0000000000000000 R10: 0000000020d61000 R11: 0000000000000212 R12: 00000000006f37e8 R13: 00000000ffffffff R14: 00007fe4326506d4 R15: 0000000000000005 ============================= WARNING: suspicious RCU usage 4.15.0-rc5+ #177 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1676 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 5 locks held by syz-executor4/23572: #0: (rtnl_mutex){+.+.}, at: [<00000000438b7814>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<000000001aeebfbb>] spin_trylock_bh include/linux/spinlock.h:370 [inline] #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<000000001aeebfbb>] fib6_run_gc+0x2b7/0x3c0 net/ipv6/ip6_fib.c:2008 #2: (rcu_read_lock){....}, at: [<00000000edbb143d>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1560 #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000b0df596b>] spin_lock_bh include/linux/spinlock.h:315 [inline] #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000b0df596b>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1948 #4: (&net->ipv6.fib6_walker_lock){++--}, at: [<00000000690563c5>] fib6_del_route net/ipv6/ip6_fib.c:1671 [inline] #4: (&net->ipv6.fib6_walker_lock){++--}, at: [<00000000690563c5>] fib6_del+0x935/0x11b0 net/ipv6/ip6_fib.c:1731 stack backtrace: CPU: 1 PID: 23572 Comm: syz-executor4 Not tainted 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 fib6_del_route net/ipv6/ip6_fib.c:1675 [inline] fib6_del+0xeb3/0x11b0 net/ipv6/ip6_fib.c:1731 fib6_clean_node+0x3aa/0x4f0 net/ipv6/ip6_fib.c:1892 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1815 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1863 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1933 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1949 fib6_clean_all net/ipv6/ip6_fib.c:1960 [inline] fib6_run_gc+0x16b/0x3c0 net/ipv6/ip6_fib.c:2016 ndisc_netdev_event+0x3c2/0x4a0 net/ipv6/ndisc.c:1776 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x32/0x70 net/core/dev.c:1696 call_netdevice_notifiers net/core/dev.c:1714 [inline] dev_close_many+0x3fb/0x850 net/core/dev.c:1492 rollback_registered_many+0x4d5/0xe20 net/core/dev.c:7285 rollback_registered+0x1be/0x3c0 net/core/dev.c:7350 unregister_netdevice_queue+0x2e3/0x5f0 net/core/dev.c:8343 mif6_delete+0x50d/0x620 net/ipv6/ip6mr.c:825 ip6_mroute_setsockopt+0xfef/0x35b0 net/ipv6/ip6mr.c:1720 do_ipv6_setsockopt.isra.9+0x2f0/0x39a0 net/ipv6/ipv6_sockglue.c:163 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922 rawv6_setsockopt+0x4a/0xf0 net/ipv6/raw.c:1060 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1821 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1800 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fe43264fc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000452ac9 RDX: 00000000000000cb RSI: 0000000000000029 RDI: 0000000000000016 RBP: 00000000000003a3 R08: 0000000000000004 R09: 0000000000000000 R10: 0000000020d61000 R11: 0000000000000212 R12: 00000000006f37e8 R13: 00000000ffffffff R14: 00007fe4326506d4 R15: 0000000000000005 netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. sctp: [Deprecated]: syz-executor0 (pid 23650) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. sctp: [Deprecated]: syz-executor0 (pid 23666) Use of int in maxseg socket option. Use struct sctp_assoc_value instead RDS: rds_bind could not find a transport for 172.20.4.187, load rds_tcp or rds_rdma? netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 14 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 14 bytes leftover after parsing attributes in process `syz-executor5'. RDS: rds_bind could not find a transport for 172.20.4.187, load rds_tcp or rds_rdma? mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 TCP: request_sock_TCPv6: Possible SYN flooding on port 20014. Sending cookies. Check SNMP counters. SELinux: unrecognized netlink message: protocol=6 nlmsg_type=2 sclass=netlink_xfrm_socket pig=24219 comm=syz-executor5 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode netlink: 'syz-executor2': attribute type 2 has an invalid length. nla_parse: 2 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 'syz-executor2': attribute type 2 has an invalid length. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8772 sclass=netlink_route_socket pig=24497 comm=syz-executor3 openvswitch: netlink: Key 14 has unexpected len 2 expected 28 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8772 sclass=netlink_route_socket pig=24510 comm=syz-executor3 openvswitch: netlink: Key 14 has unexpected len 2 expected 28 netlink: 66 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 66 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 33 bytes leftover after parsing attributes in process `syz-executor5'. audit: type=1400 audit(1515371870.920:83): avc: denied { listen } for pid=24672 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 device ip6_vti0 entered promiscuous mode device ip6_vti0 left promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 'syz-executor0': attribute type 1 has an invalid length. netlink: 'syz-executor0': attribute type 1 has an invalid length. device lo entered promiscuous mode mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 netlink: 'syz-executor3': attribute type 41 has an invalid length. netlink: 'syz-executor3': attribute type 41 has an invalid length.