============================= WARNING: suspicious RCU usage 4.15.0+ #216 Not tainted ----------------------------- net/tipc/bearer.c:177 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor0/21619: #0: (cb_lock){++++}, at: [<0000000071605c7b>] genl_rcv+0x19/0x40 net/netlink/genetlink.c:634 #1: (genl_mutex){+.+.}, at: [<0000000034be1ee5>] genl_lock net/netlink/genetlink.c:33 [inline] #1: (genl_mutex){+.+.}, at: [<0000000034be1ee5>] genl_rcv_msg+0x115/0x140 net/netlink/genetlink.c:622 stack backtrace: CPU: 0 PID: 21619 Comm: syz-executor0 Not tainted 4.15.0+ #216 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 tipc_bearer_find+0x2b4/0x3b0 net/tipc/bearer.c:177 tipc_nl_compat_link_set+0x329/0x9f0 net/tipc/netlink_compat.c:729 __tipc_nl_compat_doit net/tipc/netlink_compat.c:288 [inline] tipc_nl_compat_doit+0x15b/0x670 net/tipc/netlink_compat.c:335 tipc_nl_compat_handle net/tipc/netlink_compat.c:1119 [inline] tipc_nl_compat_recv+0x1135/0x18f0 net/tipc/netlink_compat.c:1201 genl_family_rcv_msg+0x7b7/0xfb0 net/netlink/genetlink.c:599 genl_rcv_msg+0xb2/0x140 net/netlink/genetlink.c:624 netlink_rcv_skb+0x14b/0x380 net/netlink/af_netlink.c:2442 genl_rcv+0x28/0x40 net/netlink/genetlink.c:635 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2046 __sys_sendmsg+0xe5/0x210 net/socket.c:2080 C_SYSC_sendmsg net/compat.c:739 [inline] compat_SyS_sendmsg+0x2a/0x40 net/compat.c:737 do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline] do_fast_syscall_32+0x3ee/0xfa1 arch/x86/entry/common.c:392 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129 RIP: 0023:0xf7fd4c79 RSP: 002b:00000000f77d008c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000020003000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 audit: type=1400 audit(1518205882.155:90): avc: denied { net_bind_service } for pid=21865 comm="syz-executor1" capability=10 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pig=22037 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22049 comm=syz-executor5 device vcan0 entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pig=22113 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pig=22131 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pig=22160 comm=syz-executor0 nla_parse: 38 callbacks suppressed netlink: 7 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor3'. ip_tunnel: non-ECT from 172.20.0.170 with TOS=0x3 IPv6: NLM_F_CREATE should be specified when creating new route audit: type=1400 audit(1518205886.314:91): avc: denied { map } for pid=23029 comm="syz-executor4" path="socket:[58727]" dev="sockfs" ino=58727 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=tcp_socket permissive=1 sctp: [Deprecated]: syz-executor1 (pid 23214) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor1 (pid 23226) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead dccp_invalid_packet: invalid packet type PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr dccp_invalid_packet: invalid packet type PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr nla_parse: 30 callbacks suppressed netlink: 40 bytes leftover after parsing attributes in process `syz-executor2'. audit: type=1400 audit(1518205888.857:92): avc: denied { net_broadcast } for pid=23755 comm="syz-executor3" capability=11 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 netlink: 7 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 28 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 28 bytes leftover after parsing attributes in process `syz-executor3'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pig=23861 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=23871 comm=syz-executor6 netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor2'.