netlink: 'syz-executor0': attribute type 33 has an invalid length.
x_tables: eb_tables: arpreply target: only valid in nat table, not na


=============================
WARNING: suspicious RCU usage
4.17.0-rc1+ #16 Not tainted
-----------------------------
net/ipv6/route.c:1550 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
3 locks held by syz-executor2/8558:
 #0: 00000000fa9cc1aa (rcu_read_lock_bh){....}, at: lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline]
 #0: 00000000fa9cc1aa (rcu_read_lock_bh){....}, at: ip6_finish_output2+0x253/0x2800 net/ipv6/ip6_output.c:106
 #1: 00000000fa9cc1aa (rcu_read_lock_bh){....}, at: __dev_queue_xmit+0x30f/0x34c0 net/core/dev.c:3519
 #2: 000000000f5cc7db (rcu_read_lock){....}, at: ip6_link_failure+0xfe/0x790 net/ipv6/route.c:2227

stack backtrace:
CPU: 1 PID: 8558 Comm: syz-executor2 Not tainted 4.17.0-rc1+ #16
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1b9/0x294 lib/dump_stack.c:113
 lockdep_rcu_suspicious+0x14a/0x153 kernel/locking/lockdep.c:4592
 rt6_remove_exception_rt+0x416/0x4d0 net/ipv6/route.c:1549
netlink: 'syz-executor0': attribute type 33 has an invalid length.
 ip6_link_failure+0x484/0x790 net/ipv6/route.c:2231
 dst_link_failure include/net/dst.h:427 [inline]
 ip6_tnl_xmit+0x49a/0x34b0 net/ipv6/ip6_tunnel.c:1222
x_tables: eb_tables: arpreply target: only valid in nat table, not na

 ip6ip6_tnl_xmit net/ipv6/ip6_tunnel.c:1374 [inline]
 ip6_tnl_start_xmit+0x8fc/0x2290 net/ipv6/ip6_tunnel.c:1397
 __netdev_start_xmit include/linux/netdevice.h:4087 [inline]
 netdev_start_xmit include/linux/netdevice.h:4096 [inline]
 xmit_one net/core/dev.c:3054 [inline]
 dev_hard_start_xmit+0x264/0xc10 net/core/dev.c:3070
 __dev_queue_xmit+0x2724/0x34c0 net/core/dev.c:3585
 dev_queue_xmit+0x17/0x20 net/core/dev.c:3618
 neigh_direct_output+0x15/0x20 net/core/neighbour.c:1398
 neigh_output include/net/neighbour.h:482 [inline]
 ip6_finish_output2+0xc93/0x2800 net/ipv6/ip6_output.c:120
 ip6_finish_output+0x5fe/0xbc0 net/ipv6/ip6_output.c:154
 NF_HOOK_COND include/linux/netfilter.h:277 [inline]
 ip6_output+0x227/0x9b0 net/ipv6/ip6_output.c:171
 dst_output include/net/dst.h:444 [inline]
 NF_HOOK include/linux/netfilter.h:288 [inline]
 rawv6_send_hdrinc net/ipv6/raw.c:678 [inline]
 rawv6_sendmsg+0x2674/0x4590 net/ipv6/raw.c:924
 inet_sendmsg+0x19f/0x690 net/ipv4/af_inet.c:798
 sock_sendmsg_nosec net/socket.c:629 [inline]
 sock_sendmsg+0xd5/0x120 net/socket.c:639
 ___sys_sendmsg+0x805/0x940 net/socket.c:2117
 __sys_sendmsg+0x115/0x270 net/socket.c:2155
 __do_sys_sendmsg net/socket.c:2164 [inline]
 __se_sys_sendmsg net/socket.c:2162 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2162
 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x455389
RSP: 002b:00007ffb06b09c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007ffb06b0a6d4 RCX: 0000000000455389
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000013
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000004d5 R14: 00000000006fa498 R15: 0000000000000000
netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 'syz-executor3': attribute type 10 has an invalid length.
bridge0: port 3(erspan0) entered blocking state
bridge0: port 3(erspan0) entered disabled state
device erspan0 entered promiscuous mode
bridge0: port 3(erspan0) entered blocking state
bridge0: port 3(erspan0) entered forwarding state
netlink: 16 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 'syz-executor5': attribute type 22 has an invalid length.
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
device lo entered promiscuous mode
IPVS: ftp: loaded support on port[0] = 21
device lo left promiscuous mode
device lo entered promiscuous mode
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
netlink: 'syz-executor3': attribute type 40 has an invalid length.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
netlink: 'syz-executor3': attribute type 21 has an invalid length.
netlink: 3760 bytes leftover after parsing attributes in process `syz-executor7'.
random: crng init done
kernel msg: ebtables bug: please report to author: entry offsets not in right order