kernel msg: ebtables bug: please report to author: counter_offset != totalcnt
audit: type=1400 audit(1521807566.131:79): avc:  denied  { connect } for  pid=20973 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1

=============================
WARNING: suspicious RCU usage
4.16.0-rc4+ #278 Not tainted
-----------------------------
./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor1/20980:
 #0:  (sk_lock-AF_INET6){+.+.}, at: [<00000000c7c1a012>] lock_sock include/net/sock.h:1464 [inline]
 #0:  (sk_lock-AF_INET6){+.+.}, at: [<00000000c7c1a012>] sock_setsockopt+0x16b/0x1ad0 net/core/sock.c:717

stack backtrace:
CPU: 0 PID: 20980 Comm: syz-executor1 Not tainted 4.16.0-rc4+ #278
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x24d lib/dump_stack.c:53
 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592
 ireq_opt_deref include/net/inet_sock.h:135 [inline]
 inet_csk_route_req+0x824/0xca0 net/ipv4/inet_connection_sock.c:543
 dccp_v4_send_response+0xa7/0x650 net/dccp/ipv4.c:485
 dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633
 dccp_v6_conn_request+0xd30/0x1410 net/dccp/ipv6.c:317
 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612
 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682
 dccp_v6_do_rcv+0x86a/0xa70 net/dccp/ipv6.c:578
 sk_backlog_rcv include/net/sock.h:909 [inline]
 __release_sock+0x124/0x360 net/core/sock.c:2335
 release_sock+0xa4/0x2a0 net/core/sock.c:2850
 sock_setsockopt+0x528/0x1ad0 net/core/sock.c:1070
 SYSC_setsockopt net/socket.c:1846 [inline]
 SyS_setsockopt+0x2ff/0x360 net/socket.c:1829
 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x454239
RSP: 002b:00007fca05093c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fca050946d4 RCX: 0000000000454239
RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000013
RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000
R10: 0000000020000080 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000004f7 R14: 00000000006f87c8 R15: 0000000000000000

=============================
WARNING: suspicious RCU usage
4.16.0-rc4+ #278 Not tainted
-----------------------------
./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor1/20980:
 #0:  (sk_lock-AF_INET6){+.+.}, at: [<00000000c7c1a012>] lock_sock include/net/sock.h:1464 [inline]
 #0:  (sk_lock-AF_INET6){+.+.}, at: [<00000000c7c1a012>] sock_setsockopt+0x16b/0x1ad0 net/core/sock.c:717

stack backtrace:
CPU: 0 PID: 20980 Comm: syz-executor1 Not tainted 4.16.0-rc4+ #278
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x24d lib/dump_stack.c:53
 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592
 ireq_opt_deref include/net/inet_sock.h:135 [inline]
 dccp_v4_send_response+0x4b6/0x650 net/dccp/ipv4.c:496
 dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633
 dccp_v6_conn_request+0xd30/0x1410 net/dccp/ipv6.c:317
 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612
 dccp_v4_do_rcv+0xf1/0x160 net/dccp/ipv4.c:682
 dccp_v6_do_rcv+0x86a/0xa70 net/dccp/ipv6.c:578
 sk_backlog_rcv include/net/sock.h:909 [inline]
 __release_sock+0x124/0x360 net/core/sock.c:2335
 release_sock+0xa4/0x2a0 net/core/sock.c:2850
 sock_setsockopt+0x528/0x1ad0 net/core/sock.c:1070
 SYSC_setsockopt net/socket.c:1846 [inline]
 SyS_setsockopt+0x2ff/0x360 net/socket.c:1829
 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x454239
RSP: 002b:00007fca05093c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fca050946d4 RCX: 0000000000454239
RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000013
RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000
R10: 0000000020000080 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000004f7 R14: 00000000006f87c8 R15: 0000000000000000
netlink: 'syz-executor2': attribute type 29 has an invalid length.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 'syz-executor2': attribute type 29 has an invalid length.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 'syz-executor2': attribute type 29 has an invalid length.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 'syz-executor2': attribute type 29 has an invalid length.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 'syz-executor2': attribute type 29 has an invalid length.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'.
xt_AUDIT: Audit type out of range (valid range: 0..2)
can: request_module (can-proto-0) failed.
can: request_module (can-proto-0) failed.
kernel msg: ebtables bug: please report to author: EBT_ENTRY_OR_ENTRIES shouldn't be set in distinguisher
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=19232 sclass=netlink_route_socket pig=21397 comm=syz-executor0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63560 sclass=netlink_route_socket pig=21403 comm=syz-executor5
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63560 sclass=netlink_route_socket pig=21403 comm=syz-executor5
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26678 sclass=netlink_route_socket pig=21473 comm=syz-executor2
netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26678 sclass=netlink_route_socket pig=21473 comm=syz-executor2
netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'.
sctp: [Deprecated]: syz-executor5 (pid 21531) Use of int in maxseg socket option.
Use struct sctp_assoc_value instead
sctp: [Deprecated]: syz-executor5 (pid 21545) Use of int in maxseg socket option.
Use struct sctp_assoc_value instead
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39632 sclass=netlink_route_socket pig=21571 comm=syz-executor4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39632 sclass=netlink_route_socket pig=21583 comm=syz-executor4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6090 sclass=netlink_route_socket pig=21690 comm=syz-executor5
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=21695 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=21695 comm=syz-executor2
netlink: 'syz-executor3': attribute type 29 has an invalid length.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 'syz-executor3': attribute type 29 has an invalid length.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 'syz-executor3': attribute type 29 has an invalid length.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 'syz-executor3': attribute type 29 has an invalid length.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 'syz-executor3': attribute type 29 has an invalid length.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'.
RDS: rds_bind could not find a transport for 224.0.0.1, load rds_tcp or rds_rdma?
RDS: rds_bind could not find a transport for 0.0.0.63, load rds_tcp or rds_rdma?
RDS: rds_bind could not find a transport for 0.0.0.63, load rds_tcp or rds_rdma?
openvswitch: netlink: Flow get message rejected, Key attribute missing.
openvswitch: netlink: Flow get message rejected, Key attribute missing.
kernel msg: ebtables bug: please report to author: EBT_ENTRY_OR_ENTRIES shouldn't be set in distinguisher
kernel msg: ebtables bug: please report to author: EBT_ENTRY_OR_ENTRIES shouldn't be set in distinguisher
rdma_op 00000000d0f3847f conn xmit_rdma           (null)
sock: sock_set_timeout: `syz-executor2' (pid 22498) tries to set negative timeout
sock: sock_set_timeout: `syz-executor2' (pid 22498) tries to set negative timeout
kernel msg: ebtables bug: please report to author: Total nentries is wrong
kernel msg: ebtables bug: please report to author: Total nentries is wrong
kernel msg: ebtables bug: please report to author: counter_offset != totalcnt
kernel msg: ebtables bug: please report to author: counter_offset != totalcnt
kernel msg: ebtables bug: please report to author: bad policy
validate_nla: 16 callbacks suppressed
netlink: 'syz-executor4': attribute type 1 has an invalid length.
xt_ipvs: protocol family 7 not supported
dccp_close: ABORT with 1 bytes unread
kernel msg: ebtables bug: please report to author: bad policy
xt_ipvs: protocol family 7 not supported
netlink: 'syz-executor4': attribute type 1 has an invalid length.
sctp: [Deprecated]: syz-executor6 (pid 23023) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
device lo entered promiscuous mode
device lo left promiscuous mode
sctp: [Deprecated]: syz-executor6 (pid 23023) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
sctp: [Deprecated]: syz-executor3 (pid 23043) Use of int in max_burst socket option deprecated.
Use struct sctp_assoc_value instead
IPVS: Unknown mcast interface: 
nla_parse: 27 callbacks suppressed
netlink: 12 bytes leftover after parsing attributes in process `syz-executor6'.
kernel msg: ebtables bug: please report to author: Wrong len argument
netlink: 12 bytes leftover after parsing attributes in process `syz-executor6'.
kernel msg: ebtables bug: please report to author: Wrong len argument
netlink: 'syz-executor5': attribute type 7 has an invalid length.
netlink: 'syz-executor5': attribute type 7 has an invalid length.
sctp: [Deprecated]: syz-executor0 (pid 23416) Use of int in max_burst socket option deprecated.
Use struct sctp_assoc_value instead
kernel msg: ebtables bug: please report to author: Wrong len argument
audit: type=1400 audit(1521807575.502:80): avc:  denied  { map } for  pid=23724 comm="syz-executor6" path="socket:[56728]" dev="sockfs" ino=56728 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_route_socket permissive=1
audit: type=1400 audit(1521807575.757:81): avc:  denied  { accept } for  pid=23801 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1
netlink: 80 bytes leftover after parsing attributes in process `syz-executor2'.
selinux_nlmsg_perm: 9 callbacks suppressed
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=17861 sclass=netlink_xfrm_socket pig=23900 comm=syz-executor5