BUG: sleeping function called from invalid context at net/core/sock.c:2772 in_atomic(): 1, irqs_disabled(): 0, pid: 21, name: kworker/u4:1 5 locks held by kworker/u4:1/21: #0: ((wq_completion)"%s""netns"){+.+.}, at: [<000000005674be01>] process_one_work+0xaaf/0x1af0 kernel/workqueue.c:2084 #1: (net_cleanup_work){+.+.}, at: [<0000000020c9dee4>] process_one_work+0xb01/0x1af0 kernel/workqueue.c:2088 #2: (net_sem){++++}, at: [<00000000620bad5d>] cleanup_net+0x23f/0xd20 net/core/net_namespace.c:494 audit: type=1400 audit(1519064096.644:17): avc: denied { name_connect } for pid=5339 comm="syz-executor5" dest=20020 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 #3: (net_mutex){+.+.}, at: [<000000007eecd6bf>] cleanup_net+0xa7d/0xd20 net/core/net_namespace.c:496 #4: (&(&srv->idr_lock)->rlock){+...}, at: [<000000001a48b43a>] spin_lock_bh include/linux/spinlock.h:315 [inline] #4: (&(&srv->idr_lock)->rlock){+...}, at: [<000000001a48b43a>] tipc_topsrv_stop+0x231/0x610 net/tipc/topsrv.c:685 CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 4.16.0-rc1+ #232 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 audit: type=1400 audit(1519064096.675:18): avc: denied { map_create } for pid=5363 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6128 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 lock_sock_nested+0x37/0x110 net/core/sock.c:2772 lock_sock include/net/sock.h:1463 [inline] tipc_release+0x103/0xff0 net/tipc/socket.c:572 sock_release+0x8d/0x1e0 net/socket.c:594 tipc_topsrv_stop+0x3c0/0x610 net/tipc/topsrv.c:696 tipc_exit_net+0x15/0x40 net/tipc/core.c:96 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:148 cleanup_net+0x6ba/0xd20 net/core/net_namespace.c:529 audit: type=1400 audit(1519064096.675:19): avc: denied { map_read map_write } for pid=5363 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1519064096.677:20): avc: denied { prog_load } for pid=5363 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1519064096.705:21): avc: denied { prog_run } for pid=5363 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 process_one_work+0xbbf/0x1af0 kernel/workqueue.c:2113 worker_thread+0x223/0x1990 kernel/workqueue.c:2247 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:429 xt_hashlimit: overflow, try lower: 18446744073709551612/31 netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. ====================================================== WARNING: possible circular locking dependency detected 4.16.0-rc1+ #232 Tainted: G W ------------------------------------------------------ syz-executor2/5411 is trying to acquire lock: (&(&srv->idr_lock)->rlock){+...}, at: [<000000001cf08bdd>] spin_lock_bh include/linux/spinlock.h:315 [inline] (&(&srv->idr_lock)->rlock){+...}, at: [<000000001cf08bdd>] tipc_conn_lookup+0x1f/0x90 net/tipc/topsrv.c:225 but task is already holding lock: (&(&sub->lock)->rlock){+...}, at: [<00000000dfa24676>] spin_lock include/linux/spinlock.h:310 [inline] (&(&sub->lock)->rlock){+...}, at: [<00000000dfa24676>] tipc_sub_report_overlap+0x3ce/0x4f0 net/tipc/subscr.c:97 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #4 (&(&sub->lock)->rlock){+...}: __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:310 [inline] tipc_sub_report_overlap+0x3ce/0x4f0 net/tipc/subscr.c:97 tipc_nameseq_insert_publ net/tipc/name_table.c:329 [inline] tipc_nametbl_insert_publ+0xf1c/0x1850 net/tipc/name_table.c:489 tipc_nametbl_publish+0x2aa/0x4f0 net/tipc/name_table.c:762 tipc_sk_publish+0x1f5/0x4b0 net/tipc/socket.c:2600 tipc_sk_join net/tipc/socket.c:2770 [inline] tipc_setsockopt+0x5fd/0xcf0 net/tipc/socket.c:2874 SYSC_setsockopt net/socket.c:1850 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1829 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b -> #3 (&(&nseq->lock)->rlock){+...}: __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] tipc_nametbl_insert_publ+0x2da/0x1850 net/tipc/name_table.c:488 tipc_nametbl_publish+0x2aa/0x4f0 net/tipc/name_table.c:762 netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. tipc_sk_publish+0x1f5/0x4b0 net/tipc/socket.c:2600 tipc_bind+0x1a9/0x2d0 net/tipc/socket.c:647 kernel_bind+0x62/0x80 net/socket.c:3128 tipc_topsrv_create_listener net/tipc/topsrv.c:531 [inline] tipc_topsrv_start+0x9ab/0x1010 net/tipc/topsrv.c:671 tipc_init_net+0x3cc/0x570 net/tipc/core.c:74 ops_init+0xec/0x500 net/core/net_namespace.c:124 __register_pernet_operations net/core/net_namespace.c:926 [inline] register_pernet_operations+0x45e/0xa00 net/core/net_namespace.c:1000 register_pernet_subsys+0x28/0x40 net/core/net_namespace.c:1046 tipc_init+0x83/0x104 net/tipc/core.c:136 do_one_initcall+0xad/0x357 init/main.c:832 do_initcall_level init/main.c:898 [inline] do_initcalls init/main.c:906 [inline] do_basic_setup init/main.c:924 [inline] kernel_init_freeable+0x469/0x521 init/main.c:1072 kernel_init+0x13/0x180 init/main.c:999 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:429 -> #2 (&(&tn->nametbl_lock)->rlock){+...}: __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] tipc_nametbl_publish+0x1ff/0x4f0 net/tipc/name_table.c:754 tipc_sk_publish+0x1f5/0x4b0 net/tipc/socket.c:2600 tipc_bind+0x1a9/0x2d0 net/tipc/socket.c:647 kernel_bind+0x62/0x80 net/socket.c:3128 tipc_topsrv_create_listener net/tipc/topsrv.c:531 [inline] tipc_topsrv_start+0x9ab/0x1010 net/tipc/topsrv.c:671 tipc_init_net+0x3cc/0x570 net/tipc/core.c:74 ops_init+0xec/0x500 net/core/net_namespace.c:124 __register_pernet_operations net/core/net_namespace.c:926 [inline] register_pernet_operations+0x45e/0xa00 net/core/net_namespace.c:1000 register_pernet_subsys+0x28/0x40 net/core/net_namespace.c:1046 tipc_init+0x83/0x104 net/tipc/core.c:136 do_one_initcall+0xad/0x357 init/main.c:832 do_initcall_level init/main.c:898 [inline] do_initcalls init/main.c:906 [inline] do_basic_setup init/main.c:924 [inline] kernel_init_freeable+0x469/0x521 init/main.c:1072 kernel_init+0x13/0x180 init/main.c:999 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:429 -> #1 (k-sk_lock-AF_TIPC){+.+.}: lock_sock_nested+0xc2/0x110 net/core/sock.c:2781 lock_sock include/net/sock.h:1463 [inline] tipc_release+0x103/0xff0 net/tipc/socket.c:572 sock_release+0x8d/0x1e0 net/socket.c:594 tipc_topsrv_stop+0x3c0/0x610 net/tipc/topsrv.c:696 tipc_exit_net+0x15/0x40 net/tipc/core.c:96 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:148 cleanup_net+0x6ba/0xd20 net/core/net_namespace.c:529 process_one_work+0xbbf/0x1af0 kernel/workqueue.c:2113 worker_thread+0x223/0x1990 kernel/workqueue.c:2247 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:429 -> #0 (&(&srv->idr_lock)->rlock){+...}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] tipc_conn_lookup+0x1f/0x90 net/tipc/topsrv.c:225 tipc_topsrv_queue_evt+0x225/0x6d0 net/tipc/topsrv.c:326 tipc_sub_send_event+0x250/0x440 net/tipc/subscr.c:54 tipc_sub_report_overlap+0x3f6/0x4f0 net/tipc/subscr.c:98 tipc_nameseq_insert_publ net/tipc/name_table.c:329 [inline] tipc_nametbl_insert_publ+0xf1c/0x1850 net/tipc/name_table.c:489 tipc_nametbl_publish+0x2aa/0x4f0 net/tipc/name_table.c:762 tipc_sk_publish+0x1f5/0x4b0 net/tipc/socket.c:2600 tipc_sk_join net/tipc/socket.c:2770 [inline] tipc_setsockopt+0x5fd/0xcf0 net/tipc/socket.c:2874 SYSC_setsockopt net/socket.c:1850 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1829 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b other info that might help us debug this: Chain exists of: &(&srv->idr_lock)->rlock --> &(&nseq->lock)->rlock --> &(&sub->lock)->rlock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&(&sub->lock)->rlock); lock(&(&nseq->lock)->rlock); lock(&(&sub->lock)->rlock); lock(&(&srv->idr_lock)->rlock); *** DEADLOCK *** 4 locks held by syz-executor2/5411: #0: (sk_lock-AF_TIPC){+.+.}, at: [<0000000079833597>] lock_sock include/net/sock.h:1463 [inline] #0: (sk_lock-AF_TIPC){+.+.}, at: [<0000000079833597>] tipc_setsockopt+0x13f/0xcf0 net/tipc/socket.c:2847 #1: (&(&tn->nametbl_lock)->rlock){+...}, at: [<000000007334dadc>] spin_lock_bh include/linux/spinlock.h:315 [inline] #1: (&(&tn->nametbl_lock)->rlock){+...}, at: [<000000007334dadc>] tipc_nametbl_publish+0x1ff/0x4f0 net/tipc/name_table.c:754 #2: (&(&nseq->lock)->rlock){+...}, at: [<000000007ada7adf>] spin_lock_bh include/linux/spinlock.h:315 [inline] #2: (&(&nseq->lock)->rlock){+...}, at: [<000000007ada7adf>] tipc_nametbl_insert_publ+0x2da/0x1850 net/tipc/name_table.c:488 #3: (&(&sub->lock)->rlock){+...}, at: [<00000000dfa24676>] spin_lock include/linux/spinlock.h:310 [inline] #3: (&(&sub->lock)->rlock){+...}, at: [<00000000dfa24676>] tipc_sub_report_overlap+0x3ce/0x4f0 net/tipc/subscr.c:97 stack backtrace: CPU: 1 PID: 5411 Comm: syz-executor2 Tainted: G W 4.16.0-rc1+ #232 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug.isra.38+0x2cd/0x2dc kernel/locking/lockdep.c:1223 check_prev_add kernel/locking/lockdep.c:1863 [inline] check_prevs_add kernel/locking/lockdep.c:1976 [inline] validate_chain kernel/locking/lockdep.c:2417 [inline] __lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3431 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] tipc_conn_lookup+0x1f/0x90 net/tipc/topsrv.c:225 tipc_topsrv_queue_evt+0x225/0x6d0 net/tipc/topsrv.c:326 tipc_sub_send_event+0x250/0x440 net/tipc/subscr.c:54 tipc_sub_report_overlap+0x3f6/0x4f0 net/tipc/subscr.c:98 tipc_nameseq_insert_publ net/tipc/name_table.c:329 [inline] tipc_nametbl_insert_publ+0xf1c/0x1850 net/tipc/name_table.c:489 tipc_nametbl_publish+0x2aa/0x4f0 net/tipc/name_table.c:762 tipc_sk_publish+0x1f5/0x4b0 net/tipc/socket.c:2600 tipc_sk_join net/tipc/socket.c:2770 [inline] tipc_setsockopt+0x5fd/0xcf0 net/tipc/socket.c:2874 SYSC_setsockopt net/socket.c:1850 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1829 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453d69 RSP: 002b:00007ff32edc5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007ff32edc66d4 RCX: 0000000000453d69 RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000015 RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 R10: 0000000020265000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000005a6 R14: 00000000006f8830 R15: 0000000000000000 Cannot find del_set index 0 as target netlink: 4 bytes leftover after parsing attributes in process `syz-executor3'. xt_CT: You must specify a L4 protocol, and not use inversions on it. Cannot find del_set index 0 as target netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor3'. xt_CT: You must specify a L4 protocol, and not use inversions on it. BUG: sleeping function called from invalid context at net/core/sock.c:2772 in_atomic(): 1, irqs_disabled(): 0, pid: 21, name: kworker/u4:1 INFO: lockdep is turned off. CPU: 1 PID: 21 Comm: kworker/u4:1 Tainted: G W 4.16.0-rc1+ #232 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6128 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 lock_sock_nested+0x37/0x110 net/core/sock.c:2772 lock_sock include/net/sock.h:1463 [inline] tipc_release+0x103/0xff0 net/tipc/socket.c:572 sock_release+0x8d/0x1e0 net/socket.c:594 tipc_topsrv_stop+0x3c0/0x610 net/tipc/topsrv.c:696 tipc_exit_net+0x15/0x40 net/tipc/core.c:96 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:148 cleanup_net+0x6ba/0xd20 net/core/net_namespace.c:529 netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'. process_one_work+0xbbf/0x1af0 kernel/workqueue.c:2113 worker_thread+0x223/0x1990 kernel/workqueue.c:2247 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:429 device syz4 entered promiscuous mode device syz4 left promiscuous mode device syz4 entered promiscuous mode device syz4 left promiscuous mode netlink: 'syz-executor5': attribute type 1 has an invalid length. netlink: 'syz-executor5': attribute type 1 has an invalid length. sock: sock_set_timeout: `syz-executor3' (pid 5859) tries to set negative timeout sock: sock_set_timeout: `syz-executor3' (pid 5876) tries to set negative timeout TCP: request_sock_TCP: Possible SYN flooding on port 20025. Sending cookies. Check SNMP counters. netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. xt_DSCP: dscp fc out of range xt_HL: increment/decrement does not make sense with value 0 xt_DSCP: dscp fc out of range xt_HL: increment/decrement does not make sense with value 0 syz-executor2 (6153) used greatest stack depth: 12784 bytes left xt_l2tp: v2 doesn't support IP mode netlink: 'syz-executor1': attribute type 1 has an invalid length. x_tables: ip6_tables: eui64 match: used from hooks INPUT/OUTPUT, but only valid from PREROUTING/INPUT/FORWARD x_tables: ip6_tables: eui64 match: used from hooks INPUT/OUTPUT, but only valid from PREROUTING/INPUT/FORWARD kernel msg: ebtables bug: please report to author: Couldn't copy entries from userspace kauditd_printk_skb: 17 callbacks suppressed audit: type=1400 audit(1519064100.899:39): avc: denied { create } for pid=6242 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_scsitransport_socket permissive=1 kernel msg: ebtables bug: please report to author: Couldn't copy entries from userspace audit: type=1400 audit(1519064101.040:40): avc: denied { setopt } for pid=6303 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 BUG: sleeping function called from invalid context at mm/slab.h:420 in_atomic(): 1, irqs_disabled(): 0, pid: 6328, name: syz-executor4 INFO: lockdep is turned off. CPU: 0 PID: 6328 Comm: syz-executor4 Tainted: G W 4.16.0-rc1+ #232 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6128 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc_trace+0x299/0x740 mm/slab.c:3605 kmalloc include/linux/slab.h:512 [inline] kzalloc include/linux/slab.h:701 [inline] rds_loop_conn_alloc+0xc8/0x380 net/rds/loop.c:126 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 xt_addrtype: output interface limitation not valid in PREROUTING and INPUT rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 xt_addrtype: output interface limitation not valid in PREROUTING and INPUT rds_sendmsg+0xe63/0x2550 net/rds/send.c:1153 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xca/0x110 net/socket.c:639 SYSC_sendto+0x361/0x5c0 net/socket.c:1748 SyS_sendto+0x40/0x50 net/socket.c:1716 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453d69 RSP: 002b:00007f6af9675c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f6af96766d4 RCX: 0000000000453d69 RDX: 0000000000000001 RSI: 00000000203edfff RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000020dfcff0 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004b9 R14: 00000000006f71f8 R15: 0000000000000000 audit: type=1400 audit(1519064101.727:41): avc: denied { write } for pid=6408 comm="syz-executor6" path="socket:[16229]" dev="sockfs" ino=16229 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 x_tables: ip_tables: ah match: only valid for protocol 51 audit: type=1400 audit(1519064101.822:42): avc: denied { bind } for pid=6455 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 Cannot find del_set index 0 as target Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable Cannot find del_set index 0 as target dccp_invalid_packet: pskb_may_pull failed dccp_invalid_packet: pskb_may_pull failed netlink: 'syz-executor0': attribute type 6 has an invalid length. netlink: 'syz-executor0': attribute type 6 has an invalid length. xt_CT: You must specify a L4 protocol, and not use inversions on it. syz-executor5 uses obsolete (PF_INET,SOCK_PACKET) xt_SECMARK: target only valid in the 'mangle' or 'security' tables, not 'broute'. xt_CT: You must specify a L4 protocol, and not use inversions on it. ICMPv6: NA: 00:00:00:00:00:00 advertised our address fe80::aa on syz0! netlink: 'syz-executor2': attribute type 2 has an invalid length. netlink: 'syz-executor3': attribute type 29 has an invalid length. audit: type=1400 audit(1519064102.691:43): avc: denied { setopt } for pid=6791 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 'syz-executor3': attribute type 29 has an invalid length. netlink: 'syz-executor2': attribute type 2 has an invalid length. netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 'syz-executor1': attribute type 21 has an invalid length. netlink: 11 bytes leftover after parsing attributes in process `syz-executor4'. xt_TPROXY: Can be used only in combination with either -p tcp or -p udp netlink: 11 bytes leftover after parsing attributes in process `syz-executor4'. xt_TPROXY: Can be used only in combination with either -p tcp or -p udp A link change request failed with some changes committed already. Interface syz5 may have been left with an inconsistent configuration, please check. A link change request failed with some changes committed already. Interface syz5 may have been left with an inconsistent configuration, please check. Cannot find del_set index 0 as target Cannot find del_set index 0 as target kernel msg: ebtables bug: please report to author: Unknown flag for bitmask dccp_invalid_packet: P.Data Offset(4) too large sctp: [Deprecated]: syz-executor7 (pid 7126) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor7 (pid 7126) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead xt_CT: You must specify a L4 protocol, and not use inversions on it. xt_CT: You must specify a L4 protocol, and not use inversions on it. audit: type=1400 audit(1519064103.879:44): avc: denied { create } for pid=7217 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 --map-set only usable from mangle table xt_HL: increment/decrement does not make sense with value 0 audit: type=1400 audit(1519064103.920:45): avc: denied { write } for pid=7217 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. x_tables: ip6_tables: MASQUERADE target: used from hooks PREROUTING, but only usable from POSTROUTING TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. x_tables: ip6_tables: MASQUERADE target: used from hooks PREROUTING, but only usable from POSTROUTING xt_CT: You must specify a L4 protocol, and not use inversions on it. TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. kernel msg: ebtables bug: please report to author: bad policy TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. audit: type=1400 audit(1519064104.552:46): avc: denied { getattr } for pid=7437 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 xt_connbytes: Forcing CT accounting to be enabled TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. Cannot find map_set index 0 as target TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. Cannot find map_set index 0 as target TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. x_tables: ip_tables: ah match: only valid for protocol 51 x_tables: ip_tables: ah match: only valid for protocol 51 xt_cluster: you have exceeded the maximum number of cluster nodes (256 > 32) xt_cluster: you have exceeded the maximum number of cluster nodes (256 > 32) audit: type=1400 audit(1519064105.194:47): avc: denied { relabelto } for pid=7650 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=packet permissive=1 netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. audit: type=1400 audit(1519064105.330:48): avc: denied { create } for pid=7690 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_iscsi_socket permissive=1 x_tables: ip_tables: icmp match: only valid for protocol 1 xt_connbytes: Forcing CT accounting to be enabled SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pig=7828 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pig=7825 comm=syz-executor1 xt_connbytes: Forcing CT accounting to be enabled x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 xt_CT: You must specify a L4 protocol, and not use inversions on it. xt_CT: You must specify a L4 protocol, and not use inversions on it. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready validate_nla: 2 callbacks suppressed netlink: 'syz-executor1': attribute type 1 has an invalid length. netlink: 'syz-executor1': attribute type 1 has an invalid length.