device lo entered promiscuous mode BUG: sleeping function called from invalid context at net/core/sock.c:2772 in_atomic(): 1, irqs_disabled(): 0, pid: 21, name: kworker/u4:1 5 locks held by kworker/u4:1/21: #0: ((wq_completion)"%s""netns"){+.+.}, at: [<00000000e77001aa>] process_one_work+0xaaf/0x1af0 kernel/workqueue.c:2084 #1: (net_cleanup_work){+.+.}, at: [<0000000010006e9a>] process_one_work+0xb01/0x1af0 kernel/workqueue.c:2088 #2: (net_sem ============================= ){++++}, at: [<000000009f96dca0>] cleanup_net+0x23f/0xd20 net/core/net_namespace.c:494 WARNING: suspicious RCU usage #3: ( 4.16.0-rc1+ #231 Not tainted net_mutex){+.+.} ----------------------------- , at: [<00000000e66da95a>] cleanup_net+0xa7d/0xd20 net/core/net_namespace.c:496 #4: ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section! (&(&srv->idr_lock)->rlock other info that might help us debug this: ){+...}, at: [<0000000061d36efd>] spin_lock_bh include/linux/spinlock.h:315 [inline] ){+...}, at: [<0000000061d36efd>] tipc_topsrv_stop+0x231/0x610 net/tipc/topsrv.c:685 CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 4.16.0-rc1+ #231 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 rcu_scheduler_active = 2, debug_locks = 1 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 1 lock held by syz-executor2/6361: ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6128 #0: __might_sleep+0x95/0x190 kernel/sched/core.c:6081 lock_sock_nested+0x37/0x110 net/core/sock.c:2772 ( lock_sock include/net/sock.h:1463 [inline] tipc_release+0x103/0xff0 net/tipc/socket.c:572 rcu_read_lock ){....} , at: [<00000000a38d0498>] __rds_conn_create+0xe46/0x1b50 net/rds/connection.c:218 sock_release+0x8d/0x1e0 net/socket.c:594 stack backtrace: tipc_topsrv_stop+0x3c0/0x610 net/tipc/topsrv.c:696 tipc_exit_net+0x15/0x40 net/tipc/core.c:96 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:148 cleanup_net+0x6ba/0xd20 net/core/net_namespace.c:529 process_one_work+0xbbf/0x1af0 kernel/workqueue.c:2113 worker_thread+0x223/0x1990 kernel/workqueue.c:2247 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:429 CPU: 1 PID: 6361 Comm: syz-executor2 Not tainted 4.16.0-rc1+ #231 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ====================================================== WARNING: possible circular locking dependency detected Call Trace: 4.16.0-rc1+ #231 Tainted: G W __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ------------------------------------------------------ kworker/u4:1/21 is trying to acquire lock: ( lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 k-sk_lock-AF_TIPC){+.+.} rcu_preempt_sleep_check include/linux/rcupdate.h:301 [inline] ___might_sleep+0x385/0x470 kernel/sched/core.c:6093 , at: [<000000002ae2b578>] lock_sock include/net/sock.h:1463 [inline] , at: [<000000002ae2b578>] tipc_release+0x103/0xff0 net/tipc/socket.c:572 but task is already holding lock: ( &(&srv->idr_lock)->rlock){+...} , at: [<0000000061d36efd>] spin_lock_bh include/linux/spinlock.h:315 [inline] , at: [<0000000061d36efd>] tipc_topsrv_stop+0x231/0x610 net/tipc/topsrv.c:685 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc_trace+0x299/0x740 mm/slab.c:3605 -> #4 ( &(&srv->idr_lock)->rlock ){+...} : __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 kmalloc include/linux/slab.h:512 [inline] kzalloc include/linux/slab.h:701 [inline] rds_loop_conn_alloc+0xc8/0x380 net/rds/loop.c:126 spin_lock_bh include/linux/spinlock.h:315 [inline] tipc_conn_lookup+0x1f/0x90 net/tipc/topsrv.c:225 tipc_topsrv_queue_evt+0x225/0x6d0 net/tipc/topsrv.c:326 tipc_sub_send_event+0x250/0x440 net/tipc/subscr.c:54 tipc_sub_report_overlap+0x3f6/0x4f0 net/tipc/subscr.c:98 tipc_nameseq_insert_publ net/tipc/name_table.c:329 [inline] tipc_nametbl_insert_publ+0xf1c/0x1850 net/tipc/name_table.c:489 tipc_nametbl_publish+0x2aa/0x4f0 net/tipc/name_table.c:762 tipc_sk_publish+0x1f5/0x4b0 net/tipc/socket.c:2600 tipc_sk_join net/tipc/socket.c:2770 [inline] tipc_setsockopt+0x5fd/0xcf0 net/tipc/socket.c:2874 SYSC_setsockopt net/socket.c:1850 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1829 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b -> #3 ( &(&sub->lock)->rlock ){+...}: __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:310 [inline] tipc_sub_report_overlap+0x3ce/0x4f0 net/tipc/subscr.c:97 tipc_nameseq_insert_publ net/tipc/name_table.c:329 [inline] tipc_nametbl_insert_publ+0xf1c/0x1850 net/tipc/name_table.c:489 tipc_nametbl_publish+0x2aa/0x4f0 net/tipc/name_table.c:762 tipc_sk_publish+0x1f5/0x4b0 net/tipc/socket.c:2600 tipc_sk_join net/tipc/socket.c:2770 [inline] tipc_setsockopt+0x5fd/0xcf0 net/tipc/socket.c:2874 SYSC_setsockopt net/socket.c:1850 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1829 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b -> #2 ( &(&nseq->lock)->rlock){+...} : __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 spin_lock_bh include/linux/spinlock.h:315 [inline] tipc_nametbl_insert_publ+0x2da/0x1850 net/tipc/name_table.c:488 tipc_nametbl_publish+0x2aa/0x4f0 net/tipc/name_table.c:762 rds_sendmsg+0xe63/0x2550 net/rds/send.c:1153 tipc_sk_publish+0x1f5/0x4b0 net/tipc/socket.c:2600 tipc_bind+0x1a9/0x2d0 net/tipc/socket.c:647 kernel_bind+0x62/0x80 net/socket.c:3128 tipc_topsrv_create_listener net/tipc/topsrv.c:531 [inline] tipc_topsrv_start+0x9ab/0x1010 net/tipc/topsrv.c:671 tipc_init_net+0x3cc/0x570 net/tipc/core.c:74 ops_init+0xec/0x500 net/core/net_namespace.c:124 __register_pernet_operations net/core/net_namespace.c:926 [inline] register_pernet_operations+0x45e/0xa00 net/core/net_namespace.c:1000 register_pernet_subsys+0x28/0x40 net/core/net_namespace.c:1046 tipc_init+0x83/0x104 net/tipc/core.c:136 do_one_initcall+0xad/0x357 init/main.c:832 do_initcall_level init/main.c:898 [inline] do_initcalls init/main.c:906 [inline] do_basic_setup init/main.c:924 [inline] kernel_init_freeable+0x469/0x521 init/main.c:1072 kernel_init+0x13/0x180 init/main.c:999 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:429 -> #1 ( &(&tn->nametbl_lock)->rlock ){+...}: __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] tipc_nametbl_publish+0x1ff/0x4f0 net/tipc/name_table.c:754 tipc_sk_publish+0x1f5/0x4b0 net/tipc/socket.c:2600 tipc_bind+0x1a9/0x2d0 net/tipc/socket.c:647 kernel_bind+0x62/0x80 net/socket.c:3128 tipc_topsrv_create_listener net/tipc/topsrv.c:531 [inline] tipc_topsrv_start+0x9ab/0x1010 net/tipc/topsrv.c:671 tipc_init_net+0x3cc/0x570 net/tipc/core.c:74 ops_init+0xec/0x500 net/core/net_namespace.c:124 __register_pernet_operations net/core/net_namespace.c:926 [inline] register_pernet_operations+0x45e/0xa00 net/core/net_namespace.c:1000 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xca/0x110 net/socket.c:639 register_pernet_subsys+0x28/0x40 net/core/net_namespace.c:1046 tipc_init+0x83/0x104 net/tipc/core.c:136 SYSC_sendto+0x361/0x5c0 net/socket.c:1748 do_one_initcall+0xad/0x357 init/main.c:832 do_initcall_level init/main.c:898 [inline] do_initcalls init/main.c:906 [inline] do_basic_setup init/main.c:924 [inline] kernel_init_freeable+0x469/0x521 init/main.c:1072 kernel_init+0x13/0x180 init/main.c:999 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:429 -> #0 ( k-sk_lock-AF_TIPC){+.+.} : lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920 lock_sock_nested+0xc2/0x110 net/core/sock.c:2781 lock_sock include/net/sock.h:1463 [inline] tipc_release+0x103/0xff0 net/tipc/socket.c:572 sock_release+0x8d/0x1e0 net/socket.c:594 SyS_sendto+0x40/0x50 net/socket.c:1716 tipc_topsrv_stop+0x3c0/0x610 net/tipc/topsrv.c:696 tipc_exit_net+0x15/0x40 net/tipc/core.c:96 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:148 cleanup_net+0x6ba/0xd20 net/core/net_namespace.c:529 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 process_one_work+0xbbf/0x1af0 kernel/workqueue.c:2113 worker_thread+0x223/0x1990 kernel/workqueue.c:2247 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:429 other info that might help us debug this: Chain exists of: k-sk_lock-AF_TIPC --> &(&sub->lock)->rlock --> &(&srv->idr_lock)->rlock entry_SYSCALL_64_after_hwframe+0x26/0x9b Possible unsafe locking scenario: RIP: 0033:0x453d69 CPU0 CPU1 ---- ---- RSP: 002b:00007fa37b448c68 EFLAGS: 00000246 lock(&(&srv->idr_lock)->rlock ORIG_RAX: 000000000000002c ); lock( RAX: ffffffffffffffda RBX: 00007fa37b4496d4 RCX: 0000000000453d69 &(&sub->lock)->rlock RDX: 0000000000000001 RSI: 00000000203edfff RDI: 0000000000000013 ); lock( RBP: 000000000072bea0 R08: 0000000020dfcff0 R09: 0000000000000010 &(&srv->idr_lock)->rlock); R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff lock(k-sk_lock-AF_TIPC R13: 00000000000004b9 R14: 00000000006f71f8 R15: 0000000000000000 ); *** DEADLOCK *** BUG: sleeping function called from invalid context at mm/slab.h:420 5 locks held by kworker/u4:1/21: #0: ((wq_completion)"%s""netns"){+.+.}, at: [<00000000e77001aa>] process_one_work+0xaaf/0x1af0 kernel/workqueue.c:2084 #1: in_atomic(): 1, irqs_disabled(): 0, pid: 6361, name: syz-executor2 (net_cleanup_work){+.+.}, at: [<0000000010006e9a>] process_one_work+0xb01/0x1af0 kernel/workqueue.c:2088 #2: INFO: lockdep is turned off. (net_sem){++++}, at: [<000000009f96dca0>] cleanup_net+0x23f/0xd20 net/core/net_namespace.c:494 #3: CPU: 1 PID: 6361 Comm: syz-executor2 Tainted: G W 4.16.0-rc1+ #231 ( Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 net_mutex){+.+.}, at: [<00000000e66da95a>] cleanup_net+0xa7d/0xd20 net/core/net_namespace.c:496 Call Trace: #4: ( __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 &(&srv->idr_lock)->rlock){+...} , at: [<0000000061d36efd>] spin_lock_bh include/linux/spinlock.h:315 [inline] , at: [<0000000061d36efd>] tipc_topsrv_stop+0x231/0x610 net/tipc/topsrv.c:685 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6128 stack backtrace: __might_sleep+0x95/0x190 kernel/sched/core.c:6081 slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc_trace+0x299/0x740 mm/slab.c:3605 kmalloc include/linux/slab.h:512 [inline] kzalloc include/linux/slab.h:701 [inline] rds_loop_conn_alloc+0xc8/0x380 net/rds/loop.c:126 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 rds_sendmsg+0xe63/0x2550 net/rds/send.c:1153 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xca/0x110 net/socket.c:639 SYSC_sendto+0x361/0x5c0 net/socket.c:1748 SyS_sendto+0x40/0x50 net/socket.c:1716 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453d69 RSP: 002b:00007fa37b448c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007fa37b4496d4 RCX: 0000000000453d69 RDX: 0000000000000001 RSI: 00000000203edfff RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000020dfcff0 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004b9 R14: 00000000006f71f8 R15: 0000000000000000 CPU: 0 PID: 21 Comm: kworker/u4:1 Tainted: G W 4.16.0-rc1+ #231 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug.isra.38+0x2cd/0x2dc kernel/locking/lockdep.c:1223 check_prev_add kernel/locking/lockdep.c:1863 [inline] check_prevs_add kernel/locking/lockdep.c:1976 [inline] validate_chain kernel/locking/lockdep.c:2417 [inline] __lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3431 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920 lock_sock_nested+0xc2/0x110 net/core/sock.c:2781 lock_sock include/net/sock.h:1463 [inline] tipc_release+0x103/0xff0 net/tipc/socket.c:572 sock_release+0x8d/0x1e0 net/socket.c:594 tipc_topsrv_stop+0x3c0/0x610 net/tipc/topsrv.c:696 tipc_exit_net+0x15/0x40 net/tipc/core.c:96 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:148 cleanup_net+0x6ba/0xd20 net/core/net_namespace.c:529 process_one_work+0xbbf/0x1af0 kernel/workqueue.c:2113 worker_thread+0x223/0x1990 kernel/workqueue.c:2247 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:429 netlink: 'syz-executor7': attribute type 1 has an invalid length. netlink: 'syz-executor7': attribute type 1 has an invalid length. kauditd_printk_skb: 8 callbacks suppressed audit: type=1400 audit(1519050671.506:38): avc: denied { bind } for pid=6439 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1519050671.539:39): avc: denied { setopt } for pid=6441 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 netlink: 'syz-executor6': attribute type 1 has an invalid length. netlink: 'syz-executor6': attribute type 1 has an invalid length. BUG: sleeping function called from invalid context at net/core/sock.c:2772 in_atomic(): 1, irqs_disabled(): 0, pid: 21, name: kworker/u4:1 INFO: lockdep is turned off. CPU: 1 PID: 21 Comm: kworker/u4:1 Tainted: G W 4.16.0-rc1+ #231 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6128 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 lock_sock_nested+0x37/0x110 net/core/sock.c:2772 lock_sock include/net/sock.h:1463 [inline] tipc_release+0x103/0xff0 net/tipc/socket.c:572 sock_release+0x8d/0x1e0 net/socket.c:594 tipc_topsrv_stop+0x3c0/0x610 net/tipc/topsrv.c:696 tipc_exit_net+0x15/0x40 net/tipc/core.c:96 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:148 cleanup_net+0x6ba/0xd20 net/core/net_namespace.c:529 process_one_work+0xbbf/0x1af0 kernel/workqueue.c:2113 worker_thread+0x223/0x1990 kernel/workqueue.c:2247 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:429 syz-executor7 (6577) used greatest stack depth: 14784 bytes left skbuff: bad partial csum: csum=65535/65535 len=14 xt_connbytes: Forcing CT accounting to be enabled netlink: 11 bytes leftover after parsing attributes in process `syz-executor4'. skbuff: bad partial csum: csum=65535/65535 len=14 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=24 sclass=netlink_audit_socket pig=6714 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=24 sclass=netlink_audit_socket pig=6728 comm=syz-executor3 netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1 sclass=netlink_route_socket pig=6790 comm=syz-executor4 netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1 sclass=netlink_route_socket pig=6790 comm=syz-executor4 syz-executor7 (6784) used greatest stack depth: 13840 bytes left netlink: 'syz-executor0': attribute type 1 has an invalid length. netlink: 'syz-executor0': attribute type 1 has an invalid length. audit: type=1400 audit(1519050673.174:40): avc: denied { getopt } for pid=6836 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1519050673.183:41): avc: denied { getopt } for pid=6838 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1519050673.230:42): avc: denied { accept } for pid=6836 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 mip6: mip6_rthdr_init_state: spi is not 0: 3926130688 Cannot find set identified by id 65535 to match mip6: mip6_rthdr_init_state: spi is not 0: 3926130688 Cannot find set identified by id 65535 to match BUG: sleeping function called from invalid context at mm/slab.h:420 in_atomic(): 1, irqs_disabled(): 0, pid: 6883, name: syz-executor7 INFO: lockdep is turned off. CPU: 1 PID: 6883 Comm: syz-executor7 Tainted: G W 4.16.0-rc1+ #231 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6128 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc+0x2a2/0x760 mm/slab.c:3539 rds_tcp_conn_alloc+0xa7/0x4e0 net/rds/tcp.c:293 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 rds_sendmsg+0xe63/0x2550 net/rds/send.c:1153 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xca/0x110 net/socket.c:639 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2047 __sys_sendmsg+0xe5/0x210 net/socket.c:2081 SYSC_sendmsg net/socket.c:2092 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2088 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453d69 RSP: 002b:00007faa8de33c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007faa8de346d4 RCX: 0000000000453d69 RDX: 0000000000000000 RSI: 00000000201c3000 RDI: 0000000000000013 RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004b5 R14: 00000000006f7198 R15: 0000000000000001 rdma_op 00000000905d2643 conn xmit_rdma (null) sctp: [Deprecated]: syz-executor1 (pid 6910) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead x_tables: ip6_tables: mh match: only valid for protocol 135 xt_addrtype: ipv6 BLACKHOLE matching not supported Dead loop on virtual device ip6_vti0, fix it urgently! xt_addrtype: ipv6 BLACKHOLE matching not supported x_tables: ip6_tables: mh match: only valid for protocol 135 audit: type=1400 audit(1519050674.072:43): avc: denied { getopt } for pid=6954 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 audit: type=1400 audit(1519050674.073:44): avc: denied { getattr } for pid=6954 comm="syz-executor7" path="socket:[17329]" dev="sockfs" ino=17329 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 xt_HL: invalid or unknown mode 3 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pig=6987 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pig=7009 comm=syz-executor4 audit: type=1400 audit(1519050674.424:45): avc: denied { read } for pid=7057 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 xt_CT: You must specify a L4 protocol, and not use inversions on it. xt_CT: You must specify a L4 protocol, and not use inversions on it. netlink: 'syz-executor7': attribute type 1 has an invalid length. netlink: 'syz-executor7': attribute type 1 has an invalid length. RDS: rds_bind could not find a transport for 224.0.0.1, load rds_tcp or rds_rdma? netlink: 'syz-executor7': attribute type 1 has an invalid length. netlink: 'syz-executor7': attribute type 1 has an invalid length. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=29751 sclass=netlink_route_socket pig=7184 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=29751 sclass=netlink_route_socket pig=7184 comm=syz-executor6 netlink: 28 bytes leftover after parsing attributes in process `syz-executor5'. xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables Cannot find add_set index 0 as target TCP: request_sock_TCP: Possible SYN flooding on port 20010. Sending cookies. Check SNMP counters. device bridge0 entered promiscuous mode device bridge0 left promiscuous mode device bridge0 entered promiscuous mode device bridge0 left promiscuous mode Cannot find set identified by id 0 to match Cannot find set identified by id 0 to match audit: type=1400 audit(1519050675.681:46): avc: denied { map } for pid=7508 comm="syz-executor6" path="socket:[19026]" dev="sockfs" ino=19026 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=tcp_socket permissive=1 ipt_CLUSTERIP: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead NFQUEUE: number of total queues is 0 Cannot find add_set index 0 as target Cannot find add_set index 0 as target bridge: RTM_NEWNEIGH with invalid state 0x0 bridge: RTM_NEWNEIGH with invalid state 0x0 IPv4: Oversized IP packet from 127.0.0.1 sctp: [Deprecated]: syz-executor6 (pid 7891) Use of int in maxseg socket option. Use struct sctp_assoc_value instead IPv4: Oversized IP packet from 127.0.0.1 sctp: [Deprecated]: syz-executor6 (pid 7891) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 'syz-executor5': attribute type 8 has an invalid length. netlink: 'syz-executor5': attribute type 8 has an invalid length. audit: type=1400 audit(1519050676.957:47): avc: denied { write } for pid=7930 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT audit: type=1400 audit(1519050677.237:48): avc: denied { net_broadcast } for pid=8067 comm="syz-executor2" capability=11 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 xt_connbytes: Forcing CT accounting to be enabled ipt_rpfilter: unknown options encountered Cannot find add_set index 0 as target ipt_rpfilter: unknown options encountered Cannot find add_set index 0 as target xt_SECMARK: target only valid in the 'mangle' or 'security' tables, not 'broute'. xt_SECMARK: target only valid in the 'mangle' or 'security' tables, not 'broute'. xt_connbytes: Forcing CT accounting to be enabled TCP: request_sock_TCPv6: Possible SYN flooding on port 20026. Sending cookies. Check SNMP counters. dccp_invalid_packet: pskb_may_pull failed TCP: request_sock_TCPv6: Possible SYN flooding on port 20006. Sending cookies. Check SNMP counters. xt_connbytes: Forcing CT accounting to be enabled ipt_rpfilter: unknown options encountered netlink: 'syz-executor3': attribute type 1 has an invalid length. netlink: 'syz-executor3': attribute type 1 has an invalid length. x_tables: ip_tables: SNAT target: used from hooks PREROUTING/POSTROUTING, but only usable from INPUT/POSTROUTING x_tables: ip_tables: SNAT target: used from hooks PREROUTING/POSTROUTING, but only usable from INPUT/POSTROUTING netlink: 'syz-executor7': attribute type 1 has an invalid length. dst_release: dst:00000000921200da refcnt:-1