============================= WARNING: suspicious RCU usage 4.15.0-rc9+ #213 Not tainted ----------------------------- ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 6 locks held by syz-executor1/5805: #0: (&mm->mmap_sem){++++}, at: [<00000000f545dae8>] __do_page_fault+0x32d/0xc90 arch/x86/mm/fault.c:1359 #1: ((&ndev->rs_timer)){+.-.}, at: [<00000000cf2c00bb>] lockdep_copy_map include/linux/lockdep.h:178 [inline] #1: ((&ndev->rs_timer)){+.-.}, at: [<00000000cf2c00bb>] call_timer_fn+0x1c6/0x820 kernel/time/timer.c:1308 #2: (rcu_read_lock){....}, at: [<00000000c2a90c42>] ip6_nd_hdr net/ipv6/ndisc.c:449 [inline] #2: (rcu_read_lock){....}, at: [<00000000c2a90c42>] ndisc_send_skb+0x826/0x1370 net/ipv6/ndisc.c:485 #3: (rcu_read_lock_bh){....}, at: [<0000000055a22961>] lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline] #3: (rcu_read_lock_bh){....}, at: [<0000000055a22961>] ip6_finish_output2+0x23d/0x23a0 net/ipv6/ip6_output.c:106 #4: (rcu_read_lock_bh){....}, at: [<00000000f3963b9d>] __dev_queue_xmit+0x2f6/0x2f30 net/core/dev.c:3476 #5: (rcu_read_lock){....}, at: [<00000000fdc92fd8>] dev_queue_xmit_nit+0x0/0xc40 arch/x86/include/asm/bitops.h:325 stack backtrace: CPU: 1 PID: 5805 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #213 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 rcu_preempt_sleep_check include/linux/rcupdate.h:301 [inline] ___might_sleep+0x385/0x470 kernel/sched/core.c:6025 clear_huge_page+0x37d/0x730 mm/memory.c:4586 __do_huge_pmd_anonymous_page mm/huge_memory.c:570 [inline] do_huge_pmd_anonymous_page+0x59c/0x1b00 mm/huge_memory.c:728 create_huge_pmd mm/memory.c:3834 [inline] __handle_mm_fault+0x1a0c/0x3ce0 mm/memory.c:4038 handle_mm_fault+0x334/0x8d0 mm/memory.c:4104 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1430 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1505 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1260 RIP: 0033:0x405a1b RSP: 002b:0000000000a2f460 EFLAGS: 00010246 RAX: 000000002039bf08 RBX: 000000000071bea0 RCX: 0000000000000001 RDX: 8645603b23a5adc3 RSI: 0000000000000000 RDI: 0000000000fc8848 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000a2f460 R11: 0000000000000206 R12: 0000000000000006 R13: fffffffffffffffe R14: 000000000071ca20 R15: ffffffffffffffff ================================ WARNING: inconsistent lock state 4.15.0-rc9+ #213 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. syz-executor0/5799 [HC0[0]:SC1[1]:HE1:SE0] takes: (&(&est->lock)->rlock){+.?.}, at: [<0000000061b4398b>] spin_lock include/linux/spinlock.h:310 [inline] (&(&est->lock)->rlock){+.?.}, at: [<0000000061b4398b>] est_fetch_counters+0x4f/0x150 net/core/gen_estimator.c:70 {SOFTIRQ-ON-W} state was registered at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:310 [inline] est_fetch_counters+0x4f/0x150 net/core/gen_estimator.c:70 gen_new_estimator+0x317/0x770 net/core/gen_estimator.c:162 xt_rateest_tg_checkentry+0x487/0xaa0 net/netfilter/xt_RATEEST.c:135 xt_check_target+0x22c/0x7d0 net/netfilter/x_tables.c:845 check_target net/ipv6/netfilter/ip6_tables.c:538 [inline] find_check_entry.isra.7+0x935/0xcf0 net/ipv6/netfilter/ip6_tables.c:580 translate_table+0xf52/0x1690 net/ipv6/netfilter/ip6_tables.c:749 do_replace net/ipv6/netfilter/ip6_tables.c:1165 [inline] do_ip6t_set_ctl+0x370/0x5f0 net/ipv6/netfilter/ip6_tables.c:1691 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115 ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:928 udpv6_setsockopt+0x45/0x80 net/ipv6/udp.c:1422 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 irq event stamp: 6582 hardirqs last enabled at (6582): [<0000000014bce0f0>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (6582): [<0000000014bce0f0>] _raw_spin_unlock_irq+0x27/0x70 kernel/locking/spinlock.c:192 hardirqs last disabled at (6581): [<000000001e66ac47>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline] hardirqs last disabled at (6581): [<000000001e66ac47>] _raw_spin_lock_irq+0x3c/0x80 kernel/locking/spinlock.c:160 softirqs last enabled at (6488): [<000000000d2dc08b>] __do_softirq+0x7a0/0xb85 kernel/softirq.c:311 softirqs last disabled at (6535): [<00000000d76e36b8>] invoke_softirq kernel/softirq.c:365 [inline] softirqs last disabled at (6535): [<00000000d76e36b8>] irq_exit+0x1cc/0x200 kernel/softirq.c:405 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(&est->lock)->rlock); lock(&(&est->lock)->rlock); *** DEADLOCK *** 1 lock held by syz-executor0/5799: #0: ((&est->timer)){+.-.}, at: [<00000000cf2c00bb>] lockdep_copy_map include/linux/lockdep.h:178 [inline] #0: ((&est->timer)){+.-.}, at: [<00000000cf2c00bb>] call_timer_fn+0x1c6/0x820 kernel/time/timer.c:1308 stack backtrace: CPU: 0 PID: 5799 Comm: syz-executor0 Not tainted 4.15.0-rc9+ #213 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_usage_bug+0x377/0x38c kernel/locking/lockdep.c:2537 valid_state kernel/locking/lockdep.c:2550 [inline] mark_lock_irq kernel/locking/lockdep.c:2744 [inline] mark_lock+0xf61/0x1430 kernel/locking/lockdep.c:3142 mark_irqflags kernel/locking/lockdep.c:3020 [inline] __lock_acquire+0x173a/0x3e00 kernel/locking/lockdep.c:3383 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:310 [inline] est_fetch_counters+0x4f/0x150 net/core/gen_estimator.c:70 est_timer+0x97/0x7c0 net/core/gen_estimator.c:85 call_timer_fn+0x228/0x820 kernel/time/timer.c:1318 expire_timers kernel/time/timer.c:1355 [inline] __run_timers+0x7ee/0xb70 kernel/time/timer.c:1658 run_timer_softirq+0x4c/0x70 kernel/time/timer.c:1684 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:541 [inline] smp_apic_timer_interrupt+0x16b/0x700 arch/x86/kernel/apic/apic.c:1052 apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:937 RIP: 0010:check_kcov_mode kernel/kcov.c:67 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x20/0x50 kernel/kcov.c:101 RSP: 0018:ffff8801be50ed20 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff11 RAX: ffff8801bc63c540 RBX: dffffc0000000000 RCX: ffffffff819b6faa RDX: 0000000000000000 RSI: ffff8801ae983c60 RDI: ffff8801be50f298 RBP: ffff8801be50ed20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffd273b3000 R13: 00007ffd273d4000 R14: 00007ffd273b3000 R15: 00007ffd273d4000 unmap_page_range+0x15a/0x22e0 mm/memory.c:1504 unmap_single_vma+0x15f/0x2d0 mm/memory.c:1554 unmap_vmas+0xf1/0x1b0 mm/memory.c:1584 exit_mmap+0x23a/0x500 mm/mmap.c:3020 __mmput kernel/fork.c:923 [inline] mmput+0x223/0x6d0 kernel/fork.c:944 exit_mm kernel/exit.c:544 [inline] do_exit+0x90a/0x1ad0 kernel/exit.c:852 do_group_exit+0x149/0x400 kernel/exit.c:968 get_signal+0x73f/0x16c0 kernel/signal.c:2335 do_signal+0x90/0x1eb0 arch/x86/kernel/signal.c:809 exit_to_usermode_loop+0x214/0x310 arch/x86/entry/common.c:158 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 ret_from_fork+0x15/0x50 arch/x86/entry/entry_64.S:534 RIP: 0033:0x455c29 RSP: 002b:00007fb07c28adb0 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 RAX: 0000000000000000 RBX: 00007fb07c28b700 RCX: 0000000000455c29 RDX: 00007fb07c28b9d0 RSI: 00007fb07c28adb0 RDI: 00000000003d0f00 RBP: 0000000000a2f3c0 R08: 00007fb07c28b700 R09: 00007fb07c28b700 R10: 00007fb07c28b9d0 R11: 0000000000000202 R12: 0000000000000000 R13: 0000000000a2f33f R14: 00007fb07c28b9c0 R15: 0000000000000006 Protocol error: SET target dimension is over the limit! Protocol error: SET target dimension is over the limit! SELinux: unrecognized netlink message: protocol=4 nlmsg_type=42 sclass=netlink_tcpdiag_socket pig=5852 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=42 sclass=netlink_tcpdiag_socket pig=5868 comm=syz-executor5 sctp: [Deprecated]: syz-executor7 (pid 5877) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor7 (pid 5877) Use of int in maxseg socket option. Use struct sctp_assoc_value instead kauditd_printk_skb: 8 callbacks suppressed audit: type=1400 audit(1517166293.827:30): avc: denied { accept } for pid=5923 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1517166293.898:31): avc: denied { map } for pid=5953 comm="syz-executor6" path="socket:[14303]" dev="sockfs" ino=14303 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=rawip_socket permissive=1 IPv4: Oversized IP packet from 127.0.0.1 IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: NLM_F_CREATE should be set when creating new route IPv6: NLM_F_CREATE should be set when creating new route IPv6: NLM_F_CREATE should be set when creating new route SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26437 sclass=netlink_route_socket pig=6240 comm=syz-executor1 IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26437 sclass=netlink_route_socket pig=6240 comm=syz-executor1 device syz1 entered promiscuous mode audit: type=1400 audit(1517166294.823:32): avc: denied { getopt } for pid=6303 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=socket permissive=1 audit: type=1400 audit(1517166294.823:33): avc: denied { setopt } for pid=6303 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=socket permissive=1 audit: type=1400 audit(1517166294.823:34): avc: denied { accept } for pid=6303 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=socket permissive=1 audit: type=1400 audit(1517166294.823:35): avc: denied { ioctl } for pid=6303 comm="syz-executor6" path="socket:[15065]" dev="sockfs" ino=15065 ioctlcmd=0x89e0 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=sock_file permissive=1 device syz1 left promiscuous mode ipt_REJECT: TCP_RESET invalid for non-tcp ipt_REJECT: TCP_RESET invalid for non-tcp audit: type=1400 audit(1517166295.372:36): avc: denied { setopt } for pid=6494 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. audit: type=1400 audit(1517166295.406:37): avc: denied { ioctl } for pid=6501 comm="syz-executor6" path="socket:[15206]" dev="sockfs" ino=15206 ioctlcmd=0x8933 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 Cannot find del_set index 0 as target Cannot find del_set index 0 as target can: request_module (can-proto-0) failed. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=93 sclass=netlink_route_socket pig=6558 comm=syz-executor5 sctp: [Deprecated]: syz-executor4 (pid 6559) Use of int in maxseg socket option. Use struct sctp_assoc_value instead SELinux: unrecognized netlink message: protocol=0 nlmsg_type=93 sclass=netlink_route_socket pig=6558 comm=syz-executor5 can: request_module (can-proto-0) failed. audit: type=1400 audit(1517166295.694:38): avc: denied { getopt } for pid=6600 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. audit: type=1400 audit(1517166296.113:39): avc: denied { net_broadcast } for pid=6737 comm="syz-executor3" capability=11 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 device syz0 entered promiscuous mode device syz0 left promiscuous mode sit: non-ECT from 0.0.0.0 with TOS=0x3 netlink: 'syz-executor4': attribute type 1 has an invalid length. sit: non-ECT from 0.0.0.0 with TOS=0x3 netlink: 'syz-executor4': attribute type 1 has an invalid length. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=24510 sclass=netlink_route_socket pig=6839 comm=syz-executor0 sctp: [Deprecated]: syz-executor1 (pid 6853) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor1 (pid 6853) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor1 (pid 6924) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor1 (pid 6924) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor1 (pid 6936) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor1 (pid 6936) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead xt_CT: You must specify a L4 protocol, and not use inversions on it. xt_CT: You must specify a L4 protocol, and not use inversions on it. SELinux: unrecognized netlink message: protocol=4 nlmsg_type=82 sclass=netlink_tcpdiag_socket pig=7007 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=82 sclass=netlink_tcpdiag_socket pig=7008 comm=syz-executor2 device syz6 entered promiscuous mode device syz6 left promiscuous mode device syz6 entered promiscuous mode netlink: 'syz-executor0': attribute type 17 has an invalid length. Dead loop on virtual device ip6_vti0, fix it urgently! netlink: 'syz-executor0': attribute type 17 has an invalid length. TCP: request_sock_TCPv6: Possible SYN flooding on port 20014. Sending cookies. Check SNMP counters. do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app bridge0: port 1(syz5) entered blocking state dccp_invalid_packet: P.Data Offset(4) too small sctp: [Deprecated]: syz-executor1 (pid 7176) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead dccp_close: ABORT with 254 bytes unread dccp_invalid_packet: P.Data Offset(4) too small sctp: [Deprecated]: syz-executor1 (pid 7195) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead bridge0: port 1(syz5) entered disabled state device syz5 entered promiscuous mode bridge0: port 1(syz5) entered blocking state bridge0: port 1(syz5) entered forwarding state IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready sctp: [Deprecated]: syz-executor0 (pid 7287) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor0 (pid 7304) Use of int in max_burst socket option. Use struct sctp_assoc_value instead netlink: 'syz-executor4': attribute type 1 has an invalid length. netlink: 'syz-executor4': attribute type 1 has an invalid length. sctp: [Deprecated]: syz-executor7 (pid 7346) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor7 (pid 7377) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor5 (pid 7418) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor5 (pid 7418) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'. Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! kauditd_printk_skb: 6 callbacks suppressed audit: type=1400 audit(1517166298.927:46): avc: denied { create } for pid=7748 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_iscsi_socket permissive=1 netlink: 'syz-executor2': attribute type 21 has an invalid length. netlink: 'syz-executor2': attribute type 5 has an invalid length. netlink: 'syz-executor2': attribute type 21 has an invalid length. netlink: 'syz-executor2': attribute type 5 has an invalid length. audit: type=1400 audit(1517166299.547:47): avc: denied { bind } for pid=7992 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1517166299.547:48): avc: denied { getattr } for pid=7984 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 ipt_CLUSTERIP: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead netlink: 208 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 208 bytes leftover after parsing attributes in process `syz-executor3'. mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium bridge0: received packet on syz5 with own address as source address (addr:aa:aa:aa:aa:05:aa, vlan:0) ieee80211 phy2: Selected rate control algorithm 'minstrel_ht' ieee80211 phy3: Selected rate control algorithm 'minstrel_ht' ieee80211 phy4: Selected rate control algorithm 'minstrel_ht' xt_CT: You must specify a L4 protocol, and not use inversions on it. xt_CT: You must specify a L4 protocol, and not use inversions on it. sctp: [Deprecated]: syz-executor0 (pid 8614) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor0 (pid 8614) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead net_ratelimit: 8 callbacks suppressed bridge0: received packet on syz5 with own address as source address (addr:aa:aa:aa:aa:05:aa, vlan:0) audit: type=1400 audit(1517166301.405:49): avc: denied { getopt } for pid=8705 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 ip6t_REJECT: TCP_RESET illegal for non-tcp ip6t_REJECT: TCP_RESET illegal for non-tcp FAULT_INJECTION: forcing a failure. name fail_page_alloc, interval 1, probability 0, space 0, times 1 CPU: 1 PID: 8897 Comm: syz-executor5 Not tainted 4.15.0-rc9+ #213 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 should_fail_alloc_page mm/page_alloc.c:2948 [inline] prepare_alloc_pages mm/page_alloc.c:4187 [inline] __alloc_pages_nodemask+0x338/0xd80 mm/page_alloc.c:4226 alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2036 alloc_pages include/linux/gfp.h:492 [inline] skb_page_frag_refill+0x358/0x5f0 net/core/sock.c:2211 tun_build_skb.isra.51+0x2f0/0x1810 drivers/net/tun.c:1630 tun_get_user+0x17d0/0x3940 drivers/net/tun.c:1800