FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
=============================
WARNING: suspicious RCU usage
CPU: 0 PID: 7766 Comm: syz-executor.1 Not tainted 4.14.134 #29
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack /lib/dump_stack.c:17 [inline]
 dump_stack+0x138/0x19c /lib/dump_stack.c:53
4.14.134 #29 Not tainted
 fail_dump /lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10f/0x159 /lib/fault-inject.c:149
 should_failslab+0xdb/0x130 /mm/failslab.c:32
 slab_pre_alloc_hook /mm/slab.h:421 [inline]
 slab_alloc /mm/slab.c:3376 [inline]
 kmem_cache_alloc+0x2d7/0x780 /mm/slab.c:3550
 getname_flags /fs/namei.c:138 [inline]
 getname_flags+0xcb/0x580 /fs/namei.c:128
 user_path_at_empty+0x2f/0x50 /fs/namei.c:2630
 user_path_dir /./include/linux/namei.h:72 [inline]
 SYSC_pivot_root /fs/namespace.c:3167 [inline]
 SyS_pivot_root+0x12f/0xea0 /fs/namespace.c:3156
-----------------------------
 do_syscall_64+0x1e8/0x640 /arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459829
RSP: 002b:00007f29ec1dec78 EFLAGS: 00000246 ORIG_RAX: 000000000000009b
RAX: ffffffffffffffda RBX: 00007f29ec1dec90 RCX: 0000000000459829
RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000020000080
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
net/tipc/bearer.c:177 suspicious rcu_dereference_protected() usage!
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f29ec1df6d4
R13: 00000000004c6568 R14: 00000000004db380 R15: 0000000000000003

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
2 locks held by syz-executor.3/7765:
 #0:  (cb_lock){++++}, at: [<ffffffff84f3b10a>] genl_rcv+0x1a/0x40 /net/netlink/genetlink.c:635
 #1:  (genl_mutex){+.+.}, at: [<ffffffff84f3be79>] genl_lock /net/netlink/genetlink.c:33 [inline]
 #1:  (genl_mutex){+.+.}, at: [<ffffffff84f3be79>] genl_rcv_msg+0x119/0x150 /net/netlink/genetlink.c:623

stack backtrace:
CPU: 1 PID: 7765 Comm: syz-executor.3 Not tainted 4.14.134 #29
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack /lib/dump_stack.c:17 [inline]
 dump_stack+0x138/0x19c /lib/dump_stack.c:53
 lockdep_rcu_suspicious+0x153/0x15d /kernel/locking/lockdep.c:4662
 tipc_bearer_find+0x20a/0x300 /net/tipc/bearer.c:177
 tipc_nl_compat_link_set+0x433/0xbf0 /net/tipc/netlink_compat.c:794
 __tipc_nl_compat_doit /net/tipc/netlink_compat.c:304 [inline]
 tipc_nl_compat_doit+0x16b/0x510 /net/tipc/netlink_compat.c:351
 tipc_nl_compat_handle /net/tipc/netlink_compat.c:1195 [inline]
 tipc_nl_compat_recv+0x9b8/0xaf0 /net/tipc/netlink_compat.c:1277
 genl_family_rcv_msg+0x614/0xc30 /net/netlink/genetlink.c:600
 genl_rcv_msg+0xb4/0x150 /net/netlink/genetlink.c:625
 netlink_rcv_skb+0x14f/0x3c0 /net/netlink/af_netlink.c:2432
 genl_rcv+0x29/0x40 /net/netlink/genetlink.c:636
 netlink_unicast_kernel /net/netlink/af_netlink.c:1286 [inline]
 netlink_unicast+0x45d/0x780 /net/netlink/af_netlink.c:1312
 netlink_sendmsg+0x7c4/0xc60 /net/netlink/af_netlink.c:1877
 sock_sendmsg_nosec /net/socket.c:646 [inline]
 sock_sendmsg+0xce/0x110 /net/socket.c:656
 ___sys_sendmsg+0x70a/0x840 /net/socket.c:2062
 __sys_sendmsg+0xb9/0x140 /net/socket.c:2096
 SYSC_sendmsg /net/socket.c:2107 [inline]
 SyS_sendmsg+0x2d/0x50 /net/socket.c:2103
 do_syscall_64+0x1e8/0x640 /arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459829
RSP: 002b:00007f1d29352c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1d293536d4
R13: 00000000004c72d2 R14: 00000000004dc760 R15: 00000000ffffffff
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 1
CPU: 1 PID: 7782 Comm: syz-executor.1 Not tainted 4.14.134 #29
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack /lib/dump_stack.c:17 [inline]
 dump_stack+0x138/0x19c /lib/dump_stack.c:53
 fail_dump /lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10f/0x159 /lib/fault-inject.c:149
 should_fail_alloc_page /mm/page_alloc.c:2891 [inline]
 prepare_alloc_pages /mm/page_alloc.c:4124 [inline]
 __alloc_pages_nodemask+0x1d6/0x7a0 /mm/page_alloc.c:4172
 __alloc_pages /./include/linux/gfp.h:461 [inline]
 __alloc_pages_node /./include/linux/gfp.h:474 [inline]
 kmem_getpages /mm/slab.c:1419 [inline]
 cache_grow_begin+0x80/0x400 /mm/slab.c:2676
 cache_alloc_refill /mm/slab.c:3043 [inline]
 ____cache_alloc /mm/slab.c:3125 [inline]
 ____cache_alloc /mm/slab.c:3108 [inline]
 __do_cache_alloc /mm/slab.c:3347 [inline]
 slab_alloc /mm/slab.c:3382 [inline]
 kmem_cache_alloc+0x6a6/0x780 /mm/slab.c:3550
 getname_flags /fs/namei.c:138 [inline]
 getname_flags+0xcb/0x580 /fs/namei.c:128
 user_path_at_empty+0x2f/0x50 /fs/namei.c:2630
 user_path_dir /./include/linux/namei.h:72 [inline]
 SYSC_pivot_root /fs/namespace.c:3167 [inline]
 SyS_pivot_root+0x12f/0xea0 /fs/namespace.c:3156
 do_syscall_64+0x1e8/0x640 /arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459829
RSP: 002b:00007f29ec1dec78 EFLAGS: 00000246 ORIG_RAX: 000000000000009b
RAX: ffffffffffffffda RBX: 00007f29ec1dec90 RCX: 0000000000459829
RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000020000080
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f29ec1df6d4
R13: 00000000004c6568 R14: 00000000004db380 R15: 0000000000000003
overlayfs: fs on 'file0' does not support file handles, falling back to index=off.
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 7830 Comm: syz-executor.1 Not tainted 4.14.134 #29
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack /lib/dump_stack.c:17 [inline]
 dump_stack+0x138/0x19c /lib/dump_stack.c:53
 fail_dump /lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10f/0x159 /lib/fault-inject.c:149
 should_failslab+0xdb/0x130 /mm/failslab.c:32
 slab_pre_alloc_hook /mm/slab.h:421 [inline]
 slab_alloc /mm/slab.c:3376 [inline]
 kmem_cache_alloc+0x2d7/0x780 /mm/slab.c:3550
 getname_flags /fs/namei.c:138 [inline]
 getname_flags+0xcb/0x580 /fs/namei.c:128
 user_path_at_empty+0x2f/0x50 /fs/namei.c:2630
 user_path_dir /./include/linux/namei.h:72 [inline]
 SYSC_pivot_root /fs/namespace.c:3171 [inline]
 SyS_pivot_root+0x19d/0xea0 /fs/namespace.c:3156
 do_syscall_64+0x1e8/0x640 /arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459829
RSP: 002b:00007f29ec1dec78 EFLAGS: 00000246 ORIG_RAX: 000000000000009b
RAX: ffffffffffffffda RBX: 00007f29ec1dec90 RCX: 0000000000459829
RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000020000080
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f29ec1df6d4
R13: 00000000004c6568 R14: 00000000004db380 R15: 0000000000000003
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 7842 Comm: syz-executor.1 Not tainted 4.14.134 #29
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack /lib/dump_stack.c:17 [inline]
 dump_stack+0x138/0x19c /lib/dump_stack.c:53
 fail_dump /lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10f/0x159 /lib/fault-inject.c:149
 should_fail_alloc_page /mm/page_alloc.c:2891 [inline]
 prepare_alloc_pages /mm/page_alloc.c:4124 [inline]
 __alloc_pages_nodemask+0x1d6/0x7a0 /mm/page_alloc.c:4172
 __alloc_pages /./include/linux/gfp.h:461 [inline]
 __alloc_pages_node /./include/linux/gfp.h:474 [inline]
 kmem_getpages /mm/slab.c:1419 [inline]
 cache_grow_begin+0x80/0x400 /mm/slab.c:2676
Unknown ioctl -1067952547
 cache_alloc_refill /mm/slab.c:3043 [inline]
 ____cache_alloc /mm/slab.c:3125 [inline]
 ____cache_alloc /mm/slab.c:3108 [inline]
 __do_cache_alloc /mm/slab.c:3347 [inline]
 slab_alloc /mm/slab.c:3382 [inline]
 kmem_cache_alloc+0x6a6/0x780 /mm/slab.c:3550
 getname_flags /fs/namei.c:138 [inline]
 getname_flags+0xcb/0x580 /fs/namei.c:128
 user_path_at_empty+0x2f/0x50 /fs/namei.c:2630
 user_path_dir /./include/linux/namei.h:72 [inline]
 SYSC_pivot_root /fs/namespace.c:3171 [inline]
 SyS_pivot_root+0x19d/0xea0 /fs/namespace.c:3156
 do_syscall_64+0x1e8/0x640 /arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459829
RSP: 002b:00007f29ec1dec78 EFLAGS: 00000246 ORIG_RAX: 000000000000009b
RAX: ffffffffffffffda RBX: 00007f29ec1dec90 RCX: 0000000000459829
RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000020000080
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f29ec1df6d4
R13: 00000000004c6568 R14: 00000000004db380 R15: 0000000000000003
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 7874 Comm: syz-executor.1 Not tainted 4.14.134 #29
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack /lib/dump_stack.c:17 [inline]
 dump_stack+0x138/0x19c /lib/dump_stack.c:53
 fail_dump /lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10f/0x159 /lib/fault-inject.c:149
 should_failslab+0xdb/0x130 /mm/failslab.c:32
 slab_pre_alloc_hook /mm/slab.h:421 [inline]
 slab_alloc /mm/slab.c:3376 [inline]
 kmem_cache_alloc_trace+0x2e9/0x790 /mm/slab.c:3616
 kmalloc /./include/linux/slab.h:488 [inline]
 get_mountpoint+0xd4/0x330 /fs/namespace.c:808
 lock_mount+0xe0/0x2c0 /fs/namespace.c:2127
 SYSC_pivot_root /fs/namespace.c:3180 [inline]
 SyS_pivot_root+0x274/0xea0 /fs/namespace.c:3156
 do_syscall_64+0x1e8/0x640 /arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459829
RSP: 002b:00007f29ec1dec78 EFLAGS: 00000246 ORIG_RAX: 000000000000009b
RAX: ffffffffffffffda RBX: 00007f29ec1dec90 RCX: 0000000000459829
RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000020000080
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f29ec1df6d4
R13: 00000000004c6568 R14: 00000000004db380 R15: 0000000000000003
mmap: syz-executor.3 (7881) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
pit: kvm: requested 2514 ns i8254 timer period limited to 500000 ns
netlink: 21 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 21 bytes leftover after parsing attributes in process `syz-executor.4'.
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
JFS: discard option not supported on device
jfs: Unrecognized mount option "fowner>00000000000000000000" or missing value
*** Guest State ***
CR0: actual=0xffffffff9ffffffa, shadow=0xfffffffffffffffa, gh_mask=fffffffffffffff7
CR4: actual=0x00000000000120e0, shadow=0x00000000000100a0, gh_mask=ffffffffffffe871
CR3 = 0x0000000000000000
PDPTR0 = 0x0000007b00000004  PDPTR1 = 0x0000000000000000
PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000400
RSP = 0x000000000000fffc  RIP = 0x0000000000000247
RFLAGS=0x00010006         DR7 = 0x0000000000000400
Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
ES:   sel=0x0000, attr=0x0808b, limit=0x00000000, base=0x0000000000000000
FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
GDTR:                           limit=0x00000000, base=0x0000000000000000
LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
IDTR:                           limit=0x00000000, base=0x0000000000000000
TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
EFER =     0x0000000000000000  PAT = 0x0007040600070406
DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
Interruptibility = 00000000  ActivityState = 00000000
*** Host State ***
RIP = 0xffffffff81173b7f  RSP = 0xffff88804fb0f998
CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
FSBase=00007f1d29353700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000
GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
CR0=0000000080050033 CR3=000000009c167000 CR4=00000000001426f0
Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018f0
EFER = 0x0000000000000d01  PAT = 0x0407050600070106
*** Control State ***
PinBased=0000003f CPUBased=b6986dfa SecondaryExec=000000e2
EntryControls=0000d1ff ExitControls=002fefff
ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
VMEntry: intr_info=8000030e errcode=00000000 ilen=00000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000001
        reason=80000021 qualification=0000000000000000
IDTVectoring: info=00000000 errcode=00000000
TSC Offset = 0xffffff9ab3349507
EPT pointer = 0x000000008fb9e01e
Virtual processor ID = 0x0001
SELinux:  unknown mount option
(unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
SELinux:  unknown mount option
hfsplus: unable to parse mount options
hfsplus: unable to parse mount options
9pnet_virtio: no channels available for device /dev/ptmx
audit: type=1400 audit(1563904226.009:47): avc:  denied  { create } for  pid=8090 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
bond0: Releasing backup interface bond_slave_1
audit: type=1400 audit(1563904226.129:48): avc:  denied  { ioctl } for  pid=8090 comm="syz-executor.4" path="socket:[29867]" dev="sockfs" ino=29867 ioctlcmd=0x8991 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
bond0: Enslaving bond_slave_1 as an active interface with an up link
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pig=8119 comm=syz-executor.1
9pnet_virtio: no channels available for device /dev/ptmx
overlayfs: filesystem on './file0' not supported as upperdir
audit: type=1400 audit(1563904228.119:49): avc:  denied  { name_bind } for  pid=8197 comm="syz-executor.2" src=20003 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1
Unknown ioctl -1073191904
audit: type=1400 audit(1563904228.129:50): avc:  denied  { node_bind } for  pid=8197 comm="syz-executor.2" src=20003 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1
Unknown ioctl -1069521879
FAT-fs (loop5): bogus number of reserved sectors
FAT-fs (loop5): Can't find a valid FAT filesystem
Unknown ioctl -1071622585
Unknown ioctl -1064282524
audit: type=1400 audit(1563904228.229:51): avc:  denied  { name_connect } for  pid=8197 comm="syz-executor.2" dest=20003 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1
Unknown ioctl -1073191904
Unknown ioctl -1069521879
FAT-fs (loop5): bogus number of reserved sectors
Unknown ioctl -1071622585
FAT-fs (loop5): Can't find a valid FAT filesystem
Unknown ioctl -1064282524
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state