netlink: 40 bytes leftover after parsing attributes in process `syz-executor3'. ============================= WARNING: suspicious RCU usage 4.15.0-rc6+ #251 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1702 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 4 locks held by syz-executor7/604: #0: (rtnl_mutex){+.+.}, at: [<00000000d824cd3f>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72 #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<0000000034caea4c>] spin_trylock_bh include/linux/spinlock.h:370 [inline] #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<0000000034caea4c>] fib6_run_gc+0x2b7/0x3c0 net/ipv6/ip6_fib.c:2008 #2: (rcu_read_lock){....}, at: [<0000000022f78e6d>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1560 #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000ed0bbd85>] spin_lock_bh include/linux/spinlock.h:315 [inline] #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000ed0bbd85>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1948 stack backtrace: CPU: 0 PID: 604 Comm: syz-executor7 Not tainted 4.15.0-rc6+ #251 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 fib6_del+0xcb9/0x11b0 net/ipv6/ip6_fib.c:1701 fib6_clean_node+0x3b0/0x4f0 net/ipv6/ip6_fib.c:1892 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1815 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1863 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1933 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1949 fib6_clean_all net/ipv6/ip6_fib.c:1960 [inline] fib6_run_gc+0x16b/0x3c0 net/ipv6/ip6_fib.c:2016 ndisc_netdev_event+0x3c2/0x4a0 net/ipv6/ndisc.c:1776 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x32/0x60 net/core/dev.c:1679 call_netdevice_notifiers net/core/dev.c:1697 [inline] dev_close_many+0x3fb/0x850 net/core/dev.c:1492 rollback_registered_many+0x4d5/0xdf0 net/core/dev.c:7221 rollback_registered+0x1be/0x3c0 net/core/dev.c:7285 unregister_netdevice_queue+0x2e3/0x5d0 net/core/dev.c:8273 unregister_netdevice include/linux/netdevice.h:2462 [inline] __tun_detach+0x1177/0x1550 drivers/net/tun.c:658 tun_detach drivers/net/tun.c:669 [inline] tun_chr_close+0x44/0x60 drivers/net/tun.c:2861 __fput+0x327/0x7e0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x199/0x270 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x9bb/0x1ad0 kernel/exit.c:865 do_group_exit+0x149/0x400 kernel/exit.c:968 get_signal+0x73f/0x16c0 kernel/signal.c:2335 do_signal+0x90/0x1eb0 arch/x86/kernel/signal.c:809 exit_to_usermode_loop+0x214/0x310 arch/x86/entry/common.c:158 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x98/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f7fa2980ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 000000000071bec8 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000071bec8 RBP: 000000000071bec8 R08: 000000000000054a R09: 000000000071bea0 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000a2f7ef R14: 00007f7fa29819c0 R15: 0000000000000000 ============================= WARNING: suspicious RCU usage 4.15.0-rc6+ #251 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1729 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 4 locks held by syz-executor7/604: #0: (rtnl_mutex){+.+.}, at: [<00000000d824cd3f>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72 #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<0000000034caea4c>] spin_trylock_bh include/linux/spinlock.h:370 [inline] #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<0000000034caea4c>] fib6_run_gc+0x2b7/0x3c0 net/ipv6/ip6_fib.c:2008 #2: (rcu_read_lock){....}, at: [<0000000022f78e6d>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1560 #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000ed0bbd85>] spin_lock_bh include/linux/spinlock.h:315 [inline] #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000ed0bbd85>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1948 stack backtrace: CPU: 0 PID: 604 Comm: syz-executor7 Not tainted 4.15.0-rc6+ #251 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 fib6_del+0x42b/0x11b0 net/ipv6/ip6_fib.c:1728 fib6_clean_node+0x3b0/0x4f0 net/ipv6/ip6_fib.c:1892 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1815 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1863 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1933 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1949 fib6_clean_all net/ipv6/ip6_fib.c:1960 [inline] fib6_run_gc+0x16b/0x3c0 net/ipv6/ip6_fib.c:2016 ndisc_netdev_event+0x3c2/0x4a0 net/ipv6/ndisc.c:1776 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x32/0x60 net/core/dev.c:1679 call_netdevice_notifiers net/core/dev.c:1697 [inline] dev_close_many+0x3fb/0x850 net/core/dev.c:1492 rollback_registered_many+0x4d5/0xdf0 net/core/dev.c:7221 rollback_registered+0x1be/0x3c0 net/core/dev.c:7285 unregister_netdevice_queue+0x2e3/0x5d0 net/core/dev.c:8273 unregister_netdevice include/linux/netdevice.h:2462 [inline] __tun_detach+0x1177/0x1550 drivers/net/tun.c:658 tun_detach drivers/net/tun.c:669 [inline] tun_chr_close+0x44/0x60 drivers/net/tun.c:2861 __fput+0x327/0x7e0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x199/0x270 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x9bb/0x1ad0 kernel/exit.c:865 do_group_exit+0x149/0x400 kernel/exit.c:968 get_signal+0x73f/0x16c0 kernel/signal.c:2335 do_signal+0x90/0x1eb0 arch/x86/kernel/signal.c:809 exit_to_usermode_loop+0x214/0x310 arch/x86/entry/common.c:158 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x98/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f7fa2980ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 000000000071bec8 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000071bec8 RBP: 000000000071bec8 R08: 000000000000054a R09: 000000000071bea0 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000a2f7ef R14: 00007f7fa29819c0 R15: 0000000000000000 ============================= WARNING: suspicious RCU usage 4.15.0-rc6+ #251 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1639 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 4 locks held by syz-executor7/604: #0: (rtnl_mutex){+.+.}, at: [<00000000d824cd3f>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72 #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<0000000034caea4c>] spin_trylock_bh include/linux/spinlock.h:370 [inline] #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<0000000034caea4c>] fib6_run_gc+0x2b7/0x3c0 net/ipv6/ip6_fib.c:2008 #2: (rcu_read_lock){....}, at: [<0000000022f78e6d>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1560 #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000ed0bbd85>] spin_lock_bh include/linux/spinlock.h:315 [inline] #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000ed0bbd85>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1948 stack backtrace: CPU: 0 PID: 604 Comm: syz-executor7 Not tainted 4.15.0-rc6+ #251 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 fib6_del_route net/ipv6/ip6_fib.c:1638 [inline] fib6_del+0xd27/0x11b0 net/ipv6/ip6_fib.c:1731 fib6_clean_node+0x3b0/0x4f0 net/ipv6/ip6_fib.c:1892 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1815 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1863 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1933 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1949 fib6_clean_all net/ipv6/ip6_fib.c:1960 [inline] fib6_run_gc+0x16b/0x3c0 net/ipv6/ip6_fib.c:2016 ndisc_netdev_event+0x3c2/0x4a0 net/ipv6/ndisc.c:1776 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x32/0x60 net/core/dev.c:1679 call_netdevice_notifiers net/core/dev.c:1697 [inline] dev_close_many+0x3fb/0x850 net/core/dev.c:1492 rollback_registered_many+0x4d5/0xdf0 net/core/dev.c:7221 rollback_registered+0x1be/0x3c0 net/core/dev.c:7285 unregister_netdevice_queue+0x2e3/0x5d0 net/core/dev.c:8273 unregister_netdevice include/linux/netdevice.h:2462 [inline] __tun_detach+0x1177/0x1550 drivers/net/tun.c:658 tun_detach drivers/net/tun.c:669 [inline] tun_chr_close+0x44/0x60 drivers/net/tun.c:2861 __fput+0x327/0x7e0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x199/0x270 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x9bb/0x1ad0 kernel/exit.c:865 do_group_exit+0x149/0x400 kernel/exit.c:968 get_signal+0x73f/0x16c0 kernel/signal.c:2335 do_signal+0x90/0x1eb0 arch/x86/kernel/signal.c:809 exit_to_usermode_loop+0x214/0x310 arch/x86/entry/common.c:158 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x98/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f7fa2980ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 000000000071bec8 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000071bec8 RBP: 000000000071bec8 R08: 000000000000054a R09: 000000000071bea0 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000a2f7ef R14: 00007f7fa29819c0 R15: 0000000000000000 ============================= WARNING: suspicious RCU usage 4.15.0-rc6+ #251 Not tainted ----------------------------- net/ipv6/ip6_fib.c:1676 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 5 locks held by syz-executor7/604: #0: (rtnl_mutex){+.+.}, at: [<00000000d824cd3f>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72 #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<0000000034caea4c>] spin_trylock_bh include/linux/spinlock.h:370 [inline] #1: (&(&net->ipv6.fib6_gc_lock)->rlock){+.-.}, at: [<0000000034caea4c>] fib6_run_gc+0x2b7/0x3c0 net/ipv6/ip6_fib.c:2008 #2: (rcu_read_lock){....}, at: [<0000000022f78e6d>] __fib6_clean_all+0x0/0x3a0 net/ipv6/ip6_fib.c:1560 #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000ed0bbd85>] spin_lock_bh include/linux/spinlock.h:315 [inline] #3: (&(&tb->tb6_lock)->rlock){+.-.}, at: [<00000000ed0bbd85>] __fib6_clean_all+0x1d0/0x3a0 net/ipv6/ip6_fib.c:1948 #4: (&net->ipv6.fib6_walker_lock){++-.}, at: [<0000000066564822>] fib6_del_route net/ipv6/ip6_fib.c:1671 [inline] #4: (&net->ipv6.fib6_walker_lock){++-.}, at: [<0000000066564822>] fib6_del+0x941/0x11b0 net/ipv6/ip6_fib.c:1731 stack backtrace: CPU: 0 PID: 604 Comm: syz-executor7 Not tainted 4.15.0-rc6+ #251 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 fib6_del_route net/ipv6/ip6_fib.c:1675 [inline] fib6_del+0xec2/0x11b0 net/ipv6/ip6_fib.c:1731 fib6_clean_node+0x3b0/0x4f0 net/ipv6/ip6_fib.c:1892 fib6_walk_continue+0x46c/0x8a0 net/ipv6/ip6_fib.c:1815 fib6_walk+0x91/0xf0 net/ipv6/ip6_fib.c:1863 fib6_clean_tree+0x1e6/0x340 net/ipv6/ip6_fib.c:1933 __fib6_clean_all+0x1f4/0x3a0 net/ipv6/ip6_fib.c:1949 fib6_clean_all net/ipv6/ip6_fib.c:1960 [inline] fib6_run_gc+0x16b/0x3c0 net/ipv6/ip6_fib.c:2016 ndisc_netdev_event+0x3c2/0x4a0 net/ipv6/ndisc.c:1776 notifier_call_chain+0x136/0x2c0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x32/0x60 net/core/dev.c:1679 call_netdevice_notifiers net/core/dev.c:1697 [inline] dev_close_many+0x3fb/0x850 net/core/dev.c:1492 rollback_registered_many+0x4d5/0xdf0 net/core/dev.c:7221 rollback_registered+0x1be/0x3c0 net/core/dev.c:7285 unregister_netdevice_queue+0x2e3/0x5d0 net/core/dev.c:8273 unregister_netdevice include/linux/netdevice.h:2462 [inline] __tun_detach+0x1177/0x1550 drivers/net/tun.c:658 tun_detach drivers/net/tun.c:669 [inline] tun_chr_close+0x44/0x60 drivers/net/tun.c:2861 __fput+0x327/0x7e0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x199/0x270 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x9bb/0x1ad0 kernel/exit.c:865 do_group_exit+0x149/0x400 kernel/exit.c:968 get_signal+0x73f/0x16c0 kernel/signal.c:2335 do_signal+0x90/0x1eb0 arch/x86/kernel/signal.c:809 exit_to_usermode_loop+0x214/0x310 arch/x86/entry/common.c:158 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x98/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f7fa2980ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 000000000071bec8 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000071bec8 RBP: 000000000071bec8 R08: 000000000000054a R09: 000000000071bea0 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000a2f7ef R14: 00007f7fa29819c0 R15: 0000000000000000 audit: type=1326 audit(1515384274.350:3140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=633 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1515384274.377:3141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=634 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x0 PPPIOCDETACH file->f_count=2 audit: type=1326 audit(1515384274.378:3142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=633 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=311 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1515384274.378:3143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=633 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1515384274.379:3144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=633 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1515384274.390:3145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=633 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=16 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1515384274.390:3146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=633 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1515384274.391:3147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=633 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1515384274.391:3148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=633 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452ac9 code=0x7ffc0000 audit: type=1326 audit(1515384274.391:3149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=633 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ac9 code=0x7ffc0000 binder: 738:753 ERROR: BC_REGISTER_LOOPER called without request binder: 738:753 unknown command 0 binder: 738:753 ioctl c0306201 20007000 returned -22 binder: 738:762 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: BINDER_SET_CONTEXT_MGR already set binder: 738:762 ioctl 40046207 0 returned -16 binder: 738:769 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 738: binder_alloc_buf, no vma binder: 738:762 transaction failed 29189/-3, size 0-0 line 2903 binder_alloc: 738: binder_alloc_buf, no vma binder: 738:769 transaction failed 29189/-3, size 24-0 line 2903 device eql entered promiscuous mode binder: undelivered TRANSACTION_ERROR: 29189 binder: release 738:753 transaction 221 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 738:762 transaction 222 out, still active binder: send failed reply for transaction 221, target dead binder: send failed reply for transaction 222, target dead QAT: Invalid ioctl QAT: Invalid ioctl kvm: apic: phys broadcast and lowest prio QAT: Invalid ioctl QAT: Invalid ioctl SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=1263 comm=syz-executor7 sg_write: data in/out 393180/24 bytes for SCSI command 0x0-- guessing data in; program syz-executor4 not setting count and/or reply_len properly sg_write: data in/out 393180/24 bytes for SCSI command 0x0-- guessing data in; program syz-executor4 not setting count and/or reply_len properly FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 1406 Comm: syz-executor6 Not tainted 4.15.0-rc6+ #251 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 dst_alloc+0x11f/0x1a0 net/core/dst.c:107 rt_dst_alloc+0xe9/0x540 net/ipv4/route.c:1500 __mkroute_output net/ipv4/route.c:2242 [inline] ip_route_output_key_hash_rcu+0xa40/0x2c40 net/ipv4/route.c:2470 ip_route_output_key_hash+0x20b/0x370 net/ipv4/route.c:2299 __ip_route_output_key include/net/route.h:125 [inline] ip_route_output_flow+0x26/0xa0 net/ipv4/route.c:2553 raw_sendmsg+0xbf5/0x38e0 net/ipv4/raw.c:638 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:763 sock_sendmsg_nosec net/socket.c:636 [inline] sock_sendmsg+0xca/0x110 net/socket.c:646 SYSC_sendto+0x361/0x5c0 net/socket.c:1727 SyS_sendto+0x40/0x50 net/socket.c:1695 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fbeb2f63c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007fbeb2f63aa0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000020fda000 RDI: 0000000000000013 RBP: 00007fbeb2f63a90 R08: 000000002078a000 R09: 0000000000000010 R10: fffffffffffffffc R11: 0000000000000212 R12: 00000000004b767a R13: 00007fbeb2f63bc8 R14: 00000000004b767a R15: 0000000000000000 syz-executor7 (1421): attempted to duplicate a private mapping with mremap. This is not supported. binder: 1434 RLIMIT_NICE not set binder: BINDER_SET_CONTEXT_MGR already set binder: 1424:1436 ioctl 40046207 0 returned -16 binder: 1435 RLIMIT_NICE not set binder_alloc: 1424: binder_alloc_buf, no vma binder: 1424:1437 transaction failed 29189/-3, size 0-0 line 2903 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_COMPLETE device syz3 entered promiscuous mode device eql entered promiscuous mode binder: 1847:1856 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 1847:1863 ioctl 40046207 0 returned -16 binder_alloc: 1847: binder_alloc_buf, no vma binder: 1847:1863 ERROR: BC_REGISTER_LOOPER called without request binder: 1863 RLIMIT_NICE not set binder: 1847:1856 transaction failed 29189/-3, size 0-0 line 2903 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered transaction 229, process died. QAT: Invalid ioctl QAT: Invalid ioctl kauditd_printk_skb: 188 callbacks suppressed audit: type=1400 audit(1515384279.945:3338): avc: denied { getattr } for pid=1919 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 binder_alloc: binder_alloc_mmap_handler: 2029 203c6000-203c7000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 2029 203c6000-203c7000 already mapped failed -16 encrypted_key: master key parameter 'SIk!R:;uQVt``T6[qŹG+LmN%DmcSa%lb>g)4|mm2' is invalid binder: 2102:2126 got reply transaction with bad transaction stack, transaction 232 has target 2102:0 binder: 2102:2126 transaction failed 29201/-71, size 32-8 line 2718 encrypted_key: master key parameter 'SIk!R:;uQVt``T6[qŹG+LmN%DmcSa%lb>g)4|mm2' is invalid binder: 2102:2126 DecRefs 0 refcount change on invalid ref 1 ret -22 binder: 2102:2126 BC_INCREFS_DONE node 231 has no pending increfs request binder: release 2102:2126 transaction 232 out, still active binder: send failed reply for transaction 232, target dead binder_alloc: 2102: binder_alloc_buf, no vma binder: 2102:2126 transaction failed 29189/-3, size 0-0 line 2903 binder: 2102:2112 got reply transaction with no transaction stack binder: 2102:2112 transaction failed 29201/-71, size 32-8 line 2703 binder: 2102:2112 DecRefs 0 refcount change on invalid ref 1 ret -22 binder: 2102:2112 BC_INCREFS_DONE u0000000000000000 no match binder: undelivered TRANSACTION_ERROR: 29189