====================================================== WARNING: possible circular locking dependency detected 4.16.0-rc5+ #351 Not tainted ------------------------------------------------------ syz-executor4/26591 is trying to acquire lock: (&sb->s_type->i_mutex_key#11){++++}, at: [<000000005d1eeb4f>] inode_lock include/linux/fs.h:713 [inline] (&sb->s_type->i_mutex_key#11){++++}, at: [<000000005d1eeb4f>] shmem_file_llseek+0xef/0x240 mm/shmem.c:2579 but task is already holding lock: (ashmem_mutex){+.+.}, at: [<0000000050bd87fa>] ashmem_llseek+0x56/0x1f0 drivers/staging/android/ashmem.c:326 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (ashmem_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 ashmem_mmap+0x53/0x410 drivers/staging/android/ashmem.c:362 call_mmap include/linux/fs.h:1786 [inline] mmap_region+0xa99/0x15a0 mm/mmap.c:1705 do_mmap+0x6c0/0xe00 mm/mmap.c:1483 do_mmap_pgoff include/linux/mm.h:2223 [inline] vm_mmap_pgoff+0x1de/0x280 mm/util.c:355 SYSC_mmap_pgoff mm/mmap.c:1533 [inline] SyS_mmap_pgoff+0x462/0x5f0 mm/mmap.c:1491 SYSC_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:91 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 -> #1 (&mm->mmap_sem){++++}: __might_fault+0x13a/0x1d0 mm/memory.c:4571 _copy_to_user+0x2c/0xc0 lib/usercopy.c:25 copy_to_user include/linux/uaccess.h:155 [inline] filldir+0x1a7/0x320 fs/readdir.c:196 dir_emit_dot include/linux/fs.h:3370 [inline] dir_emit_dots include/linux/fs.h:3381 [inline] dcache_readdir+0x12d/0x5e0 fs/libfs.c:192 iterate_dir+0x1ca/0x530 fs/readdir.c:51 SYSC_getdents fs/readdir.c:231 [inline] SyS_getdents+0x225/0x450 fs/readdir.c:212 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 -> #0 (&sb->s_type->i_mutex_key#11){++++}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920 down_write+0x87/0x120 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:713 [inline] shmem_file_llseek+0xef/0x240 mm/shmem.c:2579 vfs_llseek+0xa2/0xd0 fs/read_write.c:300 ashmem_llseek+0xe7/0x1f0 drivers/staging/android/ashmem.c:338 vfs_llseek fs/read_write.c:300 [inline] SYSC_lseek fs/read_write.c:313 [inline] SyS_lseek+0xeb/0x170 fs/read_write.c:304 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 other info that might help us debug this: Chain exists of: &sb->s_type->i_mutex_key#11 --> &mm->mmap_sem --> ashmem_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(ashmem_mutex); lock(&mm->mmap_sem); lock(ashmem_mutex); lock(&sb->s_type->i_mutex_key#11); *** DEADLOCK *** 1 lock held by syz-executor4/26591: #0: (ashmem_mutex){+.+.}, at: [<0000000050bd87fa>] ashmem_llseek+0x56/0x1f0 drivers/staging/android/ashmem.c:326 stack backtrace: CPU: 0 PID: 26591 Comm: syz-executor4 Not tainted 4.16.0-rc5+ #351 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 print_circular_bug.isra.38+0x2cd/0x2dc kernel/locking/lockdep.c:1223 check_prev_add kernel/locking/lockdep.c:1863 [inline] check_prevs_add kernel/locking/lockdep.c:1976 [inline] validate_chain kernel/locking/lockdep.c:2417 [inline] __lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3431 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920 down_write+0x87/0x120 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:713 [inline] shmem_file_llseek+0xef/0x240 mm/shmem.c:2579 vfs_llseek+0xa2/0xd0 fs/read_write.c:300 ashmem_llseek+0xe7/0x1f0 drivers/staging/android/ashmem.c:338 vfs_llseek fs/read_write.c:300 [inline] SYSC_lseek fs/read_write.c:313 [inline] SyS_lseek+0xeb/0x170 fs/read_write.c:304 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x453e69 RSP: 002b:00007fdb855c0c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000008 RAX: ffffffffffffffda RBX: 00007fdb855c16d4 RCX: 0000000000453e69 RDX: 0002000000000003 RSI: fffffffffffffffe RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000003da R14: 00000000006f5d10 R15: 0000000000000000 binder: 26659 RLIMIT_NICE not set binder: 26659 RLIMIT_NICE not set binder: 26657:26667 ioctl c0306201 20004000 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 26657:26659 ioctl 40046207 0 returned -16 binder_alloc: 26657: binder_alloc_buf, no vma binder: 26657:26673 transaction failed 29189/-3, size 0-0 line 2963 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 26657:26659 transaction 95 out, still active binder: release 26657:26659 transaction 94 in, still active binder: undelivered TRANSACTION_COMPLETE binder: release 26657:26667 transaction 94 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 95, target dead binder: send failed reply for transaction 94, target dead QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl kauditd_printk_skb: 662 callbacks suppressed audit: type=1400 audit(1520881121.890:22482): avc: denied { net_admin } for pid=4319 comm="syz-executor5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. audit: type=1400 audit(1520881121.933:22483): avc: denied { net_admin } for pid=4314 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1520881121.939:22484): avc: denied { net_admin } for pid=4319 comm="syz-executor5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1520881121.952:22485): avc: denied { net_admin } for pid=4314 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1520881121.958:22486): avc: denied { net_admin } for pid=4314 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1520881121.967:22487): avc: denied { net_raw } for pid=26866 comm="syz-executor0" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1520881121.993:22488): avc: denied { net_admin } for pid=4314 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1520881122.087:22489): avc: denied { net_admin } for pid=4320 comm="syz-executor6" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1520881122.124:22490): avc: denied { net_admin } for pid=4312 comm="syz-executor2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1520881122.124:22491): avc: denied { net_admin } for pid=4312 comm="syz-executor2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=26878 comm=syz-executor6 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=26892 comm=syz-executor6 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 QAT: Invalid ioctl CPU: 1 PID: 27048 Comm: syz-executor3 Not tainted 4.16.0-rc5+ #351 IPv4: Oversized IP packet from 127.0.0.1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 IPv4: Oversized IP packet from 127.0.0.1 QAT: Invalid ioctl QAT: Invalid ioctl should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc_node mm/slab.c:3286 [inline] kmem_cache_alloc_node_trace+0x5a/0x760 mm/slab.c:3648 kmalloc_node include/linux/slab.h:550 [inline] kzalloc_node include/linux/slab.h:712 [inline] __get_vm_area_node+0xae/0x340 mm/vmalloc.c:1402 __vmalloc_node_range+0xa3/0x650 mm/vmalloc.c:1754 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vmalloc+0x45/0x50 mm/vmalloc.c:1840 ip_set_sockfn_get+0x2c1/0xd30 net/netfilter/ipset/ip_set_core.c:1943 nf_sockopt net/netfilter/nf_sockopt.c:104 [inline] nf_getsockopt+0x6a/0xc0 net/netfilter/nf_sockopt.c:122 ip_getsockopt+0x152/0x200 net/ipv4/ip_sockglue.c:1570 udp_getsockopt+0x45/0x80 net/ipv4/udp.c:2478 ipv6_getsockopt+0xf3/0x2c0 net/ipv6/ipv6_sockglue.c:1356 tcp_getsockopt+0x82/0xd0 net/ipv4/tcp.c:3359 sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2934 SYSC_getsockopt net/socket.c:1880 [inline] SyS_getsockopt+0x178/0x340 net/socket.c:1862 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x453e69 RSP: 002b:00007fbd77a53c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007fbd77a546d4 RCX: 0000000000453e69 RDX: 0000000000000053 RSI: 0000000000000000 RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000020fedffc R09: 0000000000000000 R10: 000000002000d000 R11: 0000000000000246 R12: 0000000000000014 R13: 00000000000000cc R14: 00000000006f13c0 R15: 0000000000000000 syz-executor3: vmalloc: allocation failure: 40 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) syz-executor3 cpuset=/ mems_allowed=0 CPU: 1 PID: 27048 Comm: syz-executor3 Not tainted 4.16.0-rc5+ #351 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3310 __vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vmalloc+0x45/0x50 mm/vmalloc.c:1840 ip_set_sockfn_get+0x2c1/0xd30 net/netfilter/ipset/ip_set_core.c:1943 nf_sockopt net/netfilter/nf_sockopt.c:104 [inline] nf_getsockopt+0x6a/0xc0 net/netfilter/nf_sockopt.c:122 ip_getsockopt+0x152/0x200 net/ipv4/ip_sockglue.c:1570 udp_getsockopt+0x45/0x80 net/ipv4/udp.c:2478 ipv6_getsockopt+0xf3/0x2c0 net/ipv6/ipv6_sockglue.c:1356 tcp_getsockopt+0x82/0xd0 net/ipv4/tcp.c:3359 sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2934 SYSC_getsockopt net/socket.c:1880 [inline] SyS_getsockopt+0x178/0x340 net/socket.c:1862 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x453e69 RSP: 002b:00007fbd77a53c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007fbd77a546d4 RCX: 0000000000453e69 RDX: 0000000000000053 RSI: 0000000000000000 RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000020fedffc R09: 0000000000000000 R10: 000000002000d000 R11: 0000000000000246 R12: 0000000000000014 R13: 00000000000000cc R14: 00000000006f13c0 R15: 0000000000000000 Mem-Info: active_anon:96957 inactive_anon:62 isolated_anon:0 active_file:3697 inactive_file:8768 isolated_file:0 unevictable:0 dirty:163 writeback:0 unstable:0 slab_reclaimable:10611 slab_unreclaimable:97453 mapped:24412 shmem:69 pagetables:741 bounce:0 free:1382217 free_pcp:483 free_cma:0 Node 0 active_anon:387828kB inactive_anon:248kB active_file:14788kB inactive_file:35072kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:97648kB dirty:652kB writeback:0kB shmem:276kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 264192kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2864 6373 6373 Node 0 DMA32 free:2934444kB min:30292kB low:37864kB high:45436kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2935316kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:872kB local_pcp:708kB free_cma:0kB lowmem_reserve[]: 0 0 3509 3509 Node 0 Normal free:2578392kB min:37120kB low:46400kB high:55680kB active_anon:387828kB inactive_anon:248kB active_file:14788kB inactive_file:35072kB unevictable:0kB writepending:652kB present:4718592kB managed:3593744kB mlocked:0kB kernel_stack:5120kB pagetables:2964kB bounce:0kB free_pcp:1164kB local_pcp:364kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 5*4kB (UM) 5*8kB (UM) 3*16kB (UM) 4*32kB (UM) 1*64kB (M) 1*128kB (M) 3*256kB (UM) 3*512kB (UM) 3*1024kB (UM) 2*2048kB (UM) 714*4096kB (M) = 2934444kB Node 0 Normal: 1958*4kB (UME) 1380*8kB (UME) 1146*16kB (UME) 1788*32kB (UME) 730*64kB (UME) 195*128kB (UME) 47*256kB (UME) 14*512kB (UM) 11*1024kB (M) 3*2048kB (UM) 580*4096kB (UM) = 2578392kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 12533 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965969 pages RAM 0 pages HighMem/MovableOnly 329727 pages reserved FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 27071 Comm: syz-executor5 Not tainted 4.16.0-rc5+ #351 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 QAT: Invalid ioctl Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3365 [inline] __do_kmalloc mm/slab.c:3703 [inline] __kmalloc_track_caller+0x5f/0x760 mm/slab.c:3720 memdup_user+0x2c/0x90 mm/util.c:160 map_lookup_elem+0x288/0xc30 kernel/bpf/syscall.c:584 SYSC_bpf kernel/bpf/syscall.c:1869 [inline] SyS_bpf+0xa39/0x4860 kernel/bpf/syscall.c:1843 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x453e69 RSP: 002b:00007f5423277c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007f54232786d4 RCX: 0000000000453e69 RDX: 0000000000000018 RSI: 0000000020eef000 RDI: 0000000000000001 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 R13: 000000000000003f R14: 00000000006f0688 R15: 0000000000000000 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'. QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl kauditd_printk_skb: 719 callbacks suppressed audit: type=1400 audit(1520881126.905:23211): avc: denied { net_admin } for pid=4314 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1520881126.911:23212): avc: denied { create } for pid=27497 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1520881126.911:23213): avc: denied { write } for pid=27497 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1520881126.911:23214): avc: denied { net_admin } for pid=27497 comm="syz-executor7" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=4013 sclass=netlink_xfrm_socket pig=27515 comm=syz-executor1 audit: type=1400 audit(1520881126.911:23215): avc: denied { net_admin } for pid=27503 comm="syz-executor3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1520881126.936:23216): avc: denied { net_admin } for pid=4315 comm="syz-executor1" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1520881126.960:23217): avc: denied { net_admin } for pid=4317 comm="syz-executor3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1520881126.960:23218): avc: denied { create } for pid=27508 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1520881126.985:23219): avc: denied { net_raw } for pid=27509 comm="syz-executor3" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1520881127.021:23220): avc: denied { net_admin } for pid=4317 comm="syz-executor3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 27727 Comm: syz-executor7 Not tainted 4.16.0-rc5+ #351 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3539 kmem_cache_zalloc include/linux/slab.h:691 [inline] avc_alloc_node+0x27/0x4d0 security/selinux/avc.c:549 avc_insert security/selinux/avc.c:668 [inline] avc_compute_av+0x22a/0x710 security/selinux/avc.c:974 avc_has_perm_noaudit security/selinux/avc.c:1110 [inline] avc_has_perm+0x4be/0x680 security/selinux/avc.c:1144 ipc_has_perm.isra.28+0x1fe/0x2e0 security/selinux/hooks.c:5521 selinux_ipc_permission+0x69/0x80 security/selinux/hooks.c:5884 security_ipc_permission+0x7e/0xb0 security/security.c:1147 ipcperms+0x227/0x340 ipc/util.c:507 do_msgrcv+0x390/0x14e0 ipc/msg.c:1015 SYSC_msgrcv ipc/msg.c:1141 [inline] SyS_msgrcv+0x3b/0x50 ipc/msg.c:1138 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x453e69 RSP: 002b:00007fee49332c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000046 RAX: ffffffffffffffda RBX: 00007fee493336d4 RCX: 0000000000453e69 RDX: 00000000000000d5 RSI: 0000000020000180 RDI: 0000000000000000 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013 R13: 0000000000000403 R14: 00000000006f60e8 R15: 0000000000000000