netlink: 188 bytes leftover after parsing attributes in process `syz-executor.4'.
=============================
WARNING: suspicious RCU usage
4.19.84 #0 Not tainted
-----------------------------
include/linux/radix-tree.h:241 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
2 locks held by syz-executor.1/6066:
 #0: 0000000074573553 (&sb->s_type->i_mutex_key#12){+.+.}, at: inode_lock include/linux/fs.h:747 [inline]
 #0: 0000000074573553 (&sb->s_type->i_mutex_key#12){+.+.}, at: memfd_add_seals mm/memfd.c:199 [inline]
 #0: 0000000074573553 (&sb->s_type->i_mutex_key#12){+.+.}, at: memfd_fcntl+0x235/0x1750 mm/memfd.c:249
 #1: 00000000904e7667 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: spin_lock_irq include/linux/spinlock.h:354 [inline]
 #1: 00000000904e7667 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_tag_pins mm/memfd.c:42 [inline]
 #1: 00000000904e7667 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_wait_for_pins mm/memfd.c:83 [inline]
 #1: 00000000904e7667 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_add_seals mm/memfd.c:217 [inline]
 #1: 00000000904e7667 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: memfd_fcntl+0x4bc/0x1750 mm/memfd.c:249

stack backtrace:
CPU: 0 PID: 6066 Comm: syz-executor.1 Not tainted 4.19.84 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:4539
audit: type=1800 audit(1574186622.645:77): pid=6052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.3" name="bus" dev="sda1" ino=17415 res=0
 radix_tree_deref_slot include/linux/radix-tree.h:241 [inline]
 radix_tree_deref_slot include/linux/radix-tree.h:239 [inline]
 memfd_tag_pins mm/memfd.c:44 [inline]
 memfd_wait_for_pins mm/memfd.c:83 [inline]
 memfd_add_seals mm/memfd.c:217 [inline]
 memfd_fcntl+0xfdf/0x1750 mm/memfd.c:249
 do_fcntl+0x200/0x1020 fs/fcntl.c:421
 __do_sys_fcntl fs/fcntl.c:463 [inline]
 __se_sys_fcntl fs/fcntl.c:448 [inline]
 __x64_sys_fcntl+0x16d/0x1e0 fs/fcntl.c:448
 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a639
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f17528eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a639
RDX: 0000000000000008 RSI: 0000000000000409 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f17528eb6d4
R13: 00000000004c1068 R14: 00000000004d3c60 R15: 00000000ffffffff
netlink: 'syz-executor.4': attribute type 17 has an invalid length.
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 6146 Comm: syz-executor.4 Not tainted 4.19.84 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0x1b lib/fault-inject.c:149
 __should_failslab+0x121/0x190 mm/failslab.c:32
 should_failslab+0x9/0x14 mm/slab_common.c:1557
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc_node mm/slab.c:3304 [inline]
 kmem_cache_alloc_node_trace+0x274/0x720 mm/slab.c:3666
 kmalloc_node include/linux/slab.h:553 [inline]
 kzalloc_node include/linux/slab.h:720 [inline]
 __get_vm_area_node+0x12b/0x3a0 mm/vmalloc.c:1393
 __vmalloc_node_range+0xc7/0x790 mm/vmalloc.c:1745
 __vmalloc_node mm/vmalloc.c:1801 [inline]
 __vmalloc_node_flags mm/vmalloc.c:1815 [inline]
 vmalloc+0x6b/0x90 mm/vmalloc.c:1837
 netlink_alloc_large_skb net/netlink/af_netlink.c:1194 [inline]
 netlink_sendmsg+0x640/0xd70 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:622 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:632
 kernel_sendmsg+0x44/0x50 net/socket.c:640
 sock_no_sendpage+0x116/0x150 net/core/sock.c:2642
 kernel_sendpage+0x92/0xf0 net/socket.c:3377
 sock_sendpage+0x8b/0xc0 net/socket.c:847
 pipe_to_sendpage+0x296/0x360 fs/splice.c:452
 splice_from_pipe_feed fs/splice.c:503 [inline]
 __splice_from_pipe+0x391/0x7d0 fs/splice.c:627
 splice_from_pipe+0x108/0x170 fs/splice.c:662
 generic_splice_sendpage+0x3c/0x50 fs/splice.c:833
 do_splice_from fs/splice.c:852 [inline]
 do_splice+0x642/0x12c0 fs/splice.c:1148
 __do_sys_splice fs/splice.c:1415 [inline]
 __se_sys_splice fs/splice.c:1395 [inline]
 __x64_sys_splice+0x2c6/0x330 fs/splice.c:1395
 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a639
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ff3eccdfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 00007ff3eccdfc90 RCX: 000000000045a639
RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 000000000075bfc8 R08: 0000000080000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3ecce06d4
R13: 00000000004ca5d1 R14: 00000000004e1790 R15: 0000000000000008
syz-executor.4: vmalloc: allocation failure: 4416 bytes, mode:0x6000c0(GFP_KERNEL), nodemask=(null)
syz-executor.4 cpuset=syz4 mems_allowed=0-1
CPU: 1 PID: 6146 Comm: syz-executor.4 Not tainted 4.19.84 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 warn_alloc.cold+0x7b/0x173 mm/page_alloc.c:3455
 __vmalloc_node_range mm/vmalloc.c:1772 [inline]
 __vmalloc_node_range+0x486/0x790 mm/vmalloc.c:1732
 __vmalloc_node mm/vmalloc.c:1801 [inline]
 __vmalloc_node_flags mm/vmalloc.c:1815 [inline]
 vmalloc+0x6b/0x90 mm/vmalloc.c:1837
 netlink_alloc_large_skb net/netlink/af_netlink.c:1194 [inline]
 netlink_sendmsg+0x640/0xd70 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:622 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:632
 kernel_sendmsg+0x44/0x50 net/socket.c:640
 sock_no_sendpage+0x116/0x150 net/core/sock.c:2642
 kernel_sendpage+0x92/0xf0 net/socket.c:3377
 sock_sendpage+0x8b/0xc0 net/socket.c:847
 pipe_to_sendpage+0x296/0x360 fs/splice.c:452
 splice_from_pipe_feed fs/splice.c:503 [inline]
 __splice_from_pipe+0x391/0x7d0 fs/splice.c:627
 splice_from_pipe+0x108/0x170 fs/splice.c:662
 generic_splice_sendpage+0x3c/0x50 fs/splice.c:833
 do_splice_from fs/splice.c:852 [inline]
 do_splice+0x642/0x12c0 fs/splice.c:1148
 __do_sys_splice fs/splice.c:1415 [inline]
 __se_sys_splice fs/splice.c:1395 [inline]
 __x64_sys_splice+0x2c6/0x330 fs/splice.c:1395
 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a639
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ff3eccdfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 00007ff3eccdfc90 RCX: 000000000045a639
RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 000000000075bfc8 R08: 0000000080000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3ecce06d4
R13: 00000000004ca5d1 R14: 00000000004e1790 R15: 0000000000000008
Mem-Info:
active_anon:187663 inactive_anon:468 isolated_anon:0
 active_file:13175 inactive_file:36592 isolated_file:0
 unevictable:0 dirty:191 writeback:0 unstable:0
 slab_reclaimable:15807 slab_unreclaimable:116789
 mapped:59310 shmem:648 pagetables:1845 bounce:0
 free:1157477 free_pcp:781 free_cma:0
Node 0 active_anon:750652kB inactive_anon:1872kB active_file:52552kB inactive_file:146368kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:237240kB dirty:760kB writeback:0kB shmem:2592kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 186368kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 1 active_anon:0kB inactive_anon:0kB active_file:148kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2555 2557 2557
Node 0 DMA32 free:835780kB min:36248kB low:45308kB high:54368kB active_anon:746488kB inactive_anon:1872kB active_file:52552kB inactive_file:146368kB unevictable:0kB writepending:760kB present:3129332kB managed:2619976kB mlocked:0kB kernel_stack:8096kB pagetables:7380kB bounce:0kB free_pcp:2300kB local_pcp:1468kB free_cma:0kB
lowmem_reserve[]: 0 0 2 2
Node 0 Normal free:12kB min:32kB low:40kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2428kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 1 Normal free:3782288kB min:53608kB low:67008kB high:80408kB active_anon:0kB inactive_anon:0kB active_file:148kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870180kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:868kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (UM) = 15908kB
Node 0 DMA32: 1792*4kB (UE) 5309*8kB (UME) 1955*16kB (UME) 3051*32kB (UME) 2529*64kB (UM) 843*128kB (UM) 297*256kB (UM) 78*512kB (U) 25*1024kB (U) 14*2048kB (UM) 53*4096kB (UM) = 835640kB
Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
Node 1 Normal: 71*4kB (UME) 251*8kB (UE) 273*16kB (UME) 68*32kB (UE) 21*64kB (UM) 12*128kB (UE) 7*256kB (UM) 7*512kB (UME) 5*1024kB (UM) 2*2048kB (UE) 917*4096kB (UM) = 3782340kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
50413 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
338856 pages reserved
0 pages cma reserved
mmap: syz-executor.3 (6364) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.