R10: 0000000020265000 R11: 0000000000000246 R12: 0000000000000016 R13: 0000000000000647 R14: 00000000006fd748 R15: 0000000000000006 list_del corruption. prev->next should be 00000000b665225f, but was 000000008729889f Publication creation failure, no memory ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:53! invalid opcode: 0000 [#1] SMP PTI Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 10667 Comm: syz-executor1 Not tainted 4.16.0+ #87 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__list_del_entry_valid+0x37c/0x440 lib/list_debug.c:51 RSP: 0018:ffff88014bd1f1a8 EFLAGS: 00010282 RAX: 0000000000000054 RBX: ffffffffffffffff RCX: 0000000000000000 RDX: 0000000000000000 RSI: aaaaaaaaaaaab000 RDI: ffffea0000000000 RBP: ffff88014bd1f200 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801494fd1c8 R13: 0000000000000000 R14: 00000000db6000cb R15: 00000000db6000cb FS: 00007f9ab64bf700(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f49795f1db8 CR3: 00000001524be000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __list_del_entry include/linux/list.h:117 [inline] list_del_init include/linux/list.h:159 [inline] tipc_nametbl_unsubscribe+0x4a1/0xa90 net/tipc/name_table.c:848 tipc_subscrb_subscrp_delete+0x399/0x990 net/tipc/subscr.c:212 tipc_subscrb_delete net/tipc/subscr.c:242 [inline] tipc_subscrb_release_cb+0x61/0x100 net/tipc/subscr.c:321 tipc_topsrv_kern_unsubscr+0x54b/0x630 net/tipc/server.c:535 tipc_group_delete+0x4c8/0x520 net/tipc/group.c:231 tipc_sk_leave net/tipc/socket.c:2795 [inline] tipc_release+0x215/0x1730 net/tipc/socket.c:577 sock_release net/socket.c:595 [inline] sock_close+0xe0/0x300 net/socket.c:1149 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 __fput+0x49e/0xa10 fs/file_table.c:209 ____fput+0x37/0x40 fs/file_table.c:243 CPU: 0 PID: 10677 Comm: syz-executor0 Not tainted 4.16.0+ #87 task_work_run+0x243/0x2c0 kernel/task_work.c:113 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x10e1/0x38d0 kernel/exit.c:867 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 do_group_exit+0x1a0/0x360 kernel/exit.c:970 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x87b/0xab0 lib/fault-inject.c:149 get_signal+0x1320/0x1f20 kernel/signal.c:2469 should_failslab+0x279/0x2a0 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc_node mm/slub.c:2663 [inline] slab_alloc mm/slub.c:2745 [inline] __kmalloc+0xc2/0x350 mm/slub.c:3785 do_signal+0xb8/0x1c80 arch/x86/kernel/signal.c:809 kmalloc include/linux/slab.h:517 [inline] tipc_alloc_entry net/tipc/server.c:412 [inline] tipc_conn_sendmsg+0x44a/0xa90 net/tipc/server.c:461 tipc_subscrp_send_event net/tipc/subscr.c:84 [inline] tipc_subscrp_report_overlap+0x7dc/0x960 net/tipc/subscr.c:136 tipc_nameseq_insert_publ net/tipc/name_table.c:329 [inline] tipc_nametbl_insert_publ+0x23b3/0x2990 net/tipc/name_table.c:486 tipc_nametbl_publish+0x35b/0x5a0 net/tipc/name_table.c:759 tipc_sk_publish net/tipc/socket.c:2602 [inline] tipc_sk_join net/tipc/socket.c:2772 [inline] tipc_setsockopt+0x16b8/0x1e50 net/tipc/socket.c:2876 exit_to_usermode_loop arch/x86/entry/common.c:162 [inline] prepare_exit_to_usermode+0x271/0x3a0 arch/x86/entry/common.c:196 syscall_return_slowpath+0xe9/0x700 arch/x86/entry/common.c:265 SYSC_setsockopt+0x4b8/0x570 net/socket.c:1849 do_syscall_64+0x36d/0x430 arch/x86/entry/common.c:292 SyS_setsockopt+0x76/0xa0 net/socket.c:1828 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x455979 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RSP: 002b:00007f9ab64bece8 EFLAGS: 00000246 RIP: 0033:0x455979 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000072bec8 RCX: 0000000000455979 RSP: 002b:00007f57d2a0cc68 EFLAGS: 00000246 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000072bec8 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007f57d2a0d6d4 RCX: 0000000000455979 RBP: 000000000072bec8 R08: 0000000000000036 R09: 000000000072bea0 RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000015 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000a3e81f R14: 00007f9ab64bf9c0 R15: 0000000000000000 RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 R10: 0000000020265000 R11: 0000000000000246 R12: 0000000000000016 Code: R13: 0000000000000647 R14: 00000000006fd748 R15: 0000000000000007 00 48 c7 81 80 0c 00 00 00 00 00 00 c7 81 20 03 00 00 00 00 00 00 48 c7 c7 b5 f7 82 8a 31 c0 48 8b 75 c0 4c 89 e2 e8 a4 a7 51 fd <0f> 0b 66 90 eb fe 44 89 f7 e8 76 83 cb fd e9 88 fd ff ff 48 85 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 RIP: __list_del_entry_valid+0x37c/0x440 lib/list_debug.c:51 RSP: ffff88014bd1f1a8 ---[ end trace b65ae30c81a32ca7 ]--- CPU: 0 PID: 10678 Comm: syz-executor2 Tainted: G D 4.16.0+ #87