============================= WARNING: suspicious RCU usage 4.15.0-rc4+ #228 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor3/12021: #0: (sk_lock-AF_INET6){+.+.}, at: [<0000000088af12bf>] lock_sock include/net/sock.h:1461 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<0000000088af12bf>] do_ipv6_setsockopt.isra.9+0x238/0x39a0 net/ipv6/ipv6_sockglue.c:167 stack backtrace: CPU: 1 PID: 12021 Comm: syz-executor3 Not tainted 4.15.0-rc4+ #228 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ireq_opt_deref include/net/inet_sock.h:135 [inline] inet_csk_route_req+0x82a/0xca0 net/ipv4/inet_connection_sock.c:544 dccp_v4_send_response+0xa7/0x640 net/dccp/ipv4.c:485 dccp_v4_conn_request+0x9f4/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1350 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xeb/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x81a/0x9b0 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:907 [inline] __release_sock+0x124/0x360 net/core/sock.c:2264 release_sock+0xa4/0x2a0 net/core/sock.c:2779 do_ipv6_setsockopt.isra.9+0x4fb/0x39a0 net/ipv6/ipv6_sockglue.c:897 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:921 dccp_setsockopt+0x85/0xd0 net/dccp/proto.c:573 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968 SYSC_setsockopt net/socket.c:1829 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1808 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a09 RSP: 002b:00007fc1d6b37c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000452a09 RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000013 RBP: 0000000000000021 R08: 0000000000000020 R09: 0000000000000000 R10: 0000000020c19000 R11: 0000000000000212 R12: 00000000006ed3b8 R13: 00000000ffffffff R14: 00007fc1d6b386d4 R15: 0000000000000002 ============================= WARNING: suspicious RCU usage 4.15.0-rc4+ #228 Not tainted ----------------------------- ./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor3/12021: #0: (sk_lock-AF_INET6){+.+.}, at: [<0000000088af12bf>] lock_sock include/net/sock.h:1461 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<0000000088af12bf>] do_ipv6_setsockopt.isra.9+0x238/0x39a0 net/ipv6/ipv6_sockglue.c:167 stack backtrace: CPU: 1 PID: 12021 Comm: syz-executor3 Not tainted 4.15.0-rc4+ #228 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 ireq_opt_deref include/net/inet_sock.h:135 [inline] dccp_v4_send_response+0x4b0/0x640 net/dccp/ipv4.c:496 dccp_v4_conn_request+0x9f4/0x11b0 net/dccp/ipv4.c:633 dccp_v6_conn_request+0xd30/0x1350 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612 dccp_v4_do_rcv+0xeb/0x160 net/dccp/ipv4.c:682 dccp_v6_do_rcv+0x81a/0x9b0 net/dccp/ipv6.c:578 sk_backlog_rcv include/net/sock.h:907 [inline] __release_sock+0x124/0x360 net/core/sock.c:2264 release_sock+0xa4/0x2a0 net/core/sock.c:2779 do_ipv6_setsockopt.isra.9+0x4fb/0x39a0 net/ipv6/ipv6_sockglue.c:897 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:921 dccp_setsockopt+0x85/0xd0 net/dccp/proto.c:573 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968 SYSC_setsockopt net/socket.c:1829 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1808 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a09 RSP: 002b:00007fc1d6b37c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000452a09 RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000013 RBP: 0000000000000021 R08: 0000000000000020 R09: 0000000000000000 R10: 0000000020c19000 R11: 0000000000000212 R12: 00000000006ed3b8 R13: 00000000ffffffff R14: 00007fc1d6b386d4 R15: 0000000000000002 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=12071 comm=syz-executor5 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr binder: 12341:12343 got transaction to invalid handle binder: 12341:12343 transaction failed 29201/-22, size 8103148380265381888-2306071703337304064 line 2775 binder: BINDER_SET_CONTEXT_MGR already set netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr binder: 12341:12343 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 12341:12368 unknown command 0 binder: 12341:12368 ioctl c0306201 2000dfd0 returned -22 PF_BRIDGE: br_mdb_parse() with invalid attr device gre0 entered promiscuous mode PF_BRIDGE: br_mdb_parse() with invalid attr binder: 12341:12354 ioctl 40046207 0 returned -16 PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr QAT: Invalid ioctl QAT: Invalid ioctl binder: 12880:12889 ioctl c0306201 20000fd0 returned -14 netlink: 'syz-executor2': attribute type 5 has an invalid length. netlink: 'syz-executor2': attribute type 5 has an invalid length. FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 12929 Comm: syz-executor7 Not tainted 4.15.0-rc4+ #228 binder: 12880:12900 ioctl c0306201 20000fd0 returned -14 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 kmem_cache_zalloc include/linux/slab.h:678 [inline] alloc_mm_slot mm/khugepaged.c:369 [inline] __khugepaged_enter+0xbd/0x540 mm/khugepaged.c:405 khugepaged_enter include/linux/khugepaged.h:54 [inline] do_huge_pmd_anonymous_page+0x10d9/0x1b00 mm/huge_memory.c:680 create_huge_pmd mm/memory.c:3828 [inline] __handle_mm_fault+0x1a0c/0x3ce0 mm/memory.c:4032 handle_mm_fault+0x334/0x8d0 mm/memory.c:4098 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1429 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1225 RIP: 0033:0x40180b RSP: 002b:00007f5981c07b90 EFLAGS: 00010246 RAX: 0000000020000000 RBX: 000000000000002e RCX: 0000000000000000 RDX: 80a740147cb95b3b RSI: 0000000000000000 RDI: 00007f5981c08608 RBP: 0000000020fd5fae R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000002e R11: 0000000000000000 R12: 00000000006f56c8 R13: 0000000000000013 R14: 00007f5981c086d4 R15: ffffffffffffffff syz-executor7 invoked oom-killer: gfp_mask=0x0(), nodemask=(null), order=0, oom_score_adj=0 syz-executor7 cpuset=/ mems_allowed=0 CPU: 0 PID: 12929 Comm: syz-executor7 Not tainted 4.15.0-rc4+ #228 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 dump_header+0x28c/0xe1e mm/oom_kill.c:437 oom_kill_process+0x8b5/0x14a0 mm/oom_kill.c:865 out_of_memory+0x86d/0x1220 mm/oom_kill.c:1079 pagefault_out_of_memory+0x135/0x152 mm/oom_kill.c:1110 mm_fault_error+0xd6/0x2c0 arch/x86/mm/fault.c:1053 __do_page_fault+0xb4d/0xc90 arch/x86/mm/fault.c:1457 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1225 RIP: 0033:0x40180b RSP: 002b:00007f5981c07b90 EFLAGS: 00010246 RAX: 0000000020000000 RBX: 000000000000002e RCX: 0000000000000000 RDX: 80a740147cb95b3b RSI: 0000000000000000 RDI: 00007f5981c08608 RBP: 0000000020fd5fae R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000002e R11: 0000000000000000 R12: 00000000006f56c8 R13: 0000000000000013 R14: 00007f5981c086d4 R15: ffffffffffffffff Mem-Info: active_anon:54093 inactive_anon:39 isolated_anon:0 active_file:4022 inactive_file:8014 isolated_file:0 unevictable:0 dirty:124 writeback:0 unstable:0 slab_reclaimable:10764 slab_unreclaimable:97723 mapped:23244 shmem:52 pagetables:627 bounce:0 free:1433777 free_pcp:486 free_cma:0 Node 0 active_anon:216372kB inactive_anon:156kB active_file:16088kB inactive_file:32056kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:92976kB dirty:496kB writeback:0kB shmem:208kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 172032kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2882 6395 6395 Node 0 DMA32 free:2953284kB min:30384kB low:37980kB high:45576kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2954056kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:772kB local_pcp:60kB free_cma:0kB lowmem_reserve[]: 0 0 3512 3512 Node 0 Normal free:2755100kB min:37032kB low:46288kB high:55544kB active_anon:226832kB inactive_anon:156kB active_file:16088kB inactive_file:32056kB unevictable:0kB writepending:496kB present:4718592kB managed:3597124kB mlocked:0kB kernel_stack:4192kB pagetables:2804kB bounce:0kB free_pcp:840kB local_pcp:500kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 5*4kB (UM) 0*8kB 3*16kB (UM) 2*32kB (UM) 1*64kB (M) 3*128kB (M) 4*256kB (UM) 5*512kB (UM) 2*1024kB (UM) 3*2048kB (UM) 718*4096kB (M) = 2953284kB Node 0 Normal: 570*4kB (UME) 834*8kB (UME) 697*16kB (UME) 543*32kB (UME) 282*64kB (UME) 160*128kB (ME) 42*256kB (UME) 12*512kB (ME) 8*1024kB (UME) 1*2048kB (E) 648*4096kB (UM) = 2757352kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 12087 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 324207 pages reserved Unreclaimable slab info: Name Used Total pid_2 380KB 748KB hashtab_node 118KB 119KB ebitmap_node 1119KB 1610KB avtab_node 1012KB 1013KB TIPC 21KB 50KB RDS 17KB 39KB rds_connection 1KB 4KB SCTPv6 122KB 180KB SCTP 56KB 65KB sctp_chunk 9KB 30KB sctp_bind_bucket 0KB 7KB DCCPv6 92KB 92KB tw_sock_DCCP 131KB 131KB request_sock_DCCP 10KB 10KB DCCP 182KB 182KB ccid2_hc_tx_sock 756KB 756KB ccid2_hc_rx_sock 19KB 19KB dccp_ackvec_record 39KB 39KB dccp_ackvec 378KB 378KB dccp_bind_bucket 120KB 120KB KCM 37KB 37KB kcm_mux_cache 15KB 15KB fib6_nodes 18KB 20KB ip6_dst_cache 74KB 74KB ip6_mrt_cache 1KB 4KB PINGv6 34KB 39KB RAWv6 294KB 448KB UDPv6 75KB 87KB TCPv6 55KB 55KB sd_ext_cdb 0KB 3KB scsi_sense_cache 10KB 20KB virtio_scsi_cmd 16KB 16KB sgpool-128 8KB 8KB sgpool-64 4KB 6KB sgpool-32 2KB 7KB sgpool-16 3KB 7KB sgpool-8 18KB 37KB cfq_io_cq 4KB 19KB cfq_queue 5KB 23KB mqueue_inode_cache 30KB 43KB fuse_request 15KB 28KB nfs_commit_data 3KB 7KB nfs_write_data 34KB 37KB jbd2_inode 2KB 3KB ext4_system_zone 0KB 3KB kioctx 34KB 36KB aio_kiocb 1KB 4KB userfaultfd_ctx_cache 15KB 15KB bio-1 1KB 3KB fasync_cache 0KB 8KB pid_namespace 2KB 11KB posix_timers_cache 7KB 7KB kvm_vcpu 423KB 540KB kvm_mmu_page_header 9KB 34KB pte_list_desc 2KB 15KB rpc_buffers 31KB 31KB rpc_tasks 7KB 7KB UNIX 87KB 112KB ip4-frags 3KB 3KB tcp_bind_bucket 10KB 48KB inet_peer_cache 2KB 8KB ip_fib_trie 4KB 7KB ip_fib_alias 7KB 15KB ip_dst_cache 25KB 78KB PING 35KB 35KB RAW 119KB 172KB UDP 84KB 132KB tw_sock_TCP 3KB 3KB TCP 102KB 102KB hugetlbfs_inode_cache 22KB 38KB eventpoll_pwq 29KB 35KB eventpoll_epi 51KB 51KB inotify_inode_mark 43KB 43KB request_queue 25KB 39KB blkdev_ioc 34KB 50KB bio-0 58KB 78KB biovec-(1<<(21-12)) 627KB 627KB bio_integrity_payload 0KB 4KB khugepaged_mm_slot 57KB 104KB user_namespace 8KB 14KB dmaengine-unmap-2 0KB 3KB audit_buffer 2KB 7KB skbuff_fclone_cache 596KB 1248KB skbuff_head_cache 1900KB 2898KB configfs_dir_cache 0KB 4KB file_lock_cache 2KB 15KB file_lock_ctx 1KB 3KB fsnotify_mark_connector 27KB 27KB net_namespace 72KB 72KB shmem_inode_cache 3345KB 4096KB task_delay_info 620KB 1118KB taskstats 436KB 823KB sigqueue 696KB 1657KB kernfs_node_cache 3153KB 3153KB mnt_cache 78KB 120KB filp 6473KB 8325KB names_cache 90520KB 90525KB avc_node 53KB 63KB selinux_file_security 333KB 445KB selinux_inode_security 2536KB 2744KB key_jar 75KB 172KB nsproxy 1KB 11KB vm_area_struct 12177KB 18032KB mm_struct 1986KB 3083KB fs_cache 402KB 580KB files_cache 1326KB 2025KB signal_cache 1927KB 3191KB sighand_cache 333KB 333KB task_struct 17278KB 17333KB cred_jar 926KB 1692KB anon_vma_chain 4262KB 5437KB anon_vma 225KB 304KB pid 68KB 216KB Acpi-Operand 106KB 170KB Acpi-Namespace 19KB 23KB shared_policy_node 2KB 35KB numa_policy 1KB 34KB trace_event_file 144KB 147KB ftrace_event_field 254KB 255KB pool_workqueue 21KB 24KB page->ptl 2258KB 4332KB kmalloc-524288 1028KB 1028KB kmalloc-262144 2064KB 2322KB kmalloc-131072 910KB 1170KB kmalloc-65536 5742KB 5742KB kmalloc-32768 18084KB 18084KB kmalloc-16384 660KB 709KB kmalloc-8192 1534KB 1534KB kmalloc-4096 10731KB 10731KB kmalloc-2048 10992KB 12386KB kmalloc-1024 3855KB 6000KB kmalloc-512 2758KB 4815KB kmalloc-256 1580KB 2148KB kmalloc-128 634KB 1508KB kmalloc-96 715KB 1420KB kmalloc-64 2042KB 2080KB kmalloc-32 2211KB 2256KB kmalloc-192 366KB 836KB kmem_cache 101KB 105KB [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 1602] 0 1602 5366 629 86016 0 -1000 udevd [ 2852] 0 2852 2493 795 53248 0 0 dhclient [ 2985] 0 2985 30616 772 122880 0 0 rsyslogd [ 3017] 0 3017 4725 497 81920 0 0 cron [ 3062] 0 3062 3737 45 73728 0 0 mcstransd [ 3069] 0 3069 12927 1540 126976 0 0 restorecond [ 3077] 0 3077 12490 827 135168 0 -1000 sshd [ 3111] 0 3111 3694 476 81920 0 0 getty [ 3112] 0 3112 3694 476 73728 0 0 getty [ 3113] 0 3113 3694 470 73728 0 0 getty [ 3114] 0 3114 3694 473 69632 0 0 getty [ 3115] 0 3115 3694 471 69632 0 0 getty [ 3116] 0 3116 3694 471 73728 0 0 getty [ 3117] 0 3117 3649 446 69632 0 0 getty [ 3133] 0 3133 17821 1335 192512 0 0 sshd [ 3135] 0 3135 112126 55501 622592 0 0 syz-fuzzer [ 3178] 0 3178 7297 229 69632 0 0 syz-executor7 [ 3179] 0 3179 7297 230 65536 0 0 syz-executor1 [ 3180] 0 3180 7297 229 69632 0 0 syz-executor4 [ 3182] 0 3182 7297 230 65536 0 0 syz-executor5 [ 3184] 0 3184 7297 229 69632 0 0 syz-executor0 [ 3206] 0 3206 5398 615 81920 0 -1000 udevd [ 3226] 0 3226 5367 608 81920 0 -1000 udevd [ 3367] 0 3367 7297 2271 77824 0 0 syz-executor7 [ 3373] 0 3373 7297 2282 73728 0 0 syz-executor1 [ 3379] 0 3379 7297 2274 73728 0 0 syz-executor5 [ 3380] 0 3380 7297 2281 77824 0 0 syz-executor4 [ 3382] 0 3382 7297 2269 77824 0 0 syz-executor0 [30495] 0 30495 7297 230 65536 0 0 syz-executor6 [30576] 0 30576 7297 2274 73728 0 0 syz-executor6 [12893] 0 12893 7297 229 65536 0 0 syz-executor3 [12974] 0 12974 7297 2273 73728 0 0 syz-executor3 [ 6074] 0 6074 7297 230 65536 0 0 syz-executor2 [ 6145] 0 6145 7297 2282 73728 0 0 syz-executor2 [12929] 0 12925 11387 2202 81920 0 0 syz-executor7 Out of memory: Kill process 3135 (syz-fuzzer) score 32 or sacrifice child Killed process 30495 (syz-executor6) total-vm:29188kB, anon-rss:64kB, file-rss:856kB, shmem-rss:0kB oom_reaper: reaped process 30495 (syz-executor6), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB nla_parse: 8 callbacks suppressed netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr netlink: 21 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 21 bytes leftover after parsing attributes in process `syz-executor6'. FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 13125 Comm: syz-executor5 Not tainted 4.15.0-rc4+ #228 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3289 [inline] kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:983 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1147 [inline] netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1839 sock_sendmsg_nosec net/socket.c:636 [inline] sock_sendmsg+0xca/0x110 net/socket.c:646 sock_write_iter+0x31a/0x5d0 net/socket.c:915 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x684/0x970 fs/read_write.c:482 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a09 RSP: 002b:00007f97311e1c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f97311e1aa0 RCX: 0000000000452a09 RDX: 000000000000001f RSI: 00000000202b2000 RDI: 0000000000000013 RBP: 00007f97311e1a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75bb R13: 00007f97311e1bc8 R14: 00000000004b75bb R15: 0000000000000000 netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr kauditd_printk_skb: 9 callbacks suppressed audit: type=1400 audit(1513653676.584:1313): avc: denied { create } for pid=13217 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_iscsi_socket permissive=1 netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr SELinux: unrecognized netlink message: protocol=0 nlmsg_type=260 sclass=netlink_route_socket pig=13222 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=260 sclass=netlink_route_socket pig=13222 comm=syz-executor6 netlink: 7 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr NFS: bad mount option value specified: v0Nju.T0D%9d-۳Ak ܁&w;JgTAۇ*Nbn7ڙHHQG8u PF_BRIDGE: br_mdb_parse() with invalid attr NFS: bad mount option value specified: v0Nju.T0D%9d-۳Ak ܁&w;JgTAۇ*Nbn7ڙHHQG8u PF_BRIDGE: br_mdb_parse() with invalid attr audit: type=1400 audit(1513653676.912:1314): avc: denied { bind } for pid=13304 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr binder: 13437:13438 ioctl c0045c77 0 returned -22 PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr binder: 13437:13438 ioctl c0045c77 0 returned -22 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1 sclass=netlink_route_socket pig=13650 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1 sclass=netlink_route_socket pig=13664 comm=syz-executor5 PF_BRIDGE: br_mdb_parse() with invalid attr PF_BRIDGE: br_mdb_parse() with invalid attr