netlink: 10 bytes leftover after parsing attributes in process `syz-executor7'. SELinux: unrecognized netlink message: protocol=6 nlmsg_type=3131 sclass=netlink_xfrm_socket pig=8671 comm=syz-executor7 Trying to set illegal importance in message ============================= WARNING: suspicious RCU usage 4.14.0-rc6+ #151 Not tainted ----------------------------- ./include/linux/inetdevice.h:230 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor2/8683: #0: (rcu_read_lock){....}, at: [] inet_rtm_getroute+0xaa0/0x2d70 net/ipv4/route.c:2738 stack backtrace: CPU: 0 PID: 8683 Comm: syz-executor2 Not tainted 4.14.0-rc6+ #151 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4665 __in_dev_get_rtnl include/linux/inetdevice.h:230 [inline] fib_dump_info+0x1136/0x13d0 net/ipv4/fib_semantics.c:1377 inet_rtm_getroute+0xf97/0x2d70 net/ipv4/route.c:2785 rtnetlink_rcv_msg+0x51c/0x1090 net/core/rtnetlink.c:4240 netlink_rcv_skb+0x216/0x440 net/netlink/af_netlink.c:2409 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4264 netlink_unicast_kernel net/netlink/af_netlink.c:1273 [inline] netlink_unicast+0x4e8/0x6f0 net/netlink/af_netlink.c:1299 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1862 sock_sendmsg_nosec net/socket.c:633 [inline] sock_sendmsg+0xca/0x110 net/socket.c:643 sock_write_iter+0x31a/0x5d0 net/socket.c:912 call_write_iter include/linux/fs.h:1770 [inline] new_sync_write fs/read_write.c:468 [inline] __vfs_write+0x684/0x970 fs/read_write.c:481 vfs_write+0x189/0x510 fs/read_write.c:543 SYSC_write fs/read_write.c:588 [inline] SyS_write+0xef/0x220 fs/read_write.c:580 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x452869 RSP: 002b:00007fee86c31be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00000000007580d8 RCX: 0000000000452869 RDX: 0000000000000024 RSI: 0000000020226000 RDI: 0000000000000015 RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a6f7ff R14: 00007fee86c329c0 R15: 0000000000000008 netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 10 bytes leftover after parsing attributes in process `syz-executor7'. SELinux: unrecognized netlink message: protocol=6 nlmsg_type=3131 sclass=netlink_xfrm_socket pig=8688 comm=syz-executor7 Trying to set illegal importance in message *** Guest State *** CR0: actual=0x0000000080000031, shadow=0x00000000e0000011, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000512460, shadow=0x0000000000510420, gh_mask=ffffffffffffe871 CR3 = 0x0000000000002000 RSP = 0x0000000000000f80 RIP = 0x000000000000000b RFLAGS=0x00000086 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810 CS: sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000 DS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 SS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 ES: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 FS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x000001ff, base=0x0000000000003800 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000501 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811ba1f3 RSP = 0xffff8801c9def4c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f28ff98d700 GSBase=ffff8801db300000 TRBase=ffff8801db322cc0 GDTBase=ffffffffff576000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=00000001c193d000 CR4=00000000001426e0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84d20ab0 EFER = 0x0000000000000d01 PAT = 0x0000000000000000 *** Control State *** PinBased=0000003f CPUBased=b6986dfa SecondaryExec=0000004a EntryControls=0000d3ff ExitControls=0023efff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffff429109e0be EPT pointer = 0x00000001d56b901e 12132 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 323053 pages reserved Started in network mode Own node address <160.1808.1159>, network identity 4711 Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable device gre0 entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl sctp: [Deprecated]: syz-executor1 (pid 8957) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor1 (pid 8957) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. kvm: vcpu 4: requested 68374 ns lapic timer period limited to 500000 ns netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. kvm: vcpu 4: requested 68374 ns lapic timer period limited to 500000 ns netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. device gre0 entered promiscuous mode *** Guest State *** CR0: actual=0x0000000080010031, shadow=0x0000000060010011, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 RFLAGS=0x00000002 DR7 = 0x0000000000000400 QAT: Invalid ioctl Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810 CS: sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000 DS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 SS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 ES: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 FS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x000001ff, base=0x0000000000003800 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000004001 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811ba1f3 RSP = 0xffff8801c6fcf4c8 *** Guest State *** CR0: actual=0x0000000080010031, shadow=0x0000000060010011, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810 CS: sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000 DS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 SS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 ES: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 FS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x000001ff, base=0x0000000000003800 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000004001 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811ba1f3 RSP = 0xffff8801d337f4c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f5bb951f700 GSBase=ffff8801db300000 TRBase=ffff8801db322cc0 GDTBase=ffffffffff576000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=00000001c29f4000 CR4=00000000001426e0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84d20ab0 EFER = 0x0000000000000d01 PAT = 0x0000000000000000 *** Control State *** PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=00000043 EntryControls=0000d1ff ExitControls=0023efff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=80000301 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffff405e468a0c TPR Threshold = 0x00 EPT pointer = 0x00000001c9e6401e QAT: Invalid ioctl CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f5bb9566700 GSBase=ffff8801db200000 TRBase=ffff8801db222cc0 GDTBase=ffffffffff577000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=00000001c29f4000 CR4=00000000001426f0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84d20ab0 EFER = 0x0000000000000d01 PAT = 0x0000000000000000 *** Control State *** PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=00000043 EntryControls=0000d1ff ExitControls=0023efff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=80000301 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffff407c401df6 TPR Threshold = 0x00 EPT pointer = 0x00000001d819201e SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9362 comm=syz-executor3 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl nla_parse: 1 callbacks suppressed netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. device gre0 entered promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 1 PID: 9722 Comm: syz-executor2 Not tainted 4.14.0-rc6+ #151 audit: type=1326 audit(1509216729.198:4885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=9720 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0xffff0000 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:31 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc_node mm/slab.c:3304 [inline] kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3649 __alloc_skb+0xf1/0x740 net/core/skbuff.c:194 alloc_skb include/linux/skbuff.h:976 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1145 [inline] netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1837 sock_sendmsg_nosec net/socket.c:633 [inline] sock_sendmsg+0xca/0x110 net/socket.c:643 sock_write_iter+0x31a/0x5d0 net/socket.c:912 call_write_iter include/linux/fs.h:1770 [inline] new_sync_write fs/read_write.c:468 [inline] __vfs_write+0x684/0x970 fs/read_write.c:481 vfs_write+0x189/0x510 fs/read_write.c:543 SYSC_write fs/read_write.c:588 [inline] SyS_write+0xef/0x220 fs/read_write.c:580 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x452869 RSP: 002b:00007fee86c31be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00000000007580d8 RCX: 0000000000452869 RDX: 0000000000000024 RSI: 0000000020226000 RDI: 0000000000000013 RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b7550 R13: 00007fee86c31b58 R14: 00000000004b7560 R15: 0000000000000000 audit: type=1326 audit(1509216729.542:4886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=9720 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0xffff0000 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl sd 0:0:1:0: [sg0] tag#0 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#0 CDB: Test Unit Ready sd 0:0:1:0: [sg0] tag#0 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#0 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#0 CDB[20]: 00 00 00 00 00 00 00 00 00 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. QAT: Invalid ioctl IPv6: Can't replace route, no match found SELinux: unrecognized netlink message: protocol=6 nlmsg_type=65535 sclass=netlink_xfrm_socket pig=9942 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=6 sclass=netlink_xfrm_socket pig=9934 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7 sclass=netlink_route_socket pig=9934 comm=syz-executor7 QAT: Invalid ioctl netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. IPv6: Can't replace route, no match found SELinux: unrecognized netlink message: protocol=6 nlmsg_type=65535 sclass=netlink_xfrm_socket pig=9942 comm=syz-executor7 *** Guest State *** CR0: actual=0x0000000080000031, shadow=0x0000000060000011, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000032052, shadow=0x0000000000030002, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810 CS: sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000 DS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 SS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 ES: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 FS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x000001ff, base=0x0000000000003800 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000001 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811ba1f3 RSP = 0xffff8801cc76f4c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f805fd34700 GSBase=ffff8801db200000 TRBase=ffff8801db222cc0 GDTBase=ffffffffff577000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=00000001c930b000 CR4=00000000001426f0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84d20ab0 EFER = 0x0000000000000d01 PAT = 0x0000000000000000 *** Control State *** PinBased=0000003f CPUBased=b699edfa SecondaryExec=0000004a EntryControls=0000d1ff ExitControls=0023efff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffff3e5db6a433 EPT pointer = 0x00000001d865001e SELinux: unrecognized netlink message: protocol=6 nlmsg_type=6 sclass=netlink_xfrm_socket pig=9934 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7 sclass=netlink_route_socket pig=9983 comm=syz-executor7 device lo entered promiscuous mode SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pig=10076 comm=syz-executor6 device eql entered promiscuous mode sg_write: data in/out 822404280/197 bytes for SCSI command 0x12-- guessing data in; program syz-executor3 not setting count and/or reply_len properly sg_write: data in/out 822404280/197 bytes for SCSI command 0x12-- guessing data in; program syz-executor3 not setting count and/or reply_len properly audit: type=1326 audit(1509216731.908:4887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=10200 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452869 code=0xffff0000 kvm_hv_set_msr: 129 callbacks suppressed kvm [10216]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008f data 0x0 kvm [10216]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008e data 0x0 kvm [10216]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008d data 0x0 kvm [10216]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008c data 0x0 kvm [10216]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008b data 0x0 kvm [10216]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008a data 0x0 kvm [10216]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x40000089 data 0x0 kvm [10216]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x40000088 data 0x0 kvm [10216]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x40000087 data 0x0 kvm [10216]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x40000086 data 0x0