lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <001a114a958cf58255055cfdccb2@google.com>
Date:   Thu, 02 Nov 2017 03:53:38 -0700
From:   syzbot 
        <bot+e52a2ae091b628f72765583c9faedc961c83b7e7@...kaller.appspotmail.com>
To:     davem@...emloft.net, kuznet@....inr.ac.ru,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        syzkaller-bugs@...glegroups.com, yoshfuji@...ux-ipv6.org
Subject: suspicious RCU usage at ./include/linux/inetdevice.h:LINE

Hello,

syzkaller hit the following crash on  
ce43f4fd6f103681c7485c2b1967179647e73555
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.





=============================
WARNING: suspicious RCU usage
4.14.0-rc5+ #140 Not tainted
-----------------------------
./include/linux/inetdevice.h:230 suspicious rcu_dereference_protected()  
usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor2/23859:
  #0:  (rcu_read_lock){....}, at: [<ffffffff840283f0>]  
inet_rtm_getroute+0xaa0/0x2d70 net/ipv4/route.c:2738

stack backtrace:
CPU: 0 PID: 23859 Comm: syz-executor2 Not tainted 4.14.0-rc5+ #140
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:16 [inline]
  dump_stack+0x194/0x257 lib/dump_stack.c:52
  lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4665
  __in_dev_get_rtnl include/linux/inetdevice.h:230 [inline]
  fib_dump_info+0x1136/0x13d0 net/ipv4/fib_semantics.c:1377
  inet_rtm_getroute+0xf97/0x2d70 net/ipv4/route.c:2785
  rtnetlink_rcv_msg+0x51c/0x1090 net/core/rtnetlink.c:4237
  netlink_rcv_skb+0x216/0x440 net/netlink/af_netlink.c:2409
  rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4261
  netlink_unicast_kernel net/netlink/af_netlink.c:1273 [inline]
  netlink_unicast+0x4e8/0x6f0 net/netlink/af_netlink.c:1299
  netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1862
  sock_sendmsg_nosec net/socket.c:633 [inline]
  sock_sendmsg+0xca/0x110 net/socket.c:643
  sock_write_iter+0x31a/0x5d0 net/socket.c:912
  call_write_iter include/linux/fs.h:1770 [inline]
  new_sync_write fs/read_write.c:468 [inline]
  __vfs_write+0x684/0x970 fs/read_write.c:481
  vfs_write+0x189/0x510 fs/read_write.c:543
  SYSC_write fs/read_write.c:588 [inline]
  SyS_write+0xef/0x220 fs/read_write.c:580
  entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x452719
RSP: 002b:00007fd087b03be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452719
RDX: 0000000000000024 RSI: 0000000020226000 RDI: 0000000000000014
RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000
R13: 0000000000a6f7ff R14: 00007fd087b049c0 R15: 0000000000000000
netlink: 9 bytes leftover after parsing attributes in process  
`syz-executor5'.
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
A link change request failed with some changes committed already. Interface  
lo may have been left with an inconsistent configuration, please check.
netlink: 9 bytes leftover after parsing attributes in process  
`syz-executor5'.
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
A link change request failed with some changes committed already. Interface  
lo may have been left with an inconsistent configuration, please check.
sock: process `syz-executor6' is using obsolete getsockopt SO_BSDCOMPAT
sctp: [Deprecated]: syz-executor7 (pid 23959) Use of int in maxseg socket  
option.
Use struct sctp_assoc_value instead
sctp: [Deprecated]: syz-executor7 (pid 23981) Use of int in maxseg socket  
option.
Use struct sctp_assoc_value instead
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17152  
sclass=netlink_route_socket pig=24024 comm=syz-executor4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17152  
sclass=netlink_route_socket pig=24045 comm=syz-executor4
netlink: 5 bytes leftover after parsing attributes in process  
`syz-executor6'.
IPv6: Can't replace route, no match found
netlink: 5 bytes leftover after parsing attributes in process  
`syz-executor6'.
IPv6: Can't replace route, no match found
netlink: 3 bytes leftover after parsing attributes in process  
`syz-executor0'.
audit: type=1326 audit(1508524929.334:2097): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24082 comm="" exe="/root/syz-executor0"  
sig=0 arch=c000003e syscall=202 compat=0 ip=0x452719 code=0x7ffc0000
audit: type=1326 audit(1508524929.335:2098): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24082 comm="" exe="/root/syz-executor0"  
sig=0 arch=c000003e syscall=202 compat=0 ip=0x452719 code=0x7ffc0000
audit: type=1326 audit(1508524929.336:2099): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24082 comm="" exe="/root/syz-executor0"  
sig=0 arch=c000003e syscall=16 compat=0 ip=0x452719 code=0x7ffc0000
audit: type=1326 audit(1508524929.336:2100): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24082 comm="" exe="/root/syz-executor0"  
sig=0 arch=c000003e syscall=202 compat=0 ip=0x452719 code=0x7ffc0000
audit: type=1326 audit(1508524929.337:2101): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24082 comm="" exe="/root/syz-executor0"  
sig=0 arch=c000003e syscall=202 compat=0 ip=0x452719 code=0x7ffc0000
audit: type=1326 audit(1508524929.338:2102): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24082 comm="" exe="/root/syz-executor0"  
sig=0 arch=c000003e syscall=72 compat=0 ip=0x452719 code=0x7ffc0000
audit: type=1326 audit(1508524929.338:2103): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24082 comm="" exe="/root/syz-executor0"  
sig=0 arch=c000003e syscall=202 compat=0 ip=0x452719 code=0x7ffc0000
audit: type=1326 audit(1508524929.341:2104): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24082 comm="" exe="/root/syz-executor0"  
sig=0 arch=c000003e syscall=54 compat=0 ip=0x452719 code=0x7ffc0000
netlink: 1 bytes leftover after parsing attributes in process  
`syz-executor7'.
netlink: 3 bytes leftover after parsing attributes in process  
`syz-executor0'.
syz-executor0: vmalloc: allocation failure: 17179607040 bytes,  
mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
syz-executor0 cpuset=/ mems_allowed=0
CPU: 0 PID: 24175 Comm: syz-executor0 Not tainted 4.14.0-rc5+ #140
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:16 [inline]
  dump_stack+0x194/0x257 lib/dump_stack.c:52
  warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254
  __vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775
  __vmalloc_node mm/vmalloc.c:1804 [inline]
  __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826
  kvmalloc_node+0x82/0xd0 mm/util.c:406
  kvmalloc include/linux/mm.h:529 [inline]
  kvmalloc_array include/linux/mm.h:545 [inline]
  xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774
  translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:686
  do_replace net/ipv4/netfilter/ip_tables.c:1130 [inline]
  do_ipt_set_ctl+0x345/0x5c0 net/ipv4/netfilter/ip_tables.c:1664
  nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
  nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114
  ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1255
  udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2412
  sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2965
  SYSC_setsockopt net/socket.c:1852 [inline]
  SyS_setsockopt+0x189/0x360 net/socket.c:1831
  entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x452719
RSP: 002b:00007f8907d9cbe8 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452719
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000015
RBP: 0000000000000082 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000020000000 R11: 0000000000000212 R12: 00000000006ee730
R13: 00000000ffffffff R14: 00007f8907d9d6d4 R15: 0000000000000000
warn_alloc_show_mem: 1 callbacks suppressed
Mem-Info:
active_anon:126152 inactive_anon:43 isolated_anon:0
  active_file:3901 inactive_file:7229 isolated_file:0
  unevictable:2 dirty:129 writeback:0 unstable:0
  slab_reclaimable:9955 slab_unreclaimable:97370
  mapped:22873 shmem:94 pagetables:881 bounce:0
  free:1362539 free_pcp:332 free_cma:0
syz-executor0: vmalloc: allocation failure: 17179607040 bytes,  
mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
syz-executor0 cpuset=/ mems_allowed=0
CPU: 1 PID: 24195 Comm: syz-executor0 Not tainted 4.14.0-rc5+ #140
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:16 [inline]
  dump_stack+0x194/0x257 lib/dump_stack.c:52
  warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254
  __vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775
  __vmalloc_node mm/vmalloc.c:1804 [inline]
  __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826
  kvmalloc_node+0x82/0xd0 mm/util.c:406
  kvmalloc include/linux/mm.h:529 [inline]
  kvmalloc_array include/linux/mm.h:545 [inline]
  xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774
  translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:686
  do_replace net/ipv4/netfilter/ip_tables.c:1130 [inline]
  do_ipt_set_ctl+0x345/0x5c0 net/ipv4/netfilter/ip_tables.c:1664
  nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
  nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114
  ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1255
  udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2412
  sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2965
  SYSC_setsockopt net/socket.c:1852 [inline]
  SyS_setsockopt+0x189/0x360 net/socket.c:1831
  entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x452719
RSP: 002b:00007f8907d5abe8 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000758190 RCX: 0000000000452719
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000019
RBP: 0000000000000082 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000020000000 R11: 0000000000000212 R12: 0000000000000000
R13: 0000000000a6f7ff R14: 00007f8907d5b9c0 R15: 0000000000000001
Node 0 active_anon:485692kB inactive_anon:172kB active_file:15604kB  
inactive_file:28932kB unevictable:8kB isolated(anon):0kB isolated(file):0kB  
mapped:91492kB dirty:616kB writeback:0kB shmem:376kB shmem_thp: 0kB  
shmem_pmdmapped: 0kB anon_thp: 57344kB writeback_tmp:0kB unstable:0kB  
all_unreclaimable? no
Node 0 DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB  
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB  
writepending:0kB present:15992kB managed:15908kB mlocked:0kB  
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB  
free_cma:0kB
lowmem_reserve[]: 0 2886 6399 6399
Node 0 DMA32 free:2957628kB min:30408kB low:38008kB high:45608kB  
active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB  
unevictable:0kB writepending:0kB present:3129332kB managed:2958344kB  
mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:716kB  
local_pcp:660kB free_cma:0kB
lowmem_reserve[]: 0 0 3513 3513
Node 0 Normal free:2495284kB min:37008kB low:46260kB high:55512kB  
active_anon:485692kB inactive_anon:172kB active_file:15604kB  
inactive_file:28932kB unevictable:8kB writepending:616kB present:4718592kB  
managed:3597452kB mlocked:0kB kernel_stack:3968kB pagetables:3304kB  
bounce:0kB free_pcp:956kB local_pcp:324kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U)  
1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 3*4kB (UM) 2*8kB (UM) 4*16kB (UM) 1*32kB (U) 3*64kB (UM)  
2*128kB (M) 3*256kB (UM) 4*512kB (UM) 3*1024kB (UM) 3*2048kB (UM)  
719*4096kB (M) = 2957628kB
Node 0 Normal: 309*4kB (UME) 398*8kB (UME) 1325*16kB (UME) 1264*32kB (UME)  
1336*64kB (UME) 340*128kB (UME) 89*256kB (UM) 50*512kB (UME) 29*1024kB  
(UME) 11*2048kB (UME) 537*4096kB (UM) = 2495252kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0  
hugepages_size=2048kB
11227 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
323053 pages reserved
netlink: 3 bytes leftover after parsing attributes in process  
`syz-executor0'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0  
sclass=netlink_route_socket pig=24260 comm=syz-executor3
QAT: Invalid ioctl
QAT: Invalid ioctl
device syz7 entered promiscuous mode
device syz7 left promiscuous mode
device syz7 entered promiscuous mode
dccp_invalid_packet: pskb_may_pull failed
dccp_invalid_packet: P.Data Offset(0) too small
dccp_invalid_packet: pskb_may_pull failed
dccp_invalid_packet: P.Data Offset(0) too small
device lo left promiscuous mode
kauditd_printk_skb: 113 callbacks suppressed
audit: type=1326 audit(1508524932.912:2218): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24663 comm="syz-executor5"  
exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0  
ip=0x452719 code=0x7ffc0000
audit: type=1326 audit(1508524932.912:2219): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24663 comm="syz-executor5"  
exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0  
ip=0x452719 code=0x7ffc0000
audit: type=1326 audit(1508524932.912:2220): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24663 comm="syz-executor5"  
exe="/root/syz-executor5" sig=0 arch=c000003e syscall=117 compat=0  
ip=0x452719 code=0x7ffc0000
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0  
sclass=netlink_route_socket pig=24693 comm=syz-executor7
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
CPU: 1 PID: 24702 Comm: syz-executor2 Not tainted 4.14.0-rc5+ #140
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:16 [inline]
  dump_stack+0x194/0x257 lib/dump_stack.c:52
  fail_dump lib/fault-inject.c:51 [inline]
  should_fail+0x8c0/0xa40 lib/fault-inject.c:149
  should_failslab+0xec/0x120 mm/failslab.c:31
  slab_pre_alloc_hook mm/slab.h:422 [inline]
  slab_alloc_node mm/slab.c:3304 [inline]
  kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3649
  __alloc_skb+0xf1/0x740 net/core/skbuff.c:194
  alloc_skb include/linux/skbuff.h:976 [inline]
  netlink_alloc_large_skb net/netlink/af_netlink.c:1145 [inline]
  netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1837
  sock_sendmsg_nosec net/socket.c:633 [inline]
  sock_sendmsg+0xca/0x110 net/socket.c:643
  sock_write_iter+0x31a/0x5d0 net/socket.c:912
  call_write_iter include/linux/fs.h:1770 [inline]
  new_sync_write fs/read_write.c:468 [inline]
  __vfs_write+0x684/0x970 fs/read_write.c:481
  vfs_write+0x189/0x510 fs/read_write.c:543
  SYSC_write fs/read_write.c:588 [inline]
  SyS_write+0xef/0x220 fs/read_write.c:580
  entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x452719
RSP: 002b:00007fd087b03be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452719
RDX: 0000000000000024 RSI: 0000000020226000 RDI: 0000000000000013
RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f7880
R13: 0000000000000014 R14: 0000000000758080 R15: ffffffffffffffff
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 24719 Comm: syz-executor2 Not tainted 4.14.0-rc5+ #140
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:16 [inline]
  dump_stack+0x194/0x257 lib/dump_stack.c:52
  fail_dump lib/fault-inject.c:51 [inline]
  should_fail+0x8c0/0xa40 lib/fault-inject.c:149
  should_failslab+0xec/0x120 mm/failslab.c:31
  slab_pre_alloc_hook mm/slab.h:422 [inline]
  slab_alloc_node mm/slab.c:3304 [inline]
  kmem_cache_alloc_node_trace+0x5a/0x750 mm/slab.c:3668
  __do_kmalloc_node mm/slab.c:3688 [inline]
  __kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3703
  __kmalloc_reserve.isra.40+0x41/0xd0 net/core/skbuff.c:138
  __alloc_skb+0x13b/0x740 net/core/skbuff.c:206
  alloc_skb include/linux/skbuff.h:976 [inline]
  netlink_alloc_large_skb net/netlink/af_netlink.c:1145 [inline]
  netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1837
  sock_sendmsg_nosec net/socket.c:633 [inline]
  sock_sendmsg+0xca/0x110 net/socket.c:643
  sock_write_iter+0x31a/0x5d0 net/socket.c:912
  call_write_iter include/linux/fs.h:1770 [inline]
  new_sync_write fs/read_write.c:468 [inline]
  __vfs_write+0x684/0x970 fs/read_write.c:481
  vfs_write+0x189/0x510 fs/read_write.c:543
  SYSC_write fs/read_write.c:588 [inline]
  SyS_write+0xef/0x220 fs/read_write.c:580
  entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x452719
RSP: 002b:00007fd087b03be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452719
RDX: 0000000000000024 RSI: 0000000020226000 RDI: 0000000000000013
RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b7420
R13: 00007fd087b03b58 R14: 00000000004b7430 R15: 0000000000000000
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0  
sclass=netlink_route_socket pig=24724 comm=syz-executor6
audit: type=1326 audit(1508524932.912:2221): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24663 comm="syz-executor5"  
exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0  
ip=0x452719 code=0x7ffc0000
audit: type=1326 audit(1508524932.912:2222): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24663 comm="syz-executor5"  
exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0  
ip=0x452719 code=0x7ffc0000
audit: type=1326 audit(1508524932.913:2223): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24663 comm="syz-executor5"  
exe="/root/syz-executor5" sig=0 arch=c000003e syscall=2 compat=0  
ip=0x40ca51 code=0x7ffc0000
audit: type=1326 audit(1508524932.913:2224): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24663 comm="syz-executor5"  
exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0  
ip=0x452719 code=0x7ffc0000
audit: type=1326 audit(1508524932.915:2225): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24663 comm="syz-executor5"  
exe="/root/syz-executor5" sig=0 arch=c000003e syscall=16 compat=0  
ip=0x452719 code=0x7ffc0000
audit: type=1326 audit(1508524932.915:2226): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24663 comm="syz-executor5"  
exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0  
ip=0x452719 code=0x7ffc0000
audit: type=1326 audit(1508524932.915:2227): auid=4294967295 uid=0 gid=0  
ses=4294967295 subj=kernel pid=24663 comm="syz-executor5"  
exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0  
ip=0x452719 code=0x7ffc0000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 24741 Comm: syz-executor2 Not tainted 4.14.0-rc5+ #140
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:16 [inline]
  dump_stack+0x194/0x257 lib/dump_stack.c:52
  fail_dump lib/fault-inject.c:51 [inline]
  should_fail+0x8c0/0xa40 lib/fault-inject.c:149
  should_failslab+0xec/0x120 mm/failslab.c:31
  slab_pre_alloc_hook mm/slab.h:422 [inline]
  slab_alloc_node mm/slab.c:3304 [inline]
  kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3649
  __alloc_skb+0xf1/0x740 net/core/skbuff.c:194
  alloc_skb include/linux/skbuff.h:976 [inline]
  inet_rtm_getroute+0x2a4/0x2d70 net/ipv4/route.c:2702
  rtnetlink_rcv_msg+0x51c/0x1090 net/core/rtnetlink.c:4237
  netlink_rcv_skb+0x216/0x440 net/netlink/af_netlink.c:2409
  rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4261
  netlink_unicast_kernel net/netlink/af_netlink.c:1273 [inline]
  netlink_unicast+0x4e8/0x6f0 net/netlink/af_netlink.c:1299
  netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1862
  sock_sendmsg_nosec net/socket.c:633 [inline]
  sock_sendmsg+0xca/0x110 net/socket.c:643
  sock_write_iter+0x31a/0x5d0 net/socket.c:912
  call_write_iter include/linux/fs.h:1770 [inline]
  new_sync_write fs/read_write.c:468 [inline]
  __vfs_write+0x684/0x970 fs/read_write.c:481
  vfs_write+0x189/0x510 fs/read_write.c:543
  SYSC_write fs/read_write.c:588 [inline]
  SyS_write+0xef/0x220 fs/read_write.c:580
  entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x452719
RSP: 002b:00007fd087b03be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452719
RDX: 0000000000000024 RSI: 0000000020226000 RDI: 0000000000000013
RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b7420
R13: 00007fd087b03b58 R14: 00000000004b7430 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 24751 Comm: syz-executor2 Not tainted 4.14.0-rc5+ #140
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:16 [inline]
  dump_stack+0x194/0x257 lib/dump_stack.c:52
  fail_dump lib/fault-inject.c:51 [inline]
  should_fail+0x8c0/0xa40 lib/fault-inject.c:149
  should_failslab+0xec/0x120 mm/failslab.c:31
  slab_pre_alloc_hook mm/slab.h:422 [inline]
  slab_alloc_node mm/slab.c:3304 [inline]
  kmem_cache_alloc_node_trace+0x5a/0x750 mm/slab.c:3668
  __do_kmalloc_node mm/slab.c:3688 [inline]
  __kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3703
  __kmalloc_reserve.isra.40+0x41/0xd0 net/core/skbuff.c:138
  __alloc_skb+0x13b/0x740 net/core/skbuff.c:206
  alloc_skb include/linux/skbuff.h:976 [inline]
  inet_rtm_getroute+0x2a4/0x2d70 net/ipv4/route.c:2702
  rtnetlink_rcv_msg+0x51c/0x1090 net/core/rtnetlink.c:4237
  netlink_rcv_skb+0x216/0x440 net/netlink/af_netlink.c:2409
  rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4261
  netlink_unicast_kernel net/netlink/af_netlink.c:1273 [inline]
  netlink_unicast+0x4e8/0x6f0 net/netlink/af_netlink.c:1299
  netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1862
  sock_sendmsg_nosec net/socket.c:633 [inline]
  sock_sendmsg+0xca/0x110 net/socket.c:643
  sock_write_iter+0x31a/0x5d0 net/socket.c:912
  call_write_iter include/linux/fs.h:1770 [inline]
  new_sync_write fs/read_write.c:468 [inline]
  __vfs_write+0x684/0x970 fs/read_write.c:481
  vfs_write+0x189/0x510 fs/read_write.c:543
  SYSC_write fs/read_write.c:588 [inline]
  SyS_write+0xef/0x220 fs/read_write.c:580
  entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x452719
RSP: 002b:00007fd087b03be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452719
RDX: 0000000000000024 RSI: 0000000020226000 RDI: 0000000000000013
RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b7420
R13: 00007fd087b03b58 R14: 00000000004b7430 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 24773 Comm: syz-executor2 Not tainted 4.14.0-rc5+ #140
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:16 [inline]
  dump_stack+0x194/0x257 lib/dump_stack.c:52
  fail_dump lib/fault-inject.c:51 [inline]
  should_fail+0x8c0/0xa40 lib/fault-inject.c:149
  should_failslab+0xec/0x120 mm/failslab.c:31
  slab_pre_alloc_hook mm/slab.h:422 [inline]
  slab_alloc_node mm/slab.c:3304 [inline]
  kmem_cache_alloc_node_trace+0x5a/0x750 mm/slab.c:3668
  __do_kmalloc_node mm/slab.c:3688 [inline]
  __kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3703
  __kmalloc_reserve.isra.40+0x41/0xd0 net/core/skbuff.c:138
  pskb_expand_head+0x1fb/0x10b0 net/core/skbuff.c:1459
  netlink_trim+0x23a/0x300 net/netlink/af_netlink.c:1255
  netlink_unicast+0xb0/0x6f0 net/netlink/af_netlink.c:1289
  nlmsg_unicast include/net/netlink.h:607 [inline]
  rtnl_unicast+0x4c/0x70 net/core/rtnetlink.c:640
  inet_rtm_getroute+0x1f4a/0x2d70 net/ipv4/route.c:2798
  rtnetlink_rcv_msg+0x51c/0x1090 net/core/rtnetlink.c:4237
  netlink_rcv_skb+0x216/0x440 net/netlink/af_netlink.c:2409
  rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4261
  netlink_unicast_kernel net/netlink/af_netlink.c:1273 [inline]
  netlink_unicast+0x4e8/0x6f0 net/netlink/af_netlink.c:1299
  netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1862
  sock_sendmsg_nosec net/socket.c:633 [inline]
  sock_sendmsg+0xca/0x110 net/socket.c:643
  sock_write_iter+0x31a/0x5d0 net/socket.c:912
  call_write_iter include/linux/fs.h:1770 [inline]
  new_sync_write fs/read_write.c:468 [inline]
  __vfs_write+0x684/0x970 fs/read_write.c:481
  vfs_write+0x189/0x510 fs/read_write.c:543
  SYSC_write fs/read_write.c:588 [inline]
  SyS_write+0xef/0x220 fs/read_write.c:580
  entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x452719
RSP: 002b:00007fd087b03be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452719
RDX: 0000000000000024 RSI: 0000000020226000 RDI: 0000000000000013
RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b7420
R13: 00007fd087b03b58 R14: 00000000004b7430 R15: 0000000000000000
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0  
sclass=netlink_route_socket pig=24799 comm=syz-executor4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39134  
sclass=netlink_route_socket pig=24910 comm=syz-executor2
nla_parse: 3 callbacks suppressed
netlink: 3 bytes leftover after parsing attributes in process  
`syz-executor6'.
netlink: 3 bytes leftover after parsing attributes in process  
`syz-executor6'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39134  
sclass=netlink_route_socket pig=24922 comm=syz-executor2
netlink: 3 bytes leftover after parsing attributes in process  
`syz-executor6'.
device gre0 entered promiscuous mode
RDS: rds_bind could not find a transport for 172.20.7.170, load rds_tcp or  
rds_rdma?
RDS: rds_bind could not find a transport for 172.20.7.170, load rds_tcp or  
rds_rdma?
QAT: Invalid ioctl
QAT: Invalid ioctl
netlink: 5 bytes leftover after parsing attributes in process  
`syz-executor3'.
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=65535  
sclass=netlink_xfrm_socket pig=25113 comm=syz-executor3
netlink: 60 bytes leftover after parsing attributes in process  
`syz-executor3'.
netlink: 5 bytes leftover after parsing attributes in process  
`syz-executor3'.
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=65535  
sclass=netlink_xfrm_socket pig=25113 comm=syz-executor3
netlink: 60 bytes leftover after parsing attributes in process  
`syz-executor3'.
QAT: Invalid ioctl
device gre0 left promiscuous mode
QAT: Invalid ioctl
mmap: syz-executor7 (25194): VmData 18792448 exceed data ulimit 0. Update  
limits or use boot option ignore_rlimit_data.
print_req_error: I/O error, dev loop0, sector 0
Buffer I/O error on dev loop0, logical block 0, lost async page write
print_req_error: I/O error, dev loop0, sector 8
Buffer I/O error on dev loop0, logical block 1, lost async page write
print_req_error: I/O error, dev loop0, sector 16
Buffer I/O error on dev loop0, logical block 2, lost async page write
print_req_error: I/O error, dev loop0, sector 24
Buffer I/O error on dev loop0, logical block 3, lost async page write
print_req_error: I/O error, dev loop0, sector 32
Buffer I/O error on dev loop0, logical block 4, lost async page write
print_req_error: I/O error, dev loop0, sector 40
Buffer I/O error on dev loop0, logical block 5, lost async page write
print_req_error: I/O error, dev loop0, sector 48
Buffer I/O error on dev loop0, logical block 6, lost async page write
print_req_error: I/O error, dev loop0, sector 56
Buffer I/O error on dev loop0, logical block 7, lost async page write
print_req_error: I/O error, dev loop0, sector 64
Buffer I/O error on dev loop0, logical block 8, lost async page write
print_req_error: I/O error, dev loop0, sector 72
Buffer I/O error on dev loop0, logical block 9, lost async page write


---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzkaller@...glegroups.com.
Please credit me with: Reported-by: syzbot <syzkaller@...glegroups.com>

syzbot will keep track of this bug report.
Once a fix for this bug is committed, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug  
report.
Note: all commands must start from beginning of the line.

View attachment "config.txt" of type "text/plain" (124357 bytes)

Download attachment "raw.log" of type "application/octet-stream" (1048576 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ