PPPIOCDETACH file->f_count=2

======================================================
WARNING: possible circular locking dependency detected
4.15.0+ #293 Not tainted
------------------------------------------------------
syz-executor1/5592 is trying to acquire lock:
 (sk_lock-AF_INET6){+.+.}, at: [<00000000d7d38624>] lock_sock include/net/sock.h:1461 [inline]
 (sk_lock-AF_INET6){+.+.}, at: [<00000000d7d38624>] do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167

but task is already holding lock:
 (rtnl_mutex){+.+.}, at: [<00000000cff429f2>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (rtnl_mutex){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
       rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74
       register_netdevice_notifier+0xad/0x860 net/core/dev.c:1607
       tee_tg_check+0x1a0/0x280 net/netfilter/xt_TEE.c:106
       xt_check_target+0x22c/0x7d0 net/netfilter/x_tables.c:845
       check_target net/ipv6/netfilter/ip6_tables.c:533 [inline]
       find_check_entry.isra.7+0x935/0xcf0 net/ipv6/netfilter/ip6_tables.c:575
       translate_table+0xf52/0x1690 net/ipv6/netfilter/ip6_tables.c:744
       do_replace net/ipv6/netfilter/ip6_tables.c:1160 [inline]
       do_ip6t_set_ctl+0x370/0x5f0 net/ipv6/netfilter/ip6_tables.c:1686
       nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
       nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
       ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:928
       rawv6_setsockopt+0x4a/0xf0 net/ipv6/raw.c:1060
       sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
       SYSC_setsockopt net/socket.c:1849 [inline]
       SyS_setsockopt+0x189/0x360 net/socket.c:1828
       entry_SYSCALL_64_fastpath+0x29/0xa0

-> #0 (sk_lock-AF_INET6){+.+.}:
       lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920
       lock_sock_nested+0xc2/0x110 net/core/sock.c:2780
       lock_sock include/net/sock.h:1461 [inline]
       do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167
       ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922
       sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4104
       sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
       SYSC_setsockopt net/socket.c:1849 [inline]
       SyS_setsockopt+0x189/0x360 net/socket.c:1828
       entry_SYSCALL_64_fastpath+0x29/0xa0

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(rtnl_mutex);
                               lock(sk_lock-AF_INET6);
                               lock(rtnl_mutex);
  lock(sk_lock-AF_INET6);

 *** DEADLOCK ***

1 lock held by syz-executor1/5592:
 #0:  (rtnl_mutex){+.+.}, at: [<00000000cff429f2>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74

stack backtrace:
CPU: 0 PID: 5592 Comm: syz-executor1 Not tainted 4.15.0+ #293
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 print_circular_bug.isra.38+0x2cd/0x2dc kernel/locking/lockdep.c:1223
 check_prev_add kernel/locking/lockdep.c:1863 [inline]
 check_prevs_add kernel/locking/lockdep.c:1976 [inline]
 validate_chain kernel/locking/lockdep.c:2417 [inline]
 __lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3431
 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920
 lock_sock_nested+0xc2/0x110 net/core/sock.c:2780
 lock_sock include/net/sock.h:1461 [inline]
 do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167
 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922
 sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4104
 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
 SYSC_setsockopt net/socket.c:1849 [inline]
 SyS_setsockopt+0x189/0x360 net/socket.c:1828
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fdab3b22c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
RDX: 000000000000001b RSI: 0000000000000029 RDI: 0000000000000013
RBP: 00000000000005ca R08: 00000000000003d8 R09: 0000000000000000
R10: 000000002001b000 R11: 0000000000000212 R12: 00000000006f7b90
R13: 00000000ffffffff R14: 00007fdab3b236d4 R15: 0000000000000000
audit: type=1400 audit(1517619123.374:32): avc:  denied  { create } for  pid=5622 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1517619123.412:33): avc:  denied  { read } for  pid=5622 comm="syz-executor1" path="socket:[15565]" dev="sockfs" ino=15565 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
binder: 5703:5707 got reply transaction with bad transaction stack, transaction 7 has target 5703:0
binder: 5703:5707 transaction failed 29201/-71, size 40-16 line 2772
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5703:5707 ioctl 40046207 0 returned -16
binder_alloc: 5703: binder_alloc_buf, no vma
binder: 5703:5722 got reply transaction with no transaction stack
binder: 5703:5719 transaction failed 29189/-3, size 40-8 line 2957
binder: 5703:5722 transaction failed 29201/-71, size 40-16 line 2757
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29201
binder: release 5703:5707 transaction 7 out, still active
binder: unexpected work type, 4, not freed
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29201
binder: send failed reply for transaction 7, target dead
binder: 5725:5731 got reply transaction with bad transaction stack, transaction 14 has target 5725:0
device eql entered promiscuous mode
binder: 5725:5731 transaction failed 29201/-71, size 40-16 line 2772
binder: release 5725:5731 transaction 14 out, still active
binder: unexpected work type, 4, not freed
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29201
binder: send failed reply for transaction 14, target dead
tmpfs: No value for mount option '±'
tmpfs: No value for mount option '±'
QAT: Invalid ioctl
QAT: Invalid ioctl
tmpfs: No value for mount option '±'
ieee80211 phy2: Selected rate control algorithm 'minstrel_ht'
device eql entered promiscuous mode
tmpfs: No value for mount option '±'
ieee80211 phy3: Selected rate control algorithm 'minstrel_ht'
device eql entered promiscuous mode
binder: 5847 RLIMIT_NICE not set
sock: sock_set_timeout: `syz-executor7' (pid 5839) tries to set negative timeout
binder: BINDER_SET_CONTEXT_MGR already set
binder: 5844:5847 ioctl 40046207 0 returned -16
binder_alloc: 5844: binder_alloc_buf, no vma
binder: 5844:5855 transaction failed 29189/-3, size 0-0 line 2957
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_COMPLETE
sock: sock_set_timeout: `syz-executor7' (pid 5849) tries to set negative timeout
binder: 5873 RLIMIT_NICE not set
binder: undelivered TRANSACTION_COMPLETE
QAT: Invalid ioctl
binder: 5899 RLIMIT_NICE not set
QAT: Invalid ioctl
binder: undelivered TRANSACTION_COMPLETE
binder: 5922:5925 BC_INCREFS_DONE u0000000000000000 no match
binder: 5928 RLIMIT_NICE not set
binder: 5922:5925 ioctl c0206434 201d0fe0 returned -22
binder: 5922:5942 BC_INCREFS_DONE u0000000000000000 no match
binder: 5922:5942 ioctl c0206434 201d0fe0 returned -22
binder: undelivered TRANSACTION_COMPLETE
mmap: syz-executor6 (5946) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
binder: 5952 RLIMIT_NICE not set
binder: undelivered TRANSACTION_COMPLETE
capability: warning: `syz-executor0' uses 32-bit capabilities (legacy support in use)
binder: 5976 RLIMIT_NICE not set
binder: 5972:5983 BC_FREE_BUFFER u000000002000c000 no match
binder: 6019 RLIMIT_NICE not set
binder: 6024 RLIMIT_NICE not set
binder: 6014:6030 BC_FREE_BUFFER u000000002000c000 no match
binder: 6016:6036 BC_FREE_BUFFER u000000002000c000 no match
binder: 6043 RLIMIT_NICE not set
binder: 6039:6050 BC_FREE_BUFFER u000000002000c000 no match
binder: 6064 RLIMIT_NICE not set
capability: warning: `syz-executor0' uses deprecated v2 capabilities in a way that may be insecure
binder_alloc: 6061: binder_alloc_buf, no vma
binder: 6061:6078 transaction failed 29189/-3, size 0-0 line 2957
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6096 RLIMIT_NICE not set
binder_alloc: 6093: binder_alloc_buf, no vma
binder: 6093:6111 transaction failed 29189/-3, size 0-0 line 2957
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6125 RLIMIT_NICE not set
binder_alloc: 6120: binder_alloc_buf, no vma
binder: 6120:6134 transaction failed 29189/-3, size 0-0 line 2957
binder: 6120:6140 BC_FREE_BUFFER u0000000000000000 no match
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6174 RLIMIT_NICE not set
binder: 6174 RLIMIT_NICE not set
binder: release 6162:6174 transaction 40 in, still active
binder: send failed reply for transaction 40 to 6162:6183
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6207:6215 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: 6214:6219 ioctl c0306201 20018fd0 returned -14
binder: release 6207:6215 transaction 42 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 42, target dead
binder: 6237:6246 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: release 6237:6246 transaction 44 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 44, target dead
binder: 6258:6261 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: release 6258:6261 transaction 46 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 46, target dead
binder: 6292 RLIMIT_NICE not set
binder: 6292 RLIMIT_NICE not set
binder: release 6287:6292 transaction 48 in, still active
binder: send failed reply for transaction 48 to 6287:6297
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6307 RLIMIT_NICE not set
binder: 6303:6319 transaction failed 29189/-22, size 0-0 line 2842
kauditd_printk_skb: 47 callbacks suppressed
audit: type=1400 audit(1517619126.632:81): avc:  denied  { name_bind } for  pid=6308 comm="syz-executor7" src=20028 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1
binder_alloc: 6304: binder_alloc_buf, no vma
audit: type=1400 audit(1517619126.632:82): avc:  denied  { node_bind } for  pid=6308 comm="syz-executor7" saddr=fe80::7aa src=20028 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1
binder: 6304:6311 transaction failed 29189/-3, size 0-0 line 2957
audit: type=1400 audit(1517619126.635:83): avc:  denied  { name_connect } for  pid=6308 comm="syz-executor7" dest=20028 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1
binder: undelivered TRANSACTION_ERROR: 29189
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6304:6311 ioctl 40046207 0 returned -16
binder_alloc: 6304: binder_alloc_buf, no vma
binder: 6304:6328 transaction failed 29189/-3, size 0-0 line 2957
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6343 RLIMIT_NICE not set
netlink: 188 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 188 bytes leftover after parsing attributes in process `syz-executor5'.
binder: 6336:6350 transaction failed 29189/-22, size 0-0 line 2842
binder: undelivered TRANSACTION_ERROR: 29189
netlink: 188 bytes leftover after parsing attributes in process `syz-executor5'.
binder: 6375 RLIMIT_NICE not set
binder: 6371:6378 transaction failed 29189/-22, size 0-0 line 2842
binder: undelivered TRANSACTION_ERROR: 29189
netlink: 188 bytes leftover after parsing attributes in process `syz-executor5'.
binder: 6398 RLIMIT_NICE not set
binder: 6398 RLIMIT_NICE not set
binder: release 6391:6398 transaction 56 in, still active
binder: send failed reply for transaction 56 to 6391:6407
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
netlink: 188 bytes leftover after parsing attributes in process `syz-executor5'.
binder: 6434 RLIMIT_NICE not set
binder: 6434 RLIMIT_NICE not set
binder: release 6430:6434 transaction 58 in, still active
binder: send failed reply for transaction 58 to 6430:6443
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
netlink: 188 bytes leftover after parsing attributes in process `syz-executor5'.
audit: type=1400 audit(1517619127.182:84): avc:  denied  { accept } for  pid=6447 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
device syz7 entered promiscuous mode
netlink: 188 bytes leftover after parsing attributes in process `syz-executor5'.
binder: 6451:6466 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
device syz7 left promiscuous mode
binder: release 6451:6466 transaction 60 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 60, target dead
netlink: 188 bytes leftover after parsing attributes in process `syz-executor5'.
binder: 6486:6507 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: release 6486:6507 transaction 62 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 62, target dead
netlink: 188 bytes leftover after parsing attributes in process `syz-executor5'.
binder: 6517:6535 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
netlink: 188 bytes leftover after parsing attributes in process `syz-executor5'.
binder: release 6517:6535 transaction 64 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 64, target dead
audit: type=1400 audit(1517619127.599:85): avc:  denied  { getopt } for  pid=6564 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=socket permissive=1
audit: type=1400 audit(1517619127.625:86): avc:  denied  { setopt } for  pid=6564 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=socket permissive=1
binder: 6596 RLIMIT_NICE not set
binder: 6596 RLIMIT_NICE not set
binder: 6595:6598 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: release 6595:6596 transaction 66 in, still active
binder: send failed reply for transaction 66 to 6595:6598
binder: undelivered TRANSACTION_COMPLETE
binder: 6603 RLIMIT_NICE not set
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6603 RLIMIT_NICE not set
binder: 6602:6616 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: release 6602:6603 transaction 68 in, still active
binder: send failed reply for transaction 68 to 6602:6616
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6640 RLIMIT_NICE not set
binder: 6640 RLIMIT_NICE not set
binder: release 6631:6640 transaction 70 in, still active
binder: send failed reply for transaction 70 to 6631:6645
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6663 RLIMIT_NICE not set
binder: 6663 RLIMIT_NICE not set
binder: 6661:6671 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: release 6661:6663 transaction 72 in, still active
binder: send failed reply for transaction 72 to 6661:6671
binder: undelivered TRANSACTION_COMPLETE
binder: 6681 RLIMIT_NICE not set
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6678:6690 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: 6681 RLIMIT_NICE not set
binder: release 6678:6681 transaction 74 in, still active
binder: send failed reply for transaction 74 to 6678:6690
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6708 RLIMIT_NICE not set
binder: 6708 RLIMIT_NICE not set
binder: release 6705:6708 transaction 76 in, still active
binder: send failed reply for transaction 76 to 6705:6719
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
dccp_close: ABORT with 8201 bytes unread
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
CPU: 1 PID: 6762 Comm: syz-executor1 Not tainted 4.15.0+ #293
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:418 [inline]
 slab_alloc mm/slab.c:3364 [inline]
 __do_kmalloc mm/slab.c:3702 [inline]
 __kmalloc_track_caller+0x5f/0x760 mm/slab.c:3719
 memdup_user+0x2c/0x90 mm/util.c:160
 strndup_user+0x62/0xb0 mm/util.c:217
 copy_mount_string fs/namespace.c:2746 [inline]
 SYSC_mount fs/namespace.c:3043 [inline]
 SyS_mount+0x3c/0x120 fs/namespace.c:3035
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fdab3b22c58 EFLAGS: 00000212 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fdab3b22aa0 RCX: 0000000000453299
RDX: 0000000020bd2ffc RSI: 0000000020343ff8 RDI: 0000000020144000
RBP: 00007fdab3b22a90 R08: 000000002000a000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007fdab3b22bc8 R14: 00000000004b8096 R15: 0000000000000000
binder: 6841 RLIMIT_NICE not set
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 6851 Comm: syz-executor6 Not tainted 4.15.0+ #293
binder: 6839:6855 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:418 [inline]
 slab_alloc mm/slab.c:3364 [inline]
 __do_kmalloc mm/slab.c:3702 [inline]
 __kmalloc_track_caller+0x5f/0x760 mm/slab.c:3719
 memdup_user+0x2c/0x90 mm/util.c:160
 strndup_user+0x62/0xb0 mm/util.c:217
 copy_mount_string fs/namespace.c:2746 [inline]
 SYSC_mount fs/namespace.c:3043 [inline]
 SyS_mount+0x3c/0x120 fs/namespace.c:3035
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fac3243dc58 EFLAGS: 00000212 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fac3243daa0 RCX: 0000000000453299
RDX: 0000000020bd2ffc RSI: 0000000020343ff8 RDI: 0000000020144000
RBP: 00007fac3243da90 R08: 000000002000a000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007fac3243dbc8 R14: 00000000004b8096 R15: 0000000000000000
binder: 6841 RLIMIT_NICE not set
binder: release 6839:6841 transaction 78 in, still active
binder: send failed reply for transaction 78 to 6839:6855
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6873 RLIMIT_NICE not set
binder: 6873 RLIMIT_NICE not set
binder: 6869:6874 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: release 6869:6873 transaction 80 in, still active
binder: send failed reply for transaction 80 to 6869:6874
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6883 RLIMIT_NICE not set
binder: 6883 RLIMIT_NICE not set
binder: release 6880:6883 transaction 82 in, still active
binder: send failed reply for transaction 82 to 6880:6894
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6926 RLIMIT_NICE not set
binder: 6918:6933 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: 6926 RLIMIT_NICE not set
binder: release 6918:6926 transaction 84 in, still active
binder: send failed reply for transaction 84 to 6918:6933
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
binder: 6966 RLIMIT_NICE not set
binder: 6963:6975 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: 6966 RLIMIT_NICE not set
binder: release 6963:6966 transaction 86 in, still active
binder: send failed reply for transaction 86 to 6963:6975
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
binder: 7005 RLIMIT_NICE not set
binder: 7005 RLIMIT_NICE not set
binder: release 7001:7005 transaction 88 in, still active
binder: send failed reply for transaction 88 to 7001:7017
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
binder: 7029:7046 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: release 7029:7046 transaction 90 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 90, target dead
binder: 7052:7068 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 7074 Comm: syz-executor7 Not tainted 4.15.0+ #293
binder: release 7052:7068 transaction 92 out, still active
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
binder: undelivered TRANSACTION_COMPLETE
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
binder: send failed reply for transaction 92, target dead
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:418 [inline]
 slab_alloc mm/slab.c:3364 [inline]
 __do_kmalloc mm/slab.c:3702 [inline]
 __kmalloc_track_caller+0x5f/0x760 mm/slab.c:3719
 memdup_user+0x2c/0x90 mm/util.c:160
 strndup_user+0x62/0xb0 mm/util.c:217
 copy_mount_string fs/namespace.c:2746 [inline]
 SYSC_mount fs/namespace.c:3043 [inline]
 SyS_mount+0x3c/0x120 fs/namespace.c:3035
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f055423fc58 EFLAGS: 00000212 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f055423faa0 RCX: 0000000000453299
RDX: 0000000020bd2ffc RSI: 0000000020343ff8 RDI: 0000000020144000
RBP: 00007f055423fa90 R08: 000000002000a000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007f055423fbc8 R14: 00000000004b8096 R15: 0000000000000000
binder: 7082:7093 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: release 7082:7093 transaction 94 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 94, target dead
binder: 7104:7119 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: release 7104:7119 transaction 96 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 96, target dead
binder: 7138:7153 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: release 7138:7153 transaction 98 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 98, target dead
binder: 7181:7199 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 7204 Comm: syz-executor2 Not tainted 4.15.0+ #293
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:418 [inline]
 slab_alloc_node mm/slab.c:3285 [inline]
 kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3628
 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:983 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1180 [inline]
 netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1872
 sock_sendmsg_nosec net/socket.c:630 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:640
 sock_write_iter+0x31a/0x5d0 net/socket.c:909
 call_write_iter include/linux/fs.h:1781 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:482
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f2ea2ce3c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f2ea2ce3aa0 RCX: 0000000000453299
RDX: 00000000000000fc RSI: 0000000020c7b000 RDI: 0000000000000013
RBP: 00007f2ea2ce3a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007f2ea2ce3bc8 R14: 00000000004b8096 R15: 0000000000000000
binder: release 7181:7199 transaction 100 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 100, target dead
binder: 7225 RLIMIT_NICE not set
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 7226 Comm: syz-executor2 Not tainted 4.15.0+ #293
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:418 [inline]
 slab_alloc_node mm/slab.c:3285 [inline]
 kmem_cache_alloc_node_trace+0x5a/0x750 mm/slab.c:3647
 __do_kmalloc_node mm/slab.c:3667 [inline]
 __kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3682
 __kmalloc_reserve.isra.39+0x41/0xd0 net/core/skbuff.c:137
 __alloc_skb+0x13b/0x780 net/core/skbuff.c:205
 alloc_skb include/linux/skbuff.h:983 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1180 [inline]
 netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1872
 sock_sendmsg_nosec net/socket.c:630 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:640
 sock_write_iter+0x31a/0x5d0 net/socket.c:909
 call_write_iter include/linux/fs.h:1781 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:482
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f2ea2ce3c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f2ea2ce3aa0 RCX: 0000000000453299
RDX: 00000000000000fc RSI: 0000000020c7b000 RDI: 0000000000000013
RBP: 00007f2ea2ce3a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007f2ea2ce3bc8 R14: 00000000004b8096 R15: 0000000000000000
binder: 7223:7231 transaction failed 29189/-22, size 0-0 line 2842
binder: undelivered TRANSACTION_ERROR: 29189
binder: 7244 RLIMIT_NICE not set
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 7243 Comm: syz-executor2 Not tainted 4.15.0+ #293
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
binder: 7237:7250 transaction failed 29189/-22, size 0-0 line 2842
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:418 [inline]
 slab_alloc_node mm/slab.c:3285 [inline]
 kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3628
 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:983 [inline]
 nlmsg_new include/net/netlink.h:511 [inline]
 netlink_ack+0x283/0xa10 net/netlink/af_netlink.c:2376
 netlink_rcv_skb+0x2b4/0x380 net/netlink/af_netlink.c:2448
 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4608
 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline]
 netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334
 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897
 sock_sendmsg_nosec net/socket.c:630 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:640
 sock_write_iter+0x31a/0x5d0 net/socket.c:909
 call_write_iter include/linux/fs.h:1781 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:482
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f2ea2ce3c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f2ea2ce3aa0 RCX: 0000000000453299
RDX: 00000000000000fc RSI: 0000000020c7b000 RDI: 0000000000000013
RBP: 00007f2ea2ce3a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007f2ea2ce3bc8 R14: 00000000004b8096 R15: 0000000000000000
binder: 7237:7252 BC_FREE_BUFFER u000000002000c000 no match
binder: undelivered TRANSACTION_ERROR: 29189
binder: 7281 RLIMIT_NICE not set
binder: 7267:7290 transaction failed 29189/-22, size 0-0 line 2842
binder: undelivered TRANSACTION_ERROR: 29189
binder: 7307:7315 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
binder: release 7307:7315 transaction 105 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 105, target dead
binder: 7322:7327 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 7328 Comm: syz-executor3 Not tainted 4.15.0+ #293
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
binder: release 7322:7327 transaction 107 out, still active
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 107, target dead
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:418 [inline]
 slab_alloc_node mm/slab.c:3285 [inline]
 kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3628
 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:983 [inline]
 pfkey_sendmsg+0x20f/0xa00 net/key/af_key.c:3645
 sock_sendmsg_nosec net/socket.c:630 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:640
 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2046
 __sys_sendmsg+0xe5/0x210 net/socket.c:2080
 SYSC_sendmsg net/socket.c:2091 [inline]
 SyS_sendmsg+0x2d/0x50 net/socket.c:2087
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f1df385dc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f1df385daa0 RCX: 0000000000453299
RDX: 0000000000000000 RSI: 0000000020259fc8 RDI: 0000000000000013
RBP: 00007f1df385da90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096
R13: 00007f1df385dbc8 R14: 00000000004b8096 R15: 0000000000000000
nla_parse: 10 callbacks suppressed
netlink: 188 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 188 bytes leftover after parsing attributes in process `syz-executor2'.
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 7358 Comm: syz-executor3 Not tainted 4.15.0+ #293
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:418 [inline]
 slab_alloc_node mm/slab.c:3285 [inline]
 kmem_cache_alloc_node_trace+0x5a/0x750 mm/slab.c:3647
 __do_kmalloc_node mm/slab.c:3667 [inline]
 __kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3682
 __kmalloc_reserve.isra.39+0x41/0xd0 net/core/skbuff.c:137
 __alloc_skb+0x13b/0x780 net/core/skbuff.c:205
 alloc_skb include/linux/skbuff.h:983 [inline]
 pfkey_sendmsg+0x20f/0xa00 net/key/af_key.c:3645
 sock_sendmsg_nosec net/socket.c:630 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:640
 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2046
 __sys_sendmsg+0xe5/0x210 net/socket.c:2080
 SYSC_sendmsg net/socket.c:2091 [inline]
 SyS_sendmsg+0x2d/0x50 net/socket.c:2087
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007f1df385dc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f1df385daa0 RCX: 0000000000453299
RDX: 0000000000000000 RSI: 0000000020259fc8 RDI: 0000000000000013
RBP: 00007f1df385da90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096