================================ WARNING: inconsistent lock state 4.15.0-rc9+ #283 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. syz-executor1/3725 [HC0[0]:SC1[1]:HE1:SE0] takes: (&(&est->lock)->rlock){+.?.}, at: [<0000000031cf5b72>] spin_lock include/linux/spinlock.h:310 [inline] (&(&est->lock)->rlock){+.?.}, at: [<0000000031cf5b72>] est_fetch_counters+0x4f/0x150 net/core/gen_estimator.c:70 {SOFTIRQ-ON-W} state was registered at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:310 [inline] est_fetch_counters+0x4f/0x150 net/core/gen_estimator.c:70 gen_new_estimator+0x317/0x770 net/core/gen_estimator.c:162 xt_rateest_tg_checkentry+0x487/0xaa0 net/netfilter/xt_RATEEST.c:135 xt_check_target+0x22c/0x7d0 net/netfilter/x_tables.c:845 check_target net/ipv6/netfilter/ip6_tables.c:538 [inline] find_check_entry.isra.7+0x935/0xcf0 net/ipv6/netfilter/ip6_tables.c:580 translate_table+0xf52/0x1690 net/ipv6/netfilter/ip6_tables.c:749 do_replace net/ipv6/netfilter/ip6_tables.c:1167 [inline] do_ip6t_set_ctl+0x370/0x5f0 net/ipv6/netfilter/ip6_tables.c:1693 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115 ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:928 udpv6_setsockopt+0x45/0x80 net/ipv6/udp.c:1452 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968 SYSC_setsockopt net/socket.c:1831 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1810 entry_SYSCALL_64_fastpath+0x29/0xa0 irq event stamp: 1488612 hardirqs last enabled at (1488612): [<000000004b60e6f4>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (1488612): [<000000004b60e6f4>] _raw_spin_unlock_irq+0x27/0x70 kernel/locking/spinlock.c:192 hardirqs last disabled at (1488611): [<00000000e095a7bb>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline] hardirqs last disabled at (1488611): [<00000000e095a7bb>] _raw_spin_lock_irq+0x3c/0x80 kernel/locking/spinlock.c:160 softirqs last enabled at (1488470): [<00000000a6d61060>] __do_softirq+0x7a0/0xb85 kernel/softirq.c:311 softirqs last disabled at (1488609): [<000000002c3b546b>] invoke_softirq kernel/softirq.c:365 [inline] softirqs last disabled at (1488609): [<000000002c3b546b>] irq_exit+0x1cc/0x200 kernel/softirq.c:405 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(&est->lock)->rlock); lock(&(&est->lock)->rlock); *** DEADLOCK *** 6 locks held by syz-executor1/3725: #0: (&dup_mmap_sem){.+.+}, at: [<00000000c3922acb>] dup_mmap kernel/fork.c:607 [inline] #0: (&dup_mmap_sem){.+.+}, at: [<00000000c3922acb>] dup_mm kernel/fork.c:1196 [inline] #0: (&dup_mmap_sem){.+.+}, at: [<00000000c3922acb>] copy_mm+0x3c6/0x131b kernel/fork.c:1250 #1: (&mm->mmap_sem){++++}, at: [<0000000003248134>] dup_mmap kernel/fork.c:608 [inline] #1: (&mm->mmap_sem){++++}, at: [<0000000003248134>] dup_mm kernel/fork.c:1196 [inline] #1: (&mm->mmap_sem){++++}, at: [<0000000003248134>] copy_mm+0x3e2/0x131b kernel/fork.c:1250 #2: (&mm->mmap_sem/1){+.+.}, at: [<00000000d78454d9>] dup_mmap kernel/fork.c:617 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [<00000000d78454d9>] dup_mm kernel/fork.c:1196 [inline] #2: (&mm->mmap_sem/1){+.+.}, at: [<00000000d78454d9>] copy_mm+0x43f/0x131b kernel/fork.c:1250 #3: (&(ptlock_ptr(page))->rlock#2){+.+.}, at: [<00000000e93546de>] spin_lock include/linux/spinlock.h:310 [inline] #3: (&(ptlock_ptr(page))->rlock#2){+.+.}, at: [<00000000e93546de>] copy_pte_range mm/memory.c:1073 [inline] #3: (&(ptlock_ptr(page))->rlock#2){+.+.}, at: [<00000000e93546de>] copy_pmd_range mm/memory.c:1149 [inline] #3: (&(ptlock_ptr(page))->rlock#2){+.+.}, at: [<00000000e93546de>] copy_pud_range mm/memory.c:1183 [inline] #3: (&(ptlock_ptr(page))->rlock#2){+.+.}, at: [<00000000e93546de>] copy_p4d_range mm/memory.c:1205 [inline] #3: (&(ptlock_ptr(page))->rlock#2){+.+.}, at: [<00000000e93546de>] copy_page_range+0xb98/0x27a0 mm/memory.c:1267 #4: (&(ptlock_ptr(page))->rlock#2/1){+.+.}, at: [<00000000794d4857>] copy_pte_range mm/memory.c:1078 [inline] #4: (&(ptlock_ptr(page))->rlock#2/1){+.+.}, at: [<00000000794d4857>] copy_pmd_range mm/memory.c:1149 [inline] #4: (&(ptlock_ptr(page))->rlock#2/1){+.+.}, at: [<00000000794d4857>] copy_pud_range mm/memory.c:1183 [inline] #4: (&(ptlock_ptr(page))->rlock#2/1){+.+.}, at: [<00000000794d4857>] copy_p4d_range mm/memory.c:1205 [inline] #4: (&(ptlock_ptr(page))->rlock#2/1){+.+.}, at: [<00000000794d4857>] copy_page_range+0xcdc/0x27a0 mm/memory.c:1267 #5: ((&est->timer)){+.-.}, at: [<0000000022add1d9>] lockdep_copy_map include/linux/lockdep.h:178 [inline] #5: ((&est->timer)){+.-.}, at: [<0000000022add1d9>] call_timer_fn+0x1c6/0x820 kernel/time/timer.c:1308 stack backtrace: CPU: 1 PID: 3725 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #283 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_usage_bug+0x377/0x38c kernel/locking/lockdep.c:2537 valid_state kernel/locking/lockdep.c:2550 [inline] mark_lock_irq kernel/locking/lockdep.c:2744 [inline] mark_lock+0xf61/0x1430 kernel/locking/lockdep.c:3142 mark_irqflags kernel/locking/lockdep.c:3020 [inline] __lock_acquire+0x173a/0x3e00 kernel/locking/lockdep.c:3383 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:310 [inline] est_fetch_counters+0x4f/0x150 net/core/gen_estimator.c:70 est_timer+0x97/0x7c0 net/core/gen_estimator.c:85 call_timer_fn+0x228/0x820 kernel/time/timer.c:1318 expire_timers kernel/time/timer.c:1355 [inline] __run_timers+0x7ee/0xb70 kernel/time/timer.c:1658 run_timer_softirq+0x4c/0x70 kernel/time/timer.c:1684 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:541 [inline] smp_apic_timer_interrupt+0x16b/0x700 arch/x86/kernel/apic/apic.c:1052 apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:937 RIP: 0010:__sanitizer_cov_trace_pc+0x1/0x50 kernel/kcov.c:94 RSP: 0018:ffff8801c5ee6c70 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff11 RAX: ffff8801c2a4a778 RBX: 80000001d9b71007 RCX: ffffffff819b8189 RDX: 0000000000000001 RSI: 00007f838dd3e000 RDI: ffff8801c40fb340 RBP: ffff8801c5ee71a0 R08: ffffea000766dc00 R09: 0000000000000004 R10: ffff8801c5ee6b38 R11: 0000000000000003 R12: 0000000000000008 R13: dffffc0000000000 R14: 00000000100400fb R15: ffff8801caf4a9f8 dup_mmap kernel/fork.c:715 [inline] dup_mm kernel/fork.c:1196 [inline] copy_mm+0xd68/0x131b kernel/fork.c:1250 copy_process.part.38+0x1ee9/0x4b20 kernel/fork.c:1752 copy_process kernel/fork.c:1565 [inline] _do_fork+0x1f7/0xfe0 kernel/fork.c:2044 SYSC_clone kernel/fork.c:2154 [inline] SyS_clone+0x37/0x50 kernel/fork.c:2148 do_syscall_64+0x273/0x920 arch/x86/entry/common.c:285 entry_SYSCALL64_slow_path+0x25/0x25 RIP: 0033:0x45198a RSP: 002b:0000000000a2f550 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 0000000000a2f550 RCX: 000000000045198a RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 0000000000a2f590 R08: 0000000000000001 R09: 0000000000af0940 R10: 0000000000af0c10 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000010 kauditd_printk_skb: 115 callbacks suppressed audit: type=1326 audit(1517132808.157:1022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=16516 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=247 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517132808.164:1023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=16516 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517132808.164:1024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=16516 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517132808.228:1025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=16530 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517132808.230:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=16530 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517132808.231:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=16530 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=257 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517132808.231:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=16530 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517132808.232:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=16530 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517132808.239:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=16530 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=16 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517132808.239:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=16530 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 dccp_close: ABORT with 4294967275 bytes unread dccp_close: ABORT with 4294967275 bytes unread sock: sock_set_timeout: `syz-executor4' (pid 16796) tries to set negative timeout FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 16949 Comm: syz-executor5 Not tainted 4.15.0-rc9+ #283 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 kmem_cache_zalloc include/linux/slab.h:678 [inline] ext4_init_io_end+0x8e/0x200 fs/ext4/page-io.c:253 ext4_writepages+0x1229/0x3c30 fs/ext4/inode.c:2822 do_writepages+0xff/0x170 mm/page-writeback.c:2340 __filemap_fdatawrite_range+0x32f/0x460 mm/filemap.c:445 file_write_and_wait_range+0x8a/0x100 mm/filemap.c:753 ext4_sync_file+0x4fb/0x1260 fs/ext4/fsync.c:128 vfs_fsync_range+0x110/0x260 fs/sync.c:196 SYSC_msync mm/msync.c:90 [inline] SyS_msync+0x2be/0x3c0 mm/msync.c:32 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007f3d1f559c58 EFLAGS: 00000212 ORIG_RAX: 000000000000001a RAX: ffffffffffffffda RBX: 00007f3d1f559aa0 RCX: 0000000000453299 RDX: 0000000000000004 RSI: 087abbe8d1cc6ad9 RDI: 0000000020952000 RBP: 00007f3d1f559a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096 R13: 00007f3d1f559bc8 R14: 00000000004b8096 R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 16984 Comm: syz-executor4 Not tainted 4.15.0-rc9+ #283 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 kmem_cache_zalloc include/linux/slab.h:678 [inline] ext4_init_io_end+0x8e/0x200 fs/ext4/page-io.c:253 ext4_writepages+0x1229/0x3c30 fs/ext4/inode.c:2822 do_writepages+0xff/0x170 mm/page-writeback.c:2340 __filemap_fdatawrite_range+0x32f/0x460 mm/filemap.c:445 file_write_and_wait_range+0x8a/0x100 mm/filemap.c:753 ext4_sync_file+0x4fb/0x1260 fs/ext4/fsync.c:128 vfs_fsync_range+0x110/0x260 fs/sync.c:196 SYSC_msync mm/msync.c:90 [inline] SyS_msync+0x2be/0x3c0 mm/msync.c:32 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007f418f8b3c58 EFLAGS: 00000212 ORIG_RAX: 000000000000001a RAX: ffffffffffffffda RBX: 00007f418f8b3aa0 RCX: 0000000000453299 RDX: 0000000000000004 RSI: 087abbe8d1cc6ad9 RDI: 0000000020952000 RBP: 00007f418f8b3a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096 R13: 00007f418f8b3bc8 R14: 00000000004b8096 R15: 0000000000000000 netlink: 'syz-executor5': attribute type 1 has an invalid length. netlink: 'syz-executor5': attribute type 1 has an invalid length. FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 17261 Comm: syz-executor3 Not tainted 4.15.0-rc9+ #283 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 audit_buffer_alloc kernel/audit.c:1625 [inline] audit_log_start+0x4cb/0xa10 kernel/audit.c:1743 __audit_seccomp+0x31/0x240 kernel/auditsc.c:2473 seccomp_log kernel/seccomp.c:592 [inline] __seccomp_filter+0xb53/0xe90 kernel/seccomp.c:726 __secure_computing+0xe6/0x400 kernel/seccomp.c:789 syscall_trace_enter+0x465/0x1100 arch/x86/entry/common.c:119 do_syscall_64+0x625/0x920 arch/x86/entry/common.c:277 entry_SYSCALL64_slow_path+0x25/0x25 RIP: 0033:0x453299 RSP: 002b:00007ff2a5c2dc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000042 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299 RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000491 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000020bfe000 R11: 0000000000000212 R12: 00000000006f5e38 R13: 0000000000000013 R14: 00007ff2a5c2e6d4 R15: ffffffffffffffff QAT: Invalid ioctl QAT: Invalid ioctl kauditd_printk_skb: 190 callbacks suppressed audit: type=1326 audit(1517132813.183:1220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17449 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 17458 Comm: syz-executor0 Not tainted 4.15.0-rc9+ #283 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 kmem_cache_zalloc include/linux/slab.h:678 [inline] ext4_init_io_end+0x8e/0x200 fs/ext4/page-io.c:253 ext4_writepages+0x1229/0x3c30 fs/ext4/inode.c:2822 do_writepages+0xff/0x170 mm/page-writeback.c:2340 __filemap_fdatawrite_range+0x32f/0x460 mm/filemap.c:445 file_write_and_wait_range+0x8a/0x100 mm/filemap.c:753 ext4_sync_file+0x4fb/0x1260 fs/ext4/fsync.c:128 vfs_fsync_range+0x110/0x260 fs/sync.c:196 SYSC_msync mm/msync.c:90 [inline] SyS_msync+0x2be/0x3c0 mm/msync.c:32 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007f978ef8ec58 EFLAGS: 00000212 ORIG_RAX: 000000000000001a RAX: ffffffffffffffda RBX: 00007f978ef8eaa0 RCX: 0000000000453299 RDX: 0000000000000004 RSI: 087abbe8d1cc6ad9 RDI: 0000000020952000 RBP: 00007f978ef8ea90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096 R13: 00007f978ef8ebc8 R14: 00000000004b8096 R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 17487 Comm: syz-executor0 Not tainted 4.15.0-rc9+ #283 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 mempool_alloc_slab+0x44/0x60 mm/mempool.c:450 mempool_alloc+0x16a/0x4b0 mm/mempool.c:330 bio_alloc_bioset+0x3cd/0x760 block/bio.c:486 bio_alloc include/linux/bio.h:405 [inline] io_submit_init_bio fs/ext4/page-io.c:374 [inline] io_submit_add_bh fs/ext4/page-io.c:399 [inline] ext4_bio_write_page+0x935/0x1200 fs/ext4/page-io.c:506 mpage_submit_page+0x138/0x230 fs/ext4/inode.c:2208 mpage_process_page_bufs+0x42b/0x500 fs/ext4/inode.c:2319 mpage_prepare_extent_to_map+0x8c5/0xf10 fs/ext4/inode.c:2681 ext4_writepages+0x1259/0x3c30 fs/ext4/inode.c:2827 do_writepages+0xff/0x170 mm/page-writeback.c:2340 __filemap_fdatawrite_range+0x32f/0x460 mm/filemap.c:445 file_write_and_wait_range+0x8a/0x100 mm/filemap.c:753 ext4_sync_file+0x4fb/0x1260 fs/ext4/fsync.c:128 vfs_fsync_range+0x110/0x260 fs/sync.c:196 SYSC_msync mm/msync.c:90 [inline] SyS_msync+0x2be/0x3c0 mm/msync.c:32 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007f978ef6dc58 EFLAGS: 00000212 ORIG_RAX: 000000000000001a RAX: ffffffffffffffda RBX: 00007f978ef6daa0 RCX: 0000000000453299 RDX: 0000000000000004 RSI: 087abbe8d1cc6ad9 RDI: 0000000020952000 RBP: 00007f978ef6da90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096 R13: 00007f978ef6dbc8 R14: 00000000004b8096 R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 17505 Comm: syz-executor0 Not tainted 4.15.0-rc9+ #283 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 mempool_alloc_slab+0x44/0x60 mm/mempool.c:450 mempool_alloc+0x16a/0x4b0 mm/mempool.c:330 bvec_alloc+0x150/0x2d0 block/bio.c:216 bio_alloc_bioset+0x49b/0x760 block/bio.c:506 bio_alloc include/linux/bio.h:405 [inline] io_submit_init_bio fs/ext4/page-io.c:374 [inline] io_submit_add_bh fs/ext4/page-io.c:399 [inline] ext4_bio_write_page+0x935/0x1200 fs/ext4/page-io.c:506 mpage_submit_page+0x138/0x230 fs/ext4/inode.c:2208 mpage_process_page_bufs+0x42b/0x500 fs/ext4/inode.c:2319 mpage_prepare_extent_to_map+0x8c5/0xf10 fs/ext4/inode.c:2681 ext4_writepages+0x1259/0x3c30 fs/ext4/inode.c:2827 do_writepages+0xff/0x170 mm/page-writeback.c:2340 __filemap_fdatawrite_range+0x32f/0x460 mm/filemap.c:445 file_write_and_wait_range+0x8a/0x100 mm/filemap.c:753 ext4_sync_file+0x4fb/0x1260 fs/ext4/fsync.c:128 vfs_fsync_range+0x110/0x260 fs/sync.c:196 SYSC_msync mm/msync.c:90 [inline] SyS_msync+0x2be/0x3c0 mm/msync.c:32 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007f978ef8ec58 EFLAGS: 00000212 ORIG_RAX: 000000000000001a RAX: ffffffffffffffda RBX: 00007f978ef8eaa0 RCX: 0000000000453299 RDX: 0000000000000004 RSI: 087abbe8d1cc6ad9 RDI: 0000000020952000 RBP: 00007f978ef8ea90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096 R13: 00007f978ef8ebc8 R14: 00000000004b8096 R15: 0000000000000000 audit: type=1326 audit(1517132813.221:1221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17449 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=66 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517132813.221:1222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17449 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517132813.221:1223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17449 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517132813.223:1224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17449 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=2 compat=0 ip=0x40d591 code=0x7ffc0000 audit: type=1326 audit(1517132813.223:1225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17449 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517132813.224:1226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17449 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517132813.224:1227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17449 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=81 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517132813.224:1228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17449 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517132813.225:1229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17449 comm="syz-executor3" exe="/root/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 FAULT_INJECTION: forcing a failure. name fail_page_alloc, interval 1, probability 0, space 0, times 1 CPU: 0 PID: 17534 Comm: syz-executor0 Not tainted 4.15.0-rc9+ #283 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_fail_alloc_page mm/page_alloc.c:2948 [inline] prepare_alloc_pages mm/page_alloc.c:4187 [inline] __alloc_pages_nodemask+0x338/0xd80 mm/page_alloc.c:4226 __alloc_pages include/linux/gfp.h:456 [inline] __alloc_pages_node include/linux/gfp.h:469 [inline] kmem_getpages mm/slab.c:1413 [inline] cache_grow_begin+0x72/0x3f0 mm/slab.c:2668 cache_alloc_refill mm/slab.c:3035 [inline] ____cache_alloc mm/slab.c:3117 [inline] __do_cache_alloc mm/slab.c:3339 [inline] slab_alloc mm/slab.c:3374 [inline] kmem_cache_alloc+0x400/0x760 mm/slab.c:3542 mempool_alloc_slab+0x44/0x60 mm/mempool.c:450 mempool_alloc+0x16a/0x4b0 mm/mempool.c:330 bvec_alloc+0x150/0x2d0 block/bio.c:216 bio_alloc_bioset+0x49b/0x760 block/bio.c:506 bio_alloc include/linux/bio.h:405 [inline] io_submit_init_bio fs/ext4/page-io.c:374 [inline] io_submit_add_bh fs/ext4/page-io.c:399 [inline] ext4_bio_write_page+0x935/0x1200 fs/ext4/page-io.c:506 mpage_submit_page+0x138/0x230 fs/ext4/inode.c:2208 mpage_process_page_bufs+0x42b/0x500 fs/ext4/inode.c:2319 mpage_prepare_extent_to_map+0x8c5/0xf10 fs/ext4/inode.c:2681 ext4_writepages+0x1259/0x3c30 fs/ext4/inode.c:2827 do_writepages+0xff/0x170 mm/page-writeback.c:2340 __filemap_fdatawrite_range+0x32f/0x460 mm/filemap.c:445 file_write_and_wait_range+0x8a/0x100 mm/filemap.c:753 ext4_sync_file+0x4fb/0x1260 fs/ext4/fsync.c:128 vfs_fsync_range+0x110/0x260 fs/sync.c:196 SYSC_msync mm/msync.c:90 [inline] SyS_msync+0x2be/0x3c0 mm/msync.c:32 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007f978ef8ec58 EFLAGS: 00000212 ORIG_RAX: 000000000000001a RAX: ffffffffffffffda RBX: 00007f978ef8eaa0 RCX: 0000000000453299 RDX: 0000000000000004 RSI: 087abbe8d1cc6ad9 RDI: 0000000020952000 RBP: 00007f978ef8ea90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096 R13: 00007f978ef8ebc8 R14: 00000000004b8096 R15: 0000000000000000 QAT: Invalid ioctl