================================ WARNING: inconsistent lock state 4.17.0-rc2+ #22 Not tainted -------------------------------- inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. syz-executor4/4505 [HC1[1]:SC0[0]:HE0:SE1] takes: (ptrval) (fs_reclaim){?.+.}, at: fs_reclaim_acquire.part.82+0x0/0x30 mm/page_alloc.c:463 {HARDIRQ-ON-W} state was registered at: lock_acquire+0x1dc/0x520 kernel/locking/lockdep.c:3920 fs_reclaim_acquire.part.82+0x24/0x30 mm/page_alloc.c:3739 fs_reclaim_acquire+0x14/0x20 mm/page_alloc.c:3740 slab_pre_alloc_hook mm/slab.h:418 [inline] slab_alloc_node mm/slab.c:3299 [inline] kmem_cache_alloc_node_trace+0x39/0x770 mm/slab.c:3661 kmalloc_node include/linux/slab.h:550 [inline] kzalloc_node include/linux/slab.h:712 [inline] alloc_worker+0xbd/0x2e0 kernel/workqueue.c:1704 init_rescuer.part.25+0x1f/0x190 kernel/workqueue.c:4000 init_rescuer kernel/workqueue.c:3997 [inline] workqueue_init+0x51f/0x7d0 kernel/workqueue.c:5732 kernel_init_freeable+0x2ad/0x58e init/main.c:1115 kernel_init+0x11/0x1b3 init/main.c:1053 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412 irq event stamp: 844914 hardirqs last enabled at (844913): [] slab_alloc_node mm/slab.c:3329 [inline] hardirqs last enabled at (844913): [] kmem_cache_alloc_node_trace+0x22f/0x770 mm/slab.c:3661 hardirqs last disabled at (844914): [] interrupt_entry+0xb5/0xf0 arch/x86/entry/entry_64.S:625 softirqs last enabled at (844810): [] tcp_close+0xaa4/0x12b0 net/ipv4/tcp.c:2452 softirqs last disabled at (844802): [] sock_orphan include/net/sock.h:1717 [inline] softirqs last disabled at (844802): [] tcp_close+0x6ed/0x12b0 net/ipv4/tcp.c:2387 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(fs_reclaim); lock(fs_reclaim); *** DEADLOCK *** 1 lock held by syz-executor4/4505: #0: (ptrval) (&xt[i].mutex){+.+.}, at: xt_find_table_lock+0x48/0x440 net/netfilter/x_tables.c:1210 stack backtrace: CPU: 0 PID: 4505 Comm: syz-executor4 Not tainted 4.17.0-rc2+ #22 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 print_usage_bug.cold.59+0x320/0x41a kernel/locking/lockdep.c:2542 valid_state kernel/locking/lockdep.c:2555 [inline] mark_lock_irq kernel/locking/lockdep.c:2749 [inline] mark_lock+0x1034/0x19e0 kernel/locking/lockdep.c:3147 mark_irqflags kernel/locking/lockdep.c:3022 [inline] __lock_acquire+0x1595/0x5140 kernel/locking/lockdep.c:3388 lock_acquire+0x1dc/0x520 kernel/locking/lockdep.c:3920 fs_reclaim_acquire.part.82+0x24/0x30 mm/page_alloc.c:3739 fs_reclaim_acquire+0x14/0x20 mm/page_alloc.c:3740 slab_pre_alloc_hook mm/slab.h:418 [inline] slab_alloc mm/slab.c:3378 [inline] __do_kmalloc mm/slab.c:3716 [inline] __kmalloc+0x45/0x760 mm/slab.c:3727 kmalloc_array include/linux/slab.h:631 [inline] kcalloc include/linux/slab.h:642 [inline] numa_crng_init drivers/char/random.c:798 [inline] crng_reseed+0x427/0x920 drivers/char/random.c:923 credit_entropy_bits+0x98d/0xa30 drivers/char/random.c:708 add_interrupt_randomness+0x494/0x860 drivers/char/random.c:1254 handle_irq_event_percpu+0xf9/0x1c0 kernel/irq/handle.c:191 handle_irq_event+0xa7/0x135 kernel/irq/handle.c:206 handle_edge_irq+0x20f/0x870 kernel/irq/chip.c:791 generic_handle_irq_desc include/linux/irqdesc.h:159 [inline] handle_irq+0x18c/0x2e7 arch/x86/kernel/irq_64.c:77 do_IRQ+0x78/0x190 arch/x86/kernel/irq.c:245 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:642 RIP: 0010:update_stack_state+0xb/0x670 arch/x86/kernel/unwind_frame.c:208 RSP: 0018:ffff8801a3617210 EFLAGS: 00000a06 ORIG_RAX: ffffffffffffffd9 RAX: dffffc0000000000 RBX: ffff8801a3617338 RCX: ffff8801a36172e8 RDX: dffffc0000000000 RSI: ffff8801a36173c0 RDI: ffff8801a3617338 RBP: ffff8801a3617310 R08: ffff8801a3617370 R09: ffff8801a360e2c0 R10: ffffed00346c2e71 R11: ffff8801a361738f R12: 1ffff100346c2e49 R13: ffff8801a36173c0 R14: 1ffff100346c2e4d R15: ffff8801a3617388 unwind_next_frame+0x3e/0x50 arch/x86/kernel/unwind_frame.c:287 __save_stack_trace+0x6e/0xd0 arch/x86/kernel/stacktrace.c:44 save_stack_trace+0x1a/0x20 arch/x86/kernel/stacktrace.c:60 save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc4/0xe0 mm/kasan/kasan.c:553 kmem_cache_alloc_node_trace+0x150/0x770 mm/slab.c:3663 kmalloc_node include/linux/slab.h:550 [inline] alloc_vmap_area+0x142/0xa50 mm/vmalloc.c:419 __get_vm_area_node+0x17e/0x390 mm/vmalloc.c:1409 __vmalloc_node_range+0xc4/0x750 mm/vmalloc.c:1754 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vzalloc+0x6f/0x80 mm/vmalloc.c:1857 alloc_counters.isra.11+0xaf/0x830 net/ipv6/netfilter/ip6_tables.c:818 copy_entries_to_user net/ipv6/netfilter/ip6_tables.c:840 [inline] get_entries net/ipv6/netfilter/ip6_tables.c:1043 [inline] do_ip6t_get_ctl+0x7e3/0xc30 net/ipv6/netfilter/ip6_tables.c:1711 nf_sockopt net/netfilter/nf_sockopt.c:104 [inline] nf_getsockopt+0x80/0xe0 net/netfilter/nf_sockopt.c:122 ipv6_getsockopt+0x1d9/0x300 net/ipv6/ipv6_sockglue.c:1370 tcp_getsockopt+0x93/0xe0 net/ipv4/tcp.c:3492 sock_common_getsockopt+0x9a/0xe0 net/core/sock.c:3001 __sys_getsockopt+0x1a5/0x370 net/socket.c:1940 __do_sys_getsockopt net/socket.c:1951 [inline] __se_sys_getsockopt net/socket.c:1948 [inline] __x64_sys_getsockopt+0xbe/0x150 net/socket.c:1948 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45846a RSP: 002b:0000000000a3e328 EFLAGS: 00000212 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 0000000000a3e350 RCX: 000000000045846a RDX: 0000000000000041 RSI: 0000000000000029 RDI: 0000000000000013 RBP: 00000000007011a0 R08: 0000000000a3e34c R09: 0000000000004000 R10: 0000000000a3e450 R11: 0000000000000212 R12: 0000000000000013 R13: 0000000000000000 R14: 0000000000000029 R15: 00000000006fefe0 BUG: sleeping function called from invalid context at mm/slab.h:421 in_atomic(): 1, irqs_disabled(): 1, pid: 4505, name: syz-executor4 INFO: lockdep is turned off. irq event stamp: 844914 hardirqs last enabled at (844913): [] slab_alloc_node mm/slab.c:3329 [inline] hardirqs last enabled at (844913): [] kmem_cache_alloc_node_trace+0x22f/0x770 mm/slab.c:3661 hardirqs last disabled at (844914): [] interrupt_entry+0xb5/0xf0 arch/x86/entry/entry_64.S:625 softirqs last enabled at (844810): [] tcp_close+0xaa4/0x12b0 net/ipv4/tcp.c:2452 softirqs last disabled at (844802): [] sock_orphan include/net/sock.h:1717 [inline] softirqs last disabled at (844802): [] tcp_close+0x6ed/0x12b0 net/ipv4/tcp.c:2387 CPU: 0 PID: 4505 Comm: syz-executor4 Not tainted 4.17.0-rc2+ #22 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 ___might_sleep.cold.87+0x11f/0x13a kernel/sched/core.c:6188 __might_sleep+0x95/0x190 kernel/sched/core.c:6141 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3378 [inline] __do_kmalloc mm/slab.c:3716 [inline] __kmalloc+0x2b9/0x760 mm/slab.c:3727 kmalloc_array include/linux/slab.h:631 [inline] kcalloc include/linux/slab.h:642 [inline] numa_crng_init drivers/char/random.c:798 [inline] crng_reseed+0x427/0x920 drivers/char/random.c:923 credit_entropy_bits+0x98d/0xa30 drivers/char/random.c:708 add_interrupt_randomness+0x494/0x860 drivers/char/random.c:1254 handle_irq_event_percpu+0xf9/0x1c0 kernel/irq/handle.c:191 handle_irq_event+0xa7/0x135 kernel/irq/handle.c:206 handle_edge_irq+0x20f/0x870 kernel/irq/chip.c:791 generic_handle_irq_desc include/linux/irqdesc.h:159 [inline] handle_irq+0x18c/0x2e7 arch/x86/kernel/irq_64.c:77 do_IRQ+0x78/0x190 arch/x86/kernel/irq.c:245 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:642 RIP: 0010:update_stack_state+0xb/0x670 arch/x86/kernel/unwind_frame.c:208 RSP: 0018:ffff8801a3617210 EFLAGS: 00000a06 ORIG_RAX: ffffffffffffffd9 RAX: dffffc0000000000 RBX: ffff8801a3617338 RCX: ffff8801a36172e8 RDX: dffffc0000000000 RSI: ffff8801a36173c0 RDI: ffff8801a3617338 RBP: ffff8801a3617310 R08: ffff8801a3617370 R09: ffff8801a360e2c0 R10: ffffed00346c2e71 R11: ffff8801a361738f R12: 1ffff100346c2e49 R13: ffff8801a36173c0 R14: 1ffff100346c2e4d R15: ffff8801a3617388 unwind_next_frame+0x3e/0x50 arch/x86/kernel/unwind_frame.c:287 __save_stack_trace+0x6e/0xd0 arch/x86/kernel/stacktrace.c:44 save_stack_trace+0x1a/0x20 arch/x86/kernel/stacktrace.c:60 save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc4/0xe0 mm/kasan/kasan.c:553 kmem_cache_alloc_node_trace+0x150/0x770 mm/slab.c:3663 kmalloc_node include/linux/slab.h:550 [inline] alloc_vmap_area+0x142/0xa50 mm/vmalloc.c:419 __get_vm_area_node+0x17e/0x390 mm/vmalloc.c:1409 __vmalloc_node_range+0xc4/0x750 mm/vmalloc.c:1754 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vzalloc+0x6f/0x80 mm/vmalloc.c:1857 alloc_counters.isra.11+0xaf/0x830 net/ipv6/netfilter/ip6_tables.c:818 copy_entries_to_user net/ipv6/netfilter/ip6_tables.c:840 [inline] get_entries net/ipv6/netfilter/ip6_tables.c:1043 [inline] do_ip6t_get_ctl+0x7e3/0xc30 net/ipv6/netfilter/ip6_tables.c:1711 nf_sockopt net/netfilter/nf_sockopt.c:104 [inline] nf_getsockopt+0x80/0xe0 net/netfilter/nf_sockopt.c:122 ipv6_getsockopt+0x1d9/0x300 net/ipv6/ipv6_sockglue.c:1370 tcp_getsockopt+0x93/0xe0 net/ipv4/tcp.c:3492 sock_common_getsockopt+0x9a/0xe0 net/core/sock.c:3001 __sys_getsockopt+0x1a5/0x370 net/socket.c:1940 __do_sys_getsockopt net/socket.c:1951 [inline] __se_sys_getsockopt net/socket.c:1948 [inline] __x64_sys_getsockopt+0xbe/0x150 net/socket.c:1948 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45846a RSP: 002b:0000000000a3e328 EFLAGS: 00000212 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 0000000000a3e350 RCX: 000000000045846a RDX: 0000000000000041 RSI: 0000000000000029 RDI: 0000000000000013 RBP: 00000000007011a0 R08: 0000000000a3e34c R09: 0000000000004000 R10: 0000000000a3e450 R11: 0000000000000212 R12: 0000000000000013 R13: 0000000000000000 R14: 0000000000000029 R15: 00000000006fefe0 random: crng init done netlink: 'syz-executor5': attribute type 9 has an invalid length. ieee80211 phy6: Selected rate control algorithm 'minstrel_ht' netlink: 'syz-executor5': attribute type 9 has an invalid length. ieee80211 phy7: Selected rate control algorithm 'minstrel_ht' netlink: 'syz-executor5': attribute type 9 has an invalid length. ieee80211 phy8: Selected rate control algorithm 'minstrel_ht' netlink: 'syz-executor0': attribute type 9 has an invalid length. ieee80211 phy9: Selected rate control algorithm 'minstrel_ht' netlink: 'syz-executor5': attribute type 9 has an invalid length. ieee80211 phy10: Selected rate control algorithm 'minstrel_ht' netlink: 'syz-executor0': attribute type 9 has an invalid length. ieee80211 phy11: Selected rate control algorithm 'minstrel_ht' netlink: 'syz-executor5': attribute type 9 has an invalid length. ieee80211 phy12: Selected rate control algorithm 'minstrel_ht' netlink: 'syz-executor0': attribute type 9 has an invalid length. ieee80211 phy13: Selected rate control algorithm 'minstrel_ht' device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode netlink: 'syz-executor3': attribute type 7 has an invalid length. netlink: 'syz-executor3': attribute type 7 has an invalid length. mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 netlink: 'syz-executor3': attribute type 7 has an invalid length. mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 netlink: 'syz-executor3': attribute type 7 has an invalid length. mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0 mip6: mip6_rthdr_init_state: state's mode is not 2: 0