syzbot


BUG: MAX_LOCK_DEPTH too low! (2)

Status: fixed on 2019/11/11 16:48
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+802a5abb8abae86eb6de@syzkaller.appspotmail.com
Fix commit: bab2c80e5a6c nsh: set mac len based on inner packet
First crash: 2387d, last: 2344d
Fix bisection: fixed by (bisect log) :
commit bab2c80e5a6c855657482eac9e97f5f3eedb509a
Author: Willem de Bruijn <willemb@google.com>
Date: Wed Jul 11 16:00:44 2018 +0000

  nsh: set mac len based on inner packet

  
Discussions (3)
Title Replies (including bot) Last reply
WARNING: locking bug in __perf_event_task_sched_in 2 (3) 2020/03/04 14:01
Reminder: 5 open syzbot bugs in lockdep subsystem 3 (3) 2019/07/10 16:13
BUG: MAX_LOCK_DEPTH too low! (2) 0 (2) 2018/07/12 21:35
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: MAX_LOCK_DEPTH too low! net 1 2416d 2416d 5/28 fixed on 2018/05/17 10:02
upstream BUG: MAX_LOCK_DEPTH too low! (3) net s390 C done 18 1028d 1037d 22/28 fixed on 2023/02/24 13:50
upstream BUG: MAX_LOCK_DEPTH too low! (5) btrfs C 5 29d 32d 0/28 upstream: reported C repro on 2024/11/10 09:16
upstream BUG: MAX_LOCK_DEPTH too low! (4) bcachefs C error 1364 121d 218d 27/28 fixed on 2024/08/25 15:26

Sample crash report:
8021q: adding VLAN 0 to HW filter on device bond0
IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
8021q: adding VLAN 0 to HW filter on device team0
BUG: MAX_LOCK_DEPTH too low!
turning off the locking correctness validator.
depth: 48  max: 48!
48 locks held by syz-executor150/4765:
 #0: (____ptrval____) (rcu_read_lock_bh){....}, at: __dev_queue_xmit+0x328/0x3910 net/core/dev.c:3503
 #1: (____ptrval____) (&(&sch->seqlock)->rlock){+...}, at: spin_trylock include/linux/spinlock.h:320 [inline]
 #1: (____ptrval____) (&(&sch->seqlock)->rlock){+...}, at: qdisc_run_begin include/net/sch_generic.h:124 [inline]
 #1: (____ptrval____) (&(&sch->seqlock)->rlock){+...}, at: qdisc_run include/net/pkt_sched.h:117 [inline]
 #1: (____ptrval____) (&(&sch->seqlock)->rlock){+...}, at: __dev_xmit_skb net/core/dev.c:3229 [inline]
 #1: (____ptrval____) (&(&sch->seqlock)->rlock){+...}, at: __dev_queue_xmit+0x13a3/0x3910 net/core/dev.c:3537
 #2: (____ptrval____) (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: dev_queue_xmit+0x17/0x20 net/core/dev.c:3602
 #3: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #3: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #4: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #4: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #5: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #5: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #6: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #6: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #7: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #7: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #8: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #8: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #9: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #9: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #10: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #10: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #11: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #11: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #12: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #12: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #13: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #13: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #14: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #14: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #15: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #15: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #16: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #16: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #17: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #17: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #18: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #18: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #19: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #19: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #20: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #20: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #21: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #21: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #22: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #22: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #23: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #23: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #24: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #24: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #25: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #25: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #26: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #26: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #27: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #27: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #28: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #28: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #29: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #29: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #30: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #30: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #31: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #31: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #32: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #32: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #33: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #33: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #34: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #34: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #35: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #35: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #36: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #36: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #37: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #37: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #38: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #38: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #39: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #39: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #40: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #40: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #41: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #41: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #42: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #42: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #43: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #43: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #44: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #44: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #45: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #45: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #46: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #46: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
 #47: (____ptrval____) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline]
 #47: (____ptrval____) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x229/0x740 net/core/dev.c:2787
INFO: lockdep is turned off.
CPU: 0 PID: 4765 Comm: syz-executor150 Not tainted 4.18.0-rc4+ #144
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
 __lock_acquire+0x175d/0x5020 kernel/locking/lockdep.c:3453
 lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924
 rcu_lock_acquire include/linux/rcupdate.h:245 [inline]
 rcu_read_lock include/linux/rcupdate.h:631 [inline]
 skb_mac_gso_segment+0x263/0x740 net/core/dev.c:2789
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 nsh_gso_segment+0x470/0xb40 net/nsh/nsh.c:111
 skb_mac_gso_segment+0x3b5/0x740 net/core/dev.c:2792
 __skb_gso_segment+0x3c3/0x880 net/core/dev.c:2865
 skb_gso_segment include/linux/netdevice.h:4099 [inline]
 validate_xmit_skb+0x640/0xf30 net/core/dev.c:3104
 validate_xmit_skb_list+0xbf/0x120 net/core/dev.c:3154
 sch_direct_xmit+0x30e/0x1140 net/sched/sch_generic.c:312
 qdisc_restart net/sched/sch_generic.c:390 [inline]
 __qdisc_run+0x619/0x19f0 net/sched/sch_generic.c:398
 qdisc_run include/net/pkt_sched.h:118 [inline]
 __dev_xmit_skb net/core/dev.c:3229 [inline]
 __dev_queue_xmit+0x1419/0x3910 net/core/dev.c:3537
 dev_queue_xmit+0x17/0x20 net/core/dev.c:3602
 packet_snd net/packet/af_packet.c:2919 [inline]
 packet_sendmsg+0x428e/0x6130 net/packet/af_packet.c:2944
 sock_sendmsg_nosec net/socket.c:641 [inline]
 sock_sendmsg+0xd5/0x120 net/socket.c:651
 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2125
 __sys_sendmsg+0x11d/0x290 net/socket.c:2163
 __do_sys_sendmsg net/socket.c:2172 [inline]
 __se_sys_sendmsg net/socket.c:2170 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2170
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x446a99
Code: e8 9c bb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
RSP: 002b:00007f4a719bcdb8 EFLAGS: 00000297 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000006dcc24 RCX: 0000000000446a99
RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000004
RBP: 00000000006dcc20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000000
R13: 00007ffe4751bf5f R14: 00007f4a719bd9c0 R15: 0000000000000007
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 1 PID: 4407 Comm: rs:main Q:Reg Not tainted 4.18.0-rc4+ #144
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:cpu_cache_get mm/slab.c:436 [inline]
RIP: 0010:____cache_alloc mm/slab.c:3117 [inline]
RIP: 0010:__do_cache_alloc mm/slab.c:3349 [inline]
RIP: 0010:slab_alloc mm/slab.c:3384 [inline]
RIP: 0010:kmem_cache_alloc+0x1b0/0x760 mm/slab.c:3552
Code: f6 d9 06 00 49 89 c5 e9 c5 fe ff ff 48 8b 80 58 04 00 00 a8 04 0f 85 12 ff ff ff 4d 8b 45 00 4c 89 c2 65 48 03 15 e8 f4 47 7e <8b> 02 85 c0 0f 84 63 01 00 00 83 e8 01 c7 42 0c 01 00 00 00 89 02 
RSP: 0018:ffff8801aebe7268 EFLAGS: 00010083
RAX: 0000000000000000 RBX: 0000000000608040 RCX: ffffffff81b9f96a
RDX: ffff1003b1dbed40 RSI: 0000000000000bfa RDI: 0000000000000000
RBP: ffff8801aebe72d8 R08: ffff8801d6ebed40 R09: 000000000000175b
------------[ cut here ]------------
R10: ffff8801aebe7ca0 R11: ffff8801b0a553c7 R12: 0000000000200000
do_IRQ(): syz-executor150 has overflown the kernel stack (cur:ffff8801d48b0000,sp:ffff8801ce2541e0,irq stk top-bottom:ffff8801dae00080-ffff8801dae08000,exception stk top-bottom:fffffe0000007080-fffffe0000011000,ip:lock_acquire+0x25f/0x540)
R13: ffff8801d3e9f540 R14: ffff8801d3e9f540 R15: 0000000000608040
WARNING: CPU: 0 PID: 4765 at arch/x86/kernel/irq_64.c:63 stack_overflow_check arch/x86/kernel/irq_64.c:60 [inline]
WARNING: CPU: 0 PID: 4765 at arch/x86/kernel/irq_64.c:63 handle_irq+0x1fb/0x2e7 arch/x86/kernel/irq_64.c:72
FS:  00007fe7348d2700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/07/13 04:34 upstream 63f047771621 06c33b3a .config console log report syz C ci-upstream-kasan-gce
2018/07/12 21:35 bpf 6e6fddc78323 06c33b3a .config console log report syz C ci-upstream-bpf-kasan-gce
2018/07/13 00:00 upstream c25c74b7476e 06c33b3a .config console log report syz ci-upstream-kasan-gce-386
2018/07/12 20:25 bpf 6e6fddc78323 06c33b3a .config console log report ci-upstream-bpf-kasan-gce
2018/05/30 17:19 net-next-old ae40832e53c3 2f93b54f .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.