================================
WARNING: inconsistent lock state
4.18.0+ #189 Not tainted
--------------------------------
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
syz-executor3/11344 [HC0[0]:SC0[0]:HE1:SE1] takes:
00000000e9d001fb (&(&tlocks[i])->rlock){+.?.}, at: spin_lock include/linux/spinlock.h:329 [inline]
00000000e9d001fb (&(&tlocks[i])->rlock){+.?.}, at: ila_del_mapping net/ipv6/ila/ila_xlat.c:290 [inline]
00000000e9d001fb (&(&tlocks[i])->rlock){+.?.}, at: ila_xlat_nl_cmd_del_mapping+0x46b/0xb00 net/ipv6/ila/ila_xlat.c:368
{IN-SOFTIRQ-W} state was registered at:
lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:334 [inline]
__rhashtable_insert_fast include/linux/rhashtable.h:596 [inline]
rhashtable_lookup_insert_fast include/linux/rhashtable.h:784 [inline]
fdb_create+0x5cc/0x1710 net/bridge/br_fdb.c:508
br_fdb_update+0x4e7/0xd40 net/bridge/br_fdb.c:605
br_handle_frame_finish+0xa23/0x1960 net/bridge/br_input.c:97
br_nf_hook_thresh+0x48d/0x5f0 net/bridge/br_netfilter_hooks.c:1011
br_nf_pre_routing_finish_ipv6+0x7bc/0xef0 net/bridge/br_netfilter_ipv6.c:209
NF_HOOK include/linux/netfilter.h:287 [inline]
br_nf_pre_routing_ipv6+0x4af/0xac0 net/bridge/br_netfilter_ipv6.c:237
br_nf_pre_routing+0xb33/0x17d0 net/bridge/br_netfilter_hooks.c:494
nf_hook_entry_hookfn include/linux/netfilter.h:119 [inline]
nf_hook_slow+0xc2/0x1c0 net/netfilter/core.c:511
nf_hook include/linux/netfilter.h:242 [inline]
NF_HOOK include/linux/netfilter.h:285 [inline]
br_handle_frame+0xc0d/0x1a20 net/bridge/br_input.c:303
__netif_receive_skb_core+0x1455/0x3af0 net/core/dev.c:4821
__netif_receive_skb_one_core+0xd0/0x200 net/core/dev.c:4890
__netif_receive_skb+0x2c/0x1e0 net/core/dev.c:5002
process_backlog+0x219/0x760 net/core/dev.c:5808
napi_poll net/core/dev.c:6228 [inline]
net_rx_action+0x7a5/0x1920 net/core/dev.c:6294
__do_softirq+0x2eb/0xb1e kernel/softirq.c:292
run_ksoftirqd+0x88/0x100 kernel/softirq.c:653
smpboot_thread_fn+0x425/0x880 kernel/smpboot.c:164
kthread+0x35a/0x420 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
irq event stamp: 87
hardirqs last enabled at (87): [<ffffffff86c009d5>] restore_regs_and_return_to_kernel+0x0/0x2b
hardirqs last disabled at (86): [<ffffffff86c00905>] interrupt_entry+0xb5/0xf0 arch/x86/entry/entry_64.S:626
softirqs last enabled at (66): [<ffffffff850b881c>] spin_unlock_bh include/linux/spinlock.h:374 [inline]
softirqs last enabled at (66): [<ffffffff850b881c>] release_sock+0x1ec/0x2c0 net/core/sock.c:2860
softirqs last disabled at (64): [<ffffffff850b86ad>] spin_lock_bh include/linux/spinlock.h:334 [inline]
softirqs last disabled at (64): [<ffffffff850b86ad>] release_sock+0x7d/0x2c0 net/core/sock.c:2847
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&(&tlocks[i])->rlock);
<Interrupt>
lock(&(&tlocks[i])->rlock);
*** DEADLOCK ***
1 lock held by syz-executor3/11344:
#0: 000000004e073d98 (cb_lock){++++}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:636
stack backtrace:
CPU: 1 PID: 11344 Comm: syz-executor3 Not tainted 4.18.0+ #189
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
print_usage_bug.cold.63+0x320/0x41a kernel/locking/lockdep.c:2546
valid_state kernel/locking/lockdep.c:2559 [inline]
mark_lock_irq kernel/locking/lockdep.c:2753 [inline]
mark_lock+0x1048/0x19f0 kernel/locking/lockdep.c:3151
mark_irqflags kernel/locking/lockdep.c:3047 [inline]
__lock_acquire+0x7ca/0x5020 kernel/locking/lockdep.c:3392
lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
spin_lock include/linux/spinlock.h:329 [inline]
ila_del_mapping net/ipv6/ila/ila_xlat.c:290 [inline]
ila_xlat_nl_cmd_del_mapping+0x46b/0xb00 net/ipv6/ila/ila_xlat.c:368
genl_family_rcv_msg+0x8a3/0x1140 net/netlink/genetlink.c:601
genl_rcv_msg+0xc6/0x168 net/netlink/genetlink.c:626
netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2454
genl_rcv+0x28/0x40 net/netlink/genetlink.c:637
netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
netlink_unicast+0x5a0/0x760 net/netlink/af_netlink.c:1343
netlink_sendmsg+0xa18/0xfc0 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:621 [inline]
sock_sendmsg+0xd5/0x120 net/socket.c:631
___sys_sendmsg+0x7fd/0x930 net/socket.c:2114
__sys_sendmsg+0x11d/0x290 net/socket.c:2152
__do_sys_sendmsg net/socket.c:2161 [inline]
__se_sys_sendmsg net/socket.c:2159 [inline]
__x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457089
Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
netlink: 'syz-executor0': attribute type 3 has an invalid length.
RSP: 002b:00007f71a0ab8c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f71a0ab96d4 RCX: 0000000000457089
RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
netlink: 'syz-executor0': attribute type 6 has an invalid length.
R13: 00000000004d4088 R14: 00000000004c8ab0 R15: 0000000000000000
netlink: 'syz-executor0': attribute type 3 has an invalid length.
netlink: 'syz-executor0': attribute type 6 has an invalid length.
IPVS: stopping backup sync thread 11552 ...
netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'.
EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 2147483673 (only 16 groups)
EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 2147483673 (only 16 groups)
EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 2147483673 (only 16 groups)
connect: ipv4 mapped
netlink: 'syz-executor4': attribute type 16 has an invalid length.
bridge0: port 1(bridge_slave_0) entered disabled state
bridge0: port 2(bridge_slave_1) entered disabled state
dccp_close: ABORT with 1 bytes unread
netlink: 16 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'.
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
alloc_netdev: Unable to allocate device with zero queues
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
IPVS: set_ctl: invalid protocol: 22 0.0.0.0:20004
IPVS: set_ctl: invalid protocol: 22 0.0.0.0:20004
sit: non-ECT from 0.0.0.0 with TOS=0x1
sit: non-ECT from 0.0.0.0 with TOS=0x1
sit: non-ECT from 0.0.0.0 with TOS=0x1
sit: non-ECT from 0.0.0.0 with TOS=0x1
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
sit: non-ECT from 0.0.0.0 with TOS=0x1
sit: non-ECT from 0.0.0.0 with TOS=0x1
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
CPU: 1 PID: 12712 Comm: syz-executor3 Not tainted 4.18.0+ #189
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold.4+0xa/0x11 lib/fault-inject.c:149
sit: non-ECT from 0.0.0.0 with TOS=0x1
__should_failslab+0x124/0x180 mm/failslab.c:32
should_failslab+0x9/0x14 mm/slab_common.c:1557
slab_pre_alloc_hook mm/slab.h:423 [inline]
slab_alloc_node mm/slab.c:3299 [inline]
kmem_cache_alloc_node_trace+0x26f/0x770 mm/slab.c:3661
kmalloc_node include/linux/slab.h:551 [inline]
kzalloc_node include/linux/slab.h:718 [inline]
__get_vm_area_node+0x12d/0x390 mm/vmalloc.c:1389
__vmalloc_node_range+0xc4/0x760 mm/vmalloc.c:1741
__vmalloc_node mm/vmalloc.c:1791 [inline]
__vmalloc_node_flags mm/vmalloc.c:1805 [inline]
vmalloc+0x6f/0x80 mm/vmalloc.c:1827
netlink_alloc_large_skb net/netlink/af_netlink.c:1194 [inline]
netlink_sendmsg+0x74f/0xfc0 net/netlink/af_netlink.c:1883
sock_sendmsg_nosec net/socket.c:621 [inline]
sock_sendmsg+0xd5/0x120 net/socket.c:631
___sys_sendmsg+0x7fd/0x930 net/socket.c:2114
__sys_sendmsg+0x11d/0x290 net/socket.c:2152
__do_sys_sendmsg net/socket.c:2161 [inline]
__se_sys_sendmsg net/socket.c:2159 [inline]
__x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457089
Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f71a0ab8c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f71a0ab96d4 RCX: 0000000000457089
RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 00000000004d40b8 R14: 00000000004c8ad8 R15: 0000000000000000
syz-executor3: vmalloc: allocation failure: 65664 bytes, mode:0x6000c0(GFP_KERNEL), nodemask=(null)
syz-executor3 cpuset=syz3 mems_allowed=0
CPU: 1 PID: 12712 Comm: syz-executor3 Not tainted 4.18.0+ #189
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
warn_alloc.cold.118+0xb7/0x1bd mm/page_alloc.c:3427
__vmalloc_node_range+0x472/0x760 mm/vmalloc.c:1762
__vmalloc_node mm/vmalloc.c:1791 [inline]
__vmalloc_node_flags mm/vmalloc.c:1805 [inline]
vmalloc+0x6f/0x80 mm/vmalloc.c:1827
netlink_alloc_large_skb net/netlink/af_netlink.c:1194 [inline]
netlink_sendmsg+0x74f/0xfc0 net/netlink/af_netlink.c:1883
sock_sendmsg_nosec net/socket.c:621 [inline]
sock_sendmsg+0xd5/0x120 net/socket.c:631
___sys_sendmsg+0x7fd/0x930 net/socket.c:2114
__sys_sendmsg+0x11d/0x290 net/socket.c:2152
__do_sys_sendmsg net/socket.c:2161 [inline]
__se_sys_sendmsg net/socket.c:2159 [inline]
__x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290