================================
WARNING: inconsistent lock state
4.18.0+ #189 Not tainted
--------------------------------
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
syz-executor3/11344 [HC0[0]:SC0[0]:HE1:SE1] takes:
00000000e9d001fb (&(&tlocks[i])->rlock){+.?.}, at: spin_lock include/linux/spinlock.h:329 [inline]
00000000e9d001fb (&(&tlocks[i])->rlock){+.?.}, at: ila_del_mapping net/ipv6/ila/ila_xlat.c:290 [inline]
00000000e9d001fb (&(&tlocks[i])->rlock){+.?.}, at: ila_xlat_nl_cmd_del_mapping+0x46b/0xb00 net/ipv6/ila/ila_xlat.c:368
{IN-SOFTIRQ-W} state was registered at:
  lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924
  __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
  _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168
  spin_lock_bh include/linux/spinlock.h:334 [inline]
  __rhashtable_insert_fast include/linux/rhashtable.h:596 [inline]
  rhashtable_lookup_insert_fast include/linux/rhashtable.h:784 [inline]
  fdb_create+0x5cc/0x1710 net/bridge/br_fdb.c:508
  br_fdb_update+0x4e7/0xd40 net/bridge/br_fdb.c:605
  br_handle_frame_finish+0xa23/0x1960 net/bridge/br_input.c:97
  br_nf_hook_thresh+0x48d/0x5f0 net/bridge/br_netfilter_hooks.c:1011
  br_nf_pre_routing_finish_ipv6+0x7bc/0xef0 net/bridge/br_netfilter_ipv6.c:209
  NF_HOOK include/linux/netfilter.h:287 [inline]
  br_nf_pre_routing_ipv6+0x4af/0xac0 net/bridge/br_netfilter_ipv6.c:237
  br_nf_pre_routing+0xb33/0x17d0 net/bridge/br_netfilter_hooks.c:494
  nf_hook_entry_hookfn include/linux/netfilter.h:119 [inline]
  nf_hook_slow+0xc2/0x1c0 net/netfilter/core.c:511
  nf_hook include/linux/netfilter.h:242 [inline]
  NF_HOOK include/linux/netfilter.h:285 [inline]
  br_handle_frame+0xc0d/0x1a20 net/bridge/br_input.c:303
  __netif_receive_skb_core+0x1455/0x3af0 net/core/dev.c:4821
  __netif_receive_skb_one_core+0xd0/0x200 net/core/dev.c:4890
  __netif_receive_skb+0x2c/0x1e0 net/core/dev.c:5002
  process_backlog+0x219/0x760 net/core/dev.c:5808
  napi_poll net/core/dev.c:6228 [inline]
  net_rx_action+0x7a5/0x1920 net/core/dev.c:6294
  __do_softirq+0x2eb/0xb1e kernel/softirq.c:292
  run_ksoftirqd+0x88/0x100 kernel/softirq.c:653
  smpboot_thread_fn+0x425/0x880 kernel/smpboot.c:164
  kthread+0x35a/0x420 kernel/kthread.c:246
  ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
irq event stamp: 87
hardirqs last  enabled at (87): [<ffffffff86c009d5>] restore_regs_and_return_to_kernel+0x0/0x2b
hardirqs last disabled at (86): [<ffffffff86c00905>] interrupt_entry+0xb5/0xf0 arch/x86/entry/entry_64.S:626
softirqs last  enabled at (66): [<ffffffff850b881c>] spin_unlock_bh include/linux/spinlock.h:374 [inline]
softirqs last  enabled at (66): [<ffffffff850b881c>] release_sock+0x1ec/0x2c0 net/core/sock.c:2860
softirqs last disabled at (64): [<ffffffff850b86ad>] spin_lock_bh include/linux/spinlock.h:334 [inline]
softirqs last disabled at (64): [<ffffffff850b86ad>] release_sock+0x7d/0x2c0 net/core/sock.c:2847

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&(&tlocks[i])->rlock);
  <Interrupt>
    lock(&(&tlocks[i])->rlock);

 *** DEADLOCK ***

1 lock held by syz-executor3/11344:
 #0: 000000004e073d98 (cb_lock){++++}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:636

stack backtrace:
CPU: 1 PID: 11344 Comm: syz-executor3 Not tainted 4.18.0+ #189
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
 print_usage_bug.cold.63+0x320/0x41a kernel/locking/lockdep.c:2546
 valid_state kernel/locking/lockdep.c:2559 [inline]
 mark_lock_irq kernel/locking/lockdep.c:2753 [inline]
 mark_lock+0x1048/0x19f0 kernel/locking/lockdep.c:3151
 mark_irqflags kernel/locking/lockdep.c:3047 [inline]
 __lock_acquire+0x7ca/0x5020 kernel/locking/lockdep.c:3392
 lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
 spin_lock include/linux/spinlock.h:329 [inline]
 ila_del_mapping net/ipv6/ila/ila_xlat.c:290 [inline]
 ila_xlat_nl_cmd_del_mapping+0x46b/0xb00 net/ipv6/ila/ila_xlat.c:368
 genl_family_rcv_msg+0x8a3/0x1140 net/netlink/genetlink.c:601
 genl_rcv_msg+0xc6/0x168 net/netlink/genetlink.c:626
 netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2454
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:637
 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
 netlink_unicast+0x5a0/0x760 net/netlink/af_netlink.c:1343
 netlink_sendmsg+0xa18/0xfc0 net/netlink/af_netlink.c:1908
 sock_sendmsg_nosec net/socket.c:621 [inline]
 sock_sendmsg+0xd5/0x120 net/socket.c:631
 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2114
 __sys_sendmsg+0x11d/0x290 net/socket.c:2152
 __do_sys_sendmsg net/socket.c:2161 [inline]
 __se_sys_sendmsg net/socket.c:2159 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457089
Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
netlink: 'syz-executor0': attribute type 3 has an invalid length.
RSP: 002b:00007f71a0ab8c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f71a0ab96d4 RCX: 0000000000457089
RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
netlink: 'syz-executor0': attribute type 6 has an invalid length.
R13: 00000000004d4088 R14: 00000000004c8ab0 R15: 0000000000000000
netlink: 'syz-executor0': attribute type 3 has an invalid length.
netlink: 'syz-executor0': attribute type 6 has an invalid length.
IPVS: stopping backup sync thread 11552 ...
netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'.
EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 2147483673 (only 16 groups)
EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 2147483673 (only 16 groups)
EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 2147483673 (only 16 groups)
connect: ipv4 mapped
netlink: 'syz-executor4': attribute type 16 has an invalid length.
bridge0: port 1(bridge_slave_0) entered disabled state
bridge0: port 2(bridge_slave_1) entered disabled state
dccp_close: ABORT with 1 bytes unread
netlink: 16 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'.
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
alloc_netdev: Unable to allocate device with zero queues
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
IPVS: set_ctl: invalid protocol: 22 0.0.0.0:20004
IPVS: set_ctl: invalid protocol: 22 0.0.0.0:20004
sit: non-ECT from 0.0.0.0 with TOS=0x1
sit: non-ECT from 0.0.0.0 with TOS=0x1
sit: non-ECT from 0.0.0.0 with TOS=0x1
sit: non-ECT from 0.0.0.0 with TOS=0x1
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
sit: non-ECT from 0.0.0.0 with TOS=0x1
sit: non-ECT from 0.0.0.0 with TOS=0x1
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
CPU: 1 PID: 12712 Comm: syz-executor3 Not tainted 4.18.0+ #189
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold.4+0xa/0x11 lib/fault-inject.c:149
sit: non-ECT from 0.0.0.0 with TOS=0x1
 __should_failslab+0x124/0x180 mm/failslab.c:32
 should_failslab+0x9/0x14 mm/slab_common.c:1557
 slab_pre_alloc_hook mm/slab.h:423 [inline]
 slab_alloc_node mm/slab.c:3299 [inline]
 kmem_cache_alloc_node_trace+0x26f/0x770 mm/slab.c:3661
 kmalloc_node include/linux/slab.h:551 [inline]
 kzalloc_node include/linux/slab.h:718 [inline]
 __get_vm_area_node+0x12d/0x390 mm/vmalloc.c:1389
 __vmalloc_node_range+0xc4/0x760 mm/vmalloc.c:1741
 __vmalloc_node mm/vmalloc.c:1791 [inline]
 __vmalloc_node_flags mm/vmalloc.c:1805 [inline]
 vmalloc+0x6f/0x80 mm/vmalloc.c:1827
 netlink_alloc_large_skb net/netlink/af_netlink.c:1194 [inline]
 netlink_sendmsg+0x74f/0xfc0 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:621 [inline]
 sock_sendmsg+0xd5/0x120 net/socket.c:631
 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2114
 __sys_sendmsg+0x11d/0x290 net/socket.c:2152
 __do_sys_sendmsg net/socket.c:2161 [inline]
 __se_sys_sendmsg net/socket.c:2159 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457089
Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f71a0ab8c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f71a0ab96d4 RCX: 0000000000457089
RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 00000000004d40b8 R14: 00000000004c8ad8 R15: 0000000000000000
syz-executor3: vmalloc: allocation failure: 65664 bytes, mode:0x6000c0(GFP_KERNEL), nodemask=(null)
syz-executor3 cpuset=syz3 mems_allowed=0
CPU: 1 PID: 12712 Comm: syz-executor3 Not tainted 4.18.0+ #189
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
 warn_alloc.cold.118+0xb7/0x1bd mm/page_alloc.c:3427
 __vmalloc_node_range+0x472/0x760 mm/vmalloc.c:1762
 __vmalloc_node mm/vmalloc.c:1791 [inline]
 __vmalloc_node_flags mm/vmalloc.c:1805 [inline]
 vmalloc+0x6f/0x80 mm/vmalloc.c:1827
 netlink_alloc_large_skb net/netlink/af_netlink.c:1194 [inline]
 netlink_sendmsg+0x74f/0xfc0 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:621 [inline]
 sock_sendmsg+0xd5/0x120 net/socket.c:631
 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2114
 __sys_sendmsg+0x11d/0x290 net/socket.c:2152
 __do_sys_sendmsg net/socket.c:2161 [inline]
 __se_sys_sendmsg net/socket.c:2159 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290