================================ WARNING: inconsistent lock state 4.18.0+ #189 Not tainted -------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. syz-executor3/11344 [HC0[0]:SC0[0]:HE1:SE1] takes: 00000000e9d001fb (&(&tlocks[i])->rlock){+.?.}, at: spin_lock include/linux/spinlock.h:329 [inline] 00000000e9d001fb (&(&tlocks[i])->rlock){+.?.}, at: ila_del_mapping net/ipv6/ila/ila_xlat.c:290 [inline] 00000000e9d001fb (&(&tlocks[i])->rlock){+.?.}, at: ila_xlat_nl_cmd_del_mapping+0x46b/0xb00 net/ipv6/ila/ila_xlat.c:368 {IN-SOFTIRQ-W} state was registered at: lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [inline] __rhashtable_insert_fast include/linux/rhashtable.h:596 [inline] rhashtable_lookup_insert_fast include/linux/rhashtable.h:784 [inline] fdb_create+0x5cc/0x1710 net/bridge/br_fdb.c:508 br_fdb_update+0x4e7/0xd40 net/bridge/br_fdb.c:605 br_handle_frame_finish+0xa23/0x1960 net/bridge/br_input.c:97 br_nf_hook_thresh+0x48d/0x5f0 net/bridge/br_netfilter_hooks.c:1011 br_nf_pre_routing_finish_ipv6+0x7bc/0xef0 net/bridge/br_netfilter_ipv6.c:209 NF_HOOK include/linux/netfilter.h:287 [inline] br_nf_pre_routing_ipv6+0x4af/0xac0 net/bridge/br_netfilter_ipv6.c:237 br_nf_pre_routing+0xb33/0x17d0 net/bridge/br_netfilter_hooks.c:494 nf_hook_entry_hookfn include/linux/netfilter.h:119 [inline] nf_hook_slow+0xc2/0x1c0 net/netfilter/core.c:511 nf_hook include/linux/netfilter.h:242 [inline] NF_HOOK include/linux/netfilter.h:285 [inline] br_handle_frame+0xc0d/0x1a20 net/bridge/br_input.c:303 __netif_receive_skb_core+0x1455/0x3af0 net/core/dev.c:4821 __netif_receive_skb_one_core+0xd0/0x200 net/core/dev.c:4890 __netif_receive_skb+0x2c/0x1e0 net/core/dev.c:5002 process_backlog+0x219/0x760 net/core/dev.c:5808 napi_poll net/core/dev.c:6228 [inline] net_rx_action+0x7a5/0x1920 net/core/dev.c:6294 __do_softirq+0x2eb/0xb1e kernel/softirq.c:292 run_ksoftirqd+0x88/0x100 kernel/softirq.c:653 smpboot_thread_fn+0x425/0x880 kernel/smpboot.c:164 kthread+0x35a/0x420 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413 irq event stamp: 87 hardirqs last enabled at (87): [] restore_regs_and_return_to_kernel+0x0/0x2b hardirqs last disabled at (86): [] interrupt_entry+0xb5/0xf0 arch/x86/entry/entry_64.S:626 softirqs last enabled at (66): [] spin_unlock_bh include/linux/spinlock.h:374 [inline] softirqs last enabled at (66): [] release_sock+0x1ec/0x2c0 net/core/sock.c:2860 softirqs last disabled at (64): [] spin_lock_bh include/linux/spinlock.h:334 [inline] softirqs last disabled at (64): [] release_sock+0x7d/0x2c0 net/core/sock.c:2847 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(&tlocks[i])->rlock); lock(&(&tlocks[i])->rlock); *** DEADLOCK *** 1 lock held by syz-executor3/11344: #0: 000000004e073d98 (cb_lock){++++}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:636 stack backtrace: CPU: 1 PID: 11344 Comm: syz-executor3 Not tainted 4.18.0+ #189 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 print_usage_bug.cold.63+0x320/0x41a kernel/locking/lockdep.c:2546 valid_state kernel/locking/lockdep.c:2559 [inline] mark_lock_irq kernel/locking/lockdep.c:2753 [inline] mark_lock+0x1048/0x19f0 kernel/locking/lockdep.c:3151 mark_irqflags kernel/locking/lockdep.c:3047 [inline] __lock_acquire+0x7ca/0x5020 kernel/locking/lockdep.c:3392 lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] ila_del_mapping net/ipv6/ila/ila_xlat.c:290 [inline] ila_xlat_nl_cmd_del_mapping+0x46b/0xb00 net/ipv6/ila/ila_xlat.c:368 genl_family_rcv_msg+0x8a3/0x1140 net/netlink/genetlink.c:601 genl_rcv_msg+0xc6/0x168 net/netlink/genetlink.c:626 netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2454 genl_rcv+0x28/0x40 net/netlink/genetlink.c:637 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x5a0/0x760 net/netlink/af_netlink.c:1343 netlink_sendmsg+0xa18/0xfc0 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:631 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2114 __sys_sendmsg+0x11d/0x290 net/socket.c:2152 __do_sys_sendmsg net/socket.c:2161 [inline] __se_sys_sendmsg net/socket.c:2159 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457089 Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 netlink: 'syz-executor0': attribute type 3 has an invalid length. RSP: 002b:00007f71a0ab8c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f71a0ab96d4 RCX: 0000000000457089 RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff netlink: 'syz-executor0': attribute type 6 has an invalid length. R13: 00000000004d4088 R14: 00000000004c8ab0 R15: 0000000000000000 netlink: 'syz-executor0': attribute type 3 has an invalid length. netlink: 'syz-executor0': attribute type 6 has an invalid length. IPVS: stopping backup sync thread 11552 ... netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 2147483673 (only 16 groups) EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 2147483673 (only 16 groups) EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 2147483673 (only 16 groups) connect: ipv4 mapped netlink: 'syz-executor4': attribute type 16 has an invalid length. bridge0: port 1(bridge_slave_0) entered disabled state bridge0: port 2(bridge_slave_1) entered disabled state dccp_close: ABORT with 1 bytes unread netlink: 16 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready alloc_netdev: Unable to allocate device with zero queues IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPVS: set_ctl: invalid protocol: 22 0.0.0.0:20004 IPVS: set_ctl: invalid protocol: 22 0.0.0.0:20004 sit: non-ECT from 0.0.0.0 with TOS=0x1 sit: non-ECT from 0.0.0.0 with TOS=0x1 sit: non-ECT from 0.0.0.0 with TOS=0x1 sit: non-ECT from 0.0.0.0 with TOS=0x1 nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. sit: non-ECT from 0.0.0.0 with TOS=0x1 sit: non-ECT from 0.0.0.0 with TOS=0x1 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 1 PID: 12712 Comm: syz-executor3 Not tainted 4.18.0+ #189 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0xa/0x11 lib/fault-inject.c:149 sit: non-ECT from 0.0.0.0 with TOS=0x1 __should_failslab+0x124/0x180 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1557 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc_node mm/slab.c:3299 [inline] kmem_cache_alloc_node_trace+0x26f/0x770 mm/slab.c:3661 kmalloc_node include/linux/slab.h:551 [inline] kzalloc_node include/linux/slab.h:718 [inline] __get_vm_area_node+0x12d/0x390 mm/vmalloc.c:1389 __vmalloc_node_range+0xc4/0x760 mm/vmalloc.c:1741 __vmalloc_node mm/vmalloc.c:1791 [inline] __vmalloc_node_flags mm/vmalloc.c:1805 [inline] vmalloc+0x6f/0x80 mm/vmalloc.c:1827 netlink_alloc_large_skb net/netlink/af_netlink.c:1194 [inline] netlink_sendmsg+0x74f/0xfc0 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:631 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2114 __sys_sendmsg+0x11d/0x290 net/socket.c:2152 __do_sys_sendmsg net/socket.c:2161 [inline] __se_sys_sendmsg net/socket.c:2159 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457089 Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f71a0ab8c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f71a0ab96d4 RCX: 0000000000457089 RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 R13: 00000000004d40b8 R14: 00000000004c8ad8 R15: 0000000000000000 syz-executor3: vmalloc: allocation failure: 65664 bytes, mode:0x6000c0(GFP_KERNEL), nodemask=(null) syz-executor3 cpuset=syz3 mems_allowed=0 CPU: 1 PID: 12712 Comm: syz-executor3 Not tainted 4.18.0+ #189 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 warn_alloc.cold.118+0xb7/0x1bd mm/page_alloc.c:3427 __vmalloc_node_range+0x472/0x760 mm/vmalloc.c:1762 __vmalloc_node mm/vmalloc.c:1791 [inline] __vmalloc_node_flags mm/vmalloc.c:1805 [inline] vmalloc+0x6f/0x80 mm/vmalloc.c:1827 netlink_alloc_large_skb net/netlink/af_netlink.c:1194 [inline] netlink_sendmsg+0x74f/0xfc0 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:631 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2114 __sys_sendmsg+0x11d/0x290 net/socket.c:2152 __do_sys_sendmsg net/socket.c:2161 [inline] __se_sys_sendmsg net/socket.c:2159 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290