*** Guest State *** CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x0000000000000000 RSP = 0x0000000000000000 RIP = 0x0000000000000000 BUG: sleeping function called from invalid context at mm/slab.h:421 in_atomic(): 1, irqs_disabled(): 0, pid: 11200, name: syz-executor0 1 lock held by syz-executor0/11200: #0: 00000000d0e6c898 (sk_lock-AF_ALG){+.+.}, at: lock_sock include/net/sock.h:1502 [inline] #0: 00000000d0e6c898 (sk_lock-AF_ALG){+.+.}, at: skcipher_recvmsg+0xbb/0x1420 crypto/algif_skcipher.c:163 Preemption disabled at: [] kernel_fpu_begin+0x16/0x260 arch/x86/kernel/fpu/core.c:127 RFLAGS=0x0001a202 DR7 = 0x0000000000000400 CPU: 0 PID: 11200 Comm: syz-executor0 Not tainted 4.20.0-rc6-next-20181214+ #171 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 ___might_sleep.cold.86+0x221/0x254 kernel/sched/core.c:6148 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 __might_sleep+0x95/0x190 kernel/sched/core.c:6101 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3365 [inline] __do_kmalloc mm/slab.c:3707 [inline] __kmalloc+0x2da/0x760 mm/slab.c:3718 CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 kmalloc include/linux/slab.h:550 [inline] kzalloc include/linux/slab.h:740 [inline] skcipher_next_slow crypto/skcipher.c:254 [inline] skcipher_walk_next+0x7f9/0x17f0 crypto/skcipher.c:358 DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 skcipher_walk_first+0xff/0x3a0 crypto/skcipher.c:441 skcipher_walk_skcipher+0x541/0x700 crypto/skcipher.c:469 skcipher_walk_virt+0x58/0xd0 crypto/skcipher.c:479 chacha_simd_stream_xor+0xb3/0xa40 arch/x86/crypto/chacha_glue.c:141 ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 chacha_simd+0xd8/0x110 arch/x86/crypto/chacha_glue.c:179 crypto_skcipher_decrypt include/crypto/skcipher.h:538 [inline] _skcipher_recvmsg crypto/algif_skcipher.c:146 [inline] skcipher_recvmsg+0xcc9/0x1420 crypto/algif_skcipher.c:165 FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 sock_recvmsg_nosec net/socket.c:795 [inline] sock_recvmsg+0xd0/0x110 net/socket.c:802 GDTR: limit=0x0000ffff, base=0x0000000000000000 ___sys_recvmsg+0x2b6/0x680 net/socket.c:2279 LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 do_recvmmsg+0x303/0xb90 net/socket.c:2392 IDTR: limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 __sys_recvmmsg+0xe5/0x2a0 net/socket.c:2473 EFER = 0x0000000000000000 PAT = 0x0007040600070406 __do_sys_recvmmsg net/socket.c:2494 [inline] __se_sys_recvmmsg net/socket.c:2487 [inline] __x64_sys_recvmmsg+0xe6/0x140 net/socket.c:2487 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457669 Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 *** Host State *** RSP: 002b:00007fb84004ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457669 RDX: 0000000000000001 RSI: 0000000020008a00 RDI: 0000000000000005 RBP: 000000000072bfa0 R08: 0000000020008bc0 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb84004f6d4 R13: 00000000004c3b77 R14: 00000000004d6770 R15: 00000000ffffffff RIP = 0xffffffff812048fe RSP = 0xffff8881b6027390 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f398908f700 GSBase=ffff8881dac00000 TRBase=fffffe0000033000 GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 CR0=0000000080050033 CR3=00000001d1774000 CR4=00000000001426f0 Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff88001360 EFER = 0x0000000000000d01 PAT = 0x0407050600070106 *** Control State *** PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c3 EntryControls=0000d1ff ExitControls=002fefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=800000b5 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffff4ca967b4fa TPR Threshold = 0x00 EPT pointer = 0x00000001d1e3901e audit: type=1804 audit(1545023699.165:57): pid=11246 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir450006483/syzkaller.z9lOiW/124/bus" dev="sda1" ino=16577 res=1 audit: type=1804 audit(1545023699.245:58): pid=11246 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor1" name="/root/syzkaller-testdir450006483/syzkaller.z9lOiW/124/bus" dev="sda1" ino=16577 res=1 netlink: 4 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor3'. Dev loop0: RDB in block 0 has bad checksum __loop_clr_fd: partition scan of loop0 failed (rc=-22) hid-generic 0000:0000:0000.0003: unknown main item tag 0x5 hid-generic 0000:0000:0000.0003: item fetching failed at offset -1171502968 hid-generic: probe of 0000:0000:0000.0003 failed with error -22 netlink: 'syz-executor2': attribute type 6 has an invalid length. Dev loop0: RDB in block 0 has bad checksum netlink: 'syz-executor2': attribute type 6 has an invalid length. input: syz1 as /devices/virtual/input/input5 __loop_clr_fd: partition scan of loop0 failed (rc=-22) binder: 11314:11315 unknown command 626221836 binder: 11314:11315 ioctl c0306201 2000dfd0 returned -22 binder: 11314:11324 unknown command 626221836 binder: 11314:11324 ioctl c0306201 2000dfd0 returned -22 hid-generic 0000:0000:0000.0004: unknown main item tag 0x5 hid-generic 0000:0000:0000.0004: item fetching failed at offset -769893496 hid-generic: probe of 0000:0000:0000.0004 failed with error -22 input: syz1 as /devices/virtual/input/input6 input: syz1 as /devices/virtual/input/input7 hid-generic 0000:0000:0000.0005: unknown main item tag 0x5 hid-generic 0000:0000:0000.0005: item fetching failed at offset -841238776 hid-generic: probe of 0000:0000:0000.0005 failed with error -22 hid-generic 0000:0000:0000.0006: unknown main item tag 0x5 hid-generic 0000:0000:0000.0006: item fetching failed at offset -1125529144 hid-generic: probe of 0000:0000:0000.0006 failed with error -22 EXT4-fs error (device sda1): ext4_remount:5320: Abort forced by user EXT4-fs (sda1): Remounting filesystem read-only EXT4-fs error (device sda1): ext4_remount:5320: Abort forced by user EXT4-fs (sda1): Remounting filesystem read-only hid-generic 0000:0000:0000.0007: unknown main item tag 0x5 hid-generic 0000:0000:0000.0007: item fetching failed at offset -1167433656 hid-generic: probe of 0000:0000:0000.0007 failed with error -22 hid-generic 0000:0000:0000.0008: unknown main item tag 0x5 hid-generic 0000:0000:0000.0008: item fetching failed at offset -823088888 hid-generic: probe of 0000:0000:0000.0008 failed with error -22 hid-generic 0000:0000:0000.0009: unknown main item tag 0x5 hid-generic 0000:0000:0000.0009: item fetching failed at offset -847666680 kvm [11526]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 hid-generic: probe of 0000:0000:0000.0009 failed with error -22 llc_conn_state_process: llc_conn_service failed llc_conn_state_process: llc_conn_service failed kvm [11526]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 XFS (loop1): Invalid superblock magic number ptrace attach of "/root/syz-executor1"[6093] was attempted by ""[11657] ptrace attach of "/root/syz-executor1"[6093] was attempted by ""[11662] MINIX-fs: mounting unchecked file system, running fsck is recommended minix_free_inode: bit 1 already cleared binder: 11705:11713 ioctl c0306201 20000000 returned -14 binder: 11705:11716 ioctl c0306201 20000000 returned -14 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. QAT: Invalid ioctl netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. QAT: Invalid ioctl QAT: Invalid ioctl input: syz1 as /devices/virtual/input/input8 input: syz1 as /devices/virtual/input/input9 netlink: 'syz-executor1': attribute type 1 has an invalid length. netlink: 'syz-executor1': attribute type 1 has an invalid length. netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. audit: type=1800 audit(1545023707.915:59): pid=11811 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor5" name="file0" dev="sda1" ino=16549 res=0 audit: type=1804 audit(1545023707.935:60): pid=11811 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor5" name="/root/syzkaller-testdir722157408/syzkaller.2SAvLV/129/file0/file0" dev="sda1" ino=16549 res=1 netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. audit: type=1804 audit(1545023708.035:61): pid=11826 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor5" name="/root/syzkaller-testdir722157408/syzkaller.2SAvLV/129/file0/file0" dev="sda1" ino=16549 res=1