BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:34
in_atomic(): 1, irqs_disabled(): 0, pid: 7890, name: syz-executor0
2 locks held by syz-executor0/7890:
 #0:  (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000178fbec8>] pfkey_sendmsg+0x4ce/0xa00 net/key/af_key.c:3647
 #1:  (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000333634fe>] spin_lock_bh include/linux/spinlock.h:315 [inline]
 #1:  (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000333634fe>] xfrm_policy_flush+0x424/0x770 net/xfrm/xfrm_policy.c:951
CPU: 0 PID: 7890 Comm: syz-executor0 Not tainted 4.15.0-rc7+ #187
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6060
 __might_sleep+0x95/0x190 kernel/sched/core.c:6013
 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:34 [inline]
 percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
 cpus_read_lock+0x1c/0x90 kernel/cpu.c:293
 get_online_cpus include/linux/cpu.h:117 [inline]
 xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767
 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978
 pfkey_spdflush+0x98/0x370 net/key/af_key.c:2750
 pfkey_process+0x611/0x720 net/key/af_key.c:2809
 pfkey_sendmsg+0x4dc/0xa00 net/key/af_key.c:3648
 sock_sendmsg_nosec net/socket.c:630 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:640
 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2020
 __sys_sendmsg+0xe5/0x210 net/socket.c:2054
 SYSC_sendmsg net/socket.c:2065 [inline]
 SyS_sendmsg+0x2d/0x50 net/socket.c:2061
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452cf9
RSP: 002b:00007f190691dc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452cf9
RDX: 0000000000000000 RSI: 000000002057f000 RDI: 0000000000000013
RBP: 0000000000000595 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f6698
R13: 00000000ffffffff R14: 00007f190691e6d4 R15: 0000000000000000

=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
4.15.0-rc7+ #187 Tainted: G        W       
-----------------------------------------------------
syz-executor0/7890 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire:
 (cpu_hotplug_lock.rw_sem){++++}, at: [<000000000bb8ccae>] get_online_cpus include/linux/cpu.h:117 [inline]
 (cpu_hotplug_lock.rw_sem){++++}, at: [<000000000bb8ccae>] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767

and this task is already holding:
 (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000333634fe>] spin_lock_bh include/linux/spinlock.h:315 [inline]
 (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000333634fe>] xfrm_policy_flush+0x424/0x770 net/xfrm/xfrm_policy.c:951
which would create a new lock dependency:
 (&(&net->xfrm.xfrm_policy_lock)->rlock){+...} -> (cpu_hotplug_lock.rw_sem){++++}

but this new dependency connects a SOFTIRQ-irq-safe lock:
 (slock-AF_INET6){+.-.}

... which became SOFTIRQ-irq-safe at:
  lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
  __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
  _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
  spin_lock include/linux/spinlock.h:310 [inline]
  sctp_rcv+0x1ab1/0x35c0 net/sctp/input.c:242
  ip_local_deliver_finish+0x2f1/0xc50 net/ipv4/ip_input.c:216
  NF_HOOK include/linux/netfilter.h:288 [inline]
  ip_local_deliver+0x1ce/0x6e0 net/ipv4/ip_input.c:257
  dst_input include/net/dst.h:449 [inline]
  ip_rcv_finish+0x953/0x1e30 net/ipv4/ip_input.c:397
  NF_HOOK include/linux/netfilter.h:288 [inline]
  ip_rcv+0xc5a/0x1840 net/ipv4/ip_input.c:493
  __netif_receive_skb_core+0x1a41/0x3460 net/core/dev.c:4538
  __netif_receive_skb+0x2c/0x1b0 net/core/dev.c:4603
  process_backlog+0x203/0x740 net/core/dev.c:5283
  napi_poll net/core/dev.c:5681 [inline]
  net_rx_action+0x792/0x1910 net/core/dev.c:5747
  __do_softirq+0x2d7/0xb85 kernel/softirq.c:285
  do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1133
  do_softirq.part.21+0x14d/0x190 kernel/softirq.c:329
  do_softirq kernel/softirq.c:177 [inline]
  __local_bh_enable_ip+0x1ee/0x230 kernel/softirq.c:182
  local_bh_enable include/linux/bottom_half.h:32 [inline]
  rcu_read_unlock_bh include/linux/rcupdate.h:727 [inline]
  ip_finish_output2+0x90e/0x14f0 net/ipv4/ip_output.c:231
  ip_finish_output+0x864/0xd10 net/ipv4/ip_output.c:317
  NF_HOOK_COND include/linux/netfilter.h:277 [inline]
  ip_output+0x1d2/0x860 net/ipv4/ip_output.c:405
  dst_output include/net/dst.h:443 [inline]
  ip_local_out+0x95/0x160 net/ipv4/ip_output.c:124
  ip_queue_xmit+0x8c0/0x18e0 net/ipv4/ip_output.c:504
  sctp_v4_xmit+0x108/0x140 net/sctp/protocol.c:994
  sctp_packet_transmit+0x225e/0x3750 net/sctp/output.c:638
  sctp_outq_flush+0xabb/0x4060 net/sctp/outqueue.c:911
  sctp_outq_uncork+0x5a/0x70 net/sctp/outqueue.c:776
  sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1807 [inline]
  sctp_side_effects net/sctp/sm_sideeffect.c:1210 [inline]
  sctp_do_sm+0x4e0/0x6ed0 net/sctp/sm_sideeffect.c:1181
  sctp_primitive_ASSOCIATE+0x9d/0xd0 net/sctp/primitive.c:88
  sctp_sendmsg+0x1d2e/0x33f0 net/sctp/socket.c:2018
  inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:764
  sock_sendmsg_nosec net/socket.c:630 [inline]
  sock_sendmsg+0xca/0x110 net/socket.c:640
  SYSC_sendto+0x361/0x5c0 net/socket.c:1721
  SyS_sendto+0x40/0x50 net/socket.c:1689
  entry_SYSCALL_64_fastpath+0x23/0x9a

to a SOFTIRQ-irq-unsafe lock:
 (cpu_hotplug_lock.rw_sem){++++}

... which became SOFTIRQ-irq-unsafe at:
...
  lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
  down_write+0x87/0x120 kernel/locking/rwsem.c:70
  percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145
  cpus_write_lock kernel/cpu.c:305 [inline]
  _cpu_up+0x60/0x510 kernel/cpu.c:990
  do_cpu_up+0x73/0xa0 kernel/cpu.c:1066
  cpu_up+0x18/0x20 kernel/cpu.c:1074
  smp_init+0x13a/0x152 kernel/smp.c:578
  kernel_init_freeable+0x2fe/0x521 init/main.c:1067
  kernel_init+0x13/0x172 init/main.c:999
  ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524

other info that might help us debug this:

Chain exists of:
  slock-AF_INET6 --> &(&net->xfrm.xfrm_policy_lock)->rlock --> cpu_hotplug_lock.rw_sem

 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(cpu_hotplug_lock.rw_sem);
                               local_irq_disable();
                               lock(slock-AF_INET6);
                               lock(&(&net->xfrm.xfrm_policy_lock)->rlock);
  <Interrupt>
    lock(slock-AF_INET6);

 *** DEADLOCK ***

2 locks held by syz-executor0/7890:
 #0:  (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000178fbec8>] pfkey_sendmsg+0x4ce/0xa00 net/key/af_key.c:3647
 #1:  (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000333634fe>] spin_lock_bh include/linux/spinlock.h:315 [inline]
 #1:  (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000333634fe>] xfrm_policy_flush+0x424/0x770 net/xfrm/xfrm_policy.c:951

the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
 -> (slock-AF_INET6){+.-.} ops: 45640 {
    HARDIRQ-ON-W at:
                      lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
                      __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
                      _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168
                      spin_lock_bh include/linux/spinlock.h:315 [inline]
                      lock_sock_nested+0x44/0x110 net/core/sock.c:2772
                      lock_sock include/net/sock.h:1463 [inline]
                      sock_setsockopt+0x16b/0x1af0 net/core/sock.c:717
                      SYSC_setsockopt net/socket.c:1819 [inline]
                      SyS_setsockopt+0x2ff/0x360 net/socket.c:1802
                      entry_SYSCALL_64_fastpath+0x23/0x9a
    IN-SOFTIRQ-W at:
                      lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
                      __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
                      _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
                      spin_lock include/linux/spinlock.h:310 [inline]
                      sctp_rcv+0x1ab1/0x35c0 net/sctp/input.c:242
                      ip_local_deliver_finish+0x2f1/0xc50 net/ipv4/ip_input.c:216
                      NF_HOOK include/linux/netfilter.h:288 [inline]
                      ip_local_deliver+0x1ce/0x6e0 net/ipv4/ip_input.c:257
                      dst_input include/net/dst.h:449 [inline]
                      ip_rcv_finish+0x953/0x1e30 net/ipv4/ip_input.c:397
                      NF_HOOK include/linux/netfilter.h:288 [inline]
                      ip_rcv+0xc5a/0x1840 net/ipv4/ip_input.c:493
                      __netif_receive_skb_core+0x1a41/0x3460 net/core/dev.c:4538
                      __netif_receive_skb+0x2c/0x1b0 net/core/dev.c:4603
                      process_backlog+0x203/0x740 net/core/dev.c:5283
                      napi_poll net/core/dev.c:5681 [inline]
                      net_rx_action+0x792/0x1910 net/core/dev.c:5747
                      __do_softirq+0x2d7/0xb85 kernel/softirq.c:285
                      do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1133
                      do_softirq.part.21+0x14d/0x190 kernel/softirq.c:329
                      do_softirq kernel/softirq.c:177 [inline]
                      __local_bh_enable_ip+0x1ee/0x230 kernel/softirq.c:182
                      local_bh_enable include/linux/bottom_half.h:32 [inline]
                      rcu_read_unlock_bh include/linux/rcupdate.h:727 [inline]
                      ip_finish_output2+0x90e/0x14f0 net/ipv4/ip_output.c:231
                      ip_finish_output+0x864/0xd10 net/ipv4/ip_output.c:317
                      NF_HOOK_COND include/linux/netfilter.h:277 [inline]
                      ip_output+0x1d2/0x860 net/ipv4/ip_output.c:405
                      dst_output include/net/dst.h:443 [inline]
                      ip_local_out+0x95/0x160 net/ipv4/ip_output.c:124
                      ip_queue_xmit+0x8c0/0x18e0 net/ipv4/ip_output.c:504
                      sctp_v4_xmit+0x108/0x140 net/sctp/protocol.c:994
                      sctp_packet_transmit+0x225e/0x3750 net/sctp/output.c:638
                      sctp_outq_flush+0xabb/0x4060 net/sctp/outqueue.c:911
                      sctp_outq_uncork+0x5a/0x70 net/sctp/outqueue.c:776
                      sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1807 [inline]
                      sctp_side_effects net/sctp/sm_sideeffect.c:1210 [inline]
                      sctp_do_sm+0x4e0/0x6ed0 net/sctp/sm_sideeffect.c:1181
                      sctp_primitive_ASSOCIATE+0x9d/0xd0 net/sctp/primitive.c:88
                      sctp_sendmsg+0x1d2e/0x33f0 net/sctp/socket.c:2018
                      inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:764
                      sock_sendmsg_nosec net/socket.c:630 [inline]
                      sock_sendmsg+0xca/0x110 net/socket.c:640
                      SYSC_sendto+0x361/0x5c0 net/socket.c:1721
                      SyS_sendto+0x40/0x50 net/socket.c:1689
                      entry_SYSCALL_64_fastpath+0x23/0x9a
    INITIAL USE at:
                     lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
                     __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
                     _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168
                     spin_lock_bh include/linux/spinlock.h:315 [inline]
                     lock_sock_nested+0x44/0x110 net/core/sock.c:2772
                     lock_sock include/net/sock.h:1463 [inline]
                     sock_setsockopt+0x16b/0x1af0 net/core/sock.c:717
                     SYSC_setsockopt net/socket.c:1819 [inline]
                     SyS_setsockopt+0x2ff/0x360 net/socket.c:1802
                     entry_SYSCALL_64_fastpath+0x23/0x9a
  }
  ... key      at: [<0000000020b70dc6>] af_family_slock_keys+0x50/0x180
  ... acquired at:
   __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
   _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168
   spin_lock_bh include/linux/spinlock.h:315 [inline]
   xfrm_policy_delete+0x3e/0x90 net/xfrm/xfrm_policy.c:1247
   xfrm_sk_free_policy include/net/xfrm.h:1256 [inline]
   inet_csk_destroy_sock+0x320/0x3f0 net/ipv4/inet_connection_sock.c:836
   dccp_close+0x853/0xc20 net/dccp/proto.c:1084
   inet_release+0xed/0x1c0 net/ipv4/af_inet.c:427
   inet6_release+0x50/0x70 net/ipv6/af_inet6.c:432
   sock_release+0x8d/0x1e0 net/socket.c:595
   sock_close+0x16/0x20 net/socket.c:1123
   __fput+0x327/0x7e0 fs/file_table.c:210
   ____fput+0x15/0x20 fs/file_table.c:244
   task_work_run+0x199/0x270 kernel/task_work.c:113
   exit_task_work include/linux/task_work.h:22 [inline]
   do_exit+0x9bb/0x1ad0 kernel/exit.c:865
   do_group_exit+0x149/0x400 kernel/exit.c:968
   get_signal+0x73f/0x16c0 kernel/signal.c:2335
   do_signal+0x90/0x1eb0 arch/x86/kernel/signal.c:809
   exit_to_usermode_loop+0x214/0x310 arch/x86/entry/common.c:158
   prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
   syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264
   entry_SYSCALL_64_fastpath+0x98/0x9a

-> (&(&net->xfrm.xfrm_policy_lock)->rlock){+...} ops: 363 {
   HARDIRQ-ON-W at:
                    lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
                    __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
                    _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168
                    spin_lock_bh include/linux/spinlock.h:315 [inline]
                    xfrm_migrate_policy_find net/xfrm/xfrm_policy.c:3090 [inline]
                    xfrm_migrate+0x4d9/0x1780 net/xfrm/xfrm_policy.c:3240
                    xfrm_do_migrate+0x990/0xd30 net/xfrm/xfrm_user.c:2308
                    xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591
                    netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441
                    xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599
                    netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline]
                    netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334
                    netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897
                    sock_sendmsg_nosec net/socket.c:630 [inline]
                    sock_sendmsg+0xca/0x110 net/socket.c:640
                    ___sys_sendmsg+0x767/0x8b0 net/socket.c:2020
                    __sys_sendmsg+0xe5/0x210 net/socket.c:2054
                    SYSC_sendmsg net/socket.c:2065 [inline]
                    SyS_sendmsg+0x2d/0x50 net/socket.c:2061
                    entry_SYSCALL_64_fastpath+0x23/0x9a
   INITIAL USE at:
                   lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
                   __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
                   _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168
                   spin_lock_bh include/linux/spinlock.h:315 [inline]
                   xfrm_migrate_policy_find net/xfrm/xfrm_policy.c:3090 [inline]
                   xfrm_migrate+0x4d9/0x1780 net/xfrm/xfrm_policy.c:3240
                   xfrm_do_migrate+0x990/0xd30 net/xfrm/xfrm_user.c:2308
                   xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591
                   netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441
                   xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599
                   netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline]
                   netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334
                   netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897
                   sock_sendmsg_nosec net/socket.c:630 [inline]
                   sock_sendmsg+0xca/0x110 net/socket.c:640
                   ___sys_sendmsg+0x767/0x8b0 net/socket.c:2020
                   __sys_sendmsg+0xe5/0x210 net/socket.c:2054
                   SYSC_sendmsg net/socket.c:2065 [inline]
                   SyS_sendmsg+0x2d/0x50 net/socket.c:2061
                   entry_SYSCALL_64_fastpath+0x23/0x9a
 }
 ... key      at: [<00000000df4ff186>] __key.66994+0x0/0x40
 ... acquired at:
   lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
   percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
   percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
   cpus_read_lock+0x42/0x90 kernel/cpu.c:293
   get_online_cpus include/linux/cpu.h:117 [inline]
   xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767
   xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978
   pfkey_spdflush+0x98/0x370 net/key/af_key.c:2750
   pfkey_process+0x611/0x720 net/key/af_key.c:2809
   pfkey_sendmsg+0x4dc/0xa00 net/key/af_key.c:3648
   sock_sendmsg_nosec net/socket.c:630 [inline]
   sock_sendmsg+0xca/0x110 net/socket.c:640
   ___sys_sendmsg+0x767/0x8b0 net/socket.c:2020
   __sys_sendmsg+0xe5/0x210 net/socket.c:2054
   SYSC_sendmsg net/socket.c:2065 [inline]
   SyS_sendmsg+0x2d/0x50 net/socket.c:2061
   entry_SYSCALL_64_fastpath+0x23/0x9a


the dependencies between the lock to be acquired
 and SOFTIRQ-irq-unsafe lock:
-> (cpu_hotplug_lock.rw_sem){++++} ops: 1074 {
   HARDIRQ-ON-W at:
                    lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
                    down_write+0x87/0x120 kernel/locking/rwsem.c:70
                    percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145
                    cpus_write_lock kernel/cpu.c:305 [inline]
                    _cpu_up+0x60/0x510 kernel/cpu.c:990
                    do_cpu_up+0x73/0xa0 kernel/cpu.c:1066
                    cpu_up+0x18/0x20 kernel/cpu.c:1074
                    smp_init+0x13a/0x152 kernel/smp.c:578
                    kernel_init_freeable+0x2fe/0x521 init/main.c:1067
                    kernel_init+0x13/0x172 init/main.c:999
                    ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524
   HARDIRQ-ON-R at:
                    lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
                    percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
                    percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
                    cpus_read_lock+0x42/0x90 kernel/cpu.c:293
                    get_online_cpus include/linux/cpu.h:117 [inline]
                    kmem_cache_create+0x26/0x2a0 mm/slab_common.c:440
                    debug_objects_mem_init+0xda/0x910 lib/debugobjects.c:1139
                    start_kernel+0x6dd/0x819 init/main.c:674
                    x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378
                    x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359
                    secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237
   SOFTIRQ-ON-W at:
                    lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
                    down_write+0x87/0x120 kernel/locking/rwsem.c:70
                    percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145
                    cpus_write_lock kernel/cpu.c:305 [inline]
                    _cpu_up+0x60/0x510 kernel/cpu.c:990
                    do_cpu_up+0x73/0xa0 kernel/cpu.c:1066
                    cpu_up+0x18/0x20 kernel/cpu.c:1074
                    smp_init+0x13a/0x152 kernel/smp.c:578
                    kernel_init_freeable+0x2fe/0x521 init/main.c:1067
                    kernel_init+0x13/0x172 init/main.c:999
                    ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524
   SOFTIRQ-ON-R at:
                    lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
                    percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
                    percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
                    cpus_read_lock+0x42/0x90 kernel/cpu.c:293
                    get_online_cpus include/linux/cpu.h:117 [inline]
                    kmem_cache_create+0x26/0x2a0 mm/slab_common.c:440
                    debug_objects_mem_init+0xda/0x910 lib/debugobjects.c:1139
                    start_kernel+0x6dd/0x819 init/main.c:674
                    x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378
                    x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359
                    secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237
   INITIAL USE at:
                   lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
                   percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
                   percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
                   cpus_read_lock kernel/cpu.c:293 [inline]
                   __cpuhp_setup_state+0x60/0x140 kernel/cpu.c:1670
                   cpuhp_setup_state_nocalls include/linux/cpuhotplug.h:229 [inline]
                   kvm_guest_init+0x1f3/0x20f arch/x86/kernel/kvm.c:528
                   setup_arch+0x1801/0x1a13 arch/x86/kernel/setup.c:1265
                   start_kernel+0xcd/0x819 init/main.c:535
                   x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378
                   x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359
                   secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237
 }
 ... key      at: [<00000000d9b461ef>] cpu_hotplug_lock+0xd8/0x140
 ... acquired at:
   lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
   percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
   percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
   cpus_read_lock+0x42/0x90 kernel/cpu.c:293
   get_online_cpus include/linux/cpu.h:117 [inline]
   xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767
   xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978
   pfkey_spdflush+0x98/0x370 net/key/af_key.c:2750
   pfkey_process+0x611/0x720 net/key/af_key.c:2809
   pfkey_sendmsg+0x4dc/0xa00 net/key/af_key.c:3648
   sock_sendmsg_nosec net/socket.c:630 [inline]
   sock_sendmsg+0xca/0x110 net/socket.c:640
   ___sys_sendmsg+0x767/0x8b0 net/socket.c:2020
   __sys_sendmsg+0xe5/0x210 net/socket.c:2054
   SYSC_sendmsg net/socket.c:2065 [inline]
   SyS_sendmsg+0x2d/0x50 net/socket.c:2061
   entry_SYSCALL_64_fastpath+0x23/0x9a


stack backtrace:
CPU: 0 PID: 7890 Comm: syz-executor0 Tainted: G        W        4.15.0-rc7+ #187
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 print_bad_irq_dependency kernel/locking/lockdep.c:1565 [inline]
 check_usage+0xad0/0xb60 kernel/locking/lockdep.c:1597
 check_irq_usage kernel/locking/lockdep.c:1653 [inline]
 check_prev_add_irq kernel/locking/lockdep_states.h:8 [inline]
 check_prev_add kernel/locking/lockdep.c:1863 [inline]
 check_prevs_add kernel/locking/lockdep.c:1971 [inline]
 validate_chain kernel/locking/lockdep.c:2412 [inline]
 __lock_acquire+0x2bd1/0x3e00 kernel/locking/lockdep.c:3426
 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
 percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
 cpus_read_lock+0x42/0x90 kernel/cpu.c:293
 get_online_cpus include/linux/cpu.h:117 [inline]
 xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767
 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978
 pfkey_spdflush+0x98/0x370 net/key/af_key.c:2750
 pfkey_process+0x611/0x720 net/key/af_key.c:2809
 pfkey_sendmsg+0x4dc/0xa00 net/key/af_key.c:3648
 sock_sendmsg_nosec net/socket.c:630 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:640
 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2020
 __sys_sendmsg+0xe5/0x210 net/socket.c:2054
 SYSC_sendmsg net/socket.c:2065 [inline]
 SyS_sendmsg+0x2d/0x50 net/socket.c:2061
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452cf9
RSP: 002b:00007f190691dc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452cf9
RDX: 0000000000000000 RSI: 000000002057f000 RDI: 0000000000000013
RBP: 0000000000000595 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f6698
R13: 00000000ffffffff R14: 00007f190691e6d4 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
CPU: 0 PID: 8773 Comm: syz-executor6 Tainted: G        W        4.15.0-rc7+ #187
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3368 [inline]
 kmem_cache_alloc+0x47/0x760 mm/slab.c:3542
 kmem_cache_zalloc include/linux/slab.h:678 [inline]
 ebitmap_cpy+0xce/0x260 security/selinux/ss/ebitmap.c:60
 mls_context_cpy security/selinux/ss/context.h:51 [inline]
 mls_compute_sid+0x555/0x930 security/selinux/ss/mls.c:556
 security_compute_sid+0x8df/0x18f0 security/selinux/ss/services.c:1724
 security_transition_sid+0x75/0x90 security/selinux/ss/services.c:1763
 socket_sockcreate_sid security/selinux/hooks.c:4335 [inline]
 selinux_socket_create+0x3cf/0x740 security/selinux/hooks.c:4368
 security_socket_create+0x83/0xc0 security/security.c:1338
 __sock_create+0xf7/0x850 net/socket.c:1214
 sock_create net/socket.c:1299 [inline]
 SYSC_socket net/socket.c:1329 [inline]
 SyS_socket+0xeb/0x1d0 net/socket.c:1309
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452cf9
RSP: 002b:00007fbd371f5c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 00007fbd371f5aa0 RCX: 0000000000452cf9
RDX: 0000000000000084 RSI: 0000000000000001 RDI: 0000000000000002
RBP: 00007fbd371f5a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b798c
R13: 00007fbd371f5bc8 R14: 00000000004b798c R15: 0000000000000000
CPU: 1 PID: 8792 Comm: syz-executor5 Tainted: G        W        4.15.0-rc7+ #187
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3289 [inline]
 kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632
 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:983 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1180 [inline]
 netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1872
 sock_sendmsg_nosec net/socket.c:630 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:640
 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2020
 __sys_sendmsg+0xe5/0x210 net/socket.c:2054
 SYSC_sendmsg net/socket.c:2065 [inline]
 SyS_sendmsg+0x2d/0x50 net/socket.c:2061
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452cf9
RSP: 002b:00007f16739abc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f16739abaa0 RCX: 0000000000452cf9
RDX: 0000000000000000 RSI: 0000000020306000 RDI: 0000000000000013
RBP: 00007f16739aba90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b798c
R13: 00007f16739abbc8 R14: 00000000004b798c R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 8809 Comm: syz-executor6 Tainted: G        W        4.15.0-rc7+ #187
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3368 [inline]
 kmem_cache_alloc+0x47/0x760 mm/slab.c:3542
 kmem_cache_zalloc include/linux/slab.h:678 [inline]
 ebitmap_cpy+0xce/0x260 security/selinux/ss/ebitmap.c:60
 mls_context_cpy security/selinux/ss/context.h:51 [inline]
 mls_compute_sid+0x555/0x930 security/selinux/ss/mls.c:556
 security_compute_sid+0x8df/0x18f0 security/selinux/ss/services.c:1724
 security_transition_sid+0x75/0x90 security/selinux/ss/services.c:1763
 socket_sockcreate_sid security/selinux/hooks.c:4335 [inline]
 selinux_socket_create+0x3cf/0x740 security/selinux/hooks.c:4368
 security_socket_create+0x83/0xc0 security/security.c:1338
 __sock_create+0xf7/0x850 net/socket.c:1214
 sock_create net/socket.c:1299 [inline]
 SYSC_socket net/socket.c:1329 [inline]
 SyS_socket+0xeb/0x1d0 net/socket.c:1309
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452cf9
RSP: 002b:00007fbd371f5c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 00007fbd371f5aa0 RCX: 0000000000452cf9
RDX: 0000000000000084 RSI: 0000000000000001 RDI: 0000000000000002
RBP: 00007fbd371f5a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b798c
R13: 00007fbd371f5bc8 R14: 00000000004b798c R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 8852 Comm: syz-executor0 Tainted: G        W        4.15.0-rc7+ #187
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3289 [inline]
 kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632
 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:983 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1180 [inline]
 netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1872
 sock_sendmsg_nosec net/socket.c:630 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:640
 sock_write_iter+0x31a/0x5d0 net/socket.c:909
 call_write_iter include/linux/fs.h:1772 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:482
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452cf9
RSP: 002b:00007f190691dc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f190691daa0 RCX: 0000000000452cf9
RDX: 0000000000000026 RSI: 0000000020dfa000 RDI: 0000000000000013
RBP: 00007f190691da90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b798c
R13: 00007f190691dbc8 R14: 00000000004b798c R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 8869 Comm: syz-executor7 Tainted: G        W        4.15.0-rc7+ #187
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3289 [inline]
 kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632
 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:983 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1180 [inline]
 netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1872
 sock_sendmsg_nosec net/socket.c:630 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:640
 SYSC_sendto+0x361/0x5c0 net/socket.c:1721
 SyS_sendto+0x40/0x50 net/socket.c:1689
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452cf9
RSP: 002b:00007fe0b80b5c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007fe0b80b5aa0 RCX: 0000000000452cf9
RDX: 0000000000000012 RSI: 0000000020cfefee RDI: 0000000000000013
RBP: 00007fe0b80b5a90 R08: 0000000020000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b798c
R13: 00007fe0b80b5bc8 R14: 00000000004b798c R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 8878 Comm: syz-executor0 Tainted: G        W        4.15.0-rc7+ #187
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3289 [inline]
 kmem_cache_alloc_node_trace+0x5a/0x750 mm/slab.c:3651
 __do_kmalloc_node mm/slab.c:3671 [inline]
 __kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3686
 __kmalloc_reserve.isra.39+0x41/0xd0 net/core/skbuff.c:137
 __alloc_skb+0x13b/0x780 net/core/skbuff.c:205
 alloc_skb include/linux/skbuff.h:983 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1180 [inline]
 netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1872
 sock_sendmsg_nosec net/socket.c:630 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:640
 sock_write_iter+0x31a/0x5d0 net/socket.c:909
 call_write_iter include/linux/fs.h:1772 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:482
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452cf9
RSP: 002b:00007f190691dc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f190691daa0 RCX: 0000000000452cf9
RDX: 0000000000000026 RSI: 0000000020dfa000 RDI: 0000000000000013
RBP: 00007f190691da90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b798c
R13: 00007f190691dbc8 R14: 00000000004b798c R15: 0000000000000000
CPU: 0 PID: 8853 Comm: syz-executor6 Tainted: G        W        4.15.0-rc7+ #187
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3368 [inline]
 kmem_cache_alloc+0x47/0x760 mm/slab.c:3542
 kmem_cache_zalloc include/linux/slab.h:678 [inline]
 ebitmap_cpy+0xce/0x260 security/selinux/ss/ebitmap.c:60
 mls_context_cpy security/selinux/ss/context.h:51 [inline]
 mls_compute_sid+0x555/0x930 security/selinux/ss/mls.c:556
 security_compute_sid+0x8df/0x18f0 security/selinux/ss/services.c:1724
 security_transition_sid+0x75/0x90 security/selinux/ss/services.c:1763
 socket_sockcreate_sid security/selinux/hooks.c:4335 [inline]
 selinux_socket_create+0x3cf/0x740 security/selinux/hooks.c:4368
 security_socket_create+0x83/0xc0 security/security.c:1338
 __sock_create+0xf7/0x850 net/socket.c:1214
 sock_create net/socket.c:1299 [inline]
 SYSC_socket net/socket.c:1329 [inline]
 SyS_socket+0xeb/0x1d0 net/socket.c:1309
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452cf9
RSP: 002b:00007fbd371f5c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 00007fbd371f5aa0 RCX: 0000000000452cf9
RDX: 0000000000000084 RSI: 0000000000000001 RDI: 0000000000000002
RBP: 00007fbd371f5a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b798c
R13: 00007fbd371f5bc8 R14: 00000000004b798c R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 8891 Comm: syz-executor7 Tainted: G        W        4.15.0-rc7+ #187
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3289 [inline]
 kmem_cache_alloc_node_trace+0x5a/0x750 mm/slab.c:3651
 __do_kmalloc_node mm/slab.c:3671 [inline]
 __kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3686
 __kmalloc_reserve.isra.39+0x41/0xd0 net/core/skbuff.c:137
 __alloc_skb+0x13b/0x780 net/core/skbuff.c:205
 alloc_skb include/linux/skbuff.h:983 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1180 [inline]
 netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1872
 sock_sendmsg_nosec net/socket.c:630 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:640
 SYSC_sendto+0x361/0x5c0 net/socket.c:1721
 SyS_sendto+0x40/0x50 net/socket.c:1689
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452cf9
RSP: 002b:00007fe0b80b5c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007fe0b80b5aa0 RCX: 0000000000452cf9
RDX: 0000000000000012 RSI: 0000000020cfefee RDI: 0000000000000013
RBP: 00007fe0b80b5a90 R08: 0000000020000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b798c
R13: 00007fe0b80b5bc8 R14: 00000000004b798c R15: 0000000000000000
CPU: 0 PID: 8887 Comm: syz-executor0 Tainted: G        W        4.15.0-rc7+ #187
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3289 [inline]
 kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632
 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:983 [inline]
 netlink_dump+0x545/0xcf0 net/netlink/af_netlink.c:2203
 __netlink_dump_start+0x4f0/0x6d0 net/netlink/af_netlink.c:2319
 netlink_dump_start include/linux/netlink.h:214 [inline]
 rtnetlink_rcv_msg+0x7f0/0xb10 net/core/rtnetlink.c:4493
 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441
 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4548
 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline]
 netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334
 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897
 sock_sendmsg_nosec net/socket.c:630 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:640
 sock_write_iter+0x31a/0x5d0 net/socket.c:909
 call_write_iter include/linux/fs.h:1772 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:482
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452cf9
RSP: 002b:00007f190691dc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f190691daa0 RCX: 0000000000452cf9
RDX: 0000000000000026 RSI: 0000000020dfa000 RDI: 0000000000000013
RBP: 00007f190691da90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b798c
R13: 00007f190691dbc8 R14: 00000000004b798c R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 8910 Comm: syz-executor7 Tainted: G        W        4.15.0-rc7+ #187
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3289 [inline]
 kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632
 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:983 [inline]
 netlink_dump+0x545/0xcf0 net/netlink/af_netlink.c:2203
 __netlink_dump_start+0x4f0/0x6d0 net/netlink/af_netlink.c:2319
 netlink_dump_start include/linux/netlink.h:214 [inline]
 rtnetlink_rcv_msg+0x7f0/0xb10 net/core/rtnetlink.c:4493
 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441
 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4548
 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline]
 netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334
 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897
 sock_sendmsg_nosec net/socket.c:630 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:640
 SYSC_sendto+0x361/0x5c0 net/socket.c:1721
 SyS_sendto+0x40/0x50 net/socket.c:1689
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452cf9
RSP: 002b:00007fe0b80b5c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007fe0b80b5aa0 RCX: 0000000000452cf9
RDX: 0000000000000012 RSI: 0000000020cfefee RDI: 0000000000000013
RBP: 00007fe0b80b5a90 R08: 0000000020000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b798c
R13: 00007fe0b80b5bc8 R14: 00000000004b798c R15: 0000000000000000
netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1025 sclass=netlink_route_socket pig=9631 comm=syz-executor7
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
can: request_module (can-proto-3) failed.
can: request_module (can-proto-3) failed.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10169 comm=syz-executor0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10185 comm=syz-executor0