====================================================== WARNING: possible circular locking dependency detected 4.15.0-rc3+ #131 Not tainted ------------------------------------------------------ syz-executor2/17537 is trying to acquire lock: (&ctx->mutex){+.+.}, at: [<0000000090a73720>] perf_event_ctx_lock_nested+0x21b/0x450 kernel/events/core.c:1249 but task is already holding lock: (&pipe->mutex/1){+.+.}, at: [<00000000baac8ef7>] pipe_lock_nested fs/pipe.c:67 [inline] (&pipe->mutex/1){+.+.}, at: [<00000000baac8ef7>] pipe_lock+0x56/0x70 fs/pipe.c:75 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #8 (&pipe->mutex/1){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 pipe_lock_nested fs/pipe.c:67 [inline] pipe_lock+0x56/0x70 fs/pipe.c:75 iter_file_splice_write+0x264/0xf30 fs/splice.c:699 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 -> #7 (sb_writers){.+.+}: spin_lock include/linux/spinlock.h:315 [inline] __d_lookup+0x289/0x840 fs/dcache.c:2283 d_lookup+0x1b2/0x2e0 fs/dcache.c:2225 lookup_dcache+0x22/0x100 fs/namei.c:1484 __lookup_hash+0x2b/0x190 fs/namei.c:1525 filename_create+0x1c7/0x520 fs/namei.c:3626 -> #6 ((completion)&req.done){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 complete_acquire include/linux/completion.h:40 [inline] __wait_for_common kernel/sched/completion.c:109 [inline] wait_for_common kernel/sched/completion.c:123 [inline] wait_for_completion+0xcb/0x7b0 kernel/sched/completion.c:144 devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115 device_add+0x120f/0x1640 drivers/base/core.c:1824 device_create_groups_vargs+0x1f3/0x250 drivers/base/core.c:2430 device_create_vargs drivers/base/core.c:2470 [inline] device_create+0xda/0x110 drivers/base/core.c:2506 msr_device_create+0x26/0x40 arch/x86/kernel/msr.c:188 cpuhp_invoke_callback+0x2ea/0x1d20 kernel/cpu.c:182 cpuhp_thread_fun+0x48e/0x7e0 kernel/cpu.c:571 smpboot_thread_fn+0x450/0x7c0 kernel/smpboot.c:164 kthread+0x37a/0x440 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:441 -> #5 (cpuhp_state-up){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 cpuhp_lock_acquire kernel/cpu.c:85 [inline] cpuhp_invoke_ap_callback kernel/cpu.c:605 [inline] cpuhp_issue_call+0x1e5/0x520 kernel/cpu.c:1495 __cpuhp_setup_state_cpuslocked+0x282/0x600 kernel/cpu.c:1642 __cpuhp_setup_state+0xb0/0x140 kernel/cpu.c:1671 cpuhp_setup_state include/linux/cpuhotplug.h:201 [inline] page_writeback_init+0x4d/0x71 mm/page-writeback.c:2081 pagecache_init+0x48/0x4f mm/filemap.c:977 start_kernel+0x6bc/0x74f init/main.c:695 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 -> #4 (cpuhp_state_mutex){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 __cpuhp_setup_state_cpuslocked+0x5b/0x600 kernel/cpu.c:1617 __cpuhp_setup_state+0xb0/0x140 kernel/cpu.c:1671 cpuhp_setup_state_nocalls include/linux/cpuhotplug.h:229 [inline] kvm_guest_init+0x1f3/0x20f arch/x86/kernel/kvm.c:528 setup_arch+0x17e8/0x1a02 arch/x86/kernel/setup.c:1266 start_kernel+0xa5/0x74f init/main.c:530 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 -> #3 (cpu_hotplug_lock.rw_sem){++++}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 static_key_slow_inc+0x9d/0x3c0 kernel/jump_label.c:123 tracepoint_add_func kernel/tracepoint.c:223 [inline] tracepoint_probe_register_prio+0x80d/0x9a0 kernel/tracepoint.c:283 tracepoint_probe_register+0x2a/0x40 kernel/tracepoint.c:304 trace_event_reg+0x167/0x320 kernel/trace/trace_events.c:305 perf_trace_event_reg kernel/trace/trace_event_perf.c:122 [inline] perf_trace_event_init kernel/trace/trace_event_perf.c:197 [inline] perf_trace_init+0x4ef/0xab0 kernel/trace/trace_event_perf.c:221 perf_tp_event_init+0x7d/0xf0 kernel/events/core.c:7956 perf_try_init_event+0xc9/0x1f0 kernel/events/core.c:9182 perf_init_event kernel/events/core.c:9220 [inline] perf_event_alloc+0x1cc6/0x2b00 kernel/events/core.c:9484 SYSC_perf_event_open+0x842/0x2f10 kernel/events/core.c:9939 SyS_perf_event_open+0x39/0x50 kernel/events/core.c:9825 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 -> #2 (tracepoints_mutex){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 tracepoint_probe_register_prio+0xa0/0x9a0 kernel/tracepoint.c:279 tracepoint_probe_register+0x2a/0x40 kernel/tracepoint.c:304 trace_event_reg+0x167/0x320 kernel/trace/trace_events.c:305 perf_trace_event_reg kernel/trace/trace_event_perf.c:122 [inline] perf_trace_event_init kernel/trace/trace_event_perf.c:197 [inline] perf_trace_init+0x4ef/0xab0 kernel/trace/trace_event_perf.c:221 perf_tp_event_init+0x7d/0xf0 kernel/events/core.c:7956 perf_try_init_event+0xc9/0x1f0 kernel/events/core.c:9182 perf_init_event kernel/events/core.c:9220 [inline] perf_event_alloc+0x1cc6/0x2b00 kernel/events/core.c:9484 SYSC_perf_event_open+0x842/0x2f10 kernel/events/core.c:9939 SyS_perf_event_open+0x39/0x50 kernel/events/core.c:9825 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 -> #1 (event_mutex){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 perf_trace_init+0x58/0xab0 kernel/trace/trace_event_perf.c:216 perf_tp_event_init+0x7d/0xf0 kernel/events/core.c:7956 perf_try_init_event+0xc9/0x1f0 kernel/events/core.c:9182 perf_init_event kernel/events/core.c:9204 [inline] perf_event_alloc+0x1005/0x2b00 kernel/events/core.c:9484 inherit_event.isra.92+0x15b/0x920 kernel/events/core.c:10698 inherit_group kernel/events/core.c:10789 [inline] inherit_task_group.isra.94.part.95+0x73/0x240 kernel/events/core.c:10847 inherit_task_group kernel/events/core.c:10827 [inline] perf_event_init_context kernel/events/core.c:10898 [inline] perf_event_init_task+0x348/0x890 kernel/events/core.c:10966 copy_process.part.36+0x173b/0x4ae0 kernel/fork.c:1727 copy_process kernel/fork.c:1566 [inline] _do_fork+0x1ef/0xff0 kernel/fork.c:2045 SYSC_clone kernel/fork.c:2155 [inline] SyS_clone+0x37/0x50 kernel/fork.c:2149 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 -> #0 (&ctx->mutex){+.+.}: check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 perf_event_ctx_lock_nested+0x21b/0x450 kernel/events/core.c:1249 perf_event_ctx_lock kernel/events/core.c:1262 [inline] perf_read+0xb9/0x970 kernel/events/core.c:4507 do_loop_readv_writev fs/read_write.c:673 [inline] do_iter_read+0x3db/0x5b0 fs/read_write.c:897 vfs_readv+0x121/0x1c0 fs/read_write.c:959 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x508/0xae0 fs/splice.c:416 do_splice_to+0x110/0x170 fs/splice.c:880 do_splice fs/splice.c:1173 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x11a8/0x1630 fs/splice.c:1382 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 other info that might help us debug this: Chain exists of: &ctx->mutex --> sb_writers --> &pipe->mutex/1 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&pipe->mutex/1); lock(sb_writers); lock(&pipe->mutex/1); lock(&ctx->mutex); *** DEADLOCK *** 1 lock held by syz-executor2/17537: #0: (&pipe->mutex/1){+.+.}, at: [<00000000baac8ef7>] pipe_lock_nested fs/pipe.c:67 [inline] #0: (&pipe->mutex/1){+.+.}, at: [<00000000baac8ef7>] pipe_lock+0x56/0x70 fs/pipe.c:75 stack backtrace: CPU: 1 PID: 17537 Comm: syz-executor2 Not tainted 4.15.0-rc3+ #131 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug+0x42d/0x610 kernel/locking/lockdep.c:1271 check_prev_add+0x666/0x15f0 kernel/locking/lockdep.c:1914 check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 perf_event_ctx_lock_nested+0x21b/0x450 kernel/events/core.c:1249 perf_event_ctx_lock kernel/events/core.c:1262 [inline] perf_read+0xb9/0x970 kernel/events/core.c:4507 do_loop_readv_writev fs/read_write.c:673 [inline] do_iter_read+0x3db/0x5b0 fs/read_write.c:897 vfs_readv+0x121/0x1c0 fs/read_write.c:959 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x508/0xae0 fs/splice.c:416 do_splice_to+0x110/0x170 fs/splice.c:880 do_splice fs/splice.c:1173 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x11a8/0x1630 fs/splice.c:1382 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 RIP: 0023:0xf7f6ac79 RSP: 002b:00000000f776608c EFLAGS: 00000296 ORIG_RAX: 0000000000000139 RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000000000000 RDX: 0000000000000016 RSI: 0000000000000000 RDI: 00000000000000b9 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 sg_write: data in/out 156/14 bytes for SCSI command 0x85-- guessing data in; program syz-executor7 not setting count and/or reply_len properly nla_parse: 8 callbacks suppressed netlink: 16 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. rpcbind: RPC call returned error 22 device eql entered promiscuous mode rpcbind: RPC call returned error 22 binder: 17736:17745 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 17736:17745 BC_DEAD_BINDER_DONE 0000000000000004 not found binder: 17745 RLIMIT_NICE not set binder: 17736:17760 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 sctp: [Deprecated]: syz-executor5 (pid 17759) Use of int in maxseg socket option. Use struct sctp_assoc_value instead binder: 17736:17779 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 17736:17760 BC_DEAD_BINDER_DONE 0000000000000004 not found binder: 17736:17779 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. audit: type=1326 audit(1513326081.818:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17857 comm="syz-executor4" exe="/root/syz-executor4" sig=9 arch=40000003 syscall=240 compat=1 ip=0xf7f68c79 code=0x0 audit: type=1326 audit(1513326081.920:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=17857 comm="syz-executor4" exe="/root/syz-executor4" sig=9 arch=40000003 syscall=240 compat=1 ip=0xf7f68c79 code=0x0 sg_write: data in/out 156/14 bytes for SCSI command 0x85-- guessing data in; program syz-executor0 not setting count and/or reply_len properly binder: 18016:18018 ioctl 40046205 400000 returned -22 binder: 18016:18018 transaction failed 29189/-22, size 64-48 line 2775 sg_write: data in/out 156/14 bytes for SCSI command 0x85-- guessing data in; program syz-executor0 not setting count and/or reply_len properly binder: 18016:18018 ioctl 40046205 400000 returned -22 binder: 18016:18018 transaction failed 29189/-22, size 64-48 line 2775 QAT: Invalid ioctl QAT: Invalid ioctl audit: type=1326 audit(1513326082.925:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=18149 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7effc79 code=0x7ffc0000 audit: type=1326 audit(1513326082.925:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=18149 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7effc79 code=0x7ffc0000 audit: type=1326 audit(1513326082.926:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=18149 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7effc79 code=0x7ffc0000 audit: type=1326 audit(1513326082.926:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=18149 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=40000003 syscall=265 compat=1 ip=0xf7effc79 code=0x7ffc0000 audit: type=1326 audit(1513326082.926:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=18149 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7effc79 code=0x7ffc0000 audit: type=1326 audit(1513326082.926:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=18149 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=40000003 syscall=375 compat=1 ip=0xf7effc79 code=0x7ffc0000 audit: type=1326 audit(1513326082.926:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=18149 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=40000003 syscall=265 compat=1 ip=0xf7effc79 code=0x7ffc0000 audit: type=1326 audit(1513326082.926:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=18149 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7effc79 code=0x7ffc0000 audit: type=1326 audit(1513326082.926:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=18149 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=40000003 syscall=265 compat=1 ip=0xf7effc79 code=0x7ffc0000 audit: type=1326 audit(1513326082.926:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=18149 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=40000003 syscall=162 compat=1 ip=0xf7effc79 code=0x7ffc0000 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl binder: 18291:18294 ioctl c0306201 20000fd0 returned -14 binder: 18291:18315 got reply transaction with no transaction stack binder: 18291:18315 transaction failed 29201/-71, size 0-8 line 2690 binder: BINDER_SET_CONTEXT_MGR already set binder: 18291:18321 ioctl 40046207 0 returned -16 binder: 18291:18315 ioctl c0306201 20000fd0 returned -14 binder: 18291:18321 got reply transaction with no transaction stack binder: 18291:18321 transaction failed 29201/-71, size 0-8 line 2690 sctp: [Deprecated]: syz-executor4 (pid 18387) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=18472 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=18467 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=18467 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=18467 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=18479 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=18476 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=18467 comm=syz-executor7 nla_parse: 50 callbacks suppressed netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. device syz5 entered promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 18736 Comm: syz-executor6 Not tainted 4.15.0-rc3+ #131 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3292 [inline] kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3635 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:983 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1144 [inline] netlink_sendmsg+0xa86/0xe70 net/netlink/af_netlink.c:1836 sock_sendmsg_nosec net/socket.c:636 [inline] sock_sendmsg+0xca/0x110 net/socket.c:646 sock_write_iter+0x320/0x5e0 net/socket.c:915 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x68a/0x970 fs/read_write.c:482 vfs_write+0x18f/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 RIP: 0023:0xf7f8ac79 RSP: 002b:00000000f778608c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 000000002061cfde RDX: 000000000000001f RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. cgroup: cgroup2: unknown option "" binder: 18901:18906 DecRefs 0 refcount change on invalid ref 2 ret -22 cgroup: cgroup2: unknown option "" netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. binder: 18901:18906 DecRefs 0 refcount change on invalid ref 2 ret -22 netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode Bearer <> rejected, illegal name Bearer <> rejected, illegal name sock: sock_set_timeout: `syz-executor0' (pid 19486) tries to set negative timeout sock: sock_set_timeout: `syz-executor0' (pid 19492) tries to set negative timeout