================================ WARNING: inconsistent lock state 4.17.0-rc2+ #22 Not tainted -------------------------------- inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. syz-fuzzer/4482 [HC1[1]:SC0[0]:HE0:SE1] takes: (ptrval) (fs_reclaim){?.+.}, at: fs_reclaim_acquire.part.82+0x0/0x30 mm/page_alloc.c:463 {HARDIRQ-ON-W} state was registered at: lock_acquire+0x1dc/0x520 kernel/locking/lockdep.c:3920 fs_reclaim_acquire.part.82+0x24/0x30 mm/page_alloc.c:3739 fs_reclaim_acquire+0x14/0x20 mm/page_alloc.c:3740 slab_pre_alloc_hook mm/slab.h:418 [inline] slab_alloc_node mm/slab.c:3299 [inline] kmem_cache_alloc_node_trace+0x39/0x770 mm/slab.c:3661 kmalloc_node include/linux/slab.h:550 [inline] kzalloc_node include/linux/slab.h:712 [inline] alloc_worker+0xbd/0x2e0 kernel/workqueue.c:1704 init_rescuer.part.25+0x1f/0x190 kernel/workqueue.c:4000 init_rescuer kernel/workqueue.c:3997 [inline] workqueue_init+0x51f/0x7d0 kernel/workqueue.c:5732 kernel_init_freeable+0x2ad/0x58e init/main.c:1115 kernel_init+0x11/0x1b3 init/main.c:1053 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412 irq event stamp: 539790 hardirqs last enabled at (539789): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (539789): [] _raw_spin_unlock_irqrestore+0x74/0xc0 kernel/locking/spinlock.c:184 hardirqs last disabled at (539790): [] interrupt_entry+0xb5/0xf0 arch/x86/entry/entry_64.S:625 softirqs last enabled at (539784): [] rcu_read_unlock_bh include/linux/rcupdate.h:724 [inline] softirqs last enabled at (539784): [] ip_finish_output2+0xa7f/0x1840 net/ipv4/ip_output.c:231 softirqs last disabled at (539766): [] lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline] softirqs last disabled at (539766): [] ip_finish_output2+0x30b/0x1840 net/ipv4/ip_output.c:213 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(fs_reclaim); lock(fs_reclaim); *** DEADLOCK *** 1 lock held by syz-fuzzer/4482: #0: (ptrval) (sk_lock-AF_INET){+.+.}, at: lock_sock include/net/sock.h:1469 [inline] #0: (ptrval) (sk_lock-AF_INET){+.+.}, at: tcp_sendmsg+0x21/0x50 net/ipv4/tcp.c:1445 stack backtrace: CPU: 1 PID: 4482 Comm: syz-fuzzer Not tainted 4.17.0-rc2+ #22 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 print_usage_bug.cold.59+0x320/0x41a kernel/locking/lockdep.c:2542 valid_state kernel/locking/lockdep.c:2555 [inline] mark_lock_irq kernel/locking/lockdep.c:2749 [inline] mark_lock+0x1034/0x19e0 kernel/locking/lockdep.c:3147 mark_irqflags kernel/locking/lockdep.c:3022 [inline] __lock_acquire+0x1595/0x5140 kernel/locking/lockdep.c:3388 lock_acquire+0x1dc/0x520 kernel/locking/lockdep.c:3920 fs_reclaim_acquire.part.82+0x24/0x30 mm/page_alloc.c:3739 fs_reclaim_acquire+0x14/0x20 mm/page_alloc.c:3740 slab_pre_alloc_hook mm/slab.h:418 [inline] slab_alloc mm/slab.c:3378 [inline] __do_kmalloc mm/slab.c:3716 [inline] __kmalloc+0x45/0x760 mm/slab.c:3727 kmalloc_array include/linux/slab.h:631 [inline] kcalloc include/linux/slab.h:642 [inline] numa_crng_init drivers/char/random.c:798 [inline] crng_reseed+0x427/0x920 drivers/char/random.c:923 credit_entropy_bits+0x98d/0xa30 drivers/char/random.c:708 add_interrupt_randomness+0x494/0x860 drivers/char/random.c:1254 handle_irq_event_percpu+0xf9/0x1c0 kernel/irq/handle.c:191 handle_irq_event+0xa7/0x135 kernel/irq/handle.c:206 handle_edge_irq+0x20f/0x870 kernel/irq/chip.c:791 generic_handle_irq_desc include/linux/irqdesc.h:159 [inline] handle_irq+0x18c/0x2e7 arch/x86/kernel/irq_64.c:77 do_IRQ+0x78/0x190 arch/x86/kernel/irq.c:245 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:642 RIP: 0010:tcp_sendmsg_locked+0x257b/0x3e10 net/ipv4/tcp.c:1412 RSP: 0018:ffff8801af89f600 EFLAGS: 00000293 ORIG_RAX: ffffffffffffffd8 RAX: dffffc0000000000 RBX: ffff8801af89f748 RCX: ffffffff864edb3e RDX: ffff8801af89f808 RSI: ffffffff864a01fc RDI: 0000000000000000 RBP: ffff8801af89f970 R08: ffff8801afb0c040 R09: 0000000000000006 R10: ffff8801afb0c040 R11: 0000000000000000 R12: 0000000000000048 R13: ffff8801d8e72280 R14: 00000000000005f8 R15: ffff8801cd4eaa80 tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1446 inet_sendmsg+0x19f/0x690 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:639 sock_write_iter+0x35a/0x5a0 net/socket.c:908 call_write_iter include/linux/fs.h:1784 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x64d/0x960 fs/read_write.c:487 vfs_write+0x1f8/0x560 fs/read_write.c:549 ksys_write+0xf9/0x250 fs/read_write.c:598 __do_sys_write fs/read_write.c:610 [inline] __se_sys_write fs/read_write.c:607 [inline] __x64_sys_write+0x73/0xb0 fs/read_write.c:607 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x47fc44 RSP: 002b:000000c423393840 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fc44 RDX: 00000000000005f8 RSI: 000000c425fe7000 RDI: 0000000000000003 RBP: 000000c423393890 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000040 R14: 0000000000000011 R15: 000000c42003c128 BUG: sleeping function called from invalid context at mm/slab.h:421 in_atomic(): 1, irqs_disabled(): 1, pid: 4482, name: syz-fuzzer INFO: lockdep is turned off. irq event stamp: 539790 hardirqs last enabled at (539789): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (539789): [] _raw_spin_unlock_irqrestore+0x74/0xc0 kernel/locking/spinlock.c:184 hardirqs last disabled at (539790): [] interrupt_entry+0xb5/0xf0 arch/x86/entry/entry_64.S:625 softirqs last enabled at (539784): [] rcu_read_unlock_bh include/linux/rcupdate.h:724 [inline] softirqs last enabled at (539784): [] ip_finish_output2+0xa7f/0x1840 net/ipv4/ip_output.c:231 softirqs last disabled at (539766): [] lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline] softirqs last disabled at (539766): [] ip_finish_output2+0x30b/0x1840 net/ipv4/ip_output.c:213 CPU: 1 PID: 4482 Comm: syz-fuzzer Not tainted 4.17.0-rc2+ #22 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 ___might_sleep.cold.87+0x11f/0x13a kernel/sched/core.c:6188 __might_sleep+0x95/0x190 kernel/sched/core.c:6141 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3378 [inline] __do_kmalloc mm/slab.c:3716 [inline] __kmalloc+0x2b9/0x760 mm/slab.c:3727 kmalloc_array include/linux/slab.h:631 [inline] kcalloc include/linux/slab.h:642 [inline] numa_crng_init drivers/char/random.c:798 [inline] crng_reseed+0x427/0x920 drivers/char/random.c:923 credit_entropy_bits+0x98d/0xa30 drivers/char/random.c:708 add_interrupt_randomness+0x494/0x860 drivers/char/random.c:1254 handle_irq_event_percpu+0xf9/0x1c0 kernel/irq/handle.c:191 handle_irq_event+0xa7/0x135 kernel/irq/handle.c:206 handle_edge_irq+0x20f/0x870 kernel/irq/chip.c:791 generic_handle_irq_desc include/linux/irqdesc.h:159 [inline] handle_irq+0x18c/0x2e7 arch/x86/kernel/irq_64.c:77 do_IRQ+0x78/0x190 arch/x86/kernel/irq.c:245 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:642 RIP: 0010:tcp_sendmsg_locked+0x257b/0x3e10 net/ipv4/tcp.c:1412 RSP: 0018:ffff8801af89f600 EFLAGS: 00000293 ORIG_RAX: ffffffffffffffd8 RAX: dffffc0000000000 RBX: ffff8801af89f748 RCX: ffffffff864edb3e RDX: ffff8801af89f808 RSI: ffffffff864a01fc RDI: 0000000000000000 RBP: ffff8801af89f970 R08: ffff8801afb0c040 R09: 0000000000000006 R10: ffff8801afb0c040 R11: 0000000000000000 R12: 0000000000000048 R13: ffff8801d8e72280 R14: 00000000000005f8 R15: ffff8801cd4eaa80 tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1446 inet_sendmsg+0x19f/0x690 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:639 sock_write_iter+0x35a/0x5a0 net/socket.c:908 call_write_iter include/linux/fs.h:1784 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x64d/0x960 fs/read_write.c:487 vfs_write+0x1f8/0x560 fs/read_write.c:549 ksys_write+0xf9/0x250 fs/read_write.c:598 __do_sys_write fs/read_write.c:610 [inline] __se_sys_write fs/read_write.c:607 [inline] __x64_sys_write+0x73/0xb0 fs/read_write.c:607 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x47fc44 RSP: 002b:000000c423393840 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fc44 RDX: 00000000000005f8 RSI: 000000c425fe7000 RDI: 0000000000000003 RBP: 000000c423393890 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000040 R14: 0000000000000011 R15: 000000c42003c128 random: crng init done netlink: 4 bytes leftover after parsing attributes in process `syz-executor7'. kernel msg: ebtables bug: please report to author: nentries does not equal the nr of entries in the chain netlink: 4 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor7'. kernel msg: ebtables bug: please report to author: nentries does not equal the nr of entries in the chain kernel msg: ebtables bug: please report to author: nentries does not equal the nr of entries in the chain netlink: 4 bytes leftover after parsing attributes in process `syz-executor7'. kernel msg: ebtables bug: please report to author: nentries does not equal the nr of entries in the chain netlink: 4 bytes leftover after parsing attributes in process `syz-executor7'. IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc netlink: 20 bytes leftover after parsing attributes in process `syz-executor6'. IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc IPVS: set_ctl: invalid protocol: 98 0.0.0.6:20000 lc netlink: 20 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 20 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 20 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 'syz-executor0': attribute type 1 has an invalid length. kernel msg: ebtables bug: please report to author: counter_offset != totalcnt sctp: [Deprecated]: syz-executor7 (pid 10255) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 'syz-executor0': attribute type 1 has an invalid length. kernel msg: ebtables bug: please report to author: counter_offset != totalcnt sctp: [Deprecated]: syz-executor7 (pid 10255) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 'syz-executor0': attribute type 1 has an invalid length. kernel msg: ebtables bug: please report to author: counter_offset != totalcnt sctp: [Deprecated]: syz-executor7 (pid 10312) Use of int in maxseg socket option. Use struct sctp_assoc_value instead kernel msg: ebtables bug: please report to author: counter_offset != totalcnt sctp: [Deprecated]: syz-executor7 (pid 10348) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 'syz-executor0': attribute type 1 has an invalid length. kernel msg: ebtables bug: please report to author: counter_offset != totalcnt sctp: [Deprecated]: syz-executor7 (pid 10425) Use of int in maxseg socket option. Use struct sctp_assoc_value instead xt_AUDIT: Audit type out of range (valid range: 0..2) xt_AUDIT: Audit type out of range (valid range: 0..2) xt_AUDIT: Audit type out of range (valid range: 0..2) xt_AUDIT: Audit type out of range (valid range: 0..2) netlink: 'syz-executor1': attribute type 1 has an invalid length. netlink: 'syz-executor1': attribute type 1 has an invalid length. netlink: 'syz-executor1': attribute type 1 has an invalid length. netlink: 'syz-executor1': attribute type 1 has an invalid length.