should_failslab+0x9/0x14 mm/slab_common.c:1603 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc_node mm/slab.c:3288 [inline] kmem_cache_alloc_node+0x270/0x730 mm/slab.c:3631 refcount_t overflow at refcount_add_not_zero arch/x86/include/asm/refcount.h:96 [inline] in syz-executor.1[7787], uid/euid: 0/0 refcount_t overflow at refcount_inc_not_zero arch/x86/include/asm/refcount.h:109 [inline] in syz-executor.1[7787], uid/euid: 0/0 refcount_t overflow at maybe_get_net include/net/net_namespace.h:235 [inline] in syz-executor.1[7787], uid/euid: 0/0 refcount_t overflow at tcf_exts_get_net include/net/pkt_cls.h:316 [inline] in syz-executor.1[7787], uid/euid: 0/0 refcount_t overflow at u32_change+0x148f/0x31b8 net/sched/cls_u32.c:937 in syz-executor.1[7787], uid/euid: 0/0 __alloc_skb+0xa7/0x570 net/core/skbuff.c:196 alloc_skb include/linux/skbuff.h:1011 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1182 [inline] netlink_sendmsg+0x810/0xc40 net/netlink/af_netlink.c:1900 WARNING: CPU: 0 PID: 7787 at kernel/panic.c:683 refcount_error_report+0x1a4/0x202 kernel/panic.c:679 Kernel panic - not syncing: panic_on_warn set ... sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:631 ___sys_sendmsg+0x28e/0x950 net/socket.c:2136 __sys_sendmmsg+0x160/0x380 net/socket.c:2231 __do_sys_sendmmsg net/socket.c:2260 [inline] __se_sys_sendmmsg net/socket.c:2257 [inline] __x64_sys_sendmmsg+0x98/0x100 net/socket.c:2257 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45b349 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f1e86d15c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007f1e86d166d4 RCX: 000000000045b349 RDX: 049249249249278c RSI: 0000000020000140 RDI: 0000000000000008 RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 R13: 00000000000008a8 R14: 00000000004ca02a R15: 0000000000000009 CPU: 0 PID: 7787 Comm: syz-executor.1 Not tainted 5.0.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 panic+0x212/0x40b kernel/panic.c:214 __warn.cold.8+0x1b/0x38 kernel/panic.c:571 report_bug+0x1a4/0x200 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973 RIP: 0010:refcount_error_report+0x1a4/0x202 kernel/panic.c:679 Code: 25 40 ee 01 00 48 81 c1 a8 06 00 00 80 3c 02 00 75 57 48 8b 93 80 00 00 00 41 55 4c 89 e6 48 c7 c7 00 96 48 87 e8 6f 00 00 00 <0f> 0b 58 e9 80 fe ff ff 44 89 4d dc e8 fb 2f 59 00 44 8b 4d dc eb RSP: 0018:ffff88808d136f38 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88808d1370b8 RCX: 0000000000000000 RDX: 0000000000000004 RSI: ffffffff8787d2a0 RDI: ffffffff8a379ea0 RBP: ffff88808d136f70 R08: ffffed1015d05021 R09: ffffed1015d05020 R10: ffffed1015d05020 R11: ffff8880ae828107 R12: ffffffff87478080 R13: 0000000000000000 R14: ffff8880894dc5c0 R15: 0000000000000000 ex_handler_refcount+0x10e/0x180 arch/x86/mm/extable.c:85 fixup_exception+0x90/0xcf arch/x86/mm/extable.c:283 do_trap_no_signal arch/x86/kernel/traps.c:206 [inline] do_trap+0x6a/0x250 arch/x86/kernel/traps.c:250 do_error_trap+0xd6/0x200 arch/x86/kernel/traps.c:277 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973 RIP: 0010:refcount_add_not_zero arch/x86/include/asm/refcount.h:104 [inline] RIP: 0010:refcount_inc_not_zero arch/x86/include/asm/refcount.h:109 [inline] RIP: 0010:maybe_get_net include/net/net_namespace.h:235 [inline] RIP: 0010:tcf_exts_get_net include/net/pkt_cls.h:316 [inline] RIP: 0010:u32_change+0x148f/0x31b8 net/sched/cls_u32.c:937 Code: 1f 3d ff ff ff 7f 40 0f 94 c7 40 08 f7 75 09 41 39 c4 0f 8d 40 ff ff ff 4c 8b a5 80 fe ff ff 45 89 f0 4d 89 fe e9 91 95 51 01 75 ff ff ff 4c 8b ad 40 ff ff ff 4d 85 ed 0f 84 b8 0a 00 00 49 RSP: 0018:ffff88808d137160 EFLAGS: 00010a12 RAX: 00000000c0000000 RBX: 1ffff11011a26e3b RCX: ffff88808ea24184 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88808ea24184 RBP: ffff88808d137348 R08: 0000000000000000 R09: ffffed1011d44830 R10: ffffed1011d44830 R11: ffff88808ea24187 R12: ffff88808ea24180 R13: ffff888099172300 R14: ffff88808ea24184 R15: 00000000c0000001 tc_new_tfilter+0xcb4/0x1a90 net/sched/cls_api.c:2148 rtnetlink_rcv_msg+0x636/0x8f0 net/core/rtnetlink.c:5183 netlink_rcv_skb+0x13c/0x380 net/netlink/af_netlink.c:2485 rtnetlink_rcv+0x10/0x20 net/core/rtnetlink.c:5210 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x43d/0x640 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x765/0xc40 net/netlink/af_netlink.c:1925 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:631 ___sys_sendmsg+0x28e/0x950 net/socket.c:2136 __sys_sendmmsg+0x160/0x380 net/socket.c:2231 __do_sys_sendmmsg net/socket.c:2260 [inline] __se_sys_sendmmsg net/socket.c:2257 [inline] __x64_sys_sendmmsg+0x98/0x100 net/socket.c:2257 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45b349 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fd10ce71c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007fd10ce726d4 RCX: 000000000045b349 RDX: 049249249249278c RSI: 0000000020000140 RDI: 0000000000000008 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 R13: 00000000000008a8 R14: 00000000004ca02a R15: 0000000000000009 CPU: 1 PID: 7803 Comm: syz-executor.4 Not tainted 5.0.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0x5/0x13 lib/fault-inject.c:149 __should_failslab+0xba/0xf0 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1603 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc_node mm/slab.c:3288 [inline] kmem_cache_alloc_node+0x270/0x730 mm/slab.c:3631 __alloc_skb+0xa7/0x570 net/core/skbuff.c:196 alloc_skb include/linux/skbuff.h:1011 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1182 [inline] netlink_sendmsg+0x810/0xc40 net/netlink/af_netlink.c:1900 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:631 ___sys_sendmsg+0x28e/0x950 net/socket.c:2136 __sys_sendmmsg+0x160/0x380 net/socket.c:2231 __do_sys_sendmmsg net/socket.c:2260 [inline] __se_sys_sendmmsg net/socket.c:2257 [inline] __x64_sys_sendmmsg+0x98/0x100 net/socket.c:2257 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45b349 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f4c63bcbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007f4c63bcc6d4 RCX: 000000000045b349 RDX: 049249249249278c RSI: 0000000020000140 RDI: 0000000000000007 RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 R13: 00000000000008a8 R14: 00000000004ca02a R15: 0000000000000009 Kernel Offset: disabled Rebooting in 86400 seconds..