====================================================== WARNING: possible circular locking dependency detected 4.15.0-rc1+ #107 Not tainted ------------------------------------------------------ syz-executor6/4635 is trying to acquire lock: (&ctx->mutex){+.+.}, at: [] perf_event_ctx_lock_nested+0x21b/0x450 kernel/events/core.c:1249 but task is already holding lock: (&pipe->mutex/1){+.+.}, at: [] pipe_lock_nested fs/pipe.c:67 [inline] (&pipe->mutex/1){+.+.}, at: [] pipe_lock+0x56/0x70 fs/pipe.c:75 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #8 (&pipe->mutex/1){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 pipe_lock_nested fs/pipe.c:67 [inline] pipe_lock+0x56/0x70 fs/pipe.c:75 iter_file_splice_write+0x264/0xf30 fs/splice.c:699 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 -> #7 (sb_writers){.+.+}: spin_lock include/linux/spinlock.h:315 [inline] devtmpfsd+0x224/0x4b0 drivers/base/devtmpfs.c:392 -> #6 ((completion)&req.done){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 complete_acquire include/linux/completion.h:40 [inline] __wait_for_common kernel/sched/completion.c:109 [inline] wait_for_common kernel/sched/completion.c:123 [inline] wait_for_completion+0xcb/0x7b0 kernel/sched/completion.c:144 devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115 device_add+0x120f/0x1640 drivers/base/core.c:1824 device_create_groups_vargs+0x1f3/0x250 drivers/base/core.c:2430 device_create_vargs drivers/base/core.c:2470 [inline] device_create+0xda/0x110 drivers/base/core.c:2506 msr_device_create+0x26/0x40 arch/x86/kernel/msr.c:188 cpuhp_invoke_callback+0x2ea/0x1d20 kernel/cpu.c:182 cpuhp_thread_fun+0x48e/0x7e0 kernel/cpu.c:571 smpboot_thread_fn+0x450/0x7c0 kernel/smpboot.c:164 kthread+0x37a/0x440 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:441 -> #5 (cpuhp_state-up){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 cpuhp_lock_acquire kernel/cpu.c:85 [inline] cpuhp_invoke_ap_callback kernel/cpu.c:605 [inline] cpuhp_issue_call+0x1e5/0x520 kernel/cpu.c:1495 __cpuhp_setup_state_cpuslocked+0x282/0x600 kernel/cpu.c:1642 __cpuhp_setup_state+0xb0/0x140 kernel/cpu.c:1671 cpuhp_setup_state include/linux/cpuhotplug.h:201 [inline] page_writeback_init+0x4d/0x71 mm/page-writeback.c:2084 pagecache_init+0x48/0x4f mm/filemap.c:977 start_kernel+0x6bc/0x74f init/main.c:690 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 -> #4 (cpuhp_state_mutex){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 __cpuhp_setup_state_cpuslocked+0x5b/0x600 kernel/cpu.c:1617 __cpuhp_setup_state+0xb0/0x140 kernel/cpu.c:1671 cpuhp_setup_state_nocalls include/linux/cpuhotplug.h:229 [inline] kvm_guest_init+0x1f3/0x20f arch/x86/kernel/kvm.c:528 setup_arch+0x17e8/0x1a02 arch/x86/kernel/setup.c:1266 start_kernel+0xa5/0x74f init/main.c:530 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 -> #3 (cpu_hotplug_lock.rw_sem){++++}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 static_key_slow_inc+0x9d/0x3c0 kernel/jump_label.c:123 tracepoint_add_func kernel/tracepoint.c:223 [inline] tracepoint_probe_register_prio+0x80d/0x9a0 kernel/tracepoint.c:283 tracepoint_probe_register+0x2a/0x40 kernel/tracepoint.c:304 trace_event_reg+0x167/0x320 kernel/trace/trace_events.c:305 perf_trace_event_reg kernel/trace/trace_event_perf.c:122 [inline] perf_trace_event_init kernel/trace/trace_event_perf.c:197 [inline] perf_trace_init+0x4ef/0xab0 kernel/trace/trace_event_perf.c:221 perf_tp_event_init+0x7d/0xf0 kernel/events/core.c:7953 perf_try_init_event+0xc9/0x1f0 kernel/events/core.c:9179 perf_init_event kernel/events/core.c:9217 [inline] perf_event_alloc+0x1cc6/0x2b00 kernel/events/core.c:9481 SYSC_perf_event_open+0x842/0x2f10 kernel/events/core.c:9936 SyS_perf_event_open+0x39/0x50 kernel/events/core.c:9822 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 -> #2 (tracepoints_mutex){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 tracepoint_probe_register_prio+0xa0/0x9a0 kernel/tracepoint.c:279 tracepoint_probe_register+0x2a/0x40 kernel/tracepoint.c:304 trace_event_reg+0x167/0x320 kernel/trace/trace_events.c:305 perf_trace_event_reg kernel/trace/trace_event_perf.c:122 [inline] perf_trace_event_init kernel/trace/trace_event_perf.c:197 [inline] perf_trace_init+0x4ef/0xab0 kernel/trace/trace_event_perf.c:221 perf_tp_event_init+0x7d/0xf0 kernel/events/core.c:7953 perf_try_init_event+0xc9/0x1f0 kernel/events/core.c:9179 perf_init_event kernel/events/core.c:9217 [inline] perf_event_alloc+0x1cc6/0x2b00 kernel/events/core.c:9481 SYSC_perf_event_open+0x842/0x2f10 kernel/events/core.c:9936 SyS_perf_event_open+0x39/0x50 kernel/events/core.c:9822 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 -> #1 (event_mutex){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 ftrace_profile_set_filter+0x7a/0x270 kernel/trace/trace_events_filter.c:2266 perf_event_set_filter kernel/events/core.c:8532 [inline] _perf_ioctl kernel/events/core.c:4708 [inline] perf_ioctl+0xfbe/0x12c0 kernel/events/core.c:4745 perf_compat_ioctl+0x47/0x70 kernel/events/core.c:4765 C_SYSC_ioctl fs/compat_ioctl.c:1473 [inline] compat_SyS_ioctl+0x151/0x2a30 fs/compat_ioctl.c:1419 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 -> #0 (&ctx->mutex){+.+.}: check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 perf_event_ctx_lock_nested+0x21b/0x450 kernel/events/core.c:1249 perf_event_ctx_lock kernel/events/core.c:1262 [inline] perf_read+0xb9/0x970 kernel/events/core.c:4507 do_loop_readv_writev fs/read_write.c:673 [inline] do_iter_read+0x3db/0x5b0 fs/read_write.c:897 vfs_readv+0x121/0x1c0 fs/read_write.c:959 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x508/0xae0 fs/splice.c:416 do_splice_to+0x110/0x170 fs/splice.c:880 do_splice fs/splice.c:1173 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x11a8/0x1630 fs/splice.c:1382 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 other info that might help us debug this: Chain exists of: &ctx->mutex --> sb_writers --> &pipe->mutex/1 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&pipe->mutex/1); lock(sb_writers); lock(&pipe->mutex/1); lock(&ctx->mutex); *** DEADLOCK *** 1 lock held by syz-executor6/4635: #0: (&pipe->mutex/1){+.+.}, at: [] pipe_lock_nested fs/pipe.c:67 [inline] #0: (&pipe->mutex/1){+.+.}, at: [] pipe_lock+0x56/0x70 fs/pipe.c:75 stack backtrace: CPU: 1 PID: 4635 Comm: syz-executor6 Not tainted 4.15.0-rc1+ #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug+0x42d/0x610 kernel/locking/lockdep.c:1271 check_prev_add+0x666/0x15f0 kernel/locking/lockdep.c:1914 check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 perf_event_ctx_lock_nested+0x21b/0x450 kernel/events/core.c:1249 perf_event_ctx_lock kernel/events/core.c:1262 [inline] perf_read+0xb9/0x970 kernel/events/core.c:4507 do_loop_readv_writev fs/read_write.c:673 [inline] do_iter_read+0x3db/0x5b0 fs/read_write.c:897 vfs_readv+0x121/0x1c0 fs/read_write.c:959 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x508/0xae0 fs/splice.c:416 do_splice_to+0x110/0x170 fs/splice.c:880 do_splice fs/splice.c:1173 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x11a8/0x1630 fs/splice.c:1382 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 RIP: 0023:0xf7f03c79 RSP: 002b:00000000f76ff08c EFLAGS: 00000296 ORIG_RAX: 0000000000000139 RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000000000 RDX: 0000000000000015 RSI: 0000000000000000 RDI: 0000000000000001 RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 4658 Comm: syz-executor5 Not tainted 4.15.0-rc1+ #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3292 [inline] kmem_cache_alloc_node_trace+0x5a/0x760 mm/slab.c:3654 kmalloc_node include/linux/slab.h:537 [inline] kzalloc_node include/linux/slab.h:699 [inline] __get_vm_area_node+0xae/0x340 mm/vmalloc.c:1402 __vmalloc_node_range+0xa3/0x650 mm/vmalloc.c:1754 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vmalloc+0x45/0x50 mm/vmalloc.c:1840 snd_seq_pool_init+0x5d/0x2f0 sound/core/seq/seq_memory.c:386 snd_seq_ioctl_set_client_pool+0x274/0x600 sound/core/seq/seq_clientmgr.c:1842 snd_seq_ioctl+0x1bb/0x410 sound/core/seq/seq_clientmgr.c:2133 snd_seq_ioctl_compat+0x1ef/0x2b0 sound/core/seq/seq_compat.c:123 C_SYSC_ioctl fs/compat_ioctl.c:1473 [inline] compat_SyS_ioctl+0x151/0x2a30 fs/compat_ioctl.c:1419 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 RIP: 0023:0xf7fd6c79 RSP: 002b:00000000f77d208c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 000000004058534c RDX: 000000002023efa8 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 syz-executor5: vmalloc: allocation failure: 384 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) syz-executor5 cpuset=/ mems_allowed=0 CPU: 1 PID: 4658 Comm: syz-executor5 Not tainted 4.15.0-rc1+ #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3292 __vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vmalloc+0x45/0x50 mm/vmalloc.c:1840 snd_seq_pool_init+0x5d/0x2f0 sound/core/seq/seq_memory.c:386 snd_seq_ioctl_set_client_pool+0x274/0x600 sound/core/seq/seq_clientmgr.c:1842 snd_seq_ioctl+0x1bb/0x410 sound/core/seq/seq_clientmgr.c:2133 snd_seq_ioctl_compat+0x1ef/0x2b0 sound/core/seq/seq_compat.c:123 C_SYSC_ioctl fs/compat_ioctl.c:1473 [inline] compat_SyS_ioctl+0x151/0x2a30 fs/compat_ioctl.c:1419 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 RIP: 0023:0xf7fd6c79 RSP: 002b:00000000f77d208c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 000000004058534c RDX: 000000002023efa8 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Mem-Info: active_anon:94850 inactive_anon:43 isolated_anon:0 active_file:3870 inactive_file:6938 isolated_file:0 unevictable:0 dirty:158 writeback:0 unstable:0 slab_reclaimable:7977 slab_unreclaimable:89508 mapped:22978 shmem:71 pagetables:712 bounce:0 free:1403697 free_pcp:525 free_cma:0 Node 0 active_anon:379400kB inactive_anon:172kB active_file:15480kB inactive_file:27752kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91912kB dirty:632kB writeback:0kB shmem:284kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 49152kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2882 6395 6395 Node 0 DMA32 free:2953184kB min:30384kB low:37980kB high:45576kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2953952kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:768kB local_pcp:680kB free_cma:0kB lowmem_reserve[]: 0 0 3513 3513 Node 0 Normal free:2646872kB min:37032kB low:46288kB high:55544kB active_anon:379400kB inactive_anon:172kB active_file:15480kB inactive_file:27752kB unevictable:0kB writepending:780kB present:4718592kB managed:3597640kB mlocked:0kB kernel_stack:3872kB pagetables:2848kB bounce:0kB free_pcp:1344kB local_pcp:720kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 2*4kB (UM) 3*8kB (UM) 2*16kB (UM) 1*32kB (U) 4*64kB (M) 3*128kB (M) 5*256kB (UM) 4*512kB (UM) 2*1024kB (UM) 3*2048kB (UM) 718*4096kB (M) = 2953184kB Node 0 Normal: 1126*4kB (UME) 542*8kB (UME) 428*16kB (UME) 297*32kB (UME) 724*64kB (UME) 337*128kB (UME) 116*256kB (UME) 66*512kB (UME) 37*1024kB (UM) 9*2048kB (UM) 589*4096kB (UM) = 2647016kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 10879 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 324104 pages reserved FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 5005 Comm: syz-executor3 Not tainted 4.15.0-rc1+ #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3292 [inline] kmem_cache_alloc_node_trace+0x5a/0x760 mm/slab.c:3654 __do_kmalloc_node mm/slab.c:3674 [inline] __kmalloc_node+0x33/0x70 mm/slab.c:3682 kmalloc_node include/linux/slab.h:541 [inline] kvmalloc_node+0x99/0xd0 mm/util.c:397 kvmalloc include/linux/mm.h:540 [inline] seq_buf_alloc fs/seq_file.c:29 [inline] seq_read+0x7cd/0x13d0 fs/seq_file.c:205 proc_reg_read+0xef/0x170 fs/proc/inode.c:217 do_loop_readv_writev fs/read_write.c:673 [inline] do_iter_read+0x3db/0x5b0 fs/read_write.c:897 compat_readv+0x1bf/0x270 fs/read_write.c:1140 do_compat_readv+0x115/0x220 fs/read_write.c:1160 C_SYSC_readv fs/read_write.c:1172 [inline] compat_SyS_readv+0x26/0x30 fs/read_write.c:1168 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 RIP: 0023:0xf7f27c79 RSP: 002b:00000000f772308c EFLAGS: 00000296 ORIG_RAX: 0000000000000091 RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 00000000203aefe8 RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 QAT: Invalid ioctl irq bypass consumer (token ffff8801cd21ce40) registration fails: -16 irq bypass consumer (token ffff8801c1dbb0c0) registration fails: -16 irq bypass consumer (token ffff8801c1316c00) registration fails: -16 ICMPv6: NA: bb:bb:bb:bb:bb:05 advertised our address fe80::5aa on syz5! irq bypass consumer (token ffff8801cd8b7c00) registration fails: -16 irq bypass consumer (token ffff8801c77d0600) registration fails: -16 irq bypass consumer (token ffff8801ca2d5000) registration fails: -16 irq bypass consumer (token ffff8801c1dbbd80) registration fails: -16 irq bypass consumer (token ffff8801c161cc00) registration fails: -16 irq bypass consumer (token ffff8801c2fab900) registration fails: -16 irq bypass consumer (token ffff8801cc7d8b40) registration fails: -16 irq bypass consumer (token ffff8801cde27540) registration fails: -16 irq bypass consumer (token ffff8801c3a59cc0) registration fails: -16 irq bypass consumer (token ffff8801cda7ea80) registration fails: -16 irq bypass consumer (token ffff8801bf838780) registration fails: -16 irq bypass consumer (token ffff8801c3a59540) registration fails: -16 irq bypass consumer (token ffff8801ca2d5540) registration fails: -16 irq bypass consumer (token ffff8801d7846000) registration fails: -16 irq bypass consumer (token ffff8801c09f7180) registration fails: -16 irq bypass consumer (token ffff8801d8acc540) registration fails: -16 irq bypass consumer (token ffff8801c439a300) registration fails: -16 irq bypass consumer (token ffff8801cd8b7cc0) registration fails: -16 irq bypass consumer (token ffff8801cdb2e480) registration fails: -16 irq bypass consumer (token ffff8801ca1e86c0) registration fails: -16 irq bypass consumer (token ffff8801d0500b40) registration fails: -16 irq bypass consumer (token ffff8801d96a3b40) registration fails: -16 device lo entered promiscuous mode irq bypass consumer (token ffff8801caa18b40) registration fails: -16 device lo left promiscuous mode irq bypass consumer (token ffff8801cac43840) registration fails: -16 device lo entered promiscuous mode irq bypass consumer (token ffff8801ce872f00) registration fails: -16 device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode irq bypass consumer (token ffff8801caab46c0) registration fails: -16 device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode irq bypass consumer (token ffff8801cd8f90c0) registration fails: -16 device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode irq bypass consumer (token ffff8801c0887cc0) registration fails: -16 irq bypass consumer (token ffff8801ca8f8240) registration fails: -16 irq bypass consumer (token ffff8801cd07ac00) registration fails: -16 irq bypass consumer (token ffff8801d424fe40) registration fails: -16 irq bypass consumer (token ffff8801d24a8900) registration fails: -16 irq bypass consumer (token ffff8801d424f540) registration fails: -16 irq bypass consumer (token ffff8801c9daa600) registration fails: -16 irq bypass consumer (token ffff8801d099e240) registration fails: -16 irq bypass consumer (token ffff8801c104b840) registration fails: -16 irq bypass consumer (token ffff8801c9daa240) registration fails: -16 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 7905 Comm: syz-executor0 Not tainted 4.15.0-rc1+ #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3371 [inline] kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3611 kmalloc include/linux/slab.h:499 [inline] kzalloc include/linux/slab.h:688 [inline] kvm_irqfd_assign arch/x86/kvm/../../../virt/kvm/eventfd.c:296 [inline] kvm_irqfd+0x16c/0x1d50 arch/x86/kvm/../../../virt/kvm/eventfd.c:572 kvm_vm_ioctl+0x1079/0x1c40 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2988 kvm_vm_compat_ioctl+0x2ed/0x3e0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3132 C_SYSC_ioctl fs/compat_ioctl.c:1473 [inline] compat_SyS_ioctl+0x151/0x2a30 fs/compat_ioctl.c:1419 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 RIP: 0023:0xf7fa6c79 RSP: 002b:00000000f77a208c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 000000004020ae76 RDX: 0000000020463000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 7922 Comm: syz-executor0 Not tainted 4.15.0-rc1+ #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3371 [inline] kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3611 kmalloc include/linux/slab.h:499 [inline] kzalloc include/linux/slab.h:688 [inline] kvm_irqfd_assign arch/x86/kvm/../../../virt/kvm/eventfd.c:344 [inline] kvm_irqfd+0x14af/0x1d50 arch/x86/kvm/../../../virt/kvm/eventfd.c:572 kvm_vm_ioctl+0x1079/0x1c40 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2988 kvm_vm_compat_ioctl+0x2ed/0x3e0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3132 C_SYSC_ioctl fs/compat_ioctl.c:1473 [inline] compat_SyS_ioctl+0x151/0x2a30 fs/compat_ioctl.c:1419 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 RIP: 0023:0xf7fa6c79 RSP: 002b:00000000f77a208c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 000000004020ae76 RDX: 0000000020463000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000