====================================================== WARNING: possible circular locking dependency detected 4.15.0+ #290 Not tainted ------------------------------------------------------ syz-executor6/5528 is trying to acquire lock: (sk_lock-AF_INET){+.+.}, at: [<000000004d13ca0c>] lock_sock include/net/sock.h:1461 [inline] (sk_lock-AF_INET){+.+.}, at: [<000000004d13ca0c>] do_ip_setsockopt.isra.12+0x1d9/0x3210 net/ipv4/ip_sockglue.c:646 but task is already holding lock: (rtnl_mutex){+.+.}, at: [<00000000d81ac8ee>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (rtnl_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 register_netdevice_notifier+0xad/0x860 net/core/dev.c:1607 tee_tg_check+0x1a0/0x280 net/netfilter/xt_TEE.c:106 xt_check_target+0x22c/0x7d0 net/netfilter/x_tables.c:845 check_target net/ipv4/netfilter/ip_tables.c:513 [inline] find_check_entry.isra.8+0x8c8/0xcb0 net/ipv4/netfilter/ip_tables.c:554 translate_table+0xed1/0x1610 net/ipv4/netfilter/ip_tables.c:725 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline] do_ipt_set_ctl+0x370/0x5f0 net/ipv4/netfilter/ip_tables.c:1675 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1260 udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2401 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 -> #0 (sk_lock-AF_INET){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920 lock_sock_nested+0xc2/0x110 net/core/sock.c:2780 lock_sock include/net/sock.h:1461 [inline] do_ip_setsockopt.isra.12+0x1d9/0x3210 net/ipv4/ip_sockglue.c:646 ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1252 udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2401 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(rtnl_mutex); lock(sk_lock-AF_INET); lock(rtnl_mutex); lock(sk_lock-AF_INET); *** DEADLOCK *** 1 lock held by syz-executor6/5528: #0: (rtnl_mutex){+.+.}, at: [<00000000d81ac8ee>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 stack backtrace: CPU: 0 PID: 5528 Comm: syz-executor6 Not tainted 4.15.0+ #290 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug.isra.38+0x2cd/0x2dc kernel/locking/lockdep.c:1223 check_prev_add kernel/locking/lockdep.c:1863 [inline] check_prevs_add kernel/locking/lockdep.c:1976 [inline] validate_chain kernel/locking/lockdep.c:2417 [inline] __lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3431 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920 lock_sock_nested+0xc2/0x110 net/core/sock.c:2780 lock_sock include/net/sock.h:1461 [inline] do_ip_setsockopt.isra.12+0x1d9/0x3210 net/ipv4/ip_sockglue.c:646 ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1252 udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2401 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007f784091cc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299 RDX: 0000000000000027 RSI: 0000000000000000 RDI: 0000000000000014 RBP: 0000000000000176 R08: 000000000000000c R09: 0000000000000000 R10: 000000002001b000 R11: 0000000000000212 R12: 00000000006f13b0 R13: 00000000ffffffff R14: 00007f784091d6d4 R15: 0000000000000000 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60 sclass=netlink_route_socket pig=5559 comm=syz-executor6 capability: warning: `syz-executor1' uses 32-bit capabilities (legacy support in use) SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60 sclass=netlink_route_socket pig=5559 comm=syz-executor6 QAT: Invalid ioctl QAT: Invalid ioctl netlink: 'syz-executor5': attribute type 26 has an invalid length. audit: type=1400 audit(1517477384.909:43): avc: denied { map_create } for pid=5600 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 MPI: mpi too large (16392 bits) MPI: mpi too large (16392 bits) netlink: 'syz-executor5': attribute type 26 has an invalid length. 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 audit: type=1400 audit(1517477385.072:44): avc: denied { create } for pid=5646 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1517477385.102:45): avc: denied { getattr } for pid=5646 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 QAT: Invalid ioctl syz-executor4 (5674) used greatest stack depth: 16848 bytes left QAT: Invalid ioctl binder: 5729:5731 ioctl c0306201 20003000 returned -14 ALSA: seq fatal error: cannot create timer (-22) hrtimer: interrupt took 28938 ns QAT: Invalid ioctl binder: 5974:5977 got reply transaction with no transaction stack binder: 5974:5977 transaction failed 29201/-71, size 0-0 line 2703 binder: 5974:5982 got reply transaction with no transaction stack binder: 5974:5982 transaction failed 29201/-71, size 0-0 line 2703 syz-executor5: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) syz-executor5 cpuset=/ mems_allowed=0 CPU: 1 PID: 5998 Comm: syz-executor5 Not tainted 4.15.0+ #290 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 dccp_v6_rcv: dropped packet with invalid checksum dccp_v6_rcv: dropped packet with invalid checksum warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3306 __vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vmalloc+0x45/0x50 mm/vmalloc.c:1840 sel_write_load+0x1f5/0x1910 security/selinux/selinuxfs.c:495 __vfs_write+0xef/0x970 fs/read_write.c:480 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007faa02f7ac58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007faa02f7a950 RCX: 0000000000453299 RDX: 0000000000000000 RSI: 00000000200f8fd1 RDI: 0000000000000014 RBP: 00007faa02f7a940 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b7d6f R13: 00007faa02f7aac8 R14: 00000000004b7d7a R15: 0000000000000000 Mem-Info: active_anon:92108 inactive_anon:63 isolated_anon:0 active_file:3511 inactive_file:8276 isolated_file:0 unevictable:0 dirty:172 writeback:0 unstable:0 slab_reclaimable:6807 slab_unreclaimable:92889 mapped:24055 shmem:70 pagetables:781 bounce:0 free:1397150 free_pcp:488 free_cma:0 Node 0 active_anon:368432kB inactive_anon:252kB active_file:14044kB inactive_file:33104kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:96220kB dirty:688kB writeback:0kB shmem:280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 155648kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2868 6378 6378 Node 0 DMA32 free:2939016kB min:30316kB low:37892kB high:45468kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2939968kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:952kB local_pcp:136kB free_cma:0kB lowmem_reserve[]: 0 0 3510 3510 Node 0 Normal free:2653016kB min:37100kB low:46372kB high:55644kB active_anon:351760kB inactive_anon:252kB active_file:14044kB inactive_file:33104kB unevictable:0kB writepending:688kB present:4718592kB managed:3594332kB mlocked:0kB kernel_stack:3904kB pagetables:2828kB bounce:0kB free_pcp:952kB local_pcp:276kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 2*4kB (M) 4*8kB (UM) 4*16kB (M) 1*32kB (M) 0*64kB 2*128kB (M) 3*256kB (UM) 4*512kB (UM) 3*1024kB (UM) 2*2048kB (UM) 715*4096kB (M) = 2939016kB Node 0 Normal: 1758*4kB (UME) 703*8kB (UME) 1609*16kB (UME) 306*32kB (UME) 31*64kB (UME) 26*128kB (UME) 8*256kB (ME) 5*512kB (ME) 10*1024kB (M) 2*2048kB (ME) 630*4096kB (M) = 2652928kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11861 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965969 pages RAM 0 pages HighMem/MovableOnly 328417 pages reserved syz-executor5: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) syz-executor5 cpuset=/ mems_allowed=0 CPU: 0 PID: 6025 Comm: syz-executor5 Not tainted 4.15.0+ #290 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3306 __vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vmalloc+0x45/0x50 mm/vmalloc.c:1840 sel_write_load+0x1f5/0x1910 security/selinux/selinuxfs.c:495 __vfs_write+0xef/0x970 fs/read_write.c:480 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007faa02f59c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000453299 RDX: 0000000000000000 RSI: 00000000200f8fd1 RDI: 0000000000000016 RBP: 00000000000000f1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f0738 R13: 00000000ffffffff R14: 00007faa02f5a6d4 R15: 000000000000000f binder: 6184:6199 ioctl c018620b 205e0fe8 returned -14 binder: 6184:6211 ioctl c018620b 205e0fe8 returned -14 device syz7 entered promiscuous mode device eql entered promiscuous mode device syz7 left promiscuous mode device syz7 entered promiscuous mode device syz7 left promiscuous mode device syz6 entered promiscuous mode device syz7 entered promiscuous mode device syz6 left promiscuous mode device syz6 entered promiscuous mode device syz6 left promiscuous mode device syz6 entered promiscuous mode device eql entered promiscuous mode device syz6 left promiscuous mode device syz6 entered promiscuous mode device syz6 left promiscuous mode kauditd_printk_skb: 46 callbacks suppressed audit: type=1400 audit(1517477388.530:92): avc: denied { set_context_mgr } for pid=6404 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 6404:6407 BC_ACQUIRE_DONE node 3 has no pending acquire request binder: BINDER_SET_CONTEXT_MGR already set binder: 6404:6414 ioctl 40046207 0 returned -16 binder: 6404:6414 BC_ACQUIRE_DONE u0000000000000000 no match device eql entered promiscuous mode device syz6 entered promiscuous mode device syz6 left promiscuous mode device syz6 entered promiscuous mode device eql entered promiscuous mode device syz6 left promiscuous mode raw_sendmsg: syz-executor0 forgot to set AF_INET. Fix it! device syz6 entered promiscuous mode device syz6 left promiscuous mode binder: 6504 RLIMIT_NICE not set binder_alloc: 6490: binder_alloc_buf, no vma binder: 6499:6503 transaction failed 29189/-3, size 0-0 line 2903 audit: type=1400 audit(1517477388.904:93): avc: denied { call } for pid=6499 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: 6499:6503 ioctl c0306201 20008fd0 returned -14 binder: 6499:6503 transaction failed 29189/-22, size 0-0 line 2788 binder: 6499:6509 ioctl c0306201 20008fd0 returned -14 binder: 6490:6504 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 6490:6512 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 6504 RLIMIT_NICE not set binder: 6490:6512 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: undelivered TRANSACTION_ERROR: 29189 binder: 6524:6529 transaction failed 29189/-22, size 0-0 line 2788 binder: 6524:6529 ioctl c0306201 20008fd0 returned -14 device syz6 entered promiscuous mode device syz6 left promiscuous mode device syz6 entered promiscuous mode device syz6 left promiscuous mode device syz6 entered promiscuous mode mmap: syz-executor2 (6652) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. audit: type=1400 audit(1517477389.547:94): avc: denied { dyntransition } for pid=6666 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0,c1 tclass=process permissive=1 netlink: 'syz-executor5': attribute type 1 has an invalid length. device syz6 left promiscuous mode netlink: 'syz-executor5': attribute type 1 has an invalid length. FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 0 PID: 6831 Comm: syz-executor4 Not tainted 4.15.0+ #290 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:418 [inline] slab_alloc mm/slab.c:3364 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3538 sctp_bucket_create net/sctp/socket.c:7654 [inline] sctp_get_port_local+0x9cd/0x13b0 net/sctp/socket.c:7413 sctp_get_port+0x13f/0x1b0 net/sctp/socket.c:7462 inet_autobind+0xaa/0x180 net/ipv4/af_inet.c:182 inet_sendmsg+0x4de/0x5e0 net/ipv4/af_inet.c:761 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007fcbc6c58c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007fcbc6c58aa0 RCX: 0000000000453299 RDX: 0000000000000001 RSI: 000000002087dffe RDI: 0000000000000015 RBP: 00007fcbc6c58a90 R08: 000000002005ffe4 R09: 000000000000001c R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096 R13: 00007fcbc6c58bc8 R14: 00000000004b8096 R15: 0000000000000000 IPv4: Oversized IP packet from 127.0.0.1 irq bypass consumer (token 0000000064faec28) registration fails: -16 irq bypass consumer (token 00000000431d5199) registration fails: -16 device eql entered promiscuous mode irq bypass consumer (token 00000000ac0452d8) registration fails: -16 audit: type=1400 audit(1517477391.506:95): avc: denied { map } for pid=7114 comm="syz-executor2" path="/dev/sg1" dev="devtmpfs" ino=18242 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:device_t:s0 tclass=file permissive=1 audit: type=1400 audit(1517477391.742:96): avc: denied { setopt } for pid=7192 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 QAT: Invalid ioctl audit: type=1400 audit(1517477392.018:97): avc: denied { map } for pid=7252 comm="syz-executor2" path="/dev/binder0" dev="devtmpfs" ino=9145 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 audit: type=1400 audit(1517477392.062:98): avc: denied { transfer } for pid=7252 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder_alloc: 7252: binder_alloc_buf, no vma binder: BINDER_SET_CONTEXT_MGR already set binder: 7252:7261 ioctl 40046207 0 returned -16 binder: 7252:7271 transaction failed 29189/-3, size 24-8 line 2903 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 7252:7261 transaction 10 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 10, target dead syz-executor4 (7296) used greatest stack depth: 14000 bytes left rfkill: input handler disabled rfkill: input handler enabled FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 7368 Comm: syz-executor0 Not tainted 4.15.0+ #290 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:418 [inline] slab_alloc mm/slab.c:3364 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3538 kmem_cache_zalloc include/linux/slab.h:678 [inline] ext4_init_io_end+0x8e/0x200 fs/ext4/page-io.c:253 ext4_writepages+0x1229/0x3c30 fs/ext4/inode.c:2823 do_writepages+0xff/0x170 mm/page-writeback.c:2340 __filemap_fdatawrite_range+0x32f/0x460 mm/filemap.c:444 file_write_and_wait_range+0x8a/0x100 mm/filemap.c:752 ext4_sync_file+0x4fb/0x1260 fs/ext4/fsync.c:128 vfs_fsync_range+0x110/0x260 fs/sync.c:196 SYSC_msync mm/msync.c:90 [inline] SyS_msync+0x2be/0x3c0 mm/msync.c:32 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007f813f2cec58 EFLAGS: 00000212 ORIG_RAX: 000000000000001a RAX: ffffffffffffffda RBX: 00007f813f2ceaa0 RCX: 0000000000453299 RDX: 0000000000000004 RSI: 087abbe8d1cc6ad9 RDI: 0000000020952000 RBP: 00007f813f2cea90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b8096 R13: 00007f813f2cebc8 R14: 00000000004b8096 R15: 0000000000000000 rfkill: input handler disabled rfkill: input handler enabled rfkill: input handler disabled rfkill: input handler enabled FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 7490 Comm: syz-executor7 Not tainted 4.15.0+ #290 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:418 [inline] slab_alloc mm/slab.c:3364 [inline] kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3604 kmalloc include/linux/slab.h:499 [inline] kzalloc include/linux/slab.h:688 [inline] tcp_sendmsg_fastopen net/ipv4/tcp.c:1151 [inline] tcp_sendmsg_locked+0x1f71/0x3c70 net/ipv4/tcp.c:1214 tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1463 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:764 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007f2f5737dc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f2f5737daa0 RCX: 0000000000453299 RDX: 0000000000000000 RSI: 0000000020fd0000 RDI: 0000000000000014 RBP: 00007f2f5737da90 R08: 0000000020deaff0 R09: 0000000000000010 R10: 00000000200007ff R11: 0000000000000212 R12: 00000000004b8096 R13: 00007f2f5737dbc8 R14: 00000000004b8096 R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 7509 Comm: syz-executor7 Not tainted 4.15.0+ #290 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:418 [inline] slab_alloc mm/slab.c:3364 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3538 inet_bind_bucket_create+0x7a/0x350 net/ipv4/inet_hashtables.c:70 __inet_hash_connect+0x670/0xed0 net/ipv4/inet_hashtables.c:731 inet_hash_connect+0x6a/0x140 net/ipv4/inet_hashtables.c:779 tcp_v4_connect+0xcb1/0x1e70 net/ipv4/tcp_ipv4.c:221 __inet_stream_connect+0x2d4/0xf00 net/ipv4/af_inet.c:620 tcp_sendmsg_fastopen net/ipv4/tcp.c:1168 [inline] tcp_sendmsg_locked+0x264e/0x3c70 net/ipv4/tcp.c:1214 tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1463 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:764 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007f2f5737dc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f2f5737daa0 RCX: 0000000000453299 RDX: 0000000000000000 RSI: 0000000020fd0000 RDI: 0000000000000014 RBP: 00007f2f5737da90 R08: 0000000020deaff0 R09: 0000000000000010 R10: 00000000200007ff R11: 0000000000000212 R12: 00000000004b8096 R13: 00007f2f5737dbc8 R14: 00000000004b8096 R15: 0000000000000000