BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:34 in_atomic(): 1, irqs_disabled(): 0, pid: 14217, name: syz-executor3 2 locks held by syz-executor3/14217: #0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<0000000064b004b3>] pfkey_sendmsg+0x4ce/0xa00 net/key/af_key.c:3647 #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<00000000a381ed0c>] spin_lock_bh include/linux/spinlock.h:315 [inline] #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<00000000a381ed0c>] xfrm_policy_flush+0x5d3/0x770 net/xfrm/xfrm_policy.c:969 CPU: 1 PID: 14217 Comm: syz-executor3 Not tainted 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6060 __might_sleep+0x95/0x190 kernel/sched/core.c:6013 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:34 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x1c/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 pfkey_spdflush+0x98/0x370 net/key/af_key.c:2750 pfkey_process+0x611/0x720 net/key/af_key.c:2809 pfkey_sendmsg+0x4dc/0xa00 net/key/af_key.c:3648 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f75b8bc4c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f75b8bc5700 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 000000002057f000 RDI: 0000000000000013 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a2f7ef R14: 00007f75b8bc59c0 R15: 0000000000000000 ===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 4.15.0-rc5+ #177 Tainted: G W ----------------------------------------------------- syz-executor3/14217 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: (cpu_hotplug_lock.rw_sem){++++}, at: [<0000000022067d12>] get_online_cpus include/linux/cpu.h:117 [inline] (cpu_hotplug_lock.rw_sem){++++}, at: [<0000000022067d12>] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 and this task is already holding: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<00000000a381ed0c>] spin_lock_bh include/linux/spinlock.h:315 [inline] (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<00000000a381ed0c>] xfrm_policy_flush+0x5d3/0x770 net/xfrm/xfrm_policy.c:969 which would create a new lock dependency: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.} -> (cpu_hotplug_lock.rw_sem){++++} but this new dependency connects a SOFTIRQ-irq-safe lock: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.} ... which became SOFTIRQ-irq-safe at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_policy_delete+0x3e/0x90 net/xfrm/xfrm_policy.c:1247 xfrm_policy_timer+0x305/0x580 net/xfrm/xfrm_policy.c:247 call_timer_fn+0x228/0x820 kernel/time/timer.c:1320 expire_timers kernel/time/timer.c:1357 [inline] __run_timers+0x7ee/0xb70 kernel/time/timer.c:1660 run_timer_softirq+0x4c/0xb0 kernel/time/timer.c:1686 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:540 [inline] smp_apic_timer_interrupt+0x16b/0x700 arch/x86/kernel/apic/apic.c:1052 apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:904 hash_64_generic include/linux/hash.h:81 [inline] get_bucket lib/debugobjects.c:275 [inline] __debug_check_no_obj_freed lib/debugobjects.c:732 [inline] debug_check_no_obj_freed+0x19f/0xf1f lib/debugobjects.c:774 free_pages_prepare mm/page_alloc.c:1065 [inline] __free_pages_ok+0x765/0x31e0 mm/page_alloc.c:1259 free_compound_page+0x5e/0x70 mm/page_alloc.c:601 free_transhuge_page+0x2d2/0x430 mm/huge_memory.c:2740 __put_compound_page+0x87/0xb0 mm/swap.c:95 release_pages+0x64b/0x1230 mm/swap.c:788 free_pages_and_swap_cache+0x2ad/0x400 mm/swap_state.c:322 tlb_flush_mmu_free+0xb4/0x160 mm/memory.c:260 tlb_flush_mmu mm/memory.c:269 [inline] arch_tlb_finish_mmu+0x9d/0x130 mm/memory.c:284 tlb_finish_mmu+0x10f/0x190 mm/memory.c:427 unmap_region+0x35c/0x4f0 mm/mmap.c:2514 do_munmap+0x726/0xdf0 mm/mmap.c:2726 mmap_region+0x59e/0x15a0 mm/mmap.c:1646 do_mmap+0x6c0/0xe00 mm/mmap.c:1483 do_mmap_pgoff include/linux/mm.h:2217 [inline] vm_mmap_pgoff+0x1de/0x280 mm/util.c:333 SYSC_mmap_pgoff mm/mmap.c:1533 [inline] SyS_mmap_pgoff+0x23b/0x5f0 mm/mmap.c:1491 SYSC_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:91 entry_SYSCALL_64_fastpath+0x23/0x9a to a SOFTIRQ-irq-unsafe lock: (cpu_hotplug_lock.rw_sem){++++} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 down_write+0x87/0x120 kernel/locking/rwsem.c:70 percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145 cpus_write_lock kernel/cpu.c:305 [inline] _cpu_up+0x60/0x510 kernel/cpu.c:990 do_cpu_up+0x73/0xa0 kernel/cpu.c:1066 cpu_up+0x18/0x20 kernel/cpu.c:1074 smp_init+0x13a/0x152 kernel/smp.c:578 kernel_init_freeable+0x2fe/0x521 init/main.c:1064 kernel_init+0x13/0x172 init/main.c:996 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(cpu_hotplug_lock.rw_sem); local_irq_disable(); lock(&(&net->xfrm.xfrm_policy_lock)->rlock); lock(cpu_hotplug_lock.rw_sem); lock(&(&net->xfrm.xfrm_policy_lock)->rlock); *** DEADLOCK *** 2 locks held by syz-executor3/14217: #0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<0000000064b004b3>] pfkey_sendmsg+0x4ce/0xa00 net/key/af_key.c:3647 #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<00000000a381ed0c>] spin_lock_bh include/linux/spinlock.h:315 [inline] #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<00000000a381ed0c>] xfrm_policy_flush+0x5d3/0x770 net/xfrm/xfrm_policy.c:969 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.} ops: 5064 { HARDIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_sk_policy_insert+0xef/0x580 net/xfrm/xfrm_policy.c:1268 xfrm_user_policy+0x525/0x8c0 net/xfrm/xfrm_state.c:2077 do_ip_setsockopt.isra.12+0xfd9/0x3160 net/ipv4/ip_sockglue.c:1161 ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1248 raw_setsockopt+0xb7/0xd0 net/ipv4/raw.c:855 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1821 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1800 entry_SYSCALL_64_fastpath+0x23/0x9a IN-SOFTIRQ-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_policy_delete+0x3e/0x90 net/xfrm/xfrm_policy.c:1247 xfrm_policy_timer+0x305/0x580 net/xfrm/xfrm_policy.c:247 call_timer_fn+0x228/0x820 kernel/time/timer.c:1320 expire_timers kernel/time/timer.c:1357 [inline] __run_timers+0x7ee/0xb70 kernel/time/timer.c:1660 run_timer_softirq+0x4c/0xb0 kernel/time/timer.c:1686 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:540 [inline] smp_apic_timer_interrupt+0x16b/0x700 arch/x86/kernel/apic/apic.c:1052 apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:904 hash_64_generic include/linux/hash.h:81 [inline] get_bucket lib/debugobjects.c:275 [inline] __debug_check_no_obj_freed lib/debugobjects.c:732 [inline] debug_check_no_obj_freed+0x19f/0xf1f lib/debugobjects.c:774 free_pages_prepare mm/page_alloc.c:1065 [inline] __free_pages_ok+0x765/0x31e0 mm/page_alloc.c:1259 free_compound_page+0x5e/0x70 mm/page_alloc.c:601 free_transhuge_page+0x2d2/0x430 mm/huge_memory.c:2740 __put_compound_page+0x87/0xb0 mm/swap.c:95 release_pages+0x64b/0x1230 mm/swap.c:788 free_pages_and_swap_cache+0x2ad/0x400 mm/swap_state.c:322 tlb_flush_mmu_free+0xb4/0x160 mm/memory.c:260 tlb_flush_mmu mm/memory.c:269 [inline] arch_tlb_finish_mmu+0x9d/0x130 mm/memory.c:284 tlb_finish_mmu+0x10f/0x190 mm/memory.c:427 unmap_region+0x35c/0x4f0 mm/mmap.c:2514 do_munmap+0x726/0xdf0 mm/mmap.c:2726 mmap_region+0x59e/0x15a0 mm/mmap.c:1646 do_mmap+0x6c0/0xe00 mm/mmap.c:1483 do_mmap_pgoff include/linux/mm.h:2217 [inline] vm_mmap_pgoff+0x1de/0x280 mm/util.c:333 SYSC_mmap_pgoff mm/mmap.c:1533 [inline] SyS_mmap_pgoff+0x23b/0x5f0 mm/mmap.c:1491 SYSC_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:91 entry_SYSCALL_64_fastpath+0x23/0x9a INITIAL USE at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_sk_policy_insert+0xef/0x580 net/xfrm/xfrm_policy.c:1268 xfrm_user_policy+0x525/0x8c0 net/xfrm/xfrm_state.c:2077 do_ip_setsockopt.isra.12+0xfd9/0x3160 net/ipv4/ip_sockglue.c:1161 ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1248 raw_setsockopt+0xb7/0xd0 net/ipv4/raw.c:855 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1821 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1800 entry_SYSCALL_64_fastpath+0x23/0x9a } ... key at: [<00000000e634db24>] __key.66927+0x0/0x40 ... acquired at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 pfkey_spdflush+0x98/0x370 net/key/af_key.c:2750 pfkey_process+0x611/0x720 net/key/af_key.c:2809 pfkey_sendmsg+0x4dc/0xa00 net/key/af_key.c:3648 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (cpu_hotplug_lock.rw_sem){++++} ops: 7503 { HARDIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 down_write+0x87/0x120 kernel/locking/rwsem.c:70 percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145 cpus_write_lock kernel/cpu.c:305 [inline] _cpu_up+0x60/0x510 kernel/cpu.c:990 do_cpu_up+0x73/0xa0 kernel/cpu.c:1066 cpu_up+0x18/0x20 kernel/cpu.c:1074 smp_init+0x13a/0x152 kernel/smp.c:578 kernel_init_freeable+0x2fe/0x521 init/main.c:1064 kernel_init+0x13/0x172 init/main.c:996 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 HARDIRQ-ON-R at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] kmem_cache_create+0x26/0x2a0 mm/slab_common.c:440 debug_objects_mem_init+0xda/0x910 lib/debugobjects.c:1139 start_kernel+0x6dd/0x819 init/main.c:671 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 SOFTIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 down_write+0x87/0x120 kernel/locking/rwsem.c:70 percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145 cpus_write_lock kernel/cpu.c:305 [inline] _cpu_up+0x60/0x510 kernel/cpu.c:990 do_cpu_up+0x73/0xa0 kernel/cpu.c:1066 cpu_up+0x18/0x20 kernel/cpu.c:1074 smp_init+0x13a/0x152 kernel/smp.c:578 kernel_init_freeable+0x2fe/0x521 init/main.c:1064 kernel_init+0x13/0x172 init/main.c:996 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 SOFTIRQ-ON-R at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] kmem_cache_create+0x26/0x2a0 mm/slab_common.c:440 debug_objects_mem_init+0xda/0x910 lib/debugobjects.c:1139 start_kernel+0x6dd/0x819 init/main.c:671 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 INITIAL USE at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock kernel/cpu.c:293 [inline] __cpuhp_setup_state+0x60/0x140 kernel/cpu.c:1670 cpuhp_setup_state_nocalls include/linux/cpuhotplug.h:229 [inline] kvm_guest_init+0x1f3/0x20f arch/x86/kernel/kvm.c:528 setup_arch+0x17e8/0x1a02 arch/x86/kernel/setup.c:1266 start_kernel+0xcd/0x819 init/main.c:532 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 } ... key at: [<00000000e3b31bf0>] cpu_hotplug_lock+0xd8/0x140 ... acquired at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 pfkey_spdflush+0x98/0x370 net/key/af_key.c:2750 pfkey_process+0x611/0x720 net/key/af_key.c:2809 pfkey_sendmsg+0x4dc/0xa00 net/key/af_key.c:3648 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a stack backtrace: CPU: 1 PID: 14217 Comm: syz-executor3 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_bad_irq_dependency kernel/locking/lockdep.c:1565 [inline] check_usage+0xad0/0xb60 kernel/locking/lockdep.c:1597 check_irq_usage kernel/locking/lockdep.c:1653 [inline] check_prev_add_irq kernel/locking/lockdep_states.h:8 [inline] check_prev_add kernel/locking/lockdep.c:1863 [inline] check_prevs_add kernel/locking/lockdep.c:1971 [inline] validate_chain kernel/locking/lockdep.c:2412 [inline] __lock_acquire+0x2bd1/0x3e00 kernel/locking/lockdep.c:3426 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 pfkey_spdflush+0x98/0x370 net/key/af_key.c:2750 pfkey_process+0x611/0x720 net/key/af_key.c:2809 pfkey_sendmsg+0x4dc/0xa00 net/key/af_key.c:3648 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f75b8bc4c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f75b8bc5700 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 000000002057f000 RDI: 0000000000000013 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a2f7ef R14: 00007f75b8bc59c0 R15: 0000000000000000 ip6tnl0: Invalid MTU 0 requested, hw min 68 ip6tnl0: Invalid MTU 0 requested, hw min 68 ip6tnl0: Invalid MTU 0 requested, hw min 68 device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode ip6tnl0: Invalid MTU 0 requested, hw min 68 ip6tnl0: Invalid MTU 0 requested, hw min 68 device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready ip6tnl0: Invalid MTU 0 requested, hw min 68 device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo left promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 15522 Comm: syz-executor6 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 kmem_cache_zalloc include/linux/slab.h:678 [inline] ebitmap_cpy+0xce/0x260 security/selinux/ss/ebitmap.c:60 mls_context_cpy security/selinux/ss/context.h:51 [inline] mls_compute_sid+0x555/0x930 security/selinux/ss/mls.c:556 security_compute_sid+0x8df/0x18f0 security/selinux/ss/services.c:1724 security_transition_sid+0x75/0x90 security/selinux/ss/services.c:1763 socket_sockcreate_sid security/selinux/hooks.c:4335 [inline] selinux_socket_create+0x3cf/0x740 security/selinux/hooks.c:4368 security_socket_create+0x83/0xc0 security/security.c:1338 __sock_create+0xf7/0x850 net/socket.c:1212 sock_create net/socket.c:1297 [inline] SYSC_socket net/socket.c:1327 [inline] SyS_socket+0xeb/0x1d0 net/socket.c:1307 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007ff7505abc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007ff7505abaa0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 RBP: 00007ff7505aba90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007ff7505abbc8 R14: 00000000004b767a R15: 0000000000000000 device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 15553 Comm: syz-executor6 Tainted: G W 4.15.0-rc5+ #177 device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 kmem_cache_zalloc include/linux/slab.h:678 [inline] ebitmap_cpy+0xce/0x260 security/selinux/ss/ebitmap.c:60 mls_context_cpy security/selinux/ss/context.h:51 [inline] mls_compute_sid+0x555/0x930 security/selinux/ss/mls.c:556 security_compute_sid+0x8df/0x18f0 security/selinux/ss/services.c:1724 security_transition_sid+0x75/0x90 security/selinux/ss/services.c:1763 socket_sockcreate_sid security/selinux/hooks.c:4335 [inline] selinux_socket_create+0x3cf/0x740 security/selinux/hooks.c:4368 security_socket_create+0x83/0xc0 security/security.c:1338 __sock_create+0xf7/0x850 net/socket.c:1212 sock_create net/socket.c:1297 [inline] SYSC_socket net/socket.c:1327 [inline] SyS_socket+0xeb/0x1d0 net/socket.c:1307 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007ff7505abc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007ff7505abaa0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 RBP: 00007ff7505aba90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007ff7505abbc8 R14: 00000000004b767a R15: 0000000000000000 device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 device lo entered promiscuous mode CPU: 1 PID: 15609 Comm: syz-executor6 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 kmem_cache_zalloc include/linux/slab.h:678 [inline] ebitmap_cpy+0xce/0x260 security/selinux/ss/ebitmap.c:60 mls_context_cpy security/selinux/ss/context.h:51 [inline] mls_compute_sid+0x555/0x930 security/selinux/ss/mls.c:556 security_compute_sid+0x8df/0x18f0 security/selinux/ss/services.c:1724 security_transition_sid+0x75/0x90 security/selinux/ss/services.c:1763 socket_sockcreate_sid security/selinux/hooks.c:4335 [inline] selinux_socket_create+0x3cf/0x740 security/selinux/hooks.c:4368 security_socket_create+0x83/0xc0 security/security.c:1338 __sock_create+0xf7/0x850 net/socket.c:1212 sock_create net/socket.c:1297 [inline] SYSC_socket net/socket.c:1327 [inline] SyS_socket+0xeb/0x1d0 net/socket.c:1307 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007ff7505abc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007ff7505abaa0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 RBP: 00007ff7505aba90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007ff7505abbc8 R14: 00000000004b767a R15: 0000000000000000 device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 device lo entered promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode CPU: 0 PID: 15660 Comm: syz-executor6 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 sock_alloc_inode+0x70/0x300 net/socket.c:244 alloc_inode+0x65/0x180 fs/inode.c:208 new_inode_pseudo+0x69/0x190 fs/inode.c:890 sock_alloc+0x41/0x270 net/socket.c:563 __sock_create+0x148/0x850 net/socket.c:1221 sock_create net/socket.c:1297 [inline] SYSC_socket net/socket.c:1327 [inline] SyS_socket+0xeb/0x1d0 net/socket.c:1307 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007ff7505abc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007ff7505abaa0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 RBP: 00007ff7505aba90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007ff7505abbc8 R14: 00000000004b767a R15: 0000000000000000 socket: no more sockets device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode netlink: 'syz-executor4': attribute type 1 has an invalid length. device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device lo left promiscuous mode netlink: 'syz-executor5': attribute type 1 has an invalid length. netlink: 'syz-executor5': attribute type 1 has an invalid length. netlink: 'syz-executor5': attribute type 1 has an invalid length. netlink: 'syz-executor5': attribute type 1 has an invalid length. netlink: 'syz-executor5': attribute type 1 has an invalid length. netlink: 'syz-executor5': attribute type 1 has an invalid length. netlink: 'syz-executor5': attribute type 1 has an invalid length. netlink: 'syz-executor5': attribute type 1 has an invalid length.