SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=25774 comm=syz-executor.1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=25776 comm=syz-executor.0 watchdog: BUG: soft lockup - CPU#0 stuck for 123s! [syz-executor.2:25738] Modules linked in: irq event stamp: 27001139 hardirqs last enabled at (27001138): [] restore_regs_and_return_to_kernel+0x0/0x2e hardirqs last disabled at (27001139): [] apic_timer_interrupt+0x8a/0xa0 arch/x86/entry/entry_64.S:792 softirqs last enabled at (5288076): [] __do_softirq+0x664/0x9bf kernel/softirq.c:314 softirqs last disabled at (5288079): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (5288079): [] irq_exit+0x15b/0x1a0 kernel/softirq.c:409 CPU: 0 PID: 25738 Comm: syz-executor.2 Not tainted 4.14.179-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88808725e140 task.stack: ffff888087748000 RIP: 0010:__read_once_size_nocheck.constprop.0+0x3/0x10 include/linux/compiler.h:201 RSP: 0018:ffff8880aea077f8 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff10 RAX: ffffffff81796697 RBX: 1ffff11015d40f00 RCX: 1ffff11015d40f25 RDX: ffff88808774f810 RSI: ffff8880aea07820 RDI: ffff88808774f808 RBP: ffff88808774f808 R08: 0000000000000000 R09: ffff88808774f800 R10: ffff8880aea0794d R11: 0000000000058071 R12: ffff8880aea07960 R13: dffffc0000000000 R14: ffff8880aea07960 R15: 0000000000000001 FS: 00007f85a5af9700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b3032a000 CR3: 0000000007c6a000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: deref_stack_reg arch/x86/kernel/unwind_orc.c:292 [inline] deref_stack_reg+0x8a/0xc0 arch/x86/kernel/unwind_orc.c:286 unwind_next_frame+0xa06/0x17a0 arch/x86/kernel/unwind_orc.c:425 __save_stack_trace+0x6b/0xd0 arch/x86/kernel/stacktrace.c:44 save_stack+0x32/0xa0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc mm/kasan/kasan.c:551 [inline] kasan_kmalloc+0xbf/0xe0 mm/kasan/kasan.c:529 slab_post_alloc_hook mm/slab.h:442 [inline] slab_alloc_node mm/slab.c:3333 [inline] kmem_cache_alloc_node_trace+0x144/0x7b0 mm/slab.c:3659 __do_kmalloc_node mm/slab.c:3681 [inline] __kmalloc_node_track_caller+0x38/0x70 mm/slab.c:3696 __kmalloc_reserve.isra.0+0x35/0xd0 net/core/skbuff.c:137 __alloc_skb+0xca/0x4c0 net/core/skbuff.c:205 alloc_skb include/linux/skbuff.h:980 [inline] nlmsg_new include/net/netlink.h:511 [inline] xfrm_exp_state_notify net/xfrm/xfrm_user.c:2664 [inline] xfrm_send_state_notify+0xb4a/0x1880 net/xfrm/xfrm_user.c:2820 km_state_notify+0xa9/0x1a0 net/xfrm/xfrm_state.c:1920 km_state_expired net/xfrm/xfrm_state.c:1934 [inline] xfrm_timer_handler+0x694/0x9e0 net/xfrm/xfrm_state.c:553 __tasklet_hrtimer_trampoline+0x29/0xa0 kernel/softirq.c:618 tasklet_hi_action+0x163/0x4c0 kernel/softirq.c:549 __do_softirq+0x254/0x9bf kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x15b/0x1a0 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:648 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1102 apic_timer_interrupt+0x8f/0xa0 arch/x86/entry/entry_64.S:792 RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline] RIP: 0010:_raw_spin_unlock_irq+0x50/0x80 kernel/locking/spinlock.c:200 RSP: 0018:ffff88808774f658 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10 RAX: 1ffffffff0fa2cd3 RBX: ffff88808725e140 RCX: 0000000000000000 RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff88808725e9c4 RBP: ffff8880aea2b540 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880aea2b540 R13: ffff8880a1788080 R14: ffff88809f836cc0 R15: ffff88808725e5dc finish_lock_switch kernel/sched/sched.h:1352 [inline] finish_task_switch+0x178/0x620 kernel/sched/core.c:2675 context_switch kernel/sched/core.c:2811 [inline] __schedule+0x7c0/0x1ca0 kernel/sched/core.c:3384 preempt_schedule_common+0x4a/0xc0 kernel/sched/core.c:3508 ___preempt_schedule+0x16/0x18 __raw_spin_unlock include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock+0x3b/0x40 kernel/locking/spinlock.c:184 spin_unlock include/linux/spinlock.h:357 [inline] zap_pte_range mm/memory.c:1399 [inline] zap_pmd_range mm/memory.c:1444 [inline] zap_pud_range mm/memory.c:1473 [inline] zap_p4d_range mm/memory.c:1494 [inline] unmap_page_range+0xc17/0x1930 mm/memory.c:1515 unmap_single_vma+0x147/0x2b0 mm/memory.c:1560 unmap_vmas+0x9d/0x160 mm/memory.c:1590 exit_mmap+0x26d/0x4b0 mm/mmap.c:3056 __mmput kernel/fork.c:930 [inline] mmput+0x103/0x420 kernel/fork.c:951 exit_mm kernel/exit.c:545 [inline] do_exit+0x933/0x2b00 kernel/exit.c:845 do_group_exit+0x100/0x310 kernel/exit.c:955 get_signal+0x385/0x1ca0 kernel/signal.c:2423 do_signal+0x7c/0x1690 arch/x86/kernel/signal.c:814 exit_to_usermode_loop+0x159/0x220 arch/x86/entry/common.c:160 prepare_exit_to_usermode+0x1af/0x210 arch/x86/entry/common.c:199 retint_user+0x8/0x18 RIP: 0033:0x42c730 RSP: 002b:00007f85a5af8408 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 00000000005237c0 RBX: 00007f85a5af8970 RCX: 00000000004c178e RDX: 0000000000000000 RSI: 00000000004c178e RDI: 00007f85a5af8970 RBP: 00007f85a5af8960 R08: 0000000000000000 R09: 0000000000000012 R10: 0000000000000007 R11: 0000000020000240 R12: 00000000004c1781 R13: 00007f85a5af8ae8 R14: 00000000004c178c R15: 0000000000000000 Code: 48 5b 5d c3 e8 9f 95 5b 00 eb a8 48 89 ef e8 a5 95 5b 00 eb c4 48 89 ef e8 9b 95 5b 00 eb de 66 0f 1f 84 00 00 00 00 00 48 8b 07 <48> 89 06 c3 66 0f 1f 84 00 00 00 00 00 41 55 49 bd 00 00 00 00 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 25734 Comm: syz-executor.5 Not tainted 4.14.179-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff888055d1c040 task.stack: ffff8880a9b08000 RIP: 0010:debug_lockdep_rcu_enabled.part.0+0x26/0x50 kernel/rcu/update.c:300 RSP: 0018:ffff8880aeb07a48 EFLAGS: 00000807 RAX: dffffc0000000000 RBX: ffff888055d1c040 RCX: 1ffffffff10279fc RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff888055d1c8c4 RBP: ffffffff87d84360 R08: 0000000000000001 R09: 0000000000000000 R10: ffff8880aeb07af0 R11: ffff888055d1c040 R12: ffffffff816ad06c R13: ffff888055d1c040 R14: ffff8880a9b0f618 R15: ffff8880a97e6290 FS: 00007f44ef1f5700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c422873010 CR3: 0000000055831000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: trace_lock_release include/trace/events/lock.h:58 [inline] lock_release+0x477/0x7f0 kernel/locking/lockdep.c:4016 rcu_lock_release include/linux/rcupdate.h:247 [inline] rcu_read_unlock include/linux/rcupdate.h:685 [inline] __perf_event_output kernel/events/core.c:6283 [inline] perf_event_output_forward+0x143/0x1f0 kernel/events/core.c:6291 __perf_event_overflow+0x113/0x310 kernel/events/core.c:7536 perf_swevent_hrtimer+0x220/0x350 kernel/events/core.c:8746 __run_hrtimer kernel/time/hrtimer.c:1223 [inline] __hrtimer_run_queues+0x25c/0xbb0 kernel/time/hrtimer.c:1287 hrtimer_interrupt+0x1e6/0x5e0 kernel/time/hrtimer.c:1321 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1075 [inline] smp_apic_timer_interrupt+0x117/0x5e0 arch/x86/kernel/apic/apic.c:1100 apic_timer_interrupt+0x8f/0xa0 arch/x86/entry/entry_64.S:792 RIP: 0010:__read_once_size include/linux/compiler.h:183 [inline] RIP: 0010:csd_lock_wait kernel/smp.c:108 [inline] RIP: 0010:smp_call_function_single+0xfd/0x370 kernel/smp.c:302 RSP: 0018:ffff8880a9b0f6c0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 0000000000040000 RBX: 1ffff11015361edc RCX: ffffc90009aac000 RDX: 0000000000040000 RSI: ffffffff8151716b RDI: 0000000000000830 RBP: ffff8880a9b0f780 R08: 0000000000000001 R09: 0000000000000001 R10: ffff888055d1c8f0 R11: ffff888055d1c040 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 smp_call_function_many+0x61d/0x7a0 kernel/smp.c:434 smp_call_function+0x34/0x70 kernel/smp.c:492 on_each_cpu+0x2c/0x1e0 kernel/smp.c:602 flush_tlb_kernel_range+0x6f/0xc0 arch/x86/mm/tlb.c:743 __purge_vmap_area_lazy+0xf6/0x250 mm/vmalloc.c:701 vm_unmap_aliases mm/vmalloc.c:1126 [inline] vm_unmap_aliases+0x324/0x3f0 mm/vmalloc.c:1089 change_page_attr_set_clr+0x543/0xa40 arch/x86/mm/pageattr.c:1472 change_page_attr_clear arch/x86/mm/pageattr.c:1532 [inline] set_memory_ro+0x68/0x80 arch/x86/mm/pageattr.c:1761 bpf_jit_binary_lock_ro include/linux/filter.h:628 [inline] bpf_int_jit_compile+0x441/0x5fe arch/x86/net/bpf_jit_comp.c:1204 bpf_prog_select_runtime+0xde/0x4f0 kernel/bpf/core.c:1455 bpf_prog_load+0x609/0xe00 kernel/bpf/syscall.c:1062 SYSC_bpf kernel/bpf/syscall.c:1512 [inline] SyS_bpf+0xf89/0x2cd3 kernel/bpf/syscall.c:1477 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45c829 RSP: 002b:00007f44ef1f4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00000000004da660 RCX: 000000000045c829 RDX: 0000000000000048 RSI: 0000000020000200 RDI: 0000000000000005 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 000000000000006a R14: 00000000004c30b4 R15: 00007f44ef1f56d4 Code: 65 fe ff ff 90 48 b8 00 00 00 00 00 fc ff df 53 65 48 8b 1c 25 40 ee 01 00 48 8d bb 84 08 00 00 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 0f 8b 93 84 08