======================================================
[ INFO: possible circular locking dependency detected ]
4.4.120-gd63fdf6 #29 Not tainted
-------------------------------------------------------
syz-executor6/6741 is trying to acquire lock:
 (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<ffffffff81463361>] shmem_file_llseek+0xf1/0x240 mm/shmem.c:1816

but task is already holding lock:
 (ashmem_mutex){+.+.+.}, at: [<ffffffff82c62016>] ashmem_llseek+0x56/0x1f0 drivers/staging/android/ashmem.c:330

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

       [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460 kernel/locking/lockdep.c:3592
       [<ffffffff8376a39b>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
       [<ffffffff8376a39b>] mutex_lock_nested+0xbb/0x850 kernel/locking/mutex.c:621
       [<ffffffff82c61463>] ashmem_mmap+0x53/0x400 drivers/staging/android/ashmem.c:366
       [<ffffffff814b0e4f>] mmap_region+0x94f/0x1250 mm/mmap.c:1664
       [<ffffffff814b1c4d>] do_mmap+0x4fd/0x9d0 mm/mmap.c:1441
       [<ffffffff814700ce>] do_mmap_pgoff include/linux/mm.h:1915 [inline]
       [<ffffffff814700ce>] vm_mmap_pgoff+0x16e/0x1c0 mm/util.c:296
       [<ffffffff814afe1f>] SYSC_mmap_pgoff mm/mmap.c:1491 [inline]
       [<ffffffff814afe1f>] SyS_mmap_pgoff+0x33f/0x560 mm/mmap.c:1449
       [<ffffffff81006d91>] do_syscall_32_irqs_on arch/x86/entry/common.c:392 [inline]
       [<ffffffff81006d91>] do_fast_syscall_32+0x321/0x8a0 arch/x86/entry/common.c:459
       [<ffffffff837752ea>] sysenter_flags_fixed+0xd/0x17

       [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460 kernel/locking/lockdep.c:3592
       [<ffffffff814956ea>] __might_fault+0x14a/0x1d0 mm/memory.c:3810
       [<ffffffff8155ab22>] copy_to_user arch/x86/include/asm/uaccess.h:760 [inline]
       [<ffffffff8155ab22>] filldir+0x162/0x2d0 fs/readdir.c:180
       [<ffffffff8159820e>] dir_emit_dot include/linux/fs.h:3070 [inline]
       [<ffffffff8159820e>] dir_emit_dots include/linux/fs.h:3081 [inline]
       [<ffffffff8159820e>] dcache_readdir+0x11e/0x7b0 fs/libfs.c:150
       [<ffffffff8155a768>] iterate_dir+0x1c8/0x420 fs/readdir.c:42
       [<ffffffff8155b45a>] SYSC_getdents fs/readdir.c:215 [inline]
       [<ffffffff8155b45a>] SyS_getdents+0x14a/0x270 fs/readdir.c:196
       [<ffffffff8377395f>] entry_SYSCALL_64_fastpath+0x1c/0x98

       [<ffffffff8123ab2f>] check_prev_add kernel/locking/lockdep.c:1853 [inline]
       [<ffffffff8123ab2f>] check_prevs_add kernel/locking/lockdep.c:1958 [inline]
       [<ffffffff8123ab2f>] validate_chain kernel/locking/lockdep.c:2144 [inline]
       [<ffffffff8123ab2f>] __lock_acquire+0x371f/0x4b50 kernel/locking/lockdep.c:3213
       [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460 kernel/locking/lockdep.c:3592
       [<ffffffff8376a39b>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
       [<ffffffff8376a39b>] mutex_lock_nested+0xbb/0x850 kernel/locking/mutex.c:621
       [<ffffffff81463361>] shmem_file_llseek+0xf1/0x240 mm/shmem.c:1816
       [<ffffffff8151c762>] vfs_llseek+0xa2/0xd0 fs/read_write.c:260
       [<ffffffff82c620a7>] ashmem_llseek+0xe7/0x1f0 drivers/staging/android/ashmem.c:342
       [<ffffffff8151e6db>] vfs_llseek fs/read_write.c:260 [inline]
       [<ffffffff8151e6db>] SYSC_lseek fs/read_write.c:285 [inline]
       [<ffffffff8151e6db>] SyS_lseek fs/read_write.c:276 [inline]
       [<ffffffff8151e6db>] C_SYSC_lseek fs/read_write.c:297 [inline]
       [<ffffffff8151e6db>] compat_SyS_lseek+0xeb/0x170 fs/read_write.c:295
       [<ffffffff81006d91>] do_syscall_32_irqs_on arch/x86/entry/common.c:392 [inline]
       [<ffffffff81006d91>] do_fast_syscall_32+0x321/0x8a0 arch/x86/entry/common.c:459
       [<ffffffff837752ea>] sysenter_flags_fixed+0xd/0x17

other info that might help us debug this:

Chain exists of:
 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(ashmem_mutex);
                               lock(&mm->mmap_sem);
                               lock(ashmem_mutex);
  lock(&sb->s_type->i_mutex_key#10);

 *** DEADLOCK ***

1 lock held by syz-executor6/6741:
 #0:  (ashmem_mutex){+.+.+.}, at: [<ffffffff82c62016>] ashmem_llseek+0x56/0x1f0 drivers/staging/android/ashmem.c:330

stack backtrace:
CPU: 0 PID: 6741 Comm: syz-executor6 Not tainted 4.4.120-gd63fdf6 #29
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 4a07c60d6c83e828 ffff8801c4f77a58 ffffffff81d0408d
 ffffffff851a0010 ffffffff851a9d00 ffffffff851be970 ffff8801c3a068f8
 ffff8801c3a06000 ffff8801c4f77aa0 ffffffff81233ba1 ffff8801c3a068f8
Call Trace:
 [<ffffffff81d0408d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d0408d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81233ba1>] print_circular_bug+0x271/0x310 kernel/locking/lockdep.c:1226
 [<ffffffff8123ab2f>] check_prev_add kernel/locking/lockdep.c:1853 [inline]
 [<ffffffff8123ab2f>] check_prevs_add kernel/locking/lockdep.c:1958 [inline]
 [<ffffffff8123ab2f>] validate_chain kernel/locking/lockdep.c:2144 [inline]
 [<ffffffff8123ab2f>] __lock_acquire+0x371f/0x4b50 kernel/locking/lockdep.c:3213
 [<ffffffff8123d7ce>] lock_acquire+0x15e/0x460 kernel/locking/lockdep.c:3592
 [<ffffffff8376a39b>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
 [<ffffffff8376a39b>] mutex_lock_nested+0xbb/0x850 kernel/locking/mutex.c:621
 [<ffffffff81463361>] shmem_file_llseek+0xf1/0x240 mm/shmem.c:1816
 [<ffffffff8151c762>] vfs_llseek+0xa2/0xd0 fs/read_write.c:260
 [<ffffffff82c620a7>] ashmem_llseek+0xe7/0x1f0 drivers/staging/android/ashmem.c:342
 [<ffffffff8151e6db>] vfs_llseek fs/read_write.c:260 [inline]
 [<ffffffff8151e6db>] SYSC_lseek fs/read_write.c:285 [inline]
 [<ffffffff8151e6db>] SyS_lseek fs/read_write.c:276 [inline]
 [<ffffffff8151e6db>] C_SYSC_lseek fs/read_write.c:297 [inline]
 [<ffffffff8151e6db>] compat_SyS_lseek+0xeb/0x170 fs/read_write.c:295
 [<ffffffff81006d91>] do_syscall_32_irqs_on arch/x86/entry/common.c:392 [inline]
 [<ffffffff81006d91>] do_fast_syscall_32+0x321/0x8a0 arch/x86/entry/common.c:459
 [<ffffffff837752ea>] sysenter_flags_fixed+0xd/0x17
audit: type=1400 audit(1521436603.166:20): avc:  denied  { call } for  pid=6799 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
audit: type=1400 audit(1521436603.186:21): avc:  denied  { transfer } for  pid=6799 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6809:6815 ioctl 40046207 0 returned -16
binder: 6809:6815 got transaction with invalid offsets ptr
binder: 6809:6815 transaction failed 29201/-14, size 40-8 line 3156
binder: 6809:6815 BC_INCREFS_DONE u0000000000000000 no match
binder_alloc: binder_alloc_mmap_handler: 6809 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6809:6815 ioctl 40046207 0 returned -16
binder: 6809:6815 got transaction with invalid offsets ptr
binder: 6809:6815 transaction failed 29201/-14, size 40-8 line 3156
binder: 6799:6817 ioctl c0306201 20a94fd0 returned -14
binder: 6799:6817 ioctl 4c08 4dff returned -22
binder_alloc: binder_alloc_mmap_handler: 6799 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6799:6817 ioctl 40046207 0 returned -16
binder_alloc: 6799: binder_alloc_buf, no vma
binder: 6799:6818 transaction failed 29189/-3, size 40-8 line 3128
binder: 6799:6818 ioctl c0306201 20a94fd0 returned -14
binder: 6799:6818 ioctl 4c08 4dff returned -22
binder: release 6799:6810 transaction 6 out, still active
binder: unexpected work type, 4, not freed
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 6, target dead
binder: 6824:6850 ioctl c0306201 20004000 returned -14
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6824:6830 ioctl 40046207 0 returned -16
binder_alloc: 6824: binder_alloc_buf, no vma
binder: 6824:6830 transaction failed 29189/-3, size 0-0 line 3128
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 6824:6830 transaction 13 in, still active
binder: send failed reply for transaction 13 to 6824:6850
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
sock: process `syz-executor5' is using obsolete setsockopt SO_BSDCOMPAT
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor2/6877
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 0 PID: 6877 Comm: syz-executor2 Not tainted 4.4.120-gd63fdf6 #29
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 fad8adf9b4861c72 ffff8800b9437648 ffffffff81d0408d
 0000000000000000 ffffffff839fe5a0 ffffffff83d0be20 ffff8800b92d6000
 0000000000000003 ffff8800b9437688 ffffffff81d63fe4 ffff8800b94376a0
Call Trace:
 [<ffffffff81d0408d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d0408d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81d63fe4>] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46
 [<ffffffff81d6404c>] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
 [<ffffffff832e2f08>] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832e2f08>] ipcomp_init_state+0x188/0x980 net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff8324ac70>] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137
 [<ffffffff832c1817>] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2058
 [<ffffffff832c1f7a>] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2084
 [<ffffffff8344681b>] pfkey_msg2xfrm_state net/key/af_key.c:1289 [inline]
 [<ffffffff8344681b>] pfkey_add+0x1fbb/0x3490 net/key/af_key.c:1506
binder: 6914:6915 BC_INCREFS_DONE u0000000000000000 no match
binder: 6914:6915 got reply transaction with no transaction stack
binder: 6914:6915 transaction failed 29201/-71, size 0-0 line 2921
binder: 6914:6915 BC_INCREFS_DONE u0000000000000000 no match
binder: 6914:6915 got reply transaction with no transaction stack
binder: 6914:6915 transaction failed 29201/-71, size 0-0 line 2921
binder: 6914:6917 BC_DEAD_BINDER_DONE 0000000000000000 not found
binder: undelivered TRANSACTION_ERROR: 29201
binder: undelivered TRANSACTION_ERROR: 29201
 [<ffffffff8344a45b>] pfkey_process+0x68b/0x750 net/key/af_key.c:2834
 [<ffffffff8344bcb9>] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3678
 [<ffffffff82deba6a>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82deba6a>] sock_sendmsg+0xca/0x110 net/socket.c:635
 [<ffffffff82ded641>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
 [<ffffffff82def693>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
 [<ffffffff82eda56a>] C_SYSC_sendmsg net/compat.c:720 [inline]
 [<ffffffff82eda56a>] compat_SyS_sendmsg+0x2a/0x40 net/compat.c:718
 [<ffffffff81006d91>] do_syscall_32_irqs_on arch/x86/entry/common.c:392 [inline]
 [<ffffffff81006d91>] do_fast_syscall_32+0x321/0x8a0 arch/x86/entry/common.c:459
 [<ffffffff837752ea>] sysenter_flags_fixed+0xd/0x17
device syz_tun entered promiscuous mode
device syz_tun left promiscuous mode
vmalloc: allocation failure: 0 bytes
syz-executor1: page allocation failure: order:0, mode:0x24000c2
CPU: 0 PID: 6984 Comm: syz-executor1 Not tainted 4.4.120-gd63fdf6 #29
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 399ca44d3e166001 ffff8801c4fcf8c0 ffffffff81d0408d
 1ffff100389f9f1b ffff8800b8403000 00000000024000c2 0000000000000000
 0000000000000001 ffff8801c4fcf9d0 ffffffff81431059 ffffffff838ac620
Call Trace:
 [<ffffffff81d0408d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d0408d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81431059>] warn_alloc_failed+0x1d9/0x240 mm/page_alloc.c:2757
 [<ffffffff814c868d>] __vmalloc_node_range+0x41d/0x630 mm/vmalloc.c:1692
 [<ffffffff814c896b>] __vmalloc_node mm/vmalloc.c:1715 [inline]
 [<ffffffff814c896b>] __vmalloc_node_flags mm/vmalloc.c:1729 [inline]
 [<ffffffff814c896b>] vmalloc+0x5b/0x70 mm/vmalloc.c:1744
 [<ffffffff81b70350>] sel_write_load+0x130/0xff0 security/selinux/selinuxfs.c:527
 [<ffffffff8151d373>] __vfs_write+0x103/0x450 fs/read_write.c:489
 [<ffffffff8151f1da>] vfs_write+0x18a/0x530 fs/read_write.c:538
 [<ffffffff815218c9>] SYSC_write fs/read_write.c:585 [inline]
 [<ffffffff815218c9>] SyS_write+0xd9/0x1b0 fs/read_write.c:577
 [<ffffffff81006d91>] do_syscall_32_irqs_on arch/x86/entry/common.c:392 [inline]
 [<ffffffff81006d91>] do_fast_syscall_32+0x321/0x8a0 arch/x86/entry/common.c:459
 [<ffffffff837752ea>] sysenter_flags_fixed+0xd/0x17
Mem-Info:
active_anon:53667 inactive_anon:45 isolated_anon:0
 active_file:3552 inactive_file:8415 isolated_file:0
 unevictable:0 dirty:118 writeback:0 unstable:0
 slab_reclaimable:5800 slab_unreclaimable:59332
 mapped:23801 shmem:68 pagetables:621 bounce:0
 free:1474186 free_pcp:483 free_cma:0
DMA free:15904kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15992kB managed:15904kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes
lowmem_reserve[]: 0 2911 6411 6411
DMA32 free:2668640kB min:30608kB low:38260kB high:45912kB active_anon:96428kB inactive_anon:68kB active_file:7608kB inactive_file:15544kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3129292kB managed:2982732kB mlocked:0kB dirty:192kB writeback:0kB mapped:44556kB shmem:88kB slab_reclaimable:11448kB slab_unreclaimable:107328kB kernel_stack:2752kB pagetables:1052kB unstable:0kB bounce:0kB free_pcp:1036kB local_pcp:320kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 3500 3500
Normal free:3212580kB min:36808kB low:46008kB high:55212kB active_anon:118152kB inactive_anon:112kB active_file:6600kB inactive_file:18116kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3584660kB mlocked:0kB dirty:280kB writeback:0kB mapped:50604kB shmem:116kB slab_reclaimable:11780kB slab_unreclaimable:130024kB kernel_stack:2976kB pagetables:1384kB unstable:0kB bounce:0kB free_pcp:992kB local_pcp:368kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 0 0
DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15904kB
DMA32: 508*4kB (UME) 119*8kB (UME) 139*16kB (UM) 127*32kB (UM) 61*64kB (UME) 36*128kB (UM) 21*256kB (UM) 9*512kB (ME) 29*1024kB (M) 3*2048kB (UM) 636*4096kB (M) = 2668664kB
Normal: 641*4kB (UME) 326*8kB (UM) 171*16kB (UM) 86*32kB (UME) 72*64kB (UM) 45*128kB (UME) 25*256kB (M) 13*512kB (M) 26*1024kB (M) 3*2048kB (UM) 768*4096kB (M) = 3212580kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
12019 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965969 pages RAM
0 pages HighMem/MovableOnly
320145 pages reserved
audit: type=1400 audit(1521436605.516:22): avc:  denied  { create } for  pid=7110 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_iscsi_socket permissive=1
keychord: invalid keycode count 0
keychord: invalid keycode count 0
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
audit: type=1400 audit(1521436606.296:23): avc:  denied  { getopt } for  pid=7378 comm=AC scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
binder_alloc: binder_alloc_mmap_handler: 7378 20001000-20003000 already mapped failed -16
proc: unrecognized mount option "�" or missing value
proc: unrecognized mount option "�" or missing value
binder: 7577:7579 unknown command -1016899195
binder: 7577:7579 ioctl c0306201 200001c0 returned -22
binder: 7577:7597 unknown command -1016899195
binder: 7577:7597 ioctl c0306201 200001c0 returned -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 7577:7579 ioctl 40046207 0 returned -16
mmap: syz-executor4 (7615) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
netlink: 20 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 20 bytes leftover after parsing attributes in process `syz-executor1'.
IPVS: set_ctl: invalid protocol: 13703 39.52.93.236:60696 Ɓtp�m�`x/.�Hݼ�ބ�DB�C��+��<x@
audit: type=1326 audit(1521436607.616:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7697 comm="syz-executor6" exe="/root/syz-executor6" sig=9 arch=40000003 syscall=240 compat=1 ip=0xf770bba9 code=0x0
IPVS: set_ctl: invalid protocol: 13703 39.52.93.236:60696 Ɓtp�m�`x/.�Hݼ�ބ�DB�C��+��<x@
audit: type=1326 audit(1521436607.686:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7697 comm="syz-executor6" exe="/root/syz-executor6" sig=9 arch=40000003 syscall=240 compat=1 ip=0xf770bba9 code=0x0
audit: type=1326 audit(1521436607.756:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7719 comm="syz-executor6" exe="/root/syz-executor6" sig=9 arch=40000003 syscall=240 compat=1 ip=0xf770bba9 code=0x0
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 7752 Comm: syz-executor2 Not tainted 4.4.120-gd63fdf6 #29
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801d336b000 task.stack: ffff8801d49d8000
RIP: 0010:[<ffffffff831aa241>]  [<ffffffff831aa241>] __xfrm_policy_check2 include/net/xfrm.h:1070 [inline]
RIP: 0010:[<ffffffff831aa241>]  [<ffffffff831aa241>] xfrm_policy_check include/net/xfrm.h:1076 [inline]
RIP: 0010:[<ffffffff831aa241>]  [<ffffffff831aa241>] xfrm4_policy_check include/net/xfrm.h:1081 [inline]
RIP: 0010:[<ffffffff831aa241>]  [<ffffffff831aa241>] udp_queue_rcv_skb+0x191/0x1560 net/ipv4/udp.c:1517
RSP: 0018:ffff8801d49df8b0  EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff8801d2b48000 RCX: ffffffff831aa228
RDX: 000000000000000c RSI: ffffc90001e23000 RDI: 0000000000000060
RBP: ffff8801d49df8f0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000000 R11: 1ffff1003a93bee8 R12: ffff8800a7a218c0
R13: 0000000000000001 R14: 0000000000000000 R15: ffff8800a7a21918
FS:  0000000000000000(0000) GS:ffff8801db200000(0063) knlGS:00000000f6feab40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 0000000008133324 CR3: 00000000b5b10000 CR4: 0000000000160670
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff8801d2b48088 ffff880100000001 ffff8801d2b48088 dffffc0000000000
 ffff8801d2b48000 0000000000000000 ffffed003a569086 ffff8800a7a218c0
 ffff8801d49df960 ffffffff82df8cb6 ffff8801d2b48188 ffff8801d2b48190
Call Trace:
 [<ffffffff82df8cb6>] sk_backlog_rcv include/net/sock.h:871 [inline]
 [<ffffffff82df8cb6>] __release_sock net/core/sock.c:2023 [inline]
 [<ffffffff82df8cb6>] release_sock+0x176/0x510 net/core/sock.c:2473
 [<ffffffff831a3854>] udp_sendmsg+0x15c4/0x1c30 net/ipv4/udp.c:1105
 [<ffffffff831d7d4c>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755
 [<ffffffff82deba6a>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82deba6a>] sock_sendmsg+0xca/0x110 net/socket.c:635
 [<ffffffff82dec9b8>] SYSC_sendto+0x2c8/0x340 net/socket.c:1665
 [<ffffffff82deeeb0>] SyS_sendto+0x40/0x50 net/socket.c:1633
 [<ffffffff81006d91>] do_syscall_32_irqs_on arch/x86/entry/common.c:392 [inline]
 [<ffffffff81006d91>] do_fast_syscall_32+0x321/0x8a0 arch/x86/entry/common.c:459
 [<ffffffff837752ea>] sysenter_flags_fixed+0xd/0x17
Code: 74 24 58 41 f6 c6 01 0f 85 7f 07 00 00 e8 28 6b 1b fe 49 83 e6 fe 48 b8 00 00 00 00 00 fc ff df 49 8d 7e 60 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 01 0f 8e 9f 0b 00 00 41 f6 46 60 04 
RIP  [<ffffffff831aa241>] __xfrm_policy_check2 include/net/xfrm.h:1070 [inline]
RIP  [<ffffffff831aa241>] xfrm_policy_check include/net/xfrm.h:1076 [inline]
RIP  [<ffffffff831aa241>] xfrm4_policy_check include/net/xfrm.h:1081 [inline]
RIP  [<ffffffff831aa241>] udp_queue_rcv_skb+0x191/0x1560 net/ipv4/udp.c:1517
 RSP <ffff8801d49df8b0>
---[ end trace 8916098ac5dd016d ]---