BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:34 in_atomic(): 1, irqs_disabled(): 0, pid: 29742, name: syz-executor4 2 locks held by syz-executor4/29742: #0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<0000000089dd9265>] xfrm_netlink_rcv+0x60/0x90 net/xfrm/xfrm_user.c:2598 #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000dce8d173>] spin_lock_bh include/linux/spinlock.h:315 [inline] #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000dce8d173>] xfrm_policy_flush+0x424/0x770 net/xfrm/xfrm_policy.c:951 CPU: 0 PID: 29742 Comm: syz-executor4 Not tainted 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6060 __might_sleep+0x95/0x190 kernel/sched/core.c:6013 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:34 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x1c/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 xfrm_flush_policy+0x153/0x440 net/xfrm/xfrm_user.c:2061 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f234423dc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000020012808 RDI: 0000000000000014 RBP: 0000000000000583 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f64e8 R13: 00000000ffffffff R14: 00007f234423e6d4 R15: 0000000000000000 ===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 4.15.0-rc5+ #177 Tainted: G W ----------------------------------------------------- syz-executor4/29742 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: (cpu_hotplug_lock.rw_sem){++++}, at: [<00000000a3a7bdec>] get_online_cpus include/linux/cpu.h:117 [inline] (cpu_hotplug_lock.rw_sem){++++}, at: [<00000000a3a7bdec>] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 and this task is already holding: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000dce8d173>] spin_lock_bh include/linux/spinlock.h:315 [inline] (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000dce8d173>] xfrm_policy_flush+0x424/0x770 net/xfrm/xfrm_policy.c:951 which would create a new lock dependency: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...} -> (cpu_hotplug_lock.rw_sem){++++} but this new dependency connects a SOFTIRQ-irq-safe lock: (slock-AF_INET){+.-.} ... which became SOFTIRQ-irq-safe at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:310 [inline] sk_clone_lock+0x4a8/0x1630 net/core/sock.c:1670 inet_csk_clone_lock+0x91/0x4c0 net/ipv4/inet_connection_sock.c:781 tcp_create_openreq_child+0x9b/0x1b70 net/ipv4/tcp_minisocks.c:450 tcp_v4_syn_recv_sock+0x119/0x1260 net/ipv4/tcp_ipv4.c:1350 tcp_check_req+0xe68/0x15e0 net/ipv4/tcp_minisocks.c:781 tcp_v4_rcv+0x1624/0x2ea0 net/ipv4/tcp_ipv4.c:1696 ip_local_deliver_finish+0x2f1/0xc50 net/ipv4/ip_input.c:216 NF_HOOK include/linux/netfilter.h:250 [inline] ip_local_deliver+0x1ce/0x6e0 net/ipv4/ip_input.c:257 dst_input include/net/dst.h:449 [inline] ip_rcv_finish+0x953/0x1e30 net/ipv4/ip_input.c:397 NF_HOOK include/linux/netfilter.h:250 [inline] ip_rcv+0xc5a/0x1840 net/ipv4/ip_input.c:493 __netif_receive_skb_core+0x1a41/0x3460 net/core/dev.c:4499 __netif_receive_skb+0x2c/0x1b0 net/core/dev.c:4564 netif_receive_skb_internal+0x10b/0x670 net/core/dev.c:4638 napi_skb_finish net/core/dev.c:5000 [inline] napi_gro_receive+0x3d0/0x500 net/core/dev.c:5031 receive_buf+0xa16/0x2b30 drivers/net/virtio_net.c:886 virtnet_receive drivers/net/virtio_net.c:1131 [inline] virtnet_poll+0x359/0xbc0 drivers/net/virtio_net.c:1213 napi_poll net/core/dev.c:5642 [inline] net_rx_action+0x792/0x1910 net/core/dev.c:5708 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:540 [inline] do_IRQ+0xeb/0x190 arch/x86/kernel/irq.c:241 ret_from_intr+0x0/0x1e native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:54 arch_safe_halt arch/x86/include/asm/paravirt.h:93 [inline] default_idle+0xbf/0x460 arch/x86/kernel/process.c:355 arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:346 default_idle_call+0x36/0x90 kernel/sched/idle.c:98 cpuidle_idle_call kernel/sched/idle.c:156 [inline] do_idle+0x24a/0x3b0 kernel/sched/idle.c:246 cpu_startup_entry+0x104/0x120 kernel/sched/idle.c:351 start_secondary+0x40a/0x590 arch/x86/kernel/smpboot.c:277 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 to a SOFTIRQ-irq-unsafe lock: (cpu_hotplug_lock.rw_sem){++++} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 down_write+0x87/0x120 kernel/locking/rwsem.c:70 percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145 cpus_write_lock kernel/cpu.c:305 [inline] _cpu_up+0x60/0x510 kernel/cpu.c:990 do_cpu_up+0x73/0xa0 kernel/cpu.c:1066 cpu_up+0x18/0x20 kernel/cpu.c:1074 smp_init+0x13a/0x152 kernel/smp.c:578 kernel_init_freeable+0x2fe/0x521 init/main.c:1064 kernel_init+0x13/0x172 init/main.c:996 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 other info that might help us debug this: Chain exists of: slock-AF_INET --> &(&net->xfrm.xfrm_policy_lock)->rlock --> cpu_hotplug_lock.rw_sem Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(cpu_hotplug_lock.rw_sem); local_irq_disable(); lock(slock-AF_INET); lock(&(&net->xfrm.xfrm_policy_lock)->rlock); lock(slock-AF_INET); *** DEADLOCK *** 2 locks held by syz-executor4/29742: #0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<0000000089dd9265>] xfrm_netlink_rcv+0x60/0x90 net/xfrm/xfrm_user.c:2598 #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000dce8d173>] spin_lock_bh include/linux/spinlock.h:315 [inline] #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000dce8d173>] xfrm_policy_flush+0x424/0x770 net/xfrm/xfrm_policy.c:951 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (slock-AF_INET){+.-.} ops: 174301 { HARDIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] lock_sock_nested+0x44/0x110 net/core/sock.c:2772 lock_sock include/net/sock.h:1462 [inline] sock_setsockopt+0x16b/0x1af0 net/core/sock.c:717 SYSC_setsockopt net/socket.c:1817 [inline] SyS_setsockopt+0x2ff/0x360 net/socket.c:1800 entry_SYSCALL_64_fastpath+0x23/0x9a IN-SOFTIRQ-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:310 [inline] sk_clone_lock+0x4a8/0x1630 net/core/sock.c:1670 inet_csk_clone_lock+0x91/0x4c0 net/ipv4/inet_connection_sock.c:781 tcp_create_openreq_child+0x9b/0x1b70 net/ipv4/tcp_minisocks.c:450 tcp_v4_syn_recv_sock+0x119/0x1260 net/ipv4/tcp_ipv4.c:1350 tcp_check_req+0xe68/0x15e0 net/ipv4/tcp_minisocks.c:781 tcp_v4_rcv+0x1624/0x2ea0 net/ipv4/tcp_ipv4.c:1696 ip_local_deliver_finish+0x2f1/0xc50 net/ipv4/ip_input.c:216 NF_HOOK include/linux/netfilter.h:250 [inline] ip_local_deliver+0x1ce/0x6e0 net/ipv4/ip_input.c:257 dst_input include/net/dst.h:449 [inline] ip_rcv_finish+0x953/0x1e30 net/ipv4/ip_input.c:397 NF_HOOK include/linux/netfilter.h:250 [inline] ip_rcv+0xc5a/0x1840 net/ipv4/ip_input.c:493 __netif_receive_skb_core+0x1a41/0x3460 net/core/dev.c:4499 __netif_receive_skb+0x2c/0x1b0 net/core/dev.c:4564 netif_receive_skb_internal+0x10b/0x670 net/core/dev.c:4638 napi_skb_finish net/core/dev.c:5000 [inline] napi_gro_receive+0x3d0/0x500 net/core/dev.c:5031 receive_buf+0xa16/0x2b30 drivers/net/virtio_net.c:886 virtnet_receive drivers/net/virtio_net.c:1131 [inline] virtnet_poll+0x359/0xbc0 drivers/net/virtio_net.c:1213 napi_poll net/core/dev.c:5642 [inline] net_rx_action+0x792/0x1910 net/core/dev.c:5708 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:540 [inline] do_IRQ+0xeb/0x190 arch/x86/kernel/irq.c:241 ret_from_intr+0x0/0x1e native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:54 arch_safe_halt arch/x86/include/asm/paravirt.h:93 [inline] default_idle+0xbf/0x460 arch/x86/kernel/process.c:355 arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:346 default_idle_call+0x36/0x90 kernel/sched/idle.c:98 cpuidle_idle_call kernel/sched/idle.c:156 [inline] do_idle+0x24a/0x3b0 kernel/sched/idle.c:246 cpu_startup_entry+0x104/0x120 kernel/sched/idle.c:351 start_secondary+0x40a/0x590 arch/x86/kernel/smpboot.c:277 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 INITIAL USE at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] lock_sock_nested+0x44/0x110 net/core/sock.c:2772 lock_sock include/net/sock.h:1462 [inline] sock_setsockopt+0x16b/0x1af0 net/core/sock.c:717 SYSC_setsockopt net/socket.c:1817 [inline] SyS_setsockopt+0x2ff/0x360 net/socket.c:1800 entry_SYSCALL_64_fastpath+0x23/0x9a } ... key at: [<00000000d8aefa9b>] af_family_slock_keys+0x10/0x180 ... acquired at: __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_policy_delete+0x3e/0x90 net/xfrm/xfrm_policy.c:1247 xfrm_sk_free_policy include/net/xfrm.h:1261 [inline] inet_csk_destroy_sock+0x2bf/0x3f0 net/ipv4/inet_connection_sock.c:836 dccp_close+0x853/0xc20 net/dccp/proto.c:1084 inet_release+0xed/0x1c0 net/ipv4/af_inet.c:427 sock_release+0x8d/0x1e0 net/socket.c:593 sock_close+0x16/0x20 net/socket.c:1121 __fput+0x327/0x7e0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x199/0x270 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x9bb/0x1ad0 kernel/exit.c:865 do_group_exit+0x149/0x400 kernel/exit.c:968 get_signal+0x73f/0x16c0 kernel/signal.c:2335 do_signal+0x90/0x1eb0 arch/x86/kernel/signal.c:809 exit_to_usermode_loop+0x214/0x310 arch/x86/entry/common.c:158 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x98/0x9a -> (&(&net->xfrm.xfrm_policy_lock)->rlock){+...} ops: 878 { HARDIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_sk_policy_insert+0xef/0x580 net/xfrm/xfrm_policy.c:1268 xfrm_user_policy+0x525/0x8c0 net/xfrm/xfrm_state.c:2077 do_ip_setsockopt.isra.12+0xfd9/0x3160 net/ipv4/ip_sockglue.c:1161 ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1248 dccp_setsockopt+0x85/0xd0 net/dccp/proto.c:576 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1821 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1800 entry_SYSCALL_64_fastpath+0x23/0x9a INITIAL USE at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_sk_policy_insert+0xef/0x580 net/xfrm/xfrm_policy.c:1268 xfrm_user_policy+0x525/0x8c0 net/xfrm/xfrm_state.c:2077 do_ip_setsockopt.isra.12+0xfd9/0x3160 net/ipv4/ip_sockglue.c:1161 ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1248 dccp_setsockopt+0x85/0xd0 net/dccp/proto.c:576 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1821 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1800 entry_SYSCALL_64_fastpath+0x23/0x9a } ... key at: [<000000005c5630e4>] __key.66927+0x0/0x40 ... acquired at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 xfrm_flush_policy+0x153/0x440 net/xfrm/xfrm_user.c:2061 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (cpu_hotplug_lock.rw_sem){++++} ops: 1950 { HARDIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 down_write+0x87/0x120 kernel/locking/rwsem.c:70 percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145 cpus_write_lock kernel/cpu.c:305 [inline] _cpu_up+0x60/0x510 kernel/cpu.c:990 do_cpu_up+0x73/0xa0 kernel/cpu.c:1066 cpu_up+0x18/0x20 kernel/cpu.c:1074 smp_init+0x13a/0x152 kernel/smp.c:578 kernel_init_freeable+0x2fe/0x521 init/main.c:1064 kernel_init+0x13/0x172 init/main.c:996 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 HARDIRQ-ON-R at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] kmem_cache_create+0x26/0x2a0 mm/slab_common.c:440 debug_objects_mem_init+0xda/0x910 lib/debugobjects.c:1139 start_kernel+0x6dd/0x819 init/main.c:671 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 SOFTIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 down_write+0x87/0x120 kernel/locking/rwsem.c:70 percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145 cpus_write_lock kernel/cpu.c:305 [inline] _cpu_up+0x60/0x510 kernel/cpu.c:990 do_cpu_up+0x73/0xa0 kernel/cpu.c:1066 cpu_up+0x18/0x20 kernel/cpu.c:1074 smp_init+0x13a/0x152 kernel/smp.c:578 kernel_init_freeable+0x2fe/0x521 init/main.c:1064 kernel_init+0x13/0x172 init/main.c:996 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 SOFTIRQ-ON-R at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] kmem_cache_create+0x26/0x2a0 mm/slab_common.c:440 debug_objects_mem_init+0xda/0x910 lib/debugobjects.c:1139 start_kernel+0x6dd/0x819 init/main.c:671 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 INITIAL USE at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock kernel/cpu.c:293 [inline] __cpuhp_setup_state+0x60/0x140 kernel/cpu.c:1670 cpuhp_setup_state_nocalls include/linux/cpuhotplug.h:229 [inline] kvm_guest_init+0x1f3/0x20f arch/x86/kernel/kvm.c:528 setup_arch+0x17e8/0x1a02 arch/x86/kernel/setup.c:1266 start_kernel+0xcd/0x819 init/main.c:532 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 } ... key at: [<00000000b8640001>] cpu_hotplug_lock+0xd8/0x140 ... acquired at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 xfrm_flush_policy+0x153/0x440 net/xfrm/xfrm_user.c:2061 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a stack backtrace: CPU: 0 PID: 29742 Comm: syz-executor4 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_bad_irq_dependency kernel/locking/lockdep.c:1565 [inline] check_usage+0xad0/0xb60 kernel/locking/lockdep.c:1597 check_irq_usage kernel/locking/lockdep.c:1653 [inline] check_prev_add_irq kernel/locking/lockdep_states.h:8 [inline] check_prev_add kernel/locking/lockdep.c:1863 [inline] check_prevs_add kernel/locking/lockdep.c:1971 [inline] validate_chain kernel/locking/lockdep.c:2412 [inline] __lock_acquire+0x2bd1/0x3e00 kernel/locking/lockdep.c:3426 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 xfrm_flush_policy+0x153/0x440 net/xfrm/xfrm_user.c:2061 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f234423dc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000020012808 RDI: 0000000000000014 RBP: 0000000000000583 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f64e8 R13: 00000000ffffffff R14: 00007f234423e6d4 R15: 0000000000000000 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=29807 comm=syz-executor4 device ip6_vti0 entered promiscuous mode device ip6_vti0 left promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31 sclass=netlink_route_socket pig=30150 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31 sclass=netlink_route_socket pig=30167 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31 sclass=netlink_route_socket pig=30183 comm=syz-executor1 nla_parse: 25 callbacks suppressed netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 0 PID: 30566 Comm: syz-executor1 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3289 [inline] kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:983 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1180 [inline] netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1872 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 sock_write_iter+0x31a/0x5d0 net/socket.c:907 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x684/0x970 fs/read_write.c:482 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007facce363c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007facce363aa0 RCX: 0000000000452ac9 RDX: 0000000000000029 RSI: 0000000020171f66 RDI: 0000000000000013 RBP: 00007facce363a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007facce363bc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 30578 Comm: syz-executor1 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3289 [inline] kmem_cache_alloc_node_trace+0x5a/0x750 mm/slab.c:3651 __do_kmalloc_node mm/slab.c:3671 [inline] __kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3686 __kmalloc_reserve.isra.39+0x41/0xd0 net/core/skbuff.c:137 __alloc_skb+0x13b/0x780 net/core/skbuff.c:205 alloc_skb include/linux/skbuff.h:983 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1180 [inline] netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1872 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 sock_write_iter+0x31a/0x5d0 net/socket.c:907 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x684/0x970 fs/read_write.c:482 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007facce363c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007facce363aa0 RCX: 0000000000452ac9 RDX: 0000000000000029 RSI: 0000000020171f66 RDI: 0000000000000013 RBP: 00007facce363a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007facce363bc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 30591 Comm: syz-executor1 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3289 [inline] kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:983 [inline] netlink_dump+0x545/0xcf0 net/netlink/af_netlink.c:2203 __netlink_dump_start+0x4f0/0x6d0 net/netlink/af_netlink.c:2319 genl_family_rcv_msg+0xd21/0xfb0 net/netlink/genetlink.c:548 genl_rcv_msg+0xb2/0x140 net/netlink/genetlink.c:624 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 genl_rcv+0x28/0x40 net/netlink/genetlink.c:635 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 sock_write_iter+0x31a/0x5d0 net/socket.c:907 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x684/0x970 fs/read_write.c:482 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007facce363c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007facce363aa0 RCX: 0000000000452ac9 RDX: 0000000000000029 RSI: 0000000020171f66 RDI: 0000000000000013 RBP: 00007facce363a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007facce363bc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. CPU: 0 PID: 30606 Comm: syz-executor1 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3289 [inline] kmem_cache_alloc_node_trace+0x5a/0x750 mm/slab.c:3651 __do_kmalloc_node mm/slab.c:3671 [inline] __kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3686 __kmalloc_reserve.isra.39+0x41/0xd0 net/core/skbuff.c:137 __alloc_skb+0x13b/0x780 net/core/skbuff.c:205 alloc_skb include/linux/skbuff.h:983 [inline] netlink_dump+0x545/0xcf0 net/netlink/af_netlink.c:2203 __netlink_dump_start+0x4f0/0x6d0 net/netlink/af_netlink.c:2319 genl_family_rcv_msg+0xd21/0xfb0 net/netlink/genetlink.c:548 genl_rcv_msg+0xb2/0x140 net/netlink/genetlink.c:624 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 genl_rcv+0x28/0x40 net/netlink/genetlink.c:635 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 sock_write_iter+0x31a/0x5d0 net/socket.c:907 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x684/0x970 fs/read_write.c:482 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007facce363c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007facce363aa0 RCX: 0000000000452ac9 RDX: 0000000000000029 RSI: 0000000020171f66 RDI: 0000000000000013 RBP: 00007facce363a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007facce363bc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 30783 Comm: syz-executor2 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 anon_vma_chain_alloc mm/rmap.c:128 [inline] __anon_vma_prepare+0xbc/0x6b0 mm/rmap.c:182 anon_vma_prepare include/linux/rmap.h:153 [inline] do_huge_pmd_anonymous_page+0x1127/0x1b00 mm/huge_memory.c:678 create_huge_pmd mm/memory.c:3828 [inline] __handle_mm_fault+0x1a0c/0x3ce0 mm/memory.c:4032 handle_mm_fault+0x334/0x8d0 mm/memory.c:4098 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1429 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x2c/0x60 arch/x86/entry/entry_64.S:1225 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:180 RSP: 0018:ffff8801c637fc28 EFLAGS: 00010202 RAX: ffffed0038c6ffd0 RBX: 0000000020358fa0 RCX: 0000000000000060 RDX: 0000000000000060 RSI: 0000000020358fa0 RDI: ffff8801c637fe20 RBP: ffff8801c637fc58 R08: ffffed0038c6ffd0 R09: ffffed0038c6ffd0 R10: 000000000000000c R11: ffffed0038c6ffcf R12: 0000000000000060 R13: ffff8801c637fe20 R14: 00007ffffffff000 R15: 0000000020359000 copy_from_user include/linux/uaccess.h:147 [inline] move_addr_to_kernel.part.18+0x34/0x100 net/socket.c:188 move_addr_to_kernel net/socket.c:1725 [inline] SYSC_sendto+0x49f/0x5c0 net/socket.c:1710 SyS_sendto+0x40/0x50 net/socket.c:1687 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f65a0eebc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f65a0eebaa0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000020ec8000 RDI: 0000000000000013 RBP: 00007f65a0eeba90 R08: 0000000020358fa0 R09: 0000000000000060 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007f65a0eebbc8 R14: 00000000004b767a R15: 0000000000000000 device ip6tnl0 left promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 30962 Comm: syz-executor0 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 kmem_cache_zalloc include/linux/slab.h:678 [inline] alloc_mm_slot mm/khugepaged.c:369 [inline] __khugepaged_enter+0xbd/0x540 mm/khugepaged.c:405 khugepaged_enter include/linux/khugepaged.h:54 [inline] do_huge_pmd_anonymous_page+0x10d9/0x1b00 mm/huge_memory.c:680 create_huge_pmd mm/memory.c:3828 [inline] __handle_mm_fault+0x1a0c/0x3ce0 mm/memory.c:4032 handle_mm_fault+0x334/0x8d0 mm/memory.c:4098 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1429 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1225 RIP: 0033:0x40180b RSP: 002b:00007f4ec2e2eb90 EFLAGS: 00010246 RAX: 0000000020000000 RBX: 000000000000102a RCX: 0000000000000000 RDX: 2dc8a0e3ec541021 RSI: 0000000000000000 RDI: 00007f4ec2e2f608 RBP: 0000000020fd5fae R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000102a R11: 0000000000000000 R12: 00000000006f68c0 R13: 0000000000000013 R14: 00007f4ec2e2f6d4 R15: ffffffffffffffff oom_reaper: reaped process 30962 (syz-executor0), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31 sclass=netlink_route_socket pig=31383 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31 sclass=netlink_route_socket pig=31385 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1025 sclass=netlink_route_socket pig=31660 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1025 sclass=netlink_route_socket pig=31680 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1025 sclass=netlink_route_socket pig=31699 comm=syz-executor7