====================================================== WARNING: possible circular locking dependency detected 4.15.0-rc3+ #218 Not tainted ------------------------------------------------------ syz-executor5/11048 is trying to acquire lock: device gre0 entered promiscuous mode (&tty->ldisc_sem){++++}, at: [<0000000025ad3de8>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 but task is already holding lock: (&pipe->mutex/1){+.+.}, at: [<00000000d44c3de9>] pipe_lock_nested fs/pipe.c:67 [inline] (&pipe->mutex/1){+.+.}, at: [<00000000d44c3de9>] pipe_lock+0x56/0x70 fs/pipe.c:75 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #6 (&pipe->mutex/1){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 pipe_lock_nested fs/pipe.c:67 [inline] pipe_lock+0x56/0x70 fs/pipe.c:75 iter_file_splice_write+0x264/0xf30 fs/splice.c:699 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #5 (sb_writers){.+.+}: rmqueue mm/page_alloc.c:2873 [inline] get_page_from_freelist+0x19a0/0x52f0 mm/page_alloc.c:3212 __alloc_pages_nodemask+0x588/0xd80 mm/page_alloc.c:4221 __alloc_pages include/linux/gfp.h:456 [inline] __alloc_pages_node include/linux/gfp.h:469 [inline] kmem_getpages mm/slab.c:1413 [inline] cache_grow_begin+0x72/0x3f0 mm/slab.c:2671 cache_alloc_refill mm/slab.c:3038 [inline] ____cache_alloc mm/slab.c:3120 [inline] __do_cache_alloc mm/slab.c:3342 [inline] slab_alloc mm/slab.c:3377 [inline] kmem_cache_alloc+0x403/0x760 mm/slab.c:3545 getname_kernel+0x54/0x340 fs/namei.c:218 -> #4 ((completion)&req.done){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 complete_acquire include/linux/completion.h:40 [inline] __wait_for_common kernel/sched/completion.c:109 [inline] wait_for_common kernel/sched/completion.c:123 [inline] wait_for_completion+0xcb/0x7b0 kernel/sched/completion.c:144 devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115 device_add+0x120f/0x1640 drivers/base/core.c:1824 device_register+0x1d/0x20 drivers/base/core.c:1905 tty_register_device_attr+0x422/0x740 drivers/tty/tty_io.c:2956 tty_port_register_device_attr_serdev+0x100/0x140 drivers/tty/tty_port.c:166 uart_add_one_port+0xa7a/0x15b0 drivers/tty/serial/serial_core.c:2783 serial8250_register_8250_port+0xfac/0x1990 drivers/tty/serial/8250/8250_core.c:1045 serial_pnp_probe+0x5e7/0xac0 drivers/tty/serial/8250/8250_pnp.c:480 pnp_device_probe+0x15f/0x250 drivers/pnp/driver.c:109 really_probe drivers/base/dd.c:424 [inline] driver_probe_device+0x71b/0xae0 drivers/base/dd.c:566 __driver_attach+0x181/0x1c0 drivers/base/dd.c:800 bus_for_each_dev+0x154/0x1e0 drivers/base/bus.c:313 driver_attach+0x3d/0x50 drivers/base/dd.c:819 bus_add_driver+0x466/0x620 drivers/base/bus.c:669 driver_register+0x1bf/0x3c0 drivers/base/driver.c:168 pnp_register_driver+0x75/0xa0 drivers/pnp/driver.c:272 serial8250_pnp_init+0x15/0x20 drivers/tty/serial/8250/8250_pnp.c:537 serial8250_init+0x8f/0x270 drivers/tty/serial/8250/8250_core.c:1122 do_one_initcall+0x9e/0x330 init/main.c:831 do_initcall_level init/main.c:897 [inline] do_initcalls init/main.c:905 [inline] do_basic_setup init/main.c:923 [inline] kernel_init_freeable+0x469/0x521 init/main.c:1071 kernel_init+0x13/0x172 init/main.c:998 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:441 -> #3 (&port->mutex){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 uart_set_termios+0x8f/0x5b0 drivers/tty/serial/serial_core.c:1416 tty_set_termios+0x6d4/0xa40 drivers/tty/tty_ioctl.c:334 set_termios+0x377/0x6b0 drivers/tty/tty_ioctl.c:414 tty_mode_ioctl+0x9fb/0xb10 drivers/tty/tty_ioctl.c:749 n_tty_ioctl_helper+0x40/0x360 drivers/tty/tty_ioctl.c:940 n_tty_ioctl+0x148/0x2d0 drivers/tty/n_tty.c:2435 tty_ioctl+0x32e/0x15f0 drivers/tty/tty_io.c:2638 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:686 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #2 (&tty->termios_rwsem){++++}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 down_write+0x87/0x120 kernel/locking/rwsem.c:70 n_tty_flush_buffer+0x21/0x320 drivers/tty/n_tty.c:357 tty_buffer_flush+0x29a/0x390 drivers/tty/tty_buffer.c:233 tty_ldisc_flush+0x25/0x70 drivers/tty/tty_ldisc.c:418 tty_port_close_start.part.4+0x1cd/0x4e0 drivers/tty/tty_port.c:603 tty_port_close_start drivers/tty/tty_port.c:646 [inline] tty_port_close+0x3f/0x80 drivers/tty/tty_port.c:640 uart_close+0x77/0x1d0 drivers/tty/serial/serial_core.c:1487 tty_release+0x446/0x14c0 drivers/tty/tty_io.c:1639 __fput+0x333/0x7f0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x199/0x270 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x296/0x310 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x94/0x96 -> #1 (&buf->lock){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 tty_buffer_flush+0xbd/0x390 drivers/tty/tty_buffer.c:222 tty_ldisc_flush+0x25/0x70 drivers/tty/tty_ldisc.c:418 tty_port_close_start.part.4+0x1cd/0x4e0 drivers/tty/tty_port.c:603 tty_port_close_start drivers/tty/tty_port.c:646 [inline] tty_port_close+0x3f/0x80 drivers/tty/tty_port.c:640 uart_close+0x77/0x1d0 drivers/tty/serial/serial_core.c:1487 tty_release+0x446/0x14c0 drivers/tty/tty_io.c:1639 __fput+0x333/0x7f0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x199/0x270 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x296/0x310 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x94/0x96 -> #0 (&tty->ldisc_sem){++++}: check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __ldsem_down_read_nested+0xd1/0xa90 drivers/tty/tty_ldsem.c:325 ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:277 tty_read+0xf8/0x250 drivers/tty/tty_io.c:852 do_loop_readv_writev fs/read_write.c:673 [inline] do_iter_read+0x3db/0x5b0 fs/read_write.c:897 vfs_readv+0x121/0x1c0 fs/read_write.c:959 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x508/0xae0 fs/splice.c:416 do_splice_to+0x110/0x170 fs/splice.c:880 do_splice fs/splice.c:1173 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x11a8/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 other info that might help us debug this: Chain exists of: &tty->ldisc_sem --> sb_writers --> &pipe->mutex/1 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&pipe->mutex/1); lock(sb_writers); lock(&pipe->mutex/1); lock(&tty->ldisc_sem); *** DEADLOCK *** 1 lock held by syz-executor5/11048: #0: (&pipe->mutex/1){+.+.}, at: [<00000000d44c3de9>] pipe_lock_nested fs/pipe.c:67 [inline] #0: (&pipe->mutex/1){+.+.}, at: [<00000000d44c3de9>] pipe_lock+0x56/0x70 fs/pipe.c:75 stack backtrace: CPU: 1 PID: 11048 Comm: syz-executor5 Not tainted 4.15.0-rc3+ #218 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug+0x42d/0x610 kernel/locking/lockdep.c:1271 check_prev_add+0x666/0x15f0 kernel/locking/lockdep.c:1914 check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __ldsem_down_read_nested+0xd1/0xa90 drivers/tty/tty_ldsem.c:325 ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:277 tty_read+0xf8/0x250 drivers/tty/tty_io.c:852 do_loop_readv_writev fs/read_write.c:673 [inline] do_iter_read+0x3db/0x5b0 fs/read_write.c:897 vfs_readv+0x121/0x1c0 fs/read_write.c:959 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x508/0xae0 fs/splice.c:416 do_splice_to+0x110/0x170 fs/splice.c:880 do_splice fs/splice.c:1173 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x11a8/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a39 RSP: 002b:00007f09103b4c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000113 RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452a39 RDX: 0000000000000014 RSI: 0000000000000000 RDI: 0000000000000015 RBP: 000000000000010c R08: 0000000000000007 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ef9c0 R13: 00000000ffffffff R14: 00007f09103b56d4 R15: 0000000000000000 device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode net_ratelimit: 91 callbacks suppressed ICMPv6: NA: bb:bb:bb:bb:bb:00 advertised our address fe80::aa on syz0! ICMPv6: NA: bb:bb:bb:bb:bb:02 advertised our address fe80::2aa on syz2! device gre0 entered promiscuous mode device gre0 entered promiscuous mode ICMPv6: NA: bb:bb:bb:bb:bb:00 advertised our address fe80::aa on syz0! ICMPv6: NA: bb:bb:bb:bb:bb:02 advertised our address fe80::2aa on syz2! device gre0 entered promiscuous mode skbuff: bad partial csum: csum=0/65535 len=130 ICMPv6: NA: bb:bb:bb:bb:bb:02 advertised our address fe80::2aa on syz2! skbuff: bad partial csum: csum=0/65535 len=130 ICMPv6: NA: bb:bb:bb:bb:bb:00 advertised our address fe80::aa on syz0! ICMPv6: NA: bb:bb:bb:bb:bb:02 advertised our address fe80::2aa on syz2! ICMPv6: NA: bb:bb:bb:bb:bb:00 advertised our address fe80::aa on syz0! device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device lo entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 QAT: Invalid ioctl QAT: Invalid ioctl CPU: 0 PID: 11374 Comm: syz-executor5 Not tainted 4.15.0-rc3+ #218 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3292 [inline] kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3635 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:983 [inline] alloc_skb_with_frags+0x10d/0x750 net/core/skbuff.c:5142 sock_alloc_send_pskb+0x787/0x9b0 net/core/sock.c:2078 tun_alloc_skb drivers/net/tun.c:1355 [inline] tun_get_user+0x91c/0x36d0 drivers/net/tun.c:1644 tun_chr_write_iter+0xbf/0x160 drivers/net/tun.c:1800 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x68a/0x970 fs/read_write.c:482 vfs_write+0x18f/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a39 RSP: 002b:00007f09103b4c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f09103b4aa0 RCX: 0000000000452a39 RDX: 0000000000000046 RSI: 0000000020342000 RDI: 0000000000000015 RBP: 00007f09103b4a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75fb R13: 00007f09103b4bc8 R14: 00000000004b75fb R15: 0000000000000000 device gre0 entered promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. device gre0 entered promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. device gre0 entered promiscuous mode device gre0 entered promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. device gre0 entered promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'. device gre0 entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode QAT: Invalid ioctl device gre0 entered promiscuous mode QAT: Invalid ioctl device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 12404 Comm: syz-executor1 Not tainted 4.15.0-rc3+ #218 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3371 [inline] kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3611 kmalloc include/linux/slab.h:499 [inline] kzalloc include/linux/slab.h:688 [inline] tcp_sendmsg_fastopen net/ipv4/tcp.c:1152 [inline] tcp_sendmsg_locked+0x2453/0x3b30 net/ipv4/tcp.c:1214 tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1461 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:763 sock_sendmsg_nosec net/socket.c:636 [inline] sock_sendmsg+0xca/0x110 net/socket.c:646 SYSC_sendto+0x358/0x5a0 net/socket.c:1727 SyS_sendto+0x40/0x50 net/socket.c:1695 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a39 RSP: 002b:00007f5f728e3c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f5f728e3aa0 RCX: 0000000000452a39 RDX: 0000000000000000 RSI: 0000000020d46000 RDI: 0000000000000013 RBP: 00007f5f728e3a90 R08: 0000000020ac6000 R09: 000000000000001c R10: fffffefffffffffe R11: 0000000000000212 R12: 00000000004b75fb R13: 00007f5f728e3bc8 R14: 00000000004b75fb R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 12417 Comm: syz-executor1 Not tainted 4.15.0-rc3+ #218 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3292 [inline] kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3635 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193 alloc_skb_fclone include/linux/skbuff.h:1025 [inline] sk_stream_alloc_skb+0x11d/0x900 net/ipv4/tcp.c:870 tcp_connect+0x114e/0x3fb0 net/ipv4/tcp_output.c:3486 tcp_v6_connect+0x1d89/0x22a0 net/ipv6/tcp_ipv6.c:307 __inet_stream_connect+0x2d4/0xf00 net/ipv4/af_inet.c:619 tcp_sendmsg_fastopen net/ipv4/tcp.c:1169 [inline] tcp_sendmsg_locked+0x27e4/0x3b30 net/ipv4/tcp.c:1214 tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1461 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:763 sock_sendmsg_nosec net/socket.c:636 [inline] sock_sendmsg+0xca/0x110 net/socket.c:646 SYSC_sendto+0x358/0x5a0 net/socket.c:1727 SyS_sendto+0x40/0x50 net/socket.c:1695 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a39 RSP: 002b:00007f5f728e3c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f5f728e3aa0 RCX: 0000000000452a39 RDX: 0000000000000000 RSI: 0000000020d46000 RDI: 0000000000000013 RBP: 00007f5f728e3a90 R08: 0000000020ac6000 R09: 000000000000001c R10: fffffefffffffffe R11: 0000000000000212 R12: 00000000004b75fb R13: 00007f5f728e3bc8 R14: 00000000004b75fb R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 12428 Comm: syz-executor1 Not tainted 4.15.0-rc3+ #218 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3292 [inline] kmem_cache_alloc_node_trace+0x5a/0x760 mm/slab.c:3654 __do_kmalloc_node mm/slab.c:3674 [inline] __kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3689 __kmalloc_reserve.isra.41+0x41/0xd0 net/core/skbuff.c:137 __alloc_skb+0x13b/0x780 net/core/skbuff.c:205 alloc_skb_fclone include/linux/skbuff.h:1025 [inline] sk_stream_alloc_skb+0x11d/0x900 net/ipv4/tcp.c:870 tcp_connect+0x114e/0x3fb0 net/ipv4/tcp_output.c:3486 tcp_v6_connect+0x1d89/0x22a0 net/ipv6/tcp_ipv6.c:307 __inet_stream_connect+0x2d4/0xf00 net/ipv4/af_inet.c:619 tcp_sendmsg_fastopen net/ipv4/tcp.c:1169 [inline] tcp_sendmsg_locked+0x27e4/0x3b30 net/ipv4/tcp.c:1214 tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1461 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:763 sock_sendmsg_nosec net/socket.c:636 [inline] sock_sendmsg+0xca/0x110 net/socket.c:646 SYSC_sendto+0x358/0x5a0 net/socket.c:1727 SyS_sendto+0x40/0x50 net/socket.c:1695 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a39 RSP: 002b:00007f5f728e3c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f5f728e3aa0 RCX: 0000000000452a39 RDX: 0000000000000000 RSI: 0000000020d46000 RDI: 0000000000000013 RBP: 00007f5f728e3a90 R08: 0000000020ac6000 R09: 000000000000001c R10: fffffefffffffffe R11: 0000000000000212 R12: 00000000004b75fb R13: 00007f5f728e3bc8 R14: 00000000004b75fb R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 net_ratelimit: 178 callbacks suppressed ICMPv6: NA: bb:bb:bb:bb:bb:02 advertised our address fe80::2aa on syz2! CPU: 0 PID: 12444 Comm: syz-executor1 Not tainted 4.15.0-rc3+ #218 ICMPv6: NA: bb:bb:bb:bb:bb:00 advertised our address fe80::aa on syz0! Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ICMPv6: NA: bb:bb:bb:bb:bb:00 advertised our address fe80::aa on syz0! fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3292 [inline] kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3635 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193 skb_copy+0x12c/0x2e0 net/core/skbuff.c:1341 tcp_send_synack+0x273/0x1210 net/ipv4/tcp_output.c:3143 tcp_rcv_synsent_state_process net/ipv4/tcp_input.c:5760 [inline] tcp_rcv_state_process+0x13ed/0x4800 net/ipv4/tcp_input.c:5840 tcp_v6_do_rcv+0x739/0x11b0 net/ipv6/tcp_ipv6.c:1331 sk_backlog_rcv include/net/sock.h:907 [inline] __release_sock+0x124/0x360 net/core/sock.c:2264 release_sock+0xa4/0x2a0 net/core/sock.c:2779 tcp_sendmsg+0x3a/0x50 net/ipv4/tcp.c:1462 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:763 sock_sendmsg_nosec net/socket.c:636 [inline] sock_sendmsg+0xca/0x110 net/socket.c:646 SYSC_sendto+0x358/0x5a0 net/socket.c:1727 SyS_sendto+0x40/0x50 net/socket.c:1695 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a39 RSP: 002b:00007f5f728e3c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f5f728e3aa0 RCX: 0000000000452a39 RDX: 0000000000000000 RSI: 0000000020d46000 RDI: 0000000000000013 RBP: 00007f5f728e3a90 R08: 0000000020ac6000 R09: 000000000000001c R10: fffffefffffffffe R11: 0000000000000212 R12: 00000000004b75fb R13: 00007f5f728e3bc8 R14: 00000000004b75fb R15: 0000000000000000 ICMPv6: NA: bb:bb:bb:bb:bb:02 advertised our address fe80::2aa on syz2! device gre0 entered promiscuous mode ICMPv6: NA: bb:bb:bb:bb:bb:02 advertised our address fe80::2aa on syz2! skbuff: bad partial csum: csum=0/65535 len=60 nla_parse: 20 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. ICMPv6: NA: bb:bb:bb:bb:bb:00 advertised our address fe80::aa on syz0! ICMPv6: NA: bb:bb:bb:bb:bb:02 advertised our address fe80::2aa on syz2! netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. ICMPv6: NA: bb:bb:bb:bb:bb:00 advertised our address fe80::aa on syz0! device gre0 entered promiscuous mode ICMPv6: NA: bb:bb:bb:bb:bb:02 advertised our address fe80::2aa on syz2! netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 12730 Comm: syz-executor4 Not tainted 4.15.0-rc3+ #218 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3371 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3545 sctp_bucket_create net/sctp/socket.c:7563 [inline] sctp_get_port_local+0x9d6/0x13c0 net/sctp/socket.c:7322 sctp_get_port+0x127/0x190 net/sctp/socket.c:7371 inet_autobind+0xaa/0x180 net/ipv4/af_inet.c:181 inet_sendmsg+0x4de/0x5e0 net/ipv4/af_inet.c:760 sock_sendmsg_nosec net/socket.c:636 [inline] sock_sendmsg+0xca/0x110 net/socket.c:646 SYSC_sendto+0x358/0x5a0 net/socket.c:1727 SyS_sendto+0x40/0x50 net/socket.c:1695 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a39 RSP: 002b:00007fd0a310fc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007fd0a310faa0 RCX: 0000000000452a39 RDX: 0000000000000001 RSI: 0000000020832000 RDI: 0000000000000015 RBP: 00007fd0a310fa90 R08: 00000000205e4fe4 R09: 000000000000001c R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75fb R13: 00007fd0a310fbc8 R14: 00000000004b75fb R15: 0000000000000000 device gre0 entered promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 12771 Comm: syz-executor4 Not tainted 4.15.0-rc3+ #218 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3371 [inline] kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3611 kmalloc include/linux/slab.h:499 [inline] kzalloc include/linux/slab.h:688 [inline] sctp_add_bind_addr+0xd8/0x460 net/sctp/bind_addr.c:159 sctp_do_bind+0x312/0x550 net/sctp/socket.c:426 sctp_autobind+0x161/0x1d0 net/sctp/socket.c:7627 sctp_sendmsg+0x298d/0x3300 net/sctp/socket.c:1849 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:763 sock_sendmsg_nosec net/socket.c:636 [inline] sock_sendmsg+0xca/0x110 net/socket.c:646 SYSC_sendto+0x358/0x5a0 net/socket.c:1727 SyS_sendto+0x40/0x50 net/socket.c:1695 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a39 RSP: 002b:00007fd0a310fc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007fd0a310faa0 RCX: 0000000000452a39 RDX: 0000000000000001 RSI: 0000000020832000 RDI: 0000000000000015 RBP: 00007fd0a310fa90 R08: 00000000205e4fe4 R09: 000000000000001c R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75fb R13: 00007fd0a310fbc8 R14: 00000000004b75fb R15: 0000000000000000 device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode