====================================================== WARNING: possible circular locking dependency detected QAT: Invalid ioctl 4.14.0+ #190 Not tainted ------------------------------------------------------ syz-executor4/12594 is trying to acquire lock: (&pipe->mutex/1){+.+.}, at: [] pipe_lock_nested fs/pipe.c:67 [inline] (&pipe->mutex/1){+.+.}, at: [] pipe_lock+0x56/0x70 fs/pipe.c:75 but task is already holding lock: (sb_writers){.+.+}, at: [] file_start_write include/linux/fs.h:2715 [inline] (sb_writers){.+.+}, at: [] do_splice fs/splice.c:1146 [inline] (sb_writers){.+.+}, at: [] SYSC_splice fs/splice.c:1402 [inline] (sb_writers){.+.+}, at: [] SyS_splice+0x1117/0x1630 fs/splice.c:1382 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #5 (sb_writers){.+.+}: spin_lock include/linux/spinlock.h:315 [inline] __queue_work+0x2b1/0x1220 kernel/workqueue.c:1418 -> #4 ((completion)&req.done){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 complete_acquire include/linux/completion.h:40 [inline] __wait_for_common kernel/sched/completion.c:109 [inline] wait_for_common kernel/sched/completion.c:123 [inline] wait_for_completion+0xcb/0x7b0 kernel/sched/completion.c:144 devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115 device_add+0x120f/0x1640 drivers/base/core.c:1824 device_register+0x1d/0x20 drivers/base/core.c:1905 tty_register_device_attr+0x422/0x740 drivers/tty/tty_io.c:2956 tty_port_register_device_attr_serdev+0x100/0x140 drivers/tty/tty_port.c:166 uart_add_one_port+0xa7a/0x15b0 drivers/tty/serial/serial_core.c:2783 serial8250_register_8250_port+0xfac/0x1990 drivers/tty/serial/8250/8250_core.c:1045 serial_pnp_probe+0x5e7/0xac0 drivers/tty/serial/8250/8250_pnp.c:480 pnp_device_probe+0x15f/0x250 drivers/pnp/driver.c:109 really_probe drivers/base/dd.c:424 [inline] driver_probe_device+0x71b/0xae0 drivers/base/dd.c:566 __driver_attach+0x181/0x1c0 drivers/base/dd.c:800 bus_for_each_dev+0x154/0x1e0 drivers/base/bus.c:313 driver_attach+0x3d/0x50 drivers/base/dd.c:819 bus_add_driver+0x466/0x620 drivers/base/bus.c:669 driver_register+0x1bf/0x3c0 drivers/base/driver.c:168 pnp_register_driver+0x75/0xa0 drivers/pnp/driver.c:272 serial8250_pnp_init+0x15/0x20 drivers/tty/serial/8250/8250_pnp.c:537 serial8250_init+0x8f/0x270 drivers/tty/serial/8250/8250_core.c:1122 do_one_initcall+0x9e/0x330 init/main.c:826 do_initcall_level init/main.c:892 [inline] do_initcalls init/main.c:900 [inline] do_basic_setup init/main.c:918 [inline] kernel_init_freeable+0x469/0x521 init/main.c:1066 kernel_init+0x13/0x172 init/main.c:993 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:437 -> #3 (&port->mutex){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 uart_set_termios+0x8f/0x5b0 drivers/tty/serial/serial_core.c:1416 tty_set_termios+0x6d4/0xa40 drivers/tty/tty_ioctl.c:334 set_termios+0x377/0x6b0 drivers/tty/tty_ioctl.c:414 tty_mode_ioctl+0x9fb/0xb10 drivers/tty/tty_ioctl.c:749 n_tty_ioctl_helper+0x40/0x360 drivers/tty/tty_ioctl.c:940 n_tty_ioctl+0x148/0x2d0 drivers/tty/n_tty.c:2435 tty_ioctl+0x32e/0x15f0 drivers/tty/tty_io.c:2638 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:686 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #2 (&tty->termios_rwsem){++++}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 down_read+0x96/0x150 kernel/locking/rwsem.c:24 n_tty_write+0x249/0xed0 drivers/tty/n_tty.c:2285 do_tty_write drivers/tty/tty_io.c:949 [inline] tty_write+0x400/0x850 drivers/tty/tty_io.c:1033 redirected_tty_write+0xa1/0xb0 drivers/tty/tty_io.c:1054 __vfs_write+0xef/0x970 fs/read_write.c:480 vfs_write+0x18f/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #1 (&tty->ldisc_sem){++++}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __ldsem_down_read_nested+0xd1/0xa90 drivers/tty/tty_ldsem.c:325 ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:277 tty_read+0xf8/0x250 drivers/tty/tty_io.c:852 do_loop_readv_writev fs/read_write.c:673 [inline] do_iter_read+0x3db/0x5b0 fs/read_write.c:897 vfs_readv+0x121/0x1c0 fs/read_write.c:959 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x508/0xae0 fs/splice.c:416 do_splice_to+0x110/0x170 fs/splice.c:880 do_splice fs/splice.c:1173 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x11a8/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #0 (&pipe->mutex/1){+.+.}: check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 pipe_lock_nested fs/pipe.c:67 [inline] pipe_lock+0x56/0x70 fs/pipe.c:75 iter_file_splice_write+0x264/0xf30 fs/splice.c:699 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 other info that might help us debug this: Chain exists of: &pipe->mutex/1 --> (completion)&req.done --> sb_writers Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sb_writers); lock((completion)&req.done); lock(sb_writers); lock(&pipe->mutex/1); *** DEADLOCK *** 1 lock held by syz-executor4/12594: #0: (sb_writers){.+.+}, at: [] file_start_write include/linux/fs.h:2715 [inline] #0: (sb_writers){.+.+}, at: [] do_splice fs/splice.c:1146 [inline] #0: (sb_writers){.+.+}, at: [] SYSC_splice fs/splice.c:1402 [inline] #0: (sb_writers){.+.+}, at: [] SyS_splice+0x1117/0x1630 fs/splice.c:1382 stack backtrace: CPU: 1 PID: 12594 Comm: syz-executor4 Not tainted 4.14.0+ #190 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug+0x42d/0x610 kernel/locking/lockdep.c:1271 check_prev_add+0x666/0x15f0 kernel/locking/lockdep.c:1914 check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 pipe_lock_nested fs/pipe.c:67 [inline] pipe_lock+0x56/0x70 fs/pipe.c:75 iter_file_splice_write+0x264/0xf30 fs/splice.c:699 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452879 RSP: 002b:00007f8390c73be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000113 RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879 RDX: 0000000000000015 RSI: 0000000000000000 RDI: 0000000000000013 RBP: 0000000000000086 R08: 00000000fffffdf8 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f2a88 R13: 00000000ffffffff R14: 00007f8390c746d4 R15: 0000000000000000 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl handle_userfault: 118 callbacks suppressed FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 12654 Comm: syz-executor2 Not tainted 4.14.0+ #190 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 handle_userfault+0x12fa/0x24c0 fs/userfaultfd.c:427 do_anonymous_page mm/memory.c:3121 [inline] handle_pte_fault mm/memory.c:3934 [inline] __handle_mm_fault+0x2e8c/0x3ad0 mm/memory.c:4060 handle_mm_fault+0x334/0x8d0 mm/memory.c:4097 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1429 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1088 RIP: 0010:fault_in_pages_readable include/linux/pagemap.h:601 [inline] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 lib/iov_iter.c:421 RSP: 0018:ffff8801d0ddf928 EFLAGS: 00010246 RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82505391 RDX: 00000000000000fc RSI: ffffc900029e2000 RDI: ffff8801d0ddfd28 RBP: ffff8801d0ddfa08 R08: 0000000000000001 R09: 1ffff1003a1bbedf R10: ffff8801cdae8400 R11: 0000000000000000 R12: 1ffff1003a1bbf28 R13: ffff8801d0ddf9e0 R14: 0000000000000000 R15: ffff8801d0ddfd20 generic_perform_write+0x200/0x600 mm/filemap.c:3129 __generic_file_write_iter+0x366/0x5b0 mm/filemap.c:3264 generic_file_write_iter+0x399/0x7a0 mm/filemap.c:3292 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x68a/0x970 fs/read_write.c:482 vfs_write+0x18f/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452879 RSP: 002b:00007f390a6e1be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879 RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 RBP: 0000000000000067 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006eda48 R13: 00000000ffffffff R14: 00007f390a6e26d4 R15: 0000000000000000 audit: type=1326 audit(1511357123.692:2416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=12719 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511357123.714:2417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=12719 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511357123.714:2418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=12719 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=41 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511357123.714:2419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=12719 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511357123.714:2420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=12719 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=16 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511357123.714:2421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=12719 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511357123.714:2422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=12719 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=41 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511357123.714:2423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=12719 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511357123.714:2424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=12719 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452879 code=0x7ffc0000 Empty option to dns_resolver key netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. Empty option to dns_resolver key netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. QAT: Invalid ioctl QAT: Device 0 not found QAT: Invalid ioctl QAT: Device 0 not found netlink: 3865 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 3865 bytes leftover after parsing attributes in process `syz-executor1'. QAT: Invalid ioctl netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'. QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl netlink: 9 bytes leftover after parsing attributes in process `syz-executor1'. A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check. netlink: 9 bytes leftover after parsing attributes in process `syz-executor1'. A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check. device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'. RDS: rds_bind could not find a transport for 0.0.0.1, load rds_tcp or rds_rdma? RDS: rds_bind could not find a transport for 0.0.0.1, load rds_tcp or rds_rdma? kvm pmu: pin control bit is ignored kvm_pmu: event creation failed -2 device gre0 entered promiscuous mode do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app Started in network mode Own node address <192.834.3784>, network identity 4711 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1 sclass=netlink_xfrm_socket pig=13360 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1 sclass=netlink_xfrm_socket pig=13384 comm=syz-executor0 sg_write: data in/out 1857891000/198 bytes for SCSI command 0x59-- guessing data in; program syz-executor5 not setting count and/or reply_len properly sg_write: data in/out 1857891000/198 bytes for SCSI command 0x59-- guessing data in; program syz-executor5 not setting count and/or reply_len properly device gre0 entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl : renamed from sit0 device  entered promiscuous mode handle_userfault: 205 callbacks suppressed FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 13663 Comm: syz-executor0 Not tainted 4.14.0+ #190 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 handle_userfault+0x12fa/0x24c0 fs/userfaultfd.c:427 do_anonymous_page mm/memory.c:3121 [inline] handle_pte_fault mm/memory.c:3934 [inline] __handle_mm_fault+0x2e8c/0x3ad0 mm/memory.c:4060 handle_mm_fault+0x334/0x8d0 mm/memory.c:4097 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1429 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1088 RIP: 0010:fault_in_pages_readable include/linux/pagemap.h:601 [inline] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 lib/iov_iter.c:421 RSP: 0018:ffff8801d5bb7928 EFLAGS: 00010246 RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82505391 RDX: 00000000000000c0 RSI: ffffc900017be000 RDI: ffff8801d5bb7d28 RBP: ffff8801d5bb7a08 R08: 1ffff10038a31d6a R09: 1ffff1003ab76f1a R10: ffff8801ced90200 R11: ffff8801ced90200 R12: 1ffff1003ab76f28 R13: ffff8801d5bb79e0 R14: 0000000000000000 R15: ffff8801d5bb7d20 generic_perform_write+0x200/0x600 mm/filemap.c:3129 __generic_file_write_iter+0x366/0x5b0 mm/filemap.c:3264 generic_file_write_iter+0x399/0x7a0 mm/filemap.c:3292 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x68a/0x970 fs/read_write.c:482 vfs_write+0x18f/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452879 RSP: 002b:00007fba17068be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879 RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000015 RBP: 0000000000000534 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f4d80 R13: 00000000ffffffff R14: 00007fba170696d4 R15: 0000000000000000 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=770 sclass=netlink_tcpdiag_socket pig=13717 comm=syz-executor0 program syz-executor3 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 program syz-executor3 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=770 sclass=netlink_tcpdiag_socket pig=13717 comm=syz-executor0 device syz0 left promiscuous mode program syz-executor3 is using a deprecated SCSI ioctl, please convert it to SG_IO program syz-executor3 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 device gre0 entered promiscuous mode nla_parse: 37 callbacks suppressed netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor3'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket pig=13901 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=13901 comm=syz-executor0 Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pig=13901 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=13901 comm=syz-executor0 sctp: [Deprecated]: syz-executor7 (pid 13873) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=13915 comm=syz-executor0 sctp: [Deprecated]: syz-executor7 (pid 13873) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket pig=13901 comm=syz-executor0 Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable sctp: [Deprecated]: syz-executor7 (pid 13890) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor7 (pid 13873) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. Started in network mode Own node address <192.1742.1997>, network identity 4711 device eql entered promiscuous mode device gre0 entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 13967 Comm: syz-executor2 Not tainted 4.14.0+ #190 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 handle_userfault+0x12fa/0x24c0 fs/userfaultfd.c:427 do_anonymous_page mm/memory.c:3121 [inline] handle_pte_fault mm/memory.c:3934 [inline] __handle_mm_fault+0x2e8c/0x3ad0 mm/memory.c:4060 handle_mm_fault+0x334/0x8d0 mm/memory.c:4097 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1429 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1088 RIP: 0010:fault_in_pages_readable include/linux/pagemap.h:601 [inline] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 lib/iov_iter.c:421 RSP: 0018:ffff8801d338f928 EFLAGS: 00010246 RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82505391 RDX: 00000000000000fc RSI: ffffc900029e2000 RDI: ffff8801d338fd28 RBP: ffff8801d338fa08 R08: 0000000000000001 R09: 1ffff1003a671edf R10: ffff8801d5a76400 R11: ffff8801d5a76400 R12: 1ffff1003a671f28 R13: ffff8801d338f9e0 R14: 0000000000000000 R15: ffff8801d338fd20 generic_perform_write+0x200/0x600 mm/filemap.c:3129 __generic_file_write_iter+0x366/0x5b0 mm/filemap.c:3264 generic_file_write_iter+0x399/0x7a0 mm/filemap.c:3292 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x68a/0x970 fs/read_write.c:482 vfs_write+0x18f/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452879 RSP: 002b:00007f390a6e1be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879 RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000016 RBP: 000000000000038f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f2608 R13: 00000000ffffffff R14: 00007f390a6e26d4 R15: 0000000000000000 audit: type=1326 audit(1511357130.943:2630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=14152 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0xffff0000 sock: sock_set_timeout: `syz-executor1' (pid 14225) tries to set negative timeout audit: type=1326 audit(1511357131.307:2631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=14235 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0x7ffc0000 netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. audit: type=1326 audit(1511357131.307:2632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=14235 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=190 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511357131.307:2633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=14235 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511357131.307:2634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=14235 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=116 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511357131.307:2635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=14235 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511357131.307:2636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=14235 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511357131.307:2637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=14235 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0x7ffc0000 device syz0 entered promiscuous mode device syz0 left promiscuous mode device syz0 entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl dccp_v6_rcv: dropped packet with invalid checksum pit: kvm: requested 4190 ns i8254 timer period limited to 500000 ns device gre0 entered promiscuous mode QAT: Invalid ioctl device lo left promiscuous mode