R13: 00000000000003fd R14: 00000000004c551d R15: 0000000000000008 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready CPU: 1 PID: 7738 Comm: syz-executor.4 Not tainted 4.14.202-syzkaller #0 BUG: unable to handle kernel NULL pointer dereference Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: at 0000000000000120 __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xf7/0x13b lib/dump_stack.c:58 IP: set_bit arch/x86/include/asm/bitops.h:81 [inline] IP: cpumask_set_cpu include/linux/cpumask.h:283 [inline] IP: blk_mq_map_swqueue+0x23a/0xa90 block/blk-mq.c:2171 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.3+0x105/0x14b lib/fault-inject.c:149 PGD a2b9f067 should_failslab+0xba/0xf0 mm/failslab.c:32 P4D a2b9f067 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3376 [inline] kmem_cache_alloc_trace+0x2ea/0x7a0 mm/slab.c:3616 PUD a198a067 PMD 0 kmalloc include/linux/slab.h:488 [inline] __kthread_create_on_node+0xe9/0x3a0 kernel/kthread.c:277 Oops: 0002 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 7731 Comm: syz-executor.3 Not tainted 4.14.202-syzkaller #0 kthread_create_on_node+0x83/0xa0 kernel/kthread.c:365 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 __alloc_workqueue_key+0x925/0xc80 kernel/workqueue.c:4041 task: ffff888090602080 task.stack: ffff8880a2ae0000 RIP: 0010:set_bit arch/x86/include/asm/bitops.h:81 [inline] RIP: 0010:cpumask_set_cpu include/linux/cpumask.h:283 [inline] RIP: 0010:blk_mq_map_swqueue+0x23a/0xa90 block/blk-mq.c:2171 RSP: 0018:ffff8880a2ae79e0 EFLAGS: 00010293 RAX: ffff8880afd2a388 RBX: 0000000000000007 RCX: ffffe8ffffd31dc0 RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff8880a2ae7a58 R08: 0000000000000001 R09: 0000000000000001 nbd_start_device+0x14d/0xc50 drivers/block/nbd.c:1184 R10: ffff8880afd2a380 R11: ffff8880afd2a440 R12: ffff888238b5d800 R13: fffffbfff116542e R14: ffff8880afed2480 R15: dffffc0000000000 nbd_start_device_ioctl drivers/block/nbd.c:1243 [inline] __nbd_ioctl drivers/block/nbd.c:1325 [inline] nbd_ioctl+0x1ae/0xad0 drivers/block/nbd.c:1365 FS: 00007f2cf64a6700(0000) GS:ffff8880ba800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000120 CR3: 00000000a1b01000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 __blkdev_driver_ioctl block/ioctl.c:297 [inline] blkdev_ioctl+0x7d2/0x1770 block/ioctl.c:594 Call Trace: blk_mq_queue_reinit block/blk-mq.c:2512 [inline] __blk_mq_update_nr_hw_queues block/blk-mq.c:2750 [inline] blk_mq_update_nr_hw_queues+0x219/0x390 block/blk-mq.c:2760 nbd_start_device+0x1b6/0xc50 drivers/block/nbd.c:1192 nbd_start_device_ioctl drivers/block/nbd.c:1243 [inline] __nbd_ioctl drivers/block/nbd.c:1325 [inline] nbd_ioctl+0x1ae/0xad0 drivers/block/nbd.c:1365 block_ioctl+0xd7/0x130 fs/block_dev.c:1893 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x180/0xfb0 fs/ioctl.c:684 __blkdev_driver_ioctl block/ioctl.c:297 [inline] blkdev_ioctl+0x7d2/0x1770 block/ioctl.c:594 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x74/0x80 fs/ioctl.c:692 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292 block_ioctl+0xd7/0x130 fs/block_dev.c:1893 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x180/0xfb0 fs/ioctl.c:684 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x45b3c9 RSP: 002b:00007f6abf799c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f6abf79a6d4 RCX: 000000000045b3c9 RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000005 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x74/0x80 fs/ioctl.c:692 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 R13: 00000000000003fd R14: 00000000004c551d R15: 0000000000000008 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292 block nbd4: Could not allocate knbd recv work queue. entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x45b3c9 RSP: 002b:00007f2cf64a5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f2cf64a66d4 RCX: 000000000045b3c9 RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000005 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 R13: 00000000000003fd R14: 00000000004c551d R15: 0000000000000008 Code: 0f 85 dd 05 block nbd4: shutting down sockets 00 00 8b 00 49 8d 04 c2 48 89 c6 48 c1 ee 03 42 80 3c 3e 00 0f 85 98 05 00 00 41 83 f8 3f 48 8b 30 0f 87 f3 03 00 00 4c 0f ab 8e 20 01 00 00 48 8d be 78 01 00 00 48 89 f8 48 c1 RIP: set_bit arch/x86/include/asm/bitops.h:81 [inline] RSP: ffff8880a2ae79e0 RIP: cpumask_set_cpu include/linux/cpumask.h:283 [inline] RSP: ffff8880a2ae79e0 RIP: blk_mq_map_swqueue+0x23a/0xa90 block/blk-mq.c:2171 RSP: ffff8880a2ae79e0 CR2: 0000000000000120 device veth0_macvtap entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready ---[ end trace 0feca93f89239b9b ]--- IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready