possible deadlock in vcs_write (2)
17 views
Skip to first unread message
syzbot
Nov 14, 2017, 3:06:02 AM11/14/17
to gre...@linuxfoundation.org, jsl...@suse.com, kste...@linuxfoundation.org, linux-...@vger.kernel.org, pombr...@nexb.com, syzkall...@googlegroups.com, tg...@linutronix.de
Hello,
syzkaller hit the following crash on
43ff2f4db9d0f76452b77cfa645f02b471143b24
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.
WARNING: possible circular locking dependency detected
4.14.0+ #176 Not tainted
------------------------------------------------------
syz-executor2/9037 is trying to acquire lock:
(console_lock){+.+.}, at: [<ffffffff828293fd>] vcs_write+0x14d/0xca0
drivers/tty/vt/vc_screen.c:397
but task is already holding lock:
(&pipe->mutex/1){+.+.}, at: [<ffffffff81acbc96>] pipe_lock_nested
fs/pipe.c:67 [inline]
(&pipe->mutex/1){+.+.}, at: [<ffffffff81acbc96>] pipe_lock+0x56/0x70
fs/pipe.c:75
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&pipe->mutex/1){+.+.}:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4007
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
pipe_lock_nested fs/pipe.c:67 [inline]
pipe_lock+0x56/0x70 fs/pipe.c:75
iter_file_splice_write+0x264/0xf30 fs/splice.c:699
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0x96
-> #2 (sb_writers){.+.+}:
__wake_up_common_lock+0x190/0x310 kernel/sched/wait.c:124
-> #1 ((completion)&req.done){+.+.}:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4007
complete_acquire include/linux/completion.h:40 [inline]
__wait_for_common kernel/sched/completion.c:109 [inline]
wait_for_common kernel/sched/completion.c:123 [inline]
wait_for_completion+0xcb/0x7b0 kernel/sched/completion.c:144
devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115
device_add+0x120f/0x1640 drivers/base/core.c:1824
device_create_groups_vargs+0x1f3/0x250 drivers/base/core.c:2430
device_create_vargs drivers/base/core.c:2470 [inline]
device_create+0xda/0x110 drivers/base/core.c:2506
vcs_make_sysfs+0x35/0x60 drivers/tty/vt/vc_screen.c:629
vc_allocate+0x4b7/0x6b0 drivers/tty/vt/vt.c:795
con_install+0x52/0x440 drivers/tty/vt/vt.c:2876
tty_driver_install_tty drivers/tty/tty_io.c:1214 [inline]
tty_init_dev+0xf6/0x4a0 drivers/tty/tty_io.c:1314
tty_open_by_driver drivers/tty/tty_io.c:1941 [inline]
tty_open+0x608/0xab0 drivers/tty/tty_io.c:1989
chrdev_open+0x257/0x730 fs/char_dev.c:417
do_dentry_open+0x682/0xd70 fs/open.c:752
vfs_open+0x107/0x230 fs/open.c:866
do_last fs/namei.c:3388 [inline]
path_openat+0x1157/0x3530 fs/namei.c:3528
do_filp_open+0x25b/0x3b0 fs/namei.c:3563
do_sys_open+0x502/0x6d0 fs/open.c:1059
SYSC_open fs/open.c:1077 [inline]
SyS_open+0x2d/0x40 fs/open.c:1072
entry_SYSCALL_64_fastpath+0x1f/0x96
-> #0 (console_lock){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2032 [inline]
validate_chain kernel/locking/lockdep.c:2474 [inline]
__lock_acquire+0x33ad/0x4840 kernel/locking/lockdep.c:3503
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4007
console_lock+0x4b/0x80 kernel/printk/printk.c:2047
vcs_write+0x14d/0xca0 drivers/tty/vt/vc_screen.c:397
__vfs_write+0xef/0x970 fs/read_write.c:480
__kernel_write+0xfe/0x350 fs/read_write.c:501
write_pipe_buf+0x175/0x220 fs/splice.c:797
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x328/0x730 fs/splice.c:626
splice_from_pipe+0x1e9/0x330 fs/splice.c:661
default_file_splice_write+0x40/0x90 fs/splice.c:809
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0x96
other info that might help us debug this:
Chain exists of:
console_lock --> sb_writers --> &pipe->mutex/1
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&pipe->mutex/1);
lock(sb_writers);
lock(&pipe->mutex/1);
lock(console_lock);
*** DEADLOCK ***
1 lock held by syz-executor2/9037:
#0: (&pipe->mutex/1){+.+.}, at: [<ffffffff81acbc96>] pipe_lock_nested
fs/pipe.c:67 [inline]
#0: (&pipe->mutex/1){+.+.}, at: [<ffffffff81acbc96>] pipe_lock+0x56/0x70
fs/pipe.c:75
stack backtrace:
CPU: 0 PID: 9037 Comm: syz-executor2 Not tainted 4.14.0+ #176
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
print_circular_bug+0x42d/0x610 kernel/locking/lockdep.c:1272
check_prev_add+0x8b1/0x1580 kernel/locking/lockdep.c:1915
check_prevs_add kernel/locking/lockdep.c:2032 [inline]
validate_chain kernel/locking/lockdep.c:2474 [inline]
__lock_acquire+0x33ad/0x4840 kernel/locking/lockdep.c:3503
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4007
console_lock+0x4b/0x80 kernel/printk/printk.c:2047
vcs_write+0x14d/0xca0 drivers/tty/vt/vc_screen.c:397
__vfs_write+0xef/0x970 fs/read_write.c:480
__kernel_write+0xfe/0x350 fs/read_write.c:501
write_pipe_buf+0x175/0x220 fs/splice.c:797
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x328/0x730 fs/splice.c:626
splice_from_pipe+0x1e9/0x330 fs/splice.c:661
default_file_splice_write+0x40/0x90 fs/splice.c:809
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452879
RSP: 002b:00007fec20a33be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879
RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000019
RBP: 0000000000000082 R08: 00000000fffff5fc R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f6ef0
R13: 00000000ffffffff R14: 00007fec20a346d4 R15: 0000000000000000
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
device gre0 entered promiscuous mode
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
CPU: 1 PID: 11211 Comm: syz-executor3 Not tainted 4.14.0+ #176
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:423 [inline]
slab_alloc_node mm/slab.c:3305 [inline]
kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3650
__alloc_skb+0xf1/0x740 net/core/skbuff.c:194
alloc_skb include/linux/skbuff.h:976 [inline]
pfkey_sendmsg+0x20f/0x9f0 net/key/af_key.c:3635
sock_sendmsg_nosec net/socket.c:633 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:643
___sys_sendmsg+0x75b/0x8a0 net/socket.c:2049
__sys_sendmsg+0xe5/0x210 net/socket.c:2083
SYSC_sendmsg net/socket.c:2094 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2090
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452879
RSP: 002b:00007f55b2837be8 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879
RDX: 0000000000000000 RSI: 0000000020dfafc8 RDI: 0000000000000014
RBP: 00007f55b2837a20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b757e
R13: 00007f55b2837b58 R14: 00000000004b758e R15: 0000000000000000
device gre0 entered promiscuous mode
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 1
CPU: 0 PID: 11217 Comm: syz-executor1 Not tainted 4.14.0+ #176
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_fail_alloc_page mm/page_alloc.c:2897 [inline]
prepare_alloc_pages mm/page_alloc.c:4152 [inline]
__alloc_pages_nodemask+0x338/0xd80 mm/page_alloc.c:4191
alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2038
alloc_pages include/linux/gfp.h:506 [inline]
skb_page_frag_refill+0x358/0x5f0 net/core/sock.c:2203
tun_build_skb.isra.42+0x2e8/0x1710 drivers/net/tun.c:1290
tun_get_user+0x1e0f/0x21d0 drivers/net/tun.c:1456
tun_chr_write_iter+0xde/0x190 drivers/net/tun.c:1582
call_write_iter include/linux/fs.h:1771 [inline]
do_iter_readv_writev+0x531/0x7f0 fs/read_write.c:674
do_iter_write+0x15a/0x540 fs/read_write.c:953
vfs_writev+0x18a/0x340 fs/read_write.c:998
do_writev+0xfc/0x2a0 fs/read_write.c:1033
SYSC_writev fs/read_write.c:1106 [inline]
SyS_writev+0x27/0x30 fs/read_write.c:1103
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452751
RSP: 002b:00007fea43d85b10 EFLAGS: 00000293 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 000000000000004e RCX: 0000000000452751
RDX: 0000000000000001 RSI: 00007fea43d85b60 RDI: 0000000000000012
RBP: 00007fea43d85a20 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000004e R11: 0000000000000293 R12: 00000000004b757e
R13: 00007fea43d85b58 R14: 00000000004b758e R15: 0000000000000000
device gre0 entered promiscuous mode
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 11220 Comm: syz-executor3 Not tainted 4.14.0+ #176
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:423 [inline]
slab_alloc_node mm/slab.c:3305 [inline]
kmem_cache_alloc_node_trace+0x5a/0x760 mm/slab.c:3669
__do_kmalloc_node mm/slab.c:3689 [inline]
__kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3704
__kmalloc_reserve.isra.41+0x41/0xd0 net/core/skbuff.c:138
__alloc_skb+0x13b/0x740 net/core/skbuff.c:206
alloc_skb include/linux/skbuff.h:976 [inline]
pfkey_sendmsg+0x20f/0x9f0 net/key/af_key.c:3635
sock_sendmsg_nosec net/socket.c:633 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:643
___sys_sendmsg+0x75b/0x8a0 net/socket.c:2049
__sys_sendmsg+0xe5/0x210 net/socket.c:2083
SYSC_sendmsg net/socket.c:2094 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2090
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452879
RSP: 002b:00007f55b2837be8 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879
RDX: 0000000000000000 RSI: 0000000020dfafc8 RDI: 0000000000000014
RBP: 00007f55b2837a20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b757e
R13: 00007f55b2837b58 R14: 00000000004b758e R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 11222 Comm: syz-executor1 Not tainted 4.14.0+ #176
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:423 [inline]
slab_alloc mm/slab.c:3384 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3560
__build_skb+0x9d/0x450 net/core/skbuff.c:284
build_skb+0x6f/0x260 net/core/skbuff.c:316
tun_build_skb.isra.42+0x96e/0x1710 drivers/net/tun.c:1347
tun_get_user+0x1e0f/0x21d0 drivers/net/tun.c:1456
tun_chr_write_iter+0xde/0x190 drivers/net/tun.c:1582
call_write_iter include/linux/fs.h:1771 [inline]
do_iter_readv_writev+0x531/0x7f0 fs/read_write.c:674
do_iter_write+0x15a/0x540 fs/read_write.c:953
vfs_writev+0x18a/0x340 fs/read_write.c:998
do_writev+0xfc/0x2a0 fs/read_write.c:1033
SYSC_writev fs/read_write.c:1106 [inline]
SyS_writev+0x27/0x30 fs/read_write.c:1103
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452751
RSP: 002b:00007fea43d85b10 EFLAGS: 00000293 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 000000000000004e RCX: 0000000000452751
RDX: 0000000000000001 RSI: 00007fea43d85b60 RDI: 0000000000000012
RBP: 00007fea43d85a20 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000004e R11: 0000000000000293 R12: 00000000004b757e
R13: 00007fea43d85b58 R14: 00000000004b758e R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 11210 Comm: syz-executor2 Not tainted 4.14.0+ #176
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:423 [inline]
slab_alloc_node mm/slab.c:3305 [inline]
kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3650
__alloc_skb+0xf1/0x740 net/core/skbuff.c:194
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is committed, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
syzkaller hit the following crash on
43ff2f4db9d0f76452b77cfa645f02b471143b24
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.
WARNING: possible circular locking dependency detected
4.14.0+ #176 Not tainted
------------------------------------------------------
syz-executor2/9037 is trying to acquire lock:
(console_lock){+.+.}, at: [<ffffffff828293fd>] vcs_write+0x14d/0xca0
drivers/tty/vt/vc_screen.c:397
but task is already holding lock:
(&pipe->mutex/1){+.+.}, at: [<ffffffff81acbc96>] pipe_lock_nested
fs/pipe.c:67 [inline]
(&pipe->mutex/1){+.+.}, at: [<ffffffff81acbc96>] pipe_lock+0x56/0x70
fs/pipe.c:75
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&pipe->mutex/1){+.+.}:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4007
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
pipe_lock_nested fs/pipe.c:67 [inline]
pipe_lock+0x56/0x70 fs/pipe.c:75
iter_file_splice_write+0x264/0xf30 fs/splice.c:699
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0x96
-> #2 (sb_writers){.+.+}:
__wake_up_common_lock+0x190/0x310 kernel/sched/wait.c:124
-> #1 ((completion)&req.done){+.+.}:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4007
complete_acquire include/linux/completion.h:40 [inline]
__wait_for_common kernel/sched/completion.c:109 [inline]
wait_for_common kernel/sched/completion.c:123 [inline]
wait_for_completion+0xcb/0x7b0 kernel/sched/completion.c:144
devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115
device_add+0x120f/0x1640 drivers/base/core.c:1824
device_create_groups_vargs+0x1f3/0x250 drivers/base/core.c:2430
device_create_vargs drivers/base/core.c:2470 [inline]
device_create+0xda/0x110 drivers/base/core.c:2506
vcs_make_sysfs+0x35/0x60 drivers/tty/vt/vc_screen.c:629
vc_allocate+0x4b7/0x6b0 drivers/tty/vt/vt.c:795
con_install+0x52/0x440 drivers/tty/vt/vt.c:2876
tty_driver_install_tty drivers/tty/tty_io.c:1214 [inline]
tty_init_dev+0xf6/0x4a0 drivers/tty/tty_io.c:1314
tty_open_by_driver drivers/tty/tty_io.c:1941 [inline]
tty_open+0x608/0xab0 drivers/tty/tty_io.c:1989
chrdev_open+0x257/0x730 fs/char_dev.c:417
do_dentry_open+0x682/0xd70 fs/open.c:752
vfs_open+0x107/0x230 fs/open.c:866
do_last fs/namei.c:3388 [inline]
path_openat+0x1157/0x3530 fs/namei.c:3528
do_filp_open+0x25b/0x3b0 fs/namei.c:3563
do_sys_open+0x502/0x6d0 fs/open.c:1059
SYSC_open fs/open.c:1077 [inline]
SyS_open+0x2d/0x40 fs/open.c:1072
entry_SYSCALL_64_fastpath+0x1f/0x96
-> #0 (console_lock){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2032 [inline]
validate_chain kernel/locking/lockdep.c:2474 [inline]
__lock_acquire+0x33ad/0x4840 kernel/locking/lockdep.c:3503
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4007
console_lock+0x4b/0x80 kernel/printk/printk.c:2047
vcs_write+0x14d/0xca0 drivers/tty/vt/vc_screen.c:397
__vfs_write+0xef/0x970 fs/read_write.c:480
__kernel_write+0xfe/0x350 fs/read_write.c:501
write_pipe_buf+0x175/0x220 fs/splice.c:797
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x328/0x730 fs/splice.c:626
splice_from_pipe+0x1e9/0x330 fs/splice.c:661
default_file_splice_write+0x40/0x90 fs/splice.c:809
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0x96
other info that might help us debug this:
Chain exists of:
console_lock --> sb_writers --> &pipe->mutex/1
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&pipe->mutex/1);
lock(sb_writers);
lock(&pipe->mutex/1);
lock(console_lock);
*** DEADLOCK ***
1 lock held by syz-executor2/9037:
#0: (&pipe->mutex/1){+.+.}, at: [<ffffffff81acbc96>] pipe_lock_nested
fs/pipe.c:67 [inline]
#0: (&pipe->mutex/1){+.+.}, at: [<ffffffff81acbc96>] pipe_lock+0x56/0x70
fs/pipe.c:75
stack backtrace:
CPU: 0 PID: 9037 Comm: syz-executor2 Not tainted 4.14.0+ #176
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
print_circular_bug+0x42d/0x610 kernel/locking/lockdep.c:1272
check_prev_add+0x8b1/0x1580 kernel/locking/lockdep.c:1915
check_prevs_add kernel/locking/lockdep.c:2032 [inline]
validate_chain kernel/locking/lockdep.c:2474 [inline]
__lock_acquire+0x33ad/0x4840 kernel/locking/lockdep.c:3503
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4007
console_lock+0x4b/0x80 kernel/printk/printk.c:2047
vcs_write+0x14d/0xca0 drivers/tty/vt/vc_screen.c:397
__vfs_write+0xef/0x970 fs/read_write.c:480
__kernel_write+0xfe/0x350 fs/read_write.c:501
write_pipe_buf+0x175/0x220 fs/splice.c:797
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x328/0x730 fs/splice.c:626
splice_from_pipe+0x1e9/0x330 fs/splice.c:661
default_file_splice_write+0x40/0x90 fs/splice.c:809
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452879
RSP: 002b:00007fec20a33be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879
RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000019
RBP: 0000000000000082 R08: 00000000fffff5fc R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f6ef0
R13: 00000000ffffffff R14: 00007fec20a346d4 R15: 0000000000000000
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
device gre0 entered promiscuous mode
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
CPU: 1 PID: 11211 Comm: syz-executor3 Not tainted 4.14.0+ #176
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:423 [inline]
slab_alloc_node mm/slab.c:3305 [inline]
kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3650
__alloc_skb+0xf1/0x740 net/core/skbuff.c:194
alloc_skb include/linux/skbuff.h:976 [inline]
pfkey_sendmsg+0x20f/0x9f0 net/key/af_key.c:3635
sock_sendmsg_nosec net/socket.c:633 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:643
___sys_sendmsg+0x75b/0x8a0 net/socket.c:2049
__sys_sendmsg+0xe5/0x210 net/socket.c:2083
SYSC_sendmsg net/socket.c:2094 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2090
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452879
RSP: 002b:00007f55b2837be8 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879
RDX: 0000000000000000 RSI: 0000000020dfafc8 RDI: 0000000000000014
RBP: 00007f55b2837a20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b757e
R13: 00007f55b2837b58 R14: 00000000004b758e R15: 0000000000000000
device gre0 entered promiscuous mode
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 1
CPU: 0 PID: 11217 Comm: syz-executor1 Not tainted 4.14.0+ #176
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_fail_alloc_page mm/page_alloc.c:2897 [inline]
prepare_alloc_pages mm/page_alloc.c:4152 [inline]
__alloc_pages_nodemask+0x338/0xd80 mm/page_alloc.c:4191
alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2038
alloc_pages include/linux/gfp.h:506 [inline]
skb_page_frag_refill+0x358/0x5f0 net/core/sock.c:2203
tun_build_skb.isra.42+0x2e8/0x1710 drivers/net/tun.c:1290
tun_get_user+0x1e0f/0x21d0 drivers/net/tun.c:1456
tun_chr_write_iter+0xde/0x190 drivers/net/tun.c:1582
call_write_iter include/linux/fs.h:1771 [inline]
do_iter_readv_writev+0x531/0x7f0 fs/read_write.c:674
do_iter_write+0x15a/0x540 fs/read_write.c:953
vfs_writev+0x18a/0x340 fs/read_write.c:998
do_writev+0xfc/0x2a0 fs/read_write.c:1033
SYSC_writev fs/read_write.c:1106 [inline]
SyS_writev+0x27/0x30 fs/read_write.c:1103
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452751
RSP: 002b:00007fea43d85b10 EFLAGS: 00000293 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 000000000000004e RCX: 0000000000452751
RDX: 0000000000000001 RSI: 00007fea43d85b60 RDI: 0000000000000012
RBP: 00007fea43d85a20 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000004e R11: 0000000000000293 R12: 00000000004b757e
R13: 00007fea43d85b58 R14: 00000000004b758e R15: 0000000000000000
device gre0 entered promiscuous mode
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 11220 Comm: syz-executor3 Not tainted 4.14.0+ #176
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:423 [inline]
slab_alloc_node mm/slab.c:3305 [inline]
kmem_cache_alloc_node_trace+0x5a/0x760 mm/slab.c:3669
__do_kmalloc_node mm/slab.c:3689 [inline]
__kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3704
__kmalloc_reserve.isra.41+0x41/0xd0 net/core/skbuff.c:138
__alloc_skb+0x13b/0x740 net/core/skbuff.c:206
alloc_skb include/linux/skbuff.h:976 [inline]
pfkey_sendmsg+0x20f/0x9f0 net/key/af_key.c:3635
sock_sendmsg_nosec net/socket.c:633 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:643
___sys_sendmsg+0x75b/0x8a0 net/socket.c:2049
__sys_sendmsg+0xe5/0x210 net/socket.c:2083
SYSC_sendmsg net/socket.c:2094 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2090
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452879
RSP: 002b:00007f55b2837be8 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879
RDX: 0000000000000000 RSI: 0000000020dfafc8 RDI: 0000000000000014
RBP: 00007f55b2837a20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b757e
R13: 00007f55b2837b58 R14: 00000000004b758e R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 11222 Comm: syz-executor1 Not tainted 4.14.0+ #176
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:423 [inline]
slab_alloc mm/slab.c:3384 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3560
__build_skb+0x9d/0x450 net/core/skbuff.c:284
build_skb+0x6f/0x260 net/core/skbuff.c:316
tun_build_skb.isra.42+0x96e/0x1710 drivers/net/tun.c:1347
tun_get_user+0x1e0f/0x21d0 drivers/net/tun.c:1456
tun_chr_write_iter+0xde/0x190 drivers/net/tun.c:1582
call_write_iter include/linux/fs.h:1771 [inline]
do_iter_readv_writev+0x531/0x7f0 fs/read_write.c:674
do_iter_write+0x15a/0x540 fs/read_write.c:953
vfs_writev+0x18a/0x340 fs/read_write.c:998
do_writev+0xfc/0x2a0 fs/read_write.c:1033
SYSC_writev fs/read_write.c:1106 [inline]
SyS_writev+0x27/0x30 fs/read_write.c:1103
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452751
RSP: 002b:00007fea43d85b10 EFLAGS: 00000293 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 000000000000004e RCX: 0000000000452751
RDX: 0000000000000001 RSI: 00007fea43d85b60 RDI: 0000000000000012
RBP: 00007fea43d85a20 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000004e R11: 0000000000000293 R12: 00000000004b757e
R13: 00007fea43d85b58 R14: 00000000004b758e R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 11210 Comm: syz-executor2 Not tainted 4.14.0+ #176
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:423 [inline]
slab_alloc_node mm/slab.c:3305 [inline]
kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3650
__alloc_skb+0xf1/0x740 net/core/skbuff.c:194
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is committed, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
syzbot
Feb 22, 2019, 5:22:16 AM2/22/19
to syzkall...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages