possible deadlock in ldsem_down_read
40 views
Skip to first unread message
syzbot
Nov 2, 2017, 2:00:44āÆPM11/2/17
to gre...@linuxfoundation.org, jsl...@suse.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzkaller hit the following crash on
6f20b7a58cb9c0fe00badcdfd65b1f4a8f28dfc6
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
device entered promiscuous mode
device left promiscuous mode
======================================================
WARNING: possible circular locking dependency detected
4.13.0-next-20170913+ #21 Not tainted
------------------------------------------------------
syz-executor7/16453 is trying to acquire lock:
(&tty->ldisc_sem){++++}, at: [<ffffffff84d42577>]
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:367
but task is already holding lock:
(&pipe->mutex/1){+.+.}, at: [<ffffffff81ac1086>] pipe_lock_nested
fs/pipe.c:66 [inline]
(&pipe->mutex/1){+.+.}, at: [<ffffffff81ac1086>] pipe_lock+0x56/0x70
fs/pipe.c:74
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #5 (&pipe->mutex/1){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
pipe_lock_nested fs/pipe.c:66 [inline]
pipe_lock+0x56/0x70 fs/pipe.c:74
iter_file_splice_write+0x264/0xf50 fs/splice.c:699
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0xbe
-> #4 (sb_writers){.+.+}:
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35
[inline]
percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
__sb_start_write+0x18f/0x290 fs/super.c:1341
sb_start_write include/linux/fs.h:1541 [inline]
mnt_want_write+0x3f/0xb0 fs/namespace.c:387
filename_create+0x12b/0x520 fs/namei.c:3628
kern_path_create+0x33/0x40 fs/namei.c:3674
handle_create+0xc0/0x760 drivers/base/devtmpfs.c:203
-> #3 ((complete)&req.done){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
complete_acquire include/linux/completion.h:39 [inline]
__wait_for_common kernel/sched/completion.c:108 [inline]
wait_for_common kernel/sched/completion.c:122 [inline]
wait_for_completion+0xc8/0x770 kernel/sched/completion.c:143
devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115
device_add+0x120f/0x1640 drivers/base/core.c:1824
device_register+0x1d/0x20 drivers/base/core.c:1905
tty_register_device_attr+0x422/0x740 drivers/tty/tty_io.c:2955
tty_port_register_device_attr_serdev+0x100/0x140
drivers/tty/tty_port.c:165
uart_add_one_port+0xa7a/0x15b0 drivers/tty/serial/serial_core.c:2797
serial8250_register_8250_port+0xfac/0x1990
drivers/tty/serial/8250/8250_core.c:1052
serial_pnp_probe+0x5e7/0xac0 drivers/tty/serial/8250/8250_pnp.c:483
pnp_device_probe+0x15f/0x250 drivers/pnp/driver.c:108
really_probe drivers/base/dd.c:413 [inline]
driver_probe_device+0x63c/0xa20 drivers/base/dd.c:557
__driver_attach+0x181/0x1c0 drivers/base/dd.c:791
bus_for_each_dev+0x154/0x1e0 drivers/base/bus.c:313
driver_attach+0x3d/0x50 drivers/base/dd.c:810
bus_add_driver+0x466/0x620 drivers/base/bus.c:669
driver_register+0x1bf/0x3c0 drivers/base/driver.c:168
pnp_register_driver+0x75/0xa0 drivers/pnp/driver.c:271
serial8250_pnp_init+0x15/0x20 drivers/tty/serial/8250/8250_pnp.c:540
serial8250_init+0x8f/0x270 drivers/tty/serial/8250/8250_core.c:1129
do_one_initcall+0x9e/0x330 init/main.c:826
do_initcall_level init/main.c:892 [inline]
do_initcalls init/main.c:900 [inline]
do_basic_setup init/main.c:918 [inline]
kernel_init_freeable+0x469/0x521 init/main.c:1066
kernel_init+0x13/0x172 init/main.c:993
ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
-> #2 (&port->mutex){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
uart_set_termios+0x8f/0x5b0 drivers/tty/serial/serial_core.c:1429
tty_set_termios+0x6d4/0xa40 drivers/tty/tty_ioctl.c:333
set_termios+0x377/0x6b0 drivers/tty/tty_ioctl.c:413
tty_mode_ioctl+0x9fb/0xb10 drivers/tty/tty_ioctl.c:748
n_tty_ioctl_helper+0x40/0x360 drivers/tty/tty_ioctl.c:939
n_tty_ioctl+0x148/0x2d0 drivers/tty/n_tty.c:2437
tty_ioctl+0x32e/0x15f0 drivers/tty/tty_io.c:2637
vfs_ioctl fs/ioctl.c:45 [inline]
do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685
SYSC_ioctl fs/ioctl.c:700 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
entry_SYSCALL_64_fastpath+0x1f/0xbe
-> #1 (&tty->termios_rwsem){++++}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
down_read+0x96/0x150 kernel/locking/rwsem.c:23
n_tty_write+0x249/0xed0 drivers/tty/n_tty.c:2287
do_tty_write drivers/tty/tty_io.c:948 [inline]
tty_write+0x427/0x860 drivers/tty/tty_io.c:1032
redirected_tty_write+0xa1/0xb0 drivers/tty/tty_io.c:1053
__vfs_write+0xef/0x970 fs/read_write.c:479
vfs_write+0x18f/0x510 fs/read_write.c:543
SYSC_write fs/read_write.c:588 [inline]
SyS_write+0xef/0x220 fs/read_write.c:580
entry_SYSCALL_64_fastpath+0x1f/0xbe
-> #0 (&tty->ldisc_sem){++++}:
check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__ldsem_down_read_nested+0xd1/0xab0 drivers/tty/tty_ldsem.c:327
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:367
tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:276
tty_read+0xf8/0x250 drivers/tty/tty_io.c:851
do_loop_readv_writev fs/read_write.c:693 [inline]
do_iter_read+0x3db/0x5b0 fs/read_write.c:917
vfs_readv+0x121/0x1c0 fs/read_write.c:979
kernel_readv fs/splice.c:361 [inline]
default_file_splice_read+0x508/0xae0 fs/splice.c:416
do_splice_to+0x110/0x170 fs/splice.c:880
do_splice fs/splice.c:1173 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x11a8/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0xbe
other info that might help us debug this:
Chain exists of:
&tty->ldisc_sem --> sb_writers --> &pipe->mutex/1
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&pipe->mutex/1);
lock(sb_writers);
lock(&pipe->mutex/1);
lock(&tty->ldisc_sem);
*** DEADLOCK ***
1 lock held by syz-executor7/16453:
#0: (&pipe->mutex/1){+.+.}, at: [<ffffffff81ac1086>] pipe_lock_nested
fs/pipe.c:66 [inline]
#0: (&pipe->mutex/1){+.+.}, at: [<ffffffff81ac1086>] pipe_lock+0x56/0x70
fs/pipe.c:74
stack backtrace:
CPU: 0 PID: 16453 Comm: syz-executor7 Not tainted 4.13.0-next-20170913+ #21
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
print_circular_bug+0x503/0x710 kernel/locking/lockdep.c:1259
check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__ldsem_down_read_nested+0xd1/0xab0 drivers/tty/tty_ldsem.c:327
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:367
tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:276
tty_read+0xf8/0x250 drivers/tty/tty_io.c:851
do_loop_readv_writev fs/read_write.c:693 [inline]
do_iter_read+0x3db/0x5b0 fs/read_write.c:917
vfs_readv+0x121/0x1c0 fs/read_write.c:979
kernel_readv fs/splice.c:361 [inline]
default_file_splice_read+0x508/0xae0 fs/splice.c:416
do_splice_to+0x110/0x170 fs/splice.c:880
do_splice fs/splice.c:1173 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x11a8/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x451e59
RSP: 002b:00007f6413d41c08 EFLAGS: 00000216 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451e59
RDX: 0000000000000016 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 0000000000000082 R08: 0000000000000200 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000216 R12: 0000000000000000
R13: 0000000000a6f7ef R14: 00007f6413d429c0 R15: 0000000000000000
netlink: 2 bytes leftover after parsing attributes in process
`syz-executor5'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
netlink: 2 bytes leftover after parsing attributes in process
`syz-executor5'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
netlink: 13 bytes leftover after parsing attributes in process
`syz-executor4'.
netlink: 13 bytes leftover after parsing attributes in process
`syz-executor4'.
*** Guest State ***
CR0: actual=0x0000000080000031, shadow=0x0000000060000011,
gh_mask=fffffffffffffff7
CR4: actual=0x0000000000002050, shadow=0x0000000000000020,
gh_mask=ffffffffffffe871
CR3 = 0x00000000fffbc000
RSP = 0x0000000000000000 RIP = 0x000000000000fff0
RFLAGS=0x00000100 DR7 = 0x0000000000000400
Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
CS: sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
DS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
SS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
ES: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
FS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
GS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
GDTR: limit=0x000007ff, base=0x0000000000001000
LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
IDTR: limit=0x000001ff, base=0x0000000000003800
TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
EFER = 0x0000000000000001 PAT = 0x0007040600070406
DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000
Interruptibility = 00000000 ActivityState = 00000000
*** Host State ***
RIP = 0xffffffff811b8bff RSP = 0xffff8801ccf974c8
CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
FSBase=00007f67cf6e3700 GSBase=ffff8801db300000 TRBase=ffff8801db223100
GDTBase=ffffffffff577000 IDTBase=ffffffffff57b000
CR0=0000000080050033 CR3=00000001d9a5d000 CR4=00000000001426e0
Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84d460b0
EFER = 0x0000000000000d01 PAT = 0x0000000000000000
*** Control State ***
PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=0000004b
EntryControls=0000d1ff ExitControls=0023efff
ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
VMEntry: intr_info=80000603 errcode=00000000 ilen=00000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
reason=80000021 qualification=0000000000000000
IDTVectoring: info=00000000 errcode=00000000
TSC Offset = 0xffffffb67be57e80
TPR Threshold = 0x00
EPT pointer = 0x00000001cbc7501e
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=40148
sclass=netlink_route_socket pig=16967 comm=syz-executor1
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=40148
sclass=netlink_route_socket pig=16968 comm=syz-executor1
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
CPU: 0 PID: 16985 Comm: syz-executor7 Not tainted 4.13.0-next-20170913+ #21
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3383 [inline]
__do_kmalloc mm/slab.c:3723 [inline]
__kmalloc_track_caller+0x5f/0x760 mm/slab.c:3740
memdup_user+0x2c/0x90 mm/util.c:164
map_update_elem kernel/bpf/syscall.c:541 [inline]
SYSC_bpf kernel/bpf/syscall.c:1476 [inline]
SyS_bpf+0x1db6/0x46a0 kernel/bpf/syscall.c:1451
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x451e59
RSP: 002b:00007f6413d41c08 EFLAGS: 00000216 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451e59
RDX: 0000000000000020 RSI: 00000000202cc000 RDI: 0000000000000002
RBP: 00007f6413d41a10 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004b69f7
R13: 00007f6413d41b48 R14: 00000000004b6a07 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 17010 Comm: syz-executor7 Not tainted 4.13.0-next-20170913+ #21
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3383 [inline]
__do_kmalloc mm/slab.c:3723 [inline]
__kmalloc+0x63/0x760 mm/slab.c:3734
kmalloc include/linux/slab.h:498 [inline]
map_update_elem kernel/bpf/syscall.c:555 [inline]
SYSC_bpf kernel/bpf/syscall.c:1476 [inline]
SyS_bpf+0x1eb4/0x46a0 kernel/bpf/syscall.c:1451
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x451e59
RSP: 002b:00007f6413d41c08 EFLAGS: 00000216 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451e59
RDX: 0000000000000020 RSI: 00000000202cc000 RDI: 0000000000000002
RBP: 00007f6413d41a10 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004b69f7
R13: 00007f6413d41b48 R14: 00000000004b6a07 R15: 0000000000000000
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
device syz2 entered promiscuous mode
device syz2 left promiscuous mode
device syz2 entered promiscuous mode
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 17367 Comm: syz-executor4 Not tainted 4.13.0-next-20170913+ #21
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc_node mm/slab.c:3304 [inline]
kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3649
alloc_task_struct_node kernel/fork.c:156 [inline]
dup_task_struct kernel/fork.c:517 [inline]
copy_process.part.36+0x1a6a/0x4af0 kernel/fork.c:1573
copy_process kernel/fork.c:1548 [inline]
_do_fork+0x1ef/0xfe0 kernel/fork.c:2027
SYSC_clone kernel/fork.c:2137 [inline]
SyS_clone+0x37/0x50 kernel/fork.c:2131
do_syscall_64+0x26c/0x8c0 arch/x86/entry/common.c:287
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x451e59
RSP: 002b:00007ff5e3ee7c08 EFLAGS: 00000216 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451e59
RDX: 0000000020f66000 RSI: 0000000020f66f21 RDI: 4747e630a668ed7d
RBP: 0000000000000450 R08: 00000000202dff77 R09: 0000000000000000
R10: 0000000020f66ffc R11: 0000000000000216 R12: 00000000004b721f
R13: 0000000000000005 R14: 4747e630a668ed7d R15: 0000000020f66f21
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 17512 Comm: syz-executor2 Not tainted 4.13.0-next-20170913+ #21
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc_node mm/slab.c:3304 [inline]
kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3649
alloc_task_struct_node kernel/fork.c:156 [inline]
dup_task_struct kernel/fork.c:517 [inline]
copy_process.part.36+0x1a6a/0x4af0 kernel/fork.c:1573
copy_process kernel/fork.c:1548 [inline]
_do_fork+0x1ef/0xfe0 kernel/fork.c:2027
SYSC_clone kernel/fork.c:2137 [inline]
SyS_clone+0x37/0x50 kernel/fork.c:2131
do_syscall_64+0x26c/0x8c0 arch/x86/entry/common.c:287
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x451e59
RSP: 002b:00007fa469e3bc08 EFLAGS: 00000216 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451e59
RDX: 0000000020f66000 RSI: 0000000020f66f21 RDI: 4747e630a668ed7d
RBP: 0000000000000450 R08: 00000000202dff77 R09: 0000000000000000
R10: 0000000020f66ffc R11: 0000000000000216 R12: 00000000004b721f
R13: 0000000000000005 R14: 4747e630a668ed7d R15: 0000000020f66f21
irq bypass consumer (token ffff8801d54ae240) registration fails: -16
irq bypass consumer (token ffff8801c02c8300) registration fails: -16
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 18329 Comm: syz-executor6 Not tainted 4.13.0-next-20170913+ #21
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc_node mm/slab.c:3304 [inline]
kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3649
alloc_task_struct_node kernel/fork.c:156 [inline]
dup_task_struct kernel/fork.c:517 [inline]
copy_process.part.36+0x1a6a/0x4af0 kernel/fork.c:1573
copy_process kernel/fork.c:1548 [inline]
_do_fork+0x1ef/0xfe0 kernel/fork.c:2027
SYSC_clone kernel/fork.c:2137 [inline]
SyS_clone+0x37/0x50 kernel/fork.c:2131
do_syscall_64+0x26c/0x8c0 arch/x86/entry/common.c:287
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x451e59
RSP: 002b:00007f6a6eb4bc08 EFLAGS: 00000216 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451e59
RDX: 0000000020f66000 RSI: 0000000020f66f21 RDI: 4747e630a668ed7d
RBP: 0000000000000450 R08: 00000000202dff77 R09: 0000000000000000
R10: 0000000020f66ffc R11: 0000000000000216 R12: 00000000004b721f
R13: 0000000000000005 R14: 4747e630a668ed7d R15: 0000000020f66f21
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is committed, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line.
syzkaller hit the following crash on
6f20b7a58cb9c0fe00badcdfd65b1f4a8f28dfc6
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
device entered promiscuous mode
device left promiscuous mode
======================================================
WARNING: possible circular locking dependency detected
4.13.0-next-20170913+ #21 Not tainted
------------------------------------------------------
syz-executor7/16453 is trying to acquire lock:
(&tty->ldisc_sem){++++}, at: [<ffffffff84d42577>]
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:367
but task is already holding lock:
(&pipe->mutex/1){+.+.}, at: [<ffffffff81ac1086>] pipe_lock_nested
fs/pipe.c:66 [inline]
(&pipe->mutex/1){+.+.}, at: [<ffffffff81ac1086>] pipe_lock+0x56/0x70
fs/pipe.c:74
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #5 (&pipe->mutex/1){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
pipe_lock_nested fs/pipe.c:66 [inline]
pipe_lock+0x56/0x70 fs/pipe.c:74
iter_file_splice_write+0x264/0xf50 fs/splice.c:699
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0xbe
-> #4 (sb_writers){.+.+}:
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35
[inline]
percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
__sb_start_write+0x18f/0x290 fs/super.c:1341
sb_start_write include/linux/fs.h:1541 [inline]
mnt_want_write+0x3f/0xb0 fs/namespace.c:387
filename_create+0x12b/0x520 fs/namei.c:3628
kern_path_create+0x33/0x40 fs/namei.c:3674
handle_create+0xc0/0x760 drivers/base/devtmpfs.c:203
-> #3 ((complete)&req.done){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
complete_acquire include/linux/completion.h:39 [inline]
__wait_for_common kernel/sched/completion.c:108 [inline]
wait_for_common kernel/sched/completion.c:122 [inline]
wait_for_completion+0xc8/0x770 kernel/sched/completion.c:143
devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115
device_add+0x120f/0x1640 drivers/base/core.c:1824
device_register+0x1d/0x20 drivers/base/core.c:1905
tty_register_device_attr+0x422/0x740 drivers/tty/tty_io.c:2955
tty_port_register_device_attr_serdev+0x100/0x140
drivers/tty/tty_port.c:165
uart_add_one_port+0xa7a/0x15b0 drivers/tty/serial/serial_core.c:2797
serial8250_register_8250_port+0xfac/0x1990
drivers/tty/serial/8250/8250_core.c:1052
serial_pnp_probe+0x5e7/0xac0 drivers/tty/serial/8250/8250_pnp.c:483
pnp_device_probe+0x15f/0x250 drivers/pnp/driver.c:108
really_probe drivers/base/dd.c:413 [inline]
driver_probe_device+0x63c/0xa20 drivers/base/dd.c:557
__driver_attach+0x181/0x1c0 drivers/base/dd.c:791
bus_for_each_dev+0x154/0x1e0 drivers/base/bus.c:313
driver_attach+0x3d/0x50 drivers/base/dd.c:810
bus_add_driver+0x466/0x620 drivers/base/bus.c:669
driver_register+0x1bf/0x3c0 drivers/base/driver.c:168
pnp_register_driver+0x75/0xa0 drivers/pnp/driver.c:271
serial8250_pnp_init+0x15/0x20 drivers/tty/serial/8250/8250_pnp.c:540
serial8250_init+0x8f/0x270 drivers/tty/serial/8250/8250_core.c:1129
do_one_initcall+0x9e/0x330 init/main.c:826
do_initcall_level init/main.c:892 [inline]
do_initcalls init/main.c:900 [inline]
do_basic_setup init/main.c:918 [inline]
kernel_init_freeable+0x469/0x521 init/main.c:1066
kernel_init+0x13/0x172 init/main.c:993
ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
-> #2 (&port->mutex){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
uart_set_termios+0x8f/0x5b0 drivers/tty/serial/serial_core.c:1429
tty_set_termios+0x6d4/0xa40 drivers/tty/tty_ioctl.c:333
set_termios+0x377/0x6b0 drivers/tty/tty_ioctl.c:413
tty_mode_ioctl+0x9fb/0xb10 drivers/tty/tty_ioctl.c:748
n_tty_ioctl_helper+0x40/0x360 drivers/tty/tty_ioctl.c:939
n_tty_ioctl+0x148/0x2d0 drivers/tty/n_tty.c:2437
tty_ioctl+0x32e/0x15f0 drivers/tty/tty_io.c:2637
vfs_ioctl fs/ioctl.c:45 [inline]
do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685
SYSC_ioctl fs/ioctl.c:700 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
entry_SYSCALL_64_fastpath+0x1f/0xbe
-> #1 (&tty->termios_rwsem){++++}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
down_read+0x96/0x150 kernel/locking/rwsem.c:23
n_tty_write+0x249/0xed0 drivers/tty/n_tty.c:2287
do_tty_write drivers/tty/tty_io.c:948 [inline]
tty_write+0x427/0x860 drivers/tty/tty_io.c:1032
redirected_tty_write+0xa1/0xb0 drivers/tty/tty_io.c:1053
__vfs_write+0xef/0x970 fs/read_write.c:479
vfs_write+0x18f/0x510 fs/read_write.c:543
SYSC_write fs/read_write.c:588 [inline]
SyS_write+0xef/0x220 fs/read_write.c:580
entry_SYSCALL_64_fastpath+0x1f/0xbe
-> #0 (&tty->ldisc_sem){++++}:
check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__ldsem_down_read_nested+0xd1/0xab0 drivers/tty/tty_ldsem.c:327
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:367
tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:276
tty_read+0xf8/0x250 drivers/tty/tty_io.c:851
do_loop_readv_writev fs/read_write.c:693 [inline]
do_iter_read+0x3db/0x5b0 fs/read_write.c:917
vfs_readv+0x121/0x1c0 fs/read_write.c:979
kernel_readv fs/splice.c:361 [inline]
default_file_splice_read+0x508/0xae0 fs/splice.c:416
do_splice_to+0x110/0x170 fs/splice.c:880
do_splice fs/splice.c:1173 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x11a8/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0xbe
other info that might help us debug this:
Chain exists of:
&tty->ldisc_sem --> sb_writers --> &pipe->mutex/1
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&pipe->mutex/1);
lock(sb_writers);
lock(&pipe->mutex/1);
lock(&tty->ldisc_sem);
*** DEADLOCK ***
1 lock held by syz-executor7/16453:
#0: (&pipe->mutex/1){+.+.}, at: [<ffffffff81ac1086>] pipe_lock_nested
fs/pipe.c:66 [inline]
#0: (&pipe->mutex/1){+.+.}, at: [<ffffffff81ac1086>] pipe_lock+0x56/0x70
fs/pipe.c:74
stack backtrace:
CPU: 0 PID: 16453 Comm: syz-executor7 Not tainted 4.13.0-next-20170913+ #21
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
print_circular_bug+0x503/0x710 kernel/locking/lockdep.c:1259
check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__ldsem_down_read_nested+0xd1/0xab0 drivers/tty/tty_ldsem.c:327
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:367
tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:276
tty_read+0xf8/0x250 drivers/tty/tty_io.c:851
do_loop_readv_writev fs/read_write.c:693 [inline]
do_iter_read+0x3db/0x5b0 fs/read_write.c:917
vfs_readv+0x121/0x1c0 fs/read_write.c:979
kernel_readv fs/splice.c:361 [inline]
default_file_splice_read+0x508/0xae0 fs/splice.c:416
do_splice_to+0x110/0x170 fs/splice.c:880
do_splice fs/splice.c:1173 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x11a8/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x451e59
RSP: 002b:00007f6413d41c08 EFLAGS: 00000216 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451e59
RDX: 0000000000000016 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 0000000000000082 R08: 0000000000000200 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000216 R12: 0000000000000000
R13: 0000000000a6f7ef R14: 00007f6413d429c0 R15: 0000000000000000
netlink: 2 bytes leftover after parsing attributes in process
`syz-executor5'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
netlink: 2 bytes leftover after parsing attributes in process
`syz-executor5'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
netlink: 13 bytes leftover after parsing attributes in process
`syz-executor4'.
netlink: 13 bytes leftover after parsing attributes in process
`syz-executor4'.
*** Guest State ***
CR0: actual=0x0000000080000031, shadow=0x0000000060000011,
gh_mask=fffffffffffffff7
CR4: actual=0x0000000000002050, shadow=0x0000000000000020,
gh_mask=ffffffffffffe871
CR3 = 0x00000000fffbc000
RSP = 0x0000000000000000 RIP = 0x000000000000fff0
RFLAGS=0x00000100 DR7 = 0x0000000000000400
Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
CS: sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
DS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
SS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
ES: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
FS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
GS: sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
GDTR: limit=0x000007ff, base=0x0000000000001000
LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
IDTR: limit=0x000001ff, base=0x0000000000003800
TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
EFER = 0x0000000000000001 PAT = 0x0007040600070406
DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000
Interruptibility = 00000000 ActivityState = 00000000
*** Host State ***
RIP = 0xffffffff811b8bff RSP = 0xffff8801ccf974c8
CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
FSBase=00007f67cf6e3700 GSBase=ffff8801db300000 TRBase=ffff8801db223100
GDTBase=ffffffffff577000 IDTBase=ffffffffff57b000
CR0=0000000080050033 CR3=00000001d9a5d000 CR4=00000000001426e0
Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84d460b0
EFER = 0x0000000000000d01 PAT = 0x0000000000000000
*** Control State ***
PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=0000004b
EntryControls=0000d1ff ExitControls=0023efff
ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
VMEntry: intr_info=80000603 errcode=00000000 ilen=00000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
reason=80000021 qualification=0000000000000000
IDTVectoring: info=00000000 errcode=00000000
TSC Offset = 0xffffffb67be57e80
TPR Threshold = 0x00
EPT pointer = 0x00000001cbc7501e
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=40148
sclass=netlink_route_socket pig=16967 comm=syz-executor1
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=40148
sclass=netlink_route_socket pig=16968 comm=syz-executor1
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
CPU: 0 PID: 16985 Comm: syz-executor7 Not tainted 4.13.0-next-20170913+ #21
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3383 [inline]
__do_kmalloc mm/slab.c:3723 [inline]
__kmalloc_track_caller+0x5f/0x760 mm/slab.c:3740
memdup_user+0x2c/0x90 mm/util.c:164
map_update_elem kernel/bpf/syscall.c:541 [inline]
SYSC_bpf kernel/bpf/syscall.c:1476 [inline]
SyS_bpf+0x1db6/0x46a0 kernel/bpf/syscall.c:1451
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x451e59
RSP: 002b:00007f6413d41c08 EFLAGS: 00000216 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451e59
RDX: 0000000000000020 RSI: 00000000202cc000 RDI: 0000000000000002
RBP: 00007f6413d41a10 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004b69f7
R13: 00007f6413d41b48 R14: 00000000004b6a07 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 17010 Comm: syz-executor7 Not tainted 4.13.0-next-20170913+ #21
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3383 [inline]
__do_kmalloc mm/slab.c:3723 [inline]
__kmalloc+0x63/0x760 mm/slab.c:3734
kmalloc include/linux/slab.h:498 [inline]
map_update_elem kernel/bpf/syscall.c:555 [inline]
SYSC_bpf kernel/bpf/syscall.c:1476 [inline]
SyS_bpf+0x1eb4/0x46a0 kernel/bpf/syscall.c:1451
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x451e59
RSP: 002b:00007f6413d41c08 EFLAGS: 00000216 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451e59
RDX: 0000000000000020 RSI: 00000000202cc000 RDI: 0000000000000002
RBP: 00007f6413d41a10 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004b69f7
R13: 00007f6413d41b48 R14: 00000000004b6a07 R15: 0000000000000000
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
device syz2 entered promiscuous mode
device syz2 left promiscuous mode
device syz2 entered promiscuous mode
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 17367 Comm: syz-executor4 Not tainted 4.13.0-next-20170913+ #21
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc_node mm/slab.c:3304 [inline]
kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3649
alloc_task_struct_node kernel/fork.c:156 [inline]
dup_task_struct kernel/fork.c:517 [inline]
copy_process.part.36+0x1a6a/0x4af0 kernel/fork.c:1573
copy_process kernel/fork.c:1548 [inline]
_do_fork+0x1ef/0xfe0 kernel/fork.c:2027
SYSC_clone kernel/fork.c:2137 [inline]
SyS_clone+0x37/0x50 kernel/fork.c:2131
do_syscall_64+0x26c/0x8c0 arch/x86/entry/common.c:287
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x451e59
RSP: 002b:00007ff5e3ee7c08 EFLAGS: 00000216 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451e59
RDX: 0000000020f66000 RSI: 0000000020f66f21 RDI: 4747e630a668ed7d
RBP: 0000000000000450 R08: 00000000202dff77 R09: 0000000000000000
R10: 0000000020f66ffc R11: 0000000000000216 R12: 00000000004b721f
R13: 0000000000000005 R14: 4747e630a668ed7d R15: 0000000020f66f21
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 17512 Comm: syz-executor2 Not tainted 4.13.0-next-20170913+ #21
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc_node mm/slab.c:3304 [inline]
kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3649
alloc_task_struct_node kernel/fork.c:156 [inline]
dup_task_struct kernel/fork.c:517 [inline]
copy_process.part.36+0x1a6a/0x4af0 kernel/fork.c:1573
copy_process kernel/fork.c:1548 [inline]
_do_fork+0x1ef/0xfe0 kernel/fork.c:2027
SYSC_clone kernel/fork.c:2137 [inline]
SyS_clone+0x37/0x50 kernel/fork.c:2131
do_syscall_64+0x26c/0x8c0 arch/x86/entry/common.c:287
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x451e59
RSP: 002b:00007fa469e3bc08 EFLAGS: 00000216 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451e59
RDX: 0000000020f66000 RSI: 0000000020f66f21 RDI: 4747e630a668ed7d
RBP: 0000000000000450 R08: 00000000202dff77 R09: 0000000000000000
R10: 0000000020f66ffc R11: 0000000000000216 R12: 00000000004b721f
R13: 0000000000000005 R14: 4747e630a668ed7d R15: 0000000020f66f21
irq bypass consumer (token ffff8801d54ae240) registration fails: -16
irq bypass consumer (token ffff8801c02c8300) registration fails: -16
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 18329 Comm: syz-executor6 Not tainted 4.13.0-next-20170913+ #21
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc_node mm/slab.c:3304 [inline]
kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3649
alloc_task_struct_node kernel/fork.c:156 [inline]
dup_task_struct kernel/fork.c:517 [inline]
copy_process.part.36+0x1a6a/0x4af0 kernel/fork.c:1573
copy_process kernel/fork.c:1548 [inline]
_do_fork+0x1ef/0xfe0 kernel/fork.c:2027
SYSC_clone kernel/fork.c:2137 [inline]
SyS_clone+0x37/0x50 kernel/fork.c:2131
do_syscall_64+0x26c/0x8c0 arch/x86/entry/common.c:287
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x451e59
RSP: 002b:00007f6a6eb4bc08 EFLAGS: 00000216 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451e59
RDX: 0000000020f66000 RSI: 0000000020f66f21 RDI: 4747e630a668ed7d
RBP: 0000000000000450 R08: 00000000202dff77 R09: 0000000000000000
R10: 0000000020f66ffc R11: 0000000000000216 R12: 00000000004b721f
R13: 0000000000000005 R14: 4747e630a668ed7d R15: 0000000020f66f21
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is committed, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line.
syzbot
Feb 22, 2019, 5:26:10āÆAM2/22/19
to syzkall...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages