possible deadlock in pipe_lock
155 views
Skip to first unread message
syzbot
Oct 31, 2017, 8:54:04 AM10/31/17
to linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk
Hello,
syzkaller hit the following crash on
1f183459b5144384e2669a3f757d36bacab108cf
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
======================================================
WARNING: possible circular locking dependency detected
4.13.0-next-20170915+ #5 Not tainted
------------------------------------------------------
syz-executor7/30975 is trying to acquire lock:
(&pipe->mutex/1){+.+.}, at: [<ffffffff81ac10d6>] pipe_lock_nested
fs/pipe.c:66 [inline]
(&pipe->mutex/1){+.+.}, at: [<ffffffff81ac10d6>] pipe_lock+0x56/0x70
fs/pipe.c:74
but task is already holding lock:
(sb_writers){.+.+}, at: [<ffffffff81b7cf47>] file_start_write
include/linux/fs.h:2696 [inline]
(sb_writers){.+.+}, at: [<ffffffff81b7cf47>] do_splice fs/splice.c:1146
[inline]
(sb_writers){.+.+}, at: [<ffffffff81b7cf47>] SYSC_splice fs/splice.c:1402
[inline]
(sb_writers){.+.+}, at: [<ffffffff81b7cf47>] SyS_splice+0x1117/0x1630
fs/splice.c:1382
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #5 (sb_writers){.+.+}:
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35
[inline]
percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
__sb_start_write+0x18f/0x290 fs/super.c:1341
sb_start_write include/linux/fs.h:1541 [inline]
mnt_want_write+0x3f/0xb0 fs/namespace.c:387
filename_create+0x12b/0x520 fs/namei.c:3628
kern_path_create+0x33/0x40 fs/namei.c:3674
handle_create+0xc0/0x760 drivers/base/devtmpfs.c:203
-> #4 ((complete)&req.done){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
complete_acquire include/linux/completion.h:39 [inline]
__wait_for_common kernel/sched/completion.c:108 [inline]
wait_for_common kernel/sched/completion.c:122 [inline]
wait_for_completion+0xc8/0x770 kernel/sched/completion.c:143
devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115
device_add+0x120f/0x1640 drivers/base/core.c:1824
device_register+0x1d/0x20 drivers/base/core.c:1905
tty_register_device_attr+0x422/0x740 drivers/tty/tty_io.c:2955
tty_port_register_device_attr_serdev+0x100/0x140
drivers/tty/tty_port.c:165
uart_add_one_port+0xa7a/0x15b0 drivers/tty/serial/serial_core.c:2797
serial8250_register_8250_port+0xfac/0x1990
drivers/tty/serial/8250/8250_core.c:1052
serial_pnp_probe+0x5e7/0xac0 drivers/tty/serial/8250/8250_pnp.c:483
pnp_device_probe+0x15f/0x250 drivers/pnp/driver.c:108
really_probe drivers/base/dd.c:413 [inline]
driver_probe_device+0x63c/0xa20 drivers/base/dd.c:557
__driver_attach+0x181/0x1c0 drivers/base/dd.c:791
bus_for_each_dev+0x154/0x1e0 drivers/base/bus.c:313
driver_attach+0x3d/0x50 drivers/base/dd.c:810
bus_add_driver+0x466/0x620 drivers/base/bus.c:669
driver_register+0x1bf/0x3c0 drivers/base/driver.c:168
pnp_register_driver+0x75/0xa0 drivers/pnp/driver.c:271
serial8250_pnp_init+0x15/0x20 drivers/tty/serial/8250/8250_pnp.c:540
serial8250_init+0x8f/0x270 drivers/tty/serial/8250/8250_core.c:1129
do_one_initcall+0x9e/0x330 init/main.c:826
do_initcall_level init/main.c:892 [inline]
do_initcalls init/main.c:900 [inline]
do_basic_setup init/main.c:918 [inline]
kernel_init_freeable+0x469/0x521 init/main.c:1066
kernel_init+0x13/0x172 init/main.c:993
ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
-> #3 (&port->mutex){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
uart_set_termios+0x8f/0x5b0 drivers/tty/serial/serial_core.c:1429
tty_set_termios+0x6d4/0xa40 drivers/tty/tty_ioctl.c:333
set_termios+0x377/0x6b0 drivers/tty/tty_ioctl.c:413
tty_mode_ioctl+0x9fb/0xb10 drivers/tty/tty_ioctl.c:748
n_tty_ioctl_helper+0x40/0x360 drivers/tty/tty_ioctl.c:939
n_tty_ioctl+0x148/0x2d0 drivers/tty/n_tty.c:2437
tty_ioctl+0x32e/0x15f0 drivers/tty/tty_io.c:2637
vfs_ioctl fs/ioctl.c:45 [inline]
do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685
SYSC_ioctl fs/ioctl.c:700 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
entry_SYSCALL_64_fastpath+0x1f/0xbe
-> #2 (&tty->termios_rwsem){++++}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
down_read+0x96/0x150 kernel/locking/rwsem.c:23
n_tty_write+0x249/0xed0 drivers/tty/n_tty.c:2287
do_tty_write drivers/tty/tty_io.c:948 [inline]
tty_write+0x427/0x860 drivers/tty/tty_io.c:1032
redirected_tty_write+0xa1/0xb0 drivers/tty/tty_io.c:1053
__vfs_write+0xef/0x970 fs/read_write.c:479
vfs_write+0x18f/0x510 fs/read_write.c:543
SYSC_write fs/read_write.c:588 [inline]
SyS_write+0xef/0x220 fs/read_write.c:580
entry_SYSCALL_64_fastpath+0x1f/0xbe
-> #1 (&tty->ldisc_sem){++++}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__ldsem_down_read_nested+0xd1/0xab0 drivers/tty/tty_ldsem.c:327
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:367
tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:276
tty_read+0xf8/0x250 drivers/tty/tty_io.c:851
do_loop_readv_writev fs/read_write.c:693 [inline]
do_iter_read+0x3db/0x5b0 fs/read_write.c:917
vfs_readv+0x121/0x1c0 fs/read_write.c:979
kernel_readv fs/splice.c:361 [inline]
default_file_splice_read+0x508/0xae0 fs/splice.c:416
do_splice_to+0x110/0x170 fs/splice.c:880
do_splice fs/splice.c:1173 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x11a8/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0xbe
-> #0 (&pipe->mutex/1){+.+.}:
check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
pipe_lock_nested fs/pipe.c:66 [inline]
pipe_lock+0x56/0x70 fs/pipe.c:74
iter_file_splice_write+0x264/0xf50 fs/splice.c:699
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0xbe
other info that might help us debug this:
Chain exists of:
&pipe->mutex/1 --> (complete)&req.done --> sb_writers
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sb_writers);
lock((complete)&req.done);
lock(sb_writers);
lock(&pipe->mutex/1);
*** DEADLOCK ***
1 lock held by syz-executor7/30975:
#0: (sb_writers){.+.+}, at: [<ffffffff81b7cf47>] file_start_write
include/linux/fs.h:2696 [inline]
#0: (sb_writers){.+.+}, at: [<ffffffff81b7cf47>] do_splice
fs/splice.c:1146 [inline]
#0: (sb_writers){.+.+}, at: [<ffffffff81b7cf47>] SYSC_splice
fs/splice.c:1402 [inline]
#0: (sb_writers){.+.+}, at: [<ffffffff81b7cf47>] SyS_splice+0x1117/0x1630
fs/splice.c:1382
stack backtrace:
CPU: 0 PID: 30975 Comm: syz-executor7 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
print_circular_bug+0x503/0x710 kernel/locking/lockdep.c:1259
check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
pipe_lock_nested fs/pipe.c:66 [inline]
pipe_lock+0x56/0x70 fs/pipe.c:74
iter_file_splice_write+0x264/0xf50 fs/splice.c:699
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4474f9
RSP: 002b:00007f5963057c08 EFLAGS: 00000296 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000000019 RCX: 00000000004474f9
RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000019
RBP: 0000000000000082 R08: 000000000000ffff R09: 000000000000000a
R10: 0000000000000000 R11: 0000000000000296 R12: 00000000ffffffff
R13: 0000000000005850 R14: 00000000006e8910 R15: 0000000000000008
QAT: Invalid ioctl
dccp_invalid_packet: P.Data Offset(0) too small
sg_write: data in/out 110652/755 bytes for SCSI command 0x0-- guessing data
in;
program syz-executor0 not setting count and/or reply_len properly
QAT: Invalid ioctl
sg_write: data in/out 110652/755 bytes for SCSI command 0x0-- guessing data
in;
program syz-executor0 not setting count and/or reply_len properly
QAT: Invalid ioctl
sg_write: data in/out 110652/755 bytes for SCSI command 0x0-- guessing data
in;
program syz-executor0 not setting count and/or reply_len properly
QAT: Invalid ioctl
sg_write: data in/out 110652/755 bytes for SCSI command 0x0-- guessing data
in;
program syz-executor0 not setting count and/or reply_len properly
QAT: Invalid ioctl
sg_write: data in/out 110652/755 bytes for SCSI command 0x0-- guessing data
in;
program syz-executor0 not setting count and/or reply_len properly
QAT: Invalid ioctl
sg_write: data in/out 110652/755 bytes for SCSI command 0x0-- guessing data
in;
program syz-executor0 not setting count and/or reply_len properly
QAT: Invalid ioctl
sg_write: data in/out 110652/755 bytes for SCSI command 0x0-- guessing data
in;
program syz-executor0 not setting count and/or reply_len properly
QAT: Invalid ioctl
sg_write: data in/out 110652/755 bytes for SCSI command 0x0-- guessing data
in;
program syz-executor0 not setting count and/or reply_len properly
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
netlink: 5 bytes leftover after parsing attributes in process
`syz-executor4'.
QAT: Invalid ioctl
netlink: 5 bytes leftover after parsing attributes in process
`syz-executor4'.
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 31606 Comm: syz-executor7 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3559
getname_flags+0xcb/0x580 fs/namei.c:137
SYSC_execveat fs/exec.c:1934 [inline]
SyS_execveat+0x38/0x60 fs/exec.c:1926
do_syscall_64+0x26c/0x8c0 arch/x86/entry/common.c:287
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x4474f9
RSP: 002b:00007f5963057c08 EFLAGS: 00000292 ORIG_RAX: 0000000000000142
RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00000000004474f9
RDX: 000000002026dff0 RSI: 0000000020066ff8 RDI: ffffffffffffffff
RBP: 0000000000708000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020658ff0 R11: 0000000000000292 R12: 0000000000000005
R13: 0000000000000650 R14: 00000000006e3710 R15: 0000000020066ff8
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 3 PID: 32410 Comm: syz-executor5 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3559
ptlock_alloc+0x24/0x70 mm/memory.c:4659
ptlock_init include/linux/mm.h:1729 [inline]
pgtable_page_ctor include/linux/mm.h:1763 [inline]
pte_alloc_one+0x59/0x100 arch/x86/mm/pgtable.c:31
do_huge_pmd_anonymous_page+0xc1f/0x1b00 mm/huge_memory.c:689
create_huge_pmd mm/memory.c:3802 [inline]
__handle_mm_fault+0x1827/0x39c0 mm/memory.c:4005
handle_mm_fault+0x334/0x8d0 mm/memory.c:4071
__do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1445
do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1520
do_async_page_fault+0x72/0xc0 arch/x86/kernel/kvm.c:266
async_page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1069
RIP: 0010:copy_user_generic_string+0x2c/0x40 arch/x86/lib/copy_user_64.S:143
RSP: 0018:ffff88006d10f928 EFLAGS: 00010246
RAX: ffffed000da21f3c RBX: 00000000200bd000 RCX: 0000000000000007
RDX: 0000000000000000 RSI: 00000000200bd000 RDI: ffff88006d10f9a8
RBP: ffff88006d10f958 R08: ffffed000da21f3c R09: ffffed000da21f3c
R10: 0000000000000007 R11: ffffed000da21f3b R12: 0000000000000038
R13: ffff88006d10f9a8 R14: 00007ffffffff000 R15: 00000000200bd038
copy_from_user include/linux/uaccess.h:146 [inline]
copy_msghdr_from_user+0x93/0x590 net/socket.c:1930
___sys_sendmsg+0x12d/0x8a0 net/socket.c:1994
__sys_sendmmsg+0x1e6/0x5f0 net/socket.c:2139
SYSC_sendmmsg net/socket.c:2170 [inline]
SyS_sendmmsg+0x35/0x60 net/socket.c:2165
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4474f9
RSP: 002b:00007f60e31fec08 EFLAGS: 00000292 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004474f9
RDX: 0000000000000080 RSI: 00000000200bd000 RDI: 0000000000000006
RBP: 00007f60e31fea00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000292 R12: 00000000004a8e57
R13: 0000000000000000 R14: 00007f60e31fe9c8 R15: 00007f60e31feb38
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 2 PID: 32437 Comm: syz-executor5 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc_node mm/slab.c:3304 [inline]
kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3649
__alloc_skb+0xf1/0x740 net/core/skbuff.c:194
alloc_skb include/linux/skbuff.h:976 [inline]
alloc_skb_with_frags+0x10d/0x710 net/core/skbuff.c:5137
sock_alloc_send_pskb+0x7b4/0x9d0 net/core/sock.c:2073
unix_dgram_sendmsg+0x52d/0x1600 net/unix/af_unix.c:1681
sock_sendmsg_nosec net/socket.c:633 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:643
___sys_sendmsg+0x322/0x8a0 net/socket.c:2049
__sys_sendmmsg+0x1e6/0x5f0 net/socket.c:2139
SYSC_sendmmsg net/socket.c:2170 [inline]
SyS_sendmmsg+0x35/0x60 net/socket.c:2165
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4474f9
RSP: 002b:00007f60e31fec08 EFLAGS: 00000292 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004474f9
RDX: 0000000000000080 RSI: 00000000200bd000 RDI: 0000000000000006
RBP: 00007f60e31fea00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000292 R12: 00000000004a8e57
R13: 0000000000000000 R14: 00007f60e31fe9c8 R15: 00007f60e31feb38
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 3 PID: 32461 Comm: syz-executor5 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc_node mm/slab.c:3304 [inline]
kmem_cache_alloc_node_trace+0x5a/0x760 mm/slab.c:3668
__do_kmalloc_node mm/slab.c:3688 [inline]
__kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3703
__kmalloc_reserve.isra.40+0x41/0xd0 net/core/skbuff.c:138
__alloc_skb+0x13b/0x740 net/core/skbuff.c:206
alloc_skb include/linux/skbuff.h:976 [inline]
alloc_skb_with_frags+0x10d/0x710 net/core/skbuff.c:5137
sock_alloc_send_pskb+0x7b4/0x9d0 net/core/sock.c:2073
unix_dgram_sendmsg+0x52d/0x1600 net/unix/af_unix.c:1681
sock_sendmsg_nosec net/socket.c:633 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:643
___sys_sendmsg+0x322/0x8a0 net/socket.c:2049
__sys_sendmmsg+0x1e6/0x5f0 net/socket.c:2139
SYSC_sendmmsg net/socket.c:2170 [inline]
SyS_sendmmsg+0x35/0x60 net/socket.c:2165
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4474f9
RSP: 002b:00007f60e31fec08 EFLAGS: 00000292 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004474f9
RDX: 0000000000000080 RSI: 00000000200bd000 RDI: 0000000000000006
RBP: 00007f60e31fea00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000292 R12: 00000000004a8e57
R13: 0000000000000000 R14: 00007f60e31fe9c8 R15: 00007f60e31feb38
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 1
CPU: 2 PID: 32631 Comm: syz-executor6 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_fail_alloc_page mm/page_alloc.c:2915 [inline]
prepare_alloc_pages mm/page_alloc.c:4151 [inline]
__alloc_pages_nodemask+0x338/0xd80 mm/page_alloc.c:4187
alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2035
alloc_pages include/linux/gfp.h:505 [inline]
skb_page_frag_refill+0x358/0x5f0 net/core/sock.c:2196
tun_build_skb.isra.42+0x2a2/0x1690 drivers/net/tun.c:1289
tun_get_user+0x1dad/0x2150 drivers/net/tun.c:1455
tun_chr_write_iter+0xde/0x190 drivers/net/tun.c:1579
call_write_iter include/linux/fs.h:1770 [inline]
new_sync_write fs/read_write.c:468 [inline]
__vfs_write+0x68a/0x970 fs/read_write.c:481
vfs_write+0x18f/0x510 fs/read_write.c:543
SYSC_write fs/read_write.c:588 [inline]
SyS_write+0xef/0x220 fs/read_write.c:580
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x40c691
RSP: 002b:00007f7627ff4c00 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000032 RCX: 000000000040c691
RDX: 0000000000000032 RSI: 000000002098d000 RDI: 0000000000000015
RBP: 00007f7627ff4a00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 00000000004a8e57
R13: 0000000000000000 R14: 00007f7627ff49c8 R15: 00007f7627ff4b38
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 2 PID: 32650 Comm: syz-executor6 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3559
__build_skb+0x9d/0x450 net/core/skbuff.c:284
build_skb+0x6f/0x260 net/core/skbuff.c:316
tun_build_skb.isra.42+0x92f/0x1690 drivers/net/tun.c:1346
tun_get_user+0x1dad/0x2150 drivers/net/tun.c:1455
tun_chr_write_iter+0xde/0x190 drivers/net/tun.c:1579
call_write_iter include/linux/fs.h:1770 [inline]
new_sync_write fs/read_write.c:468 [inline]
__vfs_write+0x68a/0x970 fs/read_write.c:481
vfs_write+0x18f/0x510 fs/read_write.c:543
SYSC_write fs/read_write.c:588 [inline]
SyS_write+0xef/0x220 fs/read_write.c:580
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x40c691
RSP: 002b:00007f7627ff4c00 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000032 RCX: 000000000040c691
RDX: 0000000000000032 RSI: 000000002098d000 RDI: 0000000000000015
RBP: 00007f7627ff4a00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 00000000004a8e57
R13: 0000000000000000 R14: 00007f7627ff49c8 R15: 00007f7627ff4b38
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 2 PID: 32652 Comm: syz-executor4 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3383 [inline]
__do_kmalloc mm/slab.c:3723 [inline]
__kmalloc_track_caller+0x5f/0x760 mm/slab.c:3740
memdup_user+0x2c/0x90 mm/util.c:164
do_ip_setsockopt.isra.12+0x15f8/0x31f0 net/ipv4/ip_sockglue.c:938
ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1243
raw_setsockopt+0xb7/0xd0 net/ipv4/raw.c:850
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2960
SYSC_setsockopt net/socket.c:1852 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1831
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4474f9
RSP: 002b:00007f823084cc08 EFLAGS: 00000292 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004474f9
RDX: 0000000000000029 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 00007f823084ca00 R08: 0000000000000010 R09: 0000000000000000
R10: 000000002039ffc8 R11: 0000000000000292 R12: 00000000004a8e57
R13: 0000000000000000 R14: 00007f823084c9c8 R15: 00007f823084cb38
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 1102 Comm: syz-executor2 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3559
alloc_inode+0x128/0x180 fs/inode.c:210
new_inode_pseudo+0x69/0x190 fs/inode.c:890
__ns_get_path+0x198/0x7b0 fs/nsfs.c:75
open_related_ns+0xdf/0x1f0 fs/nsfs.c:143
sock_ioctl+0x329/0x440 net/socket.c:1055
vfs_ioctl fs/ioctl.c:45 [inline]
do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685
SYSC_ioctl fs/ioctl.c:700 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4474f9
RSP: 002b:00007f00ea9a7c08 EFLAGS: 00000296 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 00000000004474f9
RDX: 0000000020b5affc RSI: 000000000000894c RDI: 0000000000000016
RBP: 0000000000a5f860 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f00ea9a89c0 R15: 00007f00ea9a8700
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 1156 Comm: syz-executor2 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3559
kmem_cache_zalloc include/linux/slab.h:656 [inline]
inode_alloc_security security/selinux/hooks.c:234 [inline]
selinux_inode_alloc_security+0xf9/0x390 security/selinux/hooks.c:2869
security_inode_alloc+0x90/0xd0 security/security.c:436
inode_init_always+0x653/0xca0 fs/inode.c:167
alloc_inode+0x82/0x180 fs/inode.c:215
new_inode_pseudo+0x69/0x190 fs/inode.c:890
__ns_get_path+0x198/0x7b0 fs/nsfs.c:75
open_related_ns+0xdf/0x1f0 fs/nsfs.c:143
sock_ioctl+0x329/0x440 net/socket.c:1055
vfs_ioctl fs/ioctl.c:45 [inline]
do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685
SYSC_ioctl fs/ioctl.c:700 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4474f9
RSP: 002b:00007f00ea9a7c08 EFLAGS: 00000296 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 00000000004474f9
RDX: 0000000020b5affc RSI: 000000000000894c RDI: 0000000000000016
RBP: 0000000000a5f860 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f00ea9a89c0 R15: 00007f00ea9a8700
QAT: Invalid ioctl
QAT: Invalid ioctl
sctp: [Deprecated]: syz-executor6 (pid 2372) Use of struct sctp_assoc_value
in delayed_ack socket option.
Use struct sctp_sack_info instead
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is committed, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line.
syzkaller hit the following crash on
1f183459b5144384e2669a3f757d36bacab108cf
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
======================================================
WARNING: possible circular locking dependency detected
4.13.0-next-20170915+ #5 Not tainted
------------------------------------------------------
syz-executor7/30975 is trying to acquire lock:
(&pipe->mutex/1){+.+.}, at: [<ffffffff81ac10d6>] pipe_lock_nested
fs/pipe.c:66 [inline]
(&pipe->mutex/1){+.+.}, at: [<ffffffff81ac10d6>] pipe_lock+0x56/0x70
fs/pipe.c:74
but task is already holding lock:
(sb_writers){.+.+}, at: [<ffffffff81b7cf47>] file_start_write
include/linux/fs.h:2696 [inline]
(sb_writers){.+.+}, at: [<ffffffff81b7cf47>] do_splice fs/splice.c:1146
[inline]
(sb_writers){.+.+}, at: [<ffffffff81b7cf47>] SYSC_splice fs/splice.c:1402
[inline]
(sb_writers){.+.+}, at: [<ffffffff81b7cf47>] SyS_splice+0x1117/0x1630
fs/splice.c:1382
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #5 (sb_writers){.+.+}:
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35
[inline]
percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
__sb_start_write+0x18f/0x290 fs/super.c:1341
sb_start_write include/linux/fs.h:1541 [inline]
mnt_want_write+0x3f/0xb0 fs/namespace.c:387
filename_create+0x12b/0x520 fs/namei.c:3628
kern_path_create+0x33/0x40 fs/namei.c:3674
handle_create+0xc0/0x760 drivers/base/devtmpfs.c:203
-> #4 ((complete)&req.done){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
complete_acquire include/linux/completion.h:39 [inline]
__wait_for_common kernel/sched/completion.c:108 [inline]
wait_for_common kernel/sched/completion.c:122 [inline]
wait_for_completion+0xc8/0x770 kernel/sched/completion.c:143
devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115
device_add+0x120f/0x1640 drivers/base/core.c:1824
device_register+0x1d/0x20 drivers/base/core.c:1905
tty_register_device_attr+0x422/0x740 drivers/tty/tty_io.c:2955
tty_port_register_device_attr_serdev+0x100/0x140
drivers/tty/tty_port.c:165
uart_add_one_port+0xa7a/0x15b0 drivers/tty/serial/serial_core.c:2797
serial8250_register_8250_port+0xfac/0x1990
drivers/tty/serial/8250/8250_core.c:1052
serial_pnp_probe+0x5e7/0xac0 drivers/tty/serial/8250/8250_pnp.c:483
pnp_device_probe+0x15f/0x250 drivers/pnp/driver.c:108
really_probe drivers/base/dd.c:413 [inline]
driver_probe_device+0x63c/0xa20 drivers/base/dd.c:557
__driver_attach+0x181/0x1c0 drivers/base/dd.c:791
bus_for_each_dev+0x154/0x1e0 drivers/base/bus.c:313
driver_attach+0x3d/0x50 drivers/base/dd.c:810
bus_add_driver+0x466/0x620 drivers/base/bus.c:669
driver_register+0x1bf/0x3c0 drivers/base/driver.c:168
pnp_register_driver+0x75/0xa0 drivers/pnp/driver.c:271
serial8250_pnp_init+0x15/0x20 drivers/tty/serial/8250/8250_pnp.c:540
serial8250_init+0x8f/0x270 drivers/tty/serial/8250/8250_core.c:1129
do_one_initcall+0x9e/0x330 init/main.c:826
do_initcall_level init/main.c:892 [inline]
do_initcalls init/main.c:900 [inline]
do_basic_setup init/main.c:918 [inline]
kernel_init_freeable+0x469/0x521 init/main.c:1066
kernel_init+0x13/0x172 init/main.c:993
ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
-> #3 (&port->mutex){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
uart_set_termios+0x8f/0x5b0 drivers/tty/serial/serial_core.c:1429
tty_set_termios+0x6d4/0xa40 drivers/tty/tty_ioctl.c:333
set_termios+0x377/0x6b0 drivers/tty/tty_ioctl.c:413
tty_mode_ioctl+0x9fb/0xb10 drivers/tty/tty_ioctl.c:748
n_tty_ioctl_helper+0x40/0x360 drivers/tty/tty_ioctl.c:939
n_tty_ioctl+0x148/0x2d0 drivers/tty/n_tty.c:2437
tty_ioctl+0x32e/0x15f0 drivers/tty/tty_io.c:2637
vfs_ioctl fs/ioctl.c:45 [inline]
do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685
SYSC_ioctl fs/ioctl.c:700 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
entry_SYSCALL_64_fastpath+0x1f/0xbe
-> #2 (&tty->termios_rwsem){++++}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
down_read+0x96/0x150 kernel/locking/rwsem.c:23
n_tty_write+0x249/0xed0 drivers/tty/n_tty.c:2287
do_tty_write drivers/tty/tty_io.c:948 [inline]
tty_write+0x427/0x860 drivers/tty/tty_io.c:1032
redirected_tty_write+0xa1/0xb0 drivers/tty/tty_io.c:1053
__vfs_write+0xef/0x970 fs/read_write.c:479
vfs_write+0x18f/0x510 fs/read_write.c:543
SYSC_write fs/read_write.c:588 [inline]
SyS_write+0xef/0x220 fs/read_write.c:580
entry_SYSCALL_64_fastpath+0x1f/0xbe
-> #1 (&tty->ldisc_sem){++++}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__ldsem_down_read_nested+0xd1/0xab0 drivers/tty/tty_ldsem.c:327
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:367
tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:276
tty_read+0xf8/0x250 drivers/tty/tty_io.c:851
do_loop_readv_writev fs/read_write.c:693 [inline]
do_iter_read+0x3db/0x5b0 fs/read_write.c:917
vfs_readv+0x121/0x1c0 fs/read_write.c:979
kernel_readv fs/splice.c:361 [inline]
default_file_splice_read+0x508/0xae0 fs/splice.c:416
do_splice_to+0x110/0x170 fs/splice.c:880
do_splice fs/splice.c:1173 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x11a8/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0xbe
-> #0 (&pipe->mutex/1){+.+.}:
check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
pipe_lock_nested fs/pipe.c:66 [inline]
pipe_lock+0x56/0x70 fs/pipe.c:74
iter_file_splice_write+0x264/0xf50 fs/splice.c:699
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0xbe
other info that might help us debug this:
Chain exists of:
&pipe->mutex/1 --> (complete)&req.done --> sb_writers
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sb_writers);
lock((complete)&req.done);
lock(sb_writers);
lock(&pipe->mutex/1);
*** DEADLOCK ***
1 lock held by syz-executor7/30975:
#0: (sb_writers){.+.+}, at: [<ffffffff81b7cf47>] file_start_write
include/linux/fs.h:2696 [inline]
#0: (sb_writers){.+.+}, at: [<ffffffff81b7cf47>] do_splice
fs/splice.c:1146 [inline]
#0: (sb_writers){.+.+}, at: [<ffffffff81b7cf47>] SYSC_splice
fs/splice.c:1402 [inline]
#0: (sb_writers){.+.+}, at: [<ffffffff81b7cf47>] SyS_splice+0x1117/0x1630
fs/splice.c:1382
stack backtrace:
CPU: 0 PID: 30975 Comm: syz-executor7 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
print_circular_bug+0x503/0x710 kernel/locking/lockdep.c:1259
check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
pipe_lock_nested fs/pipe.c:66 [inline]
pipe_lock+0x56/0x70 fs/pipe.c:74
iter_file_splice_write+0x264/0xf50 fs/splice.c:699
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4474f9
RSP: 002b:00007f5963057c08 EFLAGS: 00000296 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000000019 RCX: 00000000004474f9
RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000019
RBP: 0000000000000082 R08: 000000000000ffff R09: 000000000000000a
R10: 0000000000000000 R11: 0000000000000296 R12: 00000000ffffffff
R13: 0000000000005850 R14: 00000000006e8910 R15: 0000000000000008
QAT: Invalid ioctl
dccp_invalid_packet: P.Data Offset(0) too small
sg_write: data in/out 110652/755 bytes for SCSI command 0x0-- guessing data
in;
program syz-executor0 not setting count and/or reply_len properly
QAT: Invalid ioctl
sg_write: data in/out 110652/755 bytes for SCSI command 0x0-- guessing data
in;
program syz-executor0 not setting count and/or reply_len properly
QAT: Invalid ioctl
sg_write: data in/out 110652/755 bytes for SCSI command 0x0-- guessing data
in;
program syz-executor0 not setting count and/or reply_len properly
QAT: Invalid ioctl
sg_write: data in/out 110652/755 bytes for SCSI command 0x0-- guessing data
in;
program syz-executor0 not setting count and/or reply_len properly
QAT: Invalid ioctl
sg_write: data in/out 110652/755 bytes for SCSI command 0x0-- guessing data
in;
program syz-executor0 not setting count and/or reply_len properly
QAT: Invalid ioctl
sg_write: data in/out 110652/755 bytes for SCSI command 0x0-- guessing data
in;
program syz-executor0 not setting count and/or reply_len properly
QAT: Invalid ioctl
sg_write: data in/out 110652/755 bytes for SCSI command 0x0-- guessing data
in;
program syz-executor0 not setting count and/or reply_len properly
QAT: Invalid ioctl
sg_write: data in/out 110652/755 bytes for SCSI command 0x0-- guessing data
in;
program syz-executor0 not setting count and/or reply_len properly
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
netlink: 5 bytes leftover after parsing attributes in process
`syz-executor4'.
QAT: Invalid ioctl
netlink: 5 bytes leftover after parsing attributes in process
`syz-executor4'.
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 31606 Comm: syz-executor7 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3559
getname_flags+0xcb/0x580 fs/namei.c:137
SYSC_execveat fs/exec.c:1934 [inline]
SyS_execveat+0x38/0x60 fs/exec.c:1926
do_syscall_64+0x26c/0x8c0 arch/x86/entry/common.c:287
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x4474f9
RSP: 002b:00007f5963057c08 EFLAGS: 00000292 ORIG_RAX: 0000000000000142
RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00000000004474f9
RDX: 000000002026dff0 RSI: 0000000020066ff8 RDI: ffffffffffffffff
RBP: 0000000000708000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020658ff0 R11: 0000000000000292 R12: 0000000000000005
R13: 0000000000000650 R14: 00000000006e3710 R15: 0000000020066ff8
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 3 PID: 32410 Comm: syz-executor5 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3559
ptlock_alloc+0x24/0x70 mm/memory.c:4659
ptlock_init include/linux/mm.h:1729 [inline]
pgtable_page_ctor include/linux/mm.h:1763 [inline]
pte_alloc_one+0x59/0x100 arch/x86/mm/pgtable.c:31
do_huge_pmd_anonymous_page+0xc1f/0x1b00 mm/huge_memory.c:689
create_huge_pmd mm/memory.c:3802 [inline]
__handle_mm_fault+0x1827/0x39c0 mm/memory.c:4005
handle_mm_fault+0x334/0x8d0 mm/memory.c:4071
__do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1445
do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1520
do_async_page_fault+0x72/0xc0 arch/x86/kernel/kvm.c:266
async_page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1069
RIP: 0010:copy_user_generic_string+0x2c/0x40 arch/x86/lib/copy_user_64.S:143
RSP: 0018:ffff88006d10f928 EFLAGS: 00010246
RAX: ffffed000da21f3c RBX: 00000000200bd000 RCX: 0000000000000007
RDX: 0000000000000000 RSI: 00000000200bd000 RDI: ffff88006d10f9a8
RBP: ffff88006d10f958 R08: ffffed000da21f3c R09: ffffed000da21f3c
R10: 0000000000000007 R11: ffffed000da21f3b R12: 0000000000000038
R13: ffff88006d10f9a8 R14: 00007ffffffff000 R15: 00000000200bd038
copy_from_user include/linux/uaccess.h:146 [inline]
copy_msghdr_from_user+0x93/0x590 net/socket.c:1930
___sys_sendmsg+0x12d/0x8a0 net/socket.c:1994
__sys_sendmmsg+0x1e6/0x5f0 net/socket.c:2139
SYSC_sendmmsg net/socket.c:2170 [inline]
SyS_sendmmsg+0x35/0x60 net/socket.c:2165
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4474f9
RSP: 002b:00007f60e31fec08 EFLAGS: 00000292 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004474f9
RDX: 0000000000000080 RSI: 00000000200bd000 RDI: 0000000000000006
RBP: 00007f60e31fea00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000292 R12: 00000000004a8e57
R13: 0000000000000000 R14: 00007f60e31fe9c8 R15: 00007f60e31feb38
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 2 PID: 32437 Comm: syz-executor5 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc_node mm/slab.c:3304 [inline]
kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3649
__alloc_skb+0xf1/0x740 net/core/skbuff.c:194
alloc_skb include/linux/skbuff.h:976 [inline]
alloc_skb_with_frags+0x10d/0x710 net/core/skbuff.c:5137
sock_alloc_send_pskb+0x7b4/0x9d0 net/core/sock.c:2073
unix_dgram_sendmsg+0x52d/0x1600 net/unix/af_unix.c:1681
sock_sendmsg_nosec net/socket.c:633 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:643
___sys_sendmsg+0x322/0x8a0 net/socket.c:2049
__sys_sendmmsg+0x1e6/0x5f0 net/socket.c:2139
SYSC_sendmmsg net/socket.c:2170 [inline]
SyS_sendmmsg+0x35/0x60 net/socket.c:2165
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4474f9
RSP: 002b:00007f60e31fec08 EFLAGS: 00000292 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004474f9
RDX: 0000000000000080 RSI: 00000000200bd000 RDI: 0000000000000006
RBP: 00007f60e31fea00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000292 R12: 00000000004a8e57
R13: 0000000000000000 R14: 00007f60e31fe9c8 R15: 00007f60e31feb38
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 3 PID: 32461 Comm: syz-executor5 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc_node mm/slab.c:3304 [inline]
kmem_cache_alloc_node_trace+0x5a/0x760 mm/slab.c:3668
__do_kmalloc_node mm/slab.c:3688 [inline]
__kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3703
__kmalloc_reserve.isra.40+0x41/0xd0 net/core/skbuff.c:138
__alloc_skb+0x13b/0x740 net/core/skbuff.c:206
alloc_skb include/linux/skbuff.h:976 [inline]
alloc_skb_with_frags+0x10d/0x710 net/core/skbuff.c:5137
sock_alloc_send_pskb+0x7b4/0x9d0 net/core/sock.c:2073
unix_dgram_sendmsg+0x52d/0x1600 net/unix/af_unix.c:1681
sock_sendmsg_nosec net/socket.c:633 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:643
___sys_sendmsg+0x322/0x8a0 net/socket.c:2049
__sys_sendmmsg+0x1e6/0x5f0 net/socket.c:2139
SYSC_sendmmsg net/socket.c:2170 [inline]
SyS_sendmmsg+0x35/0x60 net/socket.c:2165
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4474f9
RSP: 002b:00007f60e31fec08 EFLAGS: 00000292 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004474f9
RDX: 0000000000000080 RSI: 00000000200bd000 RDI: 0000000000000006
RBP: 00007f60e31fea00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000292 R12: 00000000004a8e57
R13: 0000000000000000 R14: 00007f60e31fe9c8 R15: 00007f60e31feb38
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 1
CPU: 2 PID: 32631 Comm: syz-executor6 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_fail_alloc_page mm/page_alloc.c:2915 [inline]
prepare_alloc_pages mm/page_alloc.c:4151 [inline]
__alloc_pages_nodemask+0x338/0xd80 mm/page_alloc.c:4187
alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2035
alloc_pages include/linux/gfp.h:505 [inline]
skb_page_frag_refill+0x358/0x5f0 net/core/sock.c:2196
tun_build_skb.isra.42+0x2a2/0x1690 drivers/net/tun.c:1289
tun_get_user+0x1dad/0x2150 drivers/net/tun.c:1455
tun_chr_write_iter+0xde/0x190 drivers/net/tun.c:1579
call_write_iter include/linux/fs.h:1770 [inline]
new_sync_write fs/read_write.c:468 [inline]
__vfs_write+0x68a/0x970 fs/read_write.c:481
vfs_write+0x18f/0x510 fs/read_write.c:543
SYSC_write fs/read_write.c:588 [inline]
SyS_write+0xef/0x220 fs/read_write.c:580
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x40c691
RSP: 002b:00007f7627ff4c00 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000032 RCX: 000000000040c691
RDX: 0000000000000032 RSI: 000000002098d000 RDI: 0000000000000015
RBP: 00007f7627ff4a00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 00000000004a8e57
R13: 0000000000000000 R14: 00007f7627ff49c8 R15: 00007f7627ff4b38
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 2 PID: 32650 Comm: syz-executor6 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3559
__build_skb+0x9d/0x450 net/core/skbuff.c:284
build_skb+0x6f/0x260 net/core/skbuff.c:316
tun_build_skb.isra.42+0x92f/0x1690 drivers/net/tun.c:1346
tun_get_user+0x1dad/0x2150 drivers/net/tun.c:1455
tun_chr_write_iter+0xde/0x190 drivers/net/tun.c:1579
call_write_iter include/linux/fs.h:1770 [inline]
new_sync_write fs/read_write.c:468 [inline]
__vfs_write+0x68a/0x970 fs/read_write.c:481
vfs_write+0x18f/0x510 fs/read_write.c:543
SYSC_write fs/read_write.c:588 [inline]
SyS_write+0xef/0x220 fs/read_write.c:580
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x40c691
RSP: 002b:00007f7627ff4c00 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000032 RCX: 000000000040c691
RDX: 0000000000000032 RSI: 000000002098d000 RDI: 0000000000000015
RBP: 00007f7627ff4a00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 00000000004a8e57
R13: 0000000000000000 R14: 00007f7627ff49c8 R15: 00007f7627ff4b38
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 2 PID: 32652 Comm: syz-executor4 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3383 [inline]
__do_kmalloc mm/slab.c:3723 [inline]
__kmalloc_track_caller+0x5f/0x760 mm/slab.c:3740
memdup_user+0x2c/0x90 mm/util.c:164
do_ip_setsockopt.isra.12+0x15f8/0x31f0 net/ipv4/ip_sockglue.c:938
ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1243
raw_setsockopt+0xb7/0xd0 net/ipv4/raw.c:850
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2960
SYSC_setsockopt net/socket.c:1852 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1831
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4474f9
RSP: 002b:00007f823084cc08 EFLAGS: 00000292 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004474f9
RDX: 0000000000000029 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 00007f823084ca00 R08: 0000000000000010 R09: 0000000000000000
R10: 000000002039ffc8 R11: 0000000000000292 R12: 00000000004a8e57
R13: 0000000000000000 R14: 00007f823084c9c8 R15: 00007f823084cb38
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
xs_tcp_setup_socket: connect returned unhandled error -113
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 1102 Comm: syz-executor2 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3559
alloc_inode+0x128/0x180 fs/inode.c:210
new_inode_pseudo+0x69/0x190 fs/inode.c:890
__ns_get_path+0x198/0x7b0 fs/nsfs.c:75
open_related_ns+0xdf/0x1f0 fs/nsfs.c:143
sock_ioctl+0x329/0x440 net/socket.c:1055
vfs_ioctl fs/ioctl.c:45 [inline]
do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685
SYSC_ioctl fs/ioctl.c:700 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4474f9
RSP: 002b:00007f00ea9a7c08 EFLAGS: 00000296 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 00000000004474f9
RDX: 0000000020b5affc RSI: 000000000000894c RDI: 0000000000000016
RBP: 0000000000a5f860 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f00ea9a89c0 R15: 00007f00ea9a8700
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 1156 Comm: syz-executor2 Not tainted 4.13.0-next-20170915+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:31
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3559
kmem_cache_zalloc include/linux/slab.h:656 [inline]
inode_alloc_security security/selinux/hooks.c:234 [inline]
selinux_inode_alloc_security+0xf9/0x390 security/selinux/hooks.c:2869
security_inode_alloc+0x90/0xd0 security/security.c:436
inode_init_always+0x653/0xca0 fs/inode.c:167
alloc_inode+0x82/0x180 fs/inode.c:215
new_inode_pseudo+0x69/0x190 fs/inode.c:890
__ns_get_path+0x198/0x7b0 fs/nsfs.c:75
open_related_ns+0xdf/0x1f0 fs/nsfs.c:143
sock_ioctl+0x329/0x440 net/socket.c:1055
vfs_ioctl fs/ioctl.c:45 [inline]
do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685
SYSC_ioctl fs/ioctl.c:700 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4474f9
RSP: 002b:00007f00ea9a7c08 EFLAGS: 00000296 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 00000000004474f9
RDX: 0000000020b5affc RSI: 000000000000894c RDI: 0000000000000016
RBP: 0000000000a5f860 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f00ea9a89c0 R15: 00007f00ea9a8700
QAT: Invalid ioctl
QAT: Invalid ioctl
sctp: [Deprecated]: syz-executor6 (pid 2372) Use of struct sctp_assoc_value
in delayed_ack socket option.
Use struct sctp_sack_info instead
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is committed, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line.
Dmitry Vyukov
Feb 14, 2018, 9:20:00 AM2/14/18
to syzbot, syzkall...@googlegroups.com
old bug bankruptcy
#syz invalid
On Tue, Oct 31, 2017 at 1:54 PM, syzbot
<bot+3ec92417420d71fa2d...@syzkaller.appspotmail.com>
wrote:
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/089e0825eec8c35e9a055cd73fd4%40google.com.
> For more options, visit https://groups.google.com/d/optout.
#syz invalid
On Tue, Oct 31, 2017 at 1:54 PM, syzbot
<bot+3ec92417420d71fa2d...@syzkaller.appspotmail.com>
wrote:
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/089e0825eec8c35e9a055cd73fd4%40google.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages