BUG: sleeping function called from invalid context in corrupted
5 views
Skip to first unread message
syzbot
Nov 23, 2020, 4:25:15 AM11/23/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 76bda503 Linux 4.19.159
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16647971500000
kernel config: https://syzkaller.appspot.com/x/.config?x=9312892b010d9dd0
dashboard link: https://syzkaller.appspot.com/bug?extid=cb48618be49b6992b53e
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10d6b55d500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14ec2e7d500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cb4861...@syzkaller.appspotmail.com
R10: 0000000000000064 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 000000000000000d R15: 0000000000000005
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1850
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
in_atomic(): 0, irqs_disabled(): 0, pid: 23, name: kworker/u4:1
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 8379 Comm: syz-executor803 Not tainted 4.19.159-syzkaller #0
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000000000 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8386 Comm: syz-executor803 Not tainted 4.19.159-syzkaller #0
4 locks held by kworker/u4:1/23:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
should_fail_alloc_page mm/page_alloc.c:3088 [inline]
prepare_alloc_pages mm/page_alloc.c:4346 [inline]
__alloc_pages_nodemask+0x239/0x2890 mm/page_alloc.c:4393
#0: 00000000b6930386 ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126
alloc_pages_current+0x193/0x2a0 mm/mempolicy.c:2197
alloc_pages include/linux/gfp.h:532 [inline]
__get_free_pages+0x8/0x40 mm/page_alloc.c:4443
tlb_next_batch mm/memory.c:216 [inline]
__tlb_remove_page_size+0x2a2/0x470 mm/memory.c:318
__tlb_remove_page include/asm-generic/tlb.h:161 [inline]
zap_pte_range mm/memory.c:1353 [inline]
zap_pmd_range mm/memory.c:1452 [inline]
zap_pud_range mm/memory.c:1481 [inline]
zap_p4d_range mm/memory.c:1502 [inline]
unmap_page_range+0x1360/0x2a70 mm/memory.c:1523
#1: 000000002427562e ((work_completion)(&sdata->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130
unmap_single_vma+0x198/0x300 mm/memory.c:1568
unmap_vmas+0xa9/0x180 mm/memory.c:1598
exit_mmap+0x2b9/0x530 mm/mmap.c:3093
#2: 0000000086b777ff (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:990 [inline]
#2: 0000000086b777ff (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675
__mmput kernel/fork.c:1015 [inline]
mmput+0x14e/0x4a0 kernel/fork.c:1036
exit_mm kernel/exit.c:549 [inline]
do_exit+0xaf0/0x2be0 kernel/exit.c:877
do_group_exit+0x125/0x310 kernel/exit.c:993
#3: 000000000a5100c1 (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline]
#3: 000000000a5100c1 (rcu_read_lock){....}, at: sta_info_insert_rcu+0x48e/0x2310 net/mac80211/sta_info.c:661
get_signal+0x3f2/0x1f70 kernel/signal.c:2589
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
Preemption disabled at:
[<ffffffff81533622>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1076 [inline]
[<ffffffff81533622>] rcu_lockdep_current_cpu_online+0x32/0x1b0 kernel/rcu/tree.c:1068
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000000000 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 23 Comm: kworker/u4:1 Not tainted 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy3 ieee80211_iface_work
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6196
sta_info_move_state+0x32/0x900 net/mac80211/sta_info.c:1850
sta_info_free+0x55/0x390 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x517/0x2310 net/mac80211/sta_info.c:667
ieee80211_ibss_finish_sta+0x25b/0x360 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x2b6/0xe10 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x7ba/0x8a0 net/mac80211/iface.c:1366
process_one_work+0x864/0x1570 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
CPU: 1 PID: 8385 Comm: syz-executor803 Not tainted 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000000000 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8387 Comm: syz-executor803 Not tainted 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000008e8a R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8377 Comm: syz-executor803 Not tainted 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1850
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000000000 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8375 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
in_atomic(): 0, irqs_disabled(): 0, pid: 23, name: kworker/u4:1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
4 locks held by kworker/u4:1/23:
#0: 00000000b6930386 ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
#1: 000000002427562e ((work_completion)(&sdata->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
#2: 0000000086b777ff (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:990 [inline]
#2: 0000000086b777ff (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000000000 R14: 000000000000000d R15: 0000000000000005
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 8397 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
should_fail_alloc_page mm/page_alloc.c:3088 [inline]
prepare_alloc_pages mm/page_alloc.c:4346 [inline]
__alloc_pages_nodemask+0x239/0x2890 mm/page_alloc.c:4393
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
alloc_pages_current+0x193/0x2a0 mm/mempolicy.c:2197
alloc_pages include/linux/gfp.h:532 [inline]
__get_free_pages+0x8/0x40 mm/page_alloc.c:4443
tlb_next_batch mm/memory.c:216 [inline]
__tlb_remove_page_size+0x2a2/0x470 mm/memory.c:318
__tlb_remove_page include/asm-generic/tlb.h:161 [inline]
zap_pte_range mm/memory.c:1353 [inline]
zap_pmd_range mm/memory.c:1452 [inline]
zap_pud_range mm/memory.c:1481 [inline]
zap_p4d_range mm/memory.c:1502 [inline]
unmap_page_range+0x1360/0x2a70 mm/memory.c:1523
unmap_single_vma+0x198/0x300 mm/memory.c:1568
unmap_vmas+0xa9/0x180 mm/memory.c:1598
exit_mmap+0x2b9/0x530 mm/mmap.c:3093
__mmput kernel/fork.c:1015 [inline]
mmput+0x14e/0x4a0 kernel/fork.c:1036
exit_mm kernel/exit.c:549 [inline]
do_exit+0xaf0/0x2be0 kernel/exit.c:877
do_group_exit+0x125/0x310 kernel/exit.c:993
get_signal+0x3f2/0x1f70 kernel/signal.c:2589
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000008fad R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8399 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
should_fail_alloc_page mm/page_alloc.c:3088 [inline]
prepare_alloc_pages mm/page_alloc.c:4346 [inline]
__alloc_pages_nodemask+0x239/0x2890 mm/page_alloc.c:4393
alloc_pages_current+0x193/0x2a0 mm/mempolicy.c:2197
alloc_pages include/linux/gfp.h:532 [inline]
__get_free_pages+0x8/0x40 mm/page_alloc.c:4443
tlb_next_batch mm/memory.c:216 [inline]
__tlb_remove_page_size+0x2a2/0x470 mm/memory.c:318
__tlb_remove_page include/asm-generic/tlb.h:161 [inline]
zap_pte_range mm/memory.c:1353 [inline]
zap_pmd_range mm/memory.c:1452 [inline]
zap_pud_range mm/memory.c:1481 [inline]
zap_p4d_range mm/memory.c:1502 [inline]
unmap_page_range+0x1360/0x2a70 mm/memory.c:1523
unmap_single_vma+0x198/0x300 mm/memory.c:1568
unmap_vmas+0xa9/0x180 mm/memory.c:1598
exit_mmap+0x2b9/0x530 mm/mmap.c:3093
__mmput kernel/fork.c:1015 [inline]
mmput+0x14e/0x4a0 kernel/fork.c:1036
exit_mm kernel/exit.c:549 [inline]
do_exit+0xaf0/0x2be0 kernel/exit.c:877
do_group_exit+0x125/0x310 kernel/exit.c:993
get_signal+0x3f2/0x1f70 kernel/signal.c:2589
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009089 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8400 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
should_fail_alloc_page mm/page_alloc.c:3088 [inline]
prepare_alloc_pages mm/page_alloc.c:4346 [inline]
__alloc_pages_nodemask+0x239/0x2890 mm/page_alloc.c:4393
alloc_pages_current+0x193/0x2a0 mm/mempolicy.c:2197
alloc_pages include/linux/gfp.h:532 [inline]
__get_free_pages+0x8/0x40 mm/page_alloc.c:4443
tlb_next_batch mm/memory.c:216 [inline]
__tlb_remove_page_size+0x2a2/0x470 mm/memory.c:318
__tlb_remove_page include/asm-generic/tlb.h:161 [inline]
zap_pte_range mm/memory.c:1353 [inline]
zap_pmd_range mm/memory.c:1452 [inline]
zap_pud_range mm/memory.c:1481 [inline]
zap_p4d_range mm/memory.c:1502 [inline]
unmap_page_range+0x1360/0x2a70 mm/memory.c:1523
#3: 000000000a5100c1 (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline]
#3: 000000000a5100c1 (rcu_read_lock){....}, at: sta_info_insert_rcu+0x48e/0x2310 net/mac80211/sta_info.c:661
unmap_single_vma+0x198/0x300 mm/memory.c:1568
unmap_vmas+0xa9/0x180 mm/memory.c:1598
exit_mmap+0x2b9/0x530 mm/mmap.c:3093
__mmput kernel/fork.c:1015 [inline]
mmput+0x14e/0x4a0 kernel/fork.c:1036
exit_mm kernel/exit.c:549 [inline]
do_exit+0xaf0/0x2be0 kernel/exit.c:877
do_group_exit+0x125/0x310 kernel/exit.c:993
Preemption disabled at:
[<0000000000000000>] (null)
get_signal+0x3f2/0x1f70 kernel/signal.c:2589
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009097 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8407 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000008ecf R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8396 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009090 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8398 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000008f72 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 23 Comm: kworker/u4:1 Tainted: G W 4.19.159-syzkaller #0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy3 ieee80211_iface_work
Call Trace:
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6196
sta_info_move_state+0x32/0x900 net/mac80211/sta_info.c:1850
sta_info_free+0x55/0x390 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x517/0x2310 net/mac80211/sta_info.c:667
ieee80211_ibss_finish_sta+0x25b/0x360 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x2b6/0xe10 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x7ba/0x8a0 net/mac80211/iface.c:1366
process_one_work+0x864/0x1570 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
CPU: 0 PID: 8413 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009680 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8414 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009671 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8425 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009d90 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8415 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009672 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8426 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009671 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8419 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009671 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8435 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:908
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
in_atomic(): 0, irqs_disabled(): 0, pid: 23, name: kworker/u4:1
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
4 locks held by kworker/u4:1/23:
#0: 00000000b6930386 ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126
get_signal+0xed9/0x1f70 kernel/signal.c:2583
#1: 000000002427562e ((work_completion)(&sdata->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
#2: 0000000086b777ff (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:990 [inline]
#2: 0000000086b777ff (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
#3: 000000000a5100c1 (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline]
#3: 000000000a5100c1 (rcu_read_lock){....}, at: sta_info_insert_rcu+0x48e/0x2310 net/mac80211/sta_info.c:661
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 000000000000a05e R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8432 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Preemption disabled at:
[<ffffffff8814d283>] preempt_schedule_irq+0x83/0x140 kernel/sched/core.c:3742
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 000000000000973c R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 23 Comm: kworker/u4:1 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
Workqueue: phy3 ieee80211_iface_work
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6196
__mutex_lock_common kernel/locking/mutex.c:908 [inline]
__mutex_lock+0xab/0x1260 kernel/locking/mutex.c:1072
ieee80211_recalc_min_chandef+0x49/0x140 net/mac80211/util.c:2338
sta_info_move_state+0x75f/0x900 net/mac80211/sta_info.c:1907
sta_info_free+0x55/0x390 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x517/0x2310 net/mac80211/sta_info.c:667
ieee80211_ibss_finish_sta+0x25b/0x360 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x2b6/0xe10 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x7ba/0x8a0 net/mac80211/iface.c:1366
process_one_work+0x864/0x1570 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
CPU: 0 PID: 8445 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 000000000000a068 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8439 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009da2 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8438 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009da0 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8447 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009f57 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8446 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1850
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
in_atomic(): 0, irqs_disabled(): 0, pid: 23, name: kworker/u4:1
4 locks held by kworker/u4:1/23:
#0: 00000000b6930386 ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126
get_signal+0xed9/0x1f70 kernel/signal.c:2583
#1: 000000002427562e ((work_completion)(&sdata->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
#2: 0000000086b777ff (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:990 [inline]
#2: 0000000086b777ff (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
#3: 000000000a5100c1 (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline]
#3: 000000000a5100c1 (rcu_read_lock){....}, at: sta_info_insert_rcu+0x48e/0x2310 net/mac80211/sta_info.c:661
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
Preemption disabled at:
[<ffffffff81533622>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1076 [inline]
[<ffffffff81533622>] rcu_lockdep_current_cpu_online+0x32/0x1b0 kernel/rcu/tree.c:1068
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 000000000000a359 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8455 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 000000000000a5d4 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8460 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
should_fail_alloc_page mm/page_alloc.c:3088 [inline]
prepare_alloc_pages mm/page_alloc.c:4346 [inline]
__alloc_pages_nodemask+0x239/0x2890 mm/page_alloc.c:4393
__alloc_pages include/linux/gfp.h:496 [inline]
__alloc_pages_node include/linux/gfp.h:509 [inline]
kmem_getpages mm/slab.c:1412 [inline]
cache_grow_begin+0xa4/0x8a0 mm/slab.c:2682
cache_alloc_refill+0x273/0x340 mm/slab.c:3049
____cache_alloc mm/slab.c:3132 [inline]
__do_cache_alloc mm/slab.c:3354 [inline]
slab_alloc mm/slab.c:3389 [inline]
__do_kmalloc mm/slab.c:3725 [inline]
__kmalloc_track_caller+0x35d/0x3c0 mm/slab.c:3742
__do_krealloc mm/slab_common.c:1499 [inline]
krealloc+0x57/0xc0 mm/slab_common.c:1546
expand_corename fs/coredump.c:68 [inline]
format_corename fs/coredump.c:200 [inline]
do_coredump+0xde1/0x2d55 fs/coredump.c:595
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 000000000000a8a6 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8444 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 000000000000a4a4 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 23 Comm: kworker/u4:1 Tainted: G W 4.19.159-syzkaller #0
Ha
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 76bda503 Linux 4.19.159
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16647971500000
kernel config: https://syzkaller.appspot.com/x/.config?x=9312892b010d9dd0
dashboard link: https://syzkaller.appspot.com/bug?extid=cb48618be49b6992b53e
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10d6b55d500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14ec2e7d500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cb4861...@syzkaller.appspotmail.com
R10: 0000000000000064 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 000000000000000d R15: 0000000000000005
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1850
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
in_atomic(): 0, irqs_disabled(): 0, pid: 23, name: kworker/u4:1
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 8379 Comm: syz-executor803 Not tainted 4.19.159-syzkaller #0
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000000000 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8386 Comm: syz-executor803 Not tainted 4.19.159-syzkaller #0
4 locks held by kworker/u4:1/23:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
should_fail_alloc_page mm/page_alloc.c:3088 [inline]
prepare_alloc_pages mm/page_alloc.c:4346 [inline]
__alloc_pages_nodemask+0x239/0x2890 mm/page_alloc.c:4393
#0: 00000000b6930386 ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126
alloc_pages_current+0x193/0x2a0 mm/mempolicy.c:2197
alloc_pages include/linux/gfp.h:532 [inline]
__get_free_pages+0x8/0x40 mm/page_alloc.c:4443
tlb_next_batch mm/memory.c:216 [inline]
__tlb_remove_page_size+0x2a2/0x470 mm/memory.c:318
__tlb_remove_page include/asm-generic/tlb.h:161 [inline]
zap_pte_range mm/memory.c:1353 [inline]
zap_pmd_range mm/memory.c:1452 [inline]
zap_pud_range mm/memory.c:1481 [inline]
zap_p4d_range mm/memory.c:1502 [inline]
unmap_page_range+0x1360/0x2a70 mm/memory.c:1523
#1: 000000002427562e ((work_completion)(&sdata->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130
unmap_single_vma+0x198/0x300 mm/memory.c:1568
unmap_vmas+0xa9/0x180 mm/memory.c:1598
exit_mmap+0x2b9/0x530 mm/mmap.c:3093
#2: 0000000086b777ff (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:990 [inline]
#2: 0000000086b777ff (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675
__mmput kernel/fork.c:1015 [inline]
mmput+0x14e/0x4a0 kernel/fork.c:1036
exit_mm kernel/exit.c:549 [inline]
do_exit+0xaf0/0x2be0 kernel/exit.c:877
do_group_exit+0x125/0x310 kernel/exit.c:993
#3: 000000000a5100c1 (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline]
#3: 000000000a5100c1 (rcu_read_lock){....}, at: sta_info_insert_rcu+0x48e/0x2310 net/mac80211/sta_info.c:661
get_signal+0x3f2/0x1f70 kernel/signal.c:2589
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
Preemption disabled at:
[<ffffffff81533622>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1076 [inline]
[<ffffffff81533622>] rcu_lockdep_current_cpu_online+0x32/0x1b0 kernel/rcu/tree.c:1068
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000000000 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 23 Comm: kworker/u4:1 Not tainted 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy3 ieee80211_iface_work
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6196
sta_info_move_state+0x32/0x900 net/mac80211/sta_info.c:1850
sta_info_free+0x55/0x390 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x517/0x2310 net/mac80211/sta_info.c:667
ieee80211_ibss_finish_sta+0x25b/0x360 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x2b6/0xe10 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x7ba/0x8a0 net/mac80211/iface.c:1366
process_one_work+0x864/0x1570 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
CPU: 1 PID: 8385 Comm: syz-executor803 Not tainted 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000000000 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8387 Comm: syz-executor803 Not tainted 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000008e8a R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8377 Comm: syz-executor803 Not tainted 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1850
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000000000 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8375 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
in_atomic(): 0, irqs_disabled(): 0, pid: 23, name: kworker/u4:1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
4 locks held by kworker/u4:1/23:
#0: 00000000b6930386 ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
#1: 000000002427562e ((work_completion)(&sdata->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
#2: 0000000086b777ff (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:990 [inline]
#2: 0000000086b777ff (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000000000 R14: 000000000000000d R15: 0000000000000005
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 8397 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
should_fail_alloc_page mm/page_alloc.c:3088 [inline]
prepare_alloc_pages mm/page_alloc.c:4346 [inline]
__alloc_pages_nodemask+0x239/0x2890 mm/page_alloc.c:4393
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
alloc_pages_current+0x193/0x2a0 mm/mempolicy.c:2197
alloc_pages include/linux/gfp.h:532 [inline]
__get_free_pages+0x8/0x40 mm/page_alloc.c:4443
tlb_next_batch mm/memory.c:216 [inline]
__tlb_remove_page_size+0x2a2/0x470 mm/memory.c:318
__tlb_remove_page include/asm-generic/tlb.h:161 [inline]
zap_pte_range mm/memory.c:1353 [inline]
zap_pmd_range mm/memory.c:1452 [inline]
zap_pud_range mm/memory.c:1481 [inline]
zap_p4d_range mm/memory.c:1502 [inline]
unmap_page_range+0x1360/0x2a70 mm/memory.c:1523
unmap_single_vma+0x198/0x300 mm/memory.c:1568
unmap_vmas+0xa9/0x180 mm/memory.c:1598
exit_mmap+0x2b9/0x530 mm/mmap.c:3093
__mmput kernel/fork.c:1015 [inline]
mmput+0x14e/0x4a0 kernel/fork.c:1036
exit_mm kernel/exit.c:549 [inline]
do_exit+0xaf0/0x2be0 kernel/exit.c:877
do_group_exit+0x125/0x310 kernel/exit.c:993
get_signal+0x3f2/0x1f70 kernel/signal.c:2589
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000008fad R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8399 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
should_fail_alloc_page mm/page_alloc.c:3088 [inline]
prepare_alloc_pages mm/page_alloc.c:4346 [inline]
__alloc_pages_nodemask+0x239/0x2890 mm/page_alloc.c:4393
alloc_pages_current+0x193/0x2a0 mm/mempolicy.c:2197
alloc_pages include/linux/gfp.h:532 [inline]
__get_free_pages+0x8/0x40 mm/page_alloc.c:4443
tlb_next_batch mm/memory.c:216 [inline]
__tlb_remove_page_size+0x2a2/0x470 mm/memory.c:318
__tlb_remove_page include/asm-generic/tlb.h:161 [inline]
zap_pte_range mm/memory.c:1353 [inline]
zap_pmd_range mm/memory.c:1452 [inline]
zap_pud_range mm/memory.c:1481 [inline]
zap_p4d_range mm/memory.c:1502 [inline]
unmap_page_range+0x1360/0x2a70 mm/memory.c:1523
unmap_single_vma+0x198/0x300 mm/memory.c:1568
unmap_vmas+0xa9/0x180 mm/memory.c:1598
exit_mmap+0x2b9/0x530 mm/mmap.c:3093
__mmput kernel/fork.c:1015 [inline]
mmput+0x14e/0x4a0 kernel/fork.c:1036
exit_mm kernel/exit.c:549 [inline]
do_exit+0xaf0/0x2be0 kernel/exit.c:877
do_group_exit+0x125/0x310 kernel/exit.c:993
get_signal+0x3f2/0x1f70 kernel/signal.c:2589
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009089 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8400 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
should_fail_alloc_page mm/page_alloc.c:3088 [inline]
prepare_alloc_pages mm/page_alloc.c:4346 [inline]
__alloc_pages_nodemask+0x239/0x2890 mm/page_alloc.c:4393
alloc_pages_current+0x193/0x2a0 mm/mempolicy.c:2197
alloc_pages include/linux/gfp.h:532 [inline]
__get_free_pages+0x8/0x40 mm/page_alloc.c:4443
tlb_next_batch mm/memory.c:216 [inline]
__tlb_remove_page_size+0x2a2/0x470 mm/memory.c:318
__tlb_remove_page include/asm-generic/tlb.h:161 [inline]
zap_pte_range mm/memory.c:1353 [inline]
zap_pmd_range mm/memory.c:1452 [inline]
zap_pud_range mm/memory.c:1481 [inline]
zap_p4d_range mm/memory.c:1502 [inline]
unmap_page_range+0x1360/0x2a70 mm/memory.c:1523
#3: 000000000a5100c1 (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline]
#3: 000000000a5100c1 (rcu_read_lock){....}, at: sta_info_insert_rcu+0x48e/0x2310 net/mac80211/sta_info.c:661
unmap_single_vma+0x198/0x300 mm/memory.c:1568
unmap_vmas+0xa9/0x180 mm/memory.c:1598
exit_mmap+0x2b9/0x530 mm/mmap.c:3093
__mmput kernel/fork.c:1015 [inline]
mmput+0x14e/0x4a0 kernel/fork.c:1036
exit_mm kernel/exit.c:549 [inline]
do_exit+0xaf0/0x2be0 kernel/exit.c:877
do_group_exit+0x125/0x310 kernel/exit.c:993
Preemption disabled at:
[<0000000000000000>] (null)
get_signal+0x3f2/0x1f70 kernel/signal.c:2589
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009097 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8407 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000008ecf R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8396 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009090 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8398 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000008f72 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 23 Comm: kworker/u4:1 Tainted: G W 4.19.159-syzkaller #0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy3 ieee80211_iface_work
Call Trace:
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6196
sta_info_move_state+0x32/0x900 net/mac80211/sta_info.c:1850
sta_info_free+0x55/0x390 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x517/0x2310 net/mac80211/sta_info.c:667
ieee80211_ibss_finish_sta+0x25b/0x360 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x2b6/0xe10 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x7ba/0x8a0 net/mac80211/iface.c:1366
process_one_work+0x864/0x1570 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
CPU: 0 PID: 8413 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009680 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8414 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009671 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8425 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009d90 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8415 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009672 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8426 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009671 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8419 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009671 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8435 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:908
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
in_atomic(): 0, irqs_disabled(): 0, pid: 23, name: kworker/u4:1
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
4 locks held by kworker/u4:1/23:
#0: 00000000b6930386 ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126
get_signal+0xed9/0x1f70 kernel/signal.c:2583
#1: 000000002427562e ((work_completion)(&sdata->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
#2: 0000000086b777ff (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:990 [inline]
#2: 0000000086b777ff (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
#3: 000000000a5100c1 (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline]
#3: 000000000a5100c1 (rcu_read_lock){....}, at: sta_info_insert_rcu+0x48e/0x2310 net/mac80211/sta_info.c:661
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 000000000000a05e R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8432 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Preemption disabled at:
[<ffffffff8814d283>] preempt_schedule_irq+0x83/0x140 kernel/sched/core.c:3742
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 000000000000973c R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 23 Comm: kworker/u4:1 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
Workqueue: phy3 ieee80211_iface_work
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6196
__mutex_lock_common kernel/locking/mutex.c:908 [inline]
__mutex_lock+0xab/0x1260 kernel/locking/mutex.c:1072
ieee80211_recalc_min_chandef+0x49/0x140 net/mac80211/util.c:2338
sta_info_move_state+0x75f/0x900 net/mac80211/sta_info.c:1907
sta_info_free+0x55/0x390 net/mac80211/sta_info.c:260
sta_info_insert_rcu+0x517/0x2310 net/mac80211/sta_info.c:667
ieee80211_ibss_finish_sta+0x25b/0x360 net/mac80211/ibss.c:601
ieee80211_ibss_work+0x2b6/0xe10 net/mac80211/ibss.c:1692
ieee80211_iface_work+0x7ba/0x8a0 net/mac80211/iface.c:1366
process_one_work+0x864/0x1570 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
CPU: 0 PID: 8445 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 000000000000a068 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8439 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009da2 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8438 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009da0 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8447 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 0000000000009f57 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8446 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1850
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
in_atomic(): 0, irqs_disabled(): 0, pid: 23, name: kworker/u4:1
4 locks held by kworker/u4:1/23:
#0: 00000000b6930386 ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126
get_signal+0xed9/0x1f70 kernel/signal.c:2583
#1: 000000002427562e ((work_completion)(&sdata->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
#2: 0000000086b777ff (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:990 [inline]
#2: 0000000086b777ff (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x85/0xe10 net/mac80211/ibss.c:1675
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
#3: 000000000a5100c1 (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline]
#3: 000000000a5100c1 (rcu_read_lock){....}, at: sta_info_insert_rcu+0x48e/0x2310 net/mac80211/sta_info.c:661
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
Preemption disabled at:
[<ffffffff81533622>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1076 [inline]
[<ffffffff81533622>] rcu_lockdep_current_cpu_online+0x32/0x1b0 kernel/rcu/tree.c:1068
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 000000000000a359 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8455 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 000000000000a5d4 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 8460 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
should_fail_alloc_page mm/page_alloc.c:3088 [inline]
prepare_alloc_pages mm/page_alloc.c:4346 [inline]
__alloc_pages_nodemask+0x239/0x2890 mm/page_alloc.c:4393
__alloc_pages include/linux/gfp.h:496 [inline]
__alloc_pages_node include/linux/gfp.h:509 [inline]
kmem_getpages mm/slab.c:1412 [inline]
cache_grow_begin+0xa4/0x8a0 mm/slab.c:2682
cache_alloc_refill+0x273/0x340 mm/slab.c:3049
____cache_alloc mm/slab.c:3132 [inline]
__do_cache_alloc mm/slab.c:3354 [inline]
slab_alloc mm/slab.c:3389 [inline]
__do_kmalloc mm/slab.c:3725 [inline]
__kmalloc_track_caller+0x35d/0x3c0 mm/slab.c:3742
__do_krealloc mm/slab_common.c:1499 [inline]
krealloc+0x57/0xc0 mm/slab_common.c:1546
expand_corename fs/coredump.c:68 [inline]
format_corename fs/coredump.c:200 [inline]
do_coredump+0xde1/0x2d55 fs/coredump.c:595
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 000000000000a8a6 R14: 000000000000000d R15: 0000000000000005
CPU: 1 PID: 8444 Comm: syz-executor803 Tainted: G W 4.19.159-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x14 lib/fault-inject.c:149
__should_failslab+0x115/0x180 mm/failslab.c:32
should_failslab+0x5/0xf mm/slab_common.c:1588
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
kmem_cache_zalloc include/linux/slab.h:699 [inline]
fill_pool lib/debugobjects.c:134 [inline]
__debug_object_init+0x6d9/0x9b0 lib/debugobjects.c:379
debug_object_init lib/debugobjects.c:431 [inline]
debug_object_activate+0x382/0x450 lib/debugobjects.c:512
debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline]
__call_rcu.constprop.0+0x31/0x7f0 kernel/rcu/tree.c:2977
__put_cred+0x1ca/0x250 kernel/cred.c:153
put_cred include/linux/cred.h:276 [inline]
do_coredump+0x49d/0x2d55 fs/coredump.c:781
get_signal+0xed9/0x1f70 kernel/signal.c:2583
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x43031a
Code: 0f b6 0e 0f b6 07 29 c8 c3 0f 1f 80 00 00 00 00 89 f8 31 d2 66 0f ef ff 09 f0 25 ff 0f 00 00 3d c0 0f 00 00 0f 8f 78 02 00 00 <f3> 0f 6f 0f f3 0f 6f 06 66 0f 74 c1 66 0f da c1 66 0f ef c9 66 0f
RSP: 002b:00007ffcf68f0d58 EFLAGS: 00010283
RAX: 0000000000000493 RBX: 00007ffcf68f0da0 RCX: 0000000000440e80
RDX: 0000000000000000 RSI: 00000000004a9493 RDI: 0000000000000000
RBP: 00007ffcf68f0fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000064 R11: 00000000004ac6e0 R12: 0000000000000000
R13: 000000000000a4a4 R14: 000000000000000d R15: 0000000000000005
CPU: 0 PID: 23 Comm: kworker/u4:1 Tainted: G W 4.19.159-syzkaller #0
Ha
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Dec 24, 2020, 5:48:09 AM12/24/20
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit 499b109be6889b4a5442b7652c32370bb2d741a2
Author: Johannes Berg <johann...@intel.com>
Date: Thu Nov 12 10:22:04 2020 +0000
mac80211: free sta in sta_info_insert_finish() on errors
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=178428eb500000
start commit: 76bda503 Linux 4.19.159
git tree: linux-4.19.y
#syz fix: mac80211: free sta in sta_info_insert_finish() on errors
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 499b109be6889b4a5442b7652c32370bb2d741a2
Author: Johannes Berg <johann...@intel.com>
Date: Thu Nov 12 10:22:04 2020 +0000
mac80211: free sta in sta_info_insert_finish() on errors
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=178428eb500000
start commit: 76bda503 Linux 4.19.159
git tree: linux-4.19.y
kernel config: https://syzkaller.appspot.com/x/.config?x=9312892b010d9dd0
dashboard link: https://syzkaller.appspot.com/bug?extid=cb48618be49b6992b53e
dashboard link: https://syzkaller.appspot.com/bug?extid=cb48618be49b6992b53e
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10d6b55d500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14ec2e7d500000
If the result looks correct, please mark the issue as fixed by replying with:
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14ec2e7d500000
#syz fix: mac80211: free sta in sta_info_insert_finish() on errors
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages