| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 05 Jan 2018 15:32:01 -0800
From: syzbot <syzbot+e149f7d1328c26f9c12f@...kaller.appspotmail.com>
To: davem@...emloft.net, herbert@...dor.apana.org.au,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
steffen.klassert@...unet.com, syzkaller-bugs@...glegroups.com
Subject: BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:LINE
Hello,
syzkaller hit the following crash on
d0adb51edb73c94a595bfa9d9bd8b35977e74fbf
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e149f7d1328c26f9c12f@...kaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
BUG: sleeping function called from invalid context
at ./include/linux/percpu-rwsem.h:34
in_atomic(): 1, irqs_disabled(): 0, pid: 28835, name: syz-executor1
2 locks held by syz-executor1/28835:
#0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000b4653762>]
xfrm_netlink_rcv+0x60/0x90 net/xfrm/xfrm_user.c:2598
#1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at:
[<00000000d85d6fc9>] spin_lock_bh include/linux/spinlock.h:315 [inline]
#1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at:
[<00000000d85d6fc9>] xfrm_policy_flush+0x424/0x770
net/xfrm/xfrm_policy.c:951
CPU: 0 PID: 28835 Comm: syz-executor1 Not tainted 4.15.0-rc5+ #177
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
___might_sleep+0x2b2/0x470 kernel/sched/core.c:6060
__might_sleep+0x95/0x190 kernel/sched/core.c:6013
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:34 [inline]
percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
cpus_read_lock+0x1c/0x90 kernel/cpu.c:293
get_online_cpus include/linux/cpu.h:117 [inline]
xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767
xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978
xfrm_flush_policy+0x153/0x440 net/xfrm/xfrm_user.c:2061
xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591
netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441
xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599
netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline]
netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334
netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897
sock_sendmsg_nosec net/socket.c:628 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:638
___sys_sendmsg+0x767/0x8b0 net/socket.c:2018
__sys_sendmsg+0xe5/0x210 net/socket.c:2052
SYSC_sendmsg net/socket.c:2063 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2059
entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452ac9
RSP: 002b:00007f11ff7e1c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9
RDX: 0000000000000000 RSI: 0000000020007fc8 RDI: 0000000000000013
RBP: 00000000000003a3 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f37e8
R13: 00000000ffffffff R14: 00007f11ff7e26d4 R15: 0000000000000000
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
4.15.0-rc5+ #177 Tainted: G W
-----------------------------------------------------
syz-executor1/28835 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire:
(cpu_hotplug_lock.rw_sem){++++}, at: [<000000003069159a>] get_online_cpus
include/linux/cpu.h:117 [inline]
(cpu_hotplug_lock.rw_sem){++++}, at: [<000000003069159a>]
xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767
and this task is already holding:
(&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000d85d6fc9>]
spin_lock_bh include/linux/spinlock.h:315 [inline]
(&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000d85d6fc9>]
xfrm_policy_flush+0x424/0x770 net/xfrm/xfrm_policy.c:951
which would create a new lock dependency:
(&(&net->xfrm.xfrm_policy_lock)->rlock){+...} ->
(cpu_hotplug_lock.rw_sem){++++}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(slock-AF_INET6/1){+.-.}
... which became SOFTIRQ-irq-safe at:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
_raw_spin_lock_nested+0x28/0x40 kernel/locking/spinlock.c:354
__sk_receive_skb+0x3b6/0xc10 net/core/sock.c:504
dccp_v4_rcv+0xf5f/0x1c80 net/dccp/ipv4.c:874
ip_local_deliver_finish+0x2f1/0xc50 net/ipv4/ip_input.c:216
NF_HOOK include/linux/netfilter.h:250 [inline]
ip_local_deliver+0x1ce/0x6e0 net/ipv4/ip_input.c:257
dst_input include/net/dst.h:449 [inline]
ip_rcv_finish+0x953/0x1e30 net/ipv4/ip_input.c:397
NF_HOOK include/linux/netfilter.h:250 [inline]
ip_rcv+0xc5a/0x1840 net/ipv4/ip_input.c:493
__netif_receive_skb_core+0x1a41/0x3460 net/core/dev.c:4499
__netif_receive_skb+0x2c/0x1b0 net/core/dev.c:4564
process_backlog+0x203/0x740 net/core/dev.c:5244
napi_poll net/core/dev.c:5642 [inline]
net_rx_action+0x792/0x1910 net/core/dev.c:5708
__do_softirq+0x2d7/0xb85 kernel/softirq.c:285
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1115
do_softirq.part.21+0x14d/0x190 kernel/softirq.c:329
do_softirq kernel/softirq.c:177 [inline]
__local_bh_enable_ip+0x1ee/0x230 kernel/softirq.c:182
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:727 [inline]
ip_finish_output2+0x90e/0x14f0 net/ipv4/ip_output.c:231
ip_finish_output+0x864/0xd10 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip_output+0x1d2/0x860 net/ipv4/ip_output.c:405
dst_output include/net/dst.h:443 [inline]
ip_local_out+0x95/0x160 net/ipv4/ip_output.c:124
ip_queue_xmit+0x8c0/0x18e0 net/ipv4/ip_output.c:504
dccp_transmit_skb+0x9ac/0x10f0 net/dccp/output.c:142
dccp_connect+0x369/0x670 net/dccp/output.c:564
dccp_v4_connect+0xc8f/0x1750 net/dccp/ipv4.c:126
__inet_stream_connect+0x2d4/0xf00 net/ipv4/af_inet.c:620
inet_stream_connect+0x58/0xa0 net/ipv4/af_inet.c:684
SYSC_connect+0x213/0x4a0 net/socket.c:1611
SyS_connect+0x24/0x30 net/socket.c:1592
entry_SYSCALL_64_fastpath+0x23/0x9a
to a SOFTIRQ-irq-unsafe lock:
(cpu_hotplug_lock.rw_sem){++++}
... which became SOFTIRQ-irq-unsafe at:
...
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
down_write+0x87/0x120 kernel/locking/rwsem.c:70
percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145
cpus_write_lock kernel/cpu.c:305 [inline]
_cpu_up+0x60/0x510 kernel/cpu.c:990
do_cpu_up+0x73/0xa0 kernel/cpu.c:1066
cpu_up+0x18/0x20 kernel/cpu.c:1074
smp_init+0x13a/0x152 kernel/smp.c:578
kernel_init_freeable+0x2fe/0x521 init/main.c:1064
kernel_init+0x13/0x172 init/main.c:996
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515
other info that might help us debug this:
Chain exists of:
slock-AF_INET6/1 --> &(&net->xfrm.xfrm_policy_lock)->rlock -->
cpu_hotplug_lock.rw_sem
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(cpu_hotplug_lock.rw_sem);
local_irq_disable();
lock(slock-AF_INET6/1);
lock(&(&net->xfrm.xfrm_policy_lock)->rlock);
<Interrupt>
lock(slock-AF_INET6/1);
*** DEADLOCK ***
2 locks held by syz-executor1/28835:
#0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000b4653762>]
xfrm_netlink_rcv+0x60/0x90 net/xfrm/xfrm_user.c:2598
#1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at:
[<00000000d85d6fc9>] spin_lock_bh include/linux/spinlock.h:315 [inline]
#1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at:
[<00000000d85d6fc9>] xfrm_policy_flush+0x424/0x770
net/xfrm/xfrm_policy.c:951
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (slock-AF_INET6/1){+.-.} ops: 7998 {
HARDIRQ-ON-W at:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
_raw_spin_lock_nested+0x28/0x40
kernel/locking/spinlock.c:354
sctp_close+0x454/0x9a0 net/sctp/socket.c:1596
inet_release+0xed/0x1c0 net/ipv4/af_inet.c:427
inet6_release+0x50/0x70 net/ipv6/af_inet6.c:432
sock_release+0x8d/0x1e0 net/socket.c:593
sock_close+0x16/0x20 net/socket.c:1121
__fput+0x327/0x7e0 fs/file_table.c:210
____fput+0x15/0x20 fs/file_table.c:244
task_work_run+0x199/0x270 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0x9bb/0x1ad0 kernel/exit.c:865
do_group_exit+0x149/0x400 kernel/exit.c:968
get_signal+0x73f/0x16c0 kernel/signal.c:2335
do_signal+0x90/0x1eb0 arch/x86/kernel/signal.c:809
exit_to_usermode_loop+0x214/0x310
arch/x86/entry/common.c:158
prepare_exit_to_usermode arch/x86/entry/common.c:195
[inline]
syscall_return_slowpath+0x490/0x550
arch/x86/entry/common.c:264
entry_SYSCALL_64_fastpath+0x98/0x9a
IN-SOFTIRQ-W at:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
_raw_spin_lock_nested+0x28/0x40
kernel/locking/spinlock.c:354
__sk_receive_skb+0x3b6/0xc10 net/core/sock.c:504
dccp_v4_rcv+0xf5f/0x1c80 net/dccp/ipv4.c:874
ip_local_deliver_finish+0x2f1/0xc50
net/ipv4/ip_input.c:216
NF_HOOK include/linux/netfilter.h:250 [inline]
ip_local_deliver+0x1ce/0x6e0 net/ipv4/ip_input.c:257
dst_input include/net/dst.h:449 [inline]
ip_rcv_finish+0x953/0x1e30 net/ipv4/ip_input.c:397
NF_HOOK include/linux/netfilter.h:250 [inline]
ip_rcv+0xc5a/0x1840 net/ipv4/ip_input.c:493
__netif_receive_skb_core+0x1a41/0x3460
net/core/dev.c:4499
__netif_receive_skb+0x2c/0x1b0 net/core/dev.c:4564
process_backlog+0x203/0x740 net/core/dev.c:5244
napi_poll net/core/dev.c:5642 [inline]
net_rx_action+0x792/0x1910 net/core/dev.c:5708
__do_softirq+0x2d7/0xb85 kernel/softirq.c:285
do_softirq_own_stack+0x2a/0x40
arch/x86/entry/entry_64.S:1115
do_softirq.part.21+0x14d/0x190 kernel/softirq.c:329
do_softirq kernel/softirq.c:177 [inline]
__local_bh_enable_ip+0x1ee/0x230 kernel/softirq.c:182
local_bh_enable include/linux/bottom_half.h:32
[inline]
rcu_read_unlock_bh include/linux/rcupdate.h:727
[inline]
ip_finish_output2+0x90e/0x14f0
net/ipv4/ip_output.c:231
ip_finish_output+0x864/0xd10 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip_output+0x1d2/0x860 net/ipv4/ip_output.c:405
dst_output include/net/dst.h:443 [inline]
ip_local_out+0x95/0x160 net/ipv4/ip_output.c:124
ip_queue_xmit+0x8c0/0x18e0 net/ipv4/ip_output.c:504
dccp_transmit_skb+0x9ac/0x10f0 net/dccp/output.c:142
dccp_connect+0x369/0x670 net/dccp/output.c:564
dccp_v4_connect+0xc8f/0x1750 net/dccp/ipv4.c:126
__inet_stream_connect+0x2d4/0xf00
net/ipv4/af_inet.c:620
inet_stream_connect+0x58/0xa0 net/ipv4/af_inet.c:684
SYSC_connect+0x213/0x4a0 net/socket.c:1611
SyS_connect+0x24/0x30 net/socket.c:1592
entry_SYSCALL_64_fastpath+0x23/0x9a
INITIAL USE at:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
_raw_spin_lock_nested+0x28/0x40
kernel/locking/spinlock.c:354
sctp_close+0x454/0x9a0 net/sctp/socket.c:1596
inet_release+0xed/0x1c0 net/ipv4/af_inet.c:427
inet6_release+0x50/0x70 net/ipv6/af_inet6.c:432
sock_release+0x8d/0x1e0 net/socket.c:593
sock_close+0x16/0x20 net/socket.c:1121
__fput+0x327/0x7e0 fs/file_table.c:210
____fput+0x15/0x20 fs/file_table.c:244
task_work_run+0x199/0x270 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0x9bb/0x1ad0 kernel/exit.c:865
do_group_exit+0x149/0x400 kernel/exit.c:968
get_signal+0x73f/0x16c0 kernel/signal.c:2335
do_signal+0x90/0x1eb0 arch/x86/kernel/signal.c:809
exit_to_usermode_loop+0x214/0x310
arch/x86/entry/common.c:158
prepare_exit_to_usermode arch/x86/entry/common.c:195
[inline]
syscall_return_slowpath+0x490/0x550
arch/x86/entry/common.c:264
entry_SYSCALL_64_fastpath+0x98/0x9a
}
... key at: [<00000000e56c2b7d>] af_family_slock_keys+0x51/0x180
... acquired at:
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:315 [inline]
xfrm_policy_delete+0x3e/0x90 net/xfrm/xfrm_policy.c:1247
xfrm_sk_free_policy include/net/xfrm.h:1261 [inline]
sk_common_release+0x210/0x2f0 net/core/sock.c:3025
sctp_close+0x464/0x9a0 net/sctp/socket.c:1602
inet_release+0xed/0x1c0 net/ipv4/af_inet.c:427
inet6_release+0x50/0x70 net/ipv6/af_inet6.c:432
sock_release+0x8d/0x1e0 net/socket.c:593
sock_close+0x16/0x20 net/socket.c:1121
__fput+0x327/0x7e0 fs/file_table.c:210
____fput+0x15/0x20 fs/file_table.c:244
task_work_run+0x199/0x270 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0x9bb/0x1ad0 kernel/exit.c:865
do_group_exit+0x149/0x400 kernel/exit.c:968
get_signal+0x73f/0x16c0 kernel/signal.c:2335
do_signal+0x90/0x1eb0 arch/x86/kernel/signal.c:809
exit_to_usermode_loop+0x214/0x310 arch/x86/entry/common.c:158
prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264
entry_SYSCALL_64_fastpath+0x98/0x9a
-> (&(&net->xfrm.xfrm_policy_lock)->rlock){+...} ops: 1107 {
HARDIRQ-ON-W at:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135
[inline]
_raw_spin_lock_bh+0x31/0x40
kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:315 [inline]
xfrm_migrate_policy_find net/xfrm/xfrm_policy.c:3090
[inline]
xfrm_migrate+0x4d9/0x1780 net/xfrm/xfrm_policy.c:3240
xfrm_do_migrate+0x990/0xd30 net/xfrm/xfrm_user.c:2308
xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591
netlink_rcv_skb+0x224/0x470
net/netlink/af_netlink.c:2441
xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599
netlink_unicast_kernel net/netlink/af_netlink.c:1308
[inline]
netlink_unicast+0x4c4/0x6b0
net/netlink/af_netlink.c:1334
netlink_sendmsg+0xa4a/0xe60
net/netlink/af_netlink.c:1897
sock_sendmsg_nosec net/socket.c:628 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:638
___sys_sendmsg+0x767/0x8b0 net/socket.c:2018
__sys_sendmsg+0xe5/0x210 net/socket.c:2052
SYSC_sendmsg net/socket.c:2063 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2059
entry_SYSCALL_64_fastpath+0x23/0x9a
INITIAL USE at:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135
[inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:315 [inline]
xfrm_migrate_policy_find net/xfrm/xfrm_policy.c:3090
[inline]
xfrm_migrate+0x4d9/0x1780 net/xfrm/xfrm_policy.c:3240
xfrm_do_migrate+0x990/0xd30 net/xfrm/xfrm_user.c:2308
xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591
netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441
xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599
netlink_unicast_kernel net/netlink/af_netlink.c:1308
[inline]
netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334
netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897
sock_sendmsg_nosec net/socket.c:628 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:638
___sys_sendmsg+0x767/0x8b0 net/socket.c:2018
__sys_sendmsg+0xe5/0x210 net/socket.c:2052
SYSC_sendmsg net/socket.c:2063 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2059
entry_SYSCALL_64_fastpath+0x23/0x9a
}
... key at: [<00000000103e6c4b>] __key.66927+0x0/0x40
... acquired at:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
cpus_read_lock+0x42/0x90 kernel/cpu.c:293
get_online_cpus include/linux/cpu.h:117 [inline]
xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767
xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978
xfrm_flush_policy+0x153/0x440 net/xfrm/xfrm_user.c:2061
xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591
netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441
xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599
netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline]
netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334
netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897
sock_sendmsg_nosec net/socket.c:628 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:638
___sys_sendmsg+0x767/0x8b0 net/socket.c:2018
__sys_sendmsg+0xe5/0x210 net/socket.c:2052
SYSC_sendmsg net/socket.c:2063 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2059
entry_SYSCALL_64_fastpath+0x23/0x9a
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (cpu_hotplug_lock.rw_sem){++++} ops: 2164 {
HARDIRQ-ON-W at:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
down_write+0x87/0x120 kernel/locking/rwsem.c:70
percpu_down_write+0xa3/0x500
kernel/locking/percpu-rwsem.c:145
cpus_write_lock kernel/cpu.c:305 [inline]
_cpu_up+0x60/0x510 kernel/cpu.c:990
do_cpu_up+0x73/0xa0 kernel/cpu.c:1066
cpu_up+0x18/0x20 kernel/cpu.c:1074
smp_init+0x13a/0x152 kernel/smp.c:578
kernel_init_freeable+0x2fe/0x521 init/main.c:1064
kernel_init+0x13/0x172 init/main.c:996
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515
HARDIRQ-ON-R at:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
percpu_down_read_preempt_disable
include/linux/percpu-rwsem.h:36 [inline]
percpu_down_read include/linux/percpu-rwsem.h:59
[inline]
cpus_read_lock+0x42/0x90 kernel/cpu.c:293
get_online_cpus include/linux/cpu.h:117 [inline]
kmem_cache_create+0x26/0x2a0 mm/slab_common.c:440
debug_objects_mem_init+0xda/0x910
lib/debugobjects.c:1139
start_kernel+0x6dd/0x819 init/main.c:671
x86_64_start_reservations+0x2a/0x2c
arch/x86/kernel/head64.c:378
x86_64_start_kernel+0x77/0x7a
arch/x86/kernel/head64.c:359
secondary_startup_64+0xa5/0xb0
arch/x86/kernel/head_64.S:237
SOFTIRQ-ON-W at:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
down_write+0x87/0x120 kernel/locking/rwsem.c:70
percpu_down_write+0xa3/0x500
kernel/locking/percpu-rwsem.c:145
cpus_write_lock kernel/cpu.c:305 [inline]
_cpu_up+0x60/0x510 kernel/cpu.c:990
do_cpu_up+0x73/0xa0 kernel/cpu.c:1066
cpu_up+0x18/0x20 kernel/cpu.c:1074
smp_init+0x13a/0x152 kernel/smp.c:578
kernel_init_freeable+0x2fe/0x521 init/main.c:1064
kernel_init+0x13/0x172 init/main.c:996
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515
SOFTIRQ-ON-R at:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
percpu_down_read_preempt_disable
include/linux/percpu-rwsem.h:36 [inline]
percpu_down_read include/linux/percpu-rwsem.h:59
[inline]
cpus_read_lock+0x42/0x90 kernel/cpu.c:293
get_online_cpus include/linux/cpu.h:117 [inline]
kmem_cache_create+0x26/0x2a0 mm/slab_common.c:440
debug_objects_mem_init+0xda/0x910
lib/debugobjects.c:1139
start_kernel+0x6dd/0x819 init/main.c:671
x86_64_start_reservations+0x2a/0x2c
arch/x86/kernel/head64.c:378
x86_64_start_kernel+0x77/0x7a
arch/x86/kernel/head64.c:359
secondary_startup_64+0xa5/0xb0
arch/x86/kernel/head_64.S:237
INITIAL USE at:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
percpu_down_read_preempt_disable
include/linux/percpu-rwsem.h:36 [inline]
percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
cpus_read_lock kernel/cpu.c:293 [inline]
__cpuhp_setup_state+0x60/0x140 kernel/cpu.c:1670
cpuhp_setup_state_nocalls include/linux/cpuhotplug.h:229
[inline]
kvm_guest_init+0x1f3/0x20f arch/x86/kernel/kvm.c:528
setup_arch+0x17e8/0x1a02 arch/x86/kernel/setup.c:1266
start_kernel+0xcd/0x819 init/main.c:532
x86_64_start_reservations+0x2a/0x2c
arch/x86/kernel/head64.c:378
x86_64_start_kernel+0x77/0x7a
arch/x86/kernel/head64.c:359
secondary_startup_64+0xa5/0xb0
arch/x86/kernel/head_64.S:237
}
... key at: [<0000000050a2ae54>] cpu_hotplug_lock+0xd8/0x140
... acquired at:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
cpus_read_lock+0x42/0x90 kernel/cpu.c:293
get_online_cpus include/linux/cpu.h:117 [inline]
xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767
xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978
xfrm_flush_policy+0x153/0x440 net/xfrm/xfrm_user.c:2061
xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591
netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441
xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599
netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline]
netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334
netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897
sock_sendmsg_nosec net/socket.c:628 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:638
___sys_sendmsg+0x767/0x8b0 net/socket.c:2018
__sys_sendmsg+0xe5/0x210 net/socket.c:2052
SYSC_sendmsg net/socket.c:2063 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2059
entry_SYSCALL_64_fastpath+0x23/0x9a
stack backtrace:
CPU: 0 PID: 28835 Comm: syz-executor1 Tainted: G W
4.15.0-rc5+ #177
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
print_bad_irq_dependency kernel/locking/lockdep.c:1565 [inline]
check_usage+0xad0/0xb60 kernel/locking/lockdep.c:1597
check_irq_usage kernel/locking/lockdep.c:1653 [inline]
check_prev_add_irq kernel/locking/lockdep_states.h:8 [inline]
check_prev_add kernel/locking/lockdep.c:1863 [inline]
check_prevs_add kernel/locking/lockdep.c:1971 [inline]
validate_chain kernel/locking/lockdep.c:2412 [inline]
__lock_acquire+0x2bd1/0x3e00 kernel/locking/lockdep.c:3426
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
cpus_read_lock+0x42/0x90 kernel/cpu.c:293
get_online_cpus include/linux/cpu.h:117 [inline]
xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767
xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978
xfrm_flush_policy+0x153/0x440 net/xfrm/xfrm_user.c:2061
xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591
netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441
xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599
netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline]
netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334
netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897
sock_sendmsg_nosec net/socket.c:628 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:638
___sys_sendmsg+0x767/0x8b0 net/socket.c:2018
__sys_sendmsg+0xe5/0x210 net/socket.c:2052
SYSC_sendmsg net/socket.c:2063 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2059
entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452ac9
RSP: 002b:00007f11ff7e1c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9
RDX: 0000000000000000 RSI: 0000000020007fc8 RDI: 0000000000000013
RBP: 00000000000003a3 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f37e8
R13: 00000000ffffffff R14: 00007f11ff7e26d4 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 29406 Comm: syz-executor7 Tainted: G W
4.15.0-rc5+ #177
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3368 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3542
alloc_inode+0x128/0x180 fs/inode.c:210
new_inode_pseudo+0x69/0x190 fs/inode.c:890
get_pipe_inode fs/pipe.c:699 [inline]
create_pipe_files+0x9a/0x930 fs/pipe.c:740
__do_pipe_flags+0x35/0x220 fs/pipe.c:797
SYSC_pipe2 fs/pipe.c:845 [inline]
SyS_pipe2 fs/pipe.c:839 [inline]
SYSC_pipe fs/pipe.c:863 [inline]
SyS_pipe+0x8d/0x2e0 fs/pipe.c:861
entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452ac9
RSP: 002b:00007f49a8d72c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000016
RAX: ffffffffffffffda RBX: 00007f49a8d72aa0 RCX: 0000000000452ac9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020aa6ff8
RBP: 00007f49a8d72a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a
R13: 00007f49a8d72bc8 R14: 00000000004b767a R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 29430 Comm: syz-executor7 Tainted: G W
4.15.0-rc5+ #177
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3368 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3542
kmem_cache_zalloc include/linux/slab.h:678 [inline]
inode_alloc_security security/selinux/hooks.c:234 [inline]
selinux_inode_alloc_security+0xf9/0x390 security/selinux/hooks.c:2885
security_inode_alloc+0x90/0xd0 security/security.c:437
inode_init_always+0x653/0xca0 fs/inode.c:167
alloc_inode+0x82/0x180 fs/inode.c:215
new_inode_pseudo+0x69/0x190 fs/inode.c:890
get_pipe_inode fs/pipe.c:699 [inline]
create_pipe_files+0x9a/0x930 fs/pipe.c:740
__do_pipe_flags+0x35/0x220 fs/pipe.c:797
SYSC_pipe2 fs/pipe.c:845 [inline]
SyS_pipe2 fs/pipe.c:839 [inline]
SYSC_pipe fs/pipe.c:863 [inline]
SyS_pipe+0x8d/0x2e0 fs/pipe.c:861
entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452ac9
RSP: 002b:00007f49a8d72c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000016
RAX: ffffffffffffffda RBX: 00007f49a8d72aa0 RCX: 0000000000452ac9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020aa6ff8
RBP: 00007f49a8d72a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a
R13: 00007f49a8d72bc8 R14: 00000000004b767a R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 29454 Comm: syz-executor7 Tainted: G W
4.15.0-rc5+ #177
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3368 [inline]
kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3608
kmalloc include/linux/slab.h:499 [inline]
kzalloc include/linux/slab.h:688 [inline]
alloc_pipe_info+0xb1/0x350 fs/pipe.c:628
get_pipe_inode fs/pipe.c:707 [inline]
create_pipe_files+0xda/0x930 fs/pipe.c:740
__do_pipe_flags+0x35/0x220 fs/pipe.c:797
SYSC_pipe2 fs/pipe.c:845 [inline]
SyS_pipe2 fs/pipe.c:839 [inline]
SYSC_pipe fs/pipe.c:863 [inline]
SyS_pipe+0x8d/0x2e0 fs/pipe.c:861
entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452ac9
RSP: 002b:00007f49a8d72c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000016
RAX: ffffffffffffffda RBX: 00007f49a8d72aa0 RCX: 0000000000452ac9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020aa6ff8
RBP: 00007f49a8d72a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a
R13: 00007f49a8d72bc8 R14: 00000000004b767a R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 29482 Comm: syz-executor7 Tainted: G W
4.15.0-rc5+ #177
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3368 [inline]
__do_kmalloc mm/slab.c:3706 [inline]
__kmalloc+0x63/0x760 mm/slab.c:3717
kmalloc_array include/linux/slab.h:618 [inline]
kcalloc include/linux/slab.h:629 [inline]
alloc_pipe_info+0x135/0x350 fs/pipe.c:645
get_pipe_inode fs/pipe.c:707 [inline]
create_pipe_files+0xda/0x930 fs/pipe.c:740
__do_pipe_flags+0x35/0x220 fs/pipe.c:797
SYSC_pipe2 fs/pipe.c:845 [inline]
SyS_pipe2 fs/pipe.c:839 [inline]
SYSC_pipe fs/pipe.c:863 [inline]
SyS_pipe+0x8d/0x2e0 fs/pipe.c:861
entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452ac9
RSP: 002b:00007f49a8d72c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000016
RAX: ffffffffffffffda RBX: 00007f49a8d72aa0 RCX: 0000000000452ac9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020aa6ff8
RBP: 00007f49a8d72a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a
R13: 00007f49a8d72bc8 R14: 00000000004b767a R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 29558 Comm: syz-executor1 Tainted: G W
4.15.0-rc5+ #177
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3368 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3542
kmem_cache_zalloc include/linux/slab.h:678 [inline]
alloc_mm_slot mm/khugepaged.c:369 [inline]
__khugepaged_enter+0xbd/0x540 mm/khugepaged.c:405
khugepaged_enter include/linux/khugepaged.h:54 [inline]
do_huge_pmd_anonymous_page+0x10d9/0x1b00 mm/huge_memory.c:680
create_huge_pmd mm/memory.c:3828 [inline]
__handle_mm_fault+0x1a0c/0x3ce0 mm/memory.c:4032
handle_mm_fault+0x334/0x8d0 mm/memory.c:4098
__do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1429
do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504
page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1225
RIP: 0033:0x40180b
RSP: 002b:00007f11ff7e1b90 EFLAGS: 00010246
RAX: 0000000020000000 RBX: 000000000000004e RCX: 0000000000000000
RDX: b5cf47289ff2ee66 RSI: 0000000000000000 RDI: 00007f11ff7e2608
RBP: 0000000020eacfb2 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000004e R11: 0000000000000000 R12: 00000000006f68c0
R13: 0000000000000013 R14: 00007f11ff7e26d4 R15: ffffffffffffffff
syz-executor1 invoked oom-killer: gfp_mask=0x0(), nodemask=(null), order=0,
oom_score_adj=0
syz-executor1 cpuset=/ mems_allowed=0
CPU: 0 PID: 29558 Comm: syz-executor1 Tainted: G W
4.15.0-rc5+ #177
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
dump_header+0x28c/0xe1e mm/oom_kill.c:437
oom_kill_process+0x8b5/0x14a0 mm/oom_kill.c:865
out_of_memory+0x86d/0x1220 mm/oom_kill.c:1079
pagefault_out_of_memory+0x135/0x152 mm/oom_kill.c:1110
mm_fault_error+0xd6/0x2c0 arch/x86/mm/fault.c:1053
__do_page_fault+0xb4d/0xc90 arch/x86/mm/fault.c:1457
do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504
page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1225
RIP: 0033:0x40180b
RSP: 002b:00007f11ff7e1b90 EFLAGS: 00010246
RAX: 0000000020000000 RBX: 000000000000004e RCX: 0000000000000000
RDX: b5cf47289ff2ee66 RSI: 0000000000000000 RDI: 00007f11ff7e2608
RBP: 0000000020eacfb2 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000004e R11: 0000000000000000 R12: 00000000006f68c0
R13: 0000000000000013 R14: 00007f11ff7e26d4 R15: ffffffffffffffff
Mem-Info:
active_anon:31646 inactive_anon:61 isolated_anon:0
active_file:3804 inactive_file:8049 isolated_file:0
unevictable:0 dirty:103 writeback:0 unstable:0
slab_reclaimable:9359 slab_unreclaimable:86173
mapped:23420 shmem:68 pagetables:656 bounce:0
free:1457846 free_pcp:424 free_cma:0
Node 0 active_anon:126584kB inactive_anon:244kB active_file:15216kB
inactive_file:32196kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:93680kB dirty:412kB writeback:0kB shmem:272kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 43008kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? no
Node 0 DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15992kB managed:15908kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
free_cma:0kB
lowmem_reserve[]: 0 2874 6386 6386
Node 0 DMA32 free:2945688kB min:30348kB low:37932kB high:45516kB
active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB
unevictable:0kB writepending:0kB present:3129332kB managed:2946452kB
mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:764kB
local_pcp:44kB free_cma:0kB
lowmem_reserve[]: 0 0 3511 3511
Node 0 Normal free:2869788kB min:37068kB low:46332kB high:55596kB
active_anon:126584kB inactive_anon:244kB active_file:15216kB
inactive_file:32196kB unevictable:0kB writepending:412kB present:4718592kB
managed:3596136kB mlocked:0kB kernel_stack:4544kB pagetables:2624kB
bounce:0kB free_pcp:932kB local_pcp:520kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U)
1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 4*4kB (M) 3*8kB (M) 3*16kB (M) 2*32kB (M) 4*64kB (M) 4*128kB
(M) 3*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 717*4096kB (M) =
2945688kB
Node 0 Normal: 499*4kB (UME) 1300*8kB (UME) 767*16kB (UM) 438*32kB (UM)
262*64kB (UM) 89*128kB (UM) 27*256kB (UME) 3*512kB (UM) 7*1024kB (UE)
11*2048kB (UME) 675*4096kB (UM) = 2869788kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
11920 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
326355 pages reserved
Unreclaimable slab info:
Name Used Total
pid_2 504KB 516KB
hashtab_node 118KB 119KB
ebitmap_node 2224KB 2504KB
avtab_node 1012KB 1013KB
TIPC 92KB 186KB
RDS 40KB 101KB
rds_connection 4KB 8KB
SCTPv6 616KB 648KB
SCTP 467KB 467KB
sctp_chunk 77KB 138KB
sctp_bind_bucket 8KB 11KB
tw_sock_DCCPv6 4KB 7KB
DCCPv6 102KB 102KB
DCCP 47KB 74KB
ccid2_hc_tx_sock 19KB 41KB
ccid2_hc_rx_sock 0KB 3KB
dccp_ackvec 0KB 7KB
dccp_bind_bucket 8KB 36KB
KCM 117KB 172KB
kcm_psock_cache 22KB 45KB
kcm_mux_cache 52KB 90KB
xfrm6_tunnel_spi 0KB 4KB
ip6-frags 3KB 7KB
fib6_nodes 20KB 28KB
ip6_dst_cache 120KB 131KB
ip6_mrt_cache 5KB 12KB
PINGv6 65KB 84KB
RAWv6 399KB 429KB
UDPLITEv6 24KB 24KB
UDPv6 318KB 346KB
tw_sock_TCPv6 1KB 3KB
TCPv6 78KB 78KB
sd_ext_cdb 0KB 3KB
scsi_sense_cache 7KB 8KB
virtio_scsi_cmd 16KB 16KB
sgpool-128 8KB 8KB
sgpool-64 4KB 6KB
sgpool-32 2KB 7KB
sgpool-16 3KB 3KB
sgpool-8 10KB 11KB
cfq_io_cq 3KB 19KB
cfq_queue 2KB 15KB
mqueue_inode_cache 12KB 14KB
nfs_commit_data 3KB 7KB
nfs_write_data 34KB 37KB
jbd2_inode 2KB 7KB
ext4_system_zone 0KB 3KB
bio-1 1KB 3KB
fasync_cache 0KB 4KB
pid_namespace 3KB 7KB
rpc_buffers 17KB 19KB
rpc_tasks 2KB 3KB
UNIX 462KB 511KB
ip4-frags 1KB 3KB
ip_mrt_cache 1KB 4KB
tcp_bind_bucket 14KB 20KB
inet_peer_cache 6KB 8KB
secpath_cache 0KB 4KB
xfrm_dst_cache 1KB 4KB
ip_fib_trie 4KB 7KB
ip_fib_alias 8KB 11KB
ip_dst_cache 40KB 60KB
PING 58KB 86KB
RAW 247KB 337KB
UDP 306KB 312KB
TCP 76KB 102KB
hugetlbfs_inode_cache 12KB 31KB
eventpoll_pwq 6KB 15KB
eventpoll_epi 12KB 27KB
inotify_inode_mark 3KB 7KB
request_queue 31KB 39KB
blkdev_ioc 4KB 19KB
bio-0 29KB 30KB
biovec-(1<<(21-12)) 552KB 552KB
bio_integrity_payload 0KB 4KB
khugepaged_mm_slot 56KB 62KB
user_namespace 5KB 7KB
dmaengine-unmap-2 0KB 3KB
skbuff_fclone_cache 727KB 813KB
skbuff_head_cache 1462KB 1747KB
configfs_dir_cache 0KB 4KB
file_lock_cache 0KB 3KB
file_lock_ctx 0KB 3KB
fsnotify_mark_connector 2KB 3KB
net_namespace 57KB 57KB
shmem_inode_cache 2781KB 2781KB
task_delay_info 862KB 885KB
taskstats 547KB 547KB
sigqueue 1811KB 1811KB
kernfs_node_cache 6024KB 6051KB
mnt_cache 64KB 76KB
filp 8790KB 9461KB
names_cache 83746KB 83746KB
avc_node 47KB 55KB
selinux_file_security 450KB 476KB
selinux_inode_security 2314KB 2352KB
key_jar 3KB 7KB
nsproxy 4KB 7KB
vm_area_struct 17662KB 17703KB
mm_struct 3157KB 3914KB
fs_cache 516KB 516KB
files_cache 1893KB 1893KB
signal_cache 3011KB 3011KB
sighand_cache 339KB 339KB
task_struct 28695KB 28695KB
cred_jar 1617KB 2296KB
anon_vma_chain 4638KB 5256KB
anon_vma 212KB 315KB
pid 125KB 252KB
Acpi-Operand 106KB 166KB
Acpi-Namespace 19KB 23KB
numa_policy 0KB 3KB
debug_objects_cache 441KB 446KB
trace_event_file 145KB 147KB
ftrace_event_field 257KB 259KB
pool_workqueue 38KB 40KB
page->ptl 3265KB 3265KB
kmalloc-4194304 0KB 4096KB
kmalloc-524288 0KB 514KB
kmalloc-262144 1548KB 1548KB
kmalloc-131072 1040KB 1430KB
kmalloc-65536 396KB 396KB
kmalloc-32768 825KB 825KB
kmalloc-16384 660KB 709KB
kmalloc-8192 2202KB 2260KB
kmalloc-4096 10136KB 10174KB
kmalloc-2048 10312KB 10442KB
kmalloc-1024 3524KB 3756KB
kmalloc-512 3273KB 3431KB
kmalloc-256 2181KB 2445KB
kmalloc-128 1464KB 1464KB
kmalloc-96 980KB 980KB
kmalloc-64 2133KB 2296KB
kmalloc-32 2097KB 2228KB
kmalloc-192 542KB 556KB
kmem_cache 103KB 105KB
[ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj
name
[ 1772] 0 1772 5366 635 86016 0 -1000 udevd
[ 3189] 0 3189 2493 810 57344 0 0
dhclient
[ 3338] 0 3338 14298 789 118784 0 0
rsyslogd
[ 3393] 0 3393 4725 502 81920 0 0 cron
[ 3411] 0 3411 3735 44 65536 0 0
mcstransd
[ 3413] 0 3413 12927 1508 131072 0 0
restorecond
[ 3439] 0 3439 12490 836 135168 0 -1000 sshd
[ 3463] 0 3463 3694 460 77824 0 0 getty
[ 3464] 0 3464 3694 469 69632 0 0 getty
[ 3465] 0 3465 3694 466 73728 0 0 getty
[ 3466] 0 3466 3694 463 73728 0 0 getty
[ 3467] 0 3467 3694 473 73728 0 0 getty
[ 3468] 0 3468 3694 470 77824 0 0 getty
[ 3469] 0 3469 3649 421 77824 0 0 getty
[ 3488] 0 3488 17821 1386 180224 0 0 sshd
[ 3490] 0 3490 80787 31701 413696 0 0
syz-fuzzer
[ 3531] 0 3531 7297 230 65536 0 0
syz-executor0
[ 3532] 0 3532 7297 231 69632 0 0
syz-executor7
[ 3533] 0 3533 7297 230 65536 0 0
syz-executor1
[ 3534] 0 3534 7297 230 69632 0 0
syz-executor2
[ 3536] 0 3536 7297 230 65536 0 0
syz-executor3
[ 3538] 0 3538 7297 231 65536 0 0
syz-executor4
[ 3540] 0 3540 7297 230 65536 0 0
syz-executor5
[ 3544] 0 3544 5365 586 81920 0 -1000 udevd
[ 3547] 0 3547 7297 230 69632 0 0
syz-executor6
[ 3567] 0 3567 5365 295 81920 0 -1000 udevd
[ 3719] 0 3719 7297 2268 73728 0 0
syz-executor3
[ 3720] 0 3720 7297 2268 73728 0 0
syz-executor0
[ 3723] 0 3723 7297 2269 77824 0 0
syz-executor7
[ 3724] 0 3724 7297 2268 73728 0 0
syz-executor1
[ 3726] 0 3726 7297 2269 73728 0 0
syz-executor4
[ 3730] 0 3730 7297 2268 77824 0 0
syz-executor2
[ 3732] 0 3732 7297 2268 73728 0 0
syz-executor5
[ 3733] 0 3733 7297 2268 77824 0 0
syz-executor6
[29532] 0 29532 11376 2122 81920 0 0
syz-executor7
[29544] 0 29544 7330 2077 73728 0 0
syz-executor4
[29545] 0 29545 7330 2076 73728 0 0
syz-executor3
[29546] 0 29546 7330 2076 73728 0 0
syz-executor0
[29547] 0 29547 7330 2076 73728 0 0
syz-executor5
[29548] 0 29548 7330 2076 77824 0 0
syz-executor2
[29553] 0 29553 11087 2076 77824 0 0
syz-executor1
Out of memory: Kill process 3490 (syz-fuzzer) score 18 or sacrifice child
Killed process 3532 (syz-executor7) total-vm:29188kB, anon-rss:60kB,
file-rss:864kB, shmem-rss:0kB
oom_reaper: reaped process 3532 (syz-executor7), now anon-rss:0kB,
file-rss:0kB, shmem-rss:0kB
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 29566 Comm: syz-executor1 Tainted: G W
4.15.0-rc5+ #177
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3368 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3542
ptlock_alloc+0x24/0x70 mm/memory.c:4686
ptlock_init include/linux/mm.h:1790 [inline]
pgtable_page_ctor include/linux/mm.h:1824 [inline]
pte_alloc_one+0x59/0x100 arch/x86/mm/pgtable.c:32
do_huge_pmd_anonymous_page+0xc23/0x1b00 mm/huge_memory.c:689
create_huge_pmd mm/memory.c:3828 [inline]
__handle_mm_fault+0x1a0c/0x3ce0 mm/memory.c:4032
handle_mm_fault+0x334/0x8d0 mm/memory.c:4098
__do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1429
do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504
page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1225
RIP: 0033:0x40180b
RSP: 002b:00007f11ff7e1b90 EFLAGS: 00010246
RAX: 0000000020000000 RBX: 000000000000004e RCX: 0000000000000000
RDX: b5cf47289ff2ee66 RSI: 0000000000000000 RDI: 00007f11ff7e2608
RBP: 0000000020eacfb2 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000004e R11: 0000000000000000 R12: 00000000006f68c0
R13: 0000000000000013 R14: 00007f11ff7e26d4 R15: ffffffffffffffff
syz-executor1 invoked oom-killer: gfp_mask=0x0(), nodemask=(null), order=0,
oom_score_adj=0
syz-executor1 cpuset=/ mems_allowed=0
CPU: 0 PID: 29566 Comm: syz-executor1 Tainted: G W
4.15.0-rc5+ #177
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
dump_header+0x28c/0xe1e mm/oom_kill.c:437
oom_kill_process+0x8b5/0x14a0 mm/oom_kill.c:865
out_of_memory+0x86d/0x1220 mm/oom_kill.c:1079
pagefault_out_of_memory+0x135/0x152 mm/oom_kill.c:1110
mm_fault_error+0xd6/0x2c0 arch/x86/mm/fault.c:1053
__do_page_fault+0xb4d/0xc90 arch/x86/mm/fault.c:1457
do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504
page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1225
RIP: 0033:0x40180b
RSP: 002b:00007f11ff7e1b90 EFLAGS: 00010246
RAX: 0000000020000000 RBX: 000000000000004e RCX: 0000000000000000
RDX: b5cf47289ff2ee66 RSI: 0000000000000000 RDI: 00007f11ff7e2608
RBP: 0000000020eacfb2 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000004e R11: 0000000000000000 R12: 00000000006f68c0
R13: 0000000000000013 R14: 00007f11ff7e26d4 R15: ffffffffffffffff
Mem-Info:
active_anon:31542 inactive_anon:61 isolated_anon:0
active_file:3804 inactive_file:8049 isolated_file:0
unevictable:0 dirty:103 writeback:0 unstable:0
slab_reclaimable:9359 slab_unreclaimable:86248
mapped:21395 shmem:68 pagetables:582 bounce:0
free:1458061 free_pcp:422 free_cma:0
Node 0 active_anon:126168kB inactive_anon:244kB active_file:15216kB
inactive_file:32196kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:85580kB dirty:412kB writeback:0kB shmem:272kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 43008kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? no
Node 0 DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15992kB managed:15908kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
free_cma:0kB
lowmem_reserve[]: 0 2874 6386 6386
Node 0 DMA32 free:2945688kB min:30348kB low:37932kB high:45516kB
active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB
unevictable:0kB writepending:0kB present:3129332kB managed:2946452kB
mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:764kB
local_pcp:44kB free_cma:0kB
lowmem_reserve[]: 0 0 3511 3511
Node 0 Normal free:2870648kB min:37068kB low:46332kB high:55596kB
active_anon:126168kB inactive_anon:244kB active_file:15216kB
inactive_file:32196kB unevictable:0kB writepending:412kB present:4718592kB
managed:3596136kB mlocked:0kB kernel_stack:4256kB pagetables:2328kB
bounce:0kB free_pcp:924kB local_pcp:512kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U)
1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 4*4kB (M) 3*8kB (M) 3*16kB (M) 2*32kB (M) 4*64kB (M) 4*128kB
(M) 3*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 717*4096kB (M) =
2945688kB
Node 0 Normal: 645*4kB (UM) 1271*8kB (UME) 771*16kB (UME) 449*32kB (UME)
262*64kB (UM) 89*128kB (UM) 27*256kB (UME) 3*512kB (UM) 7*1024kB (UE)
11*2048kB (UME) 675*4096kB (UM) = 2870556kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
11920 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
326355 pages reserved
Unreclaimable slab info:
Name Used Total
pid_2 504KB 516KB
hashtab_node 118KB 119KB
ebitmap_node 2224KB 2504KB
avtab_node 1012KB 1013KB
TIPC 92KB 186KB
RDS 40KB 101KB
rds_connection 4KB 8KB
SCTPv6 616KB 648KB
SCTP 467KB 467KB
sctp_chunk 77KB 138KB
sctp_bind_bucket 8KB 11KB
tw_sock_DCCPv6 4KB 7KB
DCCPv6 102KB 102KB
DCCP 47KB 74KB
ccid2_hc_tx_sock 19KB 41KB
ccid2_hc_rx_sock 0KB 3KB
dccp_ackvec 0KB 7KB
dccp_bind_bucket 8KB 36KB
KCM 117KB 172KB
kcm_psock_cache 22KB 45KB
kcm_mux_cache 52KB 90KB
xfrm6_tunnel_spi 0KB 4KB
ip6-frags 3KB 7KB
fib6_nodes 20KB 28KB
ip6_dst_cache 120KB 131KB
ip6_mrt_cache 5KB 12KB
PINGv6 65KB 84KB
RAWv6 399KB 429KB
UDPLITEv6 24KB 24KB
UDPv6 318KB 346KB
tw_sock_TCPv6 1KB 3KB
TCPv6 78KB 78KB
sd_ext_cdb 0KB 3KB
scsi_sense_cache 7KB 8KB
virtio_scsi_cmd 16KB 16KB
sgpool-128 8KB 8KB
sgpool-64 4KB 6KB
sgpool-32 2KB 7KB
sgpool-16 3KB 3KB
sgpool-8 10KB 11KB
cfq_io_cq 3KB 19KB
cfq_queue 2KB 15KB
mqueue_inode_cache 12KB 14KB
nfs_commit_data 3KB 7KB
nfs_write_data 34KB 37KB
jbd2_inode 2KB 7KB
ext4_system_zone 0KB 3KB
bio-1 1KB 3KB
fasync_cache 0KB 4KB
pid_namespace 3KB 7KB
rpc_buffers 17KB 19KB
rpc_tasks 2KB 3KB
UNIX 462KB 511KB
ip4-frags 1KB 3KB
ip_mrt_cache 1KB 4KB
tcp_bind_bucket 14KB 20KB
inet_peer_cache 6KB 8KB
secpath_cache 0KB 4KB
xfrm_dst_cache 1KB 4KB
ip_fib_trie 4KB 7KB
ip_fib_alias 8KB 11KB
ip_dst_cache 40KB 60KB
PING 58KB 86KB
RAW 247KB 337KB
UDP 306KB 312KB
TCP 76KB 102KB
hugetlbfs_inode_cache 12KB 31KB
eventpoll_pwq 6KB 15KB
eventpoll_epi 12KB 27KB
inotify_inode_mark 3KB 7KB
request_queue 31KB 39KB
blkdev_ioc 4KB 19KB
bio-0 29KB 30KB
biovec-(1<<(21-12)) 552KB 552KB
bio_integrity_payload 0KB 4KB
khugepaged_mm_slot 56KB 62KB
user_namespace 5KB 7KB
dmaengine-unmap-2 0KB 3KB
skbuff_fclone_cache 727KB 813KB
skbuff_head_cache 1462KB 1747KB
configfs_dir_cache 0KB 4KB
file_lock_cache 0KB 3KB
file_lock_ctx 0KB 3KB
fsnotify_mark_connector 2KB 3KB
net_namespace 57KB 57KB
shmem_inode_cache 2793KB 2793KB
task_delay_info 862KB 885KB
taskstats 547KB 547KB
sigqueue 1815KB 1815KB
kernfs_node_cache 6024KB 6051KB
mnt_cache 64KB 76KB
filp 8790KB 9461KB
names_cache 83852KB 83852KB
avc_node 47KB 55KB
selinux_file_security 450KB 476KB
selinux_inode_security 2314KB 2352KB
key_jar 3KB 7KB
nsproxy 4KB 7KB
vm_area_struct 17683KB 17703KB
mm_struct 3157KB 3914KB
fs_cache 516KB 516KB
files_cache 1893KB 1893KB
signal_cache 3011KB 3011KB
sighand_cache 339KB 339KB
task_struct 28744KB 28744KB
cred_jar 1617KB 2296KB
anon_vma_chain 4638KB 5256KB
anon_vma 212KB 315KB
pid 125KB 252KB
Acpi-Operand 106KB 166KB
Acpi-Namespace 19KB 23KB
numa_policy 0KB 3KB
debug_objects_cache 441KB 446KB
trace_event_file 145KB 147KB
ftrace_event_field 257KB 259KB
pool_workqueue 38KB 40KB
page->ptl 3265KB 3265KB
kmalloc-4194304 0KB 4096KB
kmalloc-524288 0KB 514KB
kmalloc-262144 1548KB 1548KB
kmalloc-131072 1040KB 1430KB
kmalloc-65536 396KB 396KB
kmalloc-32768 825KB 825KB
kmalloc-16384 660KB 709KB
kmalloc-8192 2202KB 2260KB
kmalloc-4096 10136KB 10174KB
kmalloc-2048 10338KB 10442KB
kmalloc-1024 3524KB 3756KB
kmalloc-512 3273KB 3431KB
kmalloc-256 2181KB 2445KB
kmalloc-128 1464KB 1464KB
kmalloc-96 980KB 980KB
kmalloc-64 2133KB 2296KB
kmalloc-32 2097KB 2228KB
kmalloc-192 542KB 556KB
kmem_cache 103KB 105KB
[ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj
name
[ 1772] 0 1772 5366 635 86016 0 -1000 udevd
[ 3189] 0 3189 2493 810 57344 0 0
dhclient
[ 3338] 0 3338 14298 789 118784 0 0
rsyslogd
[ 3393] 0 3393 4725 502 81920 0 0 cron
[ 3411] 0 3411 3735 44 65536 0 0
mcstransd
[ 3413] 0 3413 12927 1508 131072 0 0
restorecond
[ 3439] 0 3439 12490 836 135168 0 -1000 sshd
[ 3463] 0 3463 3694 460 77824 0 0 getty
[ 3464] 0 3464 3694 469 69632 0 0 getty
[ 3465] 0 3465 3694 466 73728 0 0 getty
[ 3466] 0 3466 3694 463 73728 0 0 getty
[ 3467] 0 3467 3694 473 73728 0 0 getty
[ 3468] 0 3468 3694 470 77824 0 0 getty
[ 3469] 0 3469 3649 421 77824 0 0 getty
[ 3488] 0 3488 17821 1386 180224 0 0 sshd
[ 3490] 0 3490 80787 31701 413696 0 0
syz-fuzzer
[ 3531] 0 3531 7297 230 65536 0 0
syz-executor0
[ 3533] 0 3533 7297 230 65536 0 0
syz-executor1
[ 3534] 0 3534 7297 230 69632 0 0
syz-executor2
[ 3536] 0 3536 7297 230 65536 0 0
syz-executor3
[ 3538] 0 3538 7297 231 65536 0 0
syz-executor4
[ 3540] 0 3540 7297 230 65536 0 0
syz-executor5
[ 3544] 0 3544 5365 586 81920 0 -1000 udevd
[ 3547] 0 3547 7297 230 69632 0 0
syz-executor6
[ 3567] 0 3567 5365 295 81920 0 -1000 udevd
[ 3719] 0 3719 7297 2268 73728 0 0
syz-executor3
[ 3720] 0 3720 7297 2268 73728 0 0
syz-executor0
[ 3724] 0 3724 7297 2268 73728 0 0
syz-executor1
[ 3726] 0 3726 7297 2269 73728 0 0
syz-executor4
[ 3730] 0 3730 7297 2268 77824 0 0
syz-executor2
[ 3732] 0 3732 7297 2268 73728 0 0
syz-executor5
[ 3733] 0 3733 7297 2268 77824 0 0
syz-executor6
[29549] 0 29544 7330 2192 73728 0 0
syz-executor4
[29548] 0 29548 11458 2076 77824 0 0
syz-executor2
[29565] 0 29565 11087 2076 77824 0 0
syz-executor1
Out of memory: Kill process 3490 (syz-fuzzer) score 18 or sacrifice child
Killed process 3534 (syz-executor2) total-vm:29188kB, anon-rss:56kB,
file-rss:864kB, shmem-rss:0kB
oom_reaper: reaped process 3534 (syz-executor2), now anon-rss:0kB,
file-rss:0kB, shmem-rss:0kB
CPU: 1 PID: 29549 Comm: syz-executor4 Tainted: G W
4.15.0-rc5+ #177
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x8c0/0xa40 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3368 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3542
kmem_cache_zalloc include/linux/slab.h:678 [inline]
ebitmap_cpy+0xce/0x260 security/selinux/ss/ebitmap.c:60
mls_context_cpy security/selinux/ss/context.h:51 [inline]
mls_compute_sid+0x555/0x930 security/selinux/ss/mls.c:556
security_compute_sid+0x8df/0x18f0 security/selinux/ss/services.c:1724
security_transition_sid+0x75/0x90 security/selinux/ss/services.c:1763
socket_sockcreate_sid security/selinux/hooks.c:4335 [inline]
selinux_socket_create+0x3cf/0x740 security/selinux/hooks.c:4368
security_socket_create+0x83/0xc0 security/security.c:1338
__sock_create+0xf7/0x850 net/socket.c:1212
sock_create net/socket.c:1297 [inline]
SYSC_socket net/socket.c:1327 [inline]
SyS_socket+0xeb/0x1d0 net/socket.c:1307
entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x452ac9
RSP: 002b:00007fd0e97e0c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 00007fd0e97e0aa0 RCX: 0000000000452ac9
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000000a
RBP: 00007fd0e97e0a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a
R13: 00007fd0e97e0bc8 R14: 00000000004b767a R15: 0000000000000000
audit: type=1400 audit(1515190934.850:99): avc: denied { sys_ptrace }
for pid=29572 comm="ps" capability=19
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=cap_userns permissive=1
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzkaller@...glegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
View attachment "config.txt" of type "text/plain" (134059 bytes)
Download attachment "raw.log" of type "application/octet-stream" (1048576 bytes)
Powered by blists - more mailing lists