WARNING: suspicious RCU usage in __alloc_pages_nodemask
15 views
Skip to first unread message
syzbot
May 30, 2020, 10:10:14 AM5/30/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 4f68020f Linux 4.14.182
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17523f9a100000
kernel config: https://syzkaller.appspot.com/x/.config?x=512ec6eb8f94d0c8
dashboard link: https://syzkaller.appspot.com/bug?extid=6a6671c118d6415093db
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6a6671...@syzkaller.appspotmail.com
=============================
WARNING: suspicious RCU usage
4.14.182-syzkaller #0 Not tainted
-----------------------------
net/sched/act_sample.c:95 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
syz-executor.4 cpuset=/ mems_allowed=0-1
1 lock held by syz-executor.1/29036:
CPU: 1 PID: 29034 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3249
__alloc_pages_slowpath mm/page_alloc.c:4096 [inline]
__alloc_pages_nodemask+0x2129/0x2730 mm/page_alloc.c:4199
alloc_pages_current+0xe7/0x1e0 mm/mempolicy.c:2113
alloc_pages include/linux/gfp.h:520 [inline]
alloc_mmu_pages arch/x86/kvm/mmu.c:5142 [inline]
kvm_mmu_create+0xd1/0x1c0 arch/x86/kvm/mmu.c:5160
kvm_arch_vcpu_init+0x282/0x890 arch/x86/kvm/x86.c:8306
kvm_vcpu_init+0x26d/0x360 arch/x86/kvm/../../../virt/kvm/kvm_main.c:320
vmx_create_vcpu+0xf5/0x2950 arch/x86/kvm/vmx.c:10038
kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2549 [inline]
kvm_vm_ioctl+0x4ae/0x1430 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3057
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007f3f9932bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004e7400 RCX: 000000000045ca69
RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000396 R14: 00000000004c6306 R15: 00007f3f9932c6d4
#0: (rtnl_mutex){+.+.}, at: [<ffffffff8502bf2d>] rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: (rtnl_mutex){+.+.}, at: [<ffffffff8502bf2d>] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4310
stack backtrace:
CPU: 1 PID: 29036 Comm: syz-executor.1 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
tcf_sample_init+0x71c/0x8c0 net/sched/act_sample.c:95
tcf_action_init_1+0x51a/0x9f0 net/sched/act_api.c:682
tcf_action_init+0x26d/0x400 net/sched/act_api.c:751
tcf_action_add net/sched/act_api.c:1079 [inline]
tc_ctl_action+0x2e3/0x513 net/sched/act_api.c:1131
rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4315
netlink_rcv_skb+0x127/0x370 net/netlink/af_netlink.c:2433
netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline]
netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313
netlink_sendmsg+0x64a/0xbb0 net/netlink/af_netlink.c:1878
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xa3/0x120 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 net/socket.c:2103
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007feeb5362c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000500fc0 RCX: 000000000045ca69
RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
RBP: 000000000078c040 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000a05 R14: 00000000004cce1d R15: 00007feeb53636d4
Mem-Info:
active_anon:1002541 inactive_anon:9347 isolated_anon:0
active_file:28678 inactive_file:27099 isolated_file:3
unevictable:4097 dirty:0 writeback:0 unstable:0
slab_reclaimable:17100 slab_unreclaimable:144771
mapped:58290 shmem:5066 pagetables:42235 bounce:0
free:226689 free_pcp:495 free_cma:0
Node 0 active_anon:1846684kB inactive_anon:36780kB active_file:16kB inactive_file:4kB unevictable:16388kB isolated(anon):0kB isolated(file):12kB mapped:215624kB dirty:4kB writeback:0kB shmem:19056kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1314816kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 1 active_anon:2162180kB inactive_anon:608kB active_file:114696kB inactive_file:108392kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:17536kB dirty:0kB writeback:0kB shmem:1208kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 0 DMA free:10356kB min:220kB low:272kB high:324kB active_anon:4528kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2559 2559 2559 2559
Node 0 DMA32 free:36528kB min:36296kB low:45368kB high:54440kB active_anon:1842156kB inactive_anon:36780kB active_file:16kB inactive_file:4kB unevictable:16388kB writepending:4kB present:3129332kB managed:2623996kB mlocked:16388kB kernel_stack:15264kB pagetables:47400kB bounce:0kB free_pcp:696kB local_pcp:132kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 1 Normal free:861140kB min:53592kB low:66988kB high:80384kB active_anon:2162180kB inactive_anon:608kB active_file:114696kB inactive_file:108392kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:42400kB pagetables:121392kB bounce:0kB free_pcp:1448kB local_pcp:732kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 3*4kB (U) 4*8kB (UM) 0*16kB 2*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 1*512kB (M) 1*1024kB (M) 0*2048kB 2*4096kB (ME) = 10348kB
Node 0 DMA32: 388*4kB (UMEH) 1476*8kB (UMEH) 313*16kB (UMEH) 332*32kB (UMEH) 28*64kB (UME) 5*128kB (UM) 2*256kB (UM) 0*512kB 4*1024kB (M) 0*2048kB 0*4096kB = 36032kB
Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 1 Normal: 427*4kB (UME) 379*8kB (UME) 727*16kB (UME) 980*32kB (UME) 497*64kB (UME) 108*128kB (UME) 179*256kB (UME) 114*512kB (UM) 41*1024kB (UM) 6*2048kB (UME) 149*4096kB (UM) = 862132kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
38375 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
338455 pages reserved
0 pages cma reserved
Option ':h��5��^�' to dns_resolver key: bad/missing value
syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
syz-executor.4 cpuset=/ mems_allowed=0-1
CPU: 1 PID: 29103 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3249
__alloc_pages_slowpath mm/page_alloc.c:4096 [inline]
__alloc_pages_nodemask+0x2129/0x2730 mm/page_alloc.c:4199
alloc_pages_current+0xe7/0x1e0 mm/mempolicy.c:2113
alloc_pages include/linux/gfp.h:520 [inline]
alloc_mmu_pages arch/x86/kvm/mmu.c:5142 [inline]
kvm_mmu_create+0xd1/0x1c0 arch/x86/kvm/mmu.c:5160
kvm_arch_vcpu_init+0x282/0x890 arch/x86/kvm/x86.c:8306
kvm_vcpu_init+0x26d/0x360 arch/x86/kvm/../../../virt/kvm/kvm_main.c:320
vmx_create_vcpu+0xf5/0x2950 arch/x86/kvm/vmx.c:10038
kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2549 [inline]
kvm_vm_ioctl+0x4ae/0x1430 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3057
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007f3f9932bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004e7400 RCX: 000000000045ca69
RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000396 R14: 00000000004c6306 R15: 00007f3f9932c6d4
Mem-Info:
syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
active_anon:1002266 inactive_anon:9347 isolated_anon:0
active_file:28667 inactive_file:27774 isolated_file:0
unevictable:4097 dirty:36 writeback:0 unstable:0
slab_reclaimable:17142 slab_unreclaimable:144867
mapped:58969 shmem:5066 pagetables:42230 bounce:0
free:226153 free_pcp:432 free_cma:0
syz-executor.4 cpuset=/ mems_allowed=0-1
CPU: 0 PID: 29104 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3249
__alloc_pages_slowpath mm/page_alloc.c:4096 [inline]
__alloc_pages_nodemask+0x2129/0x2730 mm/page_alloc.c:4199
alloc_pages_current+0xe7/0x1e0 mm/mempolicy.c:2113
alloc_pages include/linux/gfp.h:520 [inline]
alloc_mmu_pages arch/x86/kvm/mmu.c:5142 [inline]
kvm_mmu_create+0xd1/0x1c0 arch/x86/kvm/mmu.c:5160
kvm_arch_vcpu_init+0x282/0x890 arch/x86/kvm/x86.c:8306
kvm_vcpu_init+0x26d/0x360 arch/x86/kvm/../../../virt/kvm/kvm_main.c:320
vmx_create_vcpu+0xf5/0x2950 arch/x86/kvm/vmx.c:10038
Node 0 active_anon:1846684kB inactive_anon:36780kB active_file:28kB inactive_file:4kB unevictable:16388kB isolated(anon):0kB isolated(file):0kB mapped:215676kB dirty:8kB writeback:0kB shmem:19056kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1314816kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2549 [inline]
kvm_vm_ioctl+0x4ae/0x1430 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3057
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007f3f9930ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
Node 1 active_anon:2162380kB inactive_anon:608kB active_file:114640kB inactive_file:111092kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20200kB dirty:136kB writeback:0kB shmem:1208kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
RAX: ffffffffffffffda RBX: 00000000004e7400 RCX: 000000000045ca69
RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
RBP: 000000000078c040 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000396 R14: 00000000004c6306 R15: 00007f3f9930b6d4
Node 0 DMA free:10348kB min:220kB low:272kB high:324kB active_anon:4528kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2559 2559 2559 2559
Node 0 DMA32 free:36040kB min:36296kB low:45368kB high:54440kB active_anon:1842156kB inactive_anon:36780kB active_file:24kB inactive_file:8kB unevictable:16388kB writepending:8kB present:3129332kB managed:2623996kB mlocked:16388kB kernel_stack:15264kB pagetables:47400kB bounce:0kB free_pcp:768kB local_pcp:596kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 1 Normal free:859964kB min:53592kB low:66988kB high:80384kB active_anon:2162120kB inactive_anon:608kB active_file:114624kB inactive_file:111148kB unevictable:0kB writepending:176kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:42176kB pagetables:121388kB bounce:0kB free_pcp:1388kB local_pcp:660kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 3*4kB (U) 4*8kB (UM) 0*16kB 2*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 1*512kB (M) 1*1024kB (M) 0*2048kB 2*4096kB (ME) = 10348kB
Node 0 DMA32: 388*4kB (UMEH) 1478*8kB (UMEH) 313*16kB (UMEH) 332*32kB (UMEH) 28*64kB (UME) 5*128kB (UM) 2*256kB (UM) 0*512kB 4*1024kB (M) 0*2048kB 0*4096kB = 36048kB
Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 1 Normal: 258*4kB (UM) 110*8kB (UME) 356*16kB (UME) 947*32kB (UME) 497*64kB (UME) 152*128kB (UME) 179*256kB (UME) 114*512kB (UM) 41*1024kB (UM) 7*2048kB (UME) 149*4096kB (UM) = 859992kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
39311 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
338455 pages reserved
0 pages cma reserved
new mount options do not match the existing superblock, will be ignored
syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
syz-executor.4 cpuset=/ mems_allowed=0-1
CPU: 0 PID: 29220 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3249
__alloc_pages_slowpath mm/page_alloc.c:4096 [inline]
__alloc_pages_nodemask+0x2129/0x2730 mm/page_alloc.c:4199
alloc_pages_current+0xe7/0x1e0 mm/mempolicy.c:2113
alloc_pages include/linux/gfp.h:520 [inline]
alloc_mmu_pages arch/x86/kvm/mmu.c:5142 [inline]
kvm_mmu_create+0xd1/0x1c0 arch/x86/kvm/mmu.c:5160
kvm_arch_vcpu_init+0x282/0x890 arch/x86/kvm/x86.c:8306
kvm_vcpu_init+0x26d/0x360 arch/x86/kvm/../../../virt/kvm/kvm_main.c:320
vmx_create_vcpu+0xf5/0x2950 arch/x86/kvm/vmx.c:10038
kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2549 [inline]
kvm_vm_ioctl+0x4ae/0x1430 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3057
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007f3f9932bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004e7400 RCX: 000000000045ca69
RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000396 R14: 00000000004c6306 R15: 00007f3f9932c6d4
warn_alloc_show_mem: 1 callbacks suppressed
Mem-Info:
active_anon:1000048 inactive_anon:9347 isolated_anon:0
active_file:28685 inactive_file:30772 isolated_file:0
unevictable:4097 dirty:40 writeback:0 unstable:0
slab_reclaimable:17153 slab_unreclaimable:144954
mapped:58941 shmem:5066 pagetables:42275 bounce:0
free:225005 free_pcp:480 free_cma:0
Node 0 active_anon:1846484kB inactive_anon:36780kB active_file:32kB inactive_file:200kB unevictable:16388kB isolated(anon):0kB isolated(file):0kB mapped:215720kB dirty:8kB writeback:0kB shmem:19056kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1314816kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
Node 1 active_anon:2156008kB inactive_anon:608kB active_file:114708kB inactive_file:122888kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20044kB dirty:152kB writeback:0kB shmem:1208kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 0 DMA free:10348kB min:220kB low:272kB high:324kB active_anon:4528kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2559 2559 2559 2559
Node 0 DMA32 free:36064kB min:36296kB low:45368kB high:54440kB active_anon:1841956kB inactive_anon:36780kB active_file:32kB inactive_file:200kB unevictable:16388kB writepending:8kB present:3129332kB managed:2623996kB mlocked:16388kB kernel_stack:15264kB pagetables:47400kB bounce:0kB free_pcp:992kB local_pcp:380kB free_cma:0kB
ptrace attach of "/root/syz-executor.2"[6365] was attempted by ""[29254]
lowmem_reserve[]: 0 0 0 0 0
Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
new mount options do not match the existing superblock, will be ignored
lowmem_reserve[]: 0 0 0 0 0
Node 1 Normal free:849952kB min:53592kB low:66988kB high:80384kB active_anon:2159108kB inactive_anon:608kB active_file:114708kB inactive_file:122088kB unevictable:0kB writepending:152kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:42656kB pagetables:121404kB bounce:0kB free_pcp:1252kB local_pcp:616kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 3*4kB (U) 4*8kB (UM) 0*16kB 2*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 1*512kB (M) 1*1024kB (M) 0*2048kB 2*4096kB (ME) = 10348kB
Node 0 DMA32: 607*4kB (UMEH) 1490*8kB (UMEH) 315*16kB (UMEH) 332*32kB (UMEH) 28*64kB (UME) 5*128kB (UM) 2*256kB (UM) 0*512kB 4*1024kB (M) 0*2048kB 0*4096kB = 37052kB
audit: type=1804 audit(1590847754.858:360): pid=29271 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir192810843/syzkaller.lKOLKd/1341/bus" dev="sda1" ino=17439 res=1
batman_adv: batadv0: Interface deactivated: batadv_slave_0
device batadv_slave_0 entered promiscuous mode
Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 1 Normal: 134*4kB (UME) 239*8kB (UME) 383*16kB (UME) 611*32kB (UME) 491*64kB (UME) 153*128kB (UME) 181*256kB (UME) 117*512kB (UM) 43*1024kB (UM) 7*2048kB (UME) 149*4096kB (UM) = 854048kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
39467 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
338455 pages reserved
0 pages cma reserved
audit: type=1804 audit(1590847755.628:361): pid=29281 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir192810843/syzkaller.lKOLKd/1341/bus" dev="sda1" ino=17439 res=1
audit: type=1804 audit(1590847755.688:362): pid=29307 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir192810843/syzkaller.lKOLKd/1341/bus" dev="sda1" ino=17439 res=1
nla_parse: 3 callbacks suppressed
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 29350 Comm: syz-executor.5 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
should_failslab+0xd6/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc_node mm/slab.c:3297 [inline]
kmem_cache_alloc_node+0x25f/0x400 mm/slab.c:3640
__alloc_skb+0x9a/0x4c0 net/core/skbuff.c:193
alloc_skb include/linux/skbuff.h:980 [inline]
alloc_skb_with_frags+0x85/0x500 net/core/skbuff.c:5228
sock_alloc_send_pskb+0x57b/0x6d0 net/core/sock.c:2081
__ip6_append_data.isra.0+0x1646/0x28d0 net/ipv6/ip6_output.c:1419
ip6_append_data+0x1c3/0x300 net/ipv6/ip6_output.c:1582
l2tp_ip6_sendmsg+0x8fa/0x14f0 net/l2tp/l2tp_ip6.c:649
inet_sendmsg+0x116/0x4d0 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x349/0x840 net/socket.c:2062
__sys_sendmmsg+0x129/0x330 net/socket.c:2152
SYSC_sendmmsg net/socket.c:2183 [inline]
SyS_sendmmsg+0x2f/0x50 net/socket.c:2178
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007f920f4f4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000004fc680 RCX: 000000000045ca69
RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000003
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
R13: 00000000000008e0 R14: 00000000004cba83 R15: 00007f920f4f56d4
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
audit: type=1800 audit(1590847756.569:363): pid=29370 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=16990 res=0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 29381 Comm: syz-executor.5 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
should_failslab+0xd6/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc_node mm/slab.c:3297 [inline]
kmem_cache_alloc_node_trace+0x25a/0x400 mm/slab.c:3659
__do_kmalloc_node mm/slab.c:3681 [inline]
__kmalloc_node_track_caller+0x38/0x70 mm/slab.c:3696
__kmalloc_reserve.isra.0+0x35/0xd0 net/core/skbuff.c:137
__alloc_skb+0xca/0x4c0 net/core/skbuff.c:205
sg_write: process 5510 (syz-executor.1) called from kernel context, this is not allowed.
alloc_skb include/linux/skbuff.h:980 [inline]
alloc_skb_with_frags+0x85/0x500 net/core/skbuff.c:5228
sock_alloc_send_pskb+0x57b/0x6d0 net/core/sock.c:2081
__ip6_append_data.isra.0+0x1646/0x28d0 net/ipv6/ip6_output.c:1419
ip6_append_data+0x1c3/0x300 net/ipv6/ip6_output.c:1582
l2tp_ip6_sendmsg+0x8fa/0x14f0 net/l2tp/l2tp_ip6.c:649
inet_sendmsg+0x116/0x4d0 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x349/0x840 net/socket.c:2062
__sys_sendmmsg+0x129/0x330 net/socket.c:2152
SYSC_sendmmsg net/socket.c:2183 [inline]
SyS_sendmmsg+0x2f/0x50 net/socket.c:2178
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007f920f4f4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000004fc680 RCX: 000000000045ca69
RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000003
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
R13: 00000000000008e0 R14: 00000000004cba83 R15: 00007f920f4f56d4
audit: type=1804 audit(1590847757.159:364): pid=29398 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir192810843/syzkaller.lKOLKd/1344/bus" dev="sda1" ino=17523 res=1
audit: type=1804 audit(1590847757.169:365): pid=29398 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir192810843/syzkaller.lKOLKd/1344/bus" dev="sda1" ino=17523 res=1
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 29405 Comm: syz-executor.5 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
should_failslab+0xd6/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3376 [inline]
kmem_cache_alloc+0x40/0x3c0 mm/slab.c:3550
skb_clone+0x126/0x320 net/core/skbuff.c:1282
dev_queue_xmit_nit+0x2ee/0x950 net/core/dev.c:1943
xmit_one net/core/dev.c:3005 [inline]
dev_hard_start_xmit+0xa8/0x880 net/core/dev.c:3025
__dev_queue_xmit+0x1dce/0x25a0 net/core/dev.c:3525
neigh_output include/net/neighbour.h:500 [inline]
ip6_finish_output2+0x1114/0x21b0 net/ipv6/ip6_output.c:120
audit: type=1804 audit(1590847757.279:366): pid=29403 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir192810843/syzkaller.lKOLKd/1344/bus" dev="sda1" ino=17523 res=1
ip6_finish_output+0x702/0xaf0 net/ipv6/ip6_output.c:154
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip6_output+0x1c5/0x660 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:462 [inline]
ip6_local_out+0x93/0x170 net/ipv6/output_core.c:178
ip6_send_skb+0x9b/0x2f0 net/ipv6/ip6_output.c:1688
ip6_push_pending_frames+0xaf/0xd0 net/ipv6/ip6_output.c:1708
l2tp_ip6_push_pending_frames net/l2tp/l2tp_ip6.c:491 [inline]
l2tp_ip6_sendmsg+0x10f9/0x14f0 net/l2tp/l2tp_ip6.c:656
inet_sendmsg+0x116/0x4d0 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x349/0x840 net/socket.c:2062
__sys_sendmmsg+0x129/0x330 net/socket.c:2152
SYSC_sendmmsg net/socket.c:2183 [inline]
SyS_sendmmsg+0x2f/0x50 net/socket.c:2178
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007f920f4f4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000004fc680 RCX: 000000000045ca69
audit: type=1804 audit(1590847757.279:367): pid=29398 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir192810843/syzkaller.lKOLKd/1344/bus" dev="sda1" ino=17523 res=1
audit: type=1804 audit(1590847757.289:368): pid=29398 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir192810843/syzkaller.lKOLKd/1344/bus" dev="sda1" ino=17523 res=1
RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000003
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
R13: 00000000000008e0 R14: 00000000004cba83 R15: 00007f920f4f56d4
Process accounting resumed
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
syz-executor.4 cpuset=/ mems_allowed=0-1
CPU: 0 PID: 29441 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3249
__alloc_pages_slowpath mm/page_alloc.c:4096 [inline]
__alloc_pages_nodemask+0x2129/0x2730 mm/page_alloc.c:4199
alloc_pages_current+0xe7/0x1e0 mm/mempolicy.c:2113
alloc_pages include/linux/gfp.h:520 [inline]
alloc_mmu_pages arch/x86/kvm/mmu.c:5142 [inline]
kvm_mmu_create+0xd1/0x1c0 arch/x86/kvm/mmu.c:5160
kvm_arch_vcpu_init+0x282/0x890 arch/x86/kvm/x86.c:8306
kvm_vcpu_init+0x26d/0x360 arch/x86/kvm/../../../virt/kvm/kvm_main.c:320
vmx_create_vcpu+0xf5/0x2950 arch/x86/kvm/vmx.c:10038
kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2549 [inline]
kvm_vm_ioctl+0x4ae/0x1430 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3057
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007f3f9932bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004e7400 RCX: 000000000045ca69
RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000396 R14: 00000000004c6306 R15: 00007f3f9932c6d4
audit: type=1326 audit(1590847758.719:369): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29440 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x45f8aa code=0x50000
Mem-Info:
active_anon:1002101 inactive_anon:9346 isolated_anon:0
active_file:28675 inactive_file:30546 isolated_file:0
unevictable:4097 dirty:33 writeback:0 unstable:0
slab_reclaimable:17200 slab_unreclaimable:142979
mapped:58983 shmem:5066 pagetables:42353 bounce:0
free:225131 free_pcp:394 free_cma:0
Node 0 active_anon:1846380kB inactive_anon:36780kB active_file:8kB inactive_file:8kB unevictable:16388kB isolated(anon):0kB isolated(file):16kB mapped:215940kB dirty:20kB writeback:8kB shmem:19056kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1314816kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
Node 1 active_anon:2161972kB inactive_anon:608kB active_file:114712kB inactive_file:122196kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20044kB dirty:132kB writeback:160kB shmem:1208kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 4f68020f Linux 4.14.182
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17523f9a100000
kernel config: https://syzkaller.appspot.com/x/.config?x=512ec6eb8f94d0c8
dashboard link: https://syzkaller.appspot.com/bug?extid=6a6671c118d6415093db
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6a6671...@syzkaller.appspotmail.com
=============================
WARNING: suspicious RCU usage
4.14.182-syzkaller #0 Not tainted
-----------------------------
net/sched/act_sample.c:95 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
syz-executor.4 cpuset=/ mems_allowed=0-1
1 lock held by syz-executor.1/29036:
CPU: 1 PID: 29034 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3249
__alloc_pages_slowpath mm/page_alloc.c:4096 [inline]
__alloc_pages_nodemask+0x2129/0x2730 mm/page_alloc.c:4199
alloc_pages_current+0xe7/0x1e0 mm/mempolicy.c:2113
alloc_pages include/linux/gfp.h:520 [inline]
alloc_mmu_pages arch/x86/kvm/mmu.c:5142 [inline]
kvm_mmu_create+0xd1/0x1c0 arch/x86/kvm/mmu.c:5160
kvm_arch_vcpu_init+0x282/0x890 arch/x86/kvm/x86.c:8306
kvm_vcpu_init+0x26d/0x360 arch/x86/kvm/../../../virt/kvm/kvm_main.c:320
vmx_create_vcpu+0xf5/0x2950 arch/x86/kvm/vmx.c:10038
kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2549 [inline]
kvm_vm_ioctl+0x4ae/0x1430 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3057
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007f3f9932bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004e7400 RCX: 000000000045ca69
RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000396 R14: 00000000004c6306 R15: 00007f3f9932c6d4
#0: (rtnl_mutex){+.+.}, at: [<ffffffff8502bf2d>] rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: (rtnl_mutex){+.+.}, at: [<ffffffff8502bf2d>] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4310
stack backtrace:
CPU: 1 PID: 29036 Comm: syz-executor.1 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
tcf_sample_init+0x71c/0x8c0 net/sched/act_sample.c:95
tcf_action_init_1+0x51a/0x9f0 net/sched/act_api.c:682
tcf_action_init+0x26d/0x400 net/sched/act_api.c:751
tcf_action_add net/sched/act_api.c:1079 [inline]
tc_ctl_action+0x2e3/0x513 net/sched/act_api.c:1131
rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4315
netlink_rcv_skb+0x127/0x370 net/netlink/af_netlink.c:2433
netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline]
netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313
netlink_sendmsg+0x64a/0xbb0 net/netlink/af_netlink.c:1878
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xa3/0x120 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 net/socket.c:2103
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007feeb5362c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000500fc0 RCX: 000000000045ca69
RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
RBP: 000000000078c040 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000a05 R14: 00000000004cce1d R15: 00007feeb53636d4
Mem-Info:
active_anon:1002541 inactive_anon:9347 isolated_anon:0
active_file:28678 inactive_file:27099 isolated_file:3
unevictable:4097 dirty:0 writeback:0 unstable:0
slab_reclaimable:17100 slab_unreclaimable:144771
mapped:58290 shmem:5066 pagetables:42235 bounce:0
free:226689 free_pcp:495 free_cma:0
Node 0 active_anon:1846684kB inactive_anon:36780kB active_file:16kB inactive_file:4kB unevictable:16388kB isolated(anon):0kB isolated(file):12kB mapped:215624kB dirty:4kB writeback:0kB shmem:19056kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1314816kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 1 active_anon:2162180kB inactive_anon:608kB active_file:114696kB inactive_file:108392kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:17536kB dirty:0kB writeback:0kB shmem:1208kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 0 DMA free:10356kB min:220kB low:272kB high:324kB active_anon:4528kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2559 2559 2559 2559
Node 0 DMA32 free:36528kB min:36296kB low:45368kB high:54440kB active_anon:1842156kB inactive_anon:36780kB active_file:16kB inactive_file:4kB unevictable:16388kB writepending:4kB present:3129332kB managed:2623996kB mlocked:16388kB kernel_stack:15264kB pagetables:47400kB bounce:0kB free_pcp:696kB local_pcp:132kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 1 Normal free:861140kB min:53592kB low:66988kB high:80384kB active_anon:2162180kB inactive_anon:608kB active_file:114696kB inactive_file:108392kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:42400kB pagetables:121392kB bounce:0kB free_pcp:1448kB local_pcp:732kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 3*4kB (U) 4*8kB (UM) 0*16kB 2*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 1*512kB (M) 1*1024kB (M) 0*2048kB 2*4096kB (ME) = 10348kB
Node 0 DMA32: 388*4kB (UMEH) 1476*8kB (UMEH) 313*16kB (UMEH) 332*32kB (UMEH) 28*64kB (UME) 5*128kB (UM) 2*256kB (UM) 0*512kB 4*1024kB (M) 0*2048kB 0*4096kB = 36032kB
Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 1 Normal: 427*4kB (UME) 379*8kB (UME) 727*16kB (UME) 980*32kB (UME) 497*64kB (UME) 108*128kB (UME) 179*256kB (UME) 114*512kB (UM) 41*1024kB (UM) 6*2048kB (UME) 149*4096kB (UM) = 862132kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
38375 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
338455 pages reserved
0 pages cma reserved
Option ':h��5��^�' to dns_resolver key: bad/missing value
syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
syz-executor.4 cpuset=/ mems_allowed=0-1
CPU: 1 PID: 29103 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3249
__alloc_pages_slowpath mm/page_alloc.c:4096 [inline]
__alloc_pages_nodemask+0x2129/0x2730 mm/page_alloc.c:4199
alloc_pages_current+0xe7/0x1e0 mm/mempolicy.c:2113
alloc_pages include/linux/gfp.h:520 [inline]
alloc_mmu_pages arch/x86/kvm/mmu.c:5142 [inline]
kvm_mmu_create+0xd1/0x1c0 arch/x86/kvm/mmu.c:5160
kvm_arch_vcpu_init+0x282/0x890 arch/x86/kvm/x86.c:8306
kvm_vcpu_init+0x26d/0x360 arch/x86/kvm/../../../virt/kvm/kvm_main.c:320
vmx_create_vcpu+0xf5/0x2950 arch/x86/kvm/vmx.c:10038
kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2549 [inline]
kvm_vm_ioctl+0x4ae/0x1430 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3057
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007f3f9932bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004e7400 RCX: 000000000045ca69
RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000396 R14: 00000000004c6306 R15: 00007f3f9932c6d4
Mem-Info:
syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
active_anon:1002266 inactive_anon:9347 isolated_anon:0
active_file:28667 inactive_file:27774 isolated_file:0
unevictable:4097 dirty:36 writeback:0 unstable:0
slab_reclaimable:17142 slab_unreclaimable:144867
mapped:58969 shmem:5066 pagetables:42230 bounce:0
free:226153 free_pcp:432 free_cma:0
syz-executor.4 cpuset=/ mems_allowed=0-1
CPU: 0 PID: 29104 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3249
__alloc_pages_slowpath mm/page_alloc.c:4096 [inline]
__alloc_pages_nodemask+0x2129/0x2730 mm/page_alloc.c:4199
alloc_pages_current+0xe7/0x1e0 mm/mempolicy.c:2113
alloc_pages include/linux/gfp.h:520 [inline]
alloc_mmu_pages arch/x86/kvm/mmu.c:5142 [inline]
kvm_mmu_create+0xd1/0x1c0 arch/x86/kvm/mmu.c:5160
kvm_arch_vcpu_init+0x282/0x890 arch/x86/kvm/x86.c:8306
kvm_vcpu_init+0x26d/0x360 arch/x86/kvm/../../../virt/kvm/kvm_main.c:320
vmx_create_vcpu+0xf5/0x2950 arch/x86/kvm/vmx.c:10038
Node 0 active_anon:1846684kB inactive_anon:36780kB active_file:28kB inactive_file:4kB unevictable:16388kB isolated(anon):0kB isolated(file):0kB mapped:215676kB dirty:8kB writeback:0kB shmem:19056kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1314816kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2549 [inline]
kvm_vm_ioctl+0x4ae/0x1430 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3057
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007f3f9930ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
Node 1 active_anon:2162380kB inactive_anon:608kB active_file:114640kB inactive_file:111092kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20200kB dirty:136kB writeback:0kB shmem:1208kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
RAX: ffffffffffffffda RBX: 00000000004e7400 RCX: 000000000045ca69
RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
RBP: 000000000078c040 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000396 R14: 00000000004c6306 R15: 00007f3f9930b6d4
Node 0 DMA free:10348kB min:220kB low:272kB high:324kB active_anon:4528kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2559 2559 2559 2559
Node 0 DMA32 free:36040kB min:36296kB low:45368kB high:54440kB active_anon:1842156kB inactive_anon:36780kB active_file:24kB inactive_file:8kB unevictable:16388kB writepending:8kB present:3129332kB managed:2623996kB mlocked:16388kB kernel_stack:15264kB pagetables:47400kB bounce:0kB free_pcp:768kB local_pcp:596kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 1 Normal free:859964kB min:53592kB low:66988kB high:80384kB active_anon:2162120kB inactive_anon:608kB active_file:114624kB inactive_file:111148kB unevictable:0kB writepending:176kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:42176kB pagetables:121388kB bounce:0kB free_pcp:1388kB local_pcp:660kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 3*4kB (U) 4*8kB (UM) 0*16kB 2*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 1*512kB (M) 1*1024kB (M) 0*2048kB 2*4096kB (ME) = 10348kB
Node 0 DMA32: 388*4kB (UMEH) 1478*8kB (UMEH) 313*16kB (UMEH) 332*32kB (UMEH) 28*64kB (UME) 5*128kB (UM) 2*256kB (UM) 0*512kB 4*1024kB (M) 0*2048kB 0*4096kB = 36048kB
Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 1 Normal: 258*4kB (UM) 110*8kB (UME) 356*16kB (UME) 947*32kB (UME) 497*64kB (UME) 152*128kB (UME) 179*256kB (UME) 114*512kB (UM) 41*1024kB (UM) 7*2048kB (UME) 149*4096kB (UM) = 859992kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
39311 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
338455 pages reserved
0 pages cma reserved
new mount options do not match the existing superblock, will be ignored
syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
syz-executor.4 cpuset=/ mems_allowed=0-1
CPU: 0 PID: 29220 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3249
__alloc_pages_slowpath mm/page_alloc.c:4096 [inline]
__alloc_pages_nodemask+0x2129/0x2730 mm/page_alloc.c:4199
alloc_pages_current+0xe7/0x1e0 mm/mempolicy.c:2113
alloc_pages include/linux/gfp.h:520 [inline]
alloc_mmu_pages arch/x86/kvm/mmu.c:5142 [inline]
kvm_mmu_create+0xd1/0x1c0 arch/x86/kvm/mmu.c:5160
kvm_arch_vcpu_init+0x282/0x890 arch/x86/kvm/x86.c:8306
kvm_vcpu_init+0x26d/0x360 arch/x86/kvm/../../../virt/kvm/kvm_main.c:320
vmx_create_vcpu+0xf5/0x2950 arch/x86/kvm/vmx.c:10038
kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2549 [inline]
kvm_vm_ioctl+0x4ae/0x1430 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3057
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007f3f9932bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004e7400 RCX: 000000000045ca69
RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000396 R14: 00000000004c6306 R15: 00007f3f9932c6d4
warn_alloc_show_mem: 1 callbacks suppressed
Mem-Info:
active_anon:1000048 inactive_anon:9347 isolated_anon:0
active_file:28685 inactive_file:30772 isolated_file:0
unevictable:4097 dirty:40 writeback:0 unstable:0
slab_reclaimable:17153 slab_unreclaimable:144954
mapped:58941 shmem:5066 pagetables:42275 bounce:0
free:225005 free_pcp:480 free_cma:0
Node 0 active_anon:1846484kB inactive_anon:36780kB active_file:32kB inactive_file:200kB unevictable:16388kB isolated(anon):0kB isolated(file):0kB mapped:215720kB dirty:8kB writeback:0kB shmem:19056kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1314816kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
Node 1 active_anon:2156008kB inactive_anon:608kB active_file:114708kB inactive_file:122888kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20044kB dirty:152kB writeback:0kB shmem:1208kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 0 DMA free:10348kB min:220kB low:272kB high:324kB active_anon:4528kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2559 2559 2559 2559
Node 0 DMA32 free:36064kB min:36296kB low:45368kB high:54440kB active_anon:1841956kB inactive_anon:36780kB active_file:32kB inactive_file:200kB unevictable:16388kB writepending:8kB present:3129332kB managed:2623996kB mlocked:16388kB kernel_stack:15264kB pagetables:47400kB bounce:0kB free_pcp:992kB local_pcp:380kB free_cma:0kB
ptrace attach of "/root/syz-executor.2"[6365] was attempted by ""[29254]
lowmem_reserve[]: 0 0 0 0 0
Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
new mount options do not match the existing superblock, will be ignored
lowmem_reserve[]: 0 0 0 0 0
Node 1 Normal free:849952kB min:53592kB low:66988kB high:80384kB active_anon:2159108kB inactive_anon:608kB active_file:114708kB inactive_file:122088kB unevictable:0kB writepending:152kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:42656kB pagetables:121404kB bounce:0kB free_pcp:1252kB local_pcp:616kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 3*4kB (U) 4*8kB (UM) 0*16kB 2*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 1*512kB (M) 1*1024kB (M) 0*2048kB 2*4096kB (ME) = 10348kB
Node 0 DMA32: 607*4kB (UMEH) 1490*8kB (UMEH) 315*16kB (UMEH) 332*32kB (UMEH) 28*64kB (UME) 5*128kB (UM) 2*256kB (UM) 0*512kB 4*1024kB (M) 0*2048kB 0*4096kB = 37052kB
audit: type=1804 audit(1590847754.858:360): pid=29271 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir192810843/syzkaller.lKOLKd/1341/bus" dev="sda1" ino=17439 res=1
batman_adv: batadv0: Interface deactivated: batadv_slave_0
device batadv_slave_0 entered promiscuous mode
Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 1 Normal: 134*4kB (UME) 239*8kB (UME) 383*16kB (UME) 611*32kB (UME) 491*64kB (UME) 153*128kB (UME) 181*256kB (UME) 117*512kB (UM) 43*1024kB (UM) 7*2048kB (UME) 149*4096kB (UM) = 854048kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
39467 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
338455 pages reserved
0 pages cma reserved
audit: type=1804 audit(1590847755.628:361): pid=29281 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir192810843/syzkaller.lKOLKd/1341/bus" dev="sda1" ino=17439 res=1
audit: type=1804 audit(1590847755.688:362): pid=29307 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir192810843/syzkaller.lKOLKd/1341/bus" dev="sda1" ino=17439 res=1
nla_parse: 3 callbacks suppressed
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 29350 Comm: syz-executor.5 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
should_failslab+0xd6/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc_node mm/slab.c:3297 [inline]
kmem_cache_alloc_node+0x25f/0x400 mm/slab.c:3640
__alloc_skb+0x9a/0x4c0 net/core/skbuff.c:193
alloc_skb include/linux/skbuff.h:980 [inline]
alloc_skb_with_frags+0x85/0x500 net/core/skbuff.c:5228
sock_alloc_send_pskb+0x57b/0x6d0 net/core/sock.c:2081
__ip6_append_data.isra.0+0x1646/0x28d0 net/ipv6/ip6_output.c:1419
ip6_append_data+0x1c3/0x300 net/ipv6/ip6_output.c:1582
l2tp_ip6_sendmsg+0x8fa/0x14f0 net/l2tp/l2tp_ip6.c:649
inet_sendmsg+0x116/0x4d0 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x349/0x840 net/socket.c:2062
__sys_sendmmsg+0x129/0x330 net/socket.c:2152
SYSC_sendmmsg net/socket.c:2183 [inline]
SyS_sendmmsg+0x2f/0x50 net/socket.c:2178
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007f920f4f4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000004fc680 RCX: 000000000045ca69
RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000003
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
R13: 00000000000008e0 R14: 00000000004cba83 R15: 00007f920f4f56d4
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
audit: type=1800 audit(1590847756.569:363): pid=29370 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=16990 res=0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 29381 Comm: syz-executor.5 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
should_failslab+0xd6/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc_node mm/slab.c:3297 [inline]
kmem_cache_alloc_node_trace+0x25a/0x400 mm/slab.c:3659
__do_kmalloc_node mm/slab.c:3681 [inline]
__kmalloc_node_track_caller+0x38/0x70 mm/slab.c:3696
__kmalloc_reserve.isra.0+0x35/0xd0 net/core/skbuff.c:137
__alloc_skb+0xca/0x4c0 net/core/skbuff.c:205
sg_write: process 5510 (syz-executor.1) called from kernel context, this is not allowed.
alloc_skb include/linux/skbuff.h:980 [inline]
alloc_skb_with_frags+0x85/0x500 net/core/skbuff.c:5228
sock_alloc_send_pskb+0x57b/0x6d0 net/core/sock.c:2081
__ip6_append_data.isra.0+0x1646/0x28d0 net/ipv6/ip6_output.c:1419
ip6_append_data+0x1c3/0x300 net/ipv6/ip6_output.c:1582
l2tp_ip6_sendmsg+0x8fa/0x14f0 net/l2tp/l2tp_ip6.c:649
inet_sendmsg+0x116/0x4d0 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x349/0x840 net/socket.c:2062
__sys_sendmmsg+0x129/0x330 net/socket.c:2152
SYSC_sendmmsg net/socket.c:2183 [inline]
SyS_sendmmsg+0x2f/0x50 net/socket.c:2178
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007f920f4f4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000004fc680 RCX: 000000000045ca69
RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000003
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
R13: 00000000000008e0 R14: 00000000004cba83 R15: 00007f920f4f56d4
audit: type=1804 audit(1590847757.159:364): pid=29398 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir192810843/syzkaller.lKOLKd/1344/bus" dev="sda1" ino=17523 res=1
audit: type=1804 audit(1590847757.169:365): pid=29398 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir192810843/syzkaller.lKOLKd/1344/bus" dev="sda1" ino=17523 res=1
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 29405 Comm: syz-executor.5 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
should_failslab+0xd6/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3376 [inline]
kmem_cache_alloc+0x40/0x3c0 mm/slab.c:3550
skb_clone+0x126/0x320 net/core/skbuff.c:1282
dev_queue_xmit_nit+0x2ee/0x950 net/core/dev.c:1943
xmit_one net/core/dev.c:3005 [inline]
dev_hard_start_xmit+0xa8/0x880 net/core/dev.c:3025
__dev_queue_xmit+0x1dce/0x25a0 net/core/dev.c:3525
neigh_output include/net/neighbour.h:500 [inline]
ip6_finish_output2+0x1114/0x21b0 net/ipv6/ip6_output.c:120
audit: type=1804 audit(1590847757.279:366): pid=29403 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir192810843/syzkaller.lKOLKd/1344/bus" dev="sda1" ino=17523 res=1
ip6_finish_output+0x702/0xaf0 net/ipv6/ip6_output.c:154
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip6_output+0x1c5/0x660 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:462 [inline]
ip6_local_out+0x93/0x170 net/ipv6/output_core.c:178
ip6_send_skb+0x9b/0x2f0 net/ipv6/ip6_output.c:1688
ip6_push_pending_frames+0xaf/0xd0 net/ipv6/ip6_output.c:1708
l2tp_ip6_push_pending_frames net/l2tp/l2tp_ip6.c:491 [inline]
l2tp_ip6_sendmsg+0x10f9/0x14f0 net/l2tp/l2tp_ip6.c:656
inet_sendmsg+0x116/0x4d0 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x349/0x840 net/socket.c:2062
__sys_sendmmsg+0x129/0x330 net/socket.c:2152
SYSC_sendmmsg net/socket.c:2183 [inline]
SyS_sendmmsg+0x2f/0x50 net/socket.c:2178
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007f920f4f4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000004fc680 RCX: 000000000045ca69
audit: type=1804 audit(1590847757.279:367): pid=29398 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir192810843/syzkaller.lKOLKd/1344/bus" dev="sda1" ino=17523 res=1
audit: type=1804 audit(1590847757.289:368): pid=29398 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/root/syzkaller-testdir192810843/syzkaller.lKOLKd/1344/bus" dev="sda1" ino=17523 res=1
RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000003
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
R13: 00000000000008e0 R14: 00000000004cba83 R15: 00007f920f4f56d4
Process accounting resumed
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
syz-executor.4 cpuset=/ mems_allowed=0-1
CPU: 0 PID: 29441 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3249
__alloc_pages_slowpath mm/page_alloc.c:4096 [inline]
__alloc_pages_nodemask+0x2129/0x2730 mm/page_alloc.c:4199
alloc_pages_current+0xe7/0x1e0 mm/mempolicy.c:2113
alloc_pages include/linux/gfp.h:520 [inline]
alloc_mmu_pages arch/x86/kvm/mmu.c:5142 [inline]
kvm_mmu_create+0xd1/0x1c0 arch/x86/kvm/mmu.c:5160
kvm_arch_vcpu_init+0x282/0x890 arch/x86/kvm/x86.c:8306
kvm_vcpu_init+0x26d/0x360 arch/x86/kvm/../../../virt/kvm/kvm_main.c:320
vmx_create_vcpu+0xf5/0x2950 arch/x86/kvm/vmx.c:10038
kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2549 [inline]
kvm_vm_ioctl+0x4ae/0x1430 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3057
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca69
RSP: 002b:00007f3f9932bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004e7400 RCX: 000000000045ca69
RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000396 R14: 00000000004c6306 R15: 00007f3f9932c6d4
audit: type=1326 audit(1590847758.719:369): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=29440 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x45f8aa code=0x50000
Mem-Info:
active_anon:1002101 inactive_anon:9346 isolated_anon:0
active_file:28675 inactive_file:30546 isolated_file:0
unevictable:4097 dirty:33 writeback:0 unstable:0
slab_reclaimable:17200 slab_unreclaimable:142979
mapped:58983 shmem:5066 pagetables:42353 bounce:0
free:225131 free_pcp:394 free_cma:0
Node 0 active_anon:1846380kB inactive_anon:36780kB active_file:8kB inactive_file:8kB unevictable:16388kB isolated(anon):0kB isolated(file):16kB mapped:215940kB dirty:20kB writeback:8kB shmem:19056kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1314816kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
Node 1 active_anon:2161972kB inactive_anon:608kB active_file:114712kB inactive_file:122196kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:20044kB dirty:132kB writeback:160kB shmem:1208kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Nov 3, 2020, 12:12:13 PM11/3/20
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages