possible deadlock in rds_tcp_reset_callbacks
8 Aufrufe
Direkt zur ersten ungelesenen Nachricht
syzbot
19.02.2020, 21:21:1119.02.20
an syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 98db2bf2 Linux 4.14.171
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=151d8265e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=365f8162d5a0794b
dashboard link: https://syzkaller.appspot.com/bug?extid=574ab7872249eb9cf9b6
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+574ab7...@syzkaller.appspotmail.com
netlink: 144 bytes leftover after parsing attributes in process `syz-executor.2'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
======================================================
WARNING: possible circular locking dependency detected
4.14.171-syzkaller #0 Not tainted
------------------------------------------------------
kworker/u4:2/25 is trying to acquire lock:
((&(&cp->cp_send_w)->work)){+.+.}, at: [<ffffffff813c5de4>] flush_work+0x84/0x730 kernel/workqueue.c:2884
but task is already holding lock:
(k-sk_lock-AF_INET){+.+.}, at: [<ffffffff85fda7ed>] lock_sock include/net/sock.h:1467 [inline]
(k-sk_lock-AF_INET){+.+.}, at: [<ffffffff85fda7ed>] rds_tcp_reset_callbacks+0x18d/0x4a0 net/rds/tcp.c:165
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (k-sk_lock-AF_INET){+.+.}:
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
lock_sock_nested+0xbd/0x110 net/core/sock.c:2770
lock_sock include/net/sock.h:1467 [inline]
do_tcp_setsockopt.isra.0+0x11a/0x1e10 net/ipv4/tcp.c:2557
tcp_setsockopt+0xb3/0xd0 net/ipv4/tcp.c:2828
sock_common_setsockopt+0x94/0xd0 net/core/sock.c:2968
kernel_setsockopt+0x104/0x1d0 net/socket.c:3396
rds_tcp_cork net/rds/tcp_send.c:43 [inline]
rds_tcp_xmit_path_prepare+0xba/0xf0 net/rds/tcp_send.c:50
rds_send_xmit+0x1b2/0x1cd0 net/rds/send.c:187
rds_send_worker+0x73/0x250 net/rds/threads.c:189
process_one_work+0x863/0x1600 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
-> #0 ((&(&cp->cp_send_w)->work)){+.+.}:
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]
__lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
flush_work+0xae/0x730 kernel/workqueue.c:2887
__cancel_work_timer+0x2f0/0x480 kernel/workqueue.c:2962
cancel_delayed_work_sync+0x1b/0x20 kernel/workqueue.c:3082
rds_tcp_reset_callbacks+0x19a/0x4a0 net/rds/tcp.c:167
rds_tcp_accept_one+0x682/0xa10 net/rds/tcp_listen.c:194
rds_tcp_accept_worker+0x53/0x70 net/rds/tcp.c:407
process_one_work+0x863/0x1600 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(k-sk_lock-AF_INET);
lock((&(&cp->cp_send_w)->work));
lock(k-sk_lock-AF_INET);
lock((&(&cp->cp_send_w)->work));
*** DEADLOCK ***
4 locks held by kworker/u4:2/25:
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] work_static include/linux/workqueue.h:199 [inline]
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] set_work_data kernel/workqueue.c:619 [inline]
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] process_one_work+0x76e/0x1600 kernel/workqueue.c:2085
#1: ((&rtn->rds_tcp_accept_w)){+.+.}, at: [<ffffffff813cd5cb>] process_one_work+0x7ab/0x1600 kernel/workqueue.c:2089
#2: (&tc->t_conn_path_lock){+.+.}, at: [<ffffffff85fdc8c8>] rds_tcp_accept_one+0x548/0xa10 net/rds/tcp_listen.c:186
#3: (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff85fda7ed>] lock_sock include/net/sock.h:1467 [inline]
#3: (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff85fda7ed>] rds_tcp_reset_callbacks+0x18d/0x4a0 net/rds/tcp.c:165
stack backtrace:
CPU: 0 PID: 25 Comm: kworker/u4:2 Not tainted 4.14.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: krdsd rds_tcp_accept_worker
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]
__lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
flush_work+0xae/0x730 kernel/workqueue.c:2887
__cancel_work_timer+0x2f0/0x480 kernel/workqueue.c:2962
cancel_delayed_work_sync+0x1b/0x20 kernel/workqueue.c:3082
rds_tcp_reset_callbacks+0x19a/0x4a0 net/rds/tcp.c:167
rds_tcp_accept_one+0x682/0xa10 net/rds/tcp_listen.c:194
rds_tcp_accept_worker+0x53/0x70 net/rds/tcp.c:407
process_one_work+0x863/0x1600 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
netlink: 144 bytes leftover after parsing attributes in process `syz-executor.2'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
netlink: 144 bytes leftover after parsing attributes in process `syz-executor.2'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
netlink: 144 bytes leftover after parsing attributes in process `syz-executor.2'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
netlink: 144 bytes leftover after parsing attributes in process `syz-executor.2'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
nla_parse: 2 callbacks suppressed
netlink: 144 bytes leftover after parsing attributes in process `syz-executor.2'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
syz-executor.4: vmalloc: allocation failure: 17179869496 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
syz-executor.4 cpuset=syz4 mems_allowed=0-1
CPU: 1 PID: 10443 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3248
__vmalloc_node_range mm/vmalloc.c:1786 [inline]
__vmalloc_node_range+0x3c3/0x6a0 mm/vmalloc.c:1746
__vmalloc_node mm/vmalloc.c:1815 [inline]
__vmalloc_node_flags mm/vmalloc.c:1829 [inline]
vmalloc+0x46/0x50 mm/vmalloc.c:1851
htable_create net/netfilter/xt_hashlimit.c:290 [inline]
hashlimit_mt_check_common.isra.0+0x68b/0x11b0 net/netfilter/xt_hashlimit.c:899
hashlimit_mt_check_v2+0x304/0x390 net/netfilter/xt_hashlimit.c:943
xt_check_match+0x254/0x530 net/netfilter/x_tables.c:501
check_match net/ipv6/netfilter/ip6_tables.c:502 [inline]
find_check_match net/ipv6/netfilter/ip6_tables.c:519 [inline]
find_check_entry.isra.0+0x339/0x910 net/ipv6/netfilter/ip6_tables.c:571
translate_table+0xb9c/0x1610 net/ipv6/netfilter/ip6_tables.c:755
do_replace net/ipv6/netfilter/ip6_tables.c:1157 [inline]
do_ip6t_set_ctl+0x268/0x3f4 net/ipv6/netfilter/ip6_tables.c:1685
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ipv6_setsockopt net/ipv6/ipv6_sockglue.c:930 [inline]
ipv6_setsockopt+0x105/0x130 net/ipv6/ipv6_sockglue.c:914
tcp_setsockopt net/ipv4/tcp.c:2826 [inline]
tcp_setsockopt+0x84/0xd0 net/ipv4/tcp.c:2820
sock_common_setsockopt+0x94/0xd0 net/core/sock.c:2968
SYSC_setsockopt net/socket.c:1865 [inline]
SyS_setsockopt+0x13c/0x210 net/socket.c:1844
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c449
RSP: 002b:00007f72d72bbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f72d72bc6d4 RCX: 000000000045c449
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000498 R09: 0000000000000000
R10: 00000000200004c0 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000a09 R14: 00000000004d5720 R15: 000000000076bf2c
Mem-Info:
active_anon:88889 inactive_anon:190 isolated_anon:0
active_file:8090 inactive_file:11676 isolated_file:0
unevictable:0 dirty:113 writeback:0 unstable:0
slab_reclaimable:15122 slab_unreclaimable:102615
mapped:60372 shmem:250 pagetables:923 bounce:0
free:1305594 free_pcp:354 free_cma:0
Node 0 active_anon:355556kB inactive_anon:760kB active_file:32220kB inactive_file:46704kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:241488kB dirty:452kB writeback:0kB shmem:1000kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 241664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 0 DMA free:15908kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2569 2569 2569 2569
Node 0 DMA32 free:1423920kB min:36384kB low:45480kB high:54576kB active_anon:355548kB inactive_anon:760kB active_file:32220kB inactive_file:46704kB unevictable:0kB writepending:452kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:7296kB pagetables:3692kB bounce:0kB free_pcp:1032kB local_pcp:660kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 1 Normal free:3783072kB min:53504kB low:66880kB high:80256kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 6963*4kB (UME) 1740*8kB (UME) 1295*16kB (UME) 788*32kB (UME) 645*64kB (UME) 75*128kB (UME) 11*256kB (UME) 1*512kB (M) 0*1024kB 2*2048kB (UM) 312*4096kB (M) = 1423964kB
Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 1 Normal: 60*4kB (UME) 354*8kB (UME) 294*16kB (UM) 66*32kB (UME) 20*64kB (UME) 10*128kB (UM) 7*256kB (U) 1*512kB (U) 2*1024kB (UM) 5*2048kB (UME) 917*4096kB (M) = 3783072kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
20022 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
335854 pages reserved
0 pages cma reserved
syz-executor.4: vmalloc: allocation failure: 17179869496 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
syz-executor.4 cpuset=syz4 mems_allowed=0-1
CPU: 0 PID: 10492 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3248
__vmalloc_node_range mm/vmalloc.c:1786 [inline]
__vmalloc_node_range+0x3c3/0x6a0 mm/vmalloc.c:1746
__vmalloc_node mm/vmalloc.c:1815 [inline]
__vmalloc_node_flags mm/vmalloc.c:1829 [inline]
vmalloc+0x46/0x50 mm/vmalloc.c:1851
htable_create net/netfilter/xt_hashlimit.c:290 [inline]
hashlimit_mt_check_common.isra.0+0x68b/0x11b0 net/netfilter/xt_hashlimit.c:899
hashlimit_mt_check_v2+0x304/0x390 net/netfilter/xt_hashlimit.c:943
xt_check_match+0x254/0x530 net/netfilter/x_tables.c:501
check_match net/ipv6/netfilter/ip6_tables.c:502 [inline]
find_check_match net/ipv6/netfilter/ip6_tables.c:519 [inline]
find_check_entry.isra.0+0x339/0x910 net/ipv6/netfilter/ip6_tables.c:571
translate_table+0xb9c/0x1610 net/ipv6/netfilter/ip6_tables.c:755
do_replace net/ipv6/netfilter/ip6_tables.c:1157 [inline]
do_ip6t_set_ctl+0x268/0x3f4 net/ipv6/netfilter/ip6_tables.c:1685
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ipv6_setsockopt net/ipv6/ipv6_sockglue.c:930 [inline]
ipv6_setsockopt+0x105/0x130 net/ipv6/ipv6_sockglue.c:914
tcp_setsockopt net/ipv4/tcp.c:2826 [inline]
tcp_setsockopt+0x84/0xd0 net/ipv4/tcp.c:2820
sock_common_setsockopt+0x94/0xd0 net/core/sock.c:2968
SYSC_setsockopt net/socket.c:1865 [inline]
SyS_setsockopt+0x13c/0x210 net/socket.c:1844
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c449
RSP: 002b:00007f72d72bbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f72d72bc6d4 RCX: 000000000045c449
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000498 R09: 0000000000000000
R10: 00000000200004c0 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000a09 R14: 00000000004d5720 R15: 000000000076bf2c
Mem-Info:
active_anon:89411 inactive_anon:189 isolated_anon:0
active_file:8090 inactive_file:11685 isolated_file:0
unevictable:0 dirty:122 writeback:0 unstable:0
slab_reclaimable:15103 slab_unreclaimable:103261
mapped:60369 shmem:249 pagetables:931 bounce:0
free:1303871 free_pcp:277 free_cma:0
Node 0 active_anon:353536kB inactive_anon:756kB active_file:32220kB inactive_file:46740kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:241476kB dirty:488kB writeback:0kB shmem:996kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 239616kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 0 DMA free:15908kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2569 2569 2569 2569
Node 0 DMA32 free:1423696kB min:36384kB low:45480kB high:54576kB active_anon:353536kB inactive_anon:756kB active_file:32220kB inactive_file:46740kB unevictable:0kB writepending:488kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:7264kB pagetables:3576kB bounce:0kB free_pcp:1304kB local_pcp:632kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 1 Normal free:3783072kB min:53504kB low:66880kB high:80256kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 6894*4kB (UME) 1824*8kB (UME) 1301*16kB (UME) 791*32kB (UME) 600*64kB (UME) 75*128kB (UME) 11*256kB (UME) 1*512kB (M) 0*1024kB 3*2048kB (UM) 312*4096kB (M) = 1423720kB
Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 1 Normal: 60*4kB (UME) 354*8kB (UME) 294*16kB (UM) 66*32kB (UME) 20*64kB (UME) 10*128kB (UM) 7*256kB (U) 1*512kB (U) 2*1024kB (UM) 5*2048kB (UME) 917*4096kB (M) = 3783072kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
20027 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
335854 pages reserved
0 pages cma reserved
syz-executor.4: vmalloc: allocation failure: 17179869496 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
syz-executor.4 cpuset=syz4 mems_allowed=0-1
CPU: 1 PID: 10540 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3248
__vmalloc_node_range mm/vmalloc.c:1786 [inline]
__vmalloc_node_range+0x3c3/0x6a0 mm/vmalloc.c:1746
__vmalloc_node mm/vmalloc.c:1815 [inline]
__vmalloc_node_flags mm/vmalloc.c:1829 [inline]
vmalloc+0x46/0x50 mm/vmalloc.c:1851
htable_create net/netfilter/xt_hashlimit.c:290 [inline]
hashlimit_mt_check_common.isra.0+0x68b/0x11b0 net/netfilter/xt_hashlimit.c:899
hashlimit_mt_check_v2+0x304/0x390 net/netfilter/xt_hashlimit.c:943
xt_check_match+0x254/0x530 net/netfilter/x_tables.c:501
check_match net/ipv6/netfilter/ip6_tables.c:502 [inline]
find_check_match net/ipv6/netfilter/ip6_tables.c:519 [inline]
find_check_entry.isra.0+0x339/0x910 net/ipv6/netfilter/ip6_tables.c:571
translate_table+0xb9c/0x1610 net/ipv6/netfilter/ip6_tables.c:755
do_replace net/ipv6/netfilter/ip6_tables.c:1157 [inline]
do_ip6t_set_ctl+0x268/0x3f4 net/ipv6/netfilter/ip6_tables.c:1685
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ipv6_setsockopt net/ipv6/ipv6_sockglue.c:930 [inline]
ipv6_setsockopt+0x105/0x130 net/ipv6/ipv6_sockglue.c:914
tcp_setsockopt net/ipv4/tcp.c:2826 [inline]
tcp_setsockopt+0x84/0xd0 net/ipv4/tcp.c:2820
sock_common_setsockopt+0x94/0xd0 net/core/sock.c:2968
SYSC_setsockopt net/socket.c:1865 [inline]
SyS_setsockopt+0x13c/0x210 net/socket.c:1844
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c449
RSP: 002b:00007f72d72bbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f72d72bc6d4 RCX: 000000000045c449
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000498 R09: 0000000000000000
R10: 00000000200004c0 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000a09 R14: 00000000004d5720 R15: 000000000076bf2c
syz-executor.4: vmalloc: allocation failure: 17179869496 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
syz-executor.4 cpuset=syz4 mems_allowed=0-1
CPU: 0 PID: 10574 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3248
__vmalloc_node_range mm/vmalloc.c:1786 [inline]
__vmalloc_node_range+0x3c3/0x6a0 mm/vmalloc.c:1746
__vmalloc_node mm/vmalloc.c:1815 [inline]
__vmalloc_node_flags mm/vmalloc.c:1829 [inline]
vmalloc+0x46/0x50 mm/vmalloc.c:1851
htable_create net/netfilter/xt_hashlimit.c:290 [inline]
hashlimit_mt_check_common.isra.0+0x68b/0x11b0 net/netfilter/xt_hashlimit.c:899
hashlimit_mt_check_v2+0x304/0x390 net/netfilter/xt_hashlimit.c:943
xt_check_match+0x254/0x530 net/netfilter/x_tables.c:501
check_match net/ipv6/netfilter/ip6_tables.c:502 [inline]
find_check_match net/ipv6/netfilter/ip6_tables.c:519 [inline]
find_check_entry.isra.0+0x339/0x910 net/ipv6/netfilter/ip6_tables.c:571
translate_table+0xb9c/0x1610 net/ipv6/netfilter/ip6_tables.c:755
do_replace net/ipv6/netfilter/ip6_tables.c:1157 [inline]
do_ip6t_set_ctl+0x268/0x3f4 net/ipv6/netfilter/ip6_tables.c:1685
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ipv6_setsockopt net/ipv6/ipv6_sockglue.c:930 [inline]
ipv6_setsockopt+0x105/0x130 net/ipv6/ipv6_sockglue.c:914
tcp_setsockopt net/ipv4/tcp.c:2826 [inline]
tcp_setsockopt+0x84/0xd0 net/ipv4/tcp.c:2820
sock_common_setsockopt+0x94/0xd0 net/core/sock.c:2968
SYSC_setsockopt net/socket.c:1865 [inline]
SyS_setsockopt+0x13c/0x210 net/socket.c:1844
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c449
RSP: 002b:00007f72d72bbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f72d72bc6d4 RCX: 000000000045c449
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000498 R09: 0000000000000000
R10: 00000000200004c0 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000a09 R14: 00000000004d5720 R15: 000000000076bf2c
warn_alloc_show_mem: 1 callbacks suppressed
Mem-Info:
active_anon:88406 inactive_anon:191 isolated_anon:0
active_file:8091 inactive_file:11695 isolated_file:0
unevictable:0 dirty:133 writeback:0 unstable:0
slab_reclaimable:14547 slab_unreclaimable:105475
mapped:60385 shmem:250 pagetables:910 bounce:0
free:1303742 free_pcp:231 free_cma:0
Node 0 active_anon:353612kB inactive_anon:764kB active_file:32224kB inactive_file:46780kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:241540kB dirty:532kB writeback:0kB shmem:1000kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 241664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 0 DMA free:15908kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2569 2569 2569 2569
Node 0 DMA32 free:1416632kB min:36384kB low:45480kB high:54576kB active_anon:353512kB inactive_anon:756kB active_file:32224kB inactive_file:46796kB unevictable:0kB writepending:552kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:7264kB pagetables:3604kB bounce:0kB free_pcp:1312kB local_pcp:688kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 1 Normal free:3783072kB min:53504kB low:66880kB high:80256kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 7095*4kB (UME) 1761*8kB (UME) 1330*16kB (ME) 807*32kB (UME) 470*64kB (UME) 76*128kB (UME) 11*256kB (UME) 1*512kB (M) 0*1024kB 3*2048kB (UM) 312*4096kB (M) = 1416804kB
Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 1 Normal: 60*4kB (UME) 354*8kB (UME) 294*16kB (UM) 66*32kB (UME) 20*64kB (UME) 10*128kB (UM) 7*256kB (U) 1*512kB (U) 2*1024kB (UM) 5*2048kB (UME) 917*4096kB (M) = 3783072kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
20040 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
335854 pages reserved
0 pages cma reserved
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 98db2bf2 Linux 4.14.171
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=151d8265e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=365f8162d5a0794b
dashboard link: https://syzkaller.appspot.com/bug?extid=574ab7872249eb9cf9b6
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+574ab7...@syzkaller.appspotmail.com
netlink: 144 bytes leftover after parsing attributes in process `syz-executor.2'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
======================================================
WARNING: possible circular locking dependency detected
4.14.171-syzkaller #0 Not tainted
------------------------------------------------------
kworker/u4:2/25 is trying to acquire lock:
((&(&cp->cp_send_w)->work)){+.+.}, at: [<ffffffff813c5de4>] flush_work+0x84/0x730 kernel/workqueue.c:2884
but task is already holding lock:
(k-sk_lock-AF_INET){+.+.}, at: [<ffffffff85fda7ed>] lock_sock include/net/sock.h:1467 [inline]
(k-sk_lock-AF_INET){+.+.}, at: [<ffffffff85fda7ed>] rds_tcp_reset_callbacks+0x18d/0x4a0 net/rds/tcp.c:165
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (k-sk_lock-AF_INET){+.+.}:
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
lock_sock_nested+0xbd/0x110 net/core/sock.c:2770
lock_sock include/net/sock.h:1467 [inline]
do_tcp_setsockopt.isra.0+0x11a/0x1e10 net/ipv4/tcp.c:2557
tcp_setsockopt+0xb3/0xd0 net/ipv4/tcp.c:2828
sock_common_setsockopt+0x94/0xd0 net/core/sock.c:2968
kernel_setsockopt+0x104/0x1d0 net/socket.c:3396
rds_tcp_cork net/rds/tcp_send.c:43 [inline]
rds_tcp_xmit_path_prepare+0xba/0xf0 net/rds/tcp_send.c:50
rds_send_xmit+0x1b2/0x1cd0 net/rds/send.c:187
rds_send_worker+0x73/0x250 net/rds/threads.c:189
process_one_work+0x863/0x1600 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
-> #0 ((&(&cp->cp_send_w)->work)){+.+.}:
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]
__lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
flush_work+0xae/0x730 kernel/workqueue.c:2887
__cancel_work_timer+0x2f0/0x480 kernel/workqueue.c:2962
cancel_delayed_work_sync+0x1b/0x20 kernel/workqueue.c:3082
rds_tcp_reset_callbacks+0x19a/0x4a0 net/rds/tcp.c:167
rds_tcp_accept_one+0x682/0xa10 net/rds/tcp_listen.c:194
rds_tcp_accept_worker+0x53/0x70 net/rds/tcp.c:407
process_one_work+0x863/0x1600 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(k-sk_lock-AF_INET);
lock((&(&cp->cp_send_w)->work));
lock(k-sk_lock-AF_INET);
lock((&(&cp->cp_send_w)->work));
*** DEADLOCK ***
4 locks held by kworker/u4:2/25:
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] work_static include/linux/workqueue.h:199 [inline]
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] set_work_data kernel/workqueue.c:619 [inline]
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] process_one_work+0x76e/0x1600 kernel/workqueue.c:2085
#1: ((&rtn->rds_tcp_accept_w)){+.+.}, at: [<ffffffff813cd5cb>] process_one_work+0x7ab/0x1600 kernel/workqueue.c:2089
#2: (&tc->t_conn_path_lock){+.+.}, at: [<ffffffff85fdc8c8>] rds_tcp_accept_one+0x548/0xa10 net/rds/tcp_listen.c:186
#3: (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff85fda7ed>] lock_sock include/net/sock.h:1467 [inline]
#3: (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff85fda7ed>] rds_tcp_reset_callbacks+0x18d/0x4a0 net/rds/tcp.c:165
stack backtrace:
CPU: 0 PID: 25 Comm: kworker/u4:2 Not tainted 4.14.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: krdsd rds_tcp_accept_worker
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]
__lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
flush_work+0xae/0x730 kernel/workqueue.c:2887
__cancel_work_timer+0x2f0/0x480 kernel/workqueue.c:2962
cancel_delayed_work_sync+0x1b/0x20 kernel/workqueue.c:3082
rds_tcp_reset_callbacks+0x19a/0x4a0 net/rds/tcp.c:167
rds_tcp_accept_one+0x682/0xa10 net/rds/tcp_listen.c:194
rds_tcp_accept_worker+0x53/0x70 net/rds/tcp.c:407
process_one_work+0x863/0x1600 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
netlink: 144 bytes leftover after parsing attributes in process `syz-executor.2'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
netlink: 144 bytes leftover after parsing attributes in process `syz-executor.2'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
netlink: 144 bytes leftover after parsing attributes in process `syz-executor.2'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
netlink: 144 bytes leftover after parsing attributes in process `syz-executor.2'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
nla_parse: 2 callbacks suppressed
netlink: 144 bytes leftover after parsing attributes in process `syz-executor.2'.
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
syz-executor.4: vmalloc: allocation failure: 17179869496 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
syz-executor.4 cpuset=syz4 mems_allowed=0-1
CPU: 1 PID: 10443 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3248
__vmalloc_node_range mm/vmalloc.c:1786 [inline]
__vmalloc_node_range+0x3c3/0x6a0 mm/vmalloc.c:1746
__vmalloc_node mm/vmalloc.c:1815 [inline]
__vmalloc_node_flags mm/vmalloc.c:1829 [inline]
vmalloc+0x46/0x50 mm/vmalloc.c:1851
htable_create net/netfilter/xt_hashlimit.c:290 [inline]
hashlimit_mt_check_common.isra.0+0x68b/0x11b0 net/netfilter/xt_hashlimit.c:899
hashlimit_mt_check_v2+0x304/0x390 net/netfilter/xt_hashlimit.c:943
xt_check_match+0x254/0x530 net/netfilter/x_tables.c:501
check_match net/ipv6/netfilter/ip6_tables.c:502 [inline]
find_check_match net/ipv6/netfilter/ip6_tables.c:519 [inline]
find_check_entry.isra.0+0x339/0x910 net/ipv6/netfilter/ip6_tables.c:571
translate_table+0xb9c/0x1610 net/ipv6/netfilter/ip6_tables.c:755
do_replace net/ipv6/netfilter/ip6_tables.c:1157 [inline]
do_ip6t_set_ctl+0x268/0x3f4 net/ipv6/netfilter/ip6_tables.c:1685
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ipv6_setsockopt net/ipv6/ipv6_sockglue.c:930 [inline]
ipv6_setsockopt+0x105/0x130 net/ipv6/ipv6_sockglue.c:914
tcp_setsockopt net/ipv4/tcp.c:2826 [inline]
tcp_setsockopt+0x84/0xd0 net/ipv4/tcp.c:2820
sock_common_setsockopt+0x94/0xd0 net/core/sock.c:2968
SYSC_setsockopt net/socket.c:1865 [inline]
SyS_setsockopt+0x13c/0x210 net/socket.c:1844
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c449
RSP: 002b:00007f72d72bbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f72d72bc6d4 RCX: 000000000045c449
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000498 R09: 0000000000000000
R10: 00000000200004c0 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000a09 R14: 00000000004d5720 R15: 000000000076bf2c
Mem-Info:
active_anon:88889 inactive_anon:190 isolated_anon:0
active_file:8090 inactive_file:11676 isolated_file:0
unevictable:0 dirty:113 writeback:0 unstable:0
slab_reclaimable:15122 slab_unreclaimable:102615
mapped:60372 shmem:250 pagetables:923 bounce:0
free:1305594 free_pcp:354 free_cma:0
Node 0 active_anon:355556kB inactive_anon:760kB active_file:32220kB inactive_file:46704kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:241488kB dirty:452kB writeback:0kB shmem:1000kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 241664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 0 DMA free:15908kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2569 2569 2569 2569
Node 0 DMA32 free:1423920kB min:36384kB low:45480kB high:54576kB active_anon:355548kB inactive_anon:760kB active_file:32220kB inactive_file:46704kB unevictable:0kB writepending:452kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:7296kB pagetables:3692kB bounce:0kB free_pcp:1032kB local_pcp:660kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 1 Normal free:3783072kB min:53504kB low:66880kB high:80256kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 6963*4kB (UME) 1740*8kB (UME) 1295*16kB (UME) 788*32kB (UME) 645*64kB (UME) 75*128kB (UME) 11*256kB (UME) 1*512kB (M) 0*1024kB 2*2048kB (UM) 312*4096kB (M) = 1423964kB
Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 1 Normal: 60*4kB (UME) 354*8kB (UME) 294*16kB (UM) 66*32kB (UME) 20*64kB (UME) 10*128kB (UM) 7*256kB (U) 1*512kB (U) 2*1024kB (UM) 5*2048kB (UME) 917*4096kB (M) = 3783072kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
20022 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
335854 pages reserved
0 pages cma reserved
syz-executor.4: vmalloc: allocation failure: 17179869496 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
syz-executor.4 cpuset=syz4 mems_allowed=0-1
CPU: 0 PID: 10492 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3248
__vmalloc_node_range mm/vmalloc.c:1786 [inline]
__vmalloc_node_range+0x3c3/0x6a0 mm/vmalloc.c:1746
__vmalloc_node mm/vmalloc.c:1815 [inline]
__vmalloc_node_flags mm/vmalloc.c:1829 [inline]
vmalloc+0x46/0x50 mm/vmalloc.c:1851
htable_create net/netfilter/xt_hashlimit.c:290 [inline]
hashlimit_mt_check_common.isra.0+0x68b/0x11b0 net/netfilter/xt_hashlimit.c:899
hashlimit_mt_check_v2+0x304/0x390 net/netfilter/xt_hashlimit.c:943
xt_check_match+0x254/0x530 net/netfilter/x_tables.c:501
check_match net/ipv6/netfilter/ip6_tables.c:502 [inline]
find_check_match net/ipv6/netfilter/ip6_tables.c:519 [inline]
find_check_entry.isra.0+0x339/0x910 net/ipv6/netfilter/ip6_tables.c:571
translate_table+0xb9c/0x1610 net/ipv6/netfilter/ip6_tables.c:755
do_replace net/ipv6/netfilter/ip6_tables.c:1157 [inline]
do_ip6t_set_ctl+0x268/0x3f4 net/ipv6/netfilter/ip6_tables.c:1685
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ipv6_setsockopt net/ipv6/ipv6_sockglue.c:930 [inline]
ipv6_setsockopt+0x105/0x130 net/ipv6/ipv6_sockglue.c:914
tcp_setsockopt net/ipv4/tcp.c:2826 [inline]
tcp_setsockopt+0x84/0xd0 net/ipv4/tcp.c:2820
sock_common_setsockopt+0x94/0xd0 net/core/sock.c:2968
SYSC_setsockopt net/socket.c:1865 [inline]
SyS_setsockopt+0x13c/0x210 net/socket.c:1844
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c449
RSP: 002b:00007f72d72bbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f72d72bc6d4 RCX: 000000000045c449
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000498 R09: 0000000000000000
R10: 00000000200004c0 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000a09 R14: 00000000004d5720 R15: 000000000076bf2c
Mem-Info:
active_anon:89411 inactive_anon:189 isolated_anon:0
active_file:8090 inactive_file:11685 isolated_file:0
unevictable:0 dirty:122 writeback:0 unstable:0
slab_reclaimable:15103 slab_unreclaimable:103261
mapped:60369 shmem:249 pagetables:931 bounce:0
free:1303871 free_pcp:277 free_cma:0
Node 0 active_anon:353536kB inactive_anon:756kB active_file:32220kB inactive_file:46740kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:241476kB dirty:488kB writeback:0kB shmem:996kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 239616kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 0 DMA free:15908kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2569 2569 2569 2569
Node 0 DMA32 free:1423696kB min:36384kB low:45480kB high:54576kB active_anon:353536kB inactive_anon:756kB active_file:32220kB inactive_file:46740kB unevictable:0kB writepending:488kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:7264kB pagetables:3576kB bounce:0kB free_pcp:1304kB local_pcp:632kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 1 Normal free:3783072kB min:53504kB low:66880kB high:80256kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 6894*4kB (UME) 1824*8kB (UME) 1301*16kB (UME) 791*32kB (UME) 600*64kB (UME) 75*128kB (UME) 11*256kB (UME) 1*512kB (M) 0*1024kB 3*2048kB (UM) 312*4096kB (M) = 1423720kB
Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 1 Normal: 60*4kB (UME) 354*8kB (UME) 294*16kB (UM) 66*32kB (UME) 20*64kB (UME) 10*128kB (UM) 7*256kB (U) 1*512kB (U) 2*1024kB (UM) 5*2048kB (UME) 917*4096kB (M) = 3783072kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
20027 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
335854 pages reserved
0 pages cma reserved
syz-executor.4: vmalloc: allocation failure: 17179869496 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
syz-executor.4 cpuset=syz4 mems_allowed=0-1
CPU: 1 PID: 10540 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3248
__vmalloc_node_range mm/vmalloc.c:1786 [inline]
__vmalloc_node_range+0x3c3/0x6a0 mm/vmalloc.c:1746
__vmalloc_node mm/vmalloc.c:1815 [inline]
__vmalloc_node_flags mm/vmalloc.c:1829 [inline]
vmalloc+0x46/0x50 mm/vmalloc.c:1851
htable_create net/netfilter/xt_hashlimit.c:290 [inline]
hashlimit_mt_check_common.isra.0+0x68b/0x11b0 net/netfilter/xt_hashlimit.c:899
hashlimit_mt_check_v2+0x304/0x390 net/netfilter/xt_hashlimit.c:943
xt_check_match+0x254/0x530 net/netfilter/x_tables.c:501
check_match net/ipv6/netfilter/ip6_tables.c:502 [inline]
find_check_match net/ipv6/netfilter/ip6_tables.c:519 [inline]
find_check_entry.isra.0+0x339/0x910 net/ipv6/netfilter/ip6_tables.c:571
translate_table+0xb9c/0x1610 net/ipv6/netfilter/ip6_tables.c:755
do_replace net/ipv6/netfilter/ip6_tables.c:1157 [inline]
do_ip6t_set_ctl+0x268/0x3f4 net/ipv6/netfilter/ip6_tables.c:1685
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ipv6_setsockopt net/ipv6/ipv6_sockglue.c:930 [inline]
ipv6_setsockopt+0x105/0x130 net/ipv6/ipv6_sockglue.c:914
tcp_setsockopt net/ipv4/tcp.c:2826 [inline]
tcp_setsockopt+0x84/0xd0 net/ipv4/tcp.c:2820
sock_common_setsockopt+0x94/0xd0 net/core/sock.c:2968
SYSC_setsockopt net/socket.c:1865 [inline]
SyS_setsockopt+0x13c/0x210 net/socket.c:1844
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c449
RSP: 002b:00007f72d72bbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f72d72bc6d4 RCX: 000000000045c449
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000498 R09: 0000000000000000
R10: 00000000200004c0 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000a09 R14: 00000000004d5720 R15: 000000000076bf2c
syz-executor.4: vmalloc: allocation failure: 17179869496 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
syz-executor.4 cpuset=syz4 mems_allowed=0-1
CPU: 0 PID: 10574 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3248
__vmalloc_node_range mm/vmalloc.c:1786 [inline]
__vmalloc_node_range+0x3c3/0x6a0 mm/vmalloc.c:1746
__vmalloc_node mm/vmalloc.c:1815 [inline]
__vmalloc_node_flags mm/vmalloc.c:1829 [inline]
vmalloc+0x46/0x50 mm/vmalloc.c:1851
htable_create net/netfilter/xt_hashlimit.c:290 [inline]
hashlimit_mt_check_common.isra.0+0x68b/0x11b0 net/netfilter/xt_hashlimit.c:899
hashlimit_mt_check_v2+0x304/0x390 net/netfilter/xt_hashlimit.c:943
xt_check_match+0x254/0x530 net/netfilter/x_tables.c:501
check_match net/ipv6/netfilter/ip6_tables.c:502 [inline]
find_check_match net/ipv6/netfilter/ip6_tables.c:519 [inline]
find_check_entry.isra.0+0x339/0x910 net/ipv6/netfilter/ip6_tables.c:571
translate_table+0xb9c/0x1610 net/ipv6/netfilter/ip6_tables.c:755
do_replace net/ipv6/netfilter/ip6_tables.c:1157 [inline]
do_ip6t_set_ctl+0x268/0x3f4 net/ipv6/netfilter/ip6_tables.c:1685
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ipv6_setsockopt net/ipv6/ipv6_sockglue.c:930 [inline]
ipv6_setsockopt+0x105/0x130 net/ipv6/ipv6_sockglue.c:914
tcp_setsockopt net/ipv4/tcp.c:2826 [inline]
tcp_setsockopt+0x84/0xd0 net/ipv4/tcp.c:2820
sock_common_setsockopt+0x94/0xd0 net/core/sock.c:2968
SYSC_setsockopt net/socket.c:1865 [inline]
SyS_setsockopt+0x13c/0x210 net/socket.c:1844
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c449
RSP: 002b:00007f72d72bbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f72d72bc6d4 RCX: 000000000045c449
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000498 R09: 0000000000000000
R10: 00000000200004c0 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000a09 R14: 00000000004d5720 R15: 000000000076bf2c
warn_alloc_show_mem: 1 callbacks suppressed
Mem-Info:
active_anon:88406 inactive_anon:191 isolated_anon:0
active_file:8091 inactive_file:11695 isolated_file:0
unevictable:0 dirty:133 writeback:0 unstable:0
slab_reclaimable:14547 slab_unreclaimable:105475
mapped:60385 shmem:250 pagetables:910 bounce:0
free:1303742 free_pcp:231 free_cma:0
Node 0 active_anon:353612kB inactive_anon:764kB active_file:32224kB inactive_file:46780kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:241540kB dirty:532kB writeback:0kB shmem:1000kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 241664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 0 DMA free:15908kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2569 2569 2569 2569
Node 0 DMA32 free:1416632kB min:36384kB low:45480kB high:54576kB active_anon:353512kB inactive_anon:756kB active_file:32224kB inactive_file:46796kB unevictable:0kB writepending:552kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:7264kB pagetables:3604kB bounce:0kB free_pcp:1312kB local_pcp:688kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 1 Normal free:3783072kB min:53504kB low:66880kB high:80256kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 7095*4kB (UME) 1761*8kB (UME) 1330*16kB (ME) 807*32kB (UME) 470*64kB (UME) 76*128kB (UME) 11*256kB (UME) 1*512kB (M) 0*1024kB 3*2048kB (UM) 312*4096kB (M) = 1416804kB
Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 1 Normal: 60*4kB (UME) 354*8kB (UME) 294*16kB (UM) 66*32kB (UME) 20*64kB (UME) 10*128kB (UM) 7*256kB (U) 1*512kB (U) 2*1024kB (UM) 5*2048kB (UME) 917*4096kB (M) = 3783072kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
20040 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
335854 pages reserved
0 pages cma reserved
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
19.02.2020, 22:38:1419.02.20
an syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 98db2bf2 Linux 4.14.171
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=100dba29e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+574ab7...@syzkaller.appspotmail.com
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
4 locks held by kworker/u4:14/8080:
HEAD commit: 98db2bf2 Linux 4.14.171
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=365f8162d5a0794b
dashboard link: https://syzkaller.appspot.com/bug?extid=574ab7872249eb9cf9b6
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16bd8265e00000
dashboard link: https://syzkaller.appspot.com/bug?extid=574ab7872249eb9cf9b6
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+574ab7...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
======================================================
WARNING: possible circular locking dependency detected
4.14.171-syzkaller #0 Not tainted
------------------------------------------------------
kworker/u4:14/8080 is trying to acquire lock:
WARNING: possible circular locking dependency detected
4.14.171-syzkaller #0 Not tainted
------------------------------------------------------
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] work_static include/linux/workqueue.h:199 [inline]
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] set_work_data kernel/workqueue.c:619 [inline]
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] process_one_work+0x76e/0x1600 kernel/workqueue.c:2085
#1: ((&rtn->rds_tcp_accept_w)){+.+.}, at: [<ffffffff813cd5cb>] process_one_work+0x7ab/0x1600 kernel/workqueue.c:2089
#2: (&tc->t_conn_path_lock){+.+.}, at: [<ffffffff85fdc8c8>] rds_tcp_accept_one+0x548/0xa10 net/rds/tcp_listen.c:186
#3: (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff85fda7ed>] lock_sock include/net/sock.h:1467 [inline]
#3: (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff85fda7ed>] rds_tcp_reset_callbacks+0x18d/0x4a0 net/rds/tcp.c:165
stack backtrace:
CPU: 0 PID: 8080 Comm: kworker/u4:14 Not tainted 4.14.171-syzkaller #0
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] set_work_data kernel/workqueue.c:619 [inline]
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] process_one_work+0x76e/0x1600 kernel/workqueue.c:2085
#1: ((&rtn->rds_tcp_accept_w)){+.+.}, at: [<ffffffff813cd5cb>] process_one_work+0x7ab/0x1600 kernel/workqueue.c:2089
#2: (&tc->t_conn_path_lock){+.+.}, at: [<ffffffff85fdc8c8>] rds_tcp_accept_one+0x548/0xa10 net/rds/tcp_listen.c:186
#3: (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff85fda7ed>] lock_sock include/net/sock.h:1467 [inline]
#3: (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff85fda7ed>] rds_tcp_reset_callbacks+0x18d/0x4a0 net/rds/tcp.c:165
stack backtrace:
syzbot
21.02.2020, 16:04:1621.02.20
an syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 98db2bf2 Linux 4.14.171
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=112a5f95e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=156cc3e9e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+574ab7...@syzkaller.appspotmail.com
rds_connect_path_complete: Cannot transition to state UP, current state is 5
4 locks held by kworker/u4:3/281:
HEAD commit: 98db2bf2 Linux 4.14.171
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=365f8162d5a0794b
dashboard link: https://syzkaller.appspot.com/bug?extid=574ab7872249eb9cf9b6
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16eea779e00000
dashboard link: https://syzkaller.appspot.com/bug?extid=574ab7872249eb9cf9b6
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=156cc3e9e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+574ab7...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
4.14.171-syzkaller #0 Not tainted
------------------------------------------------------
kworker/u4:3/281 is trying to acquire lock:
WARNING: possible circular locking dependency detected
4.14.171-syzkaller #0 Not tainted
------------------------------------------------------
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] work_static include/linux/workqueue.h:199 [inline]
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] set_work_data kernel/workqueue.c:619 [inline]
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] process_one_work+0x76e/0x1600 kernel/workqueue.c:2085
#1: ((&rtn->rds_tcp_accept_w)){+.+.}, at: [<ffffffff813cd5cb>] process_one_work+0x7ab/0x1600 kernel/workqueue.c:2089
#2: (&tc->t_conn_path_lock){+.+.}, at: [<ffffffff85fdc8c8>] rds_tcp_accept_one+0x548/0xa10 net/rds/tcp_listen.c:186
#3: (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff85fda7ed>] lock_sock include/net/sock.h:1467 [inline]
#3: (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff85fda7ed>] rds_tcp_reset_callbacks+0x18d/0x4a0 net/rds/tcp.c:165
stack backtrace:
CPU: 1 PID: 281 Comm: kworker/u4:3 Not tainted 4.14.171-syzkaller #0
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] set_work_data kernel/workqueue.c:619 [inline]
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
#0: ("%s""krdsd"){+.+.}, at: [<ffffffff813cd58e>] process_one_work+0x76e/0x1600 kernel/workqueue.c:2085
#1: ((&rtn->rds_tcp_accept_w)){+.+.}, at: [<ffffffff813cd5cb>] process_one_work+0x7ab/0x1600 kernel/workqueue.c:2089
#2: (&tc->t_conn_path_lock){+.+.}, at: [<ffffffff85fdc8c8>] rds_tcp_accept_one+0x548/0xa10 net/rds/tcp_listen.c:186
#3: (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff85fda7ed>] lock_sock include/net/sock.h:1467 [inline]
#3: (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff85fda7ed>] rds_tcp_reset_callbacks+0x18d/0x4a0 net/rds/tcp.c:165
stack backtrace:
Allen antworten
Antwort an Autor
Weiterleiten
0 neue Nachrichten