INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-next-kasan-gce-3,10.128.15.206' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 37.305375] oom_reaper: reaped process 2994 (syzkaller913192), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 37.318613] rsyslogd invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 37.320448] rsyslogd cpuset=/ mems_allowed=0 [ 37.321252] CPU: 1 PID: 2879 Comm: rsyslogd Not tainted 4.14.0-rc5-next-20171018+ #36 [ 37.322321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.323628] Call Trace: [ 37.324001] dump_stack+0x194/0x257 [ 37.324525] ? arch_local_irq_restore+0x53/0x53 [ 37.325215] ? dump_header+0x1d9/0xe0e [ 37.325759] dump_header+0x28e/0xe0e [ 37.329470] ? pagefault_out_of_memory+0x152/0x152 [ 37.334384] ? check_noncircular+0x20/0x20 [ 37.338632] ? print_irqtrace_events+0x270/0x270 [ 37.343368] ? __lock_acquire+0x6aa/0x3d50 [ 37.347593] ? find_held_lock+0x35/0x1d0 [ 37.351647] ? check_noncircular+0x20/0x20 [ 37.355860] ? task_will_free_mem+0x252/0xaa0 [ 37.360336] ? find_held_lock+0x35/0x1d0 [ 37.364373] ? ___ratelimit+0x30d/0x630 [ 37.368313] ? lock_downgrade+0x990/0x990 [ 37.372433] ? do_raw_spin_trylock+0x190/0x190 [ 37.376986] ? mark_held_locks+0xaf/0x100 [ 37.381103] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 37.386172] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 37.391154] ? trace_hardirqs_on+0xd/0x10 [ 37.395270] ? ___ratelimit+0x95/0x630 [ 37.399126] ? idr_get_free_cmn+0xfd0/0xfd0 [ 37.403413] ? check_noncircular+0x20/0x20 [ 37.407612] ? find_held_lock+0x138/0x1d0 [ 37.411733] oom_kill_process+0x86d/0x13c0 [ 37.415939] ? has_ns_capability_noaudit+0x163/0x2a0 [ 37.421017] ? check_noncircular+0x20/0x20 [ 37.425223] ? oom_evaluate_task+0x480/0x480 [ 37.429611] ? security_capable_noaudit+0x8b/0xc0 [ 37.434427] ? find_held_lock+0x35/0x1d0 [ 37.438459] ? check_noncircular+0x20/0x20 [ 37.442663] ? oom_unkillable_task+0x394/0x4c0 [ 37.447214] ? lock_downgrade+0x990/0x990 [ 37.451337] ? lock_release+0xa40/0xa40 [ 37.455284] ? find_lock_task_mm+0x460/0x460 [ 37.459663] ? find_held_lock+0x35/0x1d0 [ 37.463697] ? out_of_memory+0xaa9/0x11d0 [ 37.467812] ? lock_downgrade+0x990/0x990 [ 37.471931] ? lock_release+0xa40/0xa40 [ 37.475868] ? lock_acquire+0x1d5/0x580 [ 37.479810] ? __alloc_pages_slowpath+0x1001/0x2db0 [ 37.484800] ? oom_evaluate_task+0x284/0x480 [ 37.489179] out_of_memory+0x7dc/0x11d0 [ 37.493121] ? find_next_bit+0x27/0x30 [ 37.496982] ? oom_killer_disable+0x310/0x310 [ 37.501442] ? mutex_trylock+0x23a/0x2d0 [ 37.505471] ? __lock_is_held+0xb6/0x140 [ 37.509497] ? __ww_mutex_wakeup_for_backoff+0x240/0x240 [ 37.514924] __alloc_pages_slowpath+0x1d9d/0x2db0 [ 37.519741] ? __radix_tree_insert+0x7b0/0x7b0 [ 37.524305] ? warn_alloc+0x2f0/0x2f0 [ 37.528075] ? find_get_entry+0x513/0x9e0 [ 37.532191] ? lock_downgrade+0x990/0x990 [ 37.536314] ? radix_tree_lookup_slot+0x99/0xe0 [ 37.540963] ? find_get_entry+0x53c/0x9e0 [ 37.545082] ? check_noncircular+0x20/0x20 [ 37.549290] ? __lock_acquire+0x6aa/0x3d50 [ 37.553487] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 37.558644] ? find_held_lock+0x35/0x1d0 [ 37.562671] ? __radix_tree_lookup+0x435/0x5e0 [ 37.567233] ? __lock_is_held+0xb6/0x140 [ 37.571277] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 37.577151] ? __might_sleep+0x95/0x190 [ 37.581118] __alloc_pages_nodemask+0x9fb/0xd80 [ 37.585779] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 37.590778] ? add_to_page_cache_lru+0x510/0x510 [ 37.595519] ? check_noncircular+0x20/0x20 [ 37.599720] ? check_noncircular+0x20/0x20 [ 37.603924] ? __lock_acquire+0x6aa/0x3d50 [ 37.608129] ? radix_tree_next_chunk+0x5e8/0xdf0 [ 37.612868] alloc_pages_current+0xb6/0x1e0 [ 37.617161] __page_cache_alloc+0x334/0x500 [ 37.621449] ? rcu_read_lock_held+0xa9/0xc0 [ 37.625741] ? trace_event_raw_event_file_check_and_advance_wb_err+0x490/0x490 [ 37.633076] filemap_fault+0xf32/0x1d30 [ 37.637036] ? __lock_page_or_retry+0x4f0/0x4f0 [ 37.641680] ? filemap_map_pages+0x942/0x15d0 [ 37.646139] ? __lock_acquire+0x6aa/0x3d50 [ 37.650350] ? find_get_entries_tag+0xeb0/0xeb0 [ 37.654987] ? __is_insn_slot_addr+0x1fc/0x330 [ 37.659537] ? lock_downgrade+0x990/0x990 [ 37.663657] ? check_noncircular+0x20/0x20 [ 37.667855] ? __lock_acquire+0x6aa/0x3d50 [ 37.672054] ? __lock_acquire+0x6aa/0x3d50 [ 37.676257] ? find_held_lock+0x35/0x1d0 [ 37.680285] ? check_noncircular+0x20/0x20 [ 37.684494] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 37.689653] ? lock_acquire+0x1d5/0x580 [ 37.693598] ? lock_acquire+0x1d5/0x580 [ 37.697539] ? ext4_filemap_fault+0x7a/0xad [ 37.701832] ? lock_release+0xa40/0xa40 [ 37.705782] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 37.711640] ? ext4_filemap_fault+0x8d/0xad [ 37.715931] ? rcu_note_context_switch+0x710/0x710 [ 37.720826] ? lock_downgrade+0x990/0x990 [ 37.724946] ? __might_sleep+0x95/0x190 [ 37.728893] ? down_read+0x96/0x150 [ 37.732485] ? ext4_filemap_fault+0x7a/0xad [ 37.736773] ? __down_interruptible+0x6b0/0x6b0 [ 37.741424] ext4_filemap_fault+0x82/0xad [ 37.745541] __do_fault+0xeb/0x30f [ 37.749049] ? do_raw_spin_trylock+0x190/0x190 [ 37.753600] ? pte_offset_kernel+0xc7/0xc7 [ 37.757811] ? check_noncircular+0x20/0x20 [ 37.762027] __handle_mm_fault+0x1b9b/0x39c0 [ 37.766408] ? __pmd_alloc+0x4e0/0x4e0 [ 37.770268] ? find_held_lock+0x35/0x1d0 [ 37.774315] ? handle_mm_fault+0x248/0x8d0 [ 37.778516] ? lock_downgrade+0x990/0x990 [ 37.782652] handle_mm_fault+0x334/0x8d0 [ 37.786678] ? down_read_trylock+0xdb/0x170 [ 37.790967] ? __do_page_fault+0x31e/0xd60 [ 37.795170] ? __handle_mm_fault+0x39c0/0x39c0 [ 37.799716] ? vmacache_find+0x5f/0x280 [ 37.803655] ? vmacache_update+0xfe/0x130 [ 37.807773] ? find_vma+0x30/0x150 [ 37.811285] __do_page_fault+0x5bd/0xd60 [ 37.815320] ? mm_fault_error+0x2c0/0x2c0 [ 37.819438] ? __fsnotify_parent+0xb4/0x3a0 [ 37.823728] ? avc_policy_seqno+0x9/0x20 [ 37.827757] ? fsnotify+0x1af0/0x1af0 [ 37.831529] do_page_fault+0xee/0x720 [ 37.835299] ? __do_page_fault+0xd60/0xd60 [ 37.839499] ? __fdget_raw+0x20/0x20 [ 37.843188] ? fput+0xd2/0x140 [ 37.846347] ? SyS_read+0x184/0x220 [ 37.849943] ? retint_user+0x18/0x20 [ 37.853627] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.858442] page_fault+0x22/0x30 [ 37.861862] RIP: 0033:0x7ffbf14f3a30 [ 37.865539] RSP: 002b:00007ffbef124d68 EFLAGS: 00010202 [ 37.870866] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000073 [ 37.878102] RDX: 00007ffbf09595a0 RSI: 000000000000003c RDI: 00007ffbf0757621 [ 37.885338] RBP: 000000000000003c R08: 00007ffbf0757621 R09: 0000000000000000 [ 37.892576] R10: 706564206b636174 R11: 0000000000000000 R12: 0000000000000073 [ 37.899811] R13: 0000000000000000 R14: 00007ffbf09595a0 R15: 00007ffbf095a5a0 [ 37.907142] Mem-Info: [ 37.908999] syzkaller913192: page allocation failure: order:0, mode:0x14000c0(GFP_KERNEL), nodemask=(null) [ 37.909052] syzkaller913192 cpuset=/ mems_allowed=0 [ 37.909112] CPU: 0 PID: 2994 Comm: syzkaller913192 Not tainted 4.14.0-rc5-next-20171018+ #36 [ 37.909116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.909118] Call Trace: [ 37.909130] dump_stack+0x194/0x257 [ 37.909143] ? arch_local_irq_restore+0x53/0x53 [ 37.909153] ? del_timer_sync+0xeb/0x240 [ 37.909175] warn_alloc+0x1c2/0x2f0 [ 37.909187] ? zone_watermark_ok_safe+0x400/0x400 [ 37.909202] ? call_timer_fn+0x830/0x830 [ 37.909219] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 37.909243] __alloc_pages_slowpath+0x25b5/0x2db0 [ 37.909293] ? warn_alloc+0x2f0/0x2f0 [ 37.909304] ? lock_downgrade+0x990/0x990 [ 37.909315] ? load_balance+0x33b0/0x33b0 [ 37.909335] ? mark_held_locks+0xaf/0x100 [ 37.909346] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.909356] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 37.909365] ? trace_hardirqs_on+0xd/0x10 [ 37.909375] ? mmdrop+0x18/0x30 [ 37.909395] ? check_noncircular+0x20/0x20 [ 37.909412] ? retint_kernel+0x10/0x10 [ 37.909423] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 37.909433] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 37.909489] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 37.909513] ? __might_sleep+0x95/0x190 [ 37.909528] __alloc_pages_nodemask+0x9fb/0xd80 [ 37.909548] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 37.909562] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 37.909575] ? mark_held_locks+0xaf/0x100 [ 37.909584] ? retint_kernel+0x10/0x10 [ 37.909594] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 37.909604] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 37.909643] alloc_pages_current+0xb6/0x1e0 [ 37.909669] relay_open_buf.part.10+0x22e/0x9b0 [ 37.909694] relay_open+0x57a/0xa40 [ 37.909710] ? relay_open_buf.part.10+0x9b0/0x9b0 [ 37.909724] ? __debugfs_create_file+0x2cc/0x3e0 [ 37.909741] ? debugfs_create_file+0x57/0x70 [ 37.909756] do_blk_trace_setup+0x4a4/0xcf0 [ 37.909772] ? blk_tracer_print_line+0x40/0x40 [ 37.909782] ? __might_sleep+0x95/0x190 [ 37.909801] ? kasan_check_write+0x14/0x20 [ 37.909810] ? _copy_from_user+0x99/0x110 [ 37.909823] blk_trace_setup+0xbd/0x180 [ 37.909833] ? do_blk_trace_setup+0xcf0/0xcf0 [ 37.909861] ? avc_has_extended_perms+0x6e5/0x12c0 [ 37.909875] sg_ioctl+0xc71/0x2d90 [ 37.909884] ? lock_release+0xa40/0xa40 [ 37.909890] ? __handle_mm_fault+0x587/0x39c0 [ 37.909905] ? sg_new_write.isra.20+0x830/0x830 [ 37.909930] ? avc_has_extended_perms+0x7fa/0x12c0 [ 37.909937] ? find_held_lock+0x35/0x1d0 [ 37.909960] ? avc_ss_reset+0x110/0x110 [ 37.909965] ? lock_downgrade+0x990/0x990 [ 37.909977] ? lock_release+0xa40/0xa40 [ 37.909992] ? __lock_is_held+0xb6/0x140 [ 37.910042] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 37.910048] ? up_read+0x1a/0x40 [ 37.910060] ? rcu_note_context_switch+0x710/0x710 [ 37.910080] ? sg_new_write.isra.20+0x830/0x830 [ 37.910088] do_vfs_ioctl+0x1b1/0x1520 [ 37.910093] ? _cond_resched+0x14/0x30 [ 37.910109] ? ioctl_preallocate+0x2b0/0x2b0 [ 37.910121] ? selinux_capable+0x40/0x40 [ 37.910131] ? debug_mutex_wake_waiter+0x113/0x670 [ 37.910148] ? syscall_return_slowpath+0x2b3/0x510 [ 37.910154] ? finish_task_switch+0x1f6/0x740 [ 37.910176] ? security_file_ioctl+0x89/0xb0 [ 37.910190] SyS_ioctl+0x8f/0xc0 [ 37.910205] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 37.910211] RIP: 0033:0x449219 [ 37.910215] RSP: 002b:00007f340654adc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 37.910222] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000449219 [ 37.910226] RDX: 000000002084cf90 RSI: 00000000c0481273 RDI: 0000000000000003 [ 37.910230] RBP: 0000000000000082 R08: 00007f340654b700 R09: 00007f340654b700 [ 37.910234] R10: 00007f340654b700 R11: 0000000000000246 R12: 0000000000000000 [ 37.910238] R13: 00007fff9313e8bf R14: 00007f340654b9c0 R15: 0000000000000000 [ 37.910360] Mem-Info: [ 37.910375] active_anon:1690 inactive_anon:33 isolated_anon:0 [ 37.910375] active_file:15 inactive_file:15 isolated_file:0 [ 37.910375] unevictable:0 dirty:0 writeback:0 unstable:0 [ 37.910375] slab_reclaimable:5973 slab_unreclaimable:83285 [ 37.910375] mapped:2 shmem:39 pagetables:271 bounce:0 [ 37.910375] free:15796 free_pcp:60 free_cma:0 [ 37.910389] Node 0 active_anon:6760kB inactive_anon:132kB active_file:60kB inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:0kB writeback:0kB shmem:156kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 37.910392] Node 0 DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 37.910408] lowmem_reserve[]: 0 2886 6400 6400 [ 37.910421] Node 0 DMA32 free:28860kB min:30408kB low:38008kB high:45608kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2958448kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 37.910436] lowmem_reserve[]: 0 0 3513 3513 [ 37.910449] Node 0 Normal free:18416kB min:37008kB low:46260kB high:55512kB active_anon:6760kB inactive_anon:132kB active_file:60kB inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB managed:3597488kB mlocked:0kB kernel_stack:2656kB pagetables:1084kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 37.910464] lowmem_reserve[]: 0 0 0 0 [ 37.910476] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 37.910530] Node 0 DMA32: 3*4kB (UM) 2*8kB (UM) 4*16kB (M) 3*32kB (M) 4*64kB (UM) 2*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (UM) 4*2048kB (UM) 4*4096kB (M) = 28860kB [ 37.910587] Node 0 Normal: 366*4kB (UME) 263*8kB (M) 186*16kB (UM) 111*32kB (M) 50*64kB (UM) 26*128kB (M) 7*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18416kB [ 37.910638] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 37.910641] 69 total pagecache pages [ 37.910649] 0 pages in swap cache [ 37.910653] Swap cache stats: add 0, delete 0, find 0/0 [ 37.910660] Free swap = 0kB [ 37.910663] Total swap = 0kB [ 37.910666] 1965979 pages RAM [ 37.910668] 0 pages HighMem/MovableOnly [ 37.910671] 323018 pages reserved [ 38.525754] active_anon:1690 inactive_anon:33 isolated_anon:0 [ 38.525754] active_file:15 inactive_file:15 isolated_file:0 [ 38.525754] unevictable:0 dirty:0 writeback:0 unstable:0 [ 38.525754] slab_reclaimable:5973 slab_unreclaimable:83285 [ 38.525754] mapped:2 shmem:39 pagetables:271 bounce:0 [ 38.525754] free:535671 free_pcp:349 free_cma:0 [ 38.557983] Node 0 active_anon:6760kB inactive_anon:132kB active_file:60kB inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:0kB writeback:0kB shmem:156kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 38.584468] Node 0 DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 38.610697] lowmem_reserve[]: 0 2886 6400 6400 [ 38.615382] Node 0 DMA32 free:1964460kB min:30408kB low:38008kB high:45608kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2958448kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:736kB local_pcp:0kB free_cma:0kB [ 38.642969] lowmem_reserve[]: 0 0 3513 3513 [ 38.647368] Node 0 Normal free:589016kB min:37008kB low:46260kB high:55512kB active_anon:6760kB inactive_anon:132kB active_file:60kB inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB managed:3597488kB mlocked:0kB kernel_stack:2656kB pagetables:1084kB bounce:0kB free_pcp:704kB local_pcp:0kB free_cma:0kB [ 38.676111] lowmem_reserve[]: 0 0 0 0 [ 38.679946] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 38.693689] Node 0 DMA32: 5*4kB (UM) 4*8kB (UM) 6*16kB (UM) 6*32kB (UM) 4*64kB (UM) 3*128kB (UM) 2*256kB (M) 2*512kB (M) 2*1024kB (UM) 5*2048kB (UM) 476*4096kB (UM) = 1964500kB [ 38.709749] Node 0 Normal: 652*4kB (UME) 398*8kB (UME) 265*16kB (UME) 158*32kB (UME) 76*64kB (UM) 45*128kB (UM) 20*256kB (UM) 10*512kB (UE) 8*1024kB (U) 3*2048kB (U) 185*4096kB (U) = 808048kB [ 38.727118] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 38.735747] 69 total pagecache pages [ 38.739504] 0 pages in swap cache [ 38.742973] Swap cache stats: add 0, delete 0, find 0/0 [ 38.748549] Free swap = 0kB [ 38.751857] Total swap = 0kB [ 38.754913] 1965979 pages RAM [ 38.758072] 0 pages HighMem/MovableOnly [ 38.762089] 323018 pages reserved [ 38.765599] Unreclaimable slab info: [ 38.769457] Name Used Total [ 38.775129] TIPC 1KB 7KB [ 38.780543] SCTPv6 2KB 4KB [ 38.785953] DCCPv6 2KB 7KB [ 38.791361] DCCP 2KB 6KB [ 38.796783] fib6_nodes 0KB 4KB [ 38.802186] ip6_dst_cache 7KB 11KB [ 38.807620] RAWv6 9KB 13KB [ 38.813046] UDPv6 12KB 14KB [ 38.818468] TCPv6 2KB 5KB [ 38.823886] sd_ext_cdb 0KB 3KB [ 38.829290] scsi_sense_cache 105KB 172KB [ 38.834693] virtio_scsi_cmd 16KB 16KB [ 38.840108] sgpool-128 8KB 8KB [ 38.845513] sgpool-64 4KB 6KB [ 38.850919] sgpool-32 55KB 55KB [ 38.856327] sgpool-16 16KB 18KB [ 38.861730] sgpool-8 221KB 277KB [ 38.867140] cfq_io_cq 15KB 23KB [ 38.872546] cfq_queue 25KB 38KB [ 38.877955] mqueue_inode_cache 1KB 7KB [ 38.883448] nfs_commit_data 3KB 7KB [ 38.888854] nfs_write_data 34KB 37KB [ 38.894262] jbd2_inode 1KB 3KB [ 38.899668] ext4_system_zone 0KB 3KB [ 38.905086] bio-1 1KB 3KB [ 38.910502] rpc_buffers 17KB 19KB [ 38.915908] rpc_tasks 2KB 3KB [ 38.921313] UNIX 433KB 435KB [ 38.926720] tcp_bind_bucket 0KB 4KB [ 38.932133] ip_fib_trie 0KB 3KB [ 38.937906] ip_fib_alias 0KB 3KB [ 38.943474] ip_dst_cache 4KB 7KB [ 38.949005] RAW 5KB 7KB [ 38.954440] UDP 30KB 32KB [ 38.959852] request_sock_TCP 0KB 3KB [ 38.965258] TCP 7KB 7KB [ 38.970665] hugetlbfs_inode_cache 1KB 7KB [ 38.976419] eventpoll_pwq 10KB 11KB [ 38.981823] eventpoll_epi 19KB 23KB [ 38.987228] inotify_inode_mark 2KB 7KB [ 38.992723] request_queue 53KB 135KB [ 38.998135] blkdev_ioc 22KB 31KB [ 39.003559] bio-0 279KB 328KB [ 39.008963] biovec-(1<<(21-12)) 412KB 412KB [ 39.014541] biovec-128 34KB 38KB [ 39.019943] biovec-64 23KB 23KB [ 39.025348] biovec-16 12KB 15KB [ 39.030751] khugepaged_mm_slot 0KB 3KB [ 39.036247] uid_cache 1KB 3KB [ 39.041654] dmaengine-unmap-2 0KB 3KB [ 39.047080] skbuff_fclone_cache 132KB 135KB [ 39.052659] skbuff_head_cache 1696KB 1698KB [ 39.058070] configfs_dir_cache 0KB 4KB [ 39.063567] file_lock_cache 149KB 154KB [ 39.068997] file_lock_ctx 1KB 3KB [ 39.074406] fsnotify_mark_connector 1KB 3KB [ 39.080338] shmem_inode_cache 766KB 769KB [ 39.085743] task_delay_info 293KB 422KB [ 39.091151] taskstats 1KB 3KB [ 39.096565] sigqueue 310KB 334KB [ 39.101975] kernfs_node_cache 1699KB 1701KB [ 39.107389] mnt_cache 14KB 20KB [ 39.112800] filp 8194KB 8208KB [ 39.118207] names_cache 112425KB 112463KB [ 39.123618] avc_node 2KB 3KB [ 39.129044] selinux_file_security 410KB 414KB [ 39.134822] selinux_inode_security 1546KB 1548KB [ 39.140664] key_jar 2KB 7KB [ 39.146071] nsproxy 0KB 3KB [ 39.151477] vm_area_struct 17381KB 17383KB [ 39.156878] mm_struct 3587KB 3685KB [ 39.162283] fs_cache 389KB 544KB [ 39.167684] files_cache 1471KB 1695KB [ 39.173086] signal_cache 2310KB 2760KB [ 39.178492] sighand_cache 215KB 277KB [ 39.183897] task_struct 9162KB 9216KB [ 39.189300] cred_jar 2182KB 2496KB [ 39.194706] anon_vma_chain 7287KB 7331KB [ 39.200130] anon_vma 147KB 265KB [ 39.205532] pid 210KB 304KB [ 39.210936] Acpi-Operand 105KB 166KB [ 39.216342] Acpi-Parse 0KB 3KB [ 39.221743] Acpi-State 0KB 7KB [ 39.227147] Acpi-Namespace 18KB 19KB [ 39.232550] numa_policy 0KB 3KB [ 39.237952] trace_event_file 139KB 139KB [ 39.243355] ftrace_event_field 245KB 248KB [ 39.248847] pool_workqueue 9KB 12KB [ 39.254253] page->ptl 2799KB 2869KB [ 39.259681] kmalloc-262144 1032KB 1032KB [ 39.265100] kmalloc-131072 650KB 650KB [ 39.270501] kmalloc-65536 264KB 264KB [ 39.275902] kmalloc-32768 462KB 462KB [ 39.281304] kmalloc-16384 132KB 132KB [ 39.286709] kmalloc-8192 346KB 346KB [ 39.292116] kmalloc-4096 14258KB 14297KB [ 39.297519] kmalloc-2048 2809KB 2817KB [ 39.302922] kmalloc-1024 3661KB 3661KB [ 39.308324] kmalloc-512 3342KB 3356KB [ 39.313729] kmalloc-256 1322KB 1477KB [ 39.319135] kmalloc-128 317KB 460KB [ 39.324536] kmalloc-96 347KB 384KB [ 39.329956] kmalloc-64 351KB 428KB [ 39.335358] kmalloc-32 986KB 1397KB [ 39.340854] kmalloc-192 155KB 208KB [ 39.346260] kmem_cache 90KB 93KB [ 39.351665] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 39.360355] [ 1517] 0 1517 5316 117 94208 0 -1000 udevd [ 39.368578] [ 1624] 0 1624 5315 118 90112 0 -1000 udevd [ 39.376737] [ 2746] 0 2746 2493 572 53248 0 0 dhclient [ 39.385157] [ 2875] 0 2875 14265 108 114688 0 0 rsyslogd [ 39.393592] [ 2911] 0 2911 4725 49 81920 0 0 cron [ 39.401665] [ 2937] 0 2937 12490 153 139264 0 -1000 sshd [ 39.409733] [ 2961] 0 2961 3694 41 73728 0 0 getty [ 39.417890] [ 2962] 0 2962 3694 38 81920 0 0 getty [ 39.426045] [ 2963] 0 2963 3694 40 73728 0 0 getty [ 39.434201] [ 2964] 0 2964 3694 41 77824 0 0 getty [ 39.442357] [ 2965] 0 2965 3694 41 73728 0 0 getty [ 39.450518] [ 2966] 0 2966 3694 39 77824 0 0 getty [ 39.458692] [ 2967] 0 2967 3649 38 77824 0 0 getty [ 39.466850] [ 2968] 0 2968 5315 118 90112 0 -1000 udevd [ 39.475008] [ 2989] 0 2989 17821 196 188416 0 0 sshd [ 39.483101] [ 2994] 0 2991 10542 0 57344 0 0 syzkaller913192 [ 39.492120] Out of memory: Kill process 2746 (dhclient) score 0 or sacrifice child [ 39.500247] Killed process 2746 (dhclient) total-vm:9972kB, anon-rss:2288kB, file-rss:0kB, shmem-rss:0kB [ 39.626380] ================================================================== [ 39.633791] BUG: KASAN: double-free or invalid-free in relay_open+0x6a1/0xa40 [ 39.641031] [ 39.642627] CPU: 1 PID: 2994 Comm: syzkaller913192 Not tainted 4.14.0-rc5-next-20171018+ #36 [ 39.651165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.660496] Call Trace: [ 39.663065] dump_stack+0x194/0x257 [ 39.666691] ? arch_local_irq_restore+0x53/0x53 [ 39.671336] ? show_regs_print_info+0x65/0x65 [ 39.675807] ? relay_open+0x6a1/0xa40 [ 39.679577] print_address_description+0x73/0x250 [ 39.684386] ? relay_open+0x6a1/0xa40 [ 39.688152] ? relay_open+0x6a1/0xa40 [ 39.691921] kasan_report_double_free+0x55/0x80 [ 39.696560] kasan_slab_free+0xa3/0xc0 [ 39.700414] kfree+0xca/0x250 [ 39.703492] relay_open+0x6a1/0xa40 [ 39.707091] ? relay_open_buf.part.10+0x9b0/0x9b0 [ 39.711903] ? __debugfs_create_file+0x2cc/0x3e0 [ 39.716644] ? debugfs_create_file+0x57/0x70 [ 39.721036] do_blk_trace_setup+0x4a4/0xcf0 [ 39.725329] ? blk_tracer_print_line+0x40/0x40 [ 39.729880] ? __might_sleep+0x95/0x190 [ 39.733830] ? kasan_check_write+0x14/0x20 [ 39.738049] ? _copy_from_user+0x99/0x110 [ 39.742180] blk_trace_setup+0xbd/0x180 [ 39.746124] ? do_blk_trace_setup+0xcf0/0xcf0 [ 39.750597] ? avc_has_extended_perms+0x6e5/0x12c0 [ 39.755502] sg_ioctl+0xc71/0x2d90 [ 39.759019] ? lock_release+0xa40/0xa40 [ 39.762963] ? __handle_mm_fault+0x587/0x39c0 [ 39.767429] ? sg_new_write.isra.20+0x830/0x830 [ 39.772075] ? avc_has_extended_perms+0x7fa/0x12c0 [ 39.776979] ? find_held_lock+0x35/0x1d0 [ 39.781034] ? avc_ss_reset+0x110/0x110 [ 39.784974] ? lock_downgrade+0x990/0x990 [ 39.789091] ? lock_release+0xa40/0xa40 [ 39.793037] ? __lock_is_held+0xb6/0x140 [ 39.797090] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 39.802946] ? up_read+0x1a/0x40 [ 39.806296] ? rcu_note_context_switch+0x710/0x710 [ 39.811203] ? sg_new_write.isra.20+0x830/0x830 [ 39.815841] do_vfs_ioctl+0x1b1/0x1520 [ 39.819701] ? _cond_resched+0x14/0x30 [ 39.823562] ? ioctl_preallocate+0x2b0/0x2b0 [ 39.827943] ? selinux_capable+0x40/0x40 [ 39.831972] ? debug_mutex_wake_waiter+0x113/0x670 [ 39.836875] ? syscall_return_slowpath+0x2b3/0x510 [ 39.841770] ? finish_task_switch+0x1f6/0x740 [ 39.846240] ? security_file_ioctl+0x89/0xb0 [ 39.850617] SyS_ioctl+0x8f/0xc0 [ 39.853956] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 39.858678] RIP: 0033:0x449219 [ 39.861833] RSP: 002b:00007f340654adc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 39.869504] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000449219 [ 39.876741] RDX: 000000002084cf90 RSI: 00000000c0481273 RDI: 0000000000000003 [ 39.883977] RBP: 0000000000000082 R08: 00007f340654b700 R09: 00007f340654b700 [ 39.891215] R10: 00007f340654b700 R11: 0000000000000246 R12: 0000000000000000 [ 39.898450] R13: 00007fff9313e8bf R14: 00007f340654b9c0 R15: 0000000000000000 [ 39.905702] [ 39.907295] Allocated by task 2994: [ 39.910887] save_stack+0x43/0xd0 [ 39.914303] kasan_kmalloc+0xad/0xe0 [ 39.917990] kmem_cache_alloc_trace+0x136/0x750 [ 39.922626] relay_open+0xf2/0xa40 [ 39.926132] do_blk_trace_setup+0x4a4/0xcf0 [ 39.930417] blk_trace_setup+0xbd/0x180 [ 39.934356] sg_ioctl+0xc71/0x2d90 [ 39.938604] do_vfs_ioctl+0x1b1/0x1520 [ 39.942456] SyS_ioctl+0x8f/0xc0 [ 39.945803] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 39.950524] [ 39.952128] Freed by task 2994: [ 39.955374] save_stack+0x43/0xd0 [ 39.958797] kasan_slab_free+0x71/0xc0 [ 39.962653] kfree+0xca/0x250 [ 39.965724] relay_open+0x84a/0xa40 [ 39.969315] do_blk_trace_setup+0x4a4/0xcf0 [ 39.973605] blk_trace_setup+0xbd/0x180 [ 39.977555] sg_ioctl+0xc71/0x2d90 [ 39.981065] do_vfs_ioctl+0x1b1/0x1520 [ 39.984918] SyS_ioctl+0x8f/0xc0 [ 39.988250] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 39.992966] [ 39.994563] The buggy address belongs to the object at ffff8801d2e41d40 [ 39.994563] which belongs to the cache kmalloc-512 of size 512 [ 40.007182] The buggy address is located 0 bytes inside of [ 40.007182] 512-byte region [ffff8801d2e41d40, ffff8801d2e41f40) [ 40.018844] The buggy address belongs to the page: [ 40.023739] page:ffffea00074b9040 count:1 mapcount:0 mapping:ffff8801d2e410c0 index:0x0 [ 40.031845] flags: 0x200000000000100(slab) [ 40.036045] raw: 0200000000000100 ffff8801d2e410c0 0000000000000000 0000000100000006 [ 40.043891] raw: ffffea00074b7aa0 ffffea00074b4d20 ffff8801dac00940 0000000000000000 [ 40.051736] page dumped because: kasan: bad access detected [ 40.057408] [ 40.059000] Memory state around the buggy address: [ 40.063897] ffff8801d2e41c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.071221] ffff8801d2e41c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 40.078542] >ffff8801d2e41d00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 40.085863] ^ [ 40.091278] ffff8801d2e41d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.098600] ffff8801d2e41e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.105922] ================================================================== [ 40.113244] Disabling lock debugging due to kernel taint [ 40.118658] Kernel panic - not syncing: panic_on_warn set ... [ 40.118658] [ 40.125984] CPU: 1 PID: 2994 Comm: syzkaller913192 Tainted: G B 4.14.0-rc5-next-20171018+ #36 [ 40.135821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.145139] Call Trace: [ 40.147693] dump_stack+0x194/0x257 [ 40.151286] ? arch_local_irq_restore+0x53/0x53 [ 40.155925] ? kasan_end_report+0x32/0x50 [ 40.160039] ? lock_downgrade+0x990/0x990 [ 40.164152] ? vsnprintf+0x1ed/0x1900 [ 40.167920] panic+0x1e4/0x41c [ 40.171078] ? refcount_error_report+0x214/0x214 [ 40.175801] ? add_taint+0x40/0x50 [ 40.179317] ? add_taint+0x1c/0x50 [ 40.182829] ? relay_open+0x6a1/0xa40 [ 40.186593] ? relay_open+0x6a1/0xa40 [ 40.190358] kasan_end_report+0x50/0x50 [ 40.194298] kasan_report_double_free+0x72/0x80 [ 40.198932] kasan_slab_free+0xa3/0xc0 [ 40.202785] kfree+0xca/0x250 [ 40.205858] relay_open+0x6a1/0xa40 [ 40.209453] ? relay_open_buf.part.10+0x9b0/0x9b0 [ 40.214264] ? __debugfs_create_file+0x2cc/0x3e0 [ 40.218987] ? debugfs_create_file+0x57/0x70 [ 40.223362] do_blk_trace_setup+0x4a4/0xcf0 [ 40.227649] ? blk_tracer_print_line+0x40/0x40 [ 40.232198] ? __might_sleep+0x95/0x190 [ 40.236139] ? kasan_check_write+0x14/0x20 [ 40.240342] ? _copy_from_user+0x99/0x110 [ 40.244460] blk_trace_setup+0xbd/0x180 [ 40.248398] ? do_blk_trace_setup+0xcf0/0xcf0 [ 40.252864] ? avc_has_extended_perms+0x6e5/0x12c0 [ 40.257758] sg_ioctl+0xc71/0x2d90 [ 40.261265] ? lock_release+0xa40/0xa40 [ 40.265203] ? __handle_mm_fault+0x587/0x39c0 [ 40.269663] ? sg_new_write.isra.20+0x830/0x830 [ 40.274300] ? avc_has_extended_perms+0x7fa/0x12c0 [ 40.279194] ? find_held_lock+0x35/0x1d0 [ 40.283224] ? avc_ss_reset+0x110/0x110 [ 40.287161] ? lock_downgrade+0x990/0x990 [ 40.291273] ? lock_release+0xa40/0xa40 [ 40.295215] ? __lock_is_held+0xb6/0x140 [ 40.299254] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 40.305104] ? up_read+0x1a/0x40 [ 40.308436] ? rcu_note_context_switch+0x710/0x710 [ 40.313331] ? sg_new_write.isra.20+0x830/0x830 [ 40.317964] do_vfs_ioctl+0x1b1/0x1520 [ 40.321820] ? _cond_resched+0x14/0x30 [ 40.325683] ? ioctl_preallocate+0x2b0/0x2b0 [ 40.330060] ? selinux_capable+0x40/0x40 [ 40.334086] ? debug_mutex_wake_waiter+0x113/0x670 [ 40.338981] ? syscall_return_slowpath+0x2b3/0x510 [ 40.343877] ? finish_task_switch+0x1f6/0x740 [ 40.348341] ? security_file_ioctl+0x89/0xb0 [ 40.352716] SyS_ioctl+0x8f/0xc0 [ 40.356052] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 40.360772] RIP: 0033:0x449219 [ 40.363931] RSP: 002b:00007f340654adc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 40.371603] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000449219 [ 40.378837] RDX: 000000002084cf90 RSI: 00000000c0481273 RDI: 0000000000000003 [ 40.386070] RBP: 0000000000000082 R08: 00007f340654b700 R09: 00007f340654b700 [ 40.393304] R10: 00007f340654b700 R11: 0000000000000246 R12: 0000000000000000 [ 40.400540] R13: 00007fff9313e8bf R14: 00007f340654b9c0 R15: 0000000000000000 [ 40.408224] Dumping ftrace buffer: [ 40.411733] (ftrace buffer empty) [ 40.415409] Kernel Offset: disabled [ 40.419019] Rebooting in 86400 seconds..