Debian GNU/Linux 7 syzkaller ttyS0 executing program syzkaller login: [ 16.974781] syzkaller414652 invoked oom-killer: gfp_mask=0x14000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 16.976138] syzkaller414652 cpuset=/ mems_allowed=0-1 [ 16.976653] CPU: 1 PID: 2990 Comm: syzkaller414652 Not tainted 4.14.0-rc5-next-20171018+ #8 [ 16.977356] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 16.986227] Call Trace: [ 16.986441] dump_stack+0x194/0x257 [ 16.986719] ? arch_local_irq_restore+0x53/0x53 [ 16.988682] ? dump_header+0x1d9/0xe0e [ 16.989441] dump_header+0x28e/0xe0e [ 16.989943] ? pagefault_out_of_memory+0x152/0x152 [ 16.990315] ? check_noncircular+0x20/0x20 [ 16.993874] ? mark_lock+0x59f/0x13d0 [ 16.994209] ? print_irqtrace_events+0x270/0x270 [ 16.994736] ? __lock_acquire+0x6aa/0x3d50 [ 16.995203] ? find_held_lock+0x35/0x1d0 [ 16.995635] ? check_noncircular+0x20/0x20 [ 16.996006] ? task_will_free_mem+0x252/0xaa0 [ 16.996363] ? find_held_lock+0x35/0x1d0 [ 16.996810] ? ___ratelimit+0x30d/0x630 [ 16.997165] ? lock_downgrade+0x990/0x990 [ 16.997542] ? do_raw_spin_trylock+0x190/0x190 [ 16.997993] ? mark_held_locks+0xaf/0x100 [ 16.998390] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 16.998868] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 16.999344] ? trace_hardirqs_on+0xd/0x10 [ 16.999745] ? ___ratelimit+0x95/0x630 [ 17.000119] ? idr_get_free_cmn+0xfd0/0xfd0 [ 17.000532] ? check_noncircular+0x20/0x20 [ 17.001013] ? find_held_lock+0x138/0x1d0 [ 17.001751] oom_kill_process+0x86d/0x13c0 [ 17.002157] ? has_ns_capability_noaudit+0x163/0x2a0 [ 17.002702] ? lock_downgrade+0x990/0x990 [ 17.003114] ? oom_evaluate_task+0x480/0x480 [ 17.003554] ? security_capable_noaudit+0x8b/0xc0 [ 17.004032] ? has_ns_capability_noaudit+0x18c/0x2a0 [ 17.004529] ? has_capability+0x30/0x30 [ 17.004914] ? check_noncircular+0x20/0x20 [ 17.005333] ? has_capability_noaudit+0x24/0x30 [ 17.005804] ? oom_badness+0xd1/0x980 [ 17.006170] ? lock_release+0xa40/0xa40 [ 17.006564] ? do_try_to_free_pages+0xc53/0x1020 [ 17.007023] ? find_lock_task_mm+0x460/0x460 [ 17.007457] ? find_held_lock+0x35/0x1d0 [ 17.007853] ? out_of_memory+0xaa9/0x11d0 [ 17.008258] ? lock_downgrade+0x990/0x990 [ 17.008663] ? lock_release+0xa40/0xa40 [ 17.009046] ? lock_acquire+0x1d5/0x580 [ 17.009432] ? __alloc_pages_slowpath+0x1001/0x2db0 [ 17.009930] ? oom_evaluate_task+0x284/0x480 [ 17.010273] out_of_memory+0x7dc/0x11d0 [ 17.010606] ? oom_killer_disable+0x310/0x310 [ 17.010947] ? mutex_trylock+0x23a/0x2d0 [ 17.011331] ? __lock_is_held+0xb6/0x140 [ 17.011588] ? __ww_mutex_wakeup_for_backoff+0x240/0x240 [ 17.011936] __alloc_pages_slowpath+0x1d9d/0x2db0 [ 17.012266] ? warn_alloc+0x2f0/0x2f0 [ 17.012513] ? lock_downgrade+0x990/0x990 [ 17.012774] ? load_balance+0x33b0/0x33b0 [ 17.013033] ? do_raw_spin_trylock+0x190/0x190 [ 17.013338] ? mark_held_locks+0xaf/0x100 [ 17.013607] ? _raw_spin_unlock_irq+0x27/0x70 [ 17.014035] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 17.014427] ? trace_hardirqs_on+0xd/0x10 [ 17.014709] ? mmdrop+0x18/0x30 [ 17.014927] ? check_noncircular+0x20/0x20 [ 17.015239] ? retint_kernel+0x10/0x10 [ 17.015513] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 17.015835] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 17.016201] ? __lock_is_held+0xb6/0x140 [ 17.016484] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 17.016864] ? __might_sleep+0x95/0x190 [ 17.017136] __alloc_pages_nodemask+0x9fb/0xd80 [ 17.017448] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 17.017845] ? mark_held_locks+0xaf/0x100 [ 17.018124] ? retint_kernel+0x10/0x10 [ 17.018392] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 17.018717] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 17.019040] ? retint_kernel+0x10/0x10 [ 17.019340] ? alloc_pages_current+0x115/0x1e0 [ 17.019659] alloc_pages_current+0xb6/0x1e0 [ 17.020028] relay_open_buf.part.10+0x22e/0x9b0 [ 17.020374] relay_open+0x57a/0xa40 [ 17.020612] ? relay_open_buf.part.10+0x9b0/0x9b0 [ 17.020923] ? __debugfs_create_file+0x2cc/0x3e0 [ 17.021240] ? debugfs_create_file+0x57/0x70 [ 17.021533] do_blk_trace_setup+0x4a4/0xcf0 [ 17.021920] ? blk_tracer_print_line+0x40/0x40 [ 17.022388] ? __might_sleep+0x95/0x190 [ 17.022796] ? kasan_check_write+0x14/0x20 [ 17.023226] ? _copy_from_user+0x99/0x110 [ 17.023643] blk_trace_setup+0xbd/0x180 [ 17.024499] ? do_blk_trace_setup+0xcf0/0xcf0 [ 17.025030] ? avc_has_extended_perms+0x6e5/0x12c0 [ 17.025525] sg_ioctl+0xc71/0x2d90 [ 17.025888] ? lock_release+0xa40/0xa40 [ 17.026285] ? sg_new_write.isra.20+0x830/0x830 [ 17.026756] ? avc_has_extended_perms+0x7fa/0x12c0 [ 17.027248] ? avc_ss_reset+0x110/0x110 [ 17.027647] ? __do_page_fault+0x64c/0xd60 [ 17.028180] ? lock_downgrade+0x990/0x990 [ 17.028595] ? handle_mm_fault+0x410/0x8d0 [ 17.029006] ? down_read_trylock+0xdb/0x170 [ 17.029427] ? __do_page_fault+0x31e/0xd60 [ 17.030066] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 17.030644] ? __do_page_fault+0x3d6/0xd60 [ 17.031062] ? rcu_note_context_switch+0x710/0x710 [ 17.031547] ? sg_new_write.isra.20+0x830/0x830 [ 17.031999] do_vfs_ioctl+0x1b1/0x1520 [ 17.032377] ? _cond_resched+0x14/0x30 [ 17.032760] ? ioctl_preallocate+0x2b0/0x2b0 [ 17.033182] ? selinux_capable+0x40/0x40 [ 17.033579] ? putname+0xf3/0x130 [ 17.034127] ? do_sys_open+0x320/0x6d0 [ 17.034535] ? security_file_ioctl+0x89/0xb0 [ 17.035083] SyS_ioctl+0x8f/0xc0 [ 17.035435] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 17.035904] RIP: 0033:0x439149 [ 17.036230] RSP: 002b:00007ffe878e2f78 EFLAGS: 00000206 ORIG_RAX: 0000000000000010 [ 17.037007] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000439149 [ 17.037739] RDX: 000000002084cf90 RSI: 00000000c0481273 RDI: 0000000000000003 [ 17.038451] RBP: 0000000000000082 R08: 00000000000000fe R09: 0000000000000000 [ 17.039160] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 17.039870] R13: 0000000000401da0 R14: 0000000000401e30 R15: 0000000000000000 [ 17.041116] Mem-Info: [ 17.042653] active_anon:2251 inactive_anon:44 isolated_anon:0 [ 17.042653] active_file:62 inactive_file:20 isolated_file:0 [ 17.042653] unevictable:0 dirty:0 writeback:0 unstable:0 [ 17.042653] slab_reclaimable:4899 slab_unreclaimable:24938 [ 17.042653] mapped:10 shmem:50 pagetables:284 bounce:0 [ 17.042653] free:17541 free_pcp:60 free_cma:0 [ 17.044777] Node 0 active_anon:5284kB inactive_anon:92kB active_file:208kB inactive_file:80kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:0kB writeback:0kB shmem:108kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 17.046971] Node 1 active_anon:3720kB inactive_anon:84kB active_file:52kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:0kB writeback:0kB shmem:92kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 17.050109] Node 0 DMA free:4168kB min:640kB low:800kB high:960kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 17.052702] lowmem_reserve[]: 0 886 886 886 [ 17.053180] Node 0 DMA32 free:36128kB min:36540kB low:45672kB high:54804kB active_anon:5284kB inactive_anon:92kB active_file:144kB inactive_file:148kB unevictable:0kB writepending:0kB present:1032192kB managed:910076kB mlocked:0kB kernel_stack:2496kB pagetables:308kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 17.057035] lowmem_reserve[]: 0 0 0 0 [ 17.057440] Node 1 DMA32 free:29868kB min:30400kB low:38000kB high:45600kB active_anon:3720kB inactive_anon:84kB active_file:40kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048560kB managed:755260kB mlocked:0kB kernel_stack:1184kB pagetables:828kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 17.060184] lowmem_reserve[]: 0 0 0 0 [ 17.060580] Node 0 DMA: 0*4kB 1*8kB (U) 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 2*2048kB (UM) 0*4096kB = 4168kB [ 17.061912] Node 0 DMA32: 276*4kB (UME) 258*8kB (ME) 142*16kB (M) 109*32kB (ME) 69*64kB (ME) 28*128kB (ME) 13*256kB (ME) 5*512kB (ME) 1*1024kB (E) 2*2048kB (UM) 2*4096kB (M) = 36128kB [ 17.063493] Node 1 DMA32: 325*4kB (ME) 193*8kB (UME) 133*16kB (ME) 68*32kB (UME) 31*64kB (UME) 14*128kB (ME) 4*256kB (ME) 3*512kB (UME) 0*1024kB 0*2048kB 4*4096kB (M) = 29868kB [ 17.064584] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 17.065358] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 17.066450] 146 total pagecache pages [ 17.066772] 0 pages in swap cache [ 17.066996] Swap cache stats: add 0, delete 0, find 0/0 [ 17.067357] Free swap = 0kB [ 17.067554] Total swap = 0kB [ 17.067750] 524186 pages RAM [ 17.067950] 0 pages HighMem/MovableOnly [ 17.068228] 103875 pages reserved [ 17.068475] Unreclaimable slab info: [ 17.068749] Name Used Total [ 17.069142] TIPC 1KB 7KB [ 17.069498] SCTPv6 2KB 4KB [ 17.069992] DCCPv6 2KB 7KB [ 17.070532] DCCP 2KB 6KB [ 17.071109] fib6_nodes 0KB 4KB [ 17.071644] ip6_dst_cache 9KB 11KB [ 17.072203] RAWv6 13KB 19KB [ 17.072742] UDPv6 18KB 18KB [ 17.073310] TCPv6 2KB 5KB [ 17.073880] uhci_urb_priv 0KB 7KB [ 17.074435] scsi_sense_cache 47KB 68KB [ 17.074960] sd_ext_cdb 0KB 7KB [ 17.075527] virtio_scsi_cmd 16KB 16KB [ 17.076086] sgpool-128 34KB 34KB [ 17.076642] sgpool-64 23KB 31KB [ 17.077179] sgpool-32 21KB 23KB [ 17.077703] sgpool-16 21KB 22KB [ 17.078254] sgpool-8 118KB 150KB [ 17.078783] cfq_io_cq 14KB 15KB [ 17.079369] cfq_queue 19KB 27KB [ 17.079891] mqueue_inode_cache 1KB 7KB [ 17.080452] nfs_commit_data 3KB 14KB [ 17.080982] nfs_write_data 34KB 44KB [ 17.081532] jbd2_inode 4KB 7KB [ 17.082096] ext4_system_zone 0KB 7KB [ 17.082626] bio-1 1KB 7KB [ 17.083189] rpc_buffers 17KB 25KB [ 17.083698] rpc_tasks 2KB 7KB [ 17.084594] UNIX 395KB 395KB [ 17.085118] tcp_bind_bucket 1KB 8KB [ 17.085631] ip_fib_trie 1KB 7KB [ 17.086182] ip_fib_alias 1KB 7KB [ 17.086682] ip_dst_cache 14KB 15KB [ 17.087234] RAW 11KB 14KB [ 17.087610] UDP 24KB 26KB [ 17.087943] request_sock_TCP 3KB 3KB [ 17.088316] TCP 21KB 23KB [ 17.088683] hugetlbfs_inode_cache 1KB 7KB [ 17.089073] eventpoll_pwq 8KB 23KB [ 17.089466] eventpoll_epi 19KB 35KB [ 17.089854] inotify_inode_mark 2KB 7KB [ 17.090242] request_queue 33KB 39KB [ 17.090714] blkdev_ioc 20KB 23KB [ 17.091250] bio-0 107KB 144KB [ 17.091757] biovec-(1<<(21-12)) 420KB 420KB [ 17.092292] biovec-128 29KB 44KB [ 17.092786] biovec-64 12KB 31KB [ 17.093171] biovec-16 5KB 18KB [ 17.093519] khugepaged_mm_slot 0KB 3KB [ 17.093923] uid_cache 6KB 7KB [ 17.094450] dmaengine-unmap-2 0KB 3KB [ 17.094970] skbuff_fclone_cache 127KB 127KB [ 17.095398] skbuff_head_cache 5595KB 5595KB [ 17.095873] configfs_dir_cache 0KB 8KB [ 17.096405] file_lock_cache 147KB 150KB [ 17.096748] file_lock_ctx 2KB 7KB [ 17.097105] fsnotify_mark_connector 1KB 7KB [ 17.097552] shmem_inode_cache 867KB 873KB [ 17.097970] task_delay_info 200KB 264KB [ 17.098422] sigqueue 126KB 149KB [ 17.098943] kernfs_node_cache 2044KB 2051KB [ 17.099489] mnt_cache 14KB 24KB [ 17.100035] filp 2123KB 2426KB [ 17.100513] names_cache 24841KB 24917KB [ 17.100883] avc_node 2KB 7KB [ 17.101248] selinux_file_security 117KB 139KB [ 17.101615] selinux_inode_security 1248KB 1396KB [ 17.102107] key_jar 2KB 11KB [ 17.102609] nsproxy 0KB 3KB [ 17.103136] vm_area_struct 3763KB 4915KB [ 17.103643] mm_struct 965KB 1347KB [ 17.104171] fs_cache 262KB 328KB [ 17.104679] files_cache 593KB 776KB [ 17.105201] signal_cache 835KB 1157KB [ 17.106381] sighand_cache 407KB 534KB [ 17.106885] task_struct 2047KB 2149KB [ 17.107243] cred_jar 806KB 836KB [ 17.107582] anon_vma_chain 1281KB 2346KB [ 17.107939] anon_vma 245KB 346KB [ 17.108299] pid 145KB 200KB [ 17.108638] Acpi-Operand 129KB 198KB [ 17.108983] Acpi-ParseExt 1KB 15KB [ 17.109343] Acpi-Parse 40KB 63KB [ 17.109679] Acpi-State 53KB 82KB [ 17.110267] Acpi-Namespace 17KB 23KB [ 17.110774] numa_policy 0KB 3KB [ 17.111300] trace_event_file 139KB 139KB [ 17.111800] ftrace_event_field 245KB 252KB [ 17.112386] pool_workqueue 13KB 20KB [ 17.112894] page->ptl 635KB 1027KB [ 17.113437] kmalloc-262144 258KB 258KB [ 17.113978] kmalloc-131072 130KB 130KB [ 17.114519] kmalloc-65536 264KB 264KB [ 17.115068] kmalloc-32768 297KB 330KB [ 17.115570] kmalloc-16384 280KB 297KB [ 17.116124] kmalloc-8192 231KB 231KB [ 17.116693] kmalloc-4096 1844KB 1895KB [ 17.117224] kmalloc-2048 2630KB 2715KB [ 17.117748] kmalloc-1024 3339KB 3346KB [ 17.118283] kmalloc-512 963KB 1380KB [ 17.118804] kmalloc-256 617KB 847KB [ 17.119356] kmalloc-128 275KB 346KB [ 17.119875] kmalloc-96 220KB 320KB [ 17.120407] kmalloc-64 257KB 280KB [ 17.120923] kmalloc-32 494KB 933KB [ 17.121490] kmalloc-192 356KB 436KB [ 17.122161] kmem_cache 90KB 101KB [ 17.122680] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 17.123576] [ 1485] 0 1485 5381 178 86016 0 -1000 udevd [ 17.124415] [ 2737] 0 2737 5380 179 81920 0 -1000 udevd [ 17.125217] [ 2749] 0 2749 2493 574 61440 0 0 dhclient [ 17.126063] [ 2882] 0 2882 14244 105 122880 0 0 rsyslogd [ 17.126824] [ 2917] 0 2917 4725 48 81920 0 0 cron [ 17.127629] [ 2942] 0 2942 12490 152 143360 0 -1000 sshd [ 17.128428] [ 2967] 0 2967 3694 41 73728 0 0 getty [ 17.129231] [ 2968] 0 2968 3694 41 73728 0 0 getty [ 17.130061] [ 2969] 0 2969 3694 41 69632 0 0 getty [ 17.130689] [ 2970] 0 2970 3694 39 77824 0 0 getty [ 17.131249] [ 2971] 0 2971 3694 42 73728 0 0 getty [ 17.131785] [ 2972] 0 2972 3694 40 73728 0 0 getty [ 17.132345] [ 2973] 0 2973 3649 41 77824 0 0 getty [ 17.132880] [ 2974] 0 2974 5380 179 81920 0 -1000 udevd [ 17.133446] [ 2975] 0 2975 5380 179 81920 0 -1000 udevd [ 17.134438] [ 2986] 0 2986 17820 196 184320 0 0 sshd [ 17.135234] [ 2990] 0 2990 4374 513 40960 0 0 syzkaller414652 [ 17.136116] Out of memory: Kill process 2749 (dhclient) score 1 or sacrifice child [ 17.137099] Killed process 2749 (dhclient) total-vm:9972kB, anon-rss:2296kB, file-rss:0kB, shmem-rss:0kB [ 17.185861] init invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 17.187189] init cpuset=/ mems_allowed=0-1 [ 17.187697] CPU: 1 PID: 1 Comm: init Not tainted 4.14.0-rc5-next-20171018+ #8 [ 17.188387] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 17.189167] Call Trace: [ 17.189420] dump_stack+0x194/0x257 [ 17.189814] ? arch_local_irq_restore+0x53/0x53 [ 17.190296] ? dump_header+0x1d9/0xe0e [ 17.191009] dump_header+0x28e/0xe0e [ 17.191337] ? pagefault_out_of_memory+0x152/0x152 [ 17.191736] ? print_irqtrace_events+0x270/0x270 [ 17.192178] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 17.192691] ? print_irqtrace_events+0x270/0x270 [ 17.193146] ? __lock_acquire+0x6aa/0x3d50 [ 17.193565] ? find_held_lock+0x35/0x1d0 [ 17.193987] ? check_noncircular+0x20/0x20 [ 17.194400] ? task_will_free_mem+0x252/0xaa0 [ 17.194836] ? find_held_lock+0x35/0x1d0 [ 17.195241] ? ___ratelimit+0x30d/0x630 [ 17.195625] ? lock_downgrade+0x990/0x990 [ 17.196037] ? do_raw_spin_trylock+0x190/0x190 [ 17.196482] ? mark_held_locks+0xaf/0x100 [ 17.196889] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 17.197387] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 17.197958] ? trace_hardirqs_on+0xd/0x10 [ 17.198365] ? ___ratelimit+0x95/0x630 [ 17.198747] ? idr_get_free_cmn+0xfd0/0xfd0 [ 17.199173] ? check_noncircular+0x20/0x20 [ 17.199585] ? find_held_lock+0x138/0x1d0 [ 17.200000] oom_kill_process+0x86d/0x13c0 [ 17.200421] ? has_ns_capability_noaudit+0x163/0x2a0 [ 17.200905] ? lock_downgrade+0x990/0x990 [ 17.201380] ? oom_evaluate_task+0x480/0x480 [ 17.201832] ? security_capable_noaudit+0x8b/0xc0 [ 17.202308] ? has_ns_capability_noaudit+0x18c/0x2a0 [ 17.202798] ? has_capability+0x30/0x30 [ 17.203190] ? check_noncircular+0x20/0x20 [ 17.203612] ? has_capability_noaudit+0x24/0x30 [ 17.204062] ? oom_badness+0xd1/0x980 [ 17.204426] ? lock_release+0xa40/0xa40 [ 17.204814] ? do_try_to_free_pages+0xc53/0x1020 [ 17.205272] ? find_lock_task_mm+0x460/0x460 [ 17.205703] ? find_held_lock+0x35/0x1d0 [ 17.206140] ? out_of_memory+0xaa9/0x11d0 [ 17.206543] ? lock_downgrade+0x990/0x990 [ 17.206949] ? lock_release+0xa40/0xa40 [ 17.207337] ? __alloc_pages_slowpath+0x1001/0x2db0 [ 17.207831] ? oom_evaluate_task+0x284/0x480 [ 17.208262] out_of_memory+0x7dc/0x11d0 [ 17.208649] ? trace_hardirqs_on+0xd/0x10 [ 17.209041] ? oom_killer_disable+0x310/0x310 [ 17.209465] ? mutex_trylock+0x23a/0x2d0 [ 17.209944] ? __ww_mutex_wakeup_for_backoff+0x240/0x240 [ 17.210425] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 17.210899] __alloc_pages_slowpath+0x1d9d/0x2db0 [ 17.211264] ? __radix_tree_insert+0x7b0/0x7b0 [ 17.211698] ? warn_alloc+0x2f0/0x2f0 [ 17.212036] ? find_get_entry+0x513/0x9e0 [ 17.212667] ? lock_downgrade+0x990/0x990 [ 17.212987] ? radix_tree_lookup_slot+0x99/0xe0 [ 17.213316] ? __lock_acquire+0x6aa/0x3d50 [ 17.213665] ? find_get_entry+0x53c/0x9e0 [ 17.214028] ? check_noncircular+0x20/0x20 [ 17.214367] ? __lock_acquire+0x6aa/0x3d50 [ 17.214758] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 17.215187] ? __radix_tree_lookup+0x435/0x5e0 [ 17.215662] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 17.216148] ? __page_cache_alloc+0x12d/0x500 [ 17.216587] ? __might_sleep+0x95/0x190 [ 17.216976] __alloc_pages_nodemask+0x9fb/0xd80 [ 17.217433] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 17.217975] ? add_to_page_cache_lru+0x510/0x510 [ 17.218459] ? check_noncircular+0x20/0x20 [ 17.218877] ? check_noncircular+0x20/0x20 [ 17.219307] ? __lock_acquire+0x6aa/0x3d50 [ 17.219726] ? radix_tree_next_chunk+0x5e8/0xdf0 [ 17.220226] alloc_pages_current+0xb6/0x1e0 [ 17.220659] __page_cache_alloc+0x334/0x500 [ 17.221066] ? rcu_read_lock_held+0xa9/0xc0 [ 17.221482] ? trace_event_raw_event_file_check_and_advance_wb_err+0x490/0x490 [ 17.222244] filemap_fault+0xf32/0x1d30 [ 17.222653] ? __lock_page_or_retry+0x4f0/0x4f0 [ 17.223120] ? filemap_map_pages+0x942/0x15d0 [ 17.223566] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 17.224092] ? find_get_entries_tag+0xeb0/0xeb0 [ 17.224609] ? check_noncircular+0x20/0x20 [ 17.225024] ? __lock_acquire+0x6aa/0x3d50 [ 17.225440] ? __lock_acquire+0x6aa/0x3d50 [ 17.225761] ? check_noncircular+0x20/0x20 [ 17.226198] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 17.226720] ? lock_acquire+0x1d5/0x580 [ 17.227106] ? lock_acquire+0x1d5/0x580 [ 17.227500] ? ext4_filemap_fault+0x7a/0xad [ 17.227896] ? lock_release+0xa40/0xa40 [ 17.228298] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 17.228883] ? __sigqueue_free.part.16+0x51/0x60 [ 17.229348] ? rcu_note_context_switch+0x710/0x710 [ 17.230218] ? kmem_cache_free+0x249/0x280 [ 17.230650] ? __might_sleep+0x95/0x190 [ 17.231062] ? down_read+0x96/0x150 [ 17.231425] ? ext4_filemap_fault+0x7a/0xad [ 17.231860] ? __down_interruptible+0x6b0/0x6b0 [ 17.232336] ? rcu_pm_notify+0xc0/0xc0 [ 17.232732] ext4_filemap_fault+0x82/0xad [ 17.233099] __do_fault+0xeb/0x30f [ 17.233935] ? find_held_lock+0x35/0x1d0 [ 17.234319] ? pte_offset_kernel+0xc7/0xc7 [ 17.234602] ? __set_current_blocked+0xcf/0x110 [ 17.234896] ? check_noncircular+0x20/0x20 [ 17.235165] __handle_mm_fault+0x1b9b/0x39c0 [ 17.235444] ? __pmd_alloc+0x4e0/0x4e0 [ 17.235699] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 17.236030] ? find_held_lock+0x35/0x1d0 [ 17.236291] ? handle_mm_fault+0x248/0x8d0 [ 17.236569] ? lock_downgrade+0x990/0x990 [ 17.236847] handle_mm_fault+0x334/0x8d0 [ 17.237102] ? down_read_trylock+0xdb/0x170 [ 17.237372] ? __do_page_fault+0x31e/0xd60 [ 17.237649] ? __handle_mm_fault+0x39c0/0x39c0 [ 17.238305] ? vmacache_find+0x5f/0x280 [ 17.238674] ? vmacache_update+0xfe/0x130 [ 17.239066] ? find_vma+0x30/0x150 [ 17.239416] __do_page_fault+0x5bd/0xd60 [ 17.239735] ? mm_fault_error+0x2c0/0x2c0 [ 17.240017] ? exit_to_usermode_loop+0x8c/0x310 [ 17.240325] do_page_fault+0xee/0x720 [ 17.240575] ? __do_page_fault+0xd60/0xd60 [ 17.240851] ? kasan_check_write+0x14/0x20 [ 17.241137] ? syscall_return_slowpath+0x2b3/0x510 [ 17.241459] ? prepare_exit_to_usermode+0x2d0/0x2d0 [ 17.242174] ? return_from_SYSCALL_64+0x2d/0x7a [ 17.242625] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 17.242972] do_async_page_fault+0x82/0x110 [ 17.243245] async_page_fault+0x22/0x30 [ 17.243492] RIP: 0033:0x402a80 [ 17.243691] RSP: 002b:00007ffcfa946338 EFLAGS: 00010246 [ 17.244033] RAX: 0000000000000000 RBX: 00007ffcfa946950 RCX: 00007faf63697dd3 [ 17.244477] RDX: 00007ffcfa946340 RSI: 00007ffcfa946470 RDI: 0000000000000011 [ 17.244931] RBP: 00007ffcfa946b00 R08: 00007ffcfa946b80 R09: 0000000000000001 [ 17.245377] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 17.245967] R13: 00007ffcfa946ee0 R14: 0000000000000000 R15: 0000000000000000 [ 17.246693] Mem-Info: [ 17.246948] active_anon:1677 inactive_anon:44 isolated_anon:0 [ 17.246948] active_file:65 inactive_file:35 isolated_file:0 [ 17.246948] unevictable:0 dirty:0 writeback:0 unstable:0 [ 17.246948] slab_reclaimable:4899 slab_unreclaimable:24938 [ 17.246948] mapped:2 shmem:50 pagetables:275 bounce:0 [ 17.246948] free:17642 free_pcp:434 free_cma:0 [ 17.250306] Node 0 active_anon:3780kB inactive_anon:92kB active_file:192kB inactive_file:116kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:0kB writeback:0kB shmem:108kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 17.252858] Node 1 active_anon:2928kB inactive_anon:84kB active_file:68kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:0kB writeback:0kB shmem:92kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 17.255253] Node 0 DMA free:4168kB min:640kB low:800kB high:960kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 17.258134] lowmem_reserve[]: 0 886 886 886 [ 17.258581] Node 0 DMA32 free:36376kB min:36540kB low:45672kB high:54804kB active_anon:3780kB inactive_anon:92kB active_file:280kB inactive_file:8kB unevictable:0kB writepending:0kB present:1032192kB managed:910076kB mlocked:0kB kernel_stack:2496kB pagetables:308kB bounce:0kB free_pcp:876kB local_pcp:120kB free_cma:0kB [ 17.261240] lowmem_reserve[]: 0 0 0 0 [ 17.261621] Node 1 DMA32 free:30024kB min:30400kB low:38000kB high:45600kB active_anon:2928kB inactive_anon:84kB active_file:68kB inactive_file:24kB unevictable:0kB writepending:0kB present:1048560kB managed:755260kB mlocked:0kB kernel_stack:1152kB pagetables:792kB bounce:0kB free_pcp:860kB local_pcp:120kB free_cma:0kB [ 17.264331] lowmem_reserve[]: 0 0 0 0 [ 17.264708] Node 0 DMA: 0*4kB 1*8kB (U) 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 2*2048kB (UM) 0*4096kB = 4168kB [ 17.265988] Node 0 DMA32: 280*4kB (ME) 229*8kB (ME) 145*16kB (UM) 110*32kB (ME) 75*64kB (ME) 32*128kB (UME) 15*256kB (UME) 5*512kB (ME) 2*1024kB (UE) 1*2048kB (M) 2*4096kB (M) = 36376kB [ 17.267659] Node 1 DMA32: 340*4kB (UME) 193*8kB (UME) 137*16kB (ME) 69*32kB (UME) 31*64kB (UME) 14*128kB (ME) 4*256kB (ME) 3*512kB (UME) 0*1024kB 0*2048kB 4*4096kB (M) = 30024kB [ 17.269260] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 17.270113] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 17.270726] 146 total pagecache pages [ 17.271076] 0 pages in swap cache [ 17.271401] Swap cache stats: add 0, delete 0, find 0/0 [ 17.271900] Free swap = 0kB [ 17.272210] Total swap = 0kB [ 17.272494] 524186 pages RAM [ 17.272776] 0 pages HighMem/MovableOnly [ 17.273168] 103875 pages reserved [ 17.273580] Unreclaimable slab info: [ 17.273988] Name Used Total [ 17.274548] TIPC 1KB 7KB [ 17.275076] SCTPv6 2KB 4KB [ 17.275585] DCCPv6 2KB 7KB [ 17.276416] DCCP 2KB 6KB [ 17.276945] fib6_nodes 0KB 4KB [ 17.277464] ip6_dst_cache 9KB 11KB [ 17.277960] RAWv6 13KB 19KB [ 17.278476] UDPv6 18KB 18KB [ 17.278980] TCPv6 2KB 5KB [ 17.279521] uhci_urb_priv 0KB 7KB [ 17.280050] scsi_sense_cache 47KB 68KB [ 17.280556] sd_ext_cdb 0KB 7KB [ 17.281091] virtio_scsi_cmd 16KB 16KB [ 17.281594] sgpool-128 34KB 34KB [ 17.282247] sgpool-64 23KB 31KB [ 17.282835] sgpool-32 21KB 23KB [ 17.283442] sgpool-16 21KB 22KB [ 17.284081] sgpool-8 118KB 150KB [ 17.284686] cfq_io_cq 14KB 15KB [ 17.285293] cfq_queue 19KB 27KB [ 17.285894] mqueue_inode_cache 1KB 7KB [ 17.286472] nfs_commit_data 3KB 14KB [ 17.286989] nfs_write_data 34KB 44KB [ 17.287653] jbd2_inode 4KB 7KB [ 17.288229] ext4_system_zone 0KB 7KB [ 17.288762] bio-1 1KB 7KB [ 17.289318] rpc_buffers 17KB 25KB [ 17.289839] rpc_tasks 2KB 7KB [ 17.290384] UNIX 395KB 395KB [ 17.290912] tcp_bind_bucket 1KB 8KB [ 17.291466] ip_fib_trie 1KB 7KB [ 17.291988] ip_fib_alias 1KB 7KB [ 17.292587] ip_dst_cache 14KB 15KB [ 17.293172] RAW 11KB 14KB [ 17.293698] UDP 24KB 26KB [ 17.294260] request_sock_TCP 3KB 3KB [ 17.294786] TCP 21KB 23KB [ 17.295337] hugetlbfs_inode_cache 1KB 7KB [ 17.295891] eventpoll_pwq 8KB 23KB [ 17.296408] eventpoll_epi 19KB 35KB [ 17.296910] inotify_inode_mark 2KB 7KB [ 17.297983] request_queue 33KB 39KB [ 17.298506] blkdev_ioc 20KB 23KB [ 17.299026] bio-0 107KB 144KB [ 17.299518] biovec-(1<<(21-12)) 420KB 420KB [ 17.300063] biovec-128 29KB 44KB [ 17.300557] biovec-64 12KB 31KB [ 17.301189] biovec-16 5KB 18KB [ 17.301693] khugepaged_mm_slot 0KB 3KB [ 17.302229] uid_cache 6KB 7KB [ 17.302726] dmaengine-unmap-2 0KB 3KB [ 17.303250] skbuff_fclone_cache 127KB 127KB [ 17.303778] skbuff_head_cache 5595KB 5595KB [ 17.304305] configfs_dir_cache 0KB 8KB [ 17.304817] file_lock_cache 147KB 150KB [ 17.305344] file_lock_ctx 2KB 7KB [ 17.305897] fsnotify_mark_connector 1KB 7KB [ 17.306477] shmem_inode_cache 867KB 873KB [ 17.306980] task_delay_info 200KB 264KB [ 17.307513] sigqueue 126KB 149KB [ 17.307984] kernfs_node_cache 2044KB 2051KB [ 17.308513] mnt_cache 14KB 24KB [ 17.309113] filp 2123KB 2426KB [ 17.309608] names_cache 24841KB 24917KB [ 17.310136] avc_node 2KB 7KB [ 17.310627] selinux_file_security 117KB 139KB [ 17.311242] selinux_inode_security 1248KB 1396KB [ 17.311793] key_jar 2KB 11KB [ 17.312337] nsproxy 0KB 3KB [ 17.312857] vm_area_struct 3763KB 4915KB [ 17.313385] mm_struct 965KB 1347KB [ 17.313900] fs_cache 262KB 328KB [ 17.314437] files_cache 593KB 776KB [ 17.314956] signal_cache 835KB 1157KB [ 17.315504] sighand_cache 407KB 534KB [ 17.316042] task_struct 2047KB 2149KB [ 17.316564] cred_jar 806KB 836KB [ 17.317106] anon_vma_chain 1281KB 2346KB [ 17.317625] anon_vma 245KB 346KB [ 17.318363] pid 145KB 200KB [ 17.319316] Acpi-Operand 129KB 198KB [ 17.319832] Acpi-ParseExt 1KB 15KB [ 17.320374] Acpi-Parse 40KB 63KB [ 17.320884] Acpi-State 53KB 82KB [ 17.321422] Acpi-Namespace 17KB 23KB [ 17.321946] numa_policy 0KB 3KB [ 17.322481] trace_event_file 139KB 139KB [ 17.323006] ftrace_event_field 245KB 252KB [ 17.323552] pool_workqueue 13KB 20KB [ 17.324103] page->ptl 635KB 1027KB [ 17.324939] kmalloc-262144 258KB 258KB [ 17.325553] kmalloc-131072 130KB 130KB [ 17.326159] kmalloc-65536 264KB 264KB [ 17.326745] kmalloc-32768 297KB 330KB [ 17.327300] kmalloc-16384 280KB 297KB [ 17.327813] kmalloc-8192 231KB 231KB [ 17.328913] kmalloc-4096 1844KB 1895KB [ 17.329471] kmalloc-2048 2630KB 2715KB [ 17.329978] kmalloc-1024 3339KB 3346KB [ 17.330494] kmalloc-512 963KB 1380KB [ 17.331004] kmalloc-256 617KB 847KB [ 17.331542] kmalloc-128 275KB 346KB [ 17.332087] kmalloc-96 220KB 320KB [ 17.332605] kmalloc-64 257KB 280KB [ 17.333145] kmalloc-32 494KB 933KB [ 17.333705] kmalloc-192 356KB 436KB [ 17.334388] kmem_cache 90KB 101KB [ 17.334969] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 17.335857] [ 1485] 0 1485 5381 178 86016 0 -1000 udevd [ 17.336783] [ 2737] 0 2737 5380 179 81920 0 -1000 udevd [ 17.337709] [ 2882] 0 2882 14244 105 122880 0 0 rsyslogd [ 17.338653] [ 2917] 0 2917 4725 48 81920 0 0 cron [ 17.339544] [ 2942] 0 2942 12490 152 143360 0 -1000 sshd [ 17.345273] [ 2967] 0 2967 3694 41 73728 0 0 getty [ 17.346106] [ 2968] 0 2968 3694 41 73728 0 0 getty [ 17.346874] [ 2969] 0 2969 3694 41 69632 0 0 getty [ 17.347657] [ 2970] 0 2970 3694 39 77824 0 0 getty [ 17.348445] [ 2971] 0 2971 3694 42 73728 0 0 getty [ 17.349223] [ 2972] 0 2972 3694 40 73728 0 0 getty [ 17.350067] [ 2973] 0 2973 3649 41 77824 0 0 getty [ 17.350818] [ 2974] 0 2974 5380 179 81920 0 -1000 udevd [ 17.351620] [ 2975] 0 2975 5380 179 81920 0 -1000 udevd [ 17.352453] [ 2986] 0 2986 17820 196 184320 0 0 sshd [ 17.353251] [ 2990] 0 2990 4374 513 40960 0 0 syzkaller414652 [ 17.354209] Out of memory: Kill process 2990 (syzkaller414652) score 1 or sacrifice child [ 17.355184] Killed process 2990 (syzkaller414652) total-vm:17496kB, anon-rss:2052kB, file-rss:0kB, shmem-rss:0kB [ 17.360788] oom_reaper: reaped process 2990 (syzkaller414652), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 17.368388] init invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 17.369566] init cpuset=/ mems_allowed=0-1 [ 17.370007] CPU: 0 PID: 1 Comm: init Not tainted 4.14.0-rc5-next-20171018+ #8 [ 17.370710] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 17.371485] Call Trace: [ 17.371749] dump_stack+0x194/0x257 [ 17.372099] ? arch_local_irq_restore+0x53/0x53 [ 17.372551] ? dump_header+0x1d9/0xe0e [ 17.372943] dump_header+0x28e/0xe0e [ 17.373325] ? pagefault_out_of_memory+0x152/0x152 [ 17.374040] ? check_noncircular+0x20/0x20 [ 17.374457] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 17.374966] ? print_irqtrace_events+0x270/0x270 [ 17.375411] ? __lock_acquire+0x6aa/0x3d50 [ 17.375824] ? find_held_lock+0x35/0x1d0 [ 17.376221] ? check_noncircular+0x20/0x20 [ 17.376623] ? task_will_free_mem+0x252/0xaa0 [ 17.377044] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 17.377536] ? find_held_lock+0x35/0x1d0 [ 17.378212] ? ___ratelimit+0x30d/0x630 [ 17.378593] ? lock_downgrade+0x990/0x990 [ 17.378990] ? do_raw_spin_trylock+0x190/0x190 [ 17.379428] ? mark_held_locks+0xaf/0x100 [ 17.379824] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 17.380305] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 17.380792] ? trace_hardirqs_on+0xd/0x10 [ 17.381178] ? ___ratelimit+0x95/0x630 [ 17.381542] ? idr_get_free_cmn+0xfd0/0xfd0 [ 17.382031] ? check_noncircular+0x20/0x20 [ 17.382421] ? find_held_lock+0x138/0x1d0 [ 17.383119] oom_kill_process+0x86d/0x13c0 [ 17.383517] ? has_ns_capability_noaudit+0x163/0x2a0 [ 17.383982] ? check_noncircular+0x20/0x20 [ 17.384377] ? oom_evaluate_task+0x480/0x480 [ 17.384784] ? security_capable_noaudit+0x8b/0xc0 [ 17.385247] ? find_held_lock+0x35/0x1d0 [ 17.385617] ? check_noncircular+0x20/0x20 [ 17.386030] ? oom_unkillable_task+0x394/0x4c0 [ 17.386458] ? lock_downgrade+0x990/0x990 [ 17.386844] ? lock_release+0xa40/0xa40 [ 17.387210] ? do_try_to_free_pages+0xc53/0x1020 [ 17.387649] ? find_lock_task_mm+0x460/0x460 [ 17.388063] ? find_held_lock+0x35/0x1d0 [ 17.388446] ? out_of_memory+0xaa9/0x11d0 [ 17.388828] ? lock_downgrade+0x990/0x990 [ 17.389211] ? lock_release+0xa40/0xa40 [ 17.389577] ? __alloc_pages_slowpath+0x1001/0x2db0 [ 17.390133] ? oom_evaluate_task+0x284/0x480 [ 17.390534] out_of_memory+0x7dc/0x11d0 [ 17.390896] ? oom_killer_disable+0x310/0x310 [ 17.391323] ? mutex_trylock+0x23a/0x2d0 [ 17.391714] ? __lock_is_held+0xb6/0x140 [ 17.392168] ? __ww_mutex_wakeup_for_backoff+0x240/0x240 [ 17.392668] __alloc_pages_slowpath+0x1d9d/0x2db0 [ 17.394815] ? __radix_tree_insert+0x7b0/0x7b0 [ 17.395216] ? warn_alloc+0x2f0/0x2f0 [ 17.395565] ? find_get_entry+0x513/0x9e0 [ 17.395922] ? lock_downgrade+0x990/0x990 [ 17.396291] ? radix_tree_lookup_slot+0x99/0xe0 [ 17.396695] ? __lock_acquire+0x6aa/0x3d50 [ 17.397070] ? find_get_entry+0x53c/0x9e0 [ 17.397432] ? check_noncircular+0x20/0x20 [ 17.397873] ? __lock_acquire+0x6aa/0x3d50 [ 17.398250] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 17.398252] syzkaller414652: page allocation failure: order:0, mode:0x14000c0(GFP_KERNEL), nodemask=(null) [ 17.398276] syzkaller414652 cpuset=/ mems_allowed=0-1 [ 17.400067] ? __radix_tree_lookup+0x435/0x5e0 [ 17.400487] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 17.401053] ? __page_cache_alloc+0x12d/0x500 [ 17.401441] ? __might_sleep+0x95/0x190 [ 17.401795] __alloc_pages_nodemask+0x9fb/0xd80 [ 17.402197] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 17.402622] ? add_to_page_cache_lru+0x510/0x510 [ 17.403028] ? check_noncircular+0x20/0x20 [ 17.403417] ? check_noncircular+0x20/0x20 [ 17.403810] ? __lock_acquire+0x6aa/0x3d50 [ 17.404168] ? radix_tree_next_chunk+0x5e8/0xdf0 [ 17.404584] alloc_pages_current+0xb6/0x1e0 [ 17.404951] __page_cache_alloc+0x334/0x500 [ 17.405312] ? rcu_read_lock_held+0xa9/0xc0 [ 17.405675] ? trace_event_raw_event_file_check_and_advance_wb_err+0x490/0x490 [ 17.406574] filemap_fault+0xf32/0x1d30 [ 17.406935] ? __lock_page_or_retry+0x4f0/0x4f0 [ 17.407384] ? filemap_map_pages+0x942/0x15d0 [ 17.407764] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 17.408205] ? find_get_entries_tag+0xeb0/0xeb0 [ 17.408604] ? check_noncircular+0x20/0x20 [ 17.408962] ? __lock_acquire+0x6aa/0x3d50 [ 17.409315] ? __lock_acquire+0x6aa/0x3d50 [ 17.410079] ? check_noncircular+0x20/0x20 [ 17.410529] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 17.411018] ? lock_acquire+0x1d5/0x580 [ 17.411373] ? lock_acquire+0x1d5/0x580 [ 17.411753] ? ext4_filemap_fault+0x7a/0xad [ 17.412180] ? lock_release+0xa40/0xa40 [ 17.412511] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 17.413081] ? __sigqueue_free.part.16+0x51/0x60 [ 17.418127] ? rcu_note_context_switch+0x710/0x710 [ 17.418612] ? kmem_cache_free+0x249/0x280 [ 17.419037] ? __might_sleep+0x95/0x190 [ 17.419448] ? down_read+0x96/0x150 [ 17.419846] ? ext4_filemap_fault+0x7a/0xad [ 17.420329] ? __down_interruptible+0x6b0/0x6b0 [ 17.420847] ? rcu_pm_notify+0xc0/0xc0 [ 17.421290] ext4_filemap_fault+0x82/0xad [ 17.421757] __do_fault+0xeb/0x30f [ 17.422149] ? find_held_lock+0x35/0x1d0 [ 17.422588] ? pte_offset_kernel+0xc7/0xc7 [ 17.423067] ? __set_current_blocked+0xcf/0x110 [ 17.423578] ? check_noncircular+0x20/0x20 [ 17.424057] __handle_mm_fault+0x1b9b/0x39c0 [ 17.430480] ? __pmd_alloc+0x4e0/0x4e0 [ 17.430894] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 17.431446] ? find_held_lock+0x35/0x1d0 [ 17.431889] ? handle_mm_fault+0x248/0x8d0 [ 17.432354] ? lock_downgrade+0x990/0x990 [ 17.432832] handle_mm_fault+0x334/0x8d0 [ 17.433354] ? down_read_trylock+0xdb/0x170 [ 17.433819] ? __do_page_fault+0x31e/0xd60 [ 17.434231] ? __handle_mm_fault+0x39c0/0x39c0 [ 17.434671] ? vmacache_find+0x5f/0x280 [ 17.435057] ? vmacache_update+0xfe/0x130 [ 17.435462] ? find_vma+0x30/0x150 [ 17.435818] __do_page_fault+0x5bd/0xd60 [ 17.436219] ? mm_fault_error+0x2c0/0x2c0 [ 17.436623] ? exit_to_usermode_loop+0x8c/0x310 [ 17.437089] do_page_fault+0xee/0x720 [ 17.437463] ? __do_page_fault+0xd60/0xd60 [ 17.445904] ? kasan_check_write+0x14/0x20 [ 17.446311] ? syscall_return_slowpath+0x2b3/0x510 [ 17.446773] ? prepare_exit_to_usermode+0x2d0/0x2d0 [ 17.447253] ? return_from_SYSCALL_64+0x2d/0x7a [ 17.447705] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 17.448183] do_async_page_fault+0x82/0x110 [ 17.448560] async_page_fault+0x22/0x30 [ 17.448931] RIP: 0033:0x402a80 [ 17.449246] RSP: 002b:00007ffcfa946338 EFLAGS: 00010246 [ 17.453794] RAX: 0000000000000000 RBX: 00007ffcfa946950 RCX: 00007faf63697dd3 [ 17.454491] RDX: 00007ffcfa946340 RSI: 00007ffcfa946470 RDI: 0000000000000011 [ 17.455181] RBP: 00007ffcfa946b00 R08: 00007ffcfa946b80 R09: 0000000000000001 [ 17.455869] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 17.456551] R13: 00007ffcfa946ee0 R14: 0000000000000000 R15: 0000000000000000 [ 17.457318] Mem-Info: [ 17.458089] CPU: 2 PID: 2990 Comm: syzkaller414652 Not tainted 4.14.0-rc5-next-20171018+ #8 [ 17.458092] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 17.458094] Call Trace: [ 17.458105] dump_stack+0x194/0x257 [ 17.458117] ? arch_local_irq_restore+0x53/0x53 [ 17.458125] ? del_timer_sync+0xeb/0x240 [ 17.458144] warn_alloc+0x1c2/0x2f0 [ 17.458154] ? zone_watermark_ok_safe+0x400/0x400 [ 17.458166] ? call_timer_fn+0x830/0x830 [ 17.458180] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 17.458202] __alloc_pages_slowpath+0x25b5/0x2db0 [ 17.458246] ? warn_alloc+0x2f0/0x2f0 [ 17.458256] ? lock_downgrade+0x990/0x990 [ 17.458265] ? load_balance+0x33b0/0x33b0 [ 17.458275] ? print_irqtrace_events+0x270/0x270 [ 17.458288] ? mark_held_locks+0xaf/0x100 [ 17.458297] ? _raw_spin_unlock_irq+0x27/0x70 [ 17.458307] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 17.458314] ? trace_hardirqs_on+0xd/0x10 [ 17.458322] ? mmdrop+0x18/0x30 [ 17.458338] ? check_noncircular+0x20/0x20 [ 17.458347] ? retint_kernel+0x10/0x10 [ 17.458357] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 17.458366] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 17.458422] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 17.458442] ? __might_sleep+0x95/0x190 [ 17.458455] __alloc_pages_nodemask+0x9fb/0xd80 [ 17.458471] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 17.458479] ? mark_held_locks+0xaf/0x100 [ 17.458488] ? retint_kernel+0x10/0x10 [ 17.458497] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 17.458506] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 17.458522] ? retint_kernel+0x10/0x10 [ 17.458540] ? alloc_pages_current+0x115/0x1e0 [ 17.458557] alloc_pages_current+0xb6/0x1e0 [ 17.458571] relay_open_buf.part.10+0x22e/0x9b0 [ 17.458592] relay_open+0x57a/0xa40 [ 17.458606] ? relay_open_buf.part.10+0x9b0/0x9b0 [ 17.458617] ? __debugfs_create_file+0x2cc/0x3e0 [ 17.458633] ? debugfs_create_file+0x57/0x70 [ 17.458646] do_blk_trace_setup+0x4a4/0xcf0 [ 17.458660] ? blk_tracer_print_line+0x40/0x40 [ 17.458682] ? __might_sleep+0x95/0x190 [ 17.458697] ? kasan_check_write+0x14/0x20 [ 17.458705] ? _copy_from_user+0x99/0x110 [ 17.458716] blk_trace_setup+0xbd/0x180 [ 17.458725] ? do_blk_trace_setup+0xcf0/0xcf0 [ 17.458749] ? avc_has_extended_perms+0x6e5/0x12c0 [ 17.458762] sg_ioctl+0xc71/0x2d90 [ 17.458770] ? lock_release+0xa40/0xa40 [ 17.458785] ? sg_new_write.isra.20+0x830/0x830 [ 17.458807] ? avc_has_extended_perms+0x7fa/0x12c0 [ 17.458829] ? avc_ss_reset+0x110/0x110 [ 17.458845] ? __do_page_fault+0x64c/0xd60 [ 17.458854] ? lock_downgrade+0x990/0x990 [ 17.458873] ? handle_mm_fault+0x410/0x8d0 [ 17.458879] ? down_read_trylock+0xdb/0x170 [ 17.458884] ? __do_page_fault+0x31e/0xd60 [ 17.458911] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 17.458916] ? __do_page_fault+0x3d6/0xd60 [ 17.458927] ? rcu_note_context_switch+0x710/0x710 [ 17.458945] ? sg_new_write.isra.20+0x830/0x830 [ 17.458951] do_vfs_ioctl+0x1b1/0x1520 [ 17.458956] ? _cond_resched+0x14/0x30 [ 17.458971] ? ioctl_preallocate+0x2b0/0x2b0 [ 17.458982] ? selinux_capable+0x40/0x40 [ 17.458993] ? putname+0xf3/0x130 [ 17.459007] ? do_sys_open+0x320/0x6d0 [ 17.459028] ? security_file_ioctl+0x89/0xb0 [ 17.459041] SyS_ioctl+0x8f/0xc0 [ 17.459054] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 17.459059] RIP: 0033:0x439149 [ 17.459063] RSP: 002b:00007ffe878e2f78 EFLAGS: 00000206 ORIG_RAX: 0000000000000010 [ 17.459070] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000439149 [ 17.459073] RDX: 000000002084cf90 RSI: 00000000c0481273 RDI: 0000000000000003 [ 17.459077] RBP: 0000000000000082 R08: 00000000000000fe R09: 0000000000000000 [ 17.459080] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 17.459084] R13: 0000000000401da0 R14: 0000000000401e30 R15: 0000000000000000 [ 17.465895] Mem-Info: [ 17.465911] active_anon:1151 inactive_anon:44 isolated_anon:0 [ 17.465911] active_file:47 inactive_file:41 isolated_file:0 [ 17.465911] unevictable:0 dirty:0 writeback:0 unstable:0 [ 17.465911] slab_reclaimable:4899 slab_unreclaimable:24938 [ 17.465911] mapped:2 shmem:50 pagetables:274 bounce:0 [ 17.465911] free:9304 free_pcp:479 free_cma:0 [ 17.465924] Node 0 active_anon:1676kB inactive_anon:92kB active_file:148kB inactive_file:112kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:0kB writeback:0kB shmem:108kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 17.465936] Node 1 active_anon:2928kB inactive_anon:84kB active_file:40kB inactive_file:52kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:0kB writeback:0kB shmem:92kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 17.465938] Node 0 DMA free:3860kB min:640kB low:800kB high:960kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 17.465953] lowmem_reserve[]: 0 886 886 886 [ 17.465965] Node 0 DMA32 free:18212kB min:36540kB low:45672kB high:54804kB active_anon:1676kB inactive_anon:92kB active_file:148kB inactive_file:112kB unevictable:0kB writepending:0kB present:1032192kB managed:910076kB mlocked:0kB kernel_stack:2496kB pagetables:304kB bounce:0kB free_pcp:936kB local_pcp:120kB free_cma:0kB [ 17.465980] lowmem_reserve[]: 0 0 0 0 [ 17.465991] Node 1 DMA32 free:15144kB min:30400kB low:38000kB high:45600kB active_anon:2928kB inactive_anon:84kB active_file:40kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048560kB managed:755260kB mlocked:0kB kernel_stack:1152kB pagetables:792kB bounce:0kB free_pcp:980kB local_pcp:120kB free_cma:0kB [ 17.466025] lowmem_reserve[]: 0 0 0 0 [ 17.466032] Node 0 DMA: 1*4kB (U) 0*8kB 1*16kB (U) 0*32kB 0*64kB 0*128kB 1*256kB (U) 1*512kB (U) 1*1024kB (U) 1*2048kB (M) 0*4096kB = 3860kB [ 17.466058] Node 0 DMA32: 235*4kB (UME) 197*8kB (ME) 121*16kB (M) 94*32kB (UM) 60*64kB (M) 24*128kB (M) 11*256kB (UM) 2*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 18212kB [ 17.466086] Node 1 DMA32: 326*4kB (UME) 192*8kB (ME) 137*16kB (ME) 68*32kB (UME) 30*64kB (ME) 15*128kB (UME) 4*256kB (ME) 2*512kB (ME) 0*1024kB 1*2048kB (U) 0*4096kB = 15144kB [ 17.466118] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 17.466120] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 17.466122] 146 total pagecache pages [ 17.466126] 0 pages in swap cache [ 17.466128] Swap cache stats: add 0, delete 0, find 0/0 [ 17.466129] Free swap = 0kB [ 17.466131] Total swap = 0kB [ 17.466133] 524186 pages RAM [ 17.466134] 0 pages HighMem/MovableOnly [ 17.466135] 103875 pages reserved [ 17.559760] active_anon:1198 inactive_anon:44 isolated_anon:0 [ 17.559760] active_file:72 inactive_file:593 isolated_file:0 [ 17.559760] unevictable:0 dirty:10 writeback:0 unstable:0 [ 17.559760] slab_reclaimable:4900 slab_unreclaimable:24944 [ 17.559760] mapped:231 shmem:50 pagetables:274 bounce:0 [ 17.559760] free:132584 free_pcp:573 free_cma:0 [ 17.563102] Node 0 active_anon:1864kB inactive_anon:92kB active_file:252kB inactive_file:2372kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:992kB dirty:40kB writeback:0kB shmem:108kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 17.565645] Node 1 active_anon:2928kB inactive_anon:84kB active_file:36kB inactive_file:56kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:0kB writeback:0kB shmem:92kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 17.568471] Node 0 DMA free:3860kB min:640kB low:800kB high:960kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 17.577181] lowmem_reserve[]: 0 886 886 886 [ 17.577634] Node 0 DMA32 free:591408kB min:36540kB low:45672kB high:54804kB active_anon:1864kB inactive_anon:92kB active_file:252kB inactive_file:2472kB unevictable:0kB writepending:40kB present:1032192kB managed:910076kB mlocked:0kB kernel_stack:2496kB pagetables:304kB bounce:0kB free_pcp:1304kB local_pcp:180kB free_cma:0kB [ 17.580507] lowmem_reserve[]: 0 0 0 0 [ 17.580919] Node 1 DMA32 free:15144kB min:30400kB low:38000kB high:45600kB active_anon:2928kB inactive_anon:84kB active_file:36kB inactive_file:56kB unevictable:0kB writepending:0kB present:1048560kB managed:755260kB mlocked:0kB kernel_stack:1152kB pagetables:792kB bounce:0kB free_pcp:980kB local_pcp:120kB free_cma:0kB [ 17.583968] lowmem_reserve[]: 0 0 0 0 [ 17.584395] Node 0 DMA: 1*4kB (U) 0*8kB 1*16kB (U) 0*32kB 0*64kB 0*128kB 1*256kB (U) 1*512kB (U) 1*1024kB (U) 1*2048kB (M) 0*4096kB = 3860kB [ 17.585928] Node 0 DMA32: 1*4kB (U) 12*8kB (UME) 124*16kB (UME) 270*32kB (UM) 125*64kB (UME) 42*128kB (UME) 15*256kB (UME) 7*512kB (UE) 5*1024kB (UE) 5*2048kB (UE) 142*4096kB (U) = 628516kB [ 17.587862] Node 1 DMA32: 326*4kB (UME) 192*8kB (ME) 137*16kB (ME) 68*32kB (UME) 30*64kB (ME) 15*128kB (UME) 4*256kB (ME) 2*512kB (ME) 0*1024kB 1*2048kB (U) 0*4096kB = 15144kB [ 17.589609] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 17.590704] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 17.591577] 791 total pagecache pages [ 17.591997] 0 pages in swap cache [ 17.592400] Swap cache stats: add 0, delete 0, find 0/0 [ 17.592934] Free swap = 0kB [ 17.593268] Total swap = 0kB [ 17.593572] 524186 pages RAM [ 17.594051] 0 pages HighMem/MovableOnly [ 17.594445] 103875 pages reserved [ 17.594814] Unreclaimable slab info: [ 17.595261] Name Used Total [ 17.595822] TIPC 1KB 7KB [ 17.596430] SCTPv6 2KB 4KB [ 17.604684] DCCPv6 2KB 7KB [ 17.605254] DCCP 2KB 6KB [ 17.605830] fib6_nodes 0KB 4KB [ 17.606561] ip6_dst_cache 9KB 11KB [ 17.607121] RAWv6 13KB 19KB [ 17.607642] UDPv6 18KB 18KB [ 17.608207] TCPv6 2KB 5KB [ 17.608862] uhci_urb_priv 0KB 7KB [ 17.609404] scsi_sense_cache 47KB 68KB [ 17.609989] sd_ext_cdb 0KB 7KB [ 17.610563] virtio_scsi_cmd 16KB 16KB [ 17.611119] sgpool-128 42KB 42KB [ 17.611647] sgpool-64 31KB 38KB [ 17.612236] sgpool-32 21KB 23KB [ 17.612762] sgpool-16 21KB 22KB [ 17.613322] sgpool-8 118KB 150KB [ 17.614673] cfq_io_cq 14KB 15KB [ 17.615236] cfq_queue 19KB 27KB [ 17.615764] mqueue_inode_cache 1KB 7KB [ 17.616325] nfs_commit_data 3KB 14KB [ 17.616867] nfs_write_data 34KB 44KB [ 17.617434] jbd2_inode 4KB 7KB [ 17.618586] ext4_system_zone 0KB 7KB [ 17.619155] bio-1 1KB 7KB [ 17.619696] rpc_buffers 17KB 25KB [ 17.620259] rpc_tasks 2KB 7KB [ 17.620779] UNIX 395KB 395KB [ 17.621327] tcp_bind_bucket 1KB 8KB [ 17.621936] ip_fib_trie 1KB 7KB [ 17.622481] ip_fib_alias 1KB 7KB [ 17.623032] ip_dst_cache 14KB 15KB [ 17.623557] RAW 11KB 14KB [ 17.624272] UDP 24KB 26KB [ 17.624793] request_sock_TCP 3KB 3KB [ 17.625346] TCP 21KB 23KB [ 17.625877] hugetlbfs_inode_cache 1KB 7KB [ 17.626467] eventpoll_pwq 8KB 23KB [ 17.626994] eventpoll_epi 19KB 35KB [ 17.627559] inotify_inode_mark 2KB 7KB [ 17.628121] request_queue 33KB 39KB [ 17.628649] blkdev_ioc 20KB 23KB [ 17.629193] bio-0 107KB 144KB [ 17.629759] biovec-(1<<(21-12)) 420KB 420KB [ 17.630325] biovec-128 42KB 44KB [ 17.630849] biovec-64 25KB 31KB [ 17.631400] biovec-16 10KB 18KB [ 17.631923] khugepaged_mm_slot 0KB 3KB [ 17.632483] uid_cache 6KB 7KB [ 17.632997] dmaengine-unmap-2 0KB 3KB [ 17.633536] skbuff_fclone_cache 127KB 127KB [ 17.634351] skbuff_head_cache 5595KB 5595KB [ 17.634874] configfs_dir_cache 0KB 8KB [ 17.635433] file_lock_cache 147KB 150KB [ 17.635953] file_lock_ctx 2KB 7KB [ 17.636480] fsnotify_mark_connector 1KB 7KB [ 17.637050] shmem_inode_cache 867KB 873KB [ 17.637549] task_delay_info 200KB 264KB [ 17.638140] sigqueue 126KB 149KB [ 17.639288] kernfs_node_cache 2044KB 2051KB [ 17.639797] mnt_cache 14KB 24KB [ 17.640344] filp 2123KB 2426KB [ 17.640861] names_cache 24841KB 24917KB [ 17.641418] avc_node 2KB 7KB [ 17.642683] selinux_file_security 117KB 139KB [ 17.643285] selinux_inode_security 1248KB 1396KB [ 17.643857] key_jar 2KB 11KB [ 17.644406] nsproxy 0KB 3KB [ 17.644933] vm_area_struct 3763KB 4915KB [ 17.645481] mm_struct 965KB 1347KB [ 17.646655] fs_cache 262KB 328KB [ 17.647225] files_cache 593KB 776KB [ 17.648321] signal_cache 835KB 1157KB [ 17.648900] sighand_cache 407KB 534KB [ 17.649454] task_struct 2047KB 2149KB [ 17.657669] cred_jar 806KB 836KB [ 17.658858] anon_vma_chain 1281KB 2346KB [ 17.659400] anon_vma 245KB 346KB [ 17.659939] pid 145KB 200KB [ 17.660475] Acpi-Operand 129KB 198KB [ 17.660994] Acpi-ParseExt 1KB 15KB [ 17.661535] Acpi-Parse 40KB 63KB [ 17.666134] Acpi-State 53KB 82KB [ 17.666653] Acpi-Namespace 17KB 23KB [ 17.667202] numa_policy 0KB 3KB [ 17.667723] trace_event_file 139KB 139KB [ 17.668266] ftrace_event_field 245KB 252KB [ 17.668794] pool_workqueue 13KB 20KB [ 17.669337] page->ptl 635KB 1027KB [ 17.671227] kmalloc-262144 258KB 258KB [ 17.671757] kmalloc-131072 130KB 130KB [ 17.672765] kmalloc-65536 264KB 264KB [ 17.677884] kmalloc-32768 297KB 330KB [ 17.678453] kmalloc-16384 280KB 297KB [ 17.678984] kmalloc-8192 231KB 231KB [ 17.679531] kmalloc-4096 1844KB 1895KB [ 17.680077] kmalloc-2048 2630KB 2715KB [ 17.680600] kmalloc-1024 3354KB 3354KB [ 17.682111] kmalloc-512 963KB 1380KB [ 17.682599] kmalloc-256 617KB 847KB [ 17.683154] kmalloc-128 275KB 346KB [ 17.683669] kmalloc-96 220KB 320KB [ 17.684206] kmalloc-64 257KB 280KB [ 17.684722] kmalloc-32 494KB 933KB [ 17.685258] kmalloc-192 356KB 436KB [ 17.685949] kmem_cache 90KB 101KB [ 17.686495] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 17.687351] [ 1485] 0 1485 5381 178 86016 0 -1000 udevd [ 17.688153] [ 2737] 0 2737 5380 179 81920 0 -1000 udevd [ 17.688941] [ 2882] 0 2882 14244 497 122880 0 0 rsyslogd [ 17.689898] [ 2917] 0 2917 4725 48 81920 0 0 cron [ 17.690715] [ 2942] 0 2942 12490 152 143360 0 -1000 sshd [ 17.691514] [ 2967] 0 2967 3694 41 73728 0 0 getty [ 17.692330] [ 2968] 0 2968 3694 41 73728 0 0 getty [ 17.693151] [ 2969] 0 2969 3694 41 69632 0 0 getty [ 17.694176] [ 2970] 0 2970 3694 39 77824 0 0 getty [ 17.694976] [ 2971] 0 2971 3694 42 73728 0 0 getty [ 17.695809] [ 2972] 0 2972 3694 40 73728 0 0 getty [ 17.696634] [ 2973] 0 2973 3649 41 77824 0 0 getty [ 17.697461] [ 2974] 0 2974 5380 179 81920 0 -1000 udevd [ 17.698472] [ 2975] 0 2975 5380 179 81920 0 -1000 udevd [ 17.699327] [ 2986] 0 2986 17820 196 184320 0 0 sshd [ 17.700156] [ 2990] 0 2990 4374 0 36864 0 0 syzkaller414652 [ 17.701073] Out of memory: Kill process 2986 (sshd) score 0 or sacrifice child [ 17.702190] Killed process 2986 (sshd) total-vm:71280kB, anon-rss:780kB, file-rss:0kB, shmem-rss:4kB Connection to localhost closed by remote host. [ 17.765055] ================================================================== [ 17.765692] BUG: KASAN: double-free or invalid-free in relay_open+0x6a1/0xa40 [ 17.766803] [ 17.766914] CPU: 2 PID: 2990 Comm: syzkaller414652 Not tainted 4.14.0-rc5-next-20171018+ #8 [ 17.767460] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 17.767983] Call Trace: [ 17.768169] dump_stack+0x194/0x257 [ 17.768402] ? arch_local_irq_restore+0x53/0x53 [ 17.768709] ? show_regs_print_info+0x65/0x65 [ 17.768996] ? relay_open+0x6a1/0xa40 [ 17.769257] print_address_description+0x73/0x250 [ 17.769601] ? relay_open+0x6a1/0xa40 [ 17.770073] ? relay_open+0x6a1/0xa40 [ 17.770354] kasan_report_double_free+0x55/0x80 [ 17.770707] kasan_slab_free+0xa3/0xc0 [ 17.771007] kfree+0xca/0x250 [ 17.771274] relay_open+0x6a1/0xa40 [ 17.771574] ? relay_open_buf.part.10+0x9b0/0x9b0 [ 17.771968] ? __debugfs_create_file+0x2cc/0x3e0 [ 17.772356] ? debugfs_create_file+0x57/0x70 [ 17.772702] do_blk_trace_setup+0x4a4/0xcf0 [ 17.773063] ? blk_tracer_print_line+0x40/0x40 [ 17.773408] ? __might_sleep+0x95/0x190 [ 17.773803] ? kasan_check_write+0x14/0x20 [ 17.774165] ? _copy_from_user+0x99/0x110 [ 17.774470] blk_trace_setup+0xbd/0x180 [ 17.774776] ? do_blk_trace_setup+0xcf0/0xcf0 [ 17.775175] ? avc_has_extended_perms+0x6e5/0x12c0 [ 17.775553] sg_ioctl+0xc71/0x2d90 [ 17.775826] ? lock_release+0xa40/0xa40 [ 17.776151] ? sg_new_write.isra.20+0x830/0x830 [ 17.776507] ? avc_has_extended_perms+0x7fa/0x12c0 [ 17.776890] ? avc_ss_reset+0x110/0x110 [ 17.777220] ? __do_page_fault+0x64c/0xd60 [ 17.777541] ? lock_downgrade+0x990/0x990 [ 17.777922] ? handle_mm_fault+0x410/0x8d0 [ 17.778263] ? down_read_trylock+0xdb/0x170 [ 17.778586] ? __do_page_fault+0x31e/0xd60 [ 17.778977] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 17.779432] ? __do_page_fault+0x3d6/0xd60 [ 17.779758] ? rcu_note_context_switch+0x710/0x710 [ 17.780161] ? sg_new_write.isra.20+0x830/0x830 [ 17.780525] do_vfs_ioctl+0x1b1/0x1520 [ 17.780822] ? _cond_resched+0x14/0x30 [ 17.781153] ? ioctl_preallocate+0x2b0/0x2b0 [ 17.781475] ? selinux_capable+0x40/0x40 [ 17.781827] ? putname+0xf3/0x130 [ 17.782119] ? do_sys_open+0x320/0x6d0 [ 17.782416] ? security_file_ioctl+0x89/0xb0 [ 17.782788] SyS_ioctl+0x8f/0xc0 [ 17.783088] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 17.783455] RIP: 0033:0x439149 [ 17.783709] RSP: 002b:00007ffe878e2f78 EFLAGS: 00000206 ORIG_RAX: 0000000000000010 [ 17.784320] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000439149 [ 17.784863] RDX: 000000002084cf90 RSI: 00000000c0481273 RDI: 0000000000000003 [ 17.785411] RBP: 0000000000000082 R08: 00000000000000fe R09: 0000000000000000 [ 17.786067] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 17.786633] R13: 0000000000401da0 R14: 0000000000401e30 R15: 0000000000000000 [ 17.787181] [ 17.787309] Allocated by task 2990: [ 17.787576] save_stack+0x43/0xd0 [ 17.787876] kasan_kmalloc+0xad/0xe0 [ 17.788211] kmem_cache_alloc_trace+0x136/0x750 [ 17.788529] relay_open+0xf2/0xa40 [ 17.788762] do_blk_trace_setup+0x4a4/0xcf0 [ 17.789049] blk_trace_setup+0xbd/0x180 [ 17.789343] sg_ioctl+0xc71/0x2d90 [ 17.789601] do_vfs_ioctl+0x1b1/0x1520 [ 17.790216] SyS_ioctl+0x8f/0xc0 [ 17.790444] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 17.790739] [ 17.790844] Freed by task 2990: [ 17.791067] save_stack+0x43/0xd0 [ 17.791293] kasan_slab_free+0x71/0xc0 [ 17.791561] kfree+0xca/0x250 [ 17.791794] relay_open+0x84a/0xa40 [ 17.792051] do_blk_trace_setup+0x4a4/0xcf0 [ 17.792342] blk_trace_setup+0xbd/0x180 [ 17.792613] sg_ioctl+0xc71/0x2d90 [ 17.792893] do_vfs_ioctl+0x1b1/0x1520 [ 17.793226] SyS_ioctl+0x8f/0xc0 [ 17.793508] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 17.794005] [ 17.794164] The buggy address belongs to the object at ffff88003c97dd00 [ 17.794164] which belongs to the cache kmalloc-512 of size 512 [ 17.795139] The buggy address is located 0 bytes inside of [ 17.795139] 512-byte region [ffff88003c97dd00, ffff88003c97df00) [ 17.795987] The buggy address belongs to the page: [ 17.796369] page:ffffea0000f25f40 count:1 mapcount:0 mapping:ffff88003c97d080 index:0x0 [ 17.796989] flags: 0x100000000000100(slab) [ 17.797347] raw: 0100000000000100 ffff88003c97d080 0000000000000000 0000000100000006 [ 17.798030] raw: ffffea0000f25f20 ffffea0000f261e0 ffff88003e800940 0000000000000000 [ 17.798686] page dumped because: kasan: bad access detected [ 17.799125] [ 17.799255] Memory state around the buggy address: [ 17.799626] ffff88003c97dc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.800187] ffff88003c97dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.800785] >ffff88003c97dd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.801471] ^ [ 17.801776] ffff88003c97dd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.802398] ffff88003c97de00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.802943] ================================================================== [ 17.803707] Disabling lock debugging due to kernel taint [ 17.804248] Kernel panic - not syncing: panic_on_warn set ... [ 17.804248] [ 17.804960] CPU: 2 PID: 2990 Comm: syzkaller414652 Tainted: G B 4.14.0-rc5-next-20171018+ #8 [ 17.805890] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 17.806709] Call Trace: [ 17.806995] dump_stack+0x194/0x257 [ 17.807376] ? arch_local_irq_restore+0x53/0x53 [ 17.807779] ? kasan_end_report+0x32/0x50 [ 17.808056] ? lock_downgrade+0x990/0x990 [ 17.808321] ? vsnprintf+0x1ed/0x1900 [ 17.808565] panic+0x1e4/0x41c [ 17.808783] ? refcount_error_report+0x214/0x214 [ 17.809561] ? add_taint+0x40/0x50 [ 17.809909] ? add_taint+0x1c/0x50 [ 17.810203] ? relay_open+0x6a1/0xa40 [ 17.810470] ? relay_open+0x6a1/0xa40 [ 17.810765] kasan_end_report+0x50/0x50 [ 17.811077] kasan_report_double_free+0x72/0x80 [ 17.811407] kasan_slab_free+0xa3/0xc0 [ 17.811711] kfree+0xca/0x250 [ 17.811955] relay_open+0x6a1/0xa40 [ 17.812251] ? relay_open_buf.part.10+0x9b0/0x9b0 [ 17.812620] ? __debugfs_create_file+0x2cc/0x3e0 [ 17.813120] ? debugfs_create_file+0x57/0x70 [ 17.813557] do_blk_trace_setup+0x4a4/0xcf0 [ 17.814000] ? blk_tracer_print_line+0x40/0x40 [ 17.814363] ? __might_sleep+0x95/0x190 [ 17.814676] ? kasan_check_write+0x14/0x20 [ 17.815034] ? _copy_from_user+0x99/0x110 [ 17.815363] blk_trace_setup+0xbd/0x180 [ 17.815638] ? do_blk_trace_setup+0xcf0/0xcf0 [ 17.815970] ? avc_has_extended_perms+0x6e5/0x12c0 [ 17.816354] sg_ioctl+0xc71/0x2d90 [ 17.816616] ? lock_release+0xa40/0xa40 [ 17.816940] ? sg_new_write.isra.20+0x830/0x830 [ 17.817339] ? avc_has_extended_perms+0x7fa/0x12c0 [ 17.817782] ? avc_ss_reset+0x110/0x110 [ 17.818232] ? __do_page_fault+0x64c/0xd60 [ 17.818647] ? lock_downgrade+0x990/0x990 [ 17.819063] ? handle_mm_fault+0x410/0x8d0 [ 17.819491] ? down_read_trylock+0xdb/0x170 [ 17.819922] ? __do_page_fault+0x31e/0xd60 [ 17.820324] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0 [ 17.820792] ? __do_page_fault+0x3d6/0xd60 [ 17.821168] ? rcu_note_context_switch+0x710/0x710 [ 17.821581] ? sg_new_write.isra.20+0x830/0x830 [ 17.821960] do_vfs_ioctl+0x1b1/0x1520 [ 17.822250] ? _cond_resched+0x14/0x30 [ 17.822551] ? ioctl_preallocate+0x2b0/0x2b0 [ 17.822919] ? selinux_capable+0x40/0x40 [ 17.823225] ? putname+0xf3/0x130 [ 17.823495] ? do_sys_open+0x320/0x6d0 [ 17.823799] ? security_file_ioctl+0x89/0xb0 [ 17.824137] SyS_ioctl+0x8f/0xc0 [ 17.824401] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 17.824764] RIP: 0033:0x439149 [ 17.825018] RSP: 002b:00007ffe878e2f78 EFLAGS: 00000206 ORIG_RAX: 0000000000000010 [ 17.825602] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000439149 [ 17.826195] RDX: 000000002084cf90 RSI: 00000000c0481273 RDI: 0000000000000003 [ 17.826740] RBP: 0000000000000082 R08: 00000000000000fe R09: 0000000000000000 [ 17.827322] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 17.827873] R13: 0000000000401da0 R14: 0000000000401e30 R15: 0000000000000000 [ 17.828501] Dumping ftrace buffer: [ 17.828772] (ftrace buffer empty) [ 17.829070] Kernel Offset: disabled [ 17.829367] Rebooting in 86400 seconds..