===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 4.19.75 #0 Not tainted SELinux: ebitmap start bit (4153092) is not a multiple of the map unit size (64) ----------------------------------------------------- syz-executor.4/21378 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: 000000000e5ce9ee ( SELinux: failed to load policy &fiq->waitq){+.+.}, at: spin_lock include/linux/spinlock.h:329 [inline] &fiq->waitq){+.+.}, at: aio_poll fs/aio.c:1741 [inline] &fiq->waitq){+.+.}, at: __io_submit_one fs/aio.c:1849 [inline] &fiq->waitq){+.+.}, at: io_submit_one+0xef2/0x2eb0 fs/aio.c:1885 and this task is already holding: 0000000081dc69ea (&(&ctx->ctx_lock)->rlock){..-.}, at: spin_lock_irq include/linux/spinlock.h:354 [inline] 0000000081dc69ea (&(&ctx->ctx_lock)->rlock){..-.}, at: aio_poll fs/aio.c:1739 [inline] 0000000081dc69ea (&(&ctx->ctx_lock)->rlock){..-.}, at: __io_submit_one fs/aio.c:1849 [inline] 0000000081dc69ea (&(&ctx->ctx_lock)->rlock){..-.}, at: io_submit_one+0xead/0x2eb0 fs/aio.c:1885 which would create a new lock dependency: audit: type=1326 audit(1569214328.722:5138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21377 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 (&(&ctx->ctx_lock)->rlock){..-.} -> (&fiq->waitq){+.+.} but this new dependency connects a SOFTIRQ-irq-safe lock: (&(&ctx->ctx_lock)->rlock){..-.} ... which became SOFTIRQ-irq-safe at: lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3900 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline] _raw_spin_lock_irq+0x60/0x80 kernel/locking/spinlock.c:160 spin_lock_irq include/linux/spinlock.h:354 [inline] free_ioctx_users+0x2d/0x490 fs/aio.c:614 percpu_ref_put_many include/linux/percpu-refcount.h:284 [inline] percpu_ref_put include/linux/percpu-refcount.h:300 [inline] percpu_ref_call_confirm_rcu lib/percpu-refcount.c:123 [inline] percpu_ref_switch_to_atomic_rcu+0x407/0x540 lib/percpu-refcount.c:158 __rcu_reclaim kernel/rcu/rcu.h:236 [inline] rcu_do_batch kernel/rcu/tree.c:2584 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2897 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2864 [inline] rcu_process_callbacks+0xba0/0x1a30 kernel/rcu/tree.c:2881 __do_softirq+0x25c/0x921 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x180/0x1d0 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x13b/0x550 arch/x86/kernel/apic/apic.c:1094 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893 __sanitizer_cov_trace_const_cmp4+0xd/0x20 kernel/kcov.c:187 check_preemption_disabled+0x3a/0x290 lib/smp_processor_id.c:15 debug_smp_processor_id+0x1c/0x20 lib/smp_processor_id.c:56 delay_tsc+0x42/0xc0 arch/x86/lib/delay.c:79 __delay arch/x86/lib/delay.c:161 [inline] __const_udelay+0x59/0x80 arch/x86/lib/delay.c:175 try_check_zero+0x201/0x330 kernel/rcu/srcutree.c:723 srcu_advance_state kernel/rcu/srcutree.c:1157 [inline] process_srcu+0x329/0xec0 kernel/rcu/srcutree.c:1251 process_one_work+0x989/0x1750 kernel/workqueue.c:2153 worker_thread+0x98/0xe40 kernel/workqueue.c:2296 kthread+0x354/0x420 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 to a SOFTIRQ-irq-unsafe lock: (&fiq->waitq){+.+.} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3900 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] flush_bg_queue+0x1f3/0x3d0 fs/fuse/dev.c:368 fuse_request_send_background_locked+0x26d/0x4e0 fs/fuse/dev.c:609 fuse_request_send_background+0x12b/0x180 fs/fuse/dev.c:617 fuse_send_init fs/fuse/inode.c:973 [inline] fuse_fill_super+0x13b7/0x1720 fs/fuse/inode.c:1188 mount_nodev+0x66/0x110 fs/super.c:1204 fuse_mount+0x2d/0x40 fs/fuse/inode.c:1213 mount_fs+0xa8/0x31f fs/super.c:1261 vfs_kern_mount.part.0+0x6f/0x410 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2469 [inline] do_mount+0x53e/0x2bc0 fs/namespace.c:2799 ksys_mount+0xdb/0x150 fs/namespace.c:3015 __do_sys_mount fs/namespace.c:3029 [inline] __se_sys_mount fs/namespace.c:3026 [inline] __x64_sys_mount+0xbe/0x150 fs/namespace.c:3026 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&fiq->waitq); local_irq_disable(); lock(&(&ctx->ctx_lock)->rlock); lock(&fiq->waitq); lock(&(&ctx->ctx_lock)->rlock); *** DEADLOCK *** 1 lock held by syz-executor.4/21378: #0: 0000000081dc69ea (&(&ctx->ctx_lock)->rlock){..-.}, at: spin_lock_irq include/linux/spinlock.h:354 [inline] #0: 0000000081dc69ea (&(&ctx->ctx_lock)->rlock){..-.}, at: aio_poll fs/aio.c:1739 [inline] #0: 0000000081dc69ea (&(&ctx->ctx_lock)->rlock){..-.}, at: __io_submit_one fs/aio.c:1849 [inline] #0: 0000000081dc69ea (&(&ctx->ctx_lock)->rlock){..-.}, at: io_submit_one+0xead/0x2eb0 fs/aio.c:1885 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 938 { IN-SOFTIRQ-W at: lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3900 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline] _raw_spin_lock_irq+0x60/0x80 kernel/locking/spinlock.c:160 spin_lock_irq include/linux/spinlock.h:354 [inline] free_ioctx_users+0x2d/0x490 fs/aio.c:614 percpu_ref_put_many include/linux/percpu-refcount.h:284 [inline] percpu_ref_put include/linux/percpu-refcount.h:300 [inline] percpu_ref_call_confirm_rcu lib/percpu-refcount.c:123 [inline] percpu_ref_switch_to_atomic_rcu+0x407/0x540 lib/percpu-refcount.c:158 __rcu_reclaim kernel/rcu/rcu.h:236 [inline] rcu_do_batch kernel/rcu/tree.c:2584 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2897 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2864 [inline] rcu_process_callbacks+0xba0/0x1a30 kernel/rcu/tree.c:2881 __do_softirq+0x25c/0x921 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x180/0x1d0 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x13b/0x550 arch/x86/kernel/apic/apic.c:1094 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893 __sanitizer_cov_trace_const_cmp4+0xd/0x20 kernel/kcov.c:187 check_preemption_disabled+0x3a/0x290 lib/smp_processor_id.c:15 debug_smp_processor_id+0x1c/0x20 lib/smp_processor_id.c:56 delay_tsc+0x42/0xc0 arch/x86/lib/delay.c:79 __delay arch/x86/lib/delay.c:161 [inline] __const_udelay+0x59/0x80 arch/x86/lib/delay.c:175 try_check_zero+0x201/0x330 kernel/rcu/srcutree.c:723 srcu_advance_state kernel/rcu/srcutree.c:1157 [inline] process_srcu+0x329/0xec0 kernel/rcu/srcutree.c:1251 process_one_work+0x989/0x1750 kernel/workqueue.c:2153 worker_thread+0x98/0xe40 kernel/workqueue.c:2296 kthread+0x354/0x420 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INITIAL USE at: lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3900 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline] _raw_spin_lock_irq+0x60/0x80 kernel/locking/spinlock.c:160 spin_lock_irq include/linux/spinlock.h:354 [inline] free_ioctx_users+0x2d/0x490 fs/aio.c:614 percpu_ref_put_many include/linux/percpu-refcount.h:284 [inline] percpu_ref_put include/linux/percpu-refcount.h:300 [inline] percpu_ref_call_confirm_rcu lib/percpu-refcount.c:123 [inline] percpu_ref_switch_to_atomic_rcu+0x407/0x540 lib/percpu-refcount.c:158 __rcu_reclaim kernel/rcu/rcu.h:236 [inline] rcu_do_batch kernel/rcu/tree.c:2584 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2897 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2864 [inline] rcu_process_callbacks+0xba0/0x1a30 kernel/rcu/tree.c:2881 __do_softirq+0x25c/0x921 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x180/0x1d0 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x13b/0x550 arch/x86/kernel/apic/apic.c:1094 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893 __sanitizer_cov_trace_const_cmp4+0xd/0x20 kernel/kcov.c:187 check_preemption_disabled+0x3a/0x290 lib/smp_processor_id.c:15 debug_smp_processor_id+0x1c/0x20 lib/smp_processor_id.c:56 delay_tsc+0x42/0xc0 arch/x86/lib/delay.c:79 __delay arch/x86/lib/delay.c:161 [inline] __const_udelay+0x59/0x80 arch/x86/lib/delay.c:175 try_check_zero+0x201/0x330 kernel/rcu/srcutree.c:723 srcu_advance_state kernel/rcu/srcutree.c:1157 [inline] process_srcu+0x329/0xec0 kernel/rcu/srcutree.c:1251 process_one_work+0x989/0x1750 kernel/workqueue.c:2153 worker_thread+0x98/0xe40 kernel/workqueue.c:2296 kthread+0x354/0x420 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 } ... key at: [] __key.50217+0x0/0x40 ... acquired at: lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3900 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] aio_poll fs/aio.c:1741 [inline] __io_submit_one fs/aio.c:1849 [inline] io_submit_one+0xef2/0x2eb0 fs/aio.c:1885 __do_sys_io_submit fs/aio.c:1929 [inline] __se_sys_io_submit fs/aio.c:1900 [inline] __x64_sys_io_submit+0x1aa/0x520 fs/aio.c:1900 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (&fiq->waitq){+.+.} ops: 412 { HARDIRQ-ON-W at: lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3900 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] flush_bg_queue+0x1f3/0x3d0 fs/fuse/dev.c:368 fuse_request_send_background_locked+0x26d/0x4e0 fs/fuse/dev.c:609 fuse_request_send_background+0x12b/0x180 fs/fuse/dev.c:617 fuse_send_init fs/fuse/inode.c:973 [inline] fuse_fill_super+0x13b7/0x1720 fs/fuse/inode.c:1188 mount_nodev+0x66/0x110 fs/super.c:1204 fuse_mount+0x2d/0x40 fs/fuse/inode.c:1213 mount_fs+0xa8/0x31f fs/super.c:1261 vfs_kern_mount.part.0+0x6f/0x410 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2469 [inline] do_mount+0x53e/0x2bc0 fs/namespace.c:2799 ksys_mount+0xdb/0x150 fs/namespace.c:3015 __do_sys_mount fs/namespace.c:3029 [inline] __se_sys_mount fs/namespace.c:3026 [inline] __x64_sys_mount+0xbe/0x150 fs/namespace.c:3026 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe SOFTIRQ-ON-W at: lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3900 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] flush_bg_queue+0x1f3/0x3d0 fs/fuse/dev.c:368 fuse_request_send_background_locked+0x26d/0x4e0 fs/fuse/dev.c:609 fuse_request_send_background+0x12b/0x180 fs/fuse/dev.c:617 fuse_send_init fs/fuse/inode.c:973 [inline] fuse_fill_super+0x13b7/0x1720 fs/fuse/inode.c:1188 mount_nodev+0x66/0x110 fs/super.c:1204 fuse_mount+0x2d/0x40 fs/fuse/inode.c:1213 mount_fs+0xa8/0x31f fs/super.c:1261 vfs_kern_mount.part.0+0x6f/0x410 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2469 [inline] do_mount+0x53e/0x2bc0 fs/namespace.c:2799 ksys_mount+0xdb/0x150 fs/namespace.c:3015 __do_sys_mount fs/namespace.c:3029 [inline] __se_sys_mount fs/namespace.c:3026 [inline] __x64_sys_mount+0xbe/0x150 fs/namespace.c:3026 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe INITIAL USE at: lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3900 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] flush_bg_queue+0x1f3/0x3d0 fs/fuse/dev.c:368 fuse_request_send_background_locked+0x26d/0x4e0 fs/fuse/dev.c:609 fuse_request_send_background+0x12b/0x180 fs/fuse/dev.c:617 fuse_send_init fs/fuse/inode.c:973 [inline] fuse_fill_super+0x13b7/0x1720 fs/fuse/inode.c:1188 mount_nodev+0x66/0x110 fs/super.c:1204 fuse_mount+0x2d/0x40 fs/fuse/inode.c:1213 mount_fs+0xa8/0x31f fs/super.c:1261 vfs_kern_mount.part.0+0x6f/0x410 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2469 [inline] do_mount+0x53e/0x2bc0 fs/namespace.c:2799 ksys_mount+0xdb/0x150 fs/namespace.c:3015 __do_sys_mount fs/namespace.c:3029 [inline] __se_sys_mount fs/namespace.c:3026 [inline] __x64_sys_mount+0xbe/0x150 fs/namespace.c:3026 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe } ... key at: [] __key.42217+0x0/0x40 ... acquired at: lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3900 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] aio_poll fs/aio.c:1741 [inline] __io_submit_one fs/aio.c:1849 [inline] io_submit_one+0xef2/0x2eb0 fs/aio.c:1885 __do_sys_io_submit fs/aio.c:1929 [inline] __se_sys_io_submit fs/aio.c:1900 [inline] __x64_sys_io_submit+0x1aa/0x520 fs/aio.c:1900 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe stack backtrace: CPU: 0 PID: 21378 Comm: syz-executor.4 Not tainted 4.19.75 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 print_bad_irq_dependency kernel/locking/lockdep.c:1568 [inline] check_usage.cold+0x611/0x946 kernel/locking/lockdep.c:1600 check_irq_usage kernel/locking/lockdep.c:1656 [inline] check_prev_add_irq kernel/locking/lockdep_states.h:8 [inline] check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1974 [inline] validate_chain kernel/locking/lockdep.c:2415 [inline] __lock_acquire+0x1e8c/0x49c0 kernel/locking/lockdep.c:3411 lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3900 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] aio_poll fs/aio.c:1741 [inline] __io_submit_one fs/aio.c:1849 [inline] io_submit_one+0xef2/0x2eb0 fs/aio.c:1885 __do_sys_io_submit fs/aio.c:1929 [inline] __se_sys_io_submit fs/aio.c:1900 [inline] __x64_sys_io_submit+0x1aa/0x520 fs/aio.c:1900 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459a09 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007faf31b5ec78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a09 RDX: 00000000200004c0 RSI: 0000000000001d95 RDI: 00007faf31b3c000 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007faf31b5f6d4 R13: 00000000004c0dea R14: 00000000004d3f98 R15: 00000000ffffffff kobject: 'loop2' (000000004011bb95): kobject_uevent_env audit: type=1326 audit(1569214329.952:5139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21377 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' SELinux: ebitmap start bit (4153093) is not a multiple of the map unit size (64) SELinux: failed to load policy audit: type=1326 audit(1569214330.042:5140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21406 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 kobject: 'kvm' (00000000497f3038): kobject_uevent_env kobject: 'kvm' (00000000497f3038): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'kvm' (00000000497f3038): kobject_uevent_env kobject: 'kvm' (00000000497f3038): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'loop3' (000000009d36cf60): kobject_uevent_env kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' SELinux: ebitmap start bit (4153094) is not a multiple of the map unit size (64) kobject: 'loop1' (00000000bc527e09): kobject_uevent_env SELinux: failed to load policy kobject: 'loop1' (00000000bc527e09): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'kvm' (00000000497f3038): kobject_uevent_env kobject: 'kvm' (00000000497f3038): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'loop3' (000000009d36cf60): kobject_uevent_env kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'kvm' (00000000497f3038): kobject_uevent_env kobject: 'loop3' (000000009d36cf60): kobject_uevent_env kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop4' (000000001bb786cd): kobject_uevent_env kobject: 'kvm' (00000000497f3038): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop2' (000000004011bb95): kobject_uevent_env kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' SELinux: ebitmap start bit (4153095) is not a multiple of the map unit size (64) SELinux: failed to load policy kobject: 'loop4' (000000001bb786cd): kobject_uevent_env kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop3' (000000009d36cf60): kobject_uevent_env kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop4' (000000001bb786cd): kobject_uevent_env kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop2' (000000004011bb95): kobject_uevent_env kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop1' (00000000bc527e09): kobject_uevent_env syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 kobject: 'loop1' (00000000bc527e09): fill_kobj_path: path = '/devices/virtual/block/loop1' syz-executor.0 cpuset=syz0 mems_allowed=0-1 audit: type=1326 audit(1569214330.912:5141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21469 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 CPU: 0 PID: 21464 Comm: syz-executor.0 Not tainted 4.19.75 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 dump_header+0x15e/0xa55 mm/oom_kill.c:441 kobject: 'loop4' (000000001bb786cd): kobject_uevent_env oom_kill_process.cold+0x10/0x6ef mm/oom_kill.c:954 out_of_memory mm/oom_kill.c:1129 [inline] out_of_memory+0x936/0x12d0 mm/oom_kill.c:1062 kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' mem_cgroup_out_of_memory+0x1d2/0x240 mm/memcontrol.c:1416 mem_cgroup_oom mm/memcontrol.c:1742 [inline] try_charge+0xef7/0x1480 mm/memcontrol.c:2304 mem_cgroup_try_charge+0x259/0x6b0 mm/memcontrol.c:5972 mem_cgroup_try_charge_delay+0x1f/0xa0 mm/memcontrol.c:5987 wp_page_copy+0x430/0x16a0 mm/memory.c:2520 kobject: 'loop2' (000000004011bb95): kobject_uevent_env kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' do_wp_page+0x57d/0x10b0 mm/memory.c:2799 handle_pte_fault mm/memory.c:4057 [inline] __handle_mm_fault+0x2305/0x3f80 mm/memory.c:4165 handle_mm_fault+0x1b5/0x690 mm/memory.c:4202 __do_page_fault+0x62a/0xe90 arch/x86/mm/fault.c:1390 do_page_fault+0x71/0x57d arch/x86/mm/fault.c:1465 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1204 RIP: 0033:0x40eba8 Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf ee ef 4b 00 31 c0 e8 83 31 ff ff 31 ff e8 cc 2d ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d be 18 66 00 RSP: 002b:00007ffc40f2ebb0 EFLAGS: 00010246 RAX: 00000000d696adb4 RBX: 00000000a4e9e534 RCX: 0000001b30a20000 RDX: 0000000000000000 RSI: 0000000000000db4 RDI: ffffffffd696adb4 RBP: 0000000000000002 R08: 00000000d696adb4 R09: 00000000d696adb8 R10: 00007ffc40f2ed50 R11: 0000000000000246 R12: 000000000075bfa8 R13: 0000000080000000 R14: 00007f5e2eb1c008 R15: 0000000000000002 kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' Task in /syz0 killed as a result of limit of /syz0 memory: usage 307200kB, limit 307200kB, failcnt 4655 kobject: 'loop4' (000000001bb786cd): kobject_uevent_env memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' Memory cgroup stats for /syz0: cache:0KB rss:225400KB rss_huge:186368KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:225488KB inactive_file:0KB active_file:0KB unevictable:0KB kobject: 'loop2' (000000004011bb95): kobject_uevent_env kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' Memory cgroup out of memory: Kill process 15799 (syz-executor.0) score 1113 or sacrifice child Killed process 15799 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB kobject: 'loop4' (000000001bb786cd): kobject_uevent_env kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' oom_reaper: reaped process 15799 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' SELinux: ebitmap start bit (4153120) is not a multiple of the map unit size (64) SELinux: failed to load policy kobject: 'loop4' (000000001bb786cd): kobject_uevent_env kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop2' (000000004011bb95): kobject_uevent_env kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop1' (00000000bc527e09): kobject_uevent_env kobject: 'loop1' (00000000bc527e09): fill_kobj_path: path = '/devices/virtual/block/loop1' audit: type=1326 audit(1569214331.722:5142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21499 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 net_ratelimit: 10 callbacks suppressed protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 kobject: 'loop1' (00000000bc527e09): kobject_uevent_env kobject: 'loop1' (00000000bc527e09): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'loop3' (000000009d36cf60): kobject_uevent_env kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' SELinux: ebitmap start bit (4153151) is not a multiple of the map unit size (64) audit: type=1326 audit(1569214333.912:5143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21509 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' SELinux: failed to load policy kobject: 'loop3' (000000009d36cf60): kobject_uevent_env kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' protocol 88fb is buggy, dev hsr_slave_0 kobject: 'loop2' (000000004011bb95): kobject_uevent_env syz-executor.0 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=0, oom_score_adj=0 syz-executor.0 cpuset=syz0 mems_allowed=0-1 kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' CPU: 1 PID: 7615 Comm: syz-executor.0 Not tainted 4.19.75 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: kobject: 'loop4' (000000001bb786cd): kobject_uevent_env __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 dump_header+0x15e/0xa55 mm/oom_kill.c:441 kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env oom_kill_process.cold+0x10/0x6ef mm/oom_kill.c:954 kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop2' (000000004011bb95): kobject_uevent_env out_of_memory mm/oom_kill.c:1129 [inline] out_of_memory+0x936/0x12d0 mm/oom_kill.c:1062 kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' mem_cgroup_out_of_memory+0x1d2/0x240 mm/memcontrol.c:1416 kobject: 'loop4' (000000001bb786cd): kobject_uevent_env mem_cgroup_oom mm/memcontrol.c:1742 [inline] try_charge+0xef7/0x1480 mm/memcontrol.c:2304 kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' memcg_kmem_charge_memcg+0x7c/0x130 mm/memcontrol.c:2634 memcg_charge_slab mm/slab.h:284 [inline] kmem_getpages mm/slab.c:1418 [inline] cache_grow_begin+0x3fa/0x8c0 mm/slab.c:2682 fallback_alloc+0x1fd/0x2d0 mm/slab.c:3224 kobject: 'loop4' (000000001bb786cd): kobject_uevent_env ____cache_alloc_node+0x1be/0x1e0 mm/slab.c:3292 __do_cache_alloc mm/slab.c:3361 [inline] slab_alloc mm/slab.c:3389 [inline] kmem_cache_alloc+0x1f3/0x700 mm/slab.c:3557 kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' vm_area_dup+0x21/0x170 kernel/fork.c:323 dup_mmap kernel/fork.c:484 [inline] dup_mm kernel/fork.c:1283 [inline] copy_mm kernel/fork.c:1339 [inline] copy_process.part.0+0x3407/0x7a30 kernel/fork.c:1892 copy_process kernel/fork.c:1689 [inline] _do_fork+0x257/0xfd0 kernel/fork.c:2202 kobject: 'loop4' (000000001bb786cd): kobject_uevent_env __do_sys_clone kernel/fork.c:2309 [inline] __se_sys_clone kernel/fork.c:2303 [inline] __x64_sys_clone+0xbf/0x150 kernel/fork.c:2303 kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457fda Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env RSP: 002b:00007ffc40f2ede0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007ffc40f2ede0 RCX: 0000000000457fda RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 00007ffc40f2ee20 R08: 0000000000000001 R09: 0000555556e18940 R10: 0000555556e18c10 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc40f2ee70 kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' Task in /syz0 killed as a result of limit of /syz0 memory: usage 307200kB, limit 307200kB, failcnt 4696 memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 Memory cgroup stats for /syz0: cache:0KB rss:225372KB rss_huge:186368KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:225432KB inactive_file:4KB active_file:0KB unevictable:0KB kobject: 'loop4' (000000001bb786cd): kobject_uevent_env Memory cgroup out of memory: Kill process 15884 (syz-executor.0) score 1113 or sacrifice child Killed process 15884 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' SELinux: ebitmap start bit (4153160) is not a multiple of the map unit size (64) SELinux: failed to load policy kobject: 'loop1' (00000000bc527e09): kobject_uevent_env SELinux: ebitmap start bit (4153164) is not a multiple of the map unit size (64) kobject: 'loop1' (00000000bc527e09): fill_kobj_path: path = '/devices/virtual/block/loop1' audit: type=1326 audit(1569214334.752:5144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21567 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 SELinux: failed to load policy kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop4' (000000001bb786cd): kobject_uevent_env kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop2' (000000004011bb95): kobject_uevent_env kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop3' (000000009d36cf60): kobject_uevent_env SELinux: ebitmap start bit (4153184) is not a multiple of the map unit size (64) kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' SELinux: failed to load policy kobject: 'loop4' (000000001bb786cd): kobject_uevent_env kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop3' (000000009d36cf60): kobject_uevent_env kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' SELinux: ebitmap start bit (4153192) is not a multiple of the map unit size (64) SELinux: failed to load policy kobject: 'loop4' (000000001bb786cd): kobject_uevent_env kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop2' (000000004011bb95): kobject_uevent_env kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop1' (00000000bc527e09): kobject_uevent_env kobject: 'loop1' (00000000bc527e09): fill_kobj_path: path = '/devices/virtual/block/loop1' SELinux: ebitmap start bit (4153196) is not a multiple of the map unit size (64) kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' audit: type=1326 audit(1569214335.652:5145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21612 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 SELinux: failed to load policy kobject: 'loop4' (000000001bb786cd): kobject_uevent_env kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop3' (000000009d36cf60): kobject_uevent_env kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop4' (000000001bb786cd): kobject_uevent_env kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' SELinux: ebitmap start bit (4153204) is not a multiple of the map unit size (64) kobject: 'loop2' (000000004011bb95): kobject_uevent_env kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' SELinux: failed to load policy kobject: 'loop4' (000000001bb786cd): kobject_uevent_env kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop1' (00000000bc527e09): kobject_uevent_env SELinux: ebitmap start bit (4153210) is not a multiple of the map unit size (64) kobject: 'loop1' (00000000bc527e09): fill_kobj_path: path = '/devices/virtual/block/loop1' syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 audit: type=1326 audit(1569214336.522:5146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21655 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 kobject: 'loop3' (000000009d36cf60): kobject_uevent_env kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' SELinux: failed to load policy syz-executor.0 cpuset=syz0 mems_allowed=0-1 CPU: 1 PID: 21645 Comm: syz-executor.0 Not tainted 4.19.75 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 dump_header+0x15e/0xa55 mm/oom_kill.c:441 kobject: 'loop4' (000000001bb786cd): kobject_uevent_env oom_kill_process.cold+0x10/0x6ef mm/oom_kill.c:954 out_of_memory mm/oom_kill.c:1129 [inline] out_of_memory+0x936/0x12d0 mm/oom_kill.c:1062 kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' mem_cgroup_out_of_memory+0x1d2/0x240 mm/memcontrol.c:1416 kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env mem_cgroup_oom mm/memcontrol.c:1742 [inline] try_charge+0xef7/0x1480 mm/memcontrol.c:2304 kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop2' (000000004011bb95): kobject_uevent_env kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' memcg_kmem_charge_memcg+0x7c/0x130 mm/memcontrol.c:2634 memcg_kmem_charge+0x136/0x370 mm/memcontrol.c:2667 __alloc_pages_nodemask+0x3c3/0x750 mm/page_alloc.c:4413 __alloc_pages include/linux/gfp.h:473 [inline] __alloc_pages_node include/linux/gfp.h:486 [inline] alloc_pages_node include/linux/gfp.h:500 [inline] alloc_thread_stack_node kernel/fork.c:241 [inline] dup_task_struct kernel/fork.c:806 [inline] copy_process.part.0+0x3e0/0x7a30 kernel/fork.c:1732 copy_process kernel/fork.c:1689 [inline] _do_fork+0x257/0xfd0 kernel/fork.c:2202 kobject: 'loop4' (000000001bb786cd): kobject_uevent_env kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' __do_sys_clone kernel/fork.c:2309 [inline] __se_sys_clone kernel/fork.c:2303 [inline] __x64_sys_clone+0xbf/0x150 kernel/fork.c:2303 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45c3d9 Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 RSP: 002b:00007ffc40f2eb48 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f5e2cafa700 RCX: 000000000045c3d9 RDX: 00007f5e2cafa9d0 RSI: 00007f5e2caf9db0 RDI: 00000000003d0f00 RBP: 00007ffc40f2ed60 R08: 00007f5e2cafa700 R09: 00007f5e2cafa700 R10: 00007f5e2cafa9d0 R11: 0000000000000202 R12: 0000000000000000 R13: 00007ffc40f2ebff R14: 00007f5e2cafa9c0 R15: 000000000075bfd4 kobject: 'loop3' (000000009d36cf60): kobject_uevent_env Task in /syz0 killed as a result of limit of /syz0 memory: usage 307192kB, limit 307200kB, failcnt 4736 memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env Memory cgroup stats for /syz0: cache:0KB rss:223804KB rss_huge:184320KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:223940KB inactive_file:0KB active_file:0KB unevictable:0KB kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' Memory cgroup out of memory: Kill process 15943 (syz-executor.0) score 1113 or sacrifice child Killed process 15943 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB oom_reaper: reaped process 15943 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB SELinux: ebitmap start bit (4153210) is not a multiple of the map unit size (64) syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 SELinux: failed to load policy syz-executor.0 cpuset=syz0 mems_allowed=0-1 CPU: 1 PID: 21647 Comm: syz-executor.0 Not tainted 4.19.75 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 dump_header+0x15e/0xa55 mm/oom_kill.c:441 oom_kill_process.cold+0x10/0x6ef mm/oom_kill.c:954 out_of_memory mm/oom_kill.c:1129 [inline] out_of_memory+0x936/0x12d0 mm/oom_kill.c:1062 mem_cgroup_out_of_memory+0x1d2/0x240 mm/memcontrol.c:1416 mem_cgroup_oom mm/memcontrol.c:1742 [inline] try_charge+0xc4e/0x1480 mm/memcontrol.c:2304 memcg_kmem_charge_memcg+0x7c/0x130 mm/memcontrol.c:2634 memcg_kmem_charge+0x136/0x370 mm/memcontrol.c:2667 __alloc_pages_nodemask+0x3c3/0x750 mm/page_alloc.c:4413 __alloc_pages include/linux/gfp.h:473 [inline] __alloc_pages_node include/linux/gfp.h:486 [inline] alloc_pages_node include/linux/gfp.h:500 [inline] alloc_thread_stack_node kernel/fork.c:241 [inline] dup_task_struct kernel/fork.c:806 [inline] copy_process.part.0+0x3e0/0x7a30 kernel/fork.c:1732 copy_process kernel/fork.c:1689 [inline] _do_fork+0x257/0xfd0 kernel/fork.c:2202 kobject: 'loop1' (00000000bc527e09): kobject_uevent_env __do_sys_clone kernel/fork.c:2309 [inline] __se_sys_clone kernel/fork.c:2303 [inline] __x64_sys_clone+0xbf/0x150 kernel/fork.c:2303 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 kobject: 'loop1' (00000000bc527e09): fill_kobj_path: path = '/devices/virtual/block/loop1' entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459a09 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 SELinux: ebitmap start bit (4153343) is not a multiple of the map unit size (64) RSP: 002b:00007f5e2cb1ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459a09 RDX: 9999999999999999 RSI: 0000000000000000 RDI: 00000000000003fd RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5e2cb1b6d4 R13: 00000000004bfeb7 R14: 00000000004d1d90 R15: 00000000ffffffff kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' audit: type=1326 audit(1569214337.502:5147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21694 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 kobject: 'loop3' (000000009d36cf60): kobject_uevent_env kobject: 'loop3' (000000009d36cf60): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop4' (000000001bb786cd): kobject_uevent_env kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop2' (000000004011bb95): kobject_uevent_env kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' Task in /syz0 killed as a result of limit of /syz0 SELinux: failed to load policy memory: usage 305156kB, limit 307200kB, failcnt 4737 kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 Memory cgroup stats for /syz0: cache:0KB rss:221892KB rss_huge:182272KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:221900KB inactive_file:0KB active_file:8KB unevictable:0KB Memory cgroup out of memory: Kill process 16007 (syz-executor.0) score 1113 or sacrifice child Killed process 16007 (syz-executor.0) total-vm:72712kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB kobject: 'loop2' (000000004011bb95): kobject_uevent_env kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' net_ratelimit: 19 callbacks suppressed protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 kobject: 'loop1' (00000000bc527e09): kobject_uevent_env kobject: 'loop1' (00000000bc527e09): fill_kobj_path: path = '/devices/virtual/block/loop1' SELinux: ebitmap start bit (4128770) is not a multiple of the map unit size (64) audit: type=1326 audit(1569214338.342:5148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=21720 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c84a code=0x0 SELinux: failed to load policy kobject: 'loop4' (000000001bb786cd): kobject_uevent_env kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop4' (000000001bb786cd): kobject_uevent_env kobject: 'loop4' (000000001bb786cd): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop2' (000000004011bb95): kobject_uevent_env kobject: 'loop2' (000000004011bb95): fill_kobj_path: path = '/devices/virtual/block/loop2' SELinux: ebitmap start bit (4128772) is not a multiple of the map unit size (64) protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 SELinux: failed to load policy kobject: 'loop5' (0000000075bcdd4d): kobject_uevent_env kobject: 'loop5' (0000000075bcdd4d): fill_kobj_path: path = '/devices/virtual/block/loop5'