====================================================== WARNING: possible circular locking dependency detected 4.13.0-rc6-next-20170825+ #9 Not tainted ------------------------------------------------------ kworker/1:2/1308 is trying to acquire lock: (netstamp_work){+.+.}, at: [] process_one_work+0xb2c/0x1be0 kernel/workqueue.c:2094 but now in release context of a crosslock acquired at the following: ((complete)wq_barr::done#2/1){+.+.}, at: [] flush_work+0x621/0x930 kernel/workqueue.c:2868 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #8 ((complete)wq_barr::done#2/1){+.+.}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 complete_acquire include/linux/completion.h:39 [inline] __wait_for_common kernel/sched/completion.c:108 [inline] wait_for_common kernel/sched/completion.c:122 [inline] wait_for_completion+0xc8/0x770 kernel/sched/completion.c:143 flush_work+0x621/0x930 kernel/workqueue.c:2868 drain_all_pages+0x490/0x750 mm/page_alloc.c:2533 __alloc_pages_direct_reclaim mm/page_alloc.c:3619 [inline] __alloc_pages_slowpath+0xd2e/0x2ee0 mm/page_alloc.c:4014 __alloc_pages_nodemask+0x9f7/0xd80 mm/page_alloc.c:4213 __alloc_pages include/linux/gfp.h:469 [inline] __alloc_pages_node include/linux/gfp.h:482 [inline] kmem_getpages mm/slab.c:1415 [inline] cache_grow_begin+0x86/0x400 mm/slab.c:2683 fallback_alloc+0x150/0x2b0 mm/slab.c:3224 ____cache_alloc_node+0x1cf/0x1e0 mm/slab.c:3292 slab_alloc_node mm/slab.c:3332 [inline] kmem_cache_alloc_node_trace+0xe9/0x760 mm/slab.c:3668 __do_kmalloc_node mm/slab.c:3688 [inline] __kmalloc_node+0x33/0x70 mm/slab.c:3696 kmalloc_node include/linux/slab.h:535 [inline] alloc_request_size+0x80/0x120 block/blk-core.c:700 mempool_alloc+0x16a/0x4b0 mm/mempool.c:329 __get_request block/blk-core.c:1247 [inline] get_request+0xdeb/0x23b0 block/blk-core.c:1355 blk_queue_bio+0x39d/0x1450 block/blk-core.c:1857 generic_make_request+0x435/0xe20 block/blk-core.c:2207 submit_bio+0x18b/0x520 block/blk-core.c:2281 ext4_mpage_readpages+0x12a8/0x1c10 fs/ext4/readpage.c:291 ext4_readpages+0xb9/0x100 fs/ext4/inode.c:3342 read_pages mm/readahead.c:121 [inline] __do_page_cache_readahead+0x6c6/0xc00 mm/readahead.c:199 ra_submit mm/internal.h:66 [inline] do_sync_mmap_readahead mm/filemap.c:2293 [inline] filemap_fault+0xb1a/0x1d30 mm/filemap.c:2369 ext4_filemap_fault+0x85/0xb0 fs/ext4/inode.c:6109 __do_fault+0xeb/0x30f mm/memory.c:3170 do_read_fault mm/memory.c:3580 [inline] do_fault mm/memory.c:3680 [inline] handle_pte_fault mm/memory.c:3910 [inline] __handle_mm_fault+0x1b9b/0x39c0 mm/memory.c:4034 handle_mm_fault+0x3bb/0x860 mm/memory.c:4071 __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1445 trace_do_page_fault+0x141/0x730 arch/x86/mm/fault.c:1538 do_async_page_fault+0x72/0xc0 arch/x86/kernel/kvm.c:266 async_page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1093 -> #7 (&ei->i_mmap_sem){++++}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 down_read+0x96/0x150 kernel/locking/rwsem.c:23 ext4_filemap_fault+0x7d/0xb0 fs/ext4/inode.c:6108 __do_fault+0xeb/0x30f mm/memory.c:3170 do_cow_fault mm/memory.c:3609 [inline] do_fault mm/memory.c:3682 [inline] handle_pte_fault mm/memory.c:3910 [inline] __handle_mm_fault+0x1617/0x39c0 mm/memory.c:4034 handle_mm_fault+0x3bb/0x860 mm/memory.c:4071 __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1445 trace_do_page_fault+0x141/0x730 arch/x86/mm/fault.c:1538 do_async_page_fault+0x72/0xc0 arch/x86/kernel/kvm.c:266 async_page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1093 __clear_user+0x42/0x70 arch/x86/lib/usercopy_64.c:23 clear_user+0x79/0xa0 arch/x86/lib/usercopy_64.c:53 padzero fs/binfmt_elf.c:129 [inline] load_elf_binary+0x28d5/0x4c10 fs/binfmt_elf.c:1057 search_binary_handler+0x142/0x6b0 fs/exec.c:1652 exec_binprm fs/exec.c:1694 [inline] do_execveat_common.isra.33+0x1746/0x22e0 fs/exec.c:1816 do_execve+0x31/0x40 fs/exec.c:1860 run_init_process+0x32/0x40 init/main.c:943 try_to_run_init_process+0x17/0x50 init/main.c:952 kernel_init+0xf3/0x172 init/main.c:1025 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 -> #6 (&mm->mmap_sem){++++}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 __might_fault+0x13a/0x1d0 mm/memory.c:4486 _copy_to_user+0x2c/0xc0 lib/usercopy.c:24 copy_to_user include/linux/uaccess.h:154 [inline] filldir+0x1a7/0x320 fs/readdir.c:196 dir_emit_dot include/linux/fs.h:3317 [inline] dir_emit_dots include/linux/fs.h:3328 [inline] dcache_readdir+0x12d/0x5e0 fs/libfs.c:193 iterate_dir+0x4b2/0x5d0 fs/readdir.c:51 SYSC_getdents fs/readdir.c:231 [inline] SyS_getdents+0x225/0x450 fs/readdir.c:212 entry_SYSCALL_64_fastpath+0x1f/0xbe -> #5 (&sb->s_type->i_mutex_key#5){++++}: down_write+0x87/0x120 kernel/locking/rwsem.c:53 inode_lock include/linux/fs.h:712 [inline] handle_create+0x30c/0x760 drivers/base/devtmpfs.c:218 handle drivers/base/devtmpfs.c:372 [inline] devtmpfsd+0x3eb/0x520 drivers/base/devtmpfs.c:398 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 -> #4 ((complete)&req.done){+.+.}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 complete_acquire include/linux/completion.h:39 [inline] __wait_for_common kernel/sched/completion.c:108 [inline] wait_for_common kernel/sched/completion.c:122 [inline] wait_for_completion+0xc8/0x770 kernel/sched/completion.c:143 devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:114 device_add+0x120f/0x1640 drivers/base/core.c:1824 device_create_groups_vargs+0x1f3/0x250 drivers/base/core.c:2430 device_create_vargs drivers/base/core.c:2470 [inline] device_create+0xda/0x110 drivers/base/core.c:2506 msr_device_create+0x26/0x40 arch/x86/kernel/msr.c:188 cpuhp_invoke_callback+0x256/0x14d0 kernel/cpu.c:145 cpuhp_thread_fun+0x265/0x520 kernel/cpu.c:434 smpboot_thread_fn+0x489/0x850 kernel/smpboot.c:164 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 -> #3 (cpuhp_state){+.+.}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 cpuhp_invoke_ap_callback kernel/cpu.c:467 [inline] cpuhp_issue_call+0x1a2/0x3e0 kernel/cpu.c:1308 __cpuhp_setup_state_cpuslocked+0x2e7/0x610 kernel/cpu.c:1455 __cpuhp_setup_state+0xb0/0x140 kernel/cpu.c:1484 cpuhp_setup_state include/linux/cpuhotplug.h:177 [inline] page_writeback_init+0x4d/0x71 mm/page-writeback.c:2082 pagecache_init+0x48/0x4f mm/filemap.c:871 start_kernel+0x71a/0x7ad init/main.c:690 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:381 x86_64_start_kernel+0x13c/0x149 arch/x86/kernel/head64.c:362 verify_cpu+0x0/0xfb -> #2 (cpuhp_state_mutex){+.+.}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 __cpuhp_setup_state_cpuslocked+0x5b/0x610 kernel/cpu.c:1430 __cpuhp_setup_state+0xb0/0x140 kernel/cpu.c:1484 cpuhp_setup_state_nocalls include/linux/cpuhotplug.h:205 [inline] kvm_guest_init+0x1f3/0x20f arch/x86/kernel/kvm.c:488 setup_arch+0x1899/0x1ab3 arch/x86/kernel/setup.c:1294 start_kernel+0xa5/0x7ad init/main.c:530 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:381 x86_64_start_kernel+0x13c/0x149 arch/x86/kernel/head64.c:362 verify_cpu+0x0/0xfb -> #1 (cpu_hotplug_lock.rw_sem){++++}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:218 static_key_enable+0x12/0x30 kernel/jump_label.c:153 netstamp_clear+0x32/0x60 net/core/dev.c:1734 process_one_work+0xbfd/0x1be0 kernel/workqueue.c:2098 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 -> #0 (netstamp_work){+.+.}: process_one_work+0xba5/0x1be0 kernel/workqueue.c:2095 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 0xffffffffffffffff other info that might help us debug this: Chain exists of: netstamp_work --> &ei->i_mmap_sem --> (complete)wq_barr::done#2/1 Possible unsafe locking scenario by crosslock: CPU0 CPU1 ---- ---- lock(&ei->i_mmap_sem); lock((complete)wq_barr::done#2/1); lock(netstamp_work); unlock((complete)wq_barr::done#2/1); *** DEADLOCK *** 3 locks held by kworker/1:2/1308: #0: ("mm_percpu_wq"){++++}, at: [] __write_once_size include/linux/compiler.h:305 [inline] #0: ("mm_percpu_wq"){++++}, at: [] atomic64_set arch/x86/include/asm/atomic64_64.h:33 [inline] #0: ("mm_percpu_wq"){++++}, at: [] atomic_long_set include/asm-generic/atomic-long.h:56 [inline] #0: ("mm_percpu_wq"){++++}, at: [] set_work_data kernel/workqueue.c:617 [inline] #0: ("mm_percpu_wq"){++++}, at: [] set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: ("mm_percpu_wq"){++++}, at: [] process_one_work+0xad4/0x1be0 kernel/workqueue.c:2090 #1: ((&barr->work)){+.+.}, at: [] process_one_work+0xb2c/0x1be0 kernel/workqueue.c:2094 #2: (&x->wait#14){....}, at: [] complete+0x18/0x80 kernel/sched/completion.c:34 stack backtrace: CPU: 1 PID: 1308 Comm: kworker/1:2 Not tainted 4.13.0-rc6-next-20170825+ #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Workqueue: mm_percpu_wq wq_barrier_func Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 print_circular_bug+0x503/0x710 kernel/locking/lockdep.c:1259 check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894 commit_xhlock kernel/locking/lockdep.c:5002 [inline] commit_xhlocks kernel/locking/lockdep.c:5046 [inline] lock_commit_crosslock+0xe73/0x1d10 kernel/locking/lockdep.c:5085 complete_release_commit include/linux/completion.h:49 [inline] complete+0x24/0x80 kernel/sched/completion.c:39 wq_barrier_func+0x16/0x20 kernel/workqueue.c:2437 process_one_work+0xbfd/0x1be0 kernel/workqueue.c:2098 process_scheduled_works kernel/workqueue.c:2159 [inline] worker_thread+0xa4b/0x1860 kernel/workqueue.c:2238 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 syzkaller531925: page allocation failure: order:5, mode:0x16040c0(GFP_KERNEL|__GFP_COMP|__GFP_NOTRACK), nodemask=(null) syzkaller531925 cpuset=/ mems_allowed=0-1 CPU: 3 PID: 3079 Comm: syzkaller531925 Not tainted 4.13.0-rc6-next-20170825+ #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254 __alloc_pages_slowpath+0x26ce/0x2ee0 mm/page_alloc.c:4120 __alloc_pages_nodemask+0x9f7/0xd80 mm/page_alloc.c:4213 __alloc_pages include/linux/gfp.h:469 [inline] __alloc_pages_node include/linux/gfp.h:482 [inline] kmem_getpages mm/slab.c:1415 [inline] cache_grow_begin+0x86/0x400 mm/slab.c:2683 fallback_alloc+0x150/0x2b0 mm/slab.c:3224 ____cache_alloc_node+0x1cf/0x1e0 mm/slab.c:3292 __do_cache_alloc mm/slab.c:3361 [inline] slab_alloc mm/slab.c:3389 [inline] kmem_cache_alloc_trace+0x27d/0x750 mm/slab.c:3625 kvm_arch_alloc_vm include/linux/slab.h:493 [inline] kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:646 [inline] kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3197 [inline] kvm_dev_ioctl+0x216/0x1840 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3248 vfs_ioctl fs/ioctl.c:45 [inline] do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685 SYSC_ioctl fs/ioctl.c:700 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x435369 RSP: 002b:00007ffe1a3ee238 EFLAGS: 00000207 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000435369 RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 000000000000032e RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000207 R12: 0000000000000000 R13: 0000000000401800 R14: 0000000000401890 R15: 0000000000000000 active_anon:3117 inactive_anon:41 isolated_anon:0 active_file:68 inactive_file:40 isolated_file:2 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:53722 slab_unreclaimable:329897 mapped:46 shmem:76 pagetables:299 bounce:0 free:17632 free_pcp:0 free_cma:0 Node 0 active_anon:6884kB inactive_anon:68kB active_file:44kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:0kB writeback:0kB shmem:148kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 1 active_anon:5584kB inactive_anon:96kB active_file:228kB inactive_file:132kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:168kB dirty:0kB writeback:0kB shmem:156kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:4088kB min:640kB low:800kB high:960kB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 886 886 886 Node 0 DMA32 free:36292kB min:36536kB low:45668kB high:54800kB active_anon:6832kB inactive_anon:68kB active_file:0kB inactive_file:128kB unevictable:0kB writepending:0kB present:1032192kB managed:909748kB mlocked:0kB kernel_stack:2720kB pagetables:560kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 1 DMA32 free:30148kB min:30404kB low:38004kB high:45604kB active_anon:5584kB inactive_anon:96kB active_file:260kB inactive_file:172kB unevictable:0kB writepending:0kB present:1048560kB managed:755216kB mlocked:0kB kernel_stack:1216kB pagetables:636kB bounce:0kB free_pcp:68kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 6*4kB (UM) 2*8kB (M) 1*16kB (M) 2*32kB (ME) 2*64kB (UE) 2*128kB (ME) 2*256kB (ME) 2*512kB (UM) 2*1024kB (UM) 0*2048kB 0*4096kB = 4088kB Node 0 DMA32: 209*4kB (UME) 333*8kB (UME) 174*16kB (UME) 94*32kB (UME) 36*64kB (UME) 9*128kB (M) 5*256kB (UM) 4*512kB (UME) 4*1024kB (UME) 6*2048kB (UME) 1*4096kB (M) = 36556kB Node 1 DMA32: 299*4kB (UME) 646*8kB (UME) 633*16kB (UME) 245*32kB (UME) 91*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 30156kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 196 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 524186 pages RAM 0 pages HighMem/MovableOnly 103968 pages reserved syzkaller531925: page allocation failure: order:5, mode:0x16040c0(GFP_KERNEL|__GFP_COMP|__GFP_NOTRACK), nodemask=(null) syzkaller531925 cpuset=/ mems_allowed=0-1 CPU: 1 PID: 3077 Comm: syzkaller531925 Not tainted 4.13.0-rc6-next-20170825+ #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254 __alloc_pages_slowpath+0x26ce/0x2ee0 mm/page_alloc.c:4120 __alloc_pages_nodemask+0x9f7/0xd80 mm/page_alloc.c:4213 __alloc_pages include/linux/gfp.h:469 [inline] __alloc_pages_node include/linux/gfp.h:482 [inline] kmem_getpages mm/slab.c:1415 [inline] cache_grow_begin+0x86/0x400 mm/slab.c:2683 fallback_alloc+0x150/0x2b0 mm/slab.c:3224 ____cache_alloc_node+0x1cf/0x1e0 mm/slab.c:3292 __do_cache_alloc mm/slab.c:3361 [inline] slab_alloc mm/slab.c:3389 [inline] kmem_cache_alloc_trace+0x27d/0x750 mm/slab.c:3625 kvm_arch_alloc_vm include/linux/slab.h:493 [inline] kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:646 [inline] kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3197 [inline] kvm_dev_ioctl+0x216/0x1840 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3248 vfs_ioctl fs/ioctl.c:45 [inline] do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685 SYSC_ioctl fs/ioctl.c:700 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x435369 RSP: 002b:00007ffe1a3ee238 EFLAGS: 00000203 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000435369 RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 00000000000002ff RBP: 6d766b2f7665642f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000203 R12: 0000000000000000 R13: 0000000000401800 R14: 0000000000401890 R15: 0000000000000000 rsyslogd invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 rsyslogd cpuset=/ mems_allowed=0-1 CPU: 0 PID: 2957 Comm: rsyslogd Not tainted 4.13.0-rc6-next-20170825+ #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 dump_header+0x234/0xa0e mm/oom_kill.c:421 oom_kill_process+0x86d/0x13d0 mm/oom_kill.c:836 out_of_memory+0x7dd/0x11d0 mm/oom_kill.c:1050 __alloc_pages_may_oom mm/page_alloc.c:3347 [inline] __alloc_pages_slowpath+0x1eae/0x2ee0 mm/page_alloc.c:4058 __alloc_pages_nodemask+0x9f7/0xd80 mm/page_alloc.c:4213 alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2035 alloc_pages include/linux/gfp.h:505 [inline] __page_cache_alloc+0x358/0x4d0 mm/filemap.c:840 page_cache_read mm/filemap.c:2234 [inline] filemap_fault+0xf32/0x1d30 mm/filemap.c:2418 ext4_filemap_fault+0x85/0xb0 fs/ext4/inode.c:6109 __do_fault+0xeb/0x30f mm/memory.c:3170 do_read_fault mm/memory.c:3580 [inline] do_fault mm/memory.c:3680 [inline] handle_pte_fault mm/memory.c:3910 [inline] __handle_mm_fault+0x1b9b/0x39c0 mm/memory.c:4034 handle_mm_fault+0x3bb/0x860 mm/memory.c:4071 __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1445 trace_do_page_fault+0x141/0x730 arch/x86/mm/fault.c:1538 do_async_page_fault+0x72/0xc0 arch/x86/kernel/kvm.c:266 async_page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1093 RIP: 0033:0x7f75706fddb4 RSP: 002b:00007f756f0cce40 EFLAGS: 00010207 RAX: 0000000000000fbc RBX: 000000000132a4b0 RCX: 00007f7571b2d1fd RDX: 0000000000000fbc RSI: 00007f75709015a0 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000001315260 R09: 0000000000000000 R10: 393378302b6b636f R11: 0000000000000000 R12: 000000000065e420 R13: 00007f756f0cd9c0 R14: 00007f7572172040 R15: 0000000000000003 Mem-Info: active_anon:3117 inactive_anon:41 isolated_anon:0 active_file:35 inactive_file:0 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:53721 slab_unreclaimable:329858 mapped:21 shmem:76 pagetables:299 bounce:0 free:17661 free_pcp:22 free_cma:0 Node 0 active_anon:6880kB inactive_anon:68kB active_file:20kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:0kB writeback:0kB shmem:148kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 1 active_anon:5588kB inactive_anon:96kB active_file:108kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:68kB dirty:0kB writeback:0kB shmem:156kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 0 DMA free:4088kB min:640kB low:800kB high:960kB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 886 886 886 Node 0 DMA32 free:36312kB min:36536kB low:45668kB high:54800kB active_anon:6828kB inactive_anon:68kB active_file:0kB inactive_file:124kB unevictable:0kB writepending:0kB present:1032192kB managed:909748kB mlocked:0kB kernel_stack:2720kB pagetables:556kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 1 DMA32 free:30244kB min:30404kB low:38004kB high:45604kB active_anon:5588kB inactive_anon:96kB active_file:152kB inactive_file:92kB unevictable:0kB writepending:0kB present:1048560kB managed:755216kB mlocked:0kB kernel_stack:1216kB pagetables:640kB bounce:0kB free_pcp:88kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 6*4kB (UM) 2*8kB (M) 1*16kB (M) 2*32kB (ME) 2*64kB (UE) 2*128kB (ME) 2*256kB (ME) 2*512kB (UM) 2*1024kB (UM) 0*2048kB 0*4096kB = 4088kB Node 0 DMA32: 211*4kB (UME) 333*8kB (UME) 174*16kB (UME) 94*32kB (UME) 36*64kB (UME) 9*128kB (M) 5*256kB (UM) 4*512kB (UME) 4*1024kB (UME) 6*2048kB (UME) 1*4096kB (M) = 36564kB Node 1 DMA32: 361*4kB (UME) 650*8kB (UME) 636*16kB (UME) 245*32kB (UME) 91*64kB (UME) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 30484kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 158 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 524186 pages RAM 0 pages HighMem/MovableOnly 103968 pages reserved [ pid ] uid tgid total_vm rss nr_ptes nr_pmds swapents oom_score_adj name [ 1526] 0 1526 7196 1978 20 3 0 -1000 udevd [ 2953] 0 2953 30616 167 24 3 0 0 rsyslogd [ 2989] 0 2989 4725 48 15 3 0 0 cron [ 3015] 0 3015 12490 153 29 3 0 -1000 sshd [ 3039] 0 3039 3694 39 13 3 0 0 getty [ 3040] 0 3040 3694 40 12 3 0 0 getty [ 3041] 0 3041 3694 39 13 3 0 0 getty [ 3042] 0 3042 3694 40 13 3 0 0 getty [ 3043] 0 3043 3694 41 12 3 0 0 getty [ 3044] 0 3044 3694 42 13 3 0 0 getty [ 3045] 0 3045 3649 40 13 3 0 0 getty [ 3048] 0 3048 5381 161 15 3 0 -1000 udevd [ 3049] 0 3049 5381 162 15 3 0 -1000 udevd [ 3069] 0 3069 17820 197 41 3 0 0 sshd [ 3071] 0 3071 271 1 4 2 0 0 syzkaller531925 [ 3072] 0 3072 4341 11 4 2 0 0 syzkaller531925 [ 3073] 0 3073 4341 11 5 2 0 0 syzkaller531925 [ 3074] 0 3074 4341 11 5 2 0 0 syzkaller531925 [ 3075] 0 3075 4341 11 4 2 0 0 syzkaller531925 [ 3076] 0 3076 4341 11 4 2 0 0 syzkaller531925 [ 3077] 0 3077 4341 11 5 2 0 0 syzkaller531925 [ 3078] 0 3078 4341 11 4 2 0 0 syzkaller531925 [ 3079] 0 3079 4341 11 4 2 0 0 syzkaller531925 Out of memory: Kill process 3069 (sshd) score 0 or sacrifice child Killed process 3071 (syzkaller531925) total-vm:1084kB, anon-rss:4kB, file-rss:0kB, shmem-rss:0kB rsyslogd invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 rsyslogd cpuset=/ mems_allowed=0-1 CPU: 0 PID: 2957 Comm: rsyslogd Not tainted 4.13.0-rc6-next-20170825+ #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 dump_header+0x234/0xa0e mm/oom_kill.c:421 oom_kill_process+0x86d/0x13d0 mm/oom_kill.c:836 out_of_memory+0x7dd/0x11d0 mm/oom_kill.c:1050 __alloc_pages_may_oom mm/page_alloc.c:3347 [inline] __alloc_pages_slowpath+0x1eae/0x2ee0 mm/page_alloc.c:4058 __alloc_pages_nodemask+0x9f7/0xd80 mm/page_alloc.c:4213 alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2035 alloc_pages include/linux/gfp.h:505 [inline] __page_cache_alloc+0x358/0x4d0 mm/filemap.c:840 page_cache_read mm/filemap.c:2234 [inline] filemap_fault+0xf32/0x1d30 mm/filemap.c:2418 ext4_filemap_fault+0x85/0xb0 fs/ext4/inode.c:6109 __do_fault+0xeb/0x30f mm/memory.c:3170 do_read_fault mm/memory.c:3580 [inline] do_fault mm/memory.c:3680 [inline] handle_pte_fault mm/memory.c:3910 [inline] __handle_mm_fault+0x1b9b/0x39c0 mm/memory.c:4034 handle_mm_fault+0x3bb/0x860 mm/memory.c:4071 __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1445 trace_do_page_fault+0x141/0x730 arch/x86/mm/fault.c:1538 do_async_page_fault+0x72/0xc0 arch/x86/kernel/kvm.c:266 async_page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1093 RIP: 0033:0x7f75706fddb4 RSP: 002b:00007f756f0cce40 EFLAGS: 00010207 RAX: 0000000000000fbc RBX: 000000000132a4b0 RCX: 00007f7571b2d1fd RDX: 0000000000000fbc RSI: 00007f75709015a0 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000001315260 R09: 0000000000000000 R10: 393378302b6b636f R11: 0000000000000000 R12: 000000000065e420 R13: 00007f756f0cd9c0 R14: 00007f7572172040 R15: 0000000000000003 Mem-Info: active_anon:3118 inactive_anon:41 isolated_anon:0 active_file:37 inactive_file:20 isolated_file:25 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:53745 slab_unreclaimable:329797 mapped:2 shmem:76 pagetables:296 bounce:0 free:17645 free_pcp:203 free_cma:0 Node 0 active_anon:6852kB inactive_anon:68kB active_file:32kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:0kB writeback:0kB shmem:148kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 1 active_anon:5620kB inactive_anon:96kB active_file:176kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:52kB dirty:0kB writeback:0kB shmem:156kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:4088kB min:640kB low:800kB high:960kB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 886 886 886 Node 0 DMA32 free:36468kB min:36536kB low:45668kB high:54800kB active_anon:6800kB inactive_anon:68kB active_file:32kB inactive_file:32kB unevictable:0kB writepending:0kB present:1032192kB managed:909748kB mlocked:0kB kernel_stack:2720kB pagetables:536kB bounce:0kB free_pcp:76kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 1 DMA32 free:30464kB min:30404kB low:38004kB high:45604kB active_anon:5620kB inactive_anon:96kB active_file:48kB inactive_file:116kB unevictable:0kB writepending:0kB present:1048560kB managed:755216kB mlocked:0kB kernel_stack:1184kB pagetables:648kB bounce:0kB free_pcp:28kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 6*4kB (UM) 2*8kB (M) 1*16kB (M) 2*32kB (ME) 2*64kB (UE) 2*128kB (ME) 2*256kB (ME) 2*512kB (UM) 2*1024kB (UM) 0*2048kB 0*4096kB = 4088kB Node 0 DMA32: 205*4kB (UME) 334*8kB (UME) 175*16kB (UME) 93*32kB (UME) 37*64kB (UME) 10*128kB (UM) 4*256kB (M) 4*512kB (UME) 4*1024kB (UME) 6*2048kB (UME) 1*4096kB (M) = 36468kB Node 1 DMA32: 355*4kB (UME) 660*8kB (UME) 638*16kB (UME) 246*32kB (UME) 91*64kB (UME) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 30604kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 171 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 524186 pages RAM 0 pages HighMem/MovableOnly 103968 pages reserved [ pid ] uid tgid total_vm rss nr_ptes nr_pmds swapents oom_score_adj name [ 1526] 0 1526 7196 1978 20 3 0 -1000 udevd [ 2953] 0 2953 30616 167 24 3 0 0 rsyslogd [ 2989] 0 2989 4725 48 15 3 0 0 cron [ 3015] 0 3015 12490 153 29 3 0 -1000 sshd [ 3039] 0 3039 3694 39 13 3 0 0 getty [ 3040] 0 3040 3694 40 12 3 0 0 getty [ 3041] 0 3041 3694 39 13 3 0 0 getty [ 3042] 0 3042 3694 40 13 3 0 0 getty [ 3043] 0 3043 3694 41 12 3 0 0 getty [ 3044] 0 3044 3694 42 13 3 0 0 getty [ 3045] 0 3045 3649 40 13 3 0 0 getty [ 3048] 0 3048 5381 161 15 3 0 -1000 udevd [ 3049] 0 3049 5381 162 15 3 0 -1000 udevd [ 3069] 0 3069 17820 197 41 3 0 0 sshd [ 3072] 0 3072 4341 11 5 2 0 0 syzkaller531925 [ 3073] 0 3073 4341 11 5 2 0 0 syzkaller531925 [ 3074] 0 3074 4341 11 5 2 0 0 syzkaller531925 [ 3075] 0 3075 4341 11 5 2 0 0 syzkaller531925 [ 3076] 0 3076 4341 11 4 2 0 0 syzkaller531925 [ 3077] 0 3077 4341 11 5 2 0 0 syzkaller531925 [ 3078] 0 3078 4341 11 4 2 0 0 syzkaller531925 [ 3079] 0 3079 4341 11 5 2 0 0 syzkaller531925 Out of memory: Kill process 3069 (sshd) score 0 or sacrifice child Killed process 3069 (sshd) total-vm:71280kB, anon-rss:784kB, file-rss:0kB, shmem-rss:4kB oom_reaper: reaped process 3069 (sshd), now anon-rss:0kB, file-rss:0kB, shmem-rss:4kB sshd (3069) used greatest stack depth: 9720 bytes left syzkaller531925: page allocation failure: order:5, mode:0x16040c0(GFP_KERNEL|__GFP_COMP|__GFP_NOTRACK), nodemask=(null) syzkaller531925 cpuset=/ mems_allowed=0-1 CPU: 0 PID: 3072 Comm: syzkaller531925 Not tainted 4.13.0-rc6-next-20170825+ #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254 __alloc_pages_slowpath+0x26ce/0x2ee0 mm/page_alloc.c:4120 __alloc_pages_nodemask+0x9f7/0xd80 mm/page_alloc.c:4213 __alloc_pages include/linux/gfp.h:469 [inline] __alloc_pages_node include/linux/gfp.h:482 [inline] kmem_getpages mm/slab.c:1415 [inline] cache_grow_begin+0x86/0x400 mm/slab.c:2683 fallback_alloc+0x150/0x2b0 mm/slab.c:3224 ____cache_alloc_node+0x1cf/0x1e0 mm/slab.c:3292 __do_cache_alloc mm/slab.c:3361 [inline] slab_alloc mm/slab.c:3389 [inline] kmem_cache_alloc_trace+0x27d/0x750 mm/slab.c:3625 kvm_arch_alloc_vm include/linux/slab.h:493 [inline] kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:646 [inline] kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3197 [inline] kvm_dev_ioctl+0x216/0x1840 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3248 vfs_ioctl fs/ioctl.c:45 [inline] do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685 SYSC_ioctl fs/ioctl.c:700 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x435369 RSP: 002b:00007ffe1a3ee238 EFLAGS: 00000207 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000435369 RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 000000000000033b RBP: 6d766b2f7665642f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000207 R12: 0000000000000000 R13: 0000000000401800 R14: 0000000000401890 R15: 0000000000000000