BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:34 in_atomic(): 1, irqs_disabled(): 0, pid: 28835, name: syz-executor1 2 locks held by syz-executor1/28835: #0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000b4653762>] xfrm_netlink_rcv+0x60/0x90 net/xfrm/xfrm_user.c:2598 #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000d85d6fc9>] spin_lock_bh include/linux/spinlock.h:315 [inline] #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000d85d6fc9>] xfrm_policy_flush+0x424/0x770 net/xfrm/xfrm_policy.c:951 CPU: 0 PID: 28835 Comm: syz-executor1 Not tainted 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6060 __might_sleep+0x95/0x190 kernel/sched/core.c:6013 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:34 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x1c/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 xfrm_flush_policy+0x153/0x440 net/xfrm/xfrm_user.c:2061 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f11ff7e1c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000020007fc8 RDI: 0000000000000013 RBP: 00000000000003a3 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f37e8 R13: 00000000ffffffff R14: 00007f11ff7e26d4 R15: 0000000000000000 ===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 4.15.0-rc5+ #177 Tainted: G W ----------------------------------------------------- syz-executor1/28835 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: (cpu_hotplug_lock.rw_sem){++++}, at: [<000000003069159a>] get_online_cpus include/linux/cpu.h:117 [inline] (cpu_hotplug_lock.rw_sem){++++}, at: [<000000003069159a>] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 and this task is already holding: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000d85d6fc9>] spin_lock_bh include/linux/spinlock.h:315 [inline] (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000d85d6fc9>] xfrm_policy_flush+0x424/0x770 net/xfrm/xfrm_policy.c:951 which would create a new lock dependency: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...} -> (cpu_hotplug_lock.rw_sem){++++} but this new dependency connects a SOFTIRQ-irq-safe lock: (slock-AF_INET6/1){+.-.} ... which became SOFTIRQ-irq-safe at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 _raw_spin_lock_nested+0x28/0x40 kernel/locking/spinlock.c:354 __sk_receive_skb+0x3b6/0xc10 net/core/sock.c:504 dccp_v4_rcv+0xf5f/0x1c80 net/dccp/ipv4.c:874 ip_local_deliver_finish+0x2f1/0xc50 net/ipv4/ip_input.c:216 NF_HOOK include/linux/netfilter.h:250 [inline] ip_local_deliver+0x1ce/0x6e0 net/ipv4/ip_input.c:257 dst_input include/net/dst.h:449 [inline] ip_rcv_finish+0x953/0x1e30 net/ipv4/ip_input.c:397 NF_HOOK include/linux/netfilter.h:250 [inline] ip_rcv+0xc5a/0x1840 net/ipv4/ip_input.c:493 __netif_receive_skb_core+0x1a41/0x3460 net/core/dev.c:4499 __netif_receive_skb+0x2c/0x1b0 net/core/dev.c:4564 process_backlog+0x203/0x740 net/core/dev.c:5244 napi_poll net/core/dev.c:5642 [inline] net_rx_action+0x792/0x1910 net/core/dev.c:5708 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1115 do_softirq.part.21+0x14d/0x190 kernel/softirq.c:329 do_softirq kernel/softirq.c:177 [inline] __local_bh_enable_ip+0x1ee/0x230 kernel/softirq.c:182 local_bh_enable include/linux/bottom_half.h:32 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:727 [inline] ip_finish_output2+0x90e/0x14f0 net/ipv4/ip_output.c:231 ip_finish_output+0x864/0xd10 net/ipv4/ip_output.c:317 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip_output+0x1d2/0x860 net/ipv4/ip_output.c:405 dst_output include/net/dst.h:443 [inline] ip_local_out+0x95/0x160 net/ipv4/ip_output.c:124 ip_queue_xmit+0x8c0/0x18e0 net/ipv4/ip_output.c:504 dccp_transmit_skb+0x9ac/0x10f0 net/dccp/output.c:142 dccp_connect+0x369/0x670 net/dccp/output.c:564 dccp_v4_connect+0xc8f/0x1750 net/dccp/ipv4.c:126 __inet_stream_connect+0x2d4/0xf00 net/ipv4/af_inet.c:620 inet_stream_connect+0x58/0xa0 net/ipv4/af_inet.c:684 SYSC_connect+0x213/0x4a0 net/socket.c:1611 SyS_connect+0x24/0x30 net/socket.c:1592 entry_SYSCALL_64_fastpath+0x23/0x9a to a SOFTIRQ-irq-unsafe lock: (cpu_hotplug_lock.rw_sem){++++} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 down_write+0x87/0x120 kernel/locking/rwsem.c:70 percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145 cpus_write_lock kernel/cpu.c:305 [inline] _cpu_up+0x60/0x510 kernel/cpu.c:990 do_cpu_up+0x73/0xa0 kernel/cpu.c:1066 cpu_up+0x18/0x20 kernel/cpu.c:1074 smp_init+0x13a/0x152 kernel/smp.c:578 kernel_init_freeable+0x2fe/0x521 init/main.c:1064 kernel_init+0x13/0x172 init/main.c:996 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 other info that might help us debug this: Chain exists of: slock-AF_INET6/1 --> &(&net->xfrm.xfrm_policy_lock)->rlock --> cpu_hotplug_lock.rw_sem Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(cpu_hotplug_lock.rw_sem); local_irq_disable(); lock(slock-AF_INET6/1); lock(&(&net->xfrm.xfrm_policy_lock)->rlock); lock(slock-AF_INET6/1); *** DEADLOCK *** 2 locks held by syz-executor1/28835: #0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000b4653762>] xfrm_netlink_rcv+0x60/0x90 net/xfrm/xfrm_user.c:2598 #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000d85d6fc9>] spin_lock_bh include/linux/spinlock.h:315 [inline] #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+...}, at: [<00000000d85d6fc9>] xfrm_policy_flush+0x424/0x770 net/xfrm/xfrm_policy.c:951 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (slock-AF_INET6/1){+.-.} ops: 7998 { HARDIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 _raw_spin_lock_nested+0x28/0x40 kernel/locking/spinlock.c:354 sctp_close+0x454/0x9a0 net/sctp/socket.c:1596 inet_release+0xed/0x1c0 net/ipv4/af_inet.c:427 inet6_release+0x50/0x70 net/ipv6/af_inet6.c:432 sock_release+0x8d/0x1e0 net/socket.c:593 sock_close+0x16/0x20 net/socket.c:1121 __fput+0x327/0x7e0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x199/0x270 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x9bb/0x1ad0 kernel/exit.c:865 do_group_exit+0x149/0x400 kernel/exit.c:968 get_signal+0x73f/0x16c0 kernel/signal.c:2335 do_signal+0x90/0x1eb0 arch/x86/kernel/signal.c:809 exit_to_usermode_loop+0x214/0x310 arch/x86/entry/common.c:158 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x98/0x9a IN-SOFTIRQ-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 _raw_spin_lock_nested+0x28/0x40 kernel/locking/spinlock.c:354 __sk_receive_skb+0x3b6/0xc10 net/core/sock.c:504 dccp_v4_rcv+0xf5f/0x1c80 net/dccp/ipv4.c:874 ip_local_deliver_finish+0x2f1/0xc50 net/ipv4/ip_input.c:216 NF_HOOK include/linux/netfilter.h:250 [inline] ip_local_deliver+0x1ce/0x6e0 net/ipv4/ip_input.c:257 dst_input include/net/dst.h:449 [inline] ip_rcv_finish+0x953/0x1e30 net/ipv4/ip_input.c:397 NF_HOOK include/linux/netfilter.h:250 [inline] ip_rcv+0xc5a/0x1840 net/ipv4/ip_input.c:493 __netif_receive_skb_core+0x1a41/0x3460 net/core/dev.c:4499 __netif_receive_skb+0x2c/0x1b0 net/core/dev.c:4564 process_backlog+0x203/0x740 net/core/dev.c:5244 napi_poll net/core/dev.c:5642 [inline] net_rx_action+0x792/0x1910 net/core/dev.c:5708 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1115 do_softirq.part.21+0x14d/0x190 kernel/softirq.c:329 do_softirq kernel/softirq.c:177 [inline] __local_bh_enable_ip+0x1ee/0x230 kernel/softirq.c:182 local_bh_enable include/linux/bottom_half.h:32 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:727 [inline] ip_finish_output2+0x90e/0x14f0 net/ipv4/ip_output.c:231 ip_finish_output+0x864/0xd10 net/ipv4/ip_output.c:317 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip_output+0x1d2/0x860 net/ipv4/ip_output.c:405 dst_output include/net/dst.h:443 [inline] ip_local_out+0x95/0x160 net/ipv4/ip_output.c:124 ip_queue_xmit+0x8c0/0x18e0 net/ipv4/ip_output.c:504 dccp_transmit_skb+0x9ac/0x10f0 net/dccp/output.c:142 dccp_connect+0x369/0x670 net/dccp/output.c:564 dccp_v4_connect+0xc8f/0x1750 net/dccp/ipv4.c:126 __inet_stream_connect+0x2d4/0xf00 net/ipv4/af_inet.c:620 inet_stream_connect+0x58/0xa0 net/ipv4/af_inet.c:684 SYSC_connect+0x213/0x4a0 net/socket.c:1611 SyS_connect+0x24/0x30 net/socket.c:1592 entry_SYSCALL_64_fastpath+0x23/0x9a INITIAL USE at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 _raw_spin_lock_nested+0x28/0x40 kernel/locking/spinlock.c:354 sctp_close+0x454/0x9a0 net/sctp/socket.c:1596 inet_release+0xed/0x1c0 net/ipv4/af_inet.c:427 inet6_release+0x50/0x70 net/ipv6/af_inet6.c:432 sock_release+0x8d/0x1e0 net/socket.c:593 sock_close+0x16/0x20 net/socket.c:1121 __fput+0x327/0x7e0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x199/0x270 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x9bb/0x1ad0 kernel/exit.c:865 do_group_exit+0x149/0x400 kernel/exit.c:968 get_signal+0x73f/0x16c0 kernel/signal.c:2335 do_signal+0x90/0x1eb0 arch/x86/kernel/signal.c:809 exit_to_usermode_loop+0x214/0x310 arch/x86/entry/common.c:158 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x98/0x9a } ... key at: [<00000000e56c2b7d>] af_family_slock_keys+0x51/0x180 ... acquired at: __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_policy_delete+0x3e/0x90 net/xfrm/xfrm_policy.c:1247 xfrm_sk_free_policy include/net/xfrm.h:1261 [inline] sk_common_release+0x210/0x2f0 net/core/sock.c:3025 sctp_close+0x464/0x9a0 net/sctp/socket.c:1602 inet_release+0xed/0x1c0 net/ipv4/af_inet.c:427 inet6_release+0x50/0x70 net/ipv6/af_inet6.c:432 sock_release+0x8d/0x1e0 net/socket.c:593 sock_close+0x16/0x20 net/socket.c:1121 __fput+0x327/0x7e0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x199/0x270 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x9bb/0x1ad0 kernel/exit.c:865 do_group_exit+0x149/0x400 kernel/exit.c:968 get_signal+0x73f/0x16c0 kernel/signal.c:2335 do_signal+0x90/0x1eb0 arch/x86/kernel/signal.c:809 exit_to_usermode_loop+0x214/0x310 arch/x86/entry/common.c:158 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x98/0x9a -> (&(&net->xfrm.xfrm_policy_lock)->rlock){+...} ops: 1107 { HARDIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_migrate_policy_find net/xfrm/xfrm_policy.c:3090 [inline] xfrm_migrate+0x4d9/0x1780 net/xfrm/xfrm_policy.c:3240 xfrm_do_migrate+0x990/0xd30 net/xfrm/xfrm_user.c:2308 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a INITIAL USE at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_migrate_policy_find net/xfrm/xfrm_policy.c:3090 [inline] xfrm_migrate+0x4d9/0x1780 net/xfrm/xfrm_policy.c:3240 xfrm_do_migrate+0x990/0xd30 net/xfrm/xfrm_user.c:2308 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a } ... key at: [<00000000103e6c4b>] __key.66927+0x0/0x40 ... acquired at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 xfrm_flush_policy+0x153/0x440 net/xfrm/xfrm_user.c:2061 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (cpu_hotplug_lock.rw_sem){++++} ops: 2164 { HARDIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 down_write+0x87/0x120 kernel/locking/rwsem.c:70 percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145 cpus_write_lock kernel/cpu.c:305 [inline] _cpu_up+0x60/0x510 kernel/cpu.c:990 do_cpu_up+0x73/0xa0 kernel/cpu.c:1066 cpu_up+0x18/0x20 kernel/cpu.c:1074 smp_init+0x13a/0x152 kernel/smp.c:578 kernel_init_freeable+0x2fe/0x521 init/main.c:1064 kernel_init+0x13/0x172 init/main.c:996 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 HARDIRQ-ON-R at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] kmem_cache_create+0x26/0x2a0 mm/slab_common.c:440 debug_objects_mem_init+0xda/0x910 lib/debugobjects.c:1139 start_kernel+0x6dd/0x819 init/main.c:671 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 SOFTIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 down_write+0x87/0x120 kernel/locking/rwsem.c:70 percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145 cpus_write_lock kernel/cpu.c:305 [inline] _cpu_up+0x60/0x510 kernel/cpu.c:990 do_cpu_up+0x73/0xa0 kernel/cpu.c:1066 cpu_up+0x18/0x20 kernel/cpu.c:1074 smp_init+0x13a/0x152 kernel/smp.c:578 kernel_init_freeable+0x2fe/0x521 init/main.c:1064 kernel_init+0x13/0x172 init/main.c:996 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 SOFTIRQ-ON-R at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] kmem_cache_create+0x26/0x2a0 mm/slab_common.c:440 debug_objects_mem_init+0xda/0x910 lib/debugobjects.c:1139 start_kernel+0x6dd/0x819 init/main.c:671 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 INITIAL USE at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock kernel/cpu.c:293 [inline] __cpuhp_setup_state+0x60/0x140 kernel/cpu.c:1670 cpuhp_setup_state_nocalls include/linux/cpuhotplug.h:229 [inline] kvm_guest_init+0x1f3/0x20f arch/x86/kernel/kvm.c:528 setup_arch+0x17e8/0x1a02 arch/x86/kernel/setup.c:1266 start_kernel+0xcd/0x819 init/main.c:532 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 } ... key at: [<0000000050a2ae54>] cpu_hotplug_lock+0xd8/0x140 ... acquired at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 xfrm_flush_policy+0x153/0x440 net/xfrm/xfrm_user.c:2061 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a stack backtrace: CPU: 0 PID: 28835 Comm: syz-executor1 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_bad_irq_dependency kernel/locking/lockdep.c:1565 [inline] check_usage+0xad0/0xb60 kernel/locking/lockdep.c:1597 check_irq_usage kernel/locking/lockdep.c:1653 [inline] check_prev_add_irq kernel/locking/lockdep_states.h:8 [inline] check_prev_add kernel/locking/lockdep.c:1863 [inline] check_prevs_add kernel/locking/lockdep.c:1971 [inline] validate_chain kernel/locking/lockdep.c:2412 [inline] __lock_acquire+0x2bd1/0x3e00 kernel/locking/lockdep.c:3426 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 xfrm_flush_policy+0x153/0x440 net/xfrm/xfrm_user.c:2061 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f11ff7e1c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000020007fc8 RDI: 0000000000000013 RBP: 00000000000003a3 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f37e8 R13: 00000000ffffffff R14: 00007f11ff7e26d4 R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 29406 Comm: syz-executor7 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 alloc_inode+0x128/0x180 fs/inode.c:210 new_inode_pseudo+0x69/0x190 fs/inode.c:890 get_pipe_inode fs/pipe.c:699 [inline] create_pipe_files+0x9a/0x930 fs/pipe.c:740 __do_pipe_flags+0x35/0x220 fs/pipe.c:797 SYSC_pipe2 fs/pipe.c:845 [inline] SyS_pipe2 fs/pipe.c:839 [inline] SYSC_pipe fs/pipe.c:863 [inline] SyS_pipe+0x8d/0x2e0 fs/pipe.c:861 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f49a8d72c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000016 RAX: ffffffffffffffda RBX: 00007f49a8d72aa0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020aa6ff8 RBP: 00007f49a8d72a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007f49a8d72bc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 29430 Comm: syz-executor7 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 kmem_cache_zalloc include/linux/slab.h:678 [inline] inode_alloc_security security/selinux/hooks.c:234 [inline] selinux_inode_alloc_security+0xf9/0x390 security/selinux/hooks.c:2885 security_inode_alloc+0x90/0xd0 security/security.c:437 inode_init_always+0x653/0xca0 fs/inode.c:167 alloc_inode+0x82/0x180 fs/inode.c:215 new_inode_pseudo+0x69/0x190 fs/inode.c:890 get_pipe_inode fs/pipe.c:699 [inline] create_pipe_files+0x9a/0x930 fs/pipe.c:740 __do_pipe_flags+0x35/0x220 fs/pipe.c:797 SYSC_pipe2 fs/pipe.c:845 [inline] SyS_pipe2 fs/pipe.c:839 [inline] SYSC_pipe fs/pipe.c:863 [inline] SyS_pipe+0x8d/0x2e0 fs/pipe.c:861 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f49a8d72c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000016 RAX: ffffffffffffffda RBX: 00007f49a8d72aa0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020aa6ff8 RBP: 00007f49a8d72a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007f49a8d72bc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 29454 Comm: syz-executor7 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3608 kmalloc include/linux/slab.h:499 [inline] kzalloc include/linux/slab.h:688 [inline] alloc_pipe_info+0xb1/0x350 fs/pipe.c:628 get_pipe_inode fs/pipe.c:707 [inline] create_pipe_files+0xda/0x930 fs/pipe.c:740 __do_pipe_flags+0x35/0x220 fs/pipe.c:797 SYSC_pipe2 fs/pipe.c:845 [inline] SyS_pipe2 fs/pipe.c:839 [inline] SYSC_pipe fs/pipe.c:863 [inline] SyS_pipe+0x8d/0x2e0 fs/pipe.c:861 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f49a8d72c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000016 RAX: ffffffffffffffda RBX: 00007f49a8d72aa0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020aa6ff8 RBP: 00007f49a8d72a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007f49a8d72bc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 29482 Comm: syz-executor7 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] __do_kmalloc mm/slab.c:3706 [inline] __kmalloc+0x63/0x760 mm/slab.c:3717 kmalloc_array include/linux/slab.h:618 [inline] kcalloc include/linux/slab.h:629 [inline] alloc_pipe_info+0x135/0x350 fs/pipe.c:645 get_pipe_inode fs/pipe.c:707 [inline] create_pipe_files+0xda/0x930 fs/pipe.c:740 __do_pipe_flags+0x35/0x220 fs/pipe.c:797 SYSC_pipe2 fs/pipe.c:845 [inline] SyS_pipe2 fs/pipe.c:839 [inline] SYSC_pipe fs/pipe.c:863 [inline] SyS_pipe+0x8d/0x2e0 fs/pipe.c:861 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f49a8d72c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000016 RAX: ffffffffffffffda RBX: 00007f49a8d72aa0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020aa6ff8 RBP: 00007f49a8d72a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007f49a8d72bc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 29558 Comm: syz-executor1 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 kmem_cache_zalloc include/linux/slab.h:678 [inline] alloc_mm_slot mm/khugepaged.c:369 [inline] __khugepaged_enter+0xbd/0x540 mm/khugepaged.c:405 khugepaged_enter include/linux/khugepaged.h:54 [inline] do_huge_pmd_anonymous_page+0x10d9/0x1b00 mm/huge_memory.c:680 create_huge_pmd mm/memory.c:3828 [inline] __handle_mm_fault+0x1a0c/0x3ce0 mm/memory.c:4032 handle_mm_fault+0x334/0x8d0 mm/memory.c:4098 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1429 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1225 RIP: 0033:0x40180b RSP: 002b:00007f11ff7e1b90 EFLAGS: 00010246 RAX: 0000000020000000 RBX: 000000000000004e RCX: 0000000000000000 RDX: b5cf47289ff2ee66 RSI: 0000000000000000 RDI: 00007f11ff7e2608 RBP: 0000000020eacfb2 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000004e R11: 0000000000000000 R12: 00000000006f68c0 R13: 0000000000000013 R14: 00007f11ff7e26d4 R15: ffffffffffffffff syz-executor1 invoked oom-killer: gfp_mask=0x0(), nodemask=(null), order=0, oom_score_adj=0 syz-executor1 cpuset=/ mems_allowed=0 CPU: 0 PID: 29558 Comm: syz-executor1 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 dump_header+0x28c/0xe1e mm/oom_kill.c:437 oom_kill_process+0x8b5/0x14a0 mm/oom_kill.c:865 out_of_memory+0x86d/0x1220 mm/oom_kill.c:1079 pagefault_out_of_memory+0x135/0x152 mm/oom_kill.c:1110 mm_fault_error+0xd6/0x2c0 arch/x86/mm/fault.c:1053 __do_page_fault+0xb4d/0xc90 arch/x86/mm/fault.c:1457 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1225 RIP: 0033:0x40180b RSP: 002b:00007f11ff7e1b90 EFLAGS: 00010246 RAX: 0000000020000000 RBX: 000000000000004e RCX: 0000000000000000 RDX: b5cf47289ff2ee66 RSI: 0000000000000000 RDI: 00007f11ff7e2608 RBP: 0000000020eacfb2 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000004e R11: 0000000000000000 R12: 00000000006f68c0 R13: 0000000000000013 R14: 00007f11ff7e26d4 R15: ffffffffffffffff Mem-Info: active_anon:31646 inactive_anon:61 isolated_anon:0 active_file:3804 inactive_file:8049 isolated_file:0 unevictable:0 dirty:103 writeback:0 unstable:0 slab_reclaimable:9359 slab_unreclaimable:86173 mapped:23420 shmem:68 pagetables:656 bounce:0 free:1457846 free_pcp:424 free_cma:0 Node 0 active_anon:126584kB inactive_anon:244kB active_file:15216kB inactive_file:32196kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:93680kB dirty:412kB writeback:0kB shmem:272kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 43008kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2874 6386 6386 Node 0 DMA32 free:2945688kB min:30348kB low:37932kB high:45516kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2946452kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:764kB local_pcp:44kB free_cma:0kB lowmem_reserve[]: 0 0 3511 3511 Node 0 Normal free:2869788kB min:37068kB low:46332kB high:55596kB active_anon:126584kB inactive_anon:244kB active_file:15216kB inactive_file:32196kB unevictable:0kB writepending:412kB present:4718592kB managed:3596136kB mlocked:0kB kernel_stack:4544kB pagetables:2624kB bounce:0kB free_pcp:932kB local_pcp:520kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 4*4kB (M) 3*8kB (M) 3*16kB (M) 2*32kB (M) 4*64kB (M) 4*128kB (M) 3*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2945688kB Node 0 Normal: 499*4kB (UME) 1300*8kB (UME) 767*16kB (UM) 438*32kB (UM) 262*64kB (UM) 89*128kB (UM) 27*256kB (UME) 3*512kB (UM) 7*1024kB (UE) 11*2048kB (UME) 675*4096kB (UM) = 2869788kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11920 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 326355 pages reserved Unreclaimable slab info: Name Used Total pid_2 504KB 516KB hashtab_node 118KB 119KB ebitmap_node 2224KB 2504KB avtab_node 1012KB 1013KB TIPC 92KB 186KB RDS 40KB 101KB rds_connection 4KB 8KB SCTPv6 616KB 648KB SCTP 467KB 467KB sctp_chunk 77KB 138KB sctp_bind_bucket 8KB 11KB tw_sock_DCCPv6 4KB 7KB DCCPv6 102KB 102KB DCCP 47KB 74KB ccid2_hc_tx_sock 19KB 41KB ccid2_hc_rx_sock 0KB 3KB dccp_ackvec 0KB 7KB dccp_bind_bucket 8KB 36KB KCM 117KB 172KB kcm_psock_cache 22KB 45KB kcm_mux_cache 52KB 90KB xfrm6_tunnel_spi 0KB 4KB ip6-frags 3KB 7KB fib6_nodes 20KB 28KB ip6_dst_cache 120KB 131KB ip6_mrt_cache 5KB 12KB PINGv6 65KB 84KB RAWv6 399KB 429KB UDPLITEv6 24KB 24KB UDPv6 318KB 346KB tw_sock_TCPv6 1KB 3KB TCPv6 78KB 78KB sd_ext_cdb 0KB 3KB scsi_sense_cache 7KB 8KB virtio_scsi_cmd 16KB 16KB sgpool-128 8KB 8KB sgpool-64 4KB 6KB sgpool-32 2KB 7KB sgpool-16 3KB 3KB sgpool-8 10KB 11KB cfq_io_cq 3KB 19KB cfq_queue 2KB 15KB mqueue_inode_cache 12KB 14KB nfs_commit_data 3KB 7KB nfs_write_data 34KB 37KB jbd2_inode 2KB 7KB ext4_system_zone 0KB 3KB bio-1 1KB 3KB fasync_cache 0KB 4KB pid_namespace 3KB 7KB rpc_buffers 17KB 19KB rpc_tasks 2KB 3KB UNIX 462KB 511KB ip4-frags 1KB 3KB ip_mrt_cache 1KB 4KB tcp_bind_bucket 14KB 20KB inet_peer_cache 6KB 8KB secpath_cache 0KB 4KB xfrm_dst_cache 1KB 4KB ip_fib_trie 4KB 7KB ip_fib_alias 8KB 11KB ip_dst_cache 40KB 60KB PING 58KB 86KB RAW 247KB 337KB UDP 306KB 312KB TCP 76KB 102KB hugetlbfs_inode_cache 12KB 31KB eventpoll_pwq 6KB 15KB eventpoll_epi 12KB 27KB inotify_inode_mark 3KB 7KB request_queue 31KB 39KB blkdev_ioc 4KB 19KB bio-0 29KB 30KB biovec-(1<<(21-12)) 552KB 552KB bio_integrity_payload 0KB 4KB khugepaged_mm_slot 56KB 62KB user_namespace 5KB 7KB dmaengine-unmap-2 0KB 3KB skbuff_fclone_cache 727KB 813KB skbuff_head_cache 1462KB 1747KB configfs_dir_cache 0KB 4KB file_lock_cache 0KB 3KB file_lock_ctx 0KB 3KB fsnotify_mark_connector 2KB 3KB net_namespace 57KB 57KB shmem_inode_cache 2781KB 2781KB task_delay_info 862KB 885KB taskstats 547KB 547KB sigqueue 1811KB 1811KB kernfs_node_cache 6024KB 6051KB mnt_cache 64KB 76KB filp 8790KB 9461KB names_cache 83746KB 83746KB avc_node 47KB 55KB selinux_file_security 450KB 476KB selinux_inode_security 2314KB 2352KB key_jar 3KB 7KB nsproxy 4KB 7KB vm_area_struct 17662KB 17703KB mm_struct 3157KB 3914KB fs_cache 516KB 516KB files_cache 1893KB 1893KB signal_cache 3011KB 3011KB sighand_cache 339KB 339KB task_struct 28695KB 28695KB cred_jar 1617KB 2296KB anon_vma_chain 4638KB 5256KB anon_vma 212KB 315KB pid 125KB 252KB Acpi-Operand 106KB 166KB Acpi-Namespace 19KB 23KB numa_policy 0KB 3KB debug_objects_cache 441KB 446KB trace_event_file 145KB 147KB ftrace_event_field 257KB 259KB pool_workqueue 38KB 40KB page->ptl 3265KB 3265KB kmalloc-4194304 0KB 4096KB kmalloc-524288 0KB 514KB kmalloc-262144 1548KB 1548KB kmalloc-131072 1040KB 1430KB kmalloc-65536 396KB 396KB kmalloc-32768 825KB 825KB kmalloc-16384 660KB 709KB kmalloc-8192 2202KB 2260KB kmalloc-4096 10136KB 10174KB kmalloc-2048 10312KB 10442KB kmalloc-1024 3524KB 3756KB kmalloc-512 3273KB 3431KB kmalloc-256 2181KB 2445KB kmalloc-128 1464KB 1464KB kmalloc-96 980KB 980KB kmalloc-64 2133KB 2296KB kmalloc-32 2097KB 2228KB kmalloc-192 542KB 556KB kmem_cache 103KB 105KB [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 1772] 0 1772 5366 635 86016 0 -1000 udevd [ 3189] 0 3189 2493 810 57344 0 0 dhclient [ 3338] 0 3338 14298 789 118784 0 0 rsyslogd [ 3393] 0 3393 4725 502 81920 0 0 cron [ 3411] 0 3411 3735 44 65536 0 0 mcstransd [ 3413] 0 3413 12927 1508 131072 0 0 restorecond [ 3439] 0 3439 12490 836 135168 0 -1000 sshd [ 3463] 0 3463 3694 460 77824 0 0 getty [ 3464] 0 3464 3694 469 69632 0 0 getty [ 3465] 0 3465 3694 466 73728 0 0 getty [ 3466] 0 3466 3694 463 73728 0 0 getty [ 3467] 0 3467 3694 473 73728 0 0 getty [ 3468] 0 3468 3694 470 77824 0 0 getty [ 3469] 0 3469 3649 421 77824 0 0 getty [ 3488] 0 3488 17821 1386 180224 0 0 sshd [ 3490] 0 3490 80787 31701 413696 0 0 syz-fuzzer [ 3531] 0 3531 7297 230 65536 0 0 syz-executor0 [ 3532] 0 3532 7297 231 69632 0 0 syz-executor7 [ 3533] 0 3533 7297 230 65536 0 0 syz-executor1 [ 3534] 0 3534 7297 230 69632 0 0 syz-executor2 [ 3536] 0 3536 7297 230 65536 0 0 syz-executor3 [ 3538] 0 3538 7297 231 65536 0 0 syz-executor4 [ 3540] 0 3540 7297 230 65536 0 0 syz-executor5 [ 3544] 0 3544 5365 586 81920 0 -1000 udevd [ 3547] 0 3547 7297 230 69632 0 0 syz-executor6 [ 3567] 0 3567 5365 295 81920 0 -1000 udevd [ 3719] 0 3719 7297 2268 73728 0 0 syz-executor3 [ 3720] 0 3720 7297 2268 73728 0 0 syz-executor0 [ 3723] 0 3723 7297 2269 77824 0 0 syz-executor7 [ 3724] 0 3724 7297 2268 73728 0 0 syz-executor1 [ 3726] 0 3726 7297 2269 73728 0 0 syz-executor4 [ 3730] 0 3730 7297 2268 77824 0 0 syz-executor2 [ 3732] 0 3732 7297 2268 73728 0 0 syz-executor5 [ 3733] 0 3733 7297 2268 77824 0 0 syz-executor6 [29532] 0 29532 11376 2122 81920 0 0 syz-executor7 [29544] 0 29544 7330 2077 73728 0 0 syz-executor4 [29545] 0 29545 7330 2076 73728 0 0 syz-executor3 [29546] 0 29546 7330 2076 73728 0 0 syz-executor0 [29547] 0 29547 7330 2076 73728 0 0 syz-executor5 [29548] 0 29548 7330 2076 77824 0 0 syz-executor2 [29553] 0 29553 11087 2076 77824 0 0 syz-executor1 Out of memory: Kill process 3490 (syz-fuzzer) score 18 or sacrifice child Killed process 3532 (syz-executor7) total-vm:29188kB, anon-rss:60kB, file-rss:864kB, shmem-rss:0kB oom_reaper: reaped process 3532 (syz-executor7), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 29566 Comm: syz-executor1 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 ptlock_alloc+0x24/0x70 mm/memory.c:4686 ptlock_init include/linux/mm.h:1790 [inline] pgtable_page_ctor include/linux/mm.h:1824 [inline] pte_alloc_one+0x59/0x100 arch/x86/mm/pgtable.c:32 do_huge_pmd_anonymous_page+0xc23/0x1b00 mm/huge_memory.c:689 create_huge_pmd mm/memory.c:3828 [inline] __handle_mm_fault+0x1a0c/0x3ce0 mm/memory.c:4032 handle_mm_fault+0x334/0x8d0 mm/memory.c:4098 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1429 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1225 RIP: 0033:0x40180b RSP: 002b:00007f11ff7e1b90 EFLAGS: 00010246 RAX: 0000000020000000 RBX: 000000000000004e RCX: 0000000000000000 RDX: b5cf47289ff2ee66 RSI: 0000000000000000 RDI: 00007f11ff7e2608 RBP: 0000000020eacfb2 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000004e R11: 0000000000000000 R12: 00000000006f68c0 R13: 0000000000000013 R14: 00007f11ff7e26d4 R15: ffffffffffffffff syz-executor1 invoked oom-killer: gfp_mask=0x0(), nodemask=(null), order=0, oom_score_adj=0 syz-executor1 cpuset=/ mems_allowed=0 CPU: 0 PID: 29566 Comm: syz-executor1 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 dump_header+0x28c/0xe1e mm/oom_kill.c:437 oom_kill_process+0x8b5/0x14a0 mm/oom_kill.c:865 out_of_memory+0x86d/0x1220 mm/oom_kill.c:1079 pagefault_out_of_memory+0x135/0x152 mm/oom_kill.c:1110 mm_fault_error+0xd6/0x2c0 arch/x86/mm/fault.c:1053 __do_page_fault+0xb4d/0xc90 arch/x86/mm/fault.c:1457 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1225 RIP: 0033:0x40180b RSP: 002b:00007f11ff7e1b90 EFLAGS: 00010246 RAX: 0000000020000000 RBX: 000000000000004e RCX: 0000000000000000 RDX: b5cf47289ff2ee66 RSI: 0000000000000000 RDI: 00007f11ff7e2608 RBP: 0000000020eacfb2 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000004e R11: 0000000000000000 R12: 00000000006f68c0 R13: 0000000000000013 R14: 00007f11ff7e26d4 R15: ffffffffffffffff Mem-Info: active_anon:31542 inactive_anon:61 isolated_anon:0 active_file:3804 inactive_file:8049 isolated_file:0 unevictable:0 dirty:103 writeback:0 unstable:0 slab_reclaimable:9359 slab_unreclaimable:86248 mapped:21395 shmem:68 pagetables:582 bounce:0 free:1458061 free_pcp:422 free_cma:0 Node 0 active_anon:126168kB inactive_anon:244kB active_file:15216kB inactive_file:32196kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:85580kB dirty:412kB writeback:0kB shmem:272kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 43008kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2874 6386 6386 Node 0 DMA32 free:2945688kB min:30348kB low:37932kB high:45516kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2946452kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:764kB local_pcp:44kB free_cma:0kB lowmem_reserve[]: 0 0 3511 3511 Node 0 Normal free:2870648kB min:37068kB low:46332kB high:55596kB active_anon:126168kB inactive_anon:244kB active_file:15216kB inactive_file:32196kB unevictable:0kB writepending:412kB present:4718592kB managed:3596136kB mlocked:0kB kernel_stack:4256kB pagetables:2328kB bounce:0kB free_pcp:924kB local_pcp:512kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 4*4kB (M) 3*8kB (M) 3*16kB (M) 2*32kB (M) 4*64kB (M) 4*128kB (M) 3*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2945688kB Node 0 Normal: 645*4kB (UM) 1271*8kB (UME) 771*16kB (UME) 449*32kB (UME) 262*64kB (UM) 89*128kB (UM) 27*256kB (UME) 3*512kB (UM) 7*1024kB (UE) 11*2048kB (UME) 675*4096kB (UM) = 2870556kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11920 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 326355 pages reserved Unreclaimable slab info: Name Used Total pid_2 504KB 516KB hashtab_node 118KB 119KB ebitmap_node 2224KB 2504KB avtab_node 1012KB 1013KB TIPC 92KB 186KB RDS 40KB 101KB rds_connection 4KB 8KB SCTPv6 616KB 648KB SCTP 467KB 467KB sctp_chunk 77KB 138KB sctp_bind_bucket 8KB 11KB tw_sock_DCCPv6 4KB 7KB DCCPv6 102KB 102KB DCCP 47KB 74KB ccid2_hc_tx_sock 19KB 41KB ccid2_hc_rx_sock 0KB 3KB dccp_ackvec 0KB 7KB dccp_bind_bucket 8KB 36KB KCM 117KB 172KB kcm_psock_cache 22KB 45KB kcm_mux_cache 52KB 90KB xfrm6_tunnel_spi 0KB 4KB ip6-frags 3KB 7KB fib6_nodes 20KB 28KB ip6_dst_cache 120KB 131KB ip6_mrt_cache 5KB 12KB PINGv6 65KB 84KB RAWv6 399KB 429KB UDPLITEv6 24KB 24KB UDPv6 318KB 346KB tw_sock_TCPv6 1KB 3KB TCPv6 78KB 78KB sd_ext_cdb 0KB 3KB scsi_sense_cache 7KB 8KB virtio_scsi_cmd 16KB 16KB sgpool-128 8KB 8KB sgpool-64 4KB 6KB sgpool-32 2KB 7KB sgpool-16 3KB 3KB sgpool-8 10KB 11KB cfq_io_cq 3KB 19KB cfq_queue 2KB 15KB mqueue_inode_cache 12KB 14KB nfs_commit_data 3KB 7KB nfs_write_data 34KB 37KB jbd2_inode 2KB 7KB ext4_system_zone 0KB 3KB bio-1 1KB 3KB fasync_cache 0KB 4KB pid_namespace 3KB 7KB rpc_buffers 17KB 19KB rpc_tasks 2KB 3KB UNIX 462KB 511KB ip4-frags 1KB 3KB ip_mrt_cache 1KB 4KB tcp_bind_bucket 14KB 20KB inet_peer_cache 6KB 8KB secpath_cache 0KB 4KB xfrm_dst_cache 1KB 4KB ip_fib_trie 4KB 7KB ip_fib_alias 8KB 11KB ip_dst_cache 40KB 60KB PING 58KB 86KB RAW 247KB 337KB UDP 306KB 312KB TCP 76KB 102KB hugetlbfs_inode_cache 12KB 31KB eventpoll_pwq 6KB 15KB eventpoll_epi 12KB 27KB inotify_inode_mark 3KB 7KB request_queue 31KB 39KB blkdev_ioc 4KB 19KB bio-0 29KB 30KB biovec-(1<<(21-12)) 552KB 552KB bio_integrity_payload 0KB 4KB khugepaged_mm_slot 56KB 62KB user_namespace 5KB 7KB dmaengine-unmap-2 0KB 3KB skbuff_fclone_cache 727KB 813KB skbuff_head_cache 1462KB 1747KB configfs_dir_cache 0KB 4KB file_lock_cache 0KB 3KB file_lock_ctx 0KB 3KB fsnotify_mark_connector 2KB 3KB net_namespace 57KB 57KB shmem_inode_cache 2793KB 2793KB task_delay_info 862KB 885KB taskstats 547KB 547KB sigqueue 1815KB 1815KB kernfs_node_cache 6024KB 6051KB mnt_cache 64KB 76KB filp 8790KB 9461KB names_cache 83852KB 83852KB avc_node 47KB 55KB selinux_file_security 450KB 476KB selinux_inode_security 2314KB 2352KB key_jar 3KB 7KB nsproxy 4KB 7KB vm_area_struct 17683KB 17703KB mm_struct 3157KB 3914KB fs_cache 516KB 516KB files_cache 1893KB 1893KB signal_cache 3011KB 3011KB sighand_cache 339KB 339KB task_struct 28744KB 28744KB cred_jar 1617KB 2296KB anon_vma_chain 4638KB 5256KB anon_vma 212KB 315KB pid 125KB 252KB Acpi-Operand 106KB 166KB Acpi-Namespace 19KB 23KB numa_policy 0KB 3KB debug_objects_cache 441KB 446KB trace_event_file 145KB 147KB ftrace_event_field 257KB 259KB pool_workqueue 38KB 40KB page->ptl 3265KB 3265KB kmalloc-4194304 0KB 4096KB kmalloc-524288 0KB 514KB kmalloc-262144 1548KB 1548KB kmalloc-131072 1040KB 1430KB kmalloc-65536 396KB 396KB kmalloc-32768 825KB 825KB kmalloc-16384 660KB 709KB kmalloc-8192 2202KB 2260KB kmalloc-4096 10136KB 10174KB kmalloc-2048 10338KB 10442KB kmalloc-1024 3524KB 3756KB kmalloc-512 3273KB 3431KB kmalloc-256 2181KB 2445KB kmalloc-128 1464KB 1464KB kmalloc-96 980KB 980KB kmalloc-64 2133KB 2296KB kmalloc-32 2097KB 2228KB kmalloc-192 542KB 556KB kmem_cache 103KB 105KB [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 1772] 0 1772 5366 635 86016 0 -1000 udevd [ 3189] 0 3189 2493 810 57344 0 0 dhclient [ 3338] 0 3338 14298 789 118784 0 0 rsyslogd [ 3393] 0 3393 4725 502 81920 0 0 cron [ 3411] 0 3411 3735 44 65536 0 0 mcstransd [ 3413] 0 3413 12927 1508 131072 0 0 restorecond [ 3439] 0 3439 12490 836 135168 0 -1000 sshd [ 3463] 0 3463 3694 460 77824 0 0 getty [ 3464] 0 3464 3694 469 69632 0 0 getty [ 3465] 0 3465 3694 466 73728 0 0 getty [ 3466] 0 3466 3694 463 73728 0 0 getty [ 3467] 0 3467 3694 473 73728 0 0 getty [ 3468] 0 3468 3694 470 77824 0 0 getty [ 3469] 0 3469 3649 421 77824 0 0 getty [ 3488] 0 3488 17821 1386 180224 0 0 sshd [ 3490] 0 3490 80787 31701 413696 0 0 syz-fuzzer [ 3531] 0 3531 7297 230 65536 0 0 syz-executor0 [ 3533] 0 3533 7297 230 65536 0 0 syz-executor1 [ 3534] 0 3534 7297 230 69632 0 0 syz-executor2 [ 3536] 0 3536 7297 230 65536 0 0 syz-executor3 [ 3538] 0 3538 7297 231 65536 0 0 syz-executor4 [ 3540] 0 3540 7297 230 65536 0 0 syz-executor5 [ 3544] 0 3544 5365 586 81920 0 -1000 udevd [ 3547] 0 3547 7297 230 69632 0 0 syz-executor6 [ 3567] 0 3567 5365 295 81920 0 -1000 udevd [ 3719] 0 3719 7297 2268 73728 0 0 syz-executor3 [ 3720] 0 3720 7297 2268 73728 0 0 syz-executor0 [ 3724] 0 3724 7297 2268 73728 0 0 syz-executor1 [ 3726] 0 3726 7297 2269 73728 0 0 syz-executor4 [ 3730] 0 3730 7297 2268 77824 0 0 syz-executor2 [ 3732] 0 3732 7297 2268 73728 0 0 syz-executor5 [ 3733] 0 3733 7297 2268 77824 0 0 syz-executor6 [29549] 0 29544 7330 2192 73728 0 0 syz-executor4 [29548] 0 29548 11458 2076 77824 0 0 syz-executor2 [29565] 0 29565 11087 2076 77824 0 0 syz-executor1 Out of memory: Kill process 3490 (syz-fuzzer) score 18 or sacrifice child Killed process 3534 (syz-executor2) total-vm:29188kB, anon-rss:56kB, file-rss:864kB, shmem-rss:0kB oom_reaper: reaped process 3534 (syz-executor2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB CPU: 1 PID: 29549 Comm: syz-executor4 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 kmem_cache_zalloc include/linux/slab.h:678 [inline] ebitmap_cpy+0xce/0x260 security/selinux/ss/ebitmap.c:60 mls_context_cpy security/selinux/ss/context.h:51 [inline] mls_compute_sid+0x555/0x930 security/selinux/ss/mls.c:556 security_compute_sid+0x8df/0x18f0 security/selinux/ss/services.c:1724 security_transition_sid+0x75/0x90 security/selinux/ss/services.c:1763 socket_sockcreate_sid security/selinux/hooks.c:4335 [inline] selinux_socket_create+0x3cf/0x740 security/selinux/hooks.c:4368 security_socket_create+0x83/0xc0 security/security.c:1338 __sock_create+0xf7/0x850 net/socket.c:1212 sock_create net/socket.c:1297 [inline] SYSC_socket net/socket.c:1327 [inline] SyS_socket+0xeb/0x1d0 net/socket.c:1307 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fd0e97e0c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007fd0e97e0aa0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000000a RBP: 00007fd0e97e0a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007fd0e97e0bc8 R14: 00000000004b767a R15: 0000000000000000 audit: type=1400 audit(1515190934.850:99): avc: denied { sys_ptrace } for pid=29572 comm="ps" capability=19 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=cap_userns permissive=1