BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:34 in_atomic(): 1, irqs_disabled(): 0, pid: 28181, name: syz-executor6 2 locks held by syz-executor6/28181: #0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<000000008fb1466c>] xfrm_netlink_rcv+0x60/0x90 net/xfrm/xfrm_user.c:2598 #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<000000007d0385c6>] spin_lock_bh include/linux/spinlock.h:315 [inline] #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<000000007d0385c6>] xfrm_policy_flush+0x424/0x770 net/xfrm/xfrm_policy.c:951 CPU: 1 PID: 28181 Comm: syz-executor6 Not tainted 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6060 __might_sleep+0x95/0x190 kernel/sched/core.c:6013 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:34 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x1c/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 xfrm_flush_policy+0x153/0x440 net/xfrm/xfrm_user.c:2061 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fa3bbb8ac58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000020012808 RDI: 0000000000000013 RBP: 0000000000000583 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f64e8 R13: 00000000ffffffff R14: 00007fa3bbb8b6d4 R15: 0000000000000000 ===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 4.15.0-rc5+ #177 Tainted: G W ----------------------------------------------------- syz-executor6/28181 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: (cpu_hotplug_lock.rw_sem){++++}, at: [<00000000cafeb5d0>] get_online_cpus include/linux/cpu.h:117 [inline] (cpu_hotplug_lock.rw_sem){++++}, at: [<00000000cafeb5d0>] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 and this task is already holding: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<000000007d0385c6>] spin_lock_bh include/linux/spinlock.h:315 [inline] (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<000000007d0385c6>] xfrm_policy_flush+0x424/0x770 net/xfrm/xfrm_policy.c:951 which would create a new lock dependency: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.} -> (cpu_hotplug_lock.rw_sem){++++} but this new dependency connects a SOFTIRQ-irq-safe lock: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.} ... which became SOFTIRQ-irq-safe at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_policy_delete+0x3e/0x90 net/xfrm/xfrm_policy.c:1247 xfrm_policy_timer+0x305/0x580 net/xfrm/xfrm_policy.c:247 call_timer_fn+0x228/0x820 kernel/time/timer.c:1320 expire_timers kernel/time/timer.c:1357 [inline] __run_timers+0x7ee/0xb70 kernel/time/timer.c:1660 run_timer_softirq+0x4c/0xb0 kernel/time/timer.c:1686 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:540 [inline] smp_apic_timer_interrupt+0x16b/0x700 arch/x86/kernel/apic/apic.c:1052 apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:904 arch_local_irq_restore arch/x86/include/asm/paravirt.h:777 [inline] lock_acquire+0x256/0x580 kernel/locking/lockdep.c:3917 rcu_lock_acquire include/linux/rcupdate.h:244 [inline] rcu_read_lock include/linux/rcupdate.h:631 [inline] lock_page_memcg+0x8f/0x3b0 mm/memcontrol.c:1650 page_remove_file_rmap mm/rmap.c:1213 [inline] page_remove_rmap+0x393/0xcb0 mm/rmap.c:1298 zap_pte_range mm/memory.c:1334 [inline] zap_pmd_range mm/memory.c:1438 [inline] zap_pud_range mm/memory.c:1467 [inline] zap_p4d_range mm/memory.c:1488 [inline] unmap_page_range+0xfc3/0x22e0 mm/memory.c:1509 unmap_single_vma+0x15f/0x2d0 mm/memory.c:1554 unmap_vmas+0xf1/0x1b0 mm/memory.c:1584 exit_mmap+0x232/0x4f0 mm/mmap.c:3020 __mmput kernel/fork.c:923 [inline] mmput+0x223/0x6d0 kernel/fork.c:944 exit_mm kernel/exit.c:544 [inline] do_exit+0x90a/0x1ad0 kernel/exit.c:852 do_group_exit+0x149/0x400 kernel/exit.c:968 get_signal+0x73f/0x16c0 kernel/signal.c:2335 do_signal+0x90/0x1eb0 arch/x86/kernel/signal.c:809 exit_to_usermode_loop+0x214/0x310 arch/x86/entry/common.c:158 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x98/0x9a to a SOFTIRQ-irq-unsafe lock: (cpu_hotplug_lock.rw_sem){++++} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 down_write+0x87/0x120 kernel/locking/rwsem.c:70 percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145 cpus_write_lock kernel/cpu.c:305 [inline] _cpu_up+0x60/0x510 kernel/cpu.c:990 do_cpu_up+0x73/0xa0 kernel/cpu.c:1066 cpu_up+0x18/0x20 kernel/cpu.c:1074 smp_init+0x13a/0x152 kernel/smp.c:578 kernel_init_freeable+0x2fe/0x521 init/main.c:1064 kernel_init+0x13/0x172 init/main.c:996 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(cpu_hotplug_lock.rw_sem); local_irq_disable(); lock(&(&net->xfrm.xfrm_policy_lock)->rlock); lock(cpu_hotplug_lock.rw_sem); lock(&(&net->xfrm.xfrm_policy_lock)->rlock); *** DEADLOCK *** 2 locks held by syz-executor6/28181: #0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<000000008fb1466c>] xfrm_netlink_rcv+0x60/0x90 net/xfrm/xfrm_user.c:2598 #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<000000007d0385c6>] spin_lock_bh include/linux/spinlock.h:315 [inline] #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<000000007d0385c6>] xfrm_policy_flush+0x424/0x770 net/xfrm/xfrm_policy.c:951 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.} ops: 939 { HARDIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_policy_walk+0x192/0xa30 net/xfrm/xfrm_policy.c:1000 gen_reqid net/key/af_key.c:1911 [inline] parse_ipsecrequest net/key/af_key.c:1942 [inline] parse_ipsecrequests+0x788/0xac0 net/key/af_key.c:1980 pfkey_compile_policy+0xa39/0xd60 net/key/af_key.c:3268 xfrm_user_policy+0x288/0x8c0 net/xfrm/xfrm_state.c:2069 do_ip_setsockopt.isra.12+0xfd9/0x3160 net/ipv4/ip_sockglue.c:1161 ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1248 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2872 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1821 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1800 entry_SYSCALL_64_fastpath+0x23/0x9a IN-SOFTIRQ-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_policy_delete+0x3e/0x90 net/xfrm/xfrm_policy.c:1247 xfrm_policy_timer+0x305/0x580 net/xfrm/xfrm_policy.c:247 call_timer_fn+0x228/0x820 kernel/time/timer.c:1320 expire_timers kernel/time/timer.c:1357 [inline] __run_timers+0x7ee/0xb70 kernel/time/timer.c:1660 run_timer_softirq+0x4c/0xb0 kernel/time/timer.c:1686 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:540 [inline] smp_apic_timer_interrupt+0x16b/0x700 arch/x86/kernel/apic/apic.c:1052 apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:904 arch_local_irq_restore arch/x86/include/asm/paravirt.h:777 [inline] lock_acquire+0x256/0x580 kernel/locking/lockdep.c:3917 rcu_lock_acquire include/linux/rcupdate.h:244 [inline] rcu_read_lock include/linux/rcupdate.h:631 [inline] lock_page_memcg+0x8f/0x3b0 mm/memcontrol.c:1650 page_remove_file_rmap mm/rmap.c:1213 [inline] page_remove_rmap+0x393/0xcb0 mm/rmap.c:1298 zap_pte_range mm/memory.c:1334 [inline] zap_pmd_range mm/memory.c:1438 [inline] zap_pud_range mm/memory.c:1467 [inline] zap_p4d_range mm/memory.c:1488 [inline] unmap_page_range+0xfc3/0x22e0 mm/memory.c:1509 unmap_single_vma+0x15f/0x2d0 mm/memory.c:1554 unmap_vmas+0xf1/0x1b0 mm/memory.c:1584 exit_mmap+0x232/0x4f0 mm/mmap.c:3020 __mmput kernel/fork.c:923 [inline] mmput+0x223/0x6d0 kernel/fork.c:944 exit_mm kernel/exit.c:544 [inline] do_exit+0x90a/0x1ad0 kernel/exit.c:852 do_group_exit+0x149/0x400 kernel/exit.c:968 get_signal+0x73f/0x16c0 kernel/signal.c:2335 do_signal+0x90/0x1eb0 arch/x86/kernel/signal.c:809 exit_to_usermode_loop+0x214/0x310 arch/x86/entry/common.c:158 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x98/0x9a INITIAL USE at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_policy_walk+0x192/0xa30 net/xfrm/xfrm_policy.c:1000 gen_reqid net/key/af_key.c:1911 [inline] parse_ipsecrequest net/key/af_key.c:1942 [inline] parse_ipsecrequests+0x788/0xac0 net/key/af_key.c:1980 pfkey_compile_policy+0xa39/0xd60 net/key/af_key.c:3268 xfrm_user_policy+0x288/0x8c0 net/xfrm/xfrm_state.c:2069 do_ip_setsockopt.isra.12+0xfd9/0x3160 net/ipv4/ip_sockglue.c:1161 ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1248 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2872 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1821 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1800 entry_SYSCALL_64_fastpath+0x23/0x9a } ... key at: [<000000004c907a31>] __key.66927+0x0/0x40 ... acquired at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 xfrm_flush_policy+0x153/0x440 net/xfrm/xfrm_user.c:2061 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (cpu_hotplug_lock.rw_sem){++++} ops: 1981 { HARDIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 down_write+0x87/0x120 kernel/locking/rwsem.c:70 percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145 cpus_write_lock kernel/cpu.c:305 [inline] _cpu_up+0x60/0x510 kernel/cpu.c:990 do_cpu_up+0x73/0xa0 kernel/cpu.c:1066 cpu_up+0x18/0x20 kernel/cpu.c:1074 smp_init+0x13a/0x152 kernel/smp.c:578 kernel_init_freeable+0x2fe/0x521 init/main.c:1064 kernel_init+0x13/0x172 init/main.c:996 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 HARDIRQ-ON-R at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] kmem_cache_create+0x26/0x2a0 mm/slab_common.c:440 debug_objects_mem_init+0xda/0x910 lib/debugobjects.c:1139 start_kernel+0x6dd/0x819 init/main.c:671 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 SOFTIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 down_write+0x87/0x120 kernel/locking/rwsem.c:70 percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145 cpus_write_lock kernel/cpu.c:305 [inline] _cpu_up+0x60/0x510 kernel/cpu.c:990 do_cpu_up+0x73/0xa0 kernel/cpu.c:1066 cpu_up+0x18/0x20 kernel/cpu.c:1074 smp_init+0x13a/0x152 kernel/smp.c:578 kernel_init_freeable+0x2fe/0x521 init/main.c:1064 kernel_init+0x13/0x172 init/main.c:996 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 SOFTIRQ-ON-R at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] kmem_cache_create+0x26/0x2a0 mm/slab_common.c:440 debug_objects_mem_init+0xda/0x910 lib/debugobjects.c:1139 start_kernel+0x6dd/0x819 init/main.c:671 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 INITIAL USE at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock kernel/cpu.c:293 [inline] __cpuhp_setup_state+0x60/0x140 kernel/cpu.c:1670 cpuhp_setup_state_nocalls include/linux/cpuhotplug.h:229 [inline] kvm_guest_init+0x1f3/0x20f arch/x86/kernel/kvm.c:528 setup_arch+0x17e8/0x1a02 arch/x86/kernel/setup.c:1266 start_kernel+0xcd/0x819 init/main.c:532 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 } ... key at: [<00000000018c07dd>] cpu_hotplug_lock+0xd8/0x140 ... acquired at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 xfrm_flush_policy+0x153/0x440 net/xfrm/xfrm_user.c:2061 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a stack backtrace: CPU: 1 PID: 28181 Comm: syz-executor6 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_bad_irq_dependency kernel/locking/lockdep.c:1565 [inline] check_usage+0xad0/0xb60 kernel/locking/lockdep.c:1597 check_irq_usage kernel/locking/lockdep.c:1653 [inline] check_prev_add_irq kernel/locking/lockdep_states.h:8 [inline] check_prev_add kernel/locking/lockdep.c:1863 [inline] check_prevs_add kernel/locking/lockdep.c:1971 [inline] validate_chain kernel/locking/lockdep.c:2412 [inline] __lock_acquire+0x2bd1/0x3e00 kernel/locking/lockdep.c:3426 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 xfrm_flush_policy+0x153/0x440 net/xfrm/xfrm_user.c:2061 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fa3bbb8ac58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000020012808 RDI: 0000000000000013 RBP: 0000000000000583 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f64e8 R13: 00000000ffffffff R14: 00007fa3bbb8b6d4 R15: 0000000000000000 device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 0 PID: 28680 Comm: syz-executor0 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 __build_skb+0x9d/0x450 net/core/skbuff.c:281 __napi_alloc_skb+0x173/0x2c0 net/core/skbuff.c:482 napi_alloc_skb include/linux/skbuff.h:2643 [inline] napi_get_frags+0x61/0x130 net/core/dev.c:5060 tun_napi_alloc_frags drivers/net/tun.c:1327 [inline] tun_get_user+0x1cd6/0x3930 drivers/net/tun.c:1668 tun_chr_write_iter+0xb9/0x160 drivers/net/tun.c:1836 call_write_iter include/linux/fs.h:1772 [inline] do_iter_readv_writev+0x525/0x7f0 fs/read_write.c:653 do_iter_write+0x154/0x540 fs/read_write.c:932 vfs_writev+0x18a/0x340 fs/read_write.c:977 do_writev+0xfc/0x2a0 fs/read_write.c:1012 SYSC_writev fs/read_write.c:1085 [inline] SyS_writev+0x27/0x30 fs/read_write.c:1082 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x4529a1 RSP: 002b:00007fba70bbab80 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007fba70bbaaa0 RCX: 00000000004529a1 RDX: 0000000000000001 RSI: 00007fba70bbabd0 RDI: 0000000000000012 RBP: 00007fba70bbaa90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000036 R11: 0000000000000293 R12: 00000000004b767a R13: 00007fba70bbabc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 28700 Comm: syz-executor0 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3608 kmalloc include/linux/slab.h:499 [inline] ip_setup_cork+0x508/0x680 net/ipv4/ip_output.c:1110 ip_append_data.part.46+0x12f/0x150 net/ipv4/ip_output.c:1163 ip_append_data+0x5a/0x80 net/ipv4/ip_output.c:1159 icmp_push_reply+0x169/0x4f0 net/ipv4/icmp.c:375 icmp_send+0x1136/0x19b0 net/ipv4/icmp.c:741 ip_local_deliver_finish+0x53a/0xc50 net/ipv4/ip_input.c:226 NF_HOOK include/linux/netfilter.h:250 [inline] ip_local_deliver+0x1ce/0x6e0 net/ipv4/ip_input.c:257 dst_input include/net/dst.h:449 [inline] ip_rcv_finish+0x953/0x1e30 net/ipv4/ip_input.c:397 NF_HOOK include/linux/netfilter.h:250 [inline] ip_rcv+0xc5a/0x1840 net/ipv4/ip_input.c:493 __netif_receive_skb_core+0x1a41/0x3460 net/core/dev.c:4499 __netif_receive_skb+0x2c/0x1b0 net/core/dev.c:4564 netif_receive_skb_internal+0x10b/0x670 net/core/dev.c:4638 napi_frags_finish net/core/dev.c:5079 [inline] napi_gro_frags+0x58a/0xaf0 net/core/dev.c:5152 tun_get_user+0x2758/0x3930 drivers/net/tun.c:1791 tun_chr_write_iter+0xb9/0x160 drivers/net/tun.c:1836 call_write_iter include/linux/fs.h:1772 [inline] do_iter_readv_writev+0x525/0x7f0 fs/read_write.c:653 do_iter_write+0x154/0x540 fs/read_write.c:932 vfs_writev+0x18a/0x340 fs/read_write.c:977 do_writev+0xfc/0x2a0 fs/read_write.c:1012 SYSC_writev fs/read_write.c:1085 [inline] SyS_writev+0x27/0x30 fs/read_write.c:1082 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x4529a1 RSP: 002b:00007fba70bbab80 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007fba70bbaaa0 RCX: 00000000004529a1 RDX: 0000000000000001 RSI: 00007fba70bbabd0 RDI: 0000000000000012 RBP: 00007fba70bbaa90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000036 R11: 0000000000000293 R12: 00000000004b767a R13: 00007fba70bbabc8 R14: 00000000004b767a R15: 0000000000000000 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2561 sclass=netlink_route_socket pig=28787 comm=syz-executor1 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 28800 Comm: syz-executor6 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] __do_kmalloc mm/slab.c:3706 [inline] __kmalloc_track_caller+0x5f/0x760 mm/slab.c:3723 memdup_user+0x2c/0x90 mm/util.c:164 xfrm_user_policy+0xf7/0x8c0 net/xfrm/xfrm_state.c:2062 do_ipv6_setsockopt.isra.9+0x2298/0x39a0 net/ipv6/ipv6_sockglue.c:810 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922 udpv6_setsockopt+0x45/0x80 net/ipv6/udp.c:1422 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1821 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1800 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fa3bbb8ac58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007fa3bbb8aaa0 RCX: 0000000000452ac9 RDX: 0000000000000023 RSI: 0000000000000029 RDI: 0000000000000013 RBP: 00007fa3bbb8aa90 R08: 00000000000000e8 R09: 0000000000000000 R10: 0000000020248000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007fa3bbb8abc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 28819 Comm: syz-executor6 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3608 kmalloc include/linux/slab.h:499 [inline] kzalloc include/linux/slab.h:688 [inline] xfrm_policy_alloc+0xc8/0x450 net/xfrm/xfrm_policy.c:260 xfrm_compile_policy+0x285/0x4f0 net/xfrm/xfrm_user.c:2925 xfrm_user_policy+0x288/0x8c0 net/xfrm/xfrm_state.c:2069 do_ipv6_setsockopt.isra.9+0x2298/0x39a0 net/ipv6/ipv6_sockglue.c:810 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922 udpv6_setsockopt+0x45/0x80 net/ipv6/udp.c:1422 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1821 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1800 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fa3bbb8ac58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007fa3bbb8aaa0 RCX: 0000000000452ac9 RDX: 0000000000000023 RSI: 0000000000000029 RDI: 0000000000000013 RBP: 00007fa3bbb8aa90 R08: 00000000000000e8 R09: 0000000000000000 R10: 0000000020248000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007fa3bbb8abc8 R14: 00000000004b767a R15: 0000000000000000 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2561 sclass=netlink_route_socket pig=28827 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2561 sclass=netlink_route_socket pig=28839 comm=syz-executor1 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 28880 Comm: syz-executor3 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3289 [inline] kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:983 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1180 [inline] netlink_sendmsg+0xa86/0xe60 net/netlink/af_netlink.c:1872 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f760398dc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f760398daa0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 0000000020a09fc8 RDI: 0000000000000013 RBP: 00007f760398da90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007f760398dbc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 28969 Comm: syz-executor5 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 __build_skb+0x9d/0x450 net/core/skbuff.c:281 __napi_alloc_skb+0x173/0x2c0 net/core/skbuff.c:482 napi_alloc_skb include/linux/skbuff.h:2643 [inline] napi_get_frags+0x61/0x130 net/core/dev.c:5060 tun_napi_alloc_frags drivers/net/tun.c:1327 [inline] tun_get_user+0x1cd6/0x3930 drivers/net/tun.c:1668 tun_chr_write_iter+0xb9/0x160 drivers/net/tun.c:1836 call_write_iter include/linux/fs.h:1772 [inline] do_iter_readv_writev+0x525/0x7f0 fs/read_write.c:653 do_iter_write+0x154/0x540 fs/read_write.c:932 vfs_writev+0x18a/0x340 fs/read_write.c:977 do_writev+0xfc/0x2a0 fs/read_write.c:1012 SYSC_writev fs/read_write.c:1085 [inline] SyS_writev+0x27/0x30 fs/read_write.c:1082 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x4529a1 RSP: 002b:00007f8f00465b80 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007f8f00465aa0 RCX: 00000000004529a1 RDX: 0000000000000001 RSI: 00007f8f00465bd0 RDI: 0000000000000012 RBP: 00007f8f00465a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000032 R11: 0000000000000293 R12: 00000000004b767a R13: 00007f8f00465bc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 28988 Comm: syz-executor5 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3608 kmalloc include/linux/slab.h:499 [inline] ip_setup_cork+0x508/0x680 net/ipv4/ip_output.c:1110 ip_append_data.part.46+0x12f/0x150 net/ipv4/ip_output.c:1163 ip_append_data+0x5a/0x80 net/ipv4/ip_output.c:1159 icmp_push_reply+0x169/0x4f0 net/ipv4/icmp.c:375 icmp_send+0x1136/0x19b0 net/ipv4/icmp.c:741 ip_local_deliver_finish+0x53a/0xc50 net/ipv4/ip_input.c:226 NF_HOOK include/linux/netfilter.h:250 [inline] ip_local_deliver+0x1ce/0x6e0 net/ipv4/ip_input.c:257 dst_input include/net/dst.h:449 [inline] ip_rcv_finish+0x953/0x1e30 net/ipv4/ip_input.c:397 NF_HOOK include/linux/netfilter.h:250 [inline] ip_rcv+0xc5a/0x1840 net/ipv4/ip_input.c:493 __netif_receive_skb_core+0x1a41/0x3460 net/core/dev.c:4499 __netif_receive_skb+0x2c/0x1b0 net/core/dev.c:4564 netif_receive_skb_internal+0x10b/0x670 net/core/dev.c:4638 napi_frags_finish net/core/dev.c:5079 [inline] napi_gro_frags+0x58a/0xaf0 net/core/dev.c:5152 tun_get_user+0x2758/0x3930 drivers/net/tun.c:1791 tun_chr_write_iter+0xb9/0x160 drivers/net/tun.c:1836 call_write_iter include/linux/fs.h:1772 [inline] do_iter_readv_writev+0x525/0x7f0 fs/read_write.c:653 do_iter_write+0x154/0x540 fs/read_write.c:932 vfs_writev+0x18a/0x340 fs/read_write.c:977 do_writev+0xfc/0x2a0 fs/read_write.c:1012 SYSC_writev fs/read_write.c:1085 [inline] SyS_writev+0x27/0x30 fs/read_write.c:1082 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x4529a1 RSP: 002b:00007f8f00465b80 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007f8f00465aa0 RCX: 00000000004529a1 RDX: 0000000000000001 RSI: 00007f8f00465bd0 RDI: 0000000000000012 RBP: 00007f8f00465a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000032 R11: 0000000000000293 R12: 00000000004b767a R13: 00007f8f00465bc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 29039 Comm: syz-executor7 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 __build_skb+0x9d/0x450 net/core/skbuff.c:281 __napi_alloc_skb+0x173/0x2c0 net/core/skbuff.c:482 napi_alloc_skb include/linux/skbuff.h:2643 [inline] napi_get_frags+0x61/0x130 net/core/dev.c:5060 tun_napi_alloc_frags drivers/net/tun.c:1327 [inline] tun_get_user+0x1cd6/0x3930 drivers/net/tun.c:1668 tun_chr_write_iter+0xb9/0x160 drivers/net/tun.c:1836 call_write_iter include/linux/fs.h:1772 [inline] do_iter_readv_writev+0x525/0x7f0 fs/read_write.c:653 do_iter_write+0x154/0x540 fs/read_write.c:932 vfs_writev+0x18a/0x340 fs/read_write.c:977 do_writev+0xfc/0x2a0 fs/read_write.c:1012 SYSC_writev fs/read_write.c:1085 [inline] SyS_writev+0x27/0x30 fs/read_write.c:1082 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x4529a1 RSP: 002b:00007ffbead80b80 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007ffbead80aa0 RCX: 00000000004529a1 RDX: 0000000000000001 RSI: 00007ffbead80bd0 RDI: 0000000000000012 RBP: 00007ffbead80a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000036 R11: 0000000000000293 R12: 00000000004b767a R13: 00007ffbead80bc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 29122 Comm: syz-executor7 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 anon_vma_alloc mm/rmap.c:81 [inline] __anon_vma_prepare+0x39d/0x6b0 mm/rmap.c:189 anon_vma_prepare include/linux/rmap.h:153 [inline] do_huge_pmd_anonymous_page+0x1127/0x1b00 mm/huge_memory.c:678 create_huge_pmd mm/memory.c:3828 [inline] __handle_mm_fault+0x1a0c/0x3ce0 mm/memory.c:4032 handle_mm_fault+0x334/0x8d0 mm/memory.c:4098 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1429 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1225 RIP: 0033:0x400ec1 RSP: 002b:00007ffbead5fb70 EFLAGS: 00010206 RAX: ffffffffffffffff RBX: 0000000000000036 RCX: 0000000000000000 RDX: 0000000020000000 RSI: 0000000000000036 RDI: 0000000020156000 RBP: 0000000020156000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000036 R11: 0000000000000000 R12: 0000000000000036 R13: 0000000000000013 R14: 00007ffbead606d4 R15: ffffffffffffffff syz-executor7 invoked oom-killer: gfp_mask=0x0(), nodemask=(null), order=0, oom_score_adj=0 syz-executor7 cpuset=/ mems_allowed=0 CPU: 0 PID: 29122 Comm: syz-executor7 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 dump_header+0x28c/0xe1e mm/oom_kill.c:437 oom_kill_process+0x8b5/0x14a0 mm/oom_kill.c:865 out_of_memory+0x86d/0x1220 mm/oom_kill.c:1079 pagefault_out_of_memory+0x135/0x152 mm/oom_kill.c:1110 mm_fault_error+0xd6/0x2c0 arch/x86/mm/fault.c:1053 __do_page_fault+0xb4d/0xc90 arch/x86/mm/fault.c:1457 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1225 RIP: 0033:0x400ec1 RSP: 002b:00007ffbead5fb70 EFLAGS: 00010206 RAX: ffffffffffffffff RBX: 0000000000000036 RCX: 0000000000000000 RDX: 0000000020000000 RSI: 0000000000000036 RDI: 0000000020156000 RBP: 0000000020156000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000036 R11: 0000000000000000 R12: 0000000000000036 R13: 0000000000000013 R14: 00007ffbead606d4 R15: ffffffffffffffff Mem-Info: active_anon:40082 inactive_anon:61 isolated_anon:0 active_file:3773 inactive_file:7727 isolated_file:0 unevictable:0 dirty:246 writeback:0 unstable:0 slab_reclaimable:9427 slab_unreclaimable:85927 mapped:23337 shmem:68 pagetables:607 bounce:0 free:1448720 free_pcp:537 free_cma:0 Node 0 active_anon:160328kB inactive_anon:244kB active_file:15092kB inactive_file:30908kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:93348kB dirty:984kB writeback:0kB shmem:272kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 116736kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2874 6386 6386 Node 0 DMA32 free:2945688kB min:30348kB low:37932kB high:45516kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2946452kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:764kB local_pcp:720kB free_cma:0kB lowmem_reserve[]: 0 0 3511 3511 Node 0 Normal free:2833484kB min:37068kB low:46332kB high:55596kB active_anon:160296kB inactive_anon:244kB active_file:15092kB inactive_file:30908kB unevictable:0kB writepending:988kB present:4718592kB managed:3596136kB mlocked:0kB kernel_stack:4096kB pagetables:2416kB bounce:0kB free_pcp:1388kB local_pcp:688kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 4*4kB (M) 3*8kB (M) 3*16kB (M) 2*32kB (M) 4*64kB (M) 4*128kB (M) 3*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2945688kB Node 0 Normal: 287*4kB (UME) 610*8kB (UME) 590*16kB (UME) 855*32kB (UME) 998*64kB (UM) 555*128kB (UM) 440*256kB (UM) 411*512kB (UM) 372*1024kB (UE) 19*2048kB (UME) 467*4096kB (UM) = 2833484kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11569 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 326355 pages reserved Unreclaimable slab info: Name Used Total topology_server 0KB 3KB pid_2 522KB 524KB hashtab_node 118KB 119KB ebitmap_node 2279KB 2516KB avtab_node 1012KB 1013KB TIPC 122KB 186KB RDS 62KB 109KB rds_connection 5KB 8KB SCTPv6 628KB 668KB SCTP 429KB 482KB sctp_chunk 72KB 165KB sctp_bind_bucket 12KB 15KB tw_sock_DCCPv6 2KB 7KB DCCPv6 51KB 80KB tw_sock_DCCP 0KB 3KB DCCP 54KB 87KB ccid2_hc_tx_sock 5KB 20KB ccid2_hc_rx_sock 0KB 3KB dccp_ackvec_record 0KB 3KB dccp_ackvec 0KB 7KB dccp_bind_bucket 7KB 16KB KCM 111KB 142KB kcm_psock_cache 16KB 37KB kcm_mux_cache 45KB 75KB bridge_fdb_cache 0KB 3KB ip6-frags 2KB 7KB fib6_nodes 17KB 28KB ip6_dst_cache 125KB 135KB ip6_mrt_cache 2KB 4KB PINGv6 58KB 91KB RAWv6 318KB 435KB UDPLITEv6 7KB 14KB UDPv6 360KB 360KB tw_sock_TCPv6 0KB 3KB TCPv6 67KB 67KB sd_ext_cdb 0KB 3KB scsi_sense_cache 12KB 12KB virtio_scsi_cmd 16KB 16KB sgpool-128 8KB 8KB sgpool-64 4KB 6KB sgpool-32 2KB 7KB sgpool-16 1KB 3KB sgpool-8 11KB 11KB cfq_io_cq 3KB 19KB cfq_queue 2KB 19KB mqueue_inode_cache 23KB 28KB nfs_commit_data 3KB 7KB nfs_write_data 34KB 37KB jbd2_inode 2KB 3KB ext4_system_zone 0KB 3KB bio-1 1KB 3KB fasync_cache 1KB 4KB pid_namespace 2KB 7KB rpc_buffers 17KB 19KB rpc_tasks 2KB 3KB UNIX 411KB 497KB ip4-frags 0KB 3KB ip_mrt_cache 0KB 4KB UDP-Lite 0KB 7KB tcp_bind_bucket 14KB 20KB inet_peer_cache 6KB 8KB secpath_cache 1KB 4KB xfrm_dst_cache 2KB 4KB ip_fib_trie 4KB 11KB ip_fib_alias 8KB 15KB ip_dst_cache 58KB 64KB PING 71KB 93KB RAW 323KB 359KB UDP 242KB 320KB TCP 94KB 110KB hugetlbfs_inode_cache 6KB 15KB eventpoll_pwq 9KB 19KB eventpoll_epi 17KB 27KB inotify_inode_mark 3KB 7KB request_queue 31KB 39KB blkdev_ioc 4KB 15KB bio-0 23KB 33KB biovec-(1<<(21-12)) 247KB 313KB bio_integrity_payload 0KB 4KB khugepaged_mm_slot 62KB 62KB user_namespace 5KB 7KB dmaengine-unmap-2 0KB 3KB skbuff_fclone_cache 780KB 828KB skbuff_head_cache 1747KB 1886KB configfs_dir_cache 0KB 4KB file_lock_cache 0KB 3KB file_lock_ctx 0KB 3KB fsnotify_mark_connector 2KB 3KB net_namespace 57KB 57KB shmem_inode_cache 2886KB 2886KB task_delay_info 887KB 889KB taskstats 585KB 585KB sigqueue 1911KB 1953KB kernfs_node_cache 5547KB 5567KB mnt_cache 76KB 84KB filp 8480KB 9360KB names_cache 81187KB 81187KB avc_node 46KB 51KB selinux_file_security 434KB 472KB selinux_inode_security 2333KB 2344KB key_jar 3KB 7KB nsproxy 2KB 11KB vm_area_struct 18003KB 18086KB mm_struct 3232KB 3953KB fs_cache 524KB 524KB files_cache 1938KB 1938KB signal_cache 3083KB 3083KB sighand_cache 360KB 360KB task_struct 29393KB 29393KB cred_jar 1576KB 2340KB anon_vma_chain 4768KB 5221KB anon_vma 229KB 331KB pid 113KB 260KB Acpi-Operand 106KB 166KB Acpi-Namespace 19KB 23KB numa_policy 0KB 3KB debug_objects_cache 438KB 438KB trace_event_file 145KB 147KB ftrace_event_field 257KB 259KB pool_workqueue 38KB 40KB page->ptl 3356KB 3356KB kmalloc-4194304 0KB 4096KB kmalloc-524288 2056KB 3598KB kmalloc-262144 1032KB 1032KB kmalloc-131072 1170KB 1300KB kmalloc-65536 264KB 264KB kmalloc-32768 726KB 792KB kmalloc-16384 577KB 676KB kmalloc-8192 1823KB 1856KB kmalloc-4096 9163KB 9201KB kmalloc-2048 10537KB 10537KB kmalloc-1024 3462KB 4024KB kmalloc-512 3280KB 3663KB kmalloc-256 2092KB 2460KB kmalloc-128 1395KB 1460KB kmalloc-96 1017KB 1120KB kmalloc-64 2096KB 2264KB kmalloc-32 2050KB 2185KB kmalloc-192 516KB 528KB kmem_cache 103KB 105KB [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 1772] 0 1772 5366 634 90112 0 -1000 udevd [ 3191] 0 3191 2493 795 61440 0 0 dhclient [ 3344] 0 3344 30637 2305 126976 0 0 rsyslogd [ 3395] 0 3395 4725 519 86016 0 0 cron [ 3405] 0 3405 3735 44 69632 0 0 mcstransd [ 3423] 0 3423 12927 1538 135168 0 0 restorecond [ 3445] 0 3445 12490 855 143360 0 -1000 sshd [ 3469] 0 3469 3694 468 73728 0 0 getty [ 3470] 0 3470 3694 465 73728 0 0 getty [ 3471] 0 3471 3694 445 73728 0 0 getty [ 3472] 0 3472 3694 445 73728 0 0 getty [ 3473] 0 3473 3694 465 77824 0 0 getty [ 3474] 0 3474 3694 446 73728 0 0 getty [ 3475] 0 3475 3649 436 73728 0 0 getty [ 3494] 0 3494 17821 1389 184320 0 0 sshd [ 3496] 0 3496 82307 40181 450560 0 0 syz-fuzzer [ 3537] 0 3537 7297 232 65536 0 0 syz-executor7 [ 3538] 0 3538 7297 231 69632 0 0 syz-executor1 [ 3539] 0 3539 7297 232 65536 0 0 syz-executor4 [ 3540] 0 3540 7297 231 65536 0 0 syz-executor0 [ 3542] 0 3542 7297 230 65536 0 0 syz-executor5 [ 3545] 0 3545 7297 231 65536 0 0 syz-executor6 [ 3548] 0 3548 7297 230 65536 0 0 syz-executor2 [ 3549] 0 3549 7297 231 69632 0 0 syz-executor3 [ 3575] 0 3575 5384 583 86016 0 -1000 udevd [ 3580] 0 3580 5365 294 86016 0 -1000 udevd [ 3715] 0 3715 7297 2270 73728 0 0 syz-executor4 [ 3724] 0 3724 7297 2269 77824 0 0 syz-executor1 [ 3731] 0 3731 7297 2270 73728 0 0 syz-executor7 [ 3736] 0 3736 7297 2268 73728 0 0 syz-executor2 [ 3737] 0 3737 7297 2269 73728 0 0 syz-executor6 [ 3738] 0 3738 7297 2269 77824 0 0 syz-executor3 [ 3739] 0 3739 7297 2269 73728 0 0 syz-executor0 [ 3740] 0 3740 7297 2268 73728 0 0 syz-executor5 [29122] 0 29089 11458 2250 73728 0 0 syz-executor7 Out of memory: Kill process 3496 (syz-fuzzer) score 23 or sacrifice child Killed process 3538 (syz-executor1) total-vm:29188kB, anon-rss:60kB, file-rss:864kB, shmem-rss:0kB oom_reaper: reaped process 3538 (syz-executor1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB audit: type=1400 audit(1515219339.429:93): avc: denied { sys_ptrace } for pid=29174 comm="ps" capability=19 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=cap_userns permissive=1