slab_reclaimable:15915 slab_unreclaimable:133590 mapped:59477 shmem:7640 pagetables:26426 bounce:0 free:471190 free_pcp:86 free_cma:0 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. ============================= WARNING: suspicious RCU usage 4.14.184-syzkaller #0 Not tainted ----------------------------- net/sched/act_sample.c:95 suspicious rcu_dereference_protected() usage! Node 0 active_anon:1935544kB inactive_anon:16252kB active_file:48kB inactive_file:14748kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221264kB dirty:12kB writeback:0kB shmem:22112kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1298432kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 1 active_anon:1424976kB inactive_anon:8420kB active_file:18420kB inactive_file:64324kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16644kB dirty:884kB writeback:0kB shmem:8448kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no other info that might help us debug this: Node 0 DMA free:10436kB min:220kB low:272kB high:324kB active_anon:2692kB inactive_anon:0kB active_file:40kB inactive_file:76kB unevictable:0kB writepending:4kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) syz-executor.0 cpuset=/ mems_allowed=0-1 CPU: 0 PID: 30298 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x283 lib/dump_stack.c:58 warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3249 __alloc_pages_slowpath mm/page_alloc.c:4096 [inline] __alloc_pages_nodemask+0x2129/0x2730 mm/page_alloc.c:4199 lowmem_reserve[]: alloc_pages_current+0xe7/0x1e0 mm/mempolicy.c:2113 alloc_pages include/linux/gfp.h:520 [inline] alloc_mmu_pages arch/x86/kvm/mmu.c:5142 [inline] kvm_mmu_create+0xd1/0x1c0 arch/x86/kvm/mmu.c:5160 kvm_arch_vcpu_init+0x282/0x890 arch/x86/kvm/x86.c:8306 kvm_vcpu_init+0x26d/0x360 arch/x86/kvm/../../../virt/kvm/kvm_main.c:320 vmx_create_vcpu+0xf5/0x2950 arch/x86/kvm/vmx.c:10039 0 2559 kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2549 [inline] kvm_vm_ioctl+0x4ae/0x1430 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3057 2559 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684 2559 2559 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x45cb29 RSP: 002b:00007fe2c8908c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00000000004e7ee0 RCX: 000000000045cb29 RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000003a2 R14: 00000000004c64a3 R15: 00007fe2c89096d4 rcu_scheduler_active = 2, debug_locks = 1 Node 0 1 lock held by syz-executor.2/30305: #0: (rtnl_mutex){+.+.}, at: [] rtnl_lock net/core/rtnetlink.c:72 [inline] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4310 stack backtrace: CPU: 0 PID: 30305 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 DMA32 free:42320kB min:36296kB low:45368kB high:54440kB active_anon:1932852kB inactive_anon:16252kB active_file:8kB inactive_file:236kB unevictable:0kB writepending:8kB present:3129332kB managed:2623992kB mlocked:0kB kernel_stack:11712kB pagetables:30160kB bounce:0kB free_pcp:664kB local_pcp:664kB free_cma:0kB Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x283 lib/dump_stack.c:58 tcf_sample_init+0x71c/0x8c0 net/sched/act_sample.c:95 tcf_action_init_1+0x51a/0x9f0 net/sched/act_api.c:682 lowmem_reserve[]: tcf_action_init+0x26d/0x400 net/sched/act_api.c:751 0 0 tcf_exts_validate+0x2d7/0x490 net/sched/cls_api.c:926 0 basic_set_parms net/sched/cls_basic.c:154 [inline] basic_change+0x3ef/0xf00 net/sched/cls_basic.c:222 tc_ctl_tfilter+0xf13/0x18e7 net/sched/cls_api.c:738 0 rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4315 0 netlink_rcv_skb+0x127/0x370 net/netlink/af_netlink.c:2433 netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline] netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313 netlink_sendmsg+0x64a/0xbb0 net/netlink/af_netlink.c:1878 Node 0 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xb5/0x100 net/socket.c:656 ___sys_sendmsg+0x349/0x840 net/socket.c:2062 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB __sys_sendmmsg+0x129/0x330 net/socket.c:2152 lowmem_reserve[]: 0 SYSC_sendmmsg net/socket.c:2183 [inline] SyS_sendmmsg+0x2f/0x50 net/socket.c:2178 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 0 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x45cb29 RSP: 002b:00007faa64a8cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00000000004fd760 RCX: 000000000045cb29 RDX: 010efe10675dec16 RSI: 0000000020000200 RDI: 0000000000000003 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000904 R14: 00000000004cbe1c R15: 00007faa64a8d6d4 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 0 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 0 0 Node 1 Normal free:1871736kB min:53592kB low:66988kB high:80384kB active_anon:1395980kB inactive_anon:8420kB active_file:18572kB inactive_file:64700kB unevictable:0kB writepending:172kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:27264kB pagetables:75456kB bounce:0kB free_pcp:680kB local_pcp:348kB free_cma:0kB netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 69*4kB (UME) 63*8kB (UMEH) 12*16kB (UEH) 2*32kB (H) 2*64kB (ME) 1*128kB (E) 0*256kB 2*512kB (UE) 2*1024kB (ME) 3*2048kB (UME) 0*4096kB = 10508kB Node 0 DMA32: 715*4kB (UME) 386*8kB (ME) 899*16kB (UME) 500*32kB (UME) 21*64kB (UM) 17*128kB (M) 3*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 41644kB Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB Node 1 Normal: 11*4kB (UM) 417*8kB (U) 126*16kB (UME) 388*32kB (UME) 156*64kB (UME) 69*128kB (UME) 35*256kB (UME) 9*512kB (UME) 4*1024kB (UM) 5*2048kB (UM) 440*4096kB (UM) = 1866772kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 17473 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 338456 pages reserved 0 pages cma reserved netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. nla_parse: 1 callbacks suppressed netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. audit: type=1804 audit(1593732568.130:76): pid=30712 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir685217924/syzkaller.9j0pg1/1262/bus" dev="sda1" ino=17112 res=1 overlayfs: failed to resolve './file1': -2 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. overlayfs: failed to resolve './file0gِoNMѫ': -2 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. audit: type=1804 audit(1593732568.750:77): pid=30732 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir685217924/syzkaller.9j0pg1/1262/bus" dev="sda1" ino=17112 res=1 audit: type=1804 audit(1593732568.880:78): pid=30795 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir685217924/syzkaller.9j0pg1/1262/bus" dev="sda1" ino=17112 res=1 device gretap0 entered promiscuous mode device macvtap1 entered promiscuous mode netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. device macvtap2 entered promiscuous mode