====================================================== WARNING: possible circular locking dependency detected 4.15.0-rc2-mm1+ #39 Not tainted ------------------------------------------------------ syz-executor4/8003 is trying to acquire lock: (&tty->ldisc_sem){++++}, at: [<000000007814ac74>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 but task is already holding lock: (&pipe->mutex/1){+.+.}, at: [<000000005c0451bf>] pipe_lock_nested fs/pipe.c:67 [inline] (&pipe->mutex/1){+.+.}, at: [<000000005c0451bf>] pipe_lock+0x56/0x70 fs/pipe.c:75 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #6 (&pipe->mutex/1){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 pipe_lock_nested fs/pipe.c:67 [inline] pipe_lock+0x56/0x70 fs/pipe.c:75 iter_file_splice_write+0x264/0xf30 fs/splice.c:699 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #5 (sb_writers){.+.+}: spin_lock include/linux/spinlock.h:315 [inline] d_alloc+0xdd/0x340 fs/dcache.c:1688 __lookup_hash+0x58/0x190 fs/namei.c:1527 filename_create+0x1c7/0x520 fs/namei.c:3644 kern_path_create+0x33/0x40 fs/namei.c:3684 handle_create+0xc0/0x760 drivers/base/devtmpfs.c:203 -> #4 ((completion)&req.done){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 complete_acquire include/linux/completion.h:40 [inline] __wait_for_common kernel/sched/completion.c:109 [inline] wait_for_common kernel/sched/completion.c:123 [inline] wait_for_completion+0xcb/0x7b0 kernel/sched/completion.c:144 devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115 device_add+0x120f/0x1640 drivers/base/core.c:1824 device_register+0x1d/0x20 drivers/base/core.c:1905 tty_register_device_attr+0x422/0x740 drivers/tty/tty_io.c:2956 tty_port_register_device_attr_serdev+0x100/0x140 drivers/tty/tty_port.c:166 uart_add_one_port+0xa7a/0x15a0 drivers/tty/serial/serial_core.c:2783 serial8250_register_8250_port+0xfac/0x1990 drivers/tty/serial/8250/8250_core.c:1045 serial_pnp_probe+0x5e7/0xac0 drivers/tty/serial/8250/8250_pnp.c:480 pnp_device_probe+0x15f/0x250 drivers/pnp/driver.c:109 really_probe drivers/base/dd.c:424 [inline] driver_probe_device+0x71b/0xae0 drivers/base/dd.c:566 __driver_attach+0x181/0x1c0 drivers/base/dd.c:800 bus_for_each_dev+0x154/0x1e0 drivers/base/bus.c:313 driver_attach+0x3d/0x50 drivers/base/dd.c:819 bus_add_driver+0x466/0x620 drivers/base/bus.c:669 driver_register+0x1bf/0x3c0 drivers/base/driver.c:168 pnp_register_driver+0x75/0xa0 drivers/pnp/driver.c:272 serial8250_pnp_init+0x15/0x20 drivers/tty/serial/8250/8250_pnp.c:537 serial8250_init+0x8f/0x270 drivers/tty/serial/8250/8250_core.c:1122 do_one_initcall+0x9e/0x330 init/main.c:833 do_initcall_level init/main.c:899 [inline] do_initcalls init/main.c:907 [inline] do_basic_setup init/main.c:925 [inline] kernel_init_freeable+0x469/0x521 init/main.c:1073 kernel_init+0x13/0x172 init/main.c:1000 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524 -> #3 (&port->mutex){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 uart_set_termios+0x8f/0x5b0 drivers/tty/serial/serial_core.c:1416 tty_set_termios+0x6d4/0xa40 drivers/tty/tty_ioctl.c:334 set_termios+0x377/0x6b0 drivers/tty/tty_ioctl.c:414 tty_mode_ioctl+0x9fb/0xb10 drivers/tty/tty_ioctl.c:749 n_tty_ioctl_helper+0x40/0x360 drivers/tty/tty_ioctl.c:940 n_tty_ioctl+0x148/0x2d0 drivers/tty/n_tty.c:2435 tty_ioctl+0x32e/0x1600 drivers/tty/tty_io.c:2638 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:686 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #2 (&tty->termios_rwsem){++++}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 down_write+0x87/0x120 kernel/locking/rwsem.c:70 n_tty_flush_buffer+0x21/0x320 drivers/tty/n_tty.c:357 tty_buffer_flush+0x29a/0x390 drivers/tty/tty_buffer.c:233 tty_ldisc_flush+0x25/0x70 drivers/tty/tty_ldisc.c:418 tty_port_close_start.part.4+0x1cd/0x4e0 drivers/tty/tty_port.c:603 tty_port_close_start drivers/tty/tty_port.c:646 [inline] tty_port_close+0x3f/0x80 drivers/tty/tty_port.c:640 uart_close+0x77/0x1d0 drivers/tty/serial/serial_core.c:1487 tty_release+0x446/0x14c0 drivers/tty/tty_io.c:1639 __fput+0x333/0x7f0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x199/0x270 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x275/0x2f0 arch/x86/entry/common.c:165 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x94/0x96 -> #1 (&buf->lock){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 tty_buffer_flush+0xbd/0x390 drivers/tty/tty_buffer.c:222 tty_ldisc_flush+0x25/0x70 drivers/tty/tty_ldisc.c:418 tty_port_close_start.part.4+0x1cd/0x4e0 drivers/tty/tty_port.c:603 tty_port_close_start drivers/tty/tty_port.c:646 [inline] tty_port_close+0x3f/0x80 drivers/tty/tty_port.c:640 uart_close+0x77/0x1d0 drivers/tty/serial/serial_core.c:1487 tty_release+0x446/0x14c0 drivers/tty/tty_io.c:1639 __fput+0x333/0x7f0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x199/0x270 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x275/0x2f0 arch/x86/entry/common.c:165 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x94/0x96 -> #0 (&tty->ldisc_sem){++++}: check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __ldsem_down_read_nested+0xd1/0xa90 drivers/tty/tty_ldsem.c:325 ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:277 tty_read+0xf8/0x250 drivers/tty/tty_io.c:852 do_loop_readv_writev fs/read_write.c:673 [inline] do_iter_read+0x3db/0x5b0 fs/read_write.c:897 vfs_readv+0x121/0x1c0 fs/read_write.c:959 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x508/0xae0 fs/splice.c:416 do_splice_to+0x110/0x170 fs/splice.c:880 do_splice fs/splice.c:1173 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x11a8/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 other info that might help us debug this: Chain exists of: &tty->ldisc_sem --> sb_writers --> &pipe->mutex/1 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&pipe->mutex/1); lock(sb_writers); lock(&pipe->mutex/1); lock(&tty->ldisc_sem); *** DEADLOCK *** 1 lock held by syz-executor4/8003: #0: (&pipe->mutex/1){+.+.}, at: [<000000005c0451bf>] pipe_lock_nested fs/pipe.c:67 [inline] #0: (&pipe->mutex/1){+.+.}, at: [<000000005c0451bf>] pipe_lock+0x56/0x70 fs/pipe.c:75 stack backtrace: CPU: 1 PID: 8003 Comm: syz-executor4 Not tainted 4.15.0-rc2-mm1+ #39 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug+0x42d/0x610 kernel/locking/lockdep.c:1271 check_prev_add+0x666/0x15f0 kernel/locking/lockdep.c:1914 check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __ldsem_down_read_nested+0xd1/0xa90 drivers/tty/tty_ldsem.c:325 ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 tty_ldisc_ref_wait+0x25/0x80 drivers/tty/tty_ldisc.c:277 tty_read+0xf8/0x250 drivers/tty/tty_io.c:852 do_loop_readv_writev fs/read_write.c:673 [inline] do_iter_read+0x3db/0x5b0 fs/read_write.c:897 vfs_readv+0x121/0x1c0 fs/read_write.c:959 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x508/0xae0 fs/splice.c:416 do_splice_to+0x110/0x170 fs/splice.c:880 do_splice fs/splice.c:1173 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x11a8/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a39 RSP: 002b:00007f61862fdc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000113 RAX: ffffffffffffffda RBX: 00000000007580d8 RCX: 0000000000452a39 RDX: 0000000000000017 RSI: 0000000000000000 RDI: 0000000000000014 RBP: 00000000000001ee R08: 0000000000000200 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f0ef0 R13: 00000000ffffffff R14: 00007f61862fe6d4 R15: 0000000000000002 nla_parse: 27 callbacks suppressed netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. device gre0 entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. device syz4 entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. QAT: Invalid ioctl QAT: Invalid ioctl device lo left promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl audit: type=1326 audit(1513207062.184:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8154 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x7ffc0000 audit: type=1326 audit(1513207062.185:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8154 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452a39 code=0x7ffc0000 audit: type=1326 audit(1513207062.187:1120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8154 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x7ffc0000 audit: type=1326 audit(1513207062.187:1121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8154 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=2 compat=0 ip=0x452a39 code=0x7ffc0000 audit: type=1326 audit(1513207062.187:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8154 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x7ffc0000 audit: type=1326 audit(1513207062.187:1123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8154 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=16 compat=0 ip=0x452a39 code=0x7ffc0000 audit: type=1326 audit(1513207062.187:1124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8154 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x7ffc0000 audit: type=1326 audit(1513207062.187:1125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8154 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=2 compat=0 ip=0x40cd71 code=0x7ffc0000 audit: type=1326 audit(1513207062.187:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8154 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a39 code=0x7ffc0000 audit: type=1326 audit(1513207062.187:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8154 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=1 compat=0 ip=0x452a39 code=0x7ffc0000 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode sock: sock_set_timeout: `syz-executor3' (pid 8325) tries to set negative timeout device lo entered promiscuous mode device lo left promiscuous mode sock: sock_set_timeout: `syz-executor3' (pid 8325) tries to set negative timeout device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=33186 sclass=netlink_route_socket pig=8612 comm=syz-executor3 device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=11808 sclass=netlink_route_socket pig=8779 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=11808 sclass=netlink_route_socket pig=8783 comm=syz-executor3 device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 8855 Comm: syz-executor0 Not tainted 4.15.0-rc2-mm1+ #39 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:425 [inline] slab_alloc mm/slab.c:3372 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3546 ptlock_alloc+0x24/0x70 mm/memory.c:4681 ptlock_init include/linux/mm.h:1790 [inline] pgtable_page_ctor include/linux/mm.h:1824 [inline] pte_alloc_one+0x59/0x100 arch/x86/mm/pgtable.c:32 do_huge_pmd_anonymous_page+0xc23/0x1b00 mm/huge_memory.c:689 create_huge_pmd mm/memory.c:3823 [inline] __handle_mm_fault+0x1b68/0x3dd0 mm/memory.c:4027 handle_mm_fault+0x38f/0x930 mm/memory.c:4093 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1429 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1243 RIP: 0033:0x401819 RSP: 002b:00007f6b8e336b90 EFLAGS: 00010246 RAX: 0000000020000000 RBX: 000000000000006e RCX: 0000000000000000 RDX: 9fc804af69fb6a62 RSI: 0000000000000000 RDI: 00007f6b8e337608 RBP: 0000000020a04f1a R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000006e R11: 0000000000000000 R12: 00000000006f66c8 R13: 0000000000000013 R14: 00007f6b8e3376d4 R15: ffffffffffffffff syz-executor0 invoked oom-killer: gfp_mask=0x0(), nodemask=(null), order=0, oom_score_adj=0 syz-executor0 cpuset=/ mems_allowed=0 CPU: 0 PID: 8855 Comm: syz-executor0 Not tainted 4.15.0-rc2-mm1+ #39 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 dump_header+0x28c/0xe2b mm/oom_kill.c:437 oom_kill_process+0x81b/0x9f0 mm/oom_kill.c:951 out_of_memory+0x9d5/0x1790 mm/oom_kill.c:1140 pagefault_out_of_memory+0x128/0x145 mm/oom_kill.c:1176 mm_fault_error+0xd6/0x2c0 arch/x86/mm/fault.c:1053 __do_page_fault+0xb4d/0xc90 arch/x86/mm/fault.c:1457 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1243 RIP: 0033:0x401819 RSP: 002b:00007f6b8e336b90 EFLAGS: 00010246 RAX: 0000000020000000 RBX: 000000000000006e RCX: 0000000000000000 RDX: 9fc804af69fb6a62 RSI: 0000000000000000 RDI: 00007f6b8e337608 RBP: 0000000020a04f1a R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000006e R11: 0000000000000000 R12: 00000000006f66c8 R13: 0000000000000013 R14: 00007f6b8e3376d4 R15: ffffffffffffffff Mem-Info: active_anon:132934 inactive_anon:150 isolated_anon:0 active_file:3767 inactive_file:9399 isolated_file:0 unevictable:0 dirty:220 writeback:0 unstable:0 slab_reclaimable:8488 slab_unreclaimable:91338 mapped:23061 shmem:186 pagetables:958 bounce:0 free:1357576 free_pcp:371 free_cma:0 Node 0 active_anon:531736kB inactive_anon:600kB active_file:15068kB inactive_file:37596kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:92244kB dirty:880kB writeback:0kB shmem:744kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 30720kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2878 6389 6389 Node 0 DMA32 free:2949052kB min:30372kB low:37964kB high:45556kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2949852kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:800kB local_pcp:644kB free_cma:0kB lowmem_reserve[]: 0 0 3510 3510 Node 0 Normal free:2465344kB min:37044kB low:46304kB high:55564kB active_anon:531736kB inactive_anon:600kB active_file:15068kB inactive_file:37596kB unevictable:0kB writepending:880kB present:4718592kB managed:3594972kB mlocked:0kB kernel_stack:4544kB pagetables:3832kB bounce:0kB free_pcp:684kB local_pcp:208kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 5*4kB (UM) 3*8kB (UM) 3*16kB (M) 3*32kB (UM) 2*64kB (M) 3*128kB (M) 5*256kB (UM) 4*512kB (UM) 2*1024kB (UM) 3*2048kB (UM) 717*4096kB (M) = 2949052kB Node 0 Normal: 1034*4kB (UE) 105*8kB (UME) 16*16kB (UME) 1266*32kB (UM) 990*64kB (UME) 368*128kB (UM) 222*256kB (UM) 51*512kB (UME) 26*1024kB (UM) 8*2048kB (UME) 533*4096kB (UM) = 2465328kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 13351 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 325796 pages reserved [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 1599] 0 1599 5366 618 90112 0 -1000 udevd [ 2861] 0 2861 2493 798 57344 0 0 dhclient [ 2992] 0 2992 14294 790 114688 0 0 rsyslogd [ 3043] 0 3043 4725 501 86016 0 0 cron [ 3061] 0 3061 3736 45 65536 0 0 mcstransd [ 3067] 0 3067 12927 1537 131072 0 0 restorecond [ 3094] 0 3094 12490 828 139264 0 -1000 sshd [ 3118] 0 3118 3694 471 77824 0 0 getty [ 3119] 0 3119 3694 471 77824 0 0 getty [ 3120] 0 3120 3694 467 77824 0 0 getty [ 3121] 0 3121 3694 473 77824 0 0 getty [ 3122] 0 3122 3694 471 73728 0 0 getty [ 3123] 0 3123 3694 462 73728 0 0 getty [ 3124] 0 3124 3649 444 73728 0 0 getty [ 3142] 0 3142 17821 1343 188416 0 0 sshd [ 3144] 0 3144 214685 117353 1445888 0 0 syz-fuzzer [ 3191] 0 3191 7361 231 69632 0 0 syz-executor0 [ 3192] 0 3192 7361 232 65536 0 0 syz-executor5 [ 3193] 0 3193 7361 231 65536 0 0 syz-executor2 [ 3194] 0 3194 7361 230 65536 0 0 syz-executor6 [ 3195] 0 3195 7361 231 69632 0 0 syz-executor3 [ 3198] 0 3198 7361 231 69632 0 0 syz-executor4 [ 3199] 0 3199 7361 231 65536 0 0 syz-executor1 [ 3200] 0 3200 7361 231 61440 0 0 syz-executor7 [ 3219] 0 3219 5365 599 86016 0 -1000 udevd [ 3223] 0 3223 5365 568 86016 0 -1000 udevd [ 3357] 0 3357 7361 2272 77824 0 0 syz-executor0 [ 3381] 0 3381 7361 2271 73728 0 0 syz-executor5 [ 3384] 0 3384 7361 2270 73728 0 0 syz-executor2 [ 3385] 0 3385 7361 2272 73728 0 0 syz-executor6 [ 3390] 0 3390 7361 2273 73728 0 0 syz-executor1 [ 3391] 0 3391 7361 2270 77824 0 0 syz-executor3 [ 3402] 0 3402 7361 2270 69632 0 0 syz-executor7 [ 3404] 0 3404 7361 2272 77824 0 0 syz-executor4 [ 8833] 0 8833 1576 410 61440 0 0 modprobe [ 8834] 0 8834 11522 4681 102400 0 0 syz-executor3 [ 8835] 0 8835 11489 4640 94208 0 0 syz-executor6 [ 8836] 0 8836 11522 4174 94208 0 0 syz-executor1 [ 8839] 0 8839 11489 4639 94208 0 0 syz-executor5 [ 8841] 0 8841 1050 115 53248 0 0 sh [ 8849] 0 8849 11522 2080 77824 0 0 syz-executor4 [ 8854] 0 8854 11489 2592 81920 0 0 syz-executor0 [ 8856] 0 8856 7361 2078 57344 0 0 syz-executor7 Out of memory: Kill process 3144 (syz-fuzzer) score 69 or sacrifice child Killed process 3191 (syz-executor0) total-vm:29444kB, anon-rss:60kB, file-rss:864kB, shmem-rss:0kB SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8895 comm=syz-executor7 device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 8927 Comm: syz-executor0 Not tainted 4.15.0-rc2-mm1+ #39 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:425 [inline] slab_alloc mm/slab.c:3372 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3546 ptlock_alloc+0x24/0x70 mm/memory.c:4681 ptlock_init include/linux/mm.h:1790 [inline] pgtable_page_ctor include/linux/mm.h:1824 [inline] pte_alloc_one+0x59/0x100 arch/x86/mm/pgtable.c:32 do_huge_pmd_anonymous_page+0xc23/0x1b00 mm/huge_memory.c:689 create_huge_pmd mm/memory.c:3823 [inline] __handle_mm_fault+0x1b68/0x3dd0 mm/memory.c:4027 handle_mm_fault+0x38f/0x930 mm/memory.c:4093 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1429 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1243 RIP: 0033:0x401819 RSP: 002b:00007f2721582b90 EFLAGS: 00010246 RAX: 0000000020000000 RBX: 000000000000006e RCX: 0000000000000000 RDX: 6dc0bde329e4d5ab RSI: 0000000000000000 RDI: 00007f2721583608 RBP: 0000000020a04f1a R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000006e R11: 0000000000000000 R12: 00000000006f66c8 R13: 0000000000000013 R14: 00007f27215836d4 R15: ffffffffffffffff oom_reaper: reaped process 8927 (syz-executor0), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB SELinux: unrecognized netlink message: protocol=0 nlmsg_type=34674 sclass=netlink_route_socket pig=8944 comm=syz-executor3 device lo entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=34674 sclass=netlink_route_socket pig=8944 comm=syz-executor3 device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode nla_parse: 46 callbacks suppressed netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. device lo entered promiscuous mode device lo left promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. device lo entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. device lo left promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. device lo entered promiscuous mode device lo left promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. device lo left promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 device lo entered promiscuous mode device lo left promiscuous mode CPU: 0 PID: 9289 Comm: syz-executor2 Not tainted 4.15.0-rc2-mm1+ #39 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:425 [inline] slab_alloc mm/slab.c:3372 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3546 getname_flags+0xcb/0x580 fs/namei.c:138 SYSC_execveat fs/exec.c:1940 [inline] SyS_execveat+0x38/0x60 fs/exec.c:1932 do_syscall_64+0x26c/0x920 arch/x86/entry/common.c:285 entry_SYSCALL64_slow_path+0x25/0x25 RIP: 0033:0x452a39 RSP: 002b:00007fc1aa287c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000142 RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452a39 RDX: 0000000020003000 RSI: 0000000020ff7000 RDI: 0000000000000014 RBP: 0000000000000067 R08: 0000000000001000 R09: 0000000000000000 R10: 0000000020d4dff8 R11: 0000000000000212 R12: 00000000006eea48 R13: 0000000000000015 R14: 00007fc1aa2886d4 R15: ffffffffffffffff device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 9441 Comm: syz-executor1 Not tainted 4.15.0-rc2-mm1+ #39 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:425 [inline] slab_alloc mm/slab.c:3372 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3546 ep_insert+0x25c/0x1b50 fs/eventpoll.c:1424 SYSC_epoll_ctl fs/eventpoll.c:2102 [inline] SyS_epoll_ctl+0x129b/0x1a60 fs/eventpoll.c:1988 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a39 RSP: 002b:00007ffab9178c58 EFLAGS: 00000212 ORIG_RAX: 00000000000000e9 RAX: ffffffffffffffda RBX: 00007ffab9178aa0 RCX: 0000000000452a39 RDX: 0000000000000014 RSI: 0000000000000001 RDI: 0000000000000015 RBP: 00007ffab9178a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000020578ff4 R11: 0000000000000212 R12: 00000000004b75fb R13: 00007ffab9178bc8 R14: 00000000004b75fb R15: 0000000000000000 device lo entered promiscuous mode device lo left promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 9474 Comm: syz-executor1 Not tainted 4.15.0-rc2-mm1+ #39 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 device lo entered promiscuous mode Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149