BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:34 in_atomic(): 1, irqs_disabled(): 0, pid: 2452, name: syz-executor0 2 locks held by syz-executor0/2452: #0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000689db3a9>] pfkey_sendmsg+0x4ce/0xa00 net/key/af_key.c:3647 #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<000000005418538f>] spin_lock_bh include/linux/spinlock.h:315 [inline] #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<000000005418538f>] xfrm_policy_flush+0x424/0x770 net/xfrm/xfrm_policy.c:951 CPU: 0 PID: 2452 Comm: syz-executor0 Not tainted 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6060 __might_sleep+0x95/0x190 kernel/sched/core.c:6013 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:34 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x1c/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 pfkey_spdflush+0x98/0x370 net/key/af_key.c:2750 pfkey_process+0x611/0x720 net/key/af_key.c:2809 pfkey_sendmsg+0x4dc/0xa00 net/key/af_key.c:3648 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f0c04686c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 000000002057f000 RDI: 0000000000000013 RBP: 0000000000000582 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f64d0 R13: 00000000ffffffff R14: 00007f0c046876d4 R15: 0000000000000000 ===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 4.15.0-rc5+ #177 Tainted: G W ----------------------------------------------------- syz-executor0/2452 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: (cpu_hotplug_lock.rw_sem){++++}, at: [<0000000057440625>] get_online_cpus include/linux/cpu.h:117 [inline] (cpu_hotplug_lock.rw_sem){++++}, at: [<0000000057440625>] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 and this task is already holding: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<000000005418538f>] spin_lock_bh include/linux/spinlock.h:315 [inline] (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<000000005418538f>] xfrm_policy_flush+0x424/0x770 net/xfrm/xfrm_policy.c:951 which would create a new lock dependency: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.} -> (cpu_hotplug_lock.rw_sem){++++} but this new dependency connects a SOFTIRQ-irq-safe lock: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.} ... which became SOFTIRQ-irq-safe at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_policy_delete+0x3e/0x90 net/xfrm/xfrm_policy.c:1247 xfrm_policy_timer+0x305/0x580 net/xfrm/xfrm_policy.c:247 call_timer_fn+0x228/0x820 kernel/time/timer.c:1320 expire_timers kernel/time/timer.c:1357 [inline] __run_timers+0x7ee/0xb70 kernel/time/timer.c:1660 run_timer_softirq+0x4c/0xb0 kernel/time/timer.c:1686 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:540 [inline] smp_apic_timer_interrupt+0x16b/0x700 arch/x86/kernel/apic/apic.c:1052 apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:904 arch_local_irq_restore arch/x86/include/asm/paravirt.h:777 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0x5e/0xba kernel/locking/spinlock.c:184 __debug_check_no_obj_freed lib/debugobjects.c:758 [inline] debug_check_no_obj_freed+0x3da/0xf1f lib/debugobjects.c:774 free_pages_prepare mm/page_alloc.c:1065 [inline] __free_pages_ok+0x765/0x31e0 mm/page_alloc.c:1259 free_compound_page+0x5e/0x70 mm/page_alloc.c:601 free_transhuge_page+0x2d2/0x430 mm/huge_memory.c:2740 __put_compound_page+0x87/0xb0 mm/swap.c:95 release_pages+0x64b/0x1230 mm/swap.c:788 free_pages_and_swap_cache+0x2ad/0x400 mm/swap_state.c:322 tlb_flush_mmu_free+0xb4/0x160 mm/memory.c:260 tlb_flush_mmu mm/memory.c:269 [inline] arch_tlb_finish_mmu+0x9d/0x130 mm/memory.c:284 tlb_finish_mmu+0x10f/0x190 mm/memory.c:427 unmap_region+0x35c/0x4f0 mm/mmap.c:2514 do_munmap+0x726/0xdf0 mm/mmap.c:2726 mmap_region+0x59e/0x15a0 mm/mmap.c:1646 do_mmap+0x6c0/0xe00 mm/mmap.c:1483 do_mmap_pgoff include/linux/mm.h:2217 [inline] vm_mmap_pgoff+0x1de/0x280 mm/util.c:333 SYSC_mmap_pgoff mm/mmap.c:1533 [inline] SyS_mmap_pgoff+0x23b/0x5f0 mm/mmap.c:1491 SYSC_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:91 entry_SYSCALL_64_fastpath+0x23/0x9a to a SOFTIRQ-irq-unsafe lock: (cpu_hotplug_lock.rw_sem){++++} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 down_write+0x87/0x120 kernel/locking/rwsem.c:70 percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145 cpus_write_lock kernel/cpu.c:305 [inline] _cpu_up+0x60/0x510 kernel/cpu.c:990 do_cpu_up+0x73/0xa0 kernel/cpu.c:1066 cpu_up+0x18/0x20 kernel/cpu.c:1074 smp_init+0x13a/0x152 kernel/smp.c:578 kernel_init_freeable+0x2fe/0x521 init/main.c:1064 kernel_init+0x13/0x172 init/main.c:996 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(cpu_hotplug_lock.rw_sem); local_irq_disable(); lock(&(&net->xfrm.xfrm_policy_lock)->rlock); lock(cpu_hotplug_lock.rw_sem); lock(&(&net->xfrm.xfrm_policy_lock)->rlock); *** DEADLOCK *** 2 locks held by syz-executor0/2452: #0: (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000689db3a9>] pfkey_sendmsg+0x4ce/0xa00 net/key/af_key.c:3647 #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<000000005418538f>] spin_lock_bh include/linux/spinlock.h:315 [inline] #1: (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.}, at: [<000000005418538f>] xfrm_policy_flush+0x424/0x770 net/xfrm/xfrm_policy.c:951 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&(&net->xfrm.xfrm_policy_lock)->rlock){+.-.} ops: 924 { HARDIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_policy_insert+0xc9/0x1140 net/xfrm/xfrm_policy.c:743 xfrm_add_policy+0x3dc/0x8a0 net/xfrm/xfrm_user.c:1601 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a IN-SOFTIRQ-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_policy_delete+0x3e/0x90 net/xfrm/xfrm_policy.c:1247 xfrm_policy_timer+0x305/0x580 net/xfrm/xfrm_policy.c:247 call_timer_fn+0x228/0x820 kernel/time/timer.c:1320 expire_timers kernel/time/timer.c:1357 [inline] __run_timers+0x7ee/0xb70 kernel/time/timer.c:1660 run_timer_softirq+0x4c/0xb0 kernel/time/timer.c:1686 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:540 [inline] smp_apic_timer_interrupt+0x16b/0x700 arch/x86/kernel/apic/apic.c:1052 apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:904 arch_local_irq_restore arch/x86/include/asm/paravirt.h:777 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0x5e/0xba kernel/locking/spinlock.c:184 __debug_check_no_obj_freed lib/debugobjects.c:758 [inline] debug_check_no_obj_freed+0x3da/0xf1f lib/debugobjects.c:774 free_pages_prepare mm/page_alloc.c:1065 [inline] __free_pages_ok+0x765/0x31e0 mm/page_alloc.c:1259 free_compound_page+0x5e/0x70 mm/page_alloc.c:601 free_transhuge_page+0x2d2/0x430 mm/huge_memory.c:2740 __put_compound_page+0x87/0xb0 mm/swap.c:95 release_pages+0x64b/0x1230 mm/swap.c:788 free_pages_and_swap_cache+0x2ad/0x400 mm/swap_state.c:322 tlb_flush_mmu_free+0xb4/0x160 mm/memory.c:260 tlb_flush_mmu mm/memory.c:269 [inline] arch_tlb_finish_mmu+0x9d/0x130 mm/memory.c:284 tlb_finish_mmu+0x10f/0x190 mm/memory.c:427 unmap_region+0x35c/0x4f0 mm/mmap.c:2514 do_munmap+0x726/0xdf0 mm/mmap.c:2726 mmap_region+0x59e/0x15a0 mm/mmap.c:1646 do_mmap+0x6c0/0xe00 mm/mmap.c:1483 do_mmap_pgoff include/linux/mm.h:2217 [inline] vm_mmap_pgoff+0x1de/0x280 mm/util.c:333 SYSC_mmap_pgoff mm/mmap.c:1533 [inline] SyS_mmap_pgoff+0x23b/0x5f0 mm/mmap.c:1491 SYSC_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:91 entry_SYSCALL_64_fastpath+0x23/0x9a INITIAL USE at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:315 [inline] xfrm_policy_insert+0xc9/0x1140 net/xfrm/xfrm_policy.c:743 xfrm_add_policy+0x3dc/0x8a0 net/xfrm/xfrm_user.c:1601 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2441 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a } ... key at: [<000000009f9dab5f>] __key.66927+0x0/0x40 ... acquired at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 pfkey_spdflush+0x98/0x370 net/key/af_key.c:2750 pfkey_process+0x611/0x720 net/key/af_key.c:2809 pfkey_sendmsg+0x4dc/0xa00 net/key/af_key.c:3648 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (cpu_hotplug_lock.rw_sem){++++} ops: 1906 { HARDIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 down_write+0x87/0x120 kernel/locking/rwsem.c:70 percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145 cpus_write_lock kernel/cpu.c:305 [inline] _cpu_up+0x60/0x510 kernel/cpu.c:990 do_cpu_up+0x73/0xa0 kernel/cpu.c:1066 cpu_up+0x18/0x20 kernel/cpu.c:1074 smp_init+0x13a/0x152 kernel/smp.c:578 kernel_init_freeable+0x2fe/0x521 init/main.c:1064 kernel_init+0x13/0x172 init/main.c:996 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 HARDIRQ-ON-R at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] kmem_cache_create+0x26/0x2a0 mm/slab_common.c:440 debug_objects_mem_init+0xda/0x910 lib/debugobjects.c:1139 start_kernel+0x6dd/0x819 init/main.c:671 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 SOFTIRQ-ON-W at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 down_write+0x87/0x120 kernel/locking/rwsem.c:70 percpu_down_write+0xa3/0x500 kernel/locking/percpu-rwsem.c:145 cpus_write_lock kernel/cpu.c:305 [inline] _cpu_up+0x60/0x510 kernel/cpu.c:990 do_cpu_up+0x73/0xa0 kernel/cpu.c:1066 cpu_up+0x18/0x20 kernel/cpu.c:1074 smp_init+0x13a/0x152 kernel/smp.c:578 kernel_init_freeable+0x2fe/0x521 init/main.c:1064 kernel_init+0x13/0x172 init/main.c:996 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 SOFTIRQ-ON-R at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] kmem_cache_create+0x26/0x2a0 mm/slab_common.c:440 debug_objects_mem_init+0xda/0x910 lib/debugobjects.c:1139 start_kernel+0x6dd/0x819 init/main.c:671 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 INITIAL USE at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock kernel/cpu.c:293 [inline] __cpuhp_setup_state+0x60/0x140 kernel/cpu.c:1670 cpuhp_setup_state_nocalls include/linux/cpuhotplug.h:229 [inline] kvm_guest_init+0x1f3/0x20f arch/x86/kernel/kvm.c:528 setup_arch+0x17e8/0x1a02 arch/x86/kernel/setup.c:1266 start_kernel+0xcd/0x819 init/main.c:532 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 } ... key at: [<000000000149f193>] cpu_hotplug_lock+0xd8/0x140 ... acquired at: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 pfkey_spdflush+0x98/0x370 net/key/af_key.c:2750 pfkey_process+0x611/0x720 net/key/af_key.c:2809 pfkey_sendmsg+0x4dc/0xa00 net/key/af_key.c:3648 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a stack backtrace: CPU: 0 PID: 2452 Comm: syz-executor0 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_bad_irq_dependency kernel/locking/lockdep.c:1565 [inline] check_usage+0xad0/0xb60 kernel/locking/lockdep.c:1597 check_irq_usage kernel/locking/lockdep.c:1653 [inline] check_prev_add_irq kernel/locking/lockdep_states.h:8 [inline] check_prev_add kernel/locking/lockdep.c:1863 [inline] check_prevs_add kernel/locking/lockdep.c:1971 [inline] validate_chain kernel/locking/lockdep.c:2412 [inline] __lock_acquire+0x2bd1/0x3e00 kernel/locking/lockdep.c:3426 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] xfrm_policy_cache_flush+0x1d0/0x710 net/xfrm/xfrm_policy.c:1767 xfrm_policy_flush+0x650/0x770 net/xfrm/xfrm_policy.c:978 pfkey_spdflush+0x98/0x370 net/key/af_key.c:2750 pfkey_process+0x611/0x720 net/key/af_key.c:2809 pfkey_sendmsg+0x4dc/0xa00 net/key/af_key.c:3648 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2018 __sys_sendmsg+0xe5/0x210 net/socket.c:2052 SYSC_sendmsg net/socket.c:2063 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2059 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f0c04686c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9 RDX: 0000000000000000 RSI: 000000002057f000 RDI: 0000000000000013 RBP: 0000000000000582 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f64d0 R13: 00000000ffffffff R14: 00007f0c046876d4 R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 1 PID: 3062 Comm: syz-executor2 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3289 [inline] kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3632 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193 alloc_skb_fclone include/linux/skbuff.h:1025 [inline] tipc_buf_acquire+0x2d/0xf0 net/tipc/msg.c:66 tipc_msg_build+0xfa/0x1220 net/tipc/msg.c:277 __tipc_sendmsg+0xb92/0x1b40 net/tipc/socket.c:1349 tipc_connect+0x62f/0x790 net/tipc/socket.c:2334 SYSC_connect+0x213/0x4a0 net/socket.c:1611 SyS_connect+0x24/0x30 net/socket.c:1592 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fba4b355c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 00007fba4b355aa0 RCX: 0000000000452ac9 RDX: 0000000000000010 RSI: 00000000201c1ff0 RDI: 0000000000000013 RBP: 00007fba4b355a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007fba4b355bc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 3432 Comm: syz-executor6 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc_node mm/slab.c:3289 [inline] kmem_cache_alloc_node_trace+0x5a/0x750 mm/slab.c:3651 kmalloc_node include/linux/slab.h:537 [inline] kzalloc_node include/linux/slab.h:699 [inline] __get_vm_area_node+0xae/0x340 mm/vmalloc.c:1402 __vmalloc_node_range+0xa3/0x650 mm/vmalloc.c:1754 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vmalloc+0x45/0x50 mm/vmalloc.c:1840 ip_set_sockfn_get+0x2c1/0xc70 net/netfilter/ipset/ip_set_core.c:1920 nf_sockopt net/netfilter/nf_sockopt.c:104 [inline] nf_getsockopt+0x6a/0xc0 net/netfilter/nf_sockopt.c:122 ip_getsockopt+0x15c/0x220 net/ipv4/ip_sockglue.c:1573 udp_getsockopt+0x45/0x80 net/ipv4/udp.c:2460 ipv6_getsockopt+0xf3/0x2e0 net/ipv6/ipv6_sockglue.c:1363 tcp_getsockopt+0x82/0xd0 net/ipv4/tcp.c:3326 sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2937 SYSC_getsockopt net/socket.c:1852 [inline] SyS_getsockopt+0x178/0x340 net/socket.c:1834 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f16e7624c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007f16e7624aa0 RCX: 0000000000452ac9 RDX: 0000000000000053 RSI: 0000000000000000 RDI: 0000000000000013 RBP: 00007f16e7624a90 R08: 0000000020fedffc R09: 0000000000000000 R10: 000000002000d000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007f16e7624bc8 R14: 00000000004b767a R15: 0000000000000000 syz-executor6: vmalloc: allocation failure: 8 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) syz-executor6 cpuset=/ mems_allowed=0 CPU: 0 PID: 3432 Comm: syz-executor6 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3299 __vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vmalloc+0x45/0x50 mm/vmalloc.c:1840 ip_set_sockfn_get+0x2c1/0xc70 net/netfilter/ipset/ip_set_core.c:1920 nf_sockopt net/netfilter/nf_sockopt.c:104 [inline] nf_getsockopt+0x6a/0xc0 net/netfilter/nf_sockopt.c:122 ip_getsockopt+0x15c/0x220 net/ipv4/ip_sockglue.c:1573 udp_getsockopt+0x45/0x80 net/ipv4/udp.c:2460 ipv6_getsockopt+0xf3/0x2e0 net/ipv6/ipv6_sockglue.c:1363 tcp_getsockopt+0x82/0xd0 net/ipv4/tcp.c:3326 sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2937 SYSC_getsockopt net/socket.c:1852 [inline] SyS_getsockopt+0x178/0x340 net/socket.c:1834 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007f16e7624c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007f16e7624aa0 RCX: 0000000000452ac9 RDX: 0000000000000053 RSI: 0000000000000000 RDI: 0000000000000013 RBP: 00007f16e7624a90 R08: 0000000020fedffc R09: 0000000000000000 R10: 000000002000d000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007f16e7624bc8 R14: 00000000004b767a R15: 0000000000000000 warn_alloc_show_mem: 1 callbacks suppressed Mem-Info: active_anon:39775 inactive_anon:61 isolated_anon:0 active_file:3721 inactive_file:7849 isolated_file:0 unevictable:0 dirty:181 writeback:0 unstable:0 slab_reclaimable:9246 slab_unreclaimable:85815 mapped:23398 shmem:68 pagetables:596 bounce:0 free:1455163 free_pcp:612 free_cma:0 Node 0 active_anon:159100kB inactive_anon:244kB active_file:14884kB inactive_file:31396kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:93592kB dirty:724kB writeback:0kB shmem:272kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 104448kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2874 6386 6386 Node 0 DMA32 free:2939116kB min:30348kB low:37932kB high:45516kB active_anon:0kB inactive_anon:0kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2946452kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1336kB local_pcp:624kB free_cma:0kB lowmem_reserve[]: 0 0 3511 3511 Node 0 Normal free:2865628kB min:37068kB low:46332kB high:55596kB active_anon:159100kB inactive_anon:244kB active_file:14876kB inactive_file:31396kB unevictable:0kB writepending:724kB present:4718592kB managed:3596136kB mlocked:0kB kernel_stack:4288kB pagetables:2384kB bounce:0kB free_pcp:1108kB local_pcp:500kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 37*4kB (UME) 33*8kB (UME) 33*16kB (UME) 36*32kB (UME) 37*64kB (UME) 35*128kB (UME) 38*256kB (UME) 30*512kB (UME) 33*1024kB (UME) 12*2048kB (UME) 695*4096kB (UM) = 2939116kB Node 0 Normal: 297*4kB (UME) 639*8kB (UME) 622*16kB (UME) 343*32kB (UME) 478*64kB (UM) 222*128kB (UM) 87*256kB (UME) 41*512kB (UME) 26*1024kB (UME) 19*2048kB (UME) 652*4096kB (UM) = 2865628kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11643 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 326355 pages reserved FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 3508 Comm: syz-executor5 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3608 kmalloc include/linux/slab.h:499 [inline] kzalloc include/linux/slab.h:688 [inline] sctp_association_new+0x114/0x2130 net/sctp/associola.c:308 sctp_sendmsg+0x149b/0x33f0 net/sctp/socket.c:1886 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:764 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 SYSC_sendto+0x361/0x5c0 net/socket.c:1719 SyS_sendto+0x40/0x50 net/socket.c:1687 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fa0205b1c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007fa0205b1aa0 RCX: 0000000000452ac9 RDX: 0000000000000001 RSI: 000000002023effe RDI: 0000000000000013 RBP: 00007fa0205b1a90 R08: 000000002010e000 R09: 000000000000001c R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007fa0205b1bc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 3545 Comm: syz-executor5 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] __do_kmalloc mm/slab.c:3706 [inline] __kmalloc+0x63/0x760 mm/slab.c:3717 kmalloc_array include/linux/slab.h:618 [inline] sctp_stream_alloc_out+0x33/0x1b0 net/sctp/stream.c:96 sctp_stream_init+0xe6/0x340 net/sctp/stream.c:159 sctp_association_init net/sctp/associola.c:248 [inline] sctp_association_new+0x1253/0x2130 net/sctp/associola.c:312 sctp_sendmsg+0x149b/0x33f0 net/sctp/socket.c:1886 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:764 sock_sendmsg_nosec net/socket.c:628 [inline] sock_sendmsg+0xca/0x110 net/socket.c:638 SYSC_sendto+0x361/0x5c0 net/socket.c:1719 SyS_sendto+0x40/0x50 net/socket.c:1687 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x452ac9 RSP: 002b:00007fa0205b1c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007fa0205b1aa0 RCX: 0000000000452ac9 RDX: 0000000000000001 RSI: 000000002023effe RDI: 0000000000000013 RBP: 00007fa0205b1a90 R08: 000000002010e000 R09: 000000000000001c R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b767a R13: 00007fa0205b1bc8 R14: 00000000004b767a R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 3844 Comm: syz-executor3 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 ptlock_alloc+0x24/0x70 mm/memory.c:4686 ptlock_init include/linux/mm.h:1790 [inline] pgtable_page_ctor include/linux/mm.h:1824 [inline] pte_alloc_one+0x59/0x100 arch/x86/mm/pgtable.c:32 do_huge_pmd_anonymous_page+0xc23/0x1b00 mm/huge_memory.c:689 create_huge_pmd mm/memory.c:3828 [inline] __handle_mm_fault+0x1a0c/0x3ce0 mm/memory.c:4032 handle_mm_fault+0x334/0x8d0 mm/memory.c:4098 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1429 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1225 RIP: 0033:0x40180b RSP: 002b:00007fced5838b90 EFLAGS: 00010246 RAX: 0000000020000000 RBX: 0000000000000015 RCX: 0000000000000000 RDX: ae252b10b6b39104 RSI: 0000000000000000 RDI: 00007fced5839608 RBP: 000000002054d000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000015 R11: 0000000000000000 R12: 00000000006f68c0 R13: 0000000000000013 R14: 00007fced58396d4 R15: ffffffffffffffff syz-executor3 invoked oom-killer: gfp_mask=0x0(), nodemask=(null), order=0, oom_score_adj=0 syz-executor3 cpuset=/ mems_allowed=0 CPU: 0 PID: 3844 Comm: syz-executor3 Tainted: G W 4.15.0-rc5+ #177 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 dump_header+0x28c/0xe1e mm/oom_kill.c:437 oom_kill_process+0x8b5/0x14a0 mm/oom_kill.c:865 out_of_memory+0x86d/0x1220 mm/oom_kill.c:1079 pagefault_out_of_memory+0x135/0x152 mm/oom_kill.c:1110 mm_fault_error+0xd6/0x2c0 arch/x86/mm/fault.c:1053 __do_page_fault+0xb4d/0xc90 arch/x86/mm/fault.c:1457 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1504 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1225 RIP: 0033:0x40180b RSP: 002b:00007fced5838b90 EFLAGS: 00010246 RAX: 0000000020000000 RBX: 0000000000000015 RCX: 0000000000000000 RDX: ae252b10b6b39104 RSI: 0000000000000000 RDI: 00007fced5839608 RBP: 000000002054d000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000015 R11: 0000000000000000 R12: 00000000006f68c0 R13: 0000000000000013 R14: 00007fced58396d4 R15: ffffffffffffffff Mem-Info: active_anon:40286 inactive_anon:61 isolated_anon:0 active_file:3755 inactive_file:7838 isolated_file:0 unevictable:0 dirty:200 writeback:0 unstable:0 slab_reclaimable:9301 slab_unreclaimable:85341 mapped:23397 shmem:68 pagetables:596 bounce:0 free:1455054 free_pcp:638 free_cma:0 Node 0 active_anon:161144kB inactive_anon:244kB active_file:15020kB inactive_file:31352kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:93588kB dirty:800kB writeback:0kB shmem:272kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 106496kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2874 6386 6386 Node 0 DMA32 free:2939116kB min:30348kB low:37932kB high:45516kB active_anon:0kB inactive_anon:0kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2946452kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1336kB local_pcp:624kB free_cma:0kB lowmem_reserve[]: 0 0 3511 3511 Node 0 Normal free:2865192kB min:37068kB low:46332kB high:55596kB active_anon:161144kB inactive_anon:244kB active_file:15012kB inactive_file:31352kB unevictable:0kB writepending:800kB present:4718592kB managed:3596136kB mlocked:0kB kernel_stack:4288kB pagetables:2384kB bounce:0kB free_pcp:1212kB local_pcp:572kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 37*4kB (UME) 33*8kB (UME) 33*16kB (UME) 36*32kB (UME) 37*64kB (UME) 35*128kB (UME) 38*256kB (UME) 30*512kB (UME) 33*1024kB (UME) 12*2048kB (UME) 695*4096kB (UM) = 2939116kB Node 0 Normal: 296*4kB (UM) 727*8kB (UME) 673*16kB (UME) 354*32kB (UM) 478*64kB (UM) 222*128kB (UM) 86*256kB (UM) 41*512kB (UME) 26*1024kB (UME) 20*2048kB (UME) 651*4096kB (UM) = 2865192kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11660 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 326355 pages reserved Unreclaimable slab info: Name Used Total pid_2 507KB 516KB hashtab_node 118KB 119KB ebitmap_node 2117KB 2409KB avtab_node 1012KB 1013KB TIPC 194KB 194KB RDS 59KB 101KB rds_connection 6KB 12KB SCTPv6 624KB 644KB SCTP 395KB 456KB sctp_chunk 210KB 210KB sctp_bind_bucket 12KB 15KB tw_sock_DCCPv6 0KB 7KB DCCPv6 90KB 102KB DCCP 74KB 74KB ccid2_hc_tx_sock 8KB 27KB dccp_bind_bucket 4KB 20KB KCM 91KB 172KB kcm_psock_cache 26KB 45KB kcm_mux_cache 37KB 75KB bridge_fdb_cache 0KB 3KB ip6-frags 0KB 3KB fib6_nodes 16KB 24KB ip6_dst_cache 103KB 120KB ip6_mrt_cache 6KB 8KB PINGv6 82KB 91KB RAWv6 455KB 455KB UDPLITEv6 28KB 31KB UDPv6 231KB 283KB tw_sock_TCPv6 3KB 3KB TCPv6 84KB 84KB sd_ext_cdb 0KB 3KB scsi_sense_cache 5KB 8KB virtio_scsi_cmd 16KB 16KB sgpool-128 8KB 8KB sgpool-64 4KB 6KB sgpool-32 2KB 7KB sgpool-16 3KB 3KB sgpool-8 11KB 11KB cfq_io_cq 4KB 15KB cfq_queue 2KB 15KB mqueue_inode_cache 18KB 43KB nfs_commit_data 3KB 7KB nfs_write_data 34KB 37KB jbd2_inode 2KB 3KB ext4_system_zone 0KB 3KB bio-1 1KB 3KB fasync_cache 1KB 8KB pid_namespace 3KB 7KB rpc_buffers 17KB 19KB rpc_tasks 2KB 3KB UNIX 437KB 514KB ip4-frags 0KB 7KB UDP-Lite 1KB 7KB tcp_bind_bucket 17KB 20KB inet_peer_cache 6KB 8KB secpath_cache 0KB 4KB xfrm_dst_cache 0KB 4KB ip_fib_trie 4KB 11KB ip_fib_alias 7KB 15KB ip_dst_cache 39KB 60KB PING 35KB 64KB RAW 278KB 345KB UDP 265KB 320KB TCP 102KB 102KB hugetlbfs_inode_cache 12KB 31KB eventpoll_pwq 10KB 19KB eventpoll_epi 17KB 27KB inotify_inode_mark 3KB 7KB request_queue 31KB 39KB blkdev_ioc 5KB 15KB bio-0 26KB 30KB biovec-(1<<(21-12)) 346KB 453KB bio_integrity_payload 0KB 4KB khugepaged_mm_slot 57KB 62KB user_namespace 5KB 7KB dmaengine-unmap-2 0KB 3KB skbuff_fclone_cache 740KB 952KB skbuff_head_cache 1467KB 1725KB configfs_dir_cache 0KB 4KB file_lock_cache 0KB 3KB file_lock_ctx 0KB 3KB fsnotify_mark_connector 2KB 3KB net_namespace 57KB 57KB shmem_inode_cache 2812KB 2812KB task_delay_info 853KB 877KB taskstats 558KB 558KB sigqueue 1750KB 1854KB kernfs_node_cache 5769KB 5772KB mnt_cache 52KB 84KB filp 8558KB 9356KB names_cache 83308KB 83329KB avc_node 46KB 55KB selinux_file_security 439KB 476KB selinux_inode_security 2294KB 2320KB key_jar 3KB 7KB nsproxy 1KB 11KB vm_area_struct 17662KB 17703KB mm_struct 3179KB 3945KB fs_cache 512KB 512KB files_cache 1901KB 1901KB signal_cache 3040KB 3040KB sighand_cache 360KB 360KB task_struct 28450KB 28505KB cred_jar 1601KB 2344KB anon_vma_chain 4640KB 5185KB anon_vma 246KB 315KB pid 113KB 244KB Acpi-Operand 106KB 170KB Acpi-Namespace 19KB 23KB numa_policy 0KB 3KB debug_objects_cache 443KB 446KB trace_event_file 145KB 147KB ftrace_event_field 257KB 259KB pool_workqueue 38KB 40KB page->ptl 3273KB 3273KB kmalloc-1048576 2052KB 2052KB kmalloc-524288 1028KB 1028KB kmalloc-262144 1032KB 1032KB kmalloc-131072 1560KB 1820KB kmalloc-65536 330KB 396KB kmalloc-32768 594KB 594KB kmalloc-16384 594KB 660KB kmalloc-8192 1988KB 2062KB kmalloc-4096 9430KB 9452KB kmalloc-2048 9664KB 10123KB kmalloc-1024 3798KB 3969KB kmalloc-512 3078KB 3416KB kmalloc-256 2155KB 2493KB kmalloc-128 1399KB 1433KB kmalloc-96 952KB 952KB kmalloc-64 2093KB 2116KB kmalloc-32 2031KB 2185KB kmalloc-192 526KB 532KB kmem_cache 103KB 105KB [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 1772] 0 1772 5366 617 90112 0 -1000 udevd [ 3189] 0 3189 2493 795 61440 0 0 dhclient [ 3340] 0 3340 14265 771 118784 0 0 rsyslogd [ 3395] 0 3395 4725 505 86016 0 0 cron [ 3413] 0 3413 3736 44 69632 0 0 mcstransd [ 3415] 0 3415 12927 1502 139264 0 0 restorecond [ 3441] 0 3441 12490 796 135168 0 -1000 sshd [ 3465] 0 3465 3694 473 77824 0 0 getty [ 3466] 0 3466 3694 465 69632 0 0 getty [ 3467] 0 3467 3694 468 77824 0 0 getty [ 3468] 0 3468 3694 476 77824 0 0 getty [ 3469] 0 3469 3694 480 77824 0 0 getty [ 3470] 0 3470 3694 448 73728 0 0 getty [ 3471] 0 3471 3649 435 77824 0 0 getty [ 3489] 0 3489 17821 1344 180224 0 0 sshd [ 3491] 0 3491 82885 40976 454656 0 0 syz-fuzzer [ 3532] 0 3532 7297 230 69632 0 0 syz-executor0 [ 3533] 0 3533 7297 232 69632 0 0 syz-executor7 [ 3534] 0 3534 7297 231 65536 0 0 syz-executor1 [ 3535] 0 3535 7297 230 65536 0 0 syz-executor2 [ 3538] 0 3538 7297 230 65536 0 0 syz-executor3 [ 3540] 0 3540 7297 232 69632 0 0 syz-executor4 [ 3541] 0 3541 7297 231 61440 0 0 syz-executor5 [ 3543] 0 3543 7297 231 69632 0 0 syz-executor6 [ 3556] 0 3556 5365 569 86016 0 -1000 udevd [ 3561] 0 3561 5365 310 86016 0 -1000 udevd [ 3719] 0 3719 7297 2270 77824 0 0 syz-executor7 [ 3718] 0 3718 7297 2252 77824 0 0 syz-executor0 [ 3729] 0 3729 7297 2269 73728 0 0 syz-executor1 [ 3730] 0 3730 7297 2269 77824 0 0 syz-executor6 [ 3731] 0 3731 7297 2268 73728 0 0 syz-executor3 [ 3732] 0 3732 7297 2269 69632 0 0 syz-executor5 [ 3733] 0 3733 7297 2268 73728 0 0 syz-executor2 [ 3735] 0 3735 7297 2270 77824 0 0 syz-executor4 [ 3844] 0 3837 11425 2710 77824 0 0 syz-executor3 Out of memory: Kill process 3491 (syz-fuzzer) score 24 or sacrifice child Killed process 3540 (syz-executor4) total-vm:29188kB, anon-rss:64kB, file-rss:864kB, shmem-rss:0kB oom_reaper: reaped process 3540 (syz-executor4), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB audit: type=1400 audit(1515247041.900:97): avc: denied { sys_ptrace } for pid=3887 comm="ps" capability=19 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=cap_userns permissive=1