BUG: sleeping function called from invalid context at mm/slab.h:420 ============================= in_atomic(): 1, irqs_disabled(): 0, pid: 5502, name: syz-executor5 1 lock held by syz-executor5/5502: WARNING: suspicious RCU usage #0: 4.16.0-rc1+ #309 Not tainted (rcu_read_lock ----------------------------- ){....}, at: [<00000000bab82aaf>] __rds_conn_create+0xe46/0x1b50 net/rds/connection.c:218 CPU: 0 PID: 5502 Comm: syz-executor5 Not tainted 4.16.0-rc1+ #309 ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section! Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 other info that might help us debug this: ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6128 rcu_scheduler_active = 2, debug_locks = 1 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 1 lock held by syz-executor2/5500: slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc+0x2a2/0x760 mm/slab.c:3539 #0: rds_tcp_conn_alloc+0xa7/0x4e0 net/rds/tcp.c:296 ( rcu_read_lock __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 ){....} , at: [<00000000bab82aaf>] __rds_conn_create+0xe46/0x1b50 net/rds/connection.c:218 stack backtrace: rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 rds_sendmsg+0xda3/0x2390 net/rds/send.c:1126 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007f3b86e30c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f3b86e316d4 RCX: 0000000000453a59 RDX: 0000000000000000 RSI: 0000000020141fb9 RDI: 0000000000000013 RBP: 000000000071bea0 R08: 000000002069affb R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004b9 R14: 00000000006f71f8 R15: 0000000000000000 CPU: 1 PID: 5500 Comm: syz-executor2 Not tainted 4.16.0-rc1+ #309 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 rcu_preempt_sleep_check include/linux/rcupdate.h:301 [inline] ___might_sleep+0x385/0x470 kernel/sched/core.c:6093 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc_trace+0x299/0x740 mm/slab.c:3605 kmalloc include/linux/slab.h:512 [inline] kzalloc include/linux/slab.h:701 [inline] rds_loop_conn_alloc+0xc8/0x380 net/rds/loop.c:126 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 rds_sendmsg+0xda3/0x2390 net/rds/send.c:1126 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007ff3962aac68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007ff3962ab6d4 RCX: 0000000000453a59 RDX: 0000000000000000 RSI: 0000000020141fb9 RDI: 0000000000000013 RBP: 000000000071bea0 R08: 000000002069affb R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004b9 R14: 00000000006f71f8 R15: 0000000000000000 audit: type=1400 audit(1518434232.557:22): avc: denied { map_create } for pid=5494 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 netlink: 'syz-executor0': attribute type 21 has an invalid length. netlink: 'syz-executor0': attribute type 21 has an invalid length. Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable xt_SECMARK: invalid mode: 0 Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable xt_SECMARK: invalid mode: 0 TCP: request_sock_TCPv6: Possible SYN flooding on port 20010. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. binder: 5573:5592 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER binder: 5573:5606 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 'syz-executor2': attribute type 6 has an invalid length. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. netlink: 'syz-executor0': attribute type 6 has an invalid length. netlink: 'syz-executor2': attribute type 6 has an invalid length. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. audit: type=1400 audit(1518434234.307:23): avc: denied { create } for pid=5738 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1518434234.310:24): avc: denied { write } for pid=5738 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1518434234.359:25): avc: denied { map_read map_write } for pid=5744 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 QAT: Invalid ioctl QAT: Invalid ioctl audit: type=1400 audit(1518434234.581:26): avc: denied { map } for pid=5799 comm="syz-executor7" path="/dev/snd/pcmC0D0c" dev="devtmpfs" ino=9158 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file permissive=1 audit: type=1400 audit(1518434234.621:27): avc: denied { setuid } for pid=5796 comm="syz-executor1" capability=7 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1518434234.657:28): avc: denied { node_bind } for pid=5815 comm="syz-executor5" saddr=fe80:: scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 audit: type=1400 audit(1518434234.661:29): avc: denied { name_bind } for pid=5815 comm="syz-executor5" src=20021 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 binder: 5849:5858 ioctl 4b3b 20001ff8 returned -22 audit: type=1400 audit(1518434234.775:30): avc: denied { ipc_owner } for pid=5850 comm="syz-executor1" capability=15 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 binder: 5849:5872 ioctl 4b3b 20001ff8 returned -22 ipt_REJECT: ECHOREPLY no longer supported. ipt_REJECT: ECHOREPLY no longer supported. tmpfs: Bad mount option ,4MÏÄ7ö³É tmpfs: Bad mount option ,4MÏÄ7ö³É device eql entered promiscuous mode device eql entered promiscuous mode TCP: request_sock_TCPv6: Possible SYN flooding on port 20010. Sending cookies. Check SNMP counters. netlink: 40 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 40 bytes leftover after parsing attributes in process `syz-executor5'. xt_connbytes: Forcing CT accounting to be enabled ip_tunnel: non-ECT from 172.20.7.10 with TOS=0xb ip_tunnel: non-ECT from 172.20.7.10 with TOS=0xb autofs4:pid:6405:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(3590324411.0), cmd(0x0000937e) autofs4:pid:6405:validate_dev_ioctl: invalid device control module version supplied for cmd(0x0000937e) autofs4:pid:6417:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(3590324411.0), cmd(0x0000937e) autofs4:pid:6417:validate_dev_ioctl: invalid device control module version supplied for cmd(0x0000937e) TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. BUG: sleeping function called from invalid context at mm/slab.h:420 in_atomic(): 1, irqs_disabled(): 0, pid: 6524, name: syz-executor3 1 lock held by syz-executor3/6524: #0: (rcu_read_lock){....}, at: [<00000000bab82aaf>] __rds_conn_create+0xe46/0x1b50 net/rds/connection.c:218 binder: release 6508:6510 transaction 2 out, still active CPU: 1 PID: 6524 Comm: syz-executor3 Tainted: G W 4.16.0-rc1+ #309 binder: unexpected work type, 4, not freed Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 binder: undelivered TRANSACTION_COMPLETE ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6128 kauditd_printk_skb: 7 callbacks suppressed audit: type=1400 audit(1518434237.916:38): avc: denied { set_context_mgr } for pid=6508 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 __might_sleep+0x95/0x190 kernel/sched/core.c:6081 audit: type=1400 audit(1518434237.924:39): avc: denied { call } for pid=6508 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 slab_pre_alloc_hook mm/slab.h:420 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc_trace+0x299/0x740 mm/slab.c:3605 audit: type=1400 audit(1518434237.924:40): avc: denied { transfer } for pid=6508 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 kmalloc include/linux/slab.h:512 [inline] kzalloc include/linux/slab.h:701 [inline] rds_loop_conn_alloc+0xc8/0x380 net/rds/loop.c:126 binder_alloc: binder_alloc_mmap_handler: 6508 20000000-20002000 already mapped failed -16 __rds_conn_create+0x112f/0x1b50 net/rds/connection.c:227 binder: BINDER_SET_CONTEXT_MGR already set binder: 6508:6534 ioctl 40046207 0 returned -16 rds_conn_create_outgoing+0x3f/0x50 net/rds/connection.c:309 rds_sendmsg+0xda3/0x2390 net/rds/send.c:1126 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007fc8763d6c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007fc8763d76d4 RCX: 0000000000453a59 RDX: 0000000000000000 RSI: 0000000020007000 RDI: 0000000000000013 RBP: 000000000071bea0 R08: 0000000020000000 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004b9 R14: 00000000006f71f8 R15: 0000000000000000 binder_alloc: 6508: binder_alloc_buf, no vma binder: 6508:6510 transaction failed 29189/-3, size 40-8 line 2957 binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 2, target dead TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. audit: type=1400 audit(1518434238.530:41): avc: denied { map } for pid=6549 comm="syz-executor3" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=16665 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=1 TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. device syz1 entered promiscuous mode TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. QAT: Invalid ioctl device syz1 left promiscuous mode QAT: Invalid ioctl IPv4: Oversized IP packet from 127.0.0.1 TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. QAT: Invalid ioctl capability: warning: `syz-executor0' uses 32-bit capabilities (legacy support in use) xt_connbytes: Forcing CT accounting to be enabled TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. audit: type=1400 audit(1518434239.629:42): avc: denied { net_bind_service } for pid=6730 comm="syz-executor0" capability=10 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 0 PID: 6739 Comm: syz-executor4 Tainted: G W 4.16.0-rc1+ #309 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc_node mm/slab.c:3286 [inline] kmem_cache_alloc_node+0x56/0x760 mm/slab.c:3629 __alloc_skb+0xf1/0x780 net/core/skbuff.c:193 alloc_skb_fclone include/linux/skbuff.h:1025 [inline] sk_stream_alloc_skb+0x126/0x9a0 net/ipv4/tcp.c:866 tcp_sendmsg_locked+0x15f6/0x3c70 net/ipv4/tcp.c:1301 tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1463 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:764 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 SYSC_sendto+0x361/0x5c0 net/socket.c:1747 SyS_sendto+0x40/0x50 net/socket.c:1715 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007f191fee9c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f191feea6d4 RCX: 0000000000453a59 RDX: fdbf12558da8f98b RSI: 0000000020fca000 RDI: 0000000000000013 RBP: 000000000071bea0 R08: 0000000020ec6f80 R09: 0000000000000080 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 R13: 00000000000004b7 R14: 00000000006f71c8 R15: 0000000000000000 TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. binder: 6862:6867 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 6862:6867 Acquire 1 refcount change on invalid ref 0 ret -22 TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. audit: type=1400 audit(1518434240.565:43): avc: denied { setfcap } for pid=6883 comm="syz-executor7" capability=31 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 binder: 6885:6895 got reply transaction with no transaction stack binder: 6885:6895 transaction failed 29201/-71, size 0-0 line 2757 binder: undelivered TRANSACTION_ERROR: 29201 TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. device eql entered promiscuous mode insert transport fail, errno -17 TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 6994 Comm: syz-executor6 Tainted: G W 4.16.0-rc1+ #309 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc_trace+0x4b/0x740 mm/slab.c:3605 kmalloc include/linux/slab.h:512 [inline] kzalloc include/linux/slab.h:701 [inline] alloc_pipe_info+0x159/0x4b0 fs/pipe.c:633 splice_direct_to_actor+0x64a/0x820 fs/splice.c:920 do_splice_direct+0x29b/0x3c0 fs/splice.c:1061 do_sendfile+0x5c9/0xe80 fs/read_write.c:1413 SYSC_sendfile64 fs/read_write.c:1468 [inline] SyS_sendfile64+0xbd/0x160 fs/read_write.c:1460 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007f4849800c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f48498016d4 RCX: 0000000000453a59 RDX: 000000002046cff8 RSI: 0000000000000013 RDI: 0000000000000013 RBP: 000000000071bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 008000000000fffd R11: 0000000000000246 R12: 0000000000000014 R13: 00000000000004a0 R14: 00000000006f6fa0 R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 7015 Comm: syz-executor6 Tainted: G W 4.16.0-rc1+ #309 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3365 [inline] __do_kmalloc mm/slab.c:3703 [inline] __kmalloc+0x63/0x760 mm/slab.c:3714 kmalloc_array include/linux/slab.h:631 [inline] kcalloc include/linux/slab.h:642 [inline] alloc_pipe_info+0x23f/0x4b0 fs/pipe.c:650 splice_direct_to_actor+0x64a/0x820 fs/splice.c:920 do_splice_direct+0x29b/0x3c0 fs/splice.c:1061 do_sendfile+0x5c9/0xe80 fs/read_write.c:1413 SYSC_sendfile64 fs/read_write.c:1468 [inline] SyS_sendfile64+0xbd/0x160 fs/read_write.c:1460 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453a59 RSP: 002b:00007f4849800c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f48498016d4 RCX: 0000000000453a59 RDX: 000000002046cff8 RSI: 0000000000000013 RDI: 0000000000000013 RBP: 000000000071bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 008000000000fffd R11: 0000000000000246 R12: 0000000000000014 R13: 00000000000004a0 R14: 00000000006f6fa0 R15: 0000000000000001 TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. audit: type=1400 audit(1518434241.708:44): avc: denied { prog_run } for pid=7059 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl