* INFO: rcu detected stall in ndisc_alloc_skb
@ 2018-12-31 7:42 syzbot
2018-12-31 7:49 ` Dmitry Vyukov
0 siblings, 1 reply; 20+ messages in thread
From: syzbot @ 2018-12-31 7:42 UTC (permalink / raw)
To: davem, kuznet, linux-kernel, netdev, syzkaller-bugs, yoshfuji
Hello,
syzbot found the following crash on:
HEAD commit: ef4ab8447aa2 selftests: bpf: install script with_addr.sh
git tree: bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14a28b6e400000
kernel config: https://syzkaller.appspot.com/x/.config?x=7e7e2279c0020d5f
dashboard link: https://syzkaller.appspot.com/bug?extid=ea7d9cb314b4ab49a18a
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com
CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
rcu: (detected by 0, t=10712 jiffies, g=90369, q=135)
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
rcu: All QSes seen, last rcu_preempt kthread activity 10548
(4295003843-4294993295), jiffies_till_next_fqs=1, root ->qsmask 0x0
syz-executor0 R
running task
warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
22896 7592 5826 0x8010000c
Call Trace:
<IRQ>
sched_show_task.cold.83+0x2b6/0x30a kernel/sched/core.c:5296
__alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
print_other_cpu_stall.cold.79+0xa83/0xba5 kernel/rcu/tree.c:1430
check_cpu_stall kernel/rcu/tree.c:1557 [inline]
__rcu_pending kernel/rcu/tree.c:3276 [inline]
rcu_pending kernel/rcu/tree.c:3319 [inline]
rcu_check_callbacks+0xafc/0x1990 kernel/rcu/tree.c:2665
__alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
__alloc_pages include/linux/gfp.h:473 [inline]
__alloc_pages_node include/linux/gfp.h:486 [inline]
kmem_getpages mm/slab.c:1409 [inline]
cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
fallback_alloc+0x203/0x2e0 mm/slab.c:3219
____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
slab_alloc_node mm/slab.c:3327 [inline]
kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
__alloc_skb+0x119/0x770 net/core/skbuff.c:193
alloc_skb include/linux/skbuff.h:997 [inline]
ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
update_process_times+0x2d/0x70 kernel/time/timer.c:1636
addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
tick_sched_handle+0x9f/0x180 kernel/time/tick-sched.c:164
tick_sched_timer+0x45/0x130 kernel/time/tick-sched.c:1274
__run_hrtimer kernel/time/hrtimer.c:1398 [inline]
__hrtimer_run_queues+0x41c/0x10d0 kernel/time/hrtimer.c:1460
call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
hrtimer_interrupt+0x313/0x780 kernel/time/hrtimer.c:1518
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1029 [inline]
smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1054
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
[inline]
RIP: 0010:slab_alloc_node mm/slab.c:3329 [inline]
RIP: 0010:kmem_cache_alloc_node+0x247/0x730 mm/slab.c:3642
Code: 3f 7e 0f 85 32 ff ff ff e8 a5 7f 3e ff e9 28 ff ff ff e8 0c e3 c2 ff
48 83 3d 5c f4 6f 07 00 0f 84 33 01 00 00 4c 89 ff 57 9d <0f> 1f 44 00 00
e9 bf fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23
RSP: 0000:ffff8801dae07450 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffffff8184e1ca
RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286
RBP: ffff8801dae074c0 R08: ffff880193c38700 R09: fffffbfff12812c4
R10: ffff8801dae06098 R11: ffffffff89409623 R12: ffff8801d9a04040
R13: ffff8801d9a04040 R14: 0000000000000000 R15: 0000000000000286
__alloc_skb+0x119/0x770 net/core/skbuff.c:193
alloc_skb include/linux/skbuff.h:997 [inline]
ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
__do_softirq+0x30b/0xad8 kernel/softirq.c:292
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x17f/0x1c0 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
__do_softirq+0x30b/0xad8 kernel/softirq.c:292
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
[inline]
RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409
Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f
84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00
e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00
RSP: 0000:ffff8801bccde450 EFLAGS: 00000293
ORIG_RAX: ffffffffffffff13
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x17f/0x1c0 kernel/softirq.c:412
RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca
RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0
R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000
R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0
vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
[inline]
RIP: 0010:slab_alloc mm/slab.c:3385 [inline]
RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552
Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48
83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00
e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23
RSP: 0000:ffff8801980a7748 EFLAGS: 00000286
vprintk_default+0x28/0x30 kernel/printk/printk.c:1963
ORIG_RAX: ffffffffffffff13
vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398
RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000
printk+0xa7/0xcf kernel/printk/printk.c:1996
RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286
RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4
R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000
dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371
R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020
dump_header+0x7cc/0xf72 mm/oom_kill.c:447
skb_clone+0x1bb/0x500 net/core/skbuff.c:1280
____bpf_clone_redirect net/core/filter.c:2079 [inline]
bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066
bpf_prog_41f2bcae09cd4ac3+0x194/0x1000
oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953
out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120
__alloc_pages_may_oom mm/page_alloc.c:3522 [inline]
__alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235
rcu: rcu_preempt kthread starved for 10548 jiffies! g90369 f0x2
RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: RCU grace-period kthread stack dump:
rcu_preempt R
running task 22736 10 2 0x80000000
Call Trace:
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x86c/0x1ed0 kernel/sched/core.c:3473
__alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
schedule+0xfe/0x460 kernel/sched/core.c:3517
__alloc_pages include/linux/gfp.h:473 [inline]
__alloc_pages_node include/linux/gfp.h:486 [inline]
kmem_getpages mm/slab.c:1409 [inline]
cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
schedule_timeout+0x140/0x260 kernel/time/timer.c:1804
fallback_alloc+0x203/0x2e0 mm/slab.c:3219
____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
__do_cache_alloc mm/slab.c:3356 [inline]
slab_alloc mm/slab.c:3384 [inline]
kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618
rcu_gp_kthread+0x9d9/0x2310 kernel/rcu/tree.c:2194
kmalloc include/linux/slab.h:513 [inline]
syslog_print kernel/printk/printk.c:1297 [inline]
do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465
kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40
proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231
__vfs_read+0x117/0x9b0 fs/read_write.c:416
vfs_read+0x17f/0x3c0 fs/read_write.c:452
ksys_read+0x101/0x260 fs/read_write.c:578
__do_sys_read fs/read_write.c:588 [inline]
__se_sys_read fs/read_write.c:586 [inline]
__x64_sys_read+0x73/0xb0 fs/read_write.c:586
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f5bbee581fd
Code: Bad RIP value.
RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293
ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd
RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000
R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420
R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003
warn_alloc_show_mem: 1 callbacks suppressed
Mem-Info:
active_anon:48193 inactive_anon:137 isolated_anon:0
active_file:16 inactive_file:15 isolated_file:0
unevictable:0 dirty:0 writeback:0 unstable:0
slab_reclaimable:9165 slab_unreclaimable:1475206
mapped:8194 shmem:144 pagetables:402 bounce:0
free:13771 free_pcp:443 free_cma:0
Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB
inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? yes
Node 0
DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15992kB managed:15908kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
free_cma:0kB
lowmem_reserve[]:
0
2819
6323
6323
Node 0
DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB
inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB
writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB
free_cma:0kB
lowmem_reserve[]:
0
0
3503
3503
Node 0
Normal free:13912kB min:37352kB low:46688kB high:56024kB
active_anon:192772kB inactive_anon:548kB active_file:60kB
inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB
managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB
bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB
lowmem_reserve[]:
kthread+0x35a/0x420 kernel/kthread.c:246
0
0
0
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
0
ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB
syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
__GFP_COMP), nodemask=(null)
(U)
syz-executor0 cpuset=
2*64kB
syz0
(U)
mems_allowed=0
1*128kB
CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118
(U)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
1*256kB (U)
Call Trace:
0*512kB
<IRQ>
1*1024kB
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
(U)
1*2048kB
warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
(M)
3*4096kB
(M)
= 15908kB
Node 0
__alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
DMA32:
4*4kB
(UM)
2*8kB (M)
3*16kB
(M)
3*32kB
(M)
4*64kB
(UM)
4*128kB
(UM)
3*256kB
(M)
4*512kB
(UM)
3*1024kB
(UM)
3*2048kB
(M)
3*4096kB
(M)
= 25264kB
Node 0
Normal:
942*4kB
(UME)
__alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
338*8kB
(UMEH)
149*16kB
(UME)
84*32kB
(UMEH)
__alloc_pages include/linux/gfp.h:473 [inline]
__alloc_pages_node include/linux/gfp.h:486 [inline]
kmem_getpages mm/slab.c:1409 [inline]
cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
25*64kB (UM)
2*128kB
fallback_alloc+0x203/0x2e0 mm/slab.c:3219
(UH)
____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
0*256kB
slab_alloc_node mm/slab.c:3327 [inline]
kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
1*512kB
(H)
__alloc_skb+0x119/0x770 net/core/skbuff.c:193
0*1024kB
0*2048kB 0*4096kB
= 13912kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
175 total pagecache pages
0 pages in swap cache
alloc_skb include/linux/skbuff.h:997 [inline]
ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
Swap cache stats: add 0, delete 0, find 0/0
ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
Free swap = 0kB
addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
Total swap = 0kB
1965979 pages RAM
call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
0 pages HighMem/MovableOnly
342307 pages reserved
0 pages cma reserved
ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
__GFP_COMP), nodemask=(null)
rsyslogd cpuset=
/
mems_allowed=0
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
__do_softirq+0x30b/0xad8 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x17f/0x1c0 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
[inline]
RIP: 0010:slab_alloc mm/slab.c:3385 [inline]
RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552
Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48
83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00
e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23
RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000
RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286
RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4
R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000
R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020
skb_clone+0x1bb/0x500 net/core/skbuff.c:1280
____bpf_clone_redirect net/core/filter.c:2079 [inline]
bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066
bpf_prog_41f2bcae09cd4ac3+0x194/0x1000
Mem-Info:
CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
active_anon:48193 inactive_anon:137 isolated_anon:0
active_file:16 inactive_file:15 isolated_file:0
unevictable:0 dirty:0 writeback:0 unstable:0
slab_reclaimable:9165 slab_unreclaimable:1475206
mapped:8194 shmem:144 pagetables:402 bounce:0
free:13771 free_pcp:443 free_cma:0
Call Trace:
Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB
inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? yes
<IRQ>
Node 0
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15992kB managed:15908kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
free_cma:0kB
lowmem_reserve[]:
warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
0
2819
6323
6323
__alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
Node 0
DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB
inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB
writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:248kB
free_cma:0kB
lowmem_reserve[]:
0
0
3503
3503
Node 0
Normal free:13912kB min:37352kB low:46688kB high:56024kB
active_anon:192772kB inactive_anon:548kB active_file:60kB
inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB
managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB
bounce:0kB free_pcp:1524kB local_pcp:68kB free_cma:0kB
lowmem_reserve[]: 0
0
0
0
Node 0 DMA:
1*4kB
(U)
0*8kB
0*16kB
1*32kB
(U)
2*64kB
(U)
1*128kB
(U)
1*256kB
(U)
0*512kB
1*1024kB
(U)
1*2048kB
__alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
(M)
3*4096kB
(M)
= 15908kB
Node 0
DMA32:
__alloc_pages include/linux/gfp.h:473 [inline]
__alloc_pages_node include/linux/gfp.h:486 [inline]
kmem_getpages mm/slab.c:1409 [inline]
cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
4*4kB
(UM)
fallback_alloc+0x203/0x2e0 mm/slab.c:3219
2*8kB
____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
(M)
slab_alloc_node mm/slab.c:3327 [inline]
kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
3*16kB
(M)
__alloc_skb+0x119/0x770 net/core/skbuff.c:193
3*32kB
(M)
4*64kB
(UM)
4*128kB
(UM)
3*256kB
alloc_skb include/linux/skbuff.h:997 [inline]
ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
(M)
ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
4*512kB
addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
(UM)
3*1024kB
(UM)
call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
3*2048kB
(M)
3*4096kB
(M)
= 25264kB
Node 0
Normal:
942*4kB
(UME)
338*8kB
(UMEH)
149*16kB
(UME)
84*32kB
(UMEH)
25*64kB
(UM)
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
2*128kB
(UH)
0*256kB
1*512kB
(H)
0*1024kB
0*2048kB
0*4096kB
= 13912kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
175 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
1965979 pages RAM
0 pages HighMem/MovableOnly
__do_softirq+0x30b/0xad8 kernel/softirq.c:292
342307 pages reserved
0 pages cma reserved
ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
__GFP_COMP), nodemask=(null)
syz-executor0 cpuset=
syz0
mems_allowed=0
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x17f/0x1c0 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
[inline]
RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409
Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f
84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00
e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00
RSP: 0000:ffff8801bccde450 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca
RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293
RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0
R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000
R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0
vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922
vprintk_default+0x28/0x30 kernel/printk/printk.c:1963
vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398
printk+0xa7/0xcf kernel/printk/printk.c:1996
dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371
dump_header+0x7cc/0xf72 mm/oom_kill.c:447
oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953
out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120
__alloc_pages_may_oom mm/page_alloc.c:3522 [inline]
__alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235
__alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
__alloc_pages include/linux/gfp.h:473 [inline]
__alloc_pages_node include/linux/gfp.h:486 [inline]
kmem_getpages mm/slab.c:1409 [inline]
cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
fallback_alloc+0x203/0x2e0 mm/slab.c:3219
____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
__do_cache_alloc mm/slab.c:3356 [inline]
slab_alloc mm/slab.c:3384 [inline]
kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618
kmalloc include/linux/slab.h:513 [inline]
syslog_print kernel/printk/printk.c:1297 [inline]
do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465
kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40
proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231
__vfs_read+0x117/0x9b0 fs/read_write.c:416
vfs_read+0x17f/0x3c0 fs/read_write.c:452
ksys_read+0x101/0x260 fs/read_write.c:578
__do_sys_read fs/read_write.c:588 [inline]
__se_sys_read fs/read_write.c:586 [inline]
__x64_sys_read+0x73/0xb0 fs/read_write.c:586
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f5bbee581fd
Code: Bad RIP value.
RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd
RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000
R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420
R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003
CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118
Mem-Info:
active_anon:48193 inactive_anon:137 isolated_anon:0
active_file:16 inactive_file:15 isolated_file:0
unevictable:0 dirty:0 writeback:0 unstable:0
slab_reclaimable:9165 slab_unreclaimable:1475206
mapped:8194 shmem:144 pagetables:402 bounce:0
free:13771 free_pcp:443 free_cma:0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB
inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? yes
Call Trace:
Node 0
<IRQ>
DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15992kB managed:15908kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
free_cma:0kB
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
lowmem_reserve[]:
0
warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
2819
6323 6323
Node 0 DMA32 free:25264kB min:30060kB low:37572kB high:45084kB
active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:0kB
unevictable:0kB writepending:0kB present:3129332kB managed:2890736kB
mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB
local_pcp:0kB free_cma:0kB
__alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
lowmem_reserve[]:
0
0 3503
3503
Node 0
Normal free:13912kB min:37352kB low:46688kB high:56024kB
active_anon:192772kB inactive_anon:548kB active_file:60kB
inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB
managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB
bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB
lowmem_reserve[]:
0
0
0
0
Node 0 DMA:
1*4kB
(U)
0*8kB
0*16kB
1*32kB
(U)
2*64kB
(U)
1*128kB
(U)
1*256kB
(U)
0*512kB
__alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
1*1024kB
(U)
1*2048kB
(M)
3*4096kB
(M)
__alloc_pages include/linux/gfp.h:473 [inline]
__alloc_pages_node include/linux/gfp.h:486 [inline]
kmem_getpages mm/slab.c:1409 [inline]
cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
= 15908kB
Node 0
fallback_alloc+0x203/0x2e0 mm/slab.c:3219
DMA32:
____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
4*4kB
slab_alloc_node mm/slab.c:3327 [inline]
kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
(UM)
2*8kB
__alloc_skb+0x119/0x770 net/core/skbuff.c:193
(M)
3*16kB
(M)
3*32kB
(M)
4*64kB
alloc_skb include/linux/skbuff.h:997 [inline]
ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
(UM)
ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
4*128kB
addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
(UM)
3*256kB
call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
(M)
4*512kB
(UM)
3*1024kB
(UM)
3*2048kB
(M)
3*4096kB
(M)
= 25264kB
Node 0
Normal:
942*4kB
(UME)
338*8kB
(UMEH)
149*16kB
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
(UME)
84*32kB
(UMEH)
25*64kB
(UM)
2*128kB
(UH)
0*256kB
1*512kB
(H)
0*1024kB
0*2048kB
0*4096kB
= 13912kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
175 total pagecache pages
0 pages in swap cache
__do_softirq+0x30b/0xad8 kernel/softirq.c:292
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
342307 pages reserved
0 pages cma reserved
ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
__GFP_COMP), nodemask=(null)
rsyslogd cpuset=
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x17f/0x1c0 kernel/softirq.c:412
/
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
mems_allowed=0
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
[inline]
RIP: 0010:slab_alloc mm/slab.c:3385 [inline]
RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552
Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48
83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00
e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23
RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000
RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286
RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4
R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000
R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020
skb_clone+0x1bb/0x500 net/core/skbuff.c:1280
____bpf_clone_redirect net/core/filter.c:2079 [inline]
bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066
bpf_prog_41f2bcae09cd4ac3+0x194/0x1000
CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118
ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
__GFP_COMP), nodemask=(null)
warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
syz-executor0 cpuset=
syz0
mems_allowed=0
__alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
__alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
__alloc_pages include/linux/gfp.h:473 [inline]
__alloc_pages_node include/linux/gfp.h:486 [inline]
kmem_getpages mm/slab.c:1409 [inline]
cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
fallback_alloc+0x203/0x2e0 mm/slab.c:3219
____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
slab_alloc_node mm/slab.c:3327 [inline]
kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
__alloc_skb+0x119/0x770 net/core/skbuff.c:193
alloc_skb include/linux/skbuff.h:997 [inline]
ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
__do_softirq+0x30b/0xad8 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x17f/0x1c0 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
[inline]
RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409
Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f
84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00
e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00
RSP: 0000:ffff8801bccde450 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca
RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293
RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0
R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000
R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0
vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922
vprintk_default+0x28/0x30 kernel/printk/printk.c:1963
vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398
printk+0xa7/0xcf kernel/printk/printk.c:1996
dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371
dump_header+0x7cc/0xf72 mm/oom_kill.c:447
oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953
out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120
__alloc_pages_may_oom mm/page_alloc.c:3522 [inline]
__alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235
__alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
__alloc_pages include/linux/gfp.h:473 [inline]
__alloc_pages_node include/linux/gfp.h:486 [inline]
kmem_getpages mm/slab.c:1409 [inline]
cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
fallback_alloc+0x203/0x2e0 mm/slab.c:3219
____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
__do_cache_alloc mm/slab.c:3356 [inline]
slab_alloc mm/slab.c:3384 [inline]
kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618
kmalloc include/linux/slab.h:513 [inline]
syslog_print kernel/printk/printk.c:1297 [inline]
do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465
kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40
proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231
__vfs_read+0x117/0x9b0 fs/read_write.c:416
vfs_read+0x17f/0x3c0 fs/read_write.c:452
ksys_read+0x101/0x260 fs/read_write.c:578
__do_sys_read fs/read_write.c:588 [inline]
__se_sys_read fs/read_write.c:586 [inline]
__x64_sys_read+0x73/0xb0 fs/read_write.c:586
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f5bbee581fd
Code: Bad RIP value.
RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd
RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000
R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420
R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003
warn_alloc_show_mem: 1 callbacks suppressed
CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118
Mem-Info:
active_anon:48193 inactive_anon:137 isolated_anon:0
active_file:16 inactive_file:15 isolated_file:0
unevictable:0 dirty:0 writeback:0 unstable:0
slab_reclaimable:9165 slab_unreclaimable:1475206
mapped:8194 shmem:144 pagetables:402 bounce:0
free:13771 free_pcp:443 free_cma:0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB
inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? yes
Call Trace:
Node 0
<IRQ>
DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15992kB managed:15908kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
free_cma:0kB
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
lowmem_reserve[]:
0
warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
2819
6323
6323
Node 0
__alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB
inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB
writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB
free_cma:0kB
lowmem_reserve[]:
0
0
3503 3503
Node 0 Normal free:13912kB min:37352kB low:46688kB high:56024kB
active_anon:192772kB inactive_anon:548kB active_file:60kB
inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB
managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB
bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB
lowmem_reserve[]:
0 0
0
0
Node 0 DMA:
1*4kB
(U)
0*8kB
0*16kB
1*32kB
(U)
2*64kB
(U) 1*128kB
(U)
__alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
1*256kB
(U)
0*512kB
1*1024kB
(U)
1*2048kB
__alloc_pages include/linux/gfp.h:473 [inline]
__alloc_pages_node include/linux/gfp.h:486 [inline]
kmem_getpages mm/slab.c:1409 [inline]
cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
(M)
3*4096kB
fallback_alloc+0x203/0x2e0 mm/slab.c:3219
(M) = 15908kB
____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
Node 0
slab_alloc_node mm/slab.c:3327 [inline]
kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
DMA32:
4*4kB
__alloc_skb+0x119/0x770 net/core/skbuff.c:193
(UM)
2*8kB
(M)
3*16kB
(M)
3*32kB
(M)
alloc_skb include/linux/skbuff.h:997 [inline]
ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
4*64kB
ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
(UM)
addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
4*128kB
(UM)
call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
3*256kB
(M)
4*512kB
(UM)
3*1024kB
(UM)
3*2048kB
(M)
3*4096kB
(M)
= 25264kB
Node 0
Normal:
942*4kB
(UME)
338*8kB
(UMEH)
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
149*16kB
(UME)
84*32kB
(UMEH)
25*64kB
(UM)
2*128kB
(UH)
0*256kB
1*512kB
(H)
0*1024kB
0*2048kB
0*4096kB
= 13912kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=1048576kB
run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
175 total pagecache pages
__do_softirq+0x30b/0xad8 kernel/softirq.c:292
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
342307 pages reserved
0 pages cma reserved
ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
__GFP_COMP), nodemask=(null)
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x17f/0x1c0 kernel/softirq.c:412
rsyslogd cpuset=
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
/
mems_allowed=0
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
[inline]
RIP: 0010:slab_alloc mm/slab.c:3385 [inline]
RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552
Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48
83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00
e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23
RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000
RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286
RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4
R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000
R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020
skb_clone+0x1bb/0x500 net/core/skbuff.c:1280
____bpf_clone_redirect net/core/filter.c:2079 [inline]
bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066
bpf_prog_41f2bcae09cd4ac3+0x194/0x1000
CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118
ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
__GFP_COMP), nodemask=(null)
syz-executor0 cpuset=
syz0 mems_allowed=0
__alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
__alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
__alloc_pages include/linux/gfp.h:473 [inline]
__alloc_pages_node include/linux/gfp.h:486 [inline]
kmem_getpages mm/slab.c:1409 [inline]
cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
fallback_alloc+0x203/0x2e0 mm/slab.c:3219
____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
slab_alloc_node mm/slab.c:3327 [inline]
kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
__alloc_skb+0x119/0x770 net/core/skbuff.c:193
alloc_skb include/linux/skbuff.h:997 [inline]
ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
@ 2018-12-31 7:49 ` Dmitry Vyukov
0 siblings, 0 replies; 20+ messages in thread
From: Dmitry Vyukov @ 2018-12-31 7:49 UTC (permalink / raw)
To: syzbot
Cc: David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs,
Hideaki YOSHIFUJI, Linux-MM
On Mon, Dec 31, 2018 at 8:42 AM syzbot
<syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: ef4ab8447aa2 selftests: bpf: install script with_addr.sh
> git tree: bpf-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=14a28b6e400000
> kernel config: https://syzkaller.appspot.com/x/.config?x=7e7e2279c0020d5f
> dashboard link: https://syzkaller.appspot.com/bug?extid=ea7d9cb314b4ab49a18a
> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
>
> Unfortunately, I don't have any reproducer for this crash yet.
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com
Since this involves OOMs and looks like a one-off induced memory corruption:
#syz dup: kernel panic: corrupted stack end in wb_workfn
> CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118
> rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Call Trace:
> rcu: (detected by 0, t=10712 jiffies, g=90369, q=135)
> <IRQ>
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
> rcu: All QSes seen, last rcu_preempt kthread activity 10548
> (4295003843-4294993295), jiffies_till_next_fqs=1, root ->qsmask 0x0
> syz-executor0 R
> running task
> warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
> 22896 7592 5826 0x8010000c
> Call Trace:
> <IRQ>
> sched_show_task.cold.83+0x2b6/0x30a kernel/sched/core.c:5296
> __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
> print_other_cpu_stall.cold.79+0xa83/0xba5 kernel/rcu/tree.c:1430
> check_cpu_stall kernel/rcu/tree.c:1557 [inline]
> __rcu_pending kernel/rcu/tree.c:3276 [inline]
> rcu_pending kernel/rcu/tree.c:3319 [inline]
> rcu_check_callbacks+0xafc/0x1990 kernel/rcu/tree.c:2665
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> slab_alloc_node mm/slab.c:3327 [inline]
> kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
> __alloc_skb+0x119/0x770 net/core/skbuff.c:193
> alloc_skb include/linux/skbuff.h:997 [inline]
> ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
> ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
> update_process_times+0x2d/0x70 kernel/time/timer.c:1636
> addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
> tick_sched_handle+0x9f/0x180 kernel/time/tick-sched.c:164
> tick_sched_timer+0x45/0x130 kernel/time/tick-sched.c:1274
> __run_hrtimer kernel/time/hrtimer.c:1398 [inline]
> __hrtimer_run_queues+0x41c/0x10d0 kernel/time/hrtimer.c:1460
> call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
> hrtimer_interrupt+0x313/0x780 kernel/time/hrtimer.c:1518
> local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1029 [inline]
> smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1054
> apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
> [inline]
> RIP: 0010:slab_alloc_node mm/slab.c:3329 [inline]
> RIP: 0010:kmem_cache_alloc_node+0x247/0x730 mm/slab.c:3642
> Code: 3f 7e 0f 85 32 ff ff ff e8 a5 7f 3e ff e9 28 ff ff ff e8 0c e3 c2 ff
> 48 83 3d 5c f4 6f 07 00 0f 84 33 01 00 00 4c 89 ff 57 9d <0f> 1f 44 00 00
> e9 bf fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23
> RSP: 0000:ffff8801dae07450 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
> RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffffff8184e1ca
> RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286
> RBP: ffff8801dae074c0 R08: ffff880193c38700 R09: fffffbfff12812c4
> R10: ffff8801dae06098 R11: ffffffff89409623 R12: ffff8801d9a04040
> R13: ffff8801d9a04040 R14: 0000000000000000 R15: 0000000000000286
> __alloc_skb+0x119/0x770 net/core/skbuff.c:193
> alloc_skb include/linux/skbuff.h:997 [inline]
> ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
> expire_timers kernel/time/timer.c:1363 [inline]
> __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
> ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
> addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
> call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
> run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
> __do_softirq+0x30b/0xad8 kernel/softirq.c:292
> expire_timers kernel/time/timer.c:1363 [inline]
> __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
> invoke_softirq kernel/softirq.c:372 [inline]
> irq_exit+0x17f/0x1c0 kernel/softirq.c:412
> exiting_irq arch/x86/include/asm/apic.h:536 [inline]
> smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
> run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
> __do_softirq+0x30b/0xad8 kernel/softirq.c:292
> apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
> </IRQ>
> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
> [inline]
> RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409
> Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f
> 84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00
> e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00
> RSP: 0000:ffff8801bccde450 EFLAGS: 00000293
> ORIG_RAX: ffffffffffffff13
> invoke_softirq kernel/softirq.c:372 [inline]
> irq_exit+0x17f/0x1c0 kernel/softirq.c:412
> RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca
> RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293
> exiting_irq arch/x86/include/asm/apic.h:536 [inline]
> smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
> RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0
> R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000
> R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0
> vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922
> apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
> </IRQ>
> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
> [inline]
> RIP: 0010:slab_alloc mm/slab.c:3385 [inline]
> RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552
> Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48
> 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00
> e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23
> RSP: 0000:ffff8801980a7748 EFLAGS: 00000286
> vprintk_default+0x28/0x30 kernel/printk/printk.c:1963
> ORIG_RAX: ffffffffffffff13
> vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398
> RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000
> printk+0xa7/0xcf kernel/printk/printk.c:1996
> RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286
> RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4
> R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000
> dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371
> R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020
> dump_header+0x7cc/0xf72 mm/oom_kill.c:447
> skb_clone+0x1bb/0x500 net/core/skbuff.c:1280
> ____bpf_clone_redirect net/core/filter.c:2079 [inline]
> bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066
> bpf_prog_41f2bcae09cd4ac3+0x194/0x1000
> oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953
> out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120
> __alloc_pages_may_oom mm/page_alloc.c:3522 [inline]
> __alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235
> rcu: rcu_preempt kthread starved for 10548 jiffies! g90369 f0x2
> RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
> rcu: RCU grace-period kthread stack dump:
> rcu_preempt R
> running task 22736 10 2 0x80000000
> Call Trace:
> context_switch kernel/sched/core.c:2825 [inline]
> __schedule+0x86c/0x1ed0 kernel/sched/core.c:3473
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> schedule+0xfe/0x460 kernel/sched/core.c:3517
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> schedule_timeout+0x140/0x260 kernel/time/timer.c:1804
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> __do_cache_alloc mm/slab.c:3356 [inline]
> slab_alloc mm/slab.c:3384 [inline]
> kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618
> rcu_gp_kthread+0x9d9/0x2310 kernel/rcu/tree.c:2194
> kmalloc include/linux/slab.h:513 [inline]
> syslog_print kernel/printk/printk.c:1297 [inline]
> do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465
> kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40
> proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231
> __vfs_read+0x117/0x9b0 fs/read_write.c:416
> vfs_read+0x17f/0x3c0 fs/read_write.c:452
> ksys_read+0x101/0x260 fs/read_write.c:578
> __do_sys_read fs/read_write.c:588 [inline]
> __se_sys_read fs/read_write.c:586 [inline]
> __x64_sys_read+0x73/0xb0 fs/read_write.c:586
> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x7f5bbee581fd
> Code: Bad RIP value.
> RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293
> ORIG_RAX: 0000000000000000
> RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd
> RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004
> RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000
> R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420
> R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003
> warn_alloc_show_mem: 1 callbacks suppressed
> Mem-Info:
> active_anon:48193 inactive_anon:137 isolated_anon:0
> active_file:16 inactive_file:15 isolated_file:0
> unevictable:0 dirty:0 writeback:0 unstable:0
> slab_reclaimable:9165 slab_unreclaimable:1475206
> mapped:8194 shmem:144 pagetables:402 bounce:0
> free:13771 free_pcp:443 free_cma:0
> Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB
> inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
> mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB
> shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB
> all_unreclaimable? yes
> Node 0
> DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
> inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
> writepending:0kB present:15992kB managed:15908kB mlocked:0kB
> kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
> free_cma:0kB
> lowmem_reserve[]:
> 0
> 2819
> 6323
> 6323
> Node 0
> DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB
> inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB
> writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB
> kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB
> free_cma:0kB
> lowmem_reserve[]:
> 0
> 0
> 3503
> 3503
> Node 0
> Normal free:13912kB min:37352kB low:46688kB high:56024kB
> active_anon:192772kB inactive_anon:548kB active_file:60kB
> inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB
> managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB
> bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB
> lowmem_reserve[]:
> kthread+0x35a/0x420 kernel/kthread.c:246
> 0
> 0
> 0
> ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
> 0
> ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
> Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB
> syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
> __GFP_COMP), nodemask=(null)
> (U)
> syz-executor0 cpuset=
> 2*64kB
> syz0
> (U)
> mems_allowed=0
> 1*128kB
> CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118
> (U)
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> 1*256kB (U)
> Call Trace:
> 0*512kB
> <IRQ>
> 1*1024kB
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
> (U)
> 1*2048kB
> warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
> (M)
> 3*4096kB
> (M)
> = 15908kB
> Node 0
> __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
> DMA32:
> 4*4kB
> (UM)
> 2*8kB (M)
> 3*16kB
> (M)
> 3*32kB
> (M)
> 4*64kB
> (UM)
> 4*128kB
> (UM)
> 3*256kB
> (M)
> 4*512kB
> (UM)
> 3*1024kB
> (UM)
> 3*2048kB
> (M)
> 3*4096kB
> (M)
> = 25264kB
> Node 0
> Normal:
> 942*4kB
> (UME)
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> 338*8kB
> (UMEH)
> 149*16kB
> (UME)
> 84*32kB
> (UMEH)
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> 25*64kB (UM)
> 2*128kB
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> (UH)
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> 0*256kB
> slab_alloc_node mm/slab.c:3327 [inline]
> kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
> 1*512kB
> (H)
> __alloc_skb+0x119/0x770 net/core/skbuff.c:193
> 0*1024kB
> 0*2048kB 0*4096kB
> = 13912kB
> Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
> hugepages_size=1048576kB
> Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
> hugepages_size=2048kB
> 175 total pagecache pages
> 0 pages in swap cache
> alloc_skb include/linux/skbuff.h:997 [inline]
> ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
> Swap cache stats: add 0, delete 0, find 0/0
> ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
> Free swap = 0kB
> addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
> Total swap = 0kB
> 1965979 pages RAM
> call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
> 0 pages HighMem/MovableOnly
> 342307 pages reserved
> 0 pages cma reserved
> ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
> rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
> __GFP_COMP), nodemask=(null)
> rsyslogd cpuset=
> /
> mems_allowed=0
> expire_timers kernel/time/timer.c:1363 [inline]
> __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
> run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
> __do_softirq+0x30b/0xad8 kernel/softirq.c:292
> invoke_softirq kernel/softirq.c:372 [inline]
> irq_exit+0x17f/0x1c0 kernel/softirq.c:412
> exiting_irq arch/x86/include/asm/apic.h:536 [inline]
> smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
> apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
> </IRQ>
> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
> [inline]
> RIP: 0010:slab_alloc mm/slab.c:3385 [inline]
> RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552
> Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48
> 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00
> e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23
> RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
> RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000
> RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286
> RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4
> R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000
> R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020
> skb_clone+0x1bb/0x500 net/core/skbuff.c:1280
> ____bpf_clone_redirect net/core/filter.c:2079 [inline]
> bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066
> bpf_prog_41f2bcae09cd4ac3+0x194/0x1000
> Mem-Info:
> CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> active_anon:48193 inactive_anon:137 isolated_anon:0
> active_file:16 inactive_file:15 isolated_file:0
> unevictable:0 dirty:0 writeback:0 unstable:0
> slab_reclaimable:9165 slab_unreclaimable:1475206
> mapped:8194 shmem:144 pagetables:402 bounce:0
> free:13771 free_pcp:443 free_cma:0
> Call Trace:
> Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB
> inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
> mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB
> shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB
> all_unreclaimable? yes
> <IRQ>
> Node 0
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
> DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
> inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
> writepending:0kB present:15992kB managed:15908kB mlocked:0kB
> kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
> free_cma:0kB
> lowmem_reserve[]:
> warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
> 0
> 2819
> 6323
> 6323
> __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
> Node 0
> DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB
> inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB
> writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB
> kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:248kB
> free_cma:0kB
> lowmem_reserve[]:
> 0
> 0
> 3503
> 3503
> Node 0
> Normal free:13912kB min:37352kB low:46688kB high:56024kB
> active_anon:192772kB inactive_anon:548kB active_file:60kB
> inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB
> managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB
> bounce:0kB free_pcp:1524kB local_pcp:68kB free_cma:0kB
> lowmem_reserve[]: 0
> 0
> 0
> 0
> Node 0 DMA:
> 1*4kB
> (U)
> 0*8kB
> 0*16kB
> 1*32kB
> (U)
> 2*64kB
> (U)
> 1*128kB
> (U)
> 1*256kB
> (U)
> 0*512kB
> 1*1024kB
> (U)
> 1*2048kB
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> (M)
> 3*4096kB
> (M)
> = 15908kB
> Node 0
> DMA32:
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> 4*4kB
> (UM)
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> 2*8kB
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> (M)
> slab_alloc_node mm/slab.c:3327 [inline]
> kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
> 3*16kB
> (M)
> __alloc_skb+0x119/0x770 net/core/skbuff.c:193
> 3*32kB
> (M)
> 4*64kB
> (UM)
> 4*128kB
> (UM)
> 3*256kB
> alloc_skb include/linux/skbuff.h:997 [inline]
> ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
> (M)
> ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
> 4*512kB
> addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
> (UM)
> 3*1024kB
> (UM)
> call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
> 3*2048kB
> (M)
> 3*4096kB
> (M)
> = 25264kB
> Node 0
> Normal:
> 942*4kB
> (UME)
> 338*8kB
> (UMEH)
> 149*16kB
> (UME)
> 84*32kB
> (UMEH)
> 25*64kB
> (UM)
> expire_timers kernel/time/timer.c:1363 [inline]
> __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
> 2*128kB
> (UH)
> 0*256kB
> 1*512kB
> (H)
> 0*1024kB
> 0*2048kB
> 0*4096kB
> = 13912kB
> Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
> hugepages_size=1048576kB
> Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
> hugepages_size=2048kB
> 175 total pagecache pages
> 0 pages in swap cache
> Swap cache stats: add 0, delete 0, find 0/0
> Free swap = 0kB
> Total swap = 0kB
> run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
> 1965979 pages RAM
> 0 pages HighMem/MovableOnly
> __do_softirq+0x30b/0xad8 kernel/softirq.c:292
> 342307 pages reserved
> 0 pages cma reserved
> ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
> syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
> __GFP_COMP), nodemask=(null)
> syz-executor0 cpuset=
> syz0
> mems_allowed=0
> invoke_softirq kernel/softirq.c:372 [inline]
> irq_exit+0x17f/0x1c0 kernel/softirq.c:412
> exiting_irq arch/x86/include/asm/apic.h:536 [inline]
> smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
> apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
> </IRQ>
> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
> [inline]
> RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409
> Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f
> 84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00
> e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00
> RSP: 0000:ffff8801bccde450 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
> RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca
> RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293
> RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0
> R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000
> R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0
> vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922
> vprintk_default+0x28/0x30 kernel/printk/printk.c:1963
> vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398
> printk+0xa7/0xcf kernel/printk/printk.c:1996
> dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371
> dump_header+0x7cc/0xf72 mm/oom_kill.c:447
> oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953
> out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120
> __alloc_pages_may_oom mm/page_alloc.c:3522 [inline]
> __alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> __do_cache_alloc mm/slab.c:3356 [inline]
> slab_alloc mm/slab.c:3384 [inline]
> kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618
> kmalloc include/linux/slab.h:513 [inline]
> syslog_print kernel/printk/printk.c:1297 [inline]
> do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465
> kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40
> proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231
> __vfs_read+0x117/0x9b0 fs/read_write.c:416
> vfs_read+0x17f/0x3c0 fs/read_write.c:452
> ksys_read+0x101/0x260 fs/read_write.c:578
> __do_sys_read fs/read_write.c:588 [inline]
> __se_sys_read fs/read_write.c:586 [inline]
> __x64_sys_read+0x73/0xb0 fs/read_write.c:586
> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x7f5bbee581fd
> Code: Bad RIP value.
> RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
> RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd
> RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004
> RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000
> R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420
> R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003
> CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118
> Mem-Info:
> active_anon:48193 inactive_anon:137 isolated_anon:0
> active_file:16 inactive_file:15 isolated_file:0
> unevictable:0 dirty:0 writeback:0 unstable:0
> slab_reclaimable:9165 slab_unreclaimable:1475206
> mapped:8194 shmem:144 pagetables:402 bounce:0
> free:13771 free_pcp:443 free_cma:0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB
> inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
> mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB
> shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB
> all_unreclaimable? yes
> Call Trace:
> Node 0
> <IRQ>
> DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
> inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
> writepending:0kB present:15992kB managed:15908kB mlocked:0kB
> kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
> free_cma:0kB
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
> lowmem_reserve[]:
> 0
> warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
> 2819
> 6323 6323
> Node 0 DMA32 free:25264kB min:30060kB low:37572kB high:45084kB
> active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:0kB
> unevictable:0kB writepending:0kB present:3129332kB managed:2890736kB
> mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB
> local_pcp:0kB free_cma:0kB
> __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
> lowmem_reserve[]:
> 0
> 0 3503
> 3503
> Node 0
> Normal free:13912kB min:37352kB low:46688kB high:56024kB
> active_anon:192772kB inactive_anon:548kB active_file:60kB
> inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB
> managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB
> bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB
> lowmem_reserve[]:
> 0
> 0
> 0
> 0
> Node 0 DMA:
> 1*4kB
> (U)
> 0*8kB
> 0*16kB
> 1*32kB
> (U)
> 2*64kB
> (U)
> 1*128kB
> (U)
> 1*256kB
> (U)
> 0*512kB
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> 1*1024kB
> (U)
> 1*2048kB
> (M)
> 3*4096kB
> (M)
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> = 15908kB
> Node 0
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> DMA32:
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> 4*4kB
> slab_alloc_node mm/slab.c:3327 [inline]
> kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
> (UM)
> 2*8kB
> __alloc_skb+0x119/0x770 net/core/skbuff.c:193
> (M)
> 3*16kB
> (M)
> 3*32kB
> (M)
> 4*64kB
> alloc_skb include/linux/skbuff.h:997 [inline]
> ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
> (UM)
> ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
> 4*128kB
> addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
> (UM)
> 3*256kB
> call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
> (M)
> 4*512kB
> (UM)
> 3*1024kB
> (UM)
> 3*2048kB
> (M)
> 3*4096kB
> (M)
> = 25264kB
> Node 0
> Normal:
> 942*4kB
> (UME)
> 338*8kB
> (UMEH)
> 149*16kB
> expire_timers kernel/time/timer.c:1363 [inline]
> __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
> (UME)
> 84*32kB
> (UMEH)
> 25*64kB
> (UM)
> 2*128kB
> (UH)
> 0*256kB
> 1*512kB
> (H)
> 0*1024kB
> 0*2048kB
> 0*4096kB
> = 13912kB
> Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
> hugepages_size=1048576kB
> Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
> hugepages_size=2048kB
> run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
> 175 total pagecache pages
> 0 pages in swap cache
> __do_softirq+0x30b/0xad8 kernel/softirq.c:292
> Swap cache stats: add 0, delete 0, find 0/0
> Free swap = 0kB
> Total swap = 0kB
> 1965979 pages RAM
> 0 pages HighMem/MovableOnly
> 342307 pages reserved
> 0 pages cma reserved
> ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
> rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
> __GFP_COMP), nodemask=(null)
> rsyslogd cpuset=
> invoke_softirq kernel/softirq.c:372 [inline]
> irq_exit+0x17f/0x1c0 kernel/softirq.c:412
> /
> exiting_irq arch/x86/include/asm/apic.h:536 [inline]
> smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
> mems_allowed=0
> apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
> </IRQ>
> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
> [inline]
> RIP: 0010:slab_alloc mm/slab.c:3385 [inline]
> RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552
> Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48
> 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00
> e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23
> RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
> RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000
> RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286
> RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4
> R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000
> R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020
> skb_clone+0x1bb/0x500 net/core/skbuff.c:1280
> ____bpf_clone_redirect net/core/filter.c:2079 [inline]
> bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066
> bpf_prog_41f2bcae09cd4ac3+0x194/0x1000
> CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118
> ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Call Trace:
> <IRQ>
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
> syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
> __GFP_COMP), nodemask=(null)
> warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
> syz-executor0 cpuset=
> syz0
> mems_allowed=0
> __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> slab_alloc_node mm/slab.c:3327 [inline]
> kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
> __alloc_skb+0x119/0x770 net/core/skbuff.c:193
> alloc_skb include/linux/skbuff.h:997 [inline]
> ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
> ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
> addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
> call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
> expire_timers kernel/time/timer.c:1363 [inline]
> __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
> run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
> __do_softirq+0x30b/0xad8 kernel/softirq.c:292
> invoke_softirq kernel/softirq.c:372 [inline]
> irq_exit+0x17f/0x1c0 kernel/softirq.c:412
> exiting_irq arch/x86/include/asm/apic.h:536 [inline]
> smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
> apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
> </IRQ>
> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
> [inline]
> RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409
> Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f
> 84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00
> e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00
> RSP: 0000:ffff8801bccde450 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
> RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca
> RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293
> RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0
> R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000
> R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0
> vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922
> vprintk_default+0x28/0x30 kernel/printk/printk.c:1963
> vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398
> printk+0xa7/0xcf kernel/printk/printk.c:1996
> dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371
> dump_header+0x7cc/0xf72 mm/oom_kill.c:447
> oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953
> out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120
> __alloc_pages_may_oom mm/page_alloc.c:3522 [inline]
> __alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> __do_cache_alloc mm/slab.c:3356 [inline]
> slab_alloc mm/slab.c:3384 [inline]
> kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618
> kmalloc include/linux/slab.h:513 [inline]
> syslog_print kernel/printk/printk.c:1297 [inline]
> do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465
> kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40
> proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231
> __vfs_read+0x117/0x9b0 fs/read_write.c:416
> vfs_read+0x17f/0x3c0 fs/read_write.c:452
> ksys_read+0x101/0x260 fs/read_write.c:578
> __do_sys_read fs/read_write.c:588 [inline]
> __se_sys_read fs/read_write.c:586 [inline]
> __x64_sys_read+0x73/0xb0 fs/read_write.c:586
> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x7f5bbee581fd
> Code: Bad RIP value.
> RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
> RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd
> RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004
> RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000
> R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420
> R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003
> warn_alloc_show_mem: 1 callbacks suppressed
> CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118
> Mem-Info:
> active_anon:48193 inactive_anon:137 isolated_anon:0
> active_file:16 inactive_file:15 isolated_file:0
> unevictable:0 dirty:0 writeback:0 unstable:0
> slab_reclaimable:9165 slab_unreclaimable:1475206
> mapped:8194 shmem:144 pagetables:402 bounce:0
> free:13771 free_pcp:443 free_cma:0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB
> inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
> mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB
> shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB
> all_unreclaimable? yes
> Call Trace:
> Node 0
> <IRQ>
> DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
> inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
> writepending:0kB present:15992kB managed:15908kB mlocked:0kB
> kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
> free_cma:0kB
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
> lowmem_reserve[]:
> 0
> warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
> 2819
> 6323
> 6323
> Node 0
> __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
> DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB
> inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB
> writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB
> kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB
> free_cma:0kB
> lowmem_reserve[]:
> 0
> 0
> 3503 3503
> Node 0 Normal free:13912kB min:37352kB low:46688kB high:56024kB
> active_anon:192772kB inactive_anon:548kB active_file:60kB
> inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB
> managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB
> bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB
> lowmem_reserve[]:
> 0 0
> 0
> 0
> Node 0 DMA:
> 1*4kB
> (U)
> 0*8kB
> 0*16kB
> 1*32kB
> (U)
> 2*64kB
> (U) 1*128kB
> (U)
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> 1*256kB
> (U)
> 0*512kB
> 1*1024kB
> (U)
> 1*2048kB
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> (M)
> 3*4096kB
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> (M) = 15908kB
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> Node 0
> slab_alloc_node mm/slab.c:3327 [inline]
> kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
> DMA32:
> 4*4kB
> __alloc_skb+0x119/0x770 net/core/skbuff.c:193
> (UM)
> 2*8kB
> (M)
> 3*16kB
> (M)
> 3*32kB
> (M)
> alloc_skb include/linux/skbuff.h:997 [inline]
> ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
> 4*64kB
> ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
> (UM)
> addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
> 4*128kB
> (UM)
> call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
> 3*256kB
> (M)
> 4*512kB
> (UM)
> 3*1024kB
> (UM)
> 3*2048kB
> (M)
> 3*4096kB
> (M)
> = 25264kB
> Node 0
> Normal:
> 942*4kB
> (UME)
> 338*8kB
> (UMEH)
> expire_timers kernel/time/timer.c:1363 [inline]
> __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
> 149*16kB
> (UME)
> 84*32kB
> (UMEH)
> 25*64kB
> (UM)
> 2*128kB
> (UH)
> 0*256kB
> 1*512kB
> (H)
> 0*1024kB
> 0*2048kB
> 0*4096kB
> = 13912kB
> Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
> hugepages_size=1048576kB
> run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
> Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
> hugepages_size=2048kB
> 175 total pagecache pages
> __do_softirq+0x30b/0xad8 kernel/softirq.c:292
> 0 pages in swap cache
> Swap cache stats: add 0, delete 0, find 0/0
> Free swap = 0kB
> Total swap = 0kB
> 1965979 pages RAM
> 0 pages HighMem/MovableOnly
> 342307 pages reserved
> 0 pages cma reserved
> ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
> rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
> __GFP_COMP), nodemask=(null)
> invoke_softirq kernel/softirq.c:372 [inline]
> irq_exit+0x17f/0x1c0 kernel/softirq.c:412
> rsyslogd cpuset=
> exiting_irq arch/x86/include/asm/apic.h:536 [inline]
> smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
> /
> mems_allowed=0
> apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
> </IRQ>
> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
> [inline]
> RIP: 0010:slab_alloc mm/slab.c:3385 [inline]
> RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552
> Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48
> 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00
> e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23
> RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
> RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000
> RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286
> RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4
> R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000
> R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020
> skb_clone+0x1bb/0x500 net/core/skbuff.c:1280
> ____bpf_clone_redirect net/core/filter.c:2079 [inline]
> bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066
> bpf_prog_41f2bcae09cd4ac3+0x194/0x1000
> CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118
> ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Call Trace:
> <IRQ>
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
> warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
> syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
> __GFP_COMP), nodemask=(null)
> syz-executor0 cpuset=
> syz0 mems_allowed=0
> __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> slab_alloc_node mm/slab.c:3327 [inline]
> kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
> __alloc_skb+0x119/0x770 net/core/skbuff.c:193
> alloc_skb include/linux/skbuff.h:997 [inline]
> ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
> ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
> addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
> call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
> expire_timers kernel/time/timer.c:1363 [inline]
> __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
>
>
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
> syzbot.
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/0000000000007beca9057e4c8c14%40google.com.
> For more options, visit https://groups.google.com/d/optout.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
@ 2018-12-31 7:49 ` Dmitry Vyukov
0 siblings, 0 replies; 20+ messages in thread
From: Dmitry Vyukov @ 2018-12-31 7:49 UTC (permalink / raw)
To: syzbot
Cc: David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs,
Hideaki YOSHIFUJI, Linux-MM
On Mon, Dec 31, 2018 at 8:42 AM syzbot
<syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: ef4ab8447aa2 selftests: bpf: install script with_addr.sh
> git tree: bpf-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=14a28b6e400000
> kernel config: https://syzkaller.appspot.com/x/.config?x=7e7e2279c0020d5f
> dashboard link: https://syzkaller.appspot.com/bug?extid=ea7d9cb314b4ab49a18a
> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
>
> Unfortunately, I don't have any reproducer for this crash yet.
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com
Since this involves OOMs and looks like a one-off induced memory corruption:
#syz dup: kernel panic: corrupted stack end in wb_workfn
> CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118
> rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Call Trace:
> rcu: (detected by 0, t=10712 jiffies, g=90369, q=135)
> <IRQ>
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
> rcu: All QSes seen, last rcu_preempt kthread activity 10548
> (4295003843-4294993295), jiffies_till_next_fqs=1, root ->qsmask 0x0
> syz-executor0 R
> running task
> warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
> 22896 7592 5826 0x8010000c
> Call Trace:
> <IRQ>
> sched_show_task.cold.83+0x2b6/0x30a kernel/sched/core.c:5296
> __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
> print_other_cpu_stall.cold.79+0xa83/0xba5 kernel/rcu/tree.c:1430
> check_cpu_stall kernel/rcu/tree.c:1557 [inline]
> __rcu_pending kernel/rcu/tree.c:3276 [inline]
> rcu_pending kernel/rcu/tree.c:3319 [inline]
> rcu_check_callbacks+0xafc/0x1990 kernel/rcu/tree.c:2665
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> slab_alloc_node mm/slab.c:3327 [inline]
> kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
> __alloc_skb+0x119/0x770 net/core/skbuff.c:193
> alloc_skb include/linux/skbuff.h:997 [inline]
> ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
> ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
> update_process_times+0x2d/0x70 kernel/time/timer.c:1636
> addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
> tick_sched_handle+0x9f/0x180 kernel/time/tick-sched.c:164
> tick_sched_timer+0x45/0x130 kernel/time/tick-sched.c:1274
> __run_hrtimer kernel/time/hrtimer.c:1398 [inline]
> __hrtimer_run_queues+0x41c/0x10d0 kernel/time/hrtimer.c:1460
> call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
> hrtimer_interrupt+0x313/0x780 kernel/time/hrtimer.c:1518
> local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1029 [inline]
> smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1054
> apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
> [inline]
> RIP: 0010:slab_alloc_node mm/slab.c:3329 [inline]
> RIP: 0010:kmem_cache_alloc_node+0x247/0x730 mm/slab.c:3642
> Code: 3f 7e 0f 85 32 ff ff ff e8 a5 7f 3e ff e9 28 ff ff ff e8 0c e3 c2 ff
> 48 83 3d 5c f4 6f 07 00 0f 84 33 01 00 00 4c 89 ff 57 9d <0f> 1f 44 00 00
> e9 bf fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23
> RSP: 0000:ffff8801dae07450 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
> RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffffff8184e1ca
> RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286
> RBP: ffff8801dae074c0 R08: ffff880193c38700 R09: fffffbfff12812c4
> R10: ffff8801dae06098 R11: ffffffff89409623 R12: ffff8801d9a04040
> R13: ffff8801d9a04040 R14: 0000000000000000 R15: 0000000000000286
> __alloc_skb+0x119/0x770 net/core/skbuff.c:193
> alloc_skb include/linux/skbuff.h:997 [inline]
> ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
> expire_timers kernel/time/timer.c:1363 [inline]
> __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
> ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
> addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
> call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
> run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
> __do_softirq+0x30b/0xad8 kernel/softirq.c:292
> expire_timers kernel/time/timer.c:1363 [inline]
> __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
> invoke_softirq kernel/softirq.c:372 [inline]
> irq_exit+0x17f/0x1c0 kernel/softirq.c:412
> exiting_irq arch/x86/include/asm/apic.h:536 [inline]
> smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
> run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
> __do_softirq+0x30b/0xad8 kernel/softirq.c:292
> apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
> </IRQ>
> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
> [inline]
> RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409
> Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f
> 84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00
> e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00
> RSP: 0000:ffff8801bccde450 EFLAGS: 00000293
> ORIG_RAX: ffffffffffffff13
> invoke_softirq kernel/softirq.c:372 [inline]
> irq_exit+0x17f/0x1c0 kernel/softirq.c:412
> RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca
> RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293
> exiting_irq arch/x86/include/asm/apic.h:536 [inline]
> smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
> RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0
> R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000
> R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0
> vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922
> apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
> </IRQ>
> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
> [inline]
> RIP: 0010:slab_alloc mm/slab.c:3385 [inline]
> RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552
> Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48
> 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00
> e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23
> RSP: 0000:ffff8801980a7748 EFLAGS: 00000286
> vprintk_default+0x28/0x30 kernel/printk/printk.c:1963
> ORIG_RAX: ffffffffffffff13
> vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398
> RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000
> printk+0xa7/0xcf kernel/printk/printk.c:1996
> RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286
> RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4
> R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000
> dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371
> R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020
> dump_header+0x7cc/0xf72 mm/oom_kill.c:447
> skb_clone+0x1bb/0x500 net/core/skbuff.c:1280
> ____bpf_clone_redirect net/core/filter.c:2079 [inline]
> bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066
> bpf_prog_41f2bcae09cd4ac3+0x194/0x1000
> oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953
> out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120
> __alloc_pages_may_oom mm/page_alloc.c:3522 [inline]
> __alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235
> rcu: rcu_preempt kthread starved for 10548 jiffies! g90369 f0x2
> RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
> rcu: RCU grace-period kthread stack dump:
> rcu_preempt R
> running task 22736 10 2 0x80000000
> Call Trace:
> context_switch kernel/sched/core.c:2825 [inline]
> __schedule+0x86c/0x1ed0 kernel/sched/core.c:3473
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> schedule+0xfe/0x460 kernel/sched/core.c:3517
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> schedule_timeout+0x140/0x260 kernel/time/timer.c:1804
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> __do_cache_alloc mm/slab.c:3356 [inline]
> slab_alloc mm/slab.c:3384 [inline]
> kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618
> rcu_gp_kthread+0x9d9/0x2310 kernel/rcu/tree.c:2194
> kmalloc include/linux/slab.h:513 [inline]
> syslog_print kernel/printk/printk.c:1297 [inline]
> do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465
> kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40
> proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231
> __vfs_read+0x117/0x9b0 fs/read_write.c:416
> vfs_read+0x17f/0x3c0 fs/read_write.c:452
> ksys_read+0x101/0x260 fs/read_write.c:578
> __do_sys_read fs/read_write.c:588 [inline]
> __se_sys_read fs/read_write.c:586 [inline]
> __x64_sys_read+0x73/0xb0 fs/read_write.c:586
> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x7f5bbee581fd
> Code: Bad RIP value.
> RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293
> ORIG_RAX: 0000000000000000
> RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd
> RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004
> RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000
> R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420
> R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003
> warn_alloc_show_mem: 1 callbacks suppressed
> Mem-Info:
> active_anon:48193 inactive_anon:137 isolated_anon:0
> active_file:16 inactive_file:15 isolated_file:0
> unevictable:0 dirty:0 writeback:0 unstable:0
> slab_reclaimable:9165 slab_unreclaimable:1475206
> mapped:8194 shmem:144 pagetables:402 bounce:0
> free:13771 free_pcp:443 free_cma:0
> Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB
> inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
> mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB
> shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB
> all_unreclaimable? yes
> Node 0
> DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
> inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
> writepending:0kB present:15992kB managed:15908kB mlocked:0kB
> kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
> free_cma:0kB
> lowmem_reserve[]:
> 0
> 2819
> 6323
> 6323
> Node 0
> DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB
> inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB
> writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB
> kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB
> free_cma:0kB
> lowmem_reserve[]:
> 0
> 0
> 3503
> 3503
> Node 0
> Normal free:13912kB min:37352kB low:46688kB high:56024kB
> active_anon:192772kB inactive_anon:548kB active_file:60kB
> inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB
> managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB
> bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB
> lowmem_reserve[]:
> kthread+0x35a/0x420 kernel/kthread.c:246
> 0
> 0
> 0
> ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
> 0
> ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
> Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB
> syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
> __GFP_COMP), nodemask=(null)
> (U)
> syz-executor0 cpuset=
> 2*64kB
> syz0
> (U)
> mems_allowed=0
> 1*128kB
> CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118
> (U)
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> 1*256kB (U)
> Call Trace:
> 0*512kB
> <IRQ>
> 1*1024kB
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
> (U)
> 1*2048kB
> warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
> (M)
> 3*4096kB
> (M)
> = 15908kB
> Node 0
> __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
> DMA32:
> 4*4kB
> (UM)
> 2*8kB (M)
> 3*16kB
> (M)
> 3*32kB
> (M)
> 4*64kB
> (UM)
> 4*128kB
> (UM)
> 3*256kB
> (M)
> 4*512kB
> (UM)
> 3*1024kB
> (UM)
> 3*2048kB
> (M)
> 3*4096kB
> (M)
> = 25264kB
> Node 0
> Normal:
> 942*4kB
> (UME)
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> 338*8kB
> (UMEH)
> 149*16kB
> (UME)
> 84*32kB
> (UMEH)
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> 25*64kB (UM)
> 2*128kB
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> (UH)
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> 0*256kB
> slab_alloc_node mm/slab.c:3327 [inline]
> kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
> 1*512kB
> (H)
> __alloc_skb+0x119/0x770 net/core/skbuff.c:193
> 0*1024kB
> 0*2048kB 0*4096kB
> = 13912kB
> Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
> hugepages_size=1048576kB
> Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
> hugepages_size=2048kB
> 175 total pagecache pages
> 0 pages in swap cache
> alloc_skb include/linux/skbuff.h:997 [inline]
> ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
> Swap cache stats: add 0, delete 0, find 0/0
> ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
> Free swap = 0kB
> addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
> Total swap = 0kB
> 1965979 pages RAM
> call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
> 0 pages HighMem/MovableOnly
> 342307 pages reserved
> 0 pages cma reserved
> ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
> rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
> __GFP_COMP), nodemask=(null)
> rsyslogd cpuset=
> /
> mems_allowed=0
> expire_timers kernel/time/timer.c:1363 [inline]
> __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
> run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
> __do_softirq+0x30b/0xad8 kernel/softirq.c:292
> invoke_softirq kernel/softirq.c:372 [inline]
> irq_exit+0x17f/0x1c0 kernel/softirq.c:412
> exiting_irq arch/x86/include/asm/apic.h:536 [inline]
> smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
> apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
> </IRQ>
> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
> [inline]
> RIP: 0010:slab_alloc mm/slab.c:3385 [inline]
> RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552
> Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48
> 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00
> e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23
> RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
> RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000
> RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286
> RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4
> R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000
> R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020
> skb_clone+0x1bb/0x500 net/core/skbuff.c:1280
> ____bpf_clone_redirect net/core/filter.c:2079 [inline]
> bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066
> bpf_prog_41f2bcae09cd4ac3+0x194/0x1000
> Mem-Info:
> CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> active_anon:48193 inactive_anon:137 isolated_anon:0
> active_file:16 inactive_file:15 isolated_file:0
> unevictable:0 dirty:0 writeback:0 unstable:0
> slab_reclaimable:9165 slab_unreclaimable:1475206
> mapped:8194 shmem:144 pagetables:402 bounce:0
> free:13771 free_pcp:443 free_cma:0
> Call Trace:
> Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB
> inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
> mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB
> shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB
> all_unreclaimable? yes
> <IRQ>
> Node 0
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
> DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
> inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
> writepending:0kB present:15992kB managed:15908kB mlocked:0kB
> kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
> free_cma:0kB
> lowmem_reserve[]:
> warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
> 0
> 2819
> 6323
> 6323
> __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
> Node 0
> DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB
> inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB
> writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB
> kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:248kB
> free_cma:0kB
> lowmem_reserve[]:
> 0
> 0
> 3503
> 3503
> Node 0
> Normal free:13912kB min:37352kB low:46688kB high:56024kB
> active_anon:192772kB inactive_anon:548kB active_file:60kB
> inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB
> managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB
> bounce:0kB free_pcp:1524kB local_pcp:68kB free_cma:0kB
> lowmem_reserve[]: 0
> 0
> 0
> 0
> Node 0 DMA:
> 1*4kB
> (U)
> 0*8kB
> 0*16kB
> 1*32kB
> (U)
> 2*64kB
> (U)
> 1*128kB
> (U)
> 1*256kB
> (U)
> 0*512kB
> 1*1024kB
> (U)
> 1*2048kB
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> (M)
> 3*4096kB
> (M)
> = 15908kB
> Node 0
> DMA32:
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> 4*4kB
> (UM)
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> 2*8kB
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> (M)
> slab_alloc_node mm/slab.c:3327 [inline]
> kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
> 3*16kB
> (M)
> __alloc_skb+0x119/0x770 net/core/skbuff.c:193
> 3*32kB
> (M)
> 4*64kB
> (UM)
> 4*128kB
> (UM)
> 3*256kB
> alloc_skb include/linux/skbuff.h:997 [inline]
> ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
> (M)
> ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
> 4*512kB
> addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
> (UM)
> 3*1024kB
> (UM)
> call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
> 3*2048kB
> (M)
> 3*4096kB
> (M)
> = 25264kB
> Node 0
> Normal:
> 942*4kB
> (UME)
> 338*8kB
> (UMEH)
> 149*16kB
> (UME)
> 84*32kB
> (UMEH)
> 25*64kB
> (UM)
> expire_timers kernel/time/timer.c:1363 [inline]
> __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
> 2*128kB
> (UH)
> 0*256kB
> 1*512kB
> (H)
> 0*1024kB
> 0*2048kB
> 0*4096kB
> = 13912kB
> Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
> hugepages_size=1048576kB
> Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
> hugepages_size=2048kB
> 175 total pagecache pages
> 0 pages in swap cache
> Swap cache stats: add 0, delete 0, find 0/0
> Free swap = 0kB
> Total swap = 0kB
> run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
> 1965979 pages RAM
> 0 pages HighMem/MovableOnly
> __do_softirq+0x30b/0xad8 kernel/softirq.c:292
> 342307 pages reserved
> 0 pages cma reserved
> ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
> syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
> __GFP_COMP), nodemask=(null)
> syz-executor0 cpuset=
> syz0
> mems_allowed=0
> invoke_softirq kernel/softirq.c:372 [inline]
> irq_exit+0x17f/0x1c0 kernel/softirq.c:412
> exiting_irq arch/x86/include/asm/apic.h:536 [inline]
> smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
> apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
> </IRQ>
> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
> [inline]
> RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409
> Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f
> 84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00
> e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00
> RSP: 0000:ffff8801bccde450 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
> RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca
> RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293
> RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0
> R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000
> R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0
> vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922
> vprintk_default+0x28/0x30 kernel/printk/printk.c:1963
> vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398
> printk+0xa7/0xcf kernel/printk/printk.c:1996
> dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371
> dump_header+0x7cc/0xf72 mm/oom_kill.c:447
> oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953
> out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120
> __alloc_pages_may_oom mm/page_alloc.c:3522 [inline]
> __alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> __do_cache_alloc mm/slab.c:3356 [inline]
> slab_alloc mm/slab.c:3384 [inline]
> kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618
> kmalloc include/linux/slab.h:513 [inline]
> syslog_print kernel/printk/printk.c:1297 [inline]
> do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465
> kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40
> proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231
> __vfs_read+0x117/0x9b0 fs/read_write.c:416
> vfs_read+0x17f/0x3c0 fs/read_write.c:452
> ksys_read+0x101/0x260 fs/read_write.c:578
> __do_sys_read fs/read_write.c:588 [inline]
> __se_sys_read fs/read_write.c:586 [inline]
> __x64_sys_read+0x73/0xb0 fs/read_write.c:586
> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x7f5bbee581fd
> Code: Bad RIP value.
> RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
> RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd
> RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004
> RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000
> R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420
> R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003
> CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118
> Mem-Info:
> active_anon:48193 inactive_anon:137 isolated_anon:0
> active_file:16 inactive_file:15 isolated_file:0
> unevictable:0 dirty:0 writeback:0 unstable:0
> slab_reclaimable:9165 slab_unreclaimable:1475206
> mapped:8194 shmem:144 pagetables:402 bounce:0
> free:13771 free_pcp:443 free_cma:0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB
> inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
> mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB
> shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB
> all_unreclaimable? yes
> Call Trace:
> Node 0
> <IRQ>
> DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
> inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
> writepending:0kB present:15992kB managed:15908kB mlocked:0kB
> kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
> free_cma:0kB
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
> lowmem_reserve[]:
> 0
> warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
> 2819
> 6323 6323
> Node 0 DMA32 free:25264kB min:30060kB low:37572kB high:45084kB
> active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:0kB
> unevictable:0kB writepending:0kB present:3129332kB managed:2890736kB
> mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB
> local_pcp:0kB free_cma:0kB
> __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
> lowmem_reserve[]:
> 0
> 0 3503
> 3503
> Node 0
> Normal free:13912kB min:37352kB low:46688kB high:56024kB
> active_anon:192772kB inactive_anon:548kB active_file:60kB
> inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB
> managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB
> bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB
> lowmem_reserve[]:
> 0
> 0
> 0
> 0
> Node 0 DMA:
> 1*4kB
> (U)
> 0*8kB
> 0*16kB
> 1*32kB
> (U)
> 2*64kB
> (U)
> 1*128kB
> (U)
> 1*256kB
> (U)
> 0*512kB
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> 1*1024kB
> (U)
> 1*2048kB
> (M)
> 3*4096kB
> (M)
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> = 15908kB
> Node 0
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> DMA32:
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> 4*4kB
> slab_alloc_node mm/slab.c:3327 [inline]
> kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
> (UM)
> 2*8kB
> __alloc_skb+0x119/0x770 net/core/skbuff.c:193
> (M)
> 3*16kB
> (M)
> 3*32kB
> (M)
> 4*64kB
> alloc_skb include/linux/skbuff.h:997 [inline]
> ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
> (UM)
> ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
> 4*128kB
> addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
> (UM)
> 3*256kB
> call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
> (M)
> 4*512kB
> (UM)
> 3*1024kB
> (UM)
> 3*2048kB
> (M)
> 3*4096kB
> (M)
> = 25264kB
> Node 0
> Normal:
> 942*4kB
> (UME)
> 338*8kB
> (UMEH)
> 149*16kB
> expire_timers kernel/time/timer.c:1363 [inline]
> __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
> (UME)
> 84*32kB
> (UMEH)
> 25*64kB
> (UM)
> 2*128kB
> (UH)
> 0*256kB
> 1*512kB
> (H)
> 0*1024kB
> 0*2048kB
> 0*4096kB
> = 13912kB
> Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
> hugepages_size=1048576kB
> Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
> hugepages_size=2048kB
> run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
> 175 total pagecache pages
> 0 pages in swap cache
> __do_softirq+0x30b/0xad8 kernel/softirq.c:292
> Swap cache stats: add 0, delete 0, find 0/0
> Free swap = 0kB
> Total swap = 0kB
> 1965979 pages RAM
> 0 pages HighMem/MovableOnly
> 342307 pages reserved
> 0 pages cma reserved
> ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
> rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
> __GFP_COMP), nodemask=(null)
> rsyslogd cpuset=
> invoke_softirq kernel/softirq.c:372 [inline]
> irq_exit+0x17f/0x1c0 kernel/softirq.c:412
> /
> exiting_irq arch/x86/include/asm/apic.h:536 [inline]
> smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
> mems_allowed=0
> apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
> </IRQ>
> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
> [inline]
> RIP: 0010:slab_alloc mm/slab.c:3385 [inline]
> RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552
> Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48
> 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00
> e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23
> RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
> RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000
> RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286
> RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4
> R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000
> R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020
> skb_clone+0x1bb/0x500 net/core/skbuff.c:1280
> ____bpf_clone_redirect net/core/filter.c:2079 [inline]
> bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066
> bpf_prog_41f2bcae09cd4ac3+0x194/0x1000
> CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118
> ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Call Trace:
> <IRQ>
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
> syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
> __GFP_COMP), nodemask=(null)
> warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
> syz-executor0 cpuset=
> syz0
> mems_allowed=0
> __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> slab_alloc_node mm/slab.c:3327 [inline]
> kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
> __alloc_skb+0x119/0x770 net/core/skbuff.c:193
> alloc_skb include/linux/skbuff.h:997 [inline]
> ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
> ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
> addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
> call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
> expire_timers kernel/time/timer.c:1363 [inline]
> __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
> run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
> __do_softirq+0x30b/0xad8 kernel/softirq.c:292
> invoke_softirq kernel/softirq.c:372 [inline]
> irq_exit+0x17f/0x1c0 kernel/softirq.c:412
> exiting_irq arch/x86/include/asm/apic.h:536 [inline]
> smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
> apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
> </IRQ>
> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
> [inline]
> RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409
> Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f
> 84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00
> e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00
> RSP: 0000:ffff8801bccde450 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
> RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca
> RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293
> RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0
> R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000
> R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0
> vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922
> vprintk_default+0x28/0x30 kernel/printk/printk.c:1963
> vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398
> printk+0xa7/0xcf kernel/printk/printk.c:1996
> dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371
> dump_header+0x7cc/0xf72 mm/oom_kill.c:447
> oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953
> out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120
> __alloc_pages_may_oom mm/page_alloc.c:3522 [inline]
> __alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> __do_cache_alloc mm/slab.c:3356 [inline]
> slab_alloc mm/slab.c:3384 [inline]
> kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618
> kmalloc include/linux/slab.h:513 [inline]
> syslog_print kernel/printk/printk.c:1297 [inline]
> do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465
> kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40
> proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231
> __vfs_read+0x117/0x9b0 fs/read_write.c:416
> vfs_read+0x17f/0x3c0 fs/read_write.c:452
> ksys_read+0x101/0x260 fs/read_write.c:578
> __do_sys_read fs/read_write.c:588 [inline]
> __se_sys_read fs/read_write.c:586 [inline]
> __x64_sys_read+0x73/0xb0 fs/read_write.c:586
> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x7f5bbee581fd
> Code: Bad RIP value.
> RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
> RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd
> RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004
> RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000
> R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420
> R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003
> warn_alloc_show_mem: 1 callbacks suppressed
> CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118
> Mem-Info:
> active_anon:48193 inactive_anon:137 isolated_anon:0
> active_file:16 inactive_file:15 isolated_file:0
> unevictable:0 dirty:0 writeback:0 unstable:0
> slab_reclaimable:9165 slab_unreclaimable:1475206
> mapped:8194 shmem:144 pagetables:402 bounce:0
> free:13771 free_pcp:443 free_cma:0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB
> inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
> mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB
> shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB
> all_unreclaimable? yes
> Call Trace:
> Node 0
> <IRQ>
> DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
> inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
> writepending:0kB present:15992kB managed:15908kB mlocked:0kB
> kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
> free_cma:0kB
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
> lowmem_reserve[]:
> 0
> warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
> 2819
> 6323
> 6323
> Node 0
> __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
> DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB
> inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB
> writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB
> kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB
> free_cma:0kB
> lowmem_reserve[]:
> 0
> 0
> 3503 3503
> Node 0 Normal free:13912kB min:37352kB low:46688kB high:56024kB
> active_anon:192772kB inactive_anon:548kB active_file:60kB
> inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB
> managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB
> bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB
> lowmem_reserve[]:
> 0 0
> 0
> 0
> Node 0 DMA:
> 1*4kB
> (U)
> 0*8kB
> 0*16kB
> 1*32kB
> (U)
> 2*64kB
> (U) 1*128kB
> (U)
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> 1*256kB
> (U)
> 0*512kB
> 1*1024kB
> (U)
> 1*2048kB
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> (M)
> 3*4096kB
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> (M) = 15908kB
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> Node 0
> slab_alloc_node mm/slab.c:3327 [inline]
> kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
> DMA32:
> 4*4kB
> __alloc_skb+0x119/0x770 net/core/skbuff.c:193
> (UM)
> 2*8kB
> (M)
> 3*16kB
> (M)
> 3*32kB
> (M)
> alloc_skb include/linux/skbuff.h:997 [inline]
> ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
> 4*64kB
> ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
> (UM)
> addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
> 4*128kB
> (UM)
> call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
> 3*256kB
> (M)
> 4*512kB
> (UM)
> 3*1024kB
> (UM)
> 3*2048kB
> (M)
> 3*4096kB
> (M)
> = 25264kB
> Node 0
> Normal:
> 942*4kB
> (UME)
> 338*8kB
> (UMEH)
> expire_timers kernel/time/timer.c:1363 [inline]
> __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
> 149*16kB
> (UME)
> 84*32kB
> (UMEH)
> 25*64kB
> (UM)
> 2*128kB
> (UH)
> 0*256kB
> 1*512kB
> (H)
> 0*1024kB
> 0*2048kB
> 0*4096kB
> = 13912kB
> Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
> hugepages_size=1048576kB
> run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695
> Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
> hugepages_size=2048kB
> 175 total pagecache pages
> __do_softirq+0x30b/0xad8 kernel/softirq.c:292
> 0 pages in swap cache
> Swap cache stats: add 0, delete 0, find 0/0
> Free swap = 0kB
> Total swap = 0kB
> 1965979 pages RAM
> 0 pages HighMem/MovableOnly
> 342307 pages reserved
> 0 pages cma reserved
> ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
> rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
> __GFP_COMP), nodemask=(null)
> invoke_softirq kernel/softirq.c:372 [inline]
> irq_exit+0x17f/0x1c0 kernel/softirq.c:412
> rsyslogd cpuset=
> exiting_irq arch/x86/include/asm/apic.h:536 [inline]
> smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056
> /
> mems_allowed=0
> apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
> </IRQ>
> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788
> [inline]
> RIP: 0010:slab_alloc mm/slab.c:3385 [inline]
> RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552
> Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48
> 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00
> e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23
> RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
> RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000
> RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286
> RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4
> R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000
> R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020
> skb_clone+0x1bb/0x500 net/core/skbuff.c:1280
> ____bpf_clone_redirect net/core/filter.c:2079 [inline]
> bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066
> bpf_prog_41f2bcae09cd4ac3+0x194/0x1000
> CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118
> ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Call Trace:
> <IRQ>
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
> warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426
> syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC|
> __GFP_COMP), nodemask=(null)
> syz-executor0 cpuset=
> syz0 mems_allowed=0
> __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297
> __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
> __alloc_pages include/linux/gfp.h:473 [inline]
> __alloc_pages_node include/linux/gfp.h:486 [inline]
> kmem_getpages mm/slab.c:1409 [inline]
> cache_grow_begin+0x91/0x8c0 mm/slab.c:2677
> fallback_alloc+0x203/0x2e0 mm/slab.c:3219
> ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287
> slab_alloc_node mm/slab.c:3327 [inline]
> kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642
> __alloc_skb+0x119/0x770 net/core/skbuff.c:193
> alloc_skb include/linux/skbuff.h:997 [inline]
> ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403
> ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669
> addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836
> call_timer_fn+0x272/0x920 kernel/time/timer.c:1326
> expire_timers kernel/time/timer.c:1363 [inline]
> __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682
>
>
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
> syzbot.
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/0000000000007beca9057e4c8c14%40google.com.
> For more options, visit https://groups.google.com/d/optout.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
2018-12-31 7:49 ` Dmitry Vyukov
(?)
@ 2018-12-31 8:17 ` Tetsuo Handa
2018-12-31 8:24 ` Dmitry Vyukov
-1 siblings, 1 reply; 20+ messages in thread
From: Tetsuo Handa @ 2018-12-31 8:17 UTC (permalink / raw)
To: Dmitry Vyukov, syzbot
Cc: David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs,
Hideaki YOSHIFUJI, Linux-MM
On 2018/12/31 16:49, Dmitry Vyukov wrote:
> On Mon, Dec 31, 2018 at 8:42 AM syzbot
> <syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com> wrote:
>>
>> Hello,
>>
>> syzbot found the following crash on:
>>
>> HEAD commit: ef4ab8447aa2 selftests: bpf: install script with_addr.sh
>> git tree: bpf-next
>> console output: https://syzkaller.appspot.com/x/log.txt?x=14a28b6e400000
>> kernel config: https://syzkaller.appspot.com/x/.config?x=7e7e2279c0020d5f
>> dashboard link: https://syzkaller.appspot.com/bug?extid=ea7d9cb314b4ab49a18a
>> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
>>
>> Unfortunately, I don't have any reproducer for this crash yet.
>>
>> IMPORTANT: if you fix the bug, please add the following tag to the commit:
>> Reported-by: syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com
>
> Since this involves OOMs and looks like a one-off induced memory corruption:
>
> #syz dup: kernel panic: corrupted stack end in wb_workfn
>
Why?
RCU stall in this case is likely to be latency caused by flooding of printk().
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
@ 2018-12-31 8:24 ` Dmitry Vyukov
0 siblings, 0 replies; 20+ messages in thread
From: Dmitry Vyukov @ 2018-12-31 8:24 UTC (permalink / raw)
To: Tetsuo Handa
Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev,
syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM
On Mon, Dec 31, 2018 at 9:17 AM Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
>
> On 2018/12/31 16:49, Dmitry Vyukov wrote:
> > On Mon, Dec 31, 2018 at 8:42 AM syzbot
> > <syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com> wrote:
> >>
> >> Hello,
> >>
> >> syzbot found the following crash on:
> >>
> >> HEAD commit: ef4ab8447aa2 selftests: bpf: install script with_addr.sh
> >> git tree: bpf-next
> >> console output: https://syzkaller.appspot.com/x/log.txt?x=14a28b6e400000
> >> kernel config: https://syzkaller.appspot.com/x/.config?x=7e7e2279c0020d5f
> >> dashboard link: https://syzkaller.appspot.com/bug?extid=ea7d9cb314b4ab49a18a
> >> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
> >>
> >> Unfortunately, I don't have any reproducer for this crash yet.
> >>
> >> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> >> Reported-by: syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com
> >
> > Since this involves OOMs and looks like a one-off induced memory corruption:
> >
> > #syz dup: kernel panic: corrupted stack end in wb_workfn
> >
>
> Why?
>
> RCU stall in this case is likely to be latency caused by flooding of printk().
Just a hypothesis. OOMs lead to arbitrary memory corruptions, so can
cause stalls as well. But can be what you said too. I just thought
that cleaner dashboard is more useful than a large assorted pile of
crashes. If you think it's actionable in some way, feel free to undup.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
@ 2018-12-31 8:24 ` Dmitry Vyukov
0 siblings, 0 replies; 20+ messages in thread
From: Dmitry Vyukov @ 2018-12-31 8:24 UTC (permalink / raw)
To: Tetsuo Handa
Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev,
syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM
On Mon, Dec 31, 2018 at 9:17 AM Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
>
> On 2018/12/31 16:49, Dmitry Vyukov wrote:
> > On Mon, Dec 31, 2018 at 8:42 AM syzbot
> > <syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com> wrote:
> >>
> >> Hello,
> >>
> >> syzbot found the following crash on:
> >>
> >> HEAD commit: ef4ab8447aa2 selftests: bpf: install script with_addr.sh
> >> git tree: bpf-next
> >> console output: https://syzkaller.appspot.com/x/log.txt?x=14a28b6e400000
> >> kernel config: https://syzkaller.appspot.com/x/.config?x=7e7e2279c0020d5f
> >> dashboard link: https://syzkaller.appspot.com/bug?extid=ea7d9cb314b4ab49a18a
> >> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
> >>
> >> Unfortunately, I don't have any reproducer for this crash yet.
> >>
> >> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> >> Reported-by: syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com
> >
> > Since this involves OOMs and looks like a one-off induced memory corruption:
> >
> > #syz dup: kernel panic: corrupted stack end in wb_workfn
> >
>
> Why?
>
> RCU stall in this case is likely to be latency caused by flooding of printk().
Just a hypothesis. OOMs lead to arbitrary memory corruptions, so can
cause stalls as well. But can be what you said too. I just thought
that cleaner dashboard is more useful than a large assorted pile of
crashes. If you think it's actionable in some way, feel free to undup.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
2018-12-31 8:24 ` Dmitry Vyukov
(?)
@ 2019-01-02 17:06 ` Tetsuo Handa
2019-01-05 10:49 ` Tetsuo Handa
-1 siblings, 1 reply; 20+ messages in thread
From: Tetsuo Handa @ 2019-01-02 17:06 UTC (permalink / raw)
To: Dmitry Vyukov
Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev,
syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM
On 2018/12/31 17:24, Dmitry Vyukov wrote:
>>> Since this involves OOMs and looks like a one-off induced memory corruption:
>>>
>>> #syz dup: kernel panic: corrupted stack end in wb_workfn
>>>
>>
>> Why?
>>
>> RCU stall in this case is likely to be latency caused by flooding of printk().
>
> Just a hypothesis. OOMs lead to arbitrary memory corruptions, so can
> cause stalls as well. But can be what you said too. I just thought
> that cleaner dashboard is more useful than a large assorted pile of
> crashes. If you think it's actionable in some way, feel free to undup.
>
We don't know why bpf tree is hitting this problem.
Let's continue monitoring this problem.
#syz undup
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
2019-01-02 17:06 ` Tetsuo Handa
@ 2019-01-05 10:49 ` Tetsuo Handa
2019-01-06 13:24 ` Dmitry Vyukov
0 siblings, 1 reply; 20+ messages in thread
From: Tetsuo Handa @ 2019-01-05 10:49 UTC (permalink / raw)
To: Dmitry Vyukov
Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev,
syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM
On 2019/01/03 2:06, Tetsuo Handa wrote:
> On 2018/12/31 17:24, Dmitry Vyukov wrote:
>>>> Since this involves OOMs and looks like a one-off induced memory corruption:
>>>>
>>>> #syz dup: kernel panic: corrupted stack end in wb_workfn
>>>>
>>>
>>> Why?
>>>
>>> RCU stall in this case is likely to be latency caused by flooding of printk().
>>
>> Just a hypothesis. OOMs lead to arbitrary memory corruptions, so can
>> cause stalls as well. But can be what you said too. I just thought
>> that cleaner dashboard is more useful than a large assorted pile of
>> crashes. If you think it's actionable in some way, feel free to undup.
>>
>
> We don't know why bpf tree is hitting this problem.
> Let's continue monitoring this problem.
>
> #syz undup
>
A report at 2019/01/05 10:08 from "no output from test machine (2)"
( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 )
says that there are flood of memory allocation failure messages.
Since continuous memory allocation failure messages itself is not
recognized as a crash, we might be misunderstanding that this problem
is not occurring recently. It will be nice if we can run testcases
which are executed on bpf-next tree.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
@ 2019-01-06 13:24 ` Dmitry Vyukov
0 siblings, 0 replies; 20+ messages in thread
From: Dmitry Vyukov @ 2019-01-06 13:24 UTC (permalink / raw)
To: Tetsuo Handa
Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev,
syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM
On Sat, Jan 5, 2019 at 11:49 AM Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
>
> On 2019/01/03 2:06, Tetsuo Handa wrote:
> > On 2018/12/31 17:24, Dmitry Vyukov wrote:
> >>>> Since this involves OOMs and looks like a one-off induced memory corruption:
> >>>>
> >>>> #syz dup: kernel panic: corrupted stack end in wb_workfn
> >>>>
> >>>
> >>> Why?
> >>>
> >>> RCU stall in this case is likely to be latency caused by flooding of printk().
> >>
> >> Just a hypothesis. OOMs lead to arbitrary memory corruptions, so can
> >> cause stalls as well. But can be what you said too. I just thought
> >> that cleaner dashboard is more useful than a large assorted pile of
> >> crashes. If you think it's actionable in some way, feel free to undup.
> >>
> >
> > We don't know why bpf tree is hitting this problem.
> > Let's continue monitoring this problem.
> >
> > #syz undup
> >
>
> A report at 2019/01/05 10:08 from "no output from test machine (2)"
> ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 )
> says that there are flood of memory allocation failure messages.
> Since continuous memory allocation failure messages itself is not
> recognized as a crash, we might be misunderstanding that this problem
> is not occurring recently. It will be nice if we can run testcases
> which are executed on bpf-next tree.
What exactly do you mean by running test cases on bpf-next tree?
syzbot tests bpf-next, so it executes lots of test cases on that tree.
One can also ask for patch testing on bpf-next tree to test a specific
test case.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
@ 2019-01-06 13:24 ` Dmitry Vyukov
0 siblings, 0 replies; 20+ messages in thread
From: Dmitry Vyukov @ 2019-01-06 13:24 UTC (permalink / raw)
To: Tetsuo Handa
Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev,
syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM
On Sat, Jan 5, 2019 at 11:49 AM Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
>
> On 2019/01/03 2:06, Tetsuo Handa wrote:
> > On 2018/12/31 17:24, Dmitry Vyukov wrote:
> >>>> Since this involves OOMs and looks like a one-off induced memory corruption:
> >>>>
> >>>> #syz dup: kernel panic: corrupted stack end in wb_workfn
> >>>>
> >>>
> >>> Why?
> >>>
> >>> RCU stall in this case is likely to be latency caused by flooding of printk().
> >>
> >> Just a hypothesis. OOMs lead to arbitrary memory corruptions, so can
> >> cause stalls as well. But can be what you said too. I just thought
> >> that cleaner dashboard is more useful than a large assorted pile of
> >> crashes. If you think it's actionable in some way, feel free to undup.
> >>
> >
> > We don't know why bpf tree is hitting this problem.
> > Let's continue monitoring this problem.
> >
> > #syz undup
> >
>
> A report at 2019/01/05 10:08 from "no output from test machine (2)"
> ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 )
> says that there are flood of memory allocation failure messages.
> Since continuous memory allocation failure messages itself is not
> recognized as a crash, we might be misunderstanding that this problem
> is not occurring recently. It will be nice if we can run testcases
> which are executed on bpf-next tree.
What exactly do you mean by running test cases on bpf-next tree?
syzbot tests bpf-next, so it executes lots of test cases on that tree.
One can also ask for patch testing on bpf-next tree to test a specific
test case.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
2019-01-06 13:24 ` Dmitry Vyukov
(?)
@ 2019-01-06 13:47 ` Tetsuo Handa
2019-01-07 11:12 ` Dmitry Vyukov
-1 siblings, 1 reply; 20+ messages in thread
From: Tetsuo Handa @ 2019-01-06 13:47 UTC (permalink / raw)
To: Dmitry Vyukov
Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev,
syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM
On 2019/01/06 22:24, Dmitry Vyukov wrote:
>> A report at 2019/01/05 10:08 from "no output from test machine (2)"
>> ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 )
>> says that there are flood of memory allocation failure messages.
>> Since continuous memory allocation failure messages itself is not
>> recognized as a crash, we might be misunderstanding that this problem
>> is not occurring recently. It will be nice if we can run testcases
>> which are executed on bpf-next tree.
>
> What exactly do you mean by running test cases on bpf-next tree?
> syzbot tests bpf-next, so it executes lots of test cases on that tree.
> One can also ask for patch testing on bpf-next tree to test a specific
> test case.
syzbot ran "some tests" before getting this report, but we can't find from
this report what the "some tests" are. If we could record all tests executed
in syzbot environments before getting this report, we could rerun the tests
(with manually examining where the source of memory consumption is) in local
environments.
Since syzbot is now using memcg, maybe we can test with sysctl_panic_on_oom == 1.
Any memory consumption that triggers global OOM killer could be considered as
a problem (e.g. memory leak or uncontrolled memory allocation).
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
@ 2019-01-07 11:12 ` Dmitry Vyukov
0 siblings, 0 replies; 20+ messages in thread
From: Dmitry Vyukov @ 2019-01-07 11:12 UTC (permalink / raw)
To: Tetsuo Handa
Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev,
syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt
On Sun, Jan 6, 2019 at 2:47 PM Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
>
> On 2019/01/06 22:24, Dmitry Vyukov wrote:
> >> A report at 2019/01/05 10:08 from "no output from test machine (2)"
> >> ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 )
> >> says that there are flood of memory allocation failure messages.
> >> Since continuous memory allocation failure messages itself is not
> >> recognized as a crash, we might be misunderstanding that this problem
> >> is not occurring recently. It will be nice if we can run testcases
> >> which are executed on bpf-next tree.
> >
> > What exactly do you mean by running test cases on bpf-next tree?
> > syzbot tests bpf-next, so it executes lots of test cases on that tree.
> > One can also ask for patch testing on bpf-next tree to test a specific
> > test case.
>
> syzbot ran "some tests" before getting this report, but we can't find from
> this report what the "some tests" are. If we could record all tests executed
> in syzbot environments before getting this report, we could rerun the tests
> (with manually examining where the source of memory consumption is) in local
> environments.
Filed https://github.com/google/syzkaller/issues/917 for this.
> Since syzbot is now using memcg, maybe we can test with sysctl_panic_on_oom == 1.
> Any memory consumption that triggers global OOM killer could be considered as
> a problem (e.g. memory leak or uncontrolled memory allocation).
Interesting idea. This will also alleviate the previous problem as I
think only a stream of OOMs currently produces 1+MB of output.
+Shakeel who was interested in catching more memcg-escaping allocations.
To do this we need a buy-in from kernel community to consider this as
a bug/something to fix in kernel. Systematic testing can't work gray
checks requiring humans to look at each case and some cases left as
being working-as-intended.
There are also 2 interesting points:
- testing of kernel without memcg-enabled (some kernel users
obviously do this); it's doable, but currently syzkaller have no
precedents/infrastructure to consider some output patterns as bugs or
not depending on kernel features
- false positives for minimized C reproducers that have memcg code
stripped off (people complain that reproducers are too large/complex
otherwise)
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
@ 2019-01-07 11:12 ` Dmitry Vyukov
0 siblings, 0 replies; 20+ messages in thread
From: Dmitry Vyukov @ 2019-01-07 11:12 UTC (permalink / raw)
To: Tetsuo Handa
Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev,
syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt
On Sun, Jan 6, 2019 at 2:47 PM Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
>
> On 2019/01/06 22:24, Dmitry Vyukov wrote:
> >> A report at 2019/01/05 10:08 from "no output from test machine (2)"
> >> ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 )
> >> says that there are flood of memory allocation failure messages.
> >> Since continuous memory allocation failure messages itself is not
> >> recognized as a crash, we might be misunderstanding that this problem
> >> is not occurring recently. It will be nice if we can run testcases
> >> which are executed on bpf-next tree.
> >
> > What exactly do you mean by running test cases on bpf-next tree?
> > syzbot tests bpf-next, so it executes lots of test cases on that tree.
> > One can also ask for patch testing on bpf-next tree to test a specific
> > test case.
>
> syzbot ran "some tests" before getting this report, but we can't find from
> this report what the "some tests" are. If we could record all tests executed
> in syzbot environments before getting this report, we could rerun the tests
> (with manually examining where the source of memory consumption is) in local
> environments.
Filed https://github.com/google/syzkaller/issues/917 for this.
> Since syzbot is now using memcg, maybe we can test with sysctl_panic_on_oom == 1.
> Any memory consumption that triggers global OOM killer could be considered as
> a problem (e.g. memory leak or uncontrolled memory allocation).
Interesting idea. This will also alleviate the previous problem as I
think only a stream of OOMs currently produces 1+MB of output.
+Shakeel who was interested in catching more memcg-escaping allocations.
To do this we need a buy-in from kernel community to consider this as
a bug/something to fix in kernel. Systematic testing can't work gray
checks requiring humans to look at each case and some cases left as
being working-as-intended.
There are also 2 interesting points:
- testing of kernel without memcg-enabled (some kernel users
obviously do this); it's doable, but currently syzkaller have no
precedents/infrastructure to consider some output patterns as bugs or
not depending on kernel features
- false positives for minimized C reproducers that have memcg code
stripped off (people complain that reproducers are too large/complex
otherwise)
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
2019-01-07 11:12 ` Dmitry Vyukov
(?)
@ 2019-01-18 5:20 ` Tetsuo Handa
2019-01-19 12:16 ` Dmitry Vyukov
-1 siblings, 1 reply; 20+ messages in thread
From: Tetsuo Handa @ 2019-01-18 5:20 UTC (permalink / raw)
To: Dmitry Vyukov
Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev,
syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt
Dmitry Vyukov wrote:
> On Sun, Jan 6, 2019 at 2:47 PM Tetsuo Handa
> <penguin-kernel@i-love.sakura.ne.jp> wrote:
> >
> > On 2019/01/06 22:24, Dmitry Vyukov wrote:
> > >> A report at 2019/01/05 10:08 from "no output from test machine (2)"
> > >> ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 )
> > >> says that there are flood of memory allocation failure messages.
> > >> Since continuous memory allocation failure messages itself is not
> > >> recognized as a crash, we might be misunderstanding that this problem
> > >> is not occurring recently. It will be nice if we can run testcases
> > >> which are executed on bpf-next tree.
> > >
> > > What exactly do you mean by running test cases on bpf-next tree?
> > > syzbot tests bpf-next, so it executes lots of test cases on that tree.
> > > One can also ask for patch testing on bpf-next tree to test a specific
> > > test case.
> >
> > syzbot ran "some tests" before getting this report, but we can't find from
> > this report what the "some tests" are. If we could record all tests executed
> > in syzbot environments before getting this report, we could rerun the tests
> > (with manually examining where the source of memory consumption is) in local
> > environments.
>
> Filed https://github.com/google/syzkaller/issues/917 for this.
Thanks. Here is what I would suggest.
Let syz-fuzzer write to /dev/kmsg . But don't directly write syz-program lines.
Instead, just write the hash value of syz-program lines, and allow downloading
syz-program lines from external URL. Also, use the first 12 characters of the
hash value as comm name executing that syz-program lines. An example of console
output would look something like below.
[$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef
[$(uptime)][$(caller_info)] $(kernel_messages_caused_by_0123456789abcdef0123456789abcdef_are_here)
[$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123
[$(uptime)][$(caller_info)] $(kernel_messages_caused_by_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
[$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567
[$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
[$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address)
[$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz#89abcdef0123 Not tainted $(version) #$(build)
[$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here)
[$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception
Then, we can build CrashLog by picking up all "executing program #" lines and
"latest lines up to available space" from console output like below.
[$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef
[$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123
[$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567
[$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
[$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address)
[$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz89abcdef0123 Not tainted $(version) #$(build)
[$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here)
[$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception
Then, we can understand that a crash happened when executing 89abcdef0123 and
download 89abcdef0123456789abcdef01234567 for analysis. Also, we can download
0123456789abcdef0123456789abcdef and 456789abcdef0123456789abcdef0123 as needed.
Honestly, since lines which follows "$(date) executing program $(num):" line can
become so long, it is difficult to find where previous/next kernel messages are.
If only one-liner "executing program #" output is used, it is easy to find
previous/next kernel messages.
The program referenced by "executing program #" would be made downloadable via
Web server or git repository. Maybe "executing program https://$server/$hash"
for the former case. But repeating "https://$server/" part would be redundant.
The question for me is, whether sysbot can detect hash collision with different
syz-program lines before writing the hash value to /dev/kmsg, and retry by modifying
syz-program lines in order to get a new hash value until collision is avoided.
If it is difficult, simpler choice like current Unix time and PID could be used
instead...
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
@ 2019-01-19 12:16 ` Dmitry Vyukov
0 siblings, 0 replies; 20+ messages in thread
From: Dmitry Vyukov @ 2019-01-19 12:16 UTC (permalink / raw)
To: Tetsuo Handa
Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev,
syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt,
syzkaller
On Fri, Jan 18, 2019 at 6:20 AM Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
>
> Dmitry Vyukov wrote:
> > On Sun, Jan 6, 2019 at 2:47 PM Tetsuo Handa
> > <penguin-kernel@i-love.sakura.ne.jp> wrote:
> > >
> > > On 2019/01/06 22:24, Dmitry Vyukov wrote:
> > > >> A report at 2019/01/05 10:08 from "no output from test machine (2)"
> > > >> ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 )
> > > >> says that there are flood of memory allocation failure messages.
> > > >> Since continuous memory allocation failure messages itself is not
> > > >> recognized as a crash, we might be misunderstanding that this problem
> > > >> is not occurring recently. It will be nice if we can run testcases
> > > >> which are executed on bpf-next tree.
> > > >
> > > > What exactly do you mean by running test cases on bpf-next tree?
> > > > syzbot tests bpf-next, so it executes lots of test cases on that tree.
> > > > One can also ask for patch testing on bpf-next tree to test a specific
> > > > test case.
> > >
> > > syzbot ran "some tests" before getting this report, but we can't find from
> > > this report what the "some tests" are. If we could record all tests executed
> > > in syzbot environments before getting this report, we could rerun the tests
> > > (with manually examining where the source of memory consumption is) in local
> > > environments.
> >
> > Filed https://github.com/google/syzkaller/issues/917 for this.
>
> Thanks. Here is what I would suggest.
>
> Let syz-fuzzer write to /dev/kmsg . But don't directly write syz-program lines.
> Instead, just write the hash value of syz-program lines, and allow downloading
> syz-program lines from external URL. Also, use the first 12 characters of the
> hash value as comm name executing that syz-program lines. An example of console
> output would look something like below.
>
>
> [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef
> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_0123456789abcdef0123456789abcdef_are_here)
> [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123
> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
> [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567
> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
> [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address)
> [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz#89abcdef0123 Not tainted $(version) #$(build)
> [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here)
> [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception
>
> Then, we can build CrashLog by picking up all "executing program #" lines and
> "latest lines up to available space" from console output like below.
>
> [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef
> [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123
> [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567
> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
> [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address)
> [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz89abcdef0123 Not tainted $(version) #$(build)
> [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here)
> [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception
>
> Then, we can understand that a crash happened when executing 89abcdef0123 and
> download 89abcdef0123456789abcdef01234567 for analysis. Also, we can download
> 0123456789abcdef0123456789abcdef and 456789abcdef0123456789abcdef0123 as needed.
>
> Honestly, since lines which follows "$(date) executing program $(num):" line can
> become so long, it is difficult to find where previous/next kernel messages are.
> If only one-liner "executing program #" output is used, it is easy to find
> previous/next kernel messages.
>
> The program referenced by "executing program #" would be made downloadable via
> Web server or git repository. Maybe "executing program https://$server/$hash"
> for the former case. But repeating "https://$server/" part would be redundant.
>
> The question for me is, whether sysbot can detect hash collision with different
> syz-program lines before writing the hash value to /dev/kmsg, and retry by modifying
> syz-program lines in order to get a new hash value until collision is avoided.
> If it is difficult, simpler choice like current Unix time and PID could be used
> instead...
Hummm, say, if you run syz-manager locally and report a bug, where
will the webserver and database that allows to download all satellite
info work? How long you need to keep this info and provide the web
service? You will also need to pay and maintain the server for... how
long? I don't see how this can work and how we can ask people to do
this. This frankly looks like overly complex solution to a problem
were simpler solutions will work. Keeping all info in a self-contained
file looks like the only option to make it work reliably.
It's also not possible to attribute kernel output to individual programs.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
@ 2019-01-19 12:16 ` Dmitry Vyukov
0 siblings, 0 replies; 20+ messages in thread
From: Dmitry Vyukov @ 2019-01-19 12:16 UTC (permalink / raw)
To: Tetsuo Handa
Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev,
syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt,
syzkaller
On Fri, Jan 18, 2019 at 6:20 AM Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
>
> Dmitry Vyukov wrote:
> > On Sun, Jan 6, 2019 at 2:47 PM Tetsuo Handa
> > <penguin-kernel@i-love.sakura.ne.jp> wrote:
> > >
> > > On 2019/01/06 22:24, Dmitry Vyukov wrote:
> > > >> A report at 2019/01/05 10:08 from "no output from test machine (2)"
> > > >> ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 )
> > > >> says that there are flood of memory allocation failure messages.
> > > >> Since continuous memory allocation failure messages itself is not
> > > >> recognized as a crash, we might be misunderstanding that this problem
> > > >> is not occurring recently. It will be nice if we can run testcases
> > > >> which are executed on bpf-next tree.
> > > >
> > > > What exactly do you mean by running test cases on bpf-next tree?
> > > > syzbot tests bpf-next, so it executes lots of test cases on that tree.
> > > > One can also ask for patch testing on bpf-next tree to test a specific
> > > > test case.
> > >
> > > syzbot ran "some tests" before getting this report, but we can't find from
> > > this report what the "some tests" are. If we could record all tests executed
> > > in syzbot environments before getting this report, we could rerun the tests
> > > (with manually examining where the source of memory consumption is) in local
> > > environments.
> >
> > Filed https://github.com/google/syzkaller/issues/917 for this.
>
> Thanks. Here is what I would suggest.
>
> Let syz-fuzzer write to /dev/kmsg . But don't directly write syz-program lines.
> Instead, just write the hash value of syz-program lines, and allow downloading
> syz-program lines from external URL. Also, use the first 12 characters of the
> hash value as comm name executing that syz-program lines. An example of console
> output would look something like below.
>
>
> [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef
> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_0123456789abcdef0123456789abcdef_are_here)
> [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123
> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
> [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567
> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
> [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address)
> [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz#89abcdef0123 Not tainted $(version) #$(build)
> [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here)
> [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception
>
> Then, we can build CrashLog by picking up all "executing program #" lines and
> "latest lines up to available space" from console output like below.
>
> [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef
> [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123
> [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567
> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
> [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address)
> [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz89abcdef0123 Not tainted $(version) #$(build)
> [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here)
> [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception
>
> Then, we can understand that a crash happened when executing 89abcdef0123 and
> download 89abcdef0123456789abcdef01234567 for analysis. Also, we can download
> 0123456789abcdef0123456789abcdef and 456789abcdef0123456789abcdef0123 as needed.
>
> Honestly, since lines which follows "$(date) executing program $(num):" line can
> become so long, it is difficult to find where previous/next kernel messages are.
> If only one-liner "executing program #" output is used, it is easy to find
> previous/next kernel messages.
>
> The program referenced by "executing program #" would be made downloadable via
> Web server or git repository. Maybe "executing program https://$server/$hash"
> for the former case. But repeating "https://$server/" part would be redundant.
>
> The question for me is, whether sysbot can detect hash collision with different
> syz-program lines before writing the hash value to /dev/kmsg, and retry by modifying
> syz-program lines in order to get a new hash value until collision is avoided.
> If it is difficult, simpler choice like current Unix time and PID could be used
> instead...
Hummm, say, if you run syz-manager locally and report a bug, where
will the webserver and database that allows to download all satellite
info work? How long you need to keep this info and provide the web
service? You will also need to pay and maintain the server for... how
long? I don't see how this can work and how we can ask people to do
this. This frankly looks like overly complex solution to a problem
were simpler solutions will work. Keeping all info in a self-contained
file looks like the only option to make it work reliably.
It's also not possible to attribute kernel output to individual programs.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
2019-01-19 12:16 ` Dmitry Vyukov
(?)
@ 2019-01-19 13:10 ` Tetsuo Handa
2019-01-20 13:30 ` Dmitry Vyukov
-1 siblings, 1 reply; 20+ messages in thread
From: Tetsuo Handa @ 2019-01-19 13:10 UTC (permalink / raw)
To: Dmitry Vyukov
Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev,
syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt,
syzkaller
On 2019/01/19 21:16, Dmitry Vyukov wrote:
>> The question for me is, whether sysbot can detect hash collision with different
>> syz-program lines before writing the hash value to /dev/kmsg, and retry by modifying
>> syz-program lines in order to get a new hash value until collision is avoided.
>> If it is difficult, simpler choice like current Unix time and PID could be used
>> instead...
>
> Hummm, say, if you run syz-manager locally and report a bug, where
> will the webserver and database that allows to download all satellite
> info work? How long you need to keep this info and provide the web
> service? You will also need to pay and maintain the server for... how
> long? I don't see how this can work and how we can ask people to do
> this. This frankly looks like overly complex solution to a problem
> were simpler solutions will work. Keeping all info in a self-contained
> file looks like the only option to make it work reliably.
> It's also not possible to attribute kernel output to individual programs.
The first messages I want to look at is kernel output. Then, I look at
syz-program lines as needed. But current "a self-contained file" is
hard to find kernel output. Even if we keep both kernel output and
syz-program lines in a single file, we can improve readability by
splitting into kernel output section and syz-program section.
# Kernel output section start
[$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef
[$(uptime)][$(caller_info)] $(kernel_messages_caused_by_0123456789abcdef0123456789abcdef_are_here)
[$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123
[$(uptime)][$(caller_info)] $(kernel_messages_caused_by_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
[$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567
[$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
[$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address)
[$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz#89abcdef0123 Not tainted $(version) #$(build)
[$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here)
[$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception
# Kernel output section end
# syzbot code section start
Program for #0123456789abcdef0123456789abcdef
$(program_lines_for_0123456789abcdef0123456789abcdef_is_here)
Program for #456789abcdef0123456789abcdef0123
$(program_lines_for_456789abcdef0123456789abcdef0123_is_here)
Program for #89abcdef0123456789abcdef01234567
$(program_lines_for_89abcdef0123456789abcdef01234567_is_here)
# syzbot code section end
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
@ 2019-01-20 13:30 ` Dmitry Vyukov
0 siblings, 0 replies; 20+ messages in thread
From: Dmitry Vyukov @ 2019-01-20 13:30 UTC (permalink / raw)
To: Tetsuo Handa
Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev,
syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt,
syzkaller
On Sat, Jan 19, 2019 at 2:10 PM Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
>
> On 2019/01/19 21:16, Dmitry Vyukov wrote:
> >> The question for me is, whether sysbot can detect hash collision with different
> >> syz-program lines before writing the hash value to /dev/kmsg, and retry by modifying
> >> syz-program lines in order to get a new hash value until collision is avoided.
> >> If it is difficult, simpler choice like current Unix time and PID could be used
> >> instead...
> >
> > Hummm, say, if you run syz-manager locally and report a bug, where
> > will the webserver and database that allows to download all satellite
> > info work? How long you need to keep this info and provide the web
> > service? You will also need to pay and maintain the server for... how
> > long? I don't see how this can work and how we can ask people to do
> > this. This frankly looks like overly complex solution to a problem
> > were simpler solutions will work. Keeping all info in a self-contained
> > file looks like the only option to make it work reliably.
> > It's also not possible to attribute kernel output to individual programs.
>
> The first messages I want to look at is kernel output. Then, I look at
> syz-program lines as needed. But current "a self-contained file" is
> hard to find kernel output.
I think everybody looks at kernel crash first, that's why we provide
kernel crash inline in the email so it's super easy to find. One does
not need to look at console output at all to read the crash message.
Console output is meant for more complex cases when a developer needs
to extract some long tail of custom information. We don't know what
exactly information a developer is looking for and it is different in
each case, so it's not possible to optimize for this. We preserve
console output intact to not destroy some potentially important
information. Say, if we start reordering messages, we lose timing
information and timing/interleaving information is important in some
cases.
> Even if we keep both kernel output and
> syz-program lines in a single file, we can improve readability by
> splitting into kernel output section and syz-program section.
>
> # Kernel output section start
> [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef
> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_0123456789abcdef0123456789abcdef_are_here)
> [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123
> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
> [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567
> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
> [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address)
> [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz#89abcdef0123 Not tainted $(version) #$(build)
> [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here)
> [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception
> # Kernel output section end
> # syzbot code section start
> Program for #0123456789abcdef0123456789abcdef
> $(program_lines_for_0123456789abcdef0123456789abcdef_is_here)
> Program for #456789abcdef0123456789abcdef0123
> $(program_lines_for_456789abcdef0123456789abcdef0123_is_here)
> Program for #89abcdef0123456789abcdef01234567
> $(program_lines_for_89abcdef0123456789abcdef01234567_is_here)
> # syzbot code section end
>
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
@ 2019-01-20 13:30 ` Dmitry Vyukov
0 siblings, 0 replies; 20+ messages in thread
From: Dmitry Vyukov @ 2019-01-20 13:30 UTC (permalink / raw)
To: Tetsuo Handa
Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev,
syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt,
syzkaller
On Sat, Jan 19, 2019 at 2:10 PM Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
>
> On 2019/01/19 21:16, Dmitry Vyukov wrote:
> >> The question for me is, whether sysbot can detect hash collision with different
> >> syz-program lines before writing the hash value to /dev/kmsg, and retry by modifying
> >> syz-program lines in order to get a new hash value until collision is avoided.
> >> If it is difficult, simpler choice like current Unix time and PID could be used
> >> instead...
> >
> > Hummm, say, if you run syz-manager locally and report a bug, where
> > will the webserver and database that allows to download all satellite
> > info work? How long you need to keep this info and provide the web
> > service? You will also need to pay and maintain the server for... how
> > long? I don't see how this can work and how we can ask people to do
> > this. This frankly looks like overly complex solution to a problem
> > were simpler solutions will work. Keeping all info in a self-contained
> > file looks like the only option to make it work reliably.
> > It's also not possible to attribute kernel output to individual programs.
>
> The first messages I want to look at is kernel output. Then, I look at
> syz-program lines as needed. But current "a self-contained file" is
> hard to find kernel output.
I think everybody looks at kernel crash first, that's why we provide
kernel crash inline in the email so it's super easy to find. One does
not need to look at console output at all to read the crash message.
Console output is meant for more complex cases when a developer needs
to extract some long tail of custom information. We don't know what
exactly information a developer is looking for and it is different in
each case, so it's not possible to optimize for this. We preserve
console output intact to not destroy some potentially important
information. Say, if we start reordering messages, we lose timing
information and timing/interleaving information is important in some
cases.
> Even if we keep both kernel output and
> syz-program lines in a single file, we can improve readability by
> splitting into kernel output section and syz-program section.
>
> # Kernel output section start
> [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef
> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_0123456789abcdef0123456789abcdef_are_here)
> [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123
> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
> [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567
> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
> [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address)
> [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz#89abcdef0123 Not tainted $(version) #$(build)
> [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here)
> [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception
> # Kernel output section end
> # syzbot code section start
> Program for #0123456789abcdef0123456789abcdef
> $(program_lines_for_0123456789abcdef0123456789abcdef_is_here)
> Program for #456789abcdef0123456789abcdef0123
> $(program_lines_for_456789abcdef0123456789abcdef0123_is_here)
> Program for #89abcdef0123456789abcdef01234567
> $(program_lines_for_89abcdef0123456789abcdef01234567_is_here)
> # syzbot code section end
>
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb
2019-01-20 13:30 ` Dmitry Vyukov
(?)
@ 2019-01-20 14:24 ` Tetsuo Handa
-1 siblings, 0 replies; 20+ messages in thread
From: Tetsuo Handa @ 2019-01-20 14:24 UTC (permalink / raw)
To: Dmitry Vyukov
Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev,
syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt,
syzkaller
On 2019/01/20 22:30, Dmitry Vyukov wrote:
>> The first messages I want to look at is kernel output. Then, I look at
>> syz-program lines as needed. But current "a self-contained file" is
>> hard to find kernel output.
>
> I think everybody looks at kernel crash first, that's why we provide
> kernel crash inline in the email so it's super easy to find. One does
> not need to look at console output at all to read the crash message.
I don't think so. Sometimes it happens that a backtrace of memory allocation
fault injection prior to the crash tells everything. But since such lines are
not immediately findable from a file containing console output, people fails
to understand what has happened.
And one (of my two suggestions) is about helping people to easily find kernel
messages from console output, by moving syzbot-program lines into a dedicated
location.
> Console output is meant for more complex cases when a developer needs
> to extract some long tail of custom information.
This "INFO: rcu detected stall in ndisc_alloc_skb" is exactly a case where only
syzbot-program lines can provide some clue. And the other (of my two suggestions)
is about preserving all syzbot-program lines in a file containing console output.
> We don't know what
> exactly information a developer is looking for and it is different in
> each case, so it's not possible to optimize for this.
I'm not asking to optimize. I'm asking to preserve all syzbot-program lines.
> We preserve
> console output intact to not destroy some potentially important
> information. Say, if we start reordering messages, we lose timing
> information and timing/interleaving information is important in some
> cases.
My suggestion is not a reordering of messages. It is a cross referencing.
The [$(uptime)] part acts as the timing information. Since inlining syzbot-program
line there makes difficult to find previous/next kernel messages, I'm suggesting
to move syzbot-program lines into a dedicated block and cross reference using some
identifiers like hash. There is no loss of timing information, and we can
reconstruct interleaved output (if needed) as long as identifiers are unique
within that report.
>
>> Even if we keep both kernel output and
>> syz-program lines in a single file, we can improve readability by
>> splitting into kernel output section and syz-program section.
>>
>> # Kernel output section start
>> [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef
>> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_0123456789abcdef0123456789abcdef_are_here)
>> [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123
>> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
>> [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567
>> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here)
>> [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address)
>> [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz#89abcdef0123 Not tainted $(version) #$(build)
>> [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here)
>> [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception
>> # Kernel output section end
>> # syzbot code section start
>> Program for #0123456789abcdef0123456789abcdef
>> $(program_lines_for_0123456789abcdef0123456789abcdef_is_here)
>> Program for #456789abcdef0123456789abcdef0123
>> $(program_lines_for_456789abcdef0123456789abcdef0123_is_here)
>> Program for #89abcdef0123456789abcdef01234567
>> $(program_lines_for_89abcdef0123456789abcdef01234567_is_here)
>> # syzbot code section end
>>
>
-------------------- Current output --------------------
[ 938.184721][T10912] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 938.193080][T10912] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[ 938.202030][T10912] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 938.210375][T10912] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
22:37:55 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460000040000000000000000000000d40000004800000000000000000000000000000000001cca000000e4"], 0x2e)
[ 938.275686][T10912] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 938.300740][T10912] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
22:37:55 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xe, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x64, 0x4c000000}}, &(0x7f0000000200)='7R\xec\x1f\x83\"\x8e@\xb7Ec\x80!\xe8\x98\xb9\x0fc\x1e\xf9\x04`\x0e\x963kU\xd5:\n\x86\xfc\f`v\x92\xa0F\xa6R\xd10a\v7\x8cA\xd5taZ\xa8\x15\xb164\xd0\x98\xacm\x1c\x15\x8e}\xa9~\a?\x01\xbe\xfe\x04\f\xd2\x8b#A\x84J\x87\x02o\xb4\xd7\xaa\x83\xda\xfe\xfc\xf57\x90\xe0D\xcd\xd1Z\xe9\x99-\x82\xd0\'\a{\xe4\xef\x85\x83\xadJ\x8f\x88\xdeDH@\\\xea\xc4>\xc4\"\xdcl\a\x00\x00\x00\x00\x00\x00J\x88g\x1c\x19\xe52\xa2\x98\x06j8@iV\xb6Z\xdbR{,\xed\x05\x00c\xa5\xc8\x8fF\xd2\a\x11\xcdC1k\x8b\xb4[\xb16\xa6a\xe2\xe7\x8d\x88\x8d\xa8:\xc1\xcb\b', 0x2, 0x1074, &(0x7f0000014000)=""/4096, 0x0, 0x0, [0x3f000000]}, 0x48)
22:37:55 executing program 1:
r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000140)="a7e66891b3c4503a1061c17727c1d522854b5b6493f286a24a29c4741f0e38eef3c3f9843d3a0c490f0bb1e7d2d609accfefa8227ac2a7a79ae00d7c6f696bcd50d24eff01b9368c754ef748fe352124ced7d38607ec80d03d3ce497a5d65ef83da9366e221f7b509516091fb311b69319947307836405776778f944826f7364999fbc557e3d3a27e73b463ee362329e8d62294e51036508bb382c7830a2d4c728a3bfabeb544e0f3672a5019c9bc03bcd69c2e62721aabcc02386c74fd1e793610011348c794e5cee9763e05f0d3220e2da70007bd337bf4b1463c390ffb10611e8d0335e0ab726d63a4fc3dc3e16d18b536b6f8fc2d178c300d26ae9358d67")
ioctl$TIOCCONS(r0, 0x541d)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000040)={0x1, {{0x2, 0x4e23, @multicast1}}}, 0x88)
read$FUSE(r0, 0x0, 0xfffffffffffffe69)
[ 938.449693][T10937] sg_write: data in/out 262108/4 bytes for SCSI command 0x0-- guessing data in;
[ 938.449693][T10937] program syz-executor4 not setting count and/or reply_len properly
22:37:56 executing program 2:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_adj\x00')
exit(0x0)
preadv(r0, &(0x7f0000001600), 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000000)=0x20)
22:37:56 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
syz_mount_image$f2fs(&(0x7f0000000180)='f2fs\x00', &(0x7f00000001c0)='./file0\x00', 0x3d04, 0x0, 0x0, 0x4, &(0x7f0000002380)={[{@norecovery='norecovery'}, {@data_flush='data_flush'}, {@four_active_logs='active_logs=4'}, {@quota='quota'}, {@lazytime='lazytime'}, {@usrjquota={'usrjquota', 0x3d, 'security.SMACK64TRANSMUTE\x00'}}, {@jqfmt_vfsold='jqfmt=vfsold'}, {@discard='discard'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}], [{@defcontext={'defcontext', 0x3d, 'system_u'}}, {@appraise='appraise'}, {@subj_role={'subj_role', 0x3d, '@\xb0#posix_acl_access'}}, {@dont_measure='dont_measure'}]})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
22:37:56 executing program 1:
r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000080)=@assoc_value={<r1=>0x0}, &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000100)={r1, @in={{0x2, 0x4e21, @multicast2}}, 0xfffffffffffff177, 0x9, 0xd9e, 0x4, 0x100}, &(0x7f00000001c0)=0x98)
read$FUSE(r0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000040)=0x7fffffff, 0x4)
22:37:56 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460000040000000000000000000000d40000004c00000000000000000000000000000000001cca000000e4"], 0x2e)
22:37:56 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xe, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x64, 0x4c000000}}, &(0x7f0000000200)='7R\xec\x1f\x83\"\x8e@\xb7Ec\x80!\xe8\x98\xb9\x0fc\x1e\xf9\x04`\x0e\x963kU\xd5:\n\x86\xfc\f`v\x92\xa0F\xa6R\xd10a\v7\x8cA\xd5taZ\xa8\x15\xb164\xd0\x98\xacm\x1c\x15\x8e}\xa9~\a?\x01\xbe\xfe\x04\f\xd2\x8b#A\x84J\x87\x02o\xb4\xd7\xaa\x83\xda\xfe\xfc\xf57\x90\xe0D\xcd\xd1Z\xe9\x99-\x82\xd0\'\a{\xe4\xef\x85\x83\xadJ\x8f\x88\xdeDH@\\\xea\xc4>\xc4\"\xdcl\a\x00\x00\x00\x00\x00\x00J\x88g\x1c\x19\xe52\xa2\x98\x06j8@iV\xb6Z\xdbR{,\xed\x05\x00c\xa5\xc8\x8fF\xd2\a\x11\xcdC1k\x8b\xb4[\xb16\xa6a\xe2\xe7\x8d\x88\x8d\xa8:\xc1\xcb\b', 0x2, 0x1074, &(0x7f0000014000)=""/4096, 0x0, 0x0, [0x40000000]}, 0x48)
22:37:56 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xe, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x64, 0x4c000000}}, &(0x7f0000000200)='7R\xec\x1f\x83\"\x8e@\xb7Ec\x80!\xe8\x98\xb9\x0fc\x1e\xf9\x04`\x0e\x963kU\xd5:\n\x86\xfc\f`v\x92\xa0F\xa6R\xd10a\v7\x8cA\xd5taZ\xa8\x15\xb164\xd0\x98\xacm\x1c\x15\x8e}\xa9~\a?\x01\xbe\xfe\x04\f\xd2\x8b#A\x84J\x87\x02o\xb4\xd7\xaa\x83\xda\xfe\xfc\xf57\x90\xe0D\xcd\xd1Z\xe9\x99-\x82\xd0\'\a{\xe4\xef\x85\x83\xadJ\x8f\x88\xdeDH@\\\xea\xc4>\xc4\"\xdcl\a\x00\x00\x00\x00\x00\x00J\x88g\x1c\x19\xe52\xa2\x98\x06j8@iV\xb6Z\xdbR{,\xed\x05\x00c\xa5\xc8\x8fF\xd2\a\x11\xcdC1k\x8b\xb4[\xb16\xa6a\xe2\xe7\x8d\x88\x8d\xa8:\xc1\xcb\b', 0x2, 0x1074, &(0x7f0000014000)=""/4096, 0x0, 0x0, [0x43000000]}, 0x48)
22:37:56 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460000040000000000000000000000d40000006800000000000000000000000000000000001cca000000e4"], 0x2e)
[ 939.167542][T10956] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
22:37:56 executing program 1:
r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000140)=ANY=[@ANYBLOB="6e61740000000000000000000000000000000000001842000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005810f528769d7fe60000000000000000000000000000000000000000000000080000000000000000000000000000000000008f93902e54bd6eee49bc89d5b50eb7c3e052d70064eef4bf3662c39f4d2a02ff3b3ea9b3ff0966d2295abf3525052e464025ac0019bf93103e68000222fd35d68a327e56f5ad1b43412cb6247787f783ea08e94f7d1ec55d6597df55dee150eb05600937a9e13d2afaac2edc72736559068a6f1d"], 0x78)
prctl$PR_GET_NAME(0x10, &(0x7f0000000040)=""/119)
[ 939.214806][T10956] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[ 939.276518][T10956] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 939.285099][T10956] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[ 939.336812][T10956] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 939.377329][T10956] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[ 939.411893][T10956] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 939.425615][T10956] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[ 942.734545][ T1043] ------------[ cut here ]------------
[ 942.740643][ T1043] kernel BUG at mm/page_alloc.c:3112!
[ 942.746017][ T1043] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 942.752096][ T1043] CPU: 0 PID: 1043 Comm: kcompactd0 Not tainted 5.0.0-rc2-next-20190116 #13
[ 942.760748][ T1043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 942.770806][ T1043] RIP: 0010:__isolate_free_page+0x4a8/0x680
[ 942.776697][ T1043] Code: 4c 39 e3 77 c0 0f b6 8d 74 ff ff ff b8 01 00 00 00 48 d3 e0 e9 11 fd ff ff 48 c7 c6 a0 65 52 88 4c 89 e7 e8 6a 14 10 00 0f 0b <0f> 0b 48 c7 c6 c0 66 52 88 4c 89 e7 e8 57 14 10 00 0f 0b 48 89 cf
[ 942.796291][ T1043] RSP: 0018:ffff8880a783ef58 EFLAGS: 00010003
[ 942.802345][ T1043] RAX: 0000000020000080 RBX: 0000000000000000 RCX: ffff88812fffc7e0
[ 942.810304][ T1043] RDX: 1ffff11025fff8fc RSI: 0000000000000008 RDI: ffff88812fffc7b0
[ 942.818281][ T1043] RBP: ffff8880a783f018 R08: ffff8880a78c8000 R09: ffffed1014f07df2
[ 942.826243][ T1043] R10: ffffed1014f07df1 R11: 0000000000000003 R12: ffff88812fffc7b0
[ 942.834209][ T1043] R13: 1ffff11014f07df2 R14: ffff88812fffc7b0 R15: ffff8880a783eff0
[ 942.842182][ T1043] FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[ 942.851103][ T1043] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 942.857681][ T1043] CR2: 000000c4313a9410 CR3: 0000000009871000 CR4: 00000000001406f0
[ 942.865657][ T1043] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 942.873614][ T1043] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 942.881587][ T1043] Call Trace:
[ 942.884872][ T1043] ? lock_release+0xc40/0xc40
[ 942.889544][ T1043] ? rwlock_bug.part.0+0x90/0x90
[ 942.894489][ T1043] ? zone_watermark_ok+0x1b0/0x1b0
[ 942.899589][ T1043] ? trace_hardirqs_on+0xbd/0x310
[ 942.904619][ T1043] ? kasan_check_read+0x11/0x20
[ 942.909464][ T1043] compaction_alloc+0xd05/0x2970
-------------------- Current output --------------------
-------------------- My suggested output --------------------
[ 938.184721][T10912] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 938.193080][T10912] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[ 938.202030][T10912] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 938.210375][T10912] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[ 938.XXXXXX][ T$pid] 22:37:55 executing program #01234567:
[ 938.275686][T10912] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 938.300740][T10912] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[ 938.XXXXXX][ T$pid] 22:37:55 executing program #12345678:
[ 938.XXXXXX][ T$pid] 22:37:55 executing program #23456789:
[ 938.449693][T10937] sg_write: data in/out 262108/4 bytes for SCSI command 0x0-- guessing data in;
[ 938.449693][T10937] program syz-executor4 not setting count and/or reply_len properly
[ 939.XXXXXX][ T$pid] 22:37:56 executing program #3456789a:
[ 939.XXXXXX][ T$pid] 22:37:56 executing program #456789ab:
[ 939.XXXXXX][ T$pid] 22:37:56 executing program #56789abc:
[ 939.XXXXXX][ T$pid] 22:37:56 executing program #6789abcd:
[ 939.XXXXXX][ T$pid] 22:37:56 executing program #789abcde:
[ 939.XXXXXX][ T$pid] 22:37:56 executing program #89abcdef:
[ 939.XXXXXX][ T$pid] 22:37:56 executing program #9abcdef0:
[ 939.167542][T10956] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 939.XXXXXX][ T$pid] 22:37:56 executing program #abcdef01:
[ 939.214806][T10956] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[ 939.276518][T10956] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 939.285099][T10956] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[ 939.336812][T10956] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 939.377329][T10956] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[ 939.411893][T10956] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 939.425615][T10956] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[ 942.734545][ T1043] ------------[ cut here ]------------
[ 942.740643][ T1043] kernel BUG at mm/page_alloc.c:3112!
[ 942.746017][ T1043] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 942.752096][ T1043] CPU: 0 PID: 1043 Comm: kcompactd0 Not tainted 5.0.0-rc2-next-20190116 #13
[ 942.760748][ T1043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 942.770806][ T1043] RIP: 0010:__isolate_free_page+0x4a8/0x680
[ 942.776697][ T1043] Code: 4c 39 e3 77 c0 0f b6 8d 74 ff ff ff b8 01 00 00 00 48 d3 e0 e9 11 fd ff ff 48 c7 c6 a0 65 52 88 4c 89 e7 e8 6a 14 10 00 0f 0b <0f> 0b 48 c7 c6 c0 66 52 88 4c 89 e7 e8 57 14 10 00 0f 0b 48 89 cf
[ 942.796291][ T1043] RSP: 0018:ffff8880a783ef58 EFLAGS: 00010003
[ 942.802345][ T1043] RAX: 0000000020000080 RBX: 0000000000000000 RCX: ffff88812fffc7e0
[ 942.810304][ T1043] RDX: 1ffff11025fff8fc RSI: 0000000000000008 RDI: ffff88812fffc7b0
[ 942.818281][ T1043] RBP: ffff8880a783f018 R08: ffff8880a78c8000 R09: ffffed1014f07df2
[ 942.826243][ T1043] R10: ffffed1014f07df1 R11: 0000000000000003 R12: ffff88812fffc7b0
[ 942.834209][ T1043] R13: 1ffff11014f07df2 R14: ffff88812fffc7b0 R15: ffff8880a783eff0
[ 942.842182][ T1043] FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[ 942.851103][ T1043] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 942.857681][ T1043] CR2: 000000c4313a9410 CR3: 0000000009871000 CR4: 00000000001406f0
[ 942.865657][ T1043] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 942.873614][ T1043] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 942.881587][ T1043] Call Trace:
[ 942.884872][ T1043] ? lock_release+0xc40/0xc40
[ 942.889544][ T1043] ? rwlock_bug.part.0+0x90/0x90
[ 942.894489][ T1043] ? zone_watermark_ok+0x1b0/0x1b0
[ 942.899589][ T1043] ? trace_hardirqs_on+0xbd/0x310
[ 942.904619][ T1043] ? kasan_check_read+0x11/0x20
[ 942.909464][ T1043] compaction_alloc+0xd05/0x2970
Program for #01234567
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460000040000000000000000000000d40000004800000000000000000000000000000000001cca000000e4"], 0x2e)
Program for #12345678
bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xe, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x64, 0x4c000000}}, &(0x7f0000000200)='7R\xec\x1f\x83\"\x8e@\xb7Ec\x80!\xe8\x98\xb9\x0fc\x1e\xf9\x04`\x0e\x963kU\xd5:\n\x86\xfc\f`v\x92\xa0F\xa6R\xd10a\v7\x8cA\xd5taZ\xa8\x15\xb164\xd0\x98\xacm\x1c\x15\x8e}\xa9~\a?\x01\xbe\xfe\x04\f\xd2\x8b#A\x84J\x87\x02o\xb4\xd7\xaa\x83\xda\xfe\xfc\xf57\x90\xe0D\xcd\xd1Z\xe9\x99-\x82\xd0\'\a{\xe4\xef\x85\x83\xadJ\x8f\x88\xdeDH@\\\xea\xc4>\xc4\"\xdcl\a\x00\x00\x00\x00\x00\x00J\x88g\x1c\x19\xe52\xa2\x98\x06j8@iV\xb6Z\xdbR{,\xed\x05\x00c\xa5\xc8\x8fF\xd2\a\x11\xcdC1k\x8b\xb4[\xb16\xa6a\xe2\xe7\x8d\x88\x8d\xa8:\xc1\xcb\b', 0x2, 0x1074, &(0x7f0000014000)=""/4096, 0x0, 0x0, [0x3f000000]}, 0x48)
Program for #23456789
r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000140)="a7e66891b3c4503a1061c17727c1d522854b5b6493f286a24a29c4741f0e38eef3c3f9843d3a0c490f0bb1e7d2d609accfefa8227ac2a7a79ae00d7c6f696bcd50d24eff01b9368c754ef748fe352124ced7d38607ec80d03d3ce497a5d65ef83da9366e221f7b509516091fb311b69319947307836405776778f944826f7364999fbc557e3d3a27e73b463ee362329e8d62294e51036508bb382c7830a2d4c728a3bfabeb544e0f3672a5019c9bc03bcd69c2e62721aabcc02386c74fd1e793610011348c794e5cee9763e05f0d3220e2da70007bd337bf4b1463c390ffb10611e8d0335e0ab726d63a4fc3dc3e16d18b536b6f8fc2d178c300d26ae9358d67")
ioctl$TIOCCONS(r0, 0x541d)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000040)={0x1, {{0x2, 0x4e23, @multicast1}}}, 0x88)
read$FUSE(r0, 0x0, 0xfffffffffffffe69)
Program for #3456789a
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_adj\x00')
exit(0x0)
preadv(r0, &(0x7f0000001600), 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000000)=0x20)
Program for #456789ab
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
syz_mount_image$f2fs(&(0x7f0000000180)='f2fs\x00', &(0x7f00000001c0)='./file0\x00', 0x3d04, 0x0, 0x0, 0x4, &(0x7f0000002380)={[{@norecovery='norecovery'}, {@data_flush='data_flush'}, {@four_active_logs='active_logs=4'}, {@quota='quota'}, {@lazytime='lazytime'}, {@usrjquota={'usrjquota', 0x3d, 'security.SMACK64TRANSMUTE\x00'}}, {@jqfmt_vfsold='jqfmt=vfsold'}, {@discard='discard'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}], [{@defcontext={'defcontext', 0x3d, 'system_u'}}, {@appraise='appraise'}, {@subj_role={'subj_role', 0x3d, '@\xb0#posix_acl_access'}}, {@dont_measure='dont_measure'}]})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
Program for #56789abc
r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000080)=@assoc_value={<r1=>0x0}, &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000100)={r1, @in={{0x2, 0x4e21, @multicast2}}, 0xfffffffffffff177, 0x9, 0xd9e, 0x4, 0x100}, &(0x7f00000001c0)=0x98)
read$FUSE(r0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000040)=0x7fffffff, 0x4)
Program for #6789abcd
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460000040000000000000000000000d40000004c00000000000000000000000000000000001cca000000e4"], 0x2e)
Program for #789abcde
bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xe, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x64, 0x4c000000}}, &(0x7f0000000200)='7R\xec\x1f\x83\"\x8e@\xb7Ec\x80!\xe8\x98\xb9\x0fc\x1e\xf9\x04`\x0e\x963kU\xd5:\n\x86\xfc\f`v\x92\xa0F\xa6R\xd10a\v7\x8cA\xd5taZ\xa8\x15\xb164\xd0\x98\xacm\x1c\x15\x8e}\xa9~\a?\x01\xbe\xfe\x04\f\xd2\x8b#A\x84J\x87\x02o\xb4\xd7\xaa\x83\xda\xfe\xfc\xf57\x90\xe0D\xcd\xd1Z\xe9\x99-\x82\xd0\'\a{\xe4\xef\x85\x83\xadJ\x8f\x88\xdeDH@\\\xea\xc4>\xc4\"\xdcl\a\x00\x00\x00\x00\x00\x00J\x88g\x1c\x19\xe52\xa2\x98\x06j8@iV\xb6Z\xdbR{,\xed\x05\x00c\xa5\xc8\x8fF\xd2\a\x11\xcdC1k\x8b\xb4[\xb16\xa6a\xe2\xe7\x8d\x88\x8d\xa8:\xc1\xcb\b', 0x2, 0x1074, &(0x7f0000014000)=""/4096, 0x0, 0x0, [0x40000000]}, 0x48)
Program for #89abcdef
bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xe, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x64, 0x4c000000}}, &(0x7f0000000200)='7R\xec\x1f\x83\"\x8e@\xb7Ec\x80!\xe8\x98\xb9\x0fc\x1e\xf9\x04`\x0e\x963kU\xd5:\n\x86\xfc\f`v\x92\xa0F\xa6R\xd10a\v7\x8cA\xd5taZ\xa8\x15\xb164\xd0\x98\xacm\x1c\x15\x8e}\xa9~\a?\x01\xbe\xfe\x04\f\xd2\x8b#A\x84J\x87\x02o\xb4\xd7\xaa\x83\xda\xfe\xfc\xf57\x90\xe0D\xcd\xd1Z\xe9\x99-\x82\xd0\'\a{\xe4\xef\x85\x83\xadJ\x8f\x88\xdeDH@\\\xea\xc4>\xc4\"\xdcl\a\x00\x00\x00\x00\x00\x00J\x88g\x1c\x19\xe52\xa2\x98\x06j8@iV\xb6Z\xdbR{,\xed\x05\x00c\xa5\xc8\x8fF\xd2\a\x11\xcdC1k\x8b\xb4[\xb16\xa6a\xe2\xe7\x8d\x88\x8d\xa8:\xc1\xcb\b', 0x2, 0x1074, &(0x7f0000014000)=""/4096, 0x0, 0x0, [0x43000000]}, 0x48)
Program for #9abcdef0
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460000040000000000000000000000d40000006800000000000000000000000000000000001cca000000e4"], 0x2e)
Program for #abcdef01
r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000140)=ANY=[@ANYBLOB="6e61740000000000000000000000000000000000001842000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005810f528769d7fe60000000000000000000000000000000000000000000000080000000000000000000000000000000000008f93902e54bd6eee49bc89d5b50eb7c3e052d70064eef4bf3662c39f4d2a02ff3b3ea9b3ff0966d2295abf3525052e464025ac0019bf93103e68000222fd35d68a327e56f5ad1b43412cb6247787f783ea08e94f7d1ec55d6597df55dee150eb05600937a9e13d2afaac2edc72736559068a6f1d"], 0x78)
prctl$PR_GET_NAME(0x10, &(0x7f0000000040)=""/119)
-------------------- My suggested output --------------------
^ permalink raw reply [flat|nested] 20+ messages in thread
end of thread, other threads:[~2019-01-20 14:25 UTC | newest]
Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-31 7:42 INFO: rcu detected stall in ndisc_alloc_skb syzbot
2018-12-31 7:49 ` Dmitry Vyukov
2018-12-31 7:49 ` Dmitry Vyukov
2018-12-31 8:17 ` Tetsuo Handa
2018-12-31 8:24 ` Dmitry Vyukov
2018-12-31 8:24 ` Dmitry Vyukov
2019-01-02 17:06 ` Tetsuo Handa
2019-01-05 10:49 ` Tetsuo Handa
2019-01-06 13:24 ` Dmitry Vyukov
2019-01-06 13:24 ` Dmitry Vyukov
2019-01-06 13:47 ` Tetsuo Handa
2019-01-07 11:12 ` Dmitry Vyukov
2019-01-07 11:12 ` Dmitry Vyukov
2019-01-18 5:20 ` Tetsuo Handa
2019-01-19 12:16 ` Dmitry Vyukov
2019-01-19 12:16 ` Dmitry Vyukov
2019-01-19 13:10 ` Tetsuo Handa
2019-01-20 13:30 ` Dmitry Vyukov
2019-01-20 13:30 ` Dmitry Vyukov
2019-01-20 14:24 ` Tetsuo Handa
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.