* INFO: rcu detected stall in ndisc_alloc_skb @ 2018-12-31 7:42 syzbot 2018-12-31 7:49 ` Dmitry Vyukov 0 siblings, 1 reply; 20+ messages in thread From: syzbot @ 2018-12-31 7:42 UTC (permalink / raw) To: davem, kuznet, linux-kernel, netdev, syzkaller-bugs, yoshfuji Hello, syzbot found the following crash on: HEAD commit: ef4ab8447aa2 selftests: bpf: install script with_addr.sh git tree: bpf-next console output: https://syzkaller.appspot.com/x/log.txt?x=14a28b6e400000 kernel config: https://syzkaller.appspot.com/x/.config?x=7e7e2279c0020d5f dashboard link: https://syzkaller.appspot.com/bug?extid=ea7d9cb314b4ab49a18a compiler: gcc (GCC) 8.0.1 20180413 (experimental) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118 rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: rcu: (detected by 0, t=10712 jiffies, g=90369, q=135) <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 rcu: All QSes seen, last rcu_preempt kthread activity 10548 (4295003843-4294993295), jiffies_till_next_fqs=1, root ->qsmask 0x0 syz-executor0 R running task warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 22896 7592 5826 0x8010000c Call Trace: <IRQ> sched_show_task.cold.83+0x2b6/0x30a kernel/sched/core.c:5296 __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 print_other_cpu_stall.cold.79+0xa83/0xba5 kernel/rcu/tree.c:1430 check_cpu_stall kernel/rcu/tree.c:1557 [inline] __rcu_pending kernel/rcu/tree.c:3276 [inline] rcu_pending kernel/rcu/tree.c:3319 [inline] rcu_check_callbacks+0xafc/0x1990 kernel/rcu/tree.c:2665 __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 __alloc_pages include/linux/gfp.h:473 [inline] __alloc_pages_node include/linux/gfp.h:486 [inline] kmem_getpages mm/slab.c:1409 [inline] cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 fallback_alloc+0x203/0x2e0 mm/slab.c:3219 ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 slab_alloc_node mm/slab.c:3327 [inline] kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 __alloc_skb+0x119/0x770 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:997 [inline] ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 update_process_times+0x2d/0x70 kernel/time/timer.c:1636 addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 tick_sched_handle+0x9f/0x180 kernel/time/tick-sched.c:164 tick_sched_timer+0x45/0x130 kernel/time/tick-sched.c:1274 __run_hrtimer kernel/time/hrtimer.c:1398 [inline] __hrtimer_run_queues+0x41c/0x10d0 kernel/time/hrtimer.c:1460 call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 hrtimer_interrupt+0x313/0x780 kernel/time/hrtimer.c:1518 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1029 [inline] smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1054 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 [inline] RIP: 0010:slab_alloc_node mm/slab.c:3329 [inline] RIP: 0010:kmem_cache_alloc_node+0x247/0x730 mm/slab.c:3642 Code: 3f 7e 0f 85 32 ff ff ff e8 a5 7f 3e ff e9 28 ff ff ff e8 0c e3 c2 ff 48 83 3d 5c f4 6f 07 00 0f 84 33 01 00 00 4c 89 ff 57 9d <0f> 1f 44 00 00 e9 bf fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23 RSP: 0000:ffff8801dae07450 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffffff8184e1ca RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286 RBP: ffff8801dae074c0 R08: ffff880193c38700 R09: fffffbfff12812c4 R10: ffff8801dae06098 R11: ffffffff89409623 R12: ffff8801d9a04040 R13: ffff8801d9a04040 R14: 0000000000000000 R15: 0000000000000286 __alloc_skb+0x119/0x770 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:997 [inline] ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 expire_timers kernel/time/timer.c:1363 [inline] __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 __do_softirq+0x30b/0xad8 kernel/softirq.c:292 expire_timers kernel/time/timer.c:1363 [inline] __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 __do_softirq+0x30b/0xad8 kernel/softirq.c:292 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 </IRQ> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 [inline] RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409 Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f 84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00 e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00 RSP: 0000:ffff8801bccde450 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0 R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000 R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0 vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 </IRQ> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 [inline] RIP: 0010:slab_alloc mm/slab.c:3385 [inline] RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552 Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00 e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23 RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 vprintk_default+0x28/0x30 kernel/printk/printk.c:1963 ORIG_RAX: ffffffffffffff13 vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398 RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000 printk+0xa7/0xcf kernel/printk/printk.c:1996 RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286 RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4 R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000 dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371 R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020 dump_header+0x7cc/0xf72 mm/oom_kill.c:447 skb_clone+0x1bb/0x500 net/core/skbuff.c:1280 ____bpf_clone_redirect net/core/filter.c:2079 [inline] bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066 bpf_prog_41f2bcae09cd4ac3+0x194/0x1000 oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953 out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120 __alloc_pages_may_oom mm/page_alloc.c:3522 [inline] __alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235 rcu: rcu_preempt kthread starved for 10548 jiffies! g90369 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 rcu: RCU grace-period kthread stack dump: rcu_preempt R running task 22736 10 2 0x80000000 Call Trace: context_switch kernel/sched/core.c:2825 [inline] __schedule+0x86c/0x1ed0 kernel/sched/core.c:3473 __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 schedule+0xfe/0x460 kernel/sched/core.c:3517 __alloc_pages include/linux/gfp.h:473 [inline] __alloc_pages_node include/linux/gfp.h:486 [inline] kmem_getpages mm/slab.c:1409 [inline] cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 schedule_timeout+0x140/0x260 kernel/time/timer.c:1804 fallback_alloc+0x203/0x2e0 mm/slab.c:3219 ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 __do_cache_alloc mm/slab.c:3356 [inline] slab_alloc mm/slab.c:3384 [inline] kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618 rcu_gp_kthread+0x9d9/0x2310 kernel/rcu/tree.c:2194 kmalloc include/linux/slab.h:513 [inline] syslog_print kernel/printk/printk.c:1297 [inline] do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465 kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40 proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231 __vfs_read+0x117/0x9b0 fs/read_write.c:416 vfs_read+0x17f/0x3c0 fs/read_write.c:452 ksys_read+0x101/0x260 fs/read_write.c:578 __do_sys_read fs/read_write.c:588 [inline] __se_sys_read fs/read_write.c:586 [inline] __x64_sys_read+0x73/0xb0 fs/read_write.c:586 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f5bbee581fd Code: Bad RIP value. RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000 R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420 R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003 warn_alloc_show_mem: 1 callbacks suppressed Mem-Info: active_anon:48193 inactive_anon:137 isolated_anon:0 active_file:16 inactive_file:15 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:9165 slab_unreclaimable:1475206 mapped:8194 shmem:144 pagetables:402 bounce:0 free:13771 free_pcp:443 free_cma:0 Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2819 6323 6323 Node 0 DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 3503 3503 Node 0 Normal free:13912kB min:37352kB low:46688kB high:56024kB active_anon:192772kB inactive_anon:548kB active_file:60kB inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB lowmem_reserve[]: kthread+0x35a/0x420 kernel/kthread.c:246 0 0 0 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413 0 ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| __GFP_COMP), nodemask=(null) (U) syz-executor0 cpuset= 2*64kB syz0 (U) mems_allowed=0 1*128kB CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118 (U) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1*256kB (U) Call Trace: 0*512kB <IRQ> 1*1024kB __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 (U) 1*2048kB warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 (M) 3*4096kB (M) = 15908kB Node 0 __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 DMA32: 4*4kB (UM) 2*8kB (M) 3*16kB (M) 3*32kB (M) 4*64kB (UM) 4*128kB (UM) 3*256kB (M) 4*512kB (UM) 3*1024kB (UM) 3*2048kB (M) 3*4096kB (M) = 25264kB Node 0 Normal: 942*4kB (UME) __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 338*8kB (UMEH) 149*16kB (UME) 84*32kB (UMEH) __alloc_pages include/linux/gfp.h:473 [inline] __alloc_pages_node include/linux/gfp.h:486 [inline] kmem_getpages mm/slab.c:1409 [inline] cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 25*64kB (UM) 2*128kB fallback_alloc+0x203/0x2e0 mm/slab.c:3219 (UH) ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 0*256kB slab_alloc_node mm/slab.c:3327 [inline] kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 1*512kB (H) __alloc_skb+0x119/0x770 net/core/skbuff.c:193 0*1024kB 0*2048kB 0*4096kB = 13912kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 175 total pagecache pages 0 pages in swap cache alloc_skb include/linux/skbuff.h:997 [inline] ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 Swap cache stats: add 0, delete 0, find 0/0 ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 Free swap = 0kB addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 Total swap = 0kB 1965979 pages RAM call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 0 pages HighMem/MovableOnly 342307 pages reserved 0 pages cma reserved ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| __GFP_COMP), nodemask=(null) rsyslogd cpuset= / mems_allowed=0 expire_timers kernel/time/timer.c:1363 [inline] __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 __do_softirq+0x30b/0xad8 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 </IRQ> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 [inline] RIP: 0010:slab_alloc mm/slab.c:3385 [inline] RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552 Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00 e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23 RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000 RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286 RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4 R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000 R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020 skb_clone+0x1bb/0x500 net/core/skbuff.c:1280 ____bpf_clone_redirect net/core/filter.c:2079 [inline] bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066 bpf_prog_41f2bcae09cd4ac3+0x194/0x1000 Mem-Info: CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 active_anon:48193 inactive_anon:137 isolated_anon:0 active_file:16 inactive_file:15 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:9165 slab_unreclaimable:1475206 mapped:8194 shmem:144 pagetables:402 bounce:0 free:13771 free_pcp:443 free_cma:0 Call Trace: Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes <IRQ> Node 0 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 0 2819 6323 6323 __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 Node 0 DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB lowmem_reserve[]: 0 0 3503 3503 Node 0 Normal free:13912kB min:37352kB low:46688kB high:56024kB active_anon:192772kB inactive_anon:548kB active_file:60kB inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB bounce:0kB free_pcp:1524kB local_pcp:68kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 (M) 3*4096kB (M) = 15908kB Node 0 DMA32: __alloc_pages include/linux/gfp.h:473 [inline] __alloc_pages_node include/linux/gfp.h:486 [inline] kmem_getpages mm/slab.c:1409 [inline] cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 4*4kB (UM) fallback_alloc+0x203/0x2e0 mm/slab.c:3219 2*8kB ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 (M) slab_alloc_node mm/slab.c:3327 [inline] kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 3*16kB (M) __alloc_skb+0x119/0x770 net/core/skbuff.c:193 3*32kB (M) 4*64kB (UM) 4*128kB (UM) 3*256kB alloc_skb include/linux/skbuff.h:997 [inline] ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 (M) ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 4*512kB addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 (UM) 3*1024kB (UM) call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 3*2048kB (M) 3*4096kB (M) = 25264kB Node 0 Normal: 942*4kB (UME) 338*8kB (UMEH) 149*16kB (UME) 84*32kB (UMEH) 25*64kB (UM) expire_timers kernel/time/timer.c:1363 [inline] __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 2*128kB (UH) 0*256kB 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 13912kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 175 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 1965979 pages RAM 0 pages HighMem/MovableOnly __do_softirq+0x30b/0xad8 kernel/softirq.c:292 342307 pages reserved 0 pages cma reserved ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| __GFP_COMP), nodemask=(null) syz-executor0 cpuset= syz0 mems_allowed=0 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 </IRQ> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 [inline] RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409 Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f 84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00 e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00 RSP: 0000:ffff8801bccde450 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293 RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0 R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000 R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0 vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922 vprintk_default+0x28/0x30 kernel/printk/printk.c:1963 vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398 printk+0xa7/0xcf kernel/printk/printk.c:1996 dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371 dump_header+0x7cc/0xf72 mm/oom_kill.c:447 oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953 out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120 __alloc_pages_may_oom mm/page_alloc.c:3522 [inline] __alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235 __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 __alloc_pages include/linux/gfp.h:473 [inline] __alloc_pages_node include/linux/gfp.h:486 [inline] kmem_getpages mm/slab.c:1409 [inline] cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 fallback_alloc+0x203/0x2e0 mm/slab.c:3219 ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 __do_cache_alloc mm/slab.c:3356 [inline] slab_alloc mm/slab.c:3384 [inline] kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618 kmalloc include/linux/slab.h:513 [inline] syslog_print kernel/printk/printk.c:1297 [inline] do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465 kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40 proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231 __vfs_read+0x117/0x9b0 fs/read_write.c:416 vfs_read+0x17f/0x3c0 fs/read_write.c:452 ksys_read+0x101/0x260 fs/read_write.c:578 __do_sys_read fs/read_write.c:588 [inline] __se_sys_read fs/read_write.c:586 [inline] __x64_sys_read+0x73/0xb0 fs/read_write.c:586 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f5bbee581fd Code: Bad RIP value. RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000 R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420 R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003 CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118 Mem-Info: active_anon:48193 inactive_anon:137 isolated_anon:0 active_file:16 inactive_file:15 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:9165 slab_unreclaimable:1475206 mapped:8194 shmem:144 pagetables:402 bounce:0 free:13771 free_pcp:443 free_cma:0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Call Trace: Node 0 <IRQ> DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 lowmem_reserve[]: 0 warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 2819 6323 6323 Node 0 DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 lowmem_reserve[]: 0 0 3503 3503 Node 0 Normal free:13912kB min:37352kB low:46688kB high:56024kB active_anon:192772kB inactive_anon:548kB active_file:60kB inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) __alloc_pages include/linux/gfp.h:473 [inline] __alloc_pages_node include/linux/gfp.h:486 [inline] kmem_getpages mm/slab.c:1409 [inline] cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 = 15908kB Node 0 fallback_alloc+0x203/0x2e0 mm/slab.c:3219 DMA32: ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 4*4kB slab_alloc_node mm/slab.c:3327 [inline] kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 (UM) 2*8kB __alloc_skb+0x119/0x770 net/core/skbuff.c:193 (M) 3*16kB (M) 3*32kB (M) 4*64kB alloc_skb include/linux/skbuff.h:997 [inline] ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 (UM) ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 4*128kB addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 (UM) 3*256kB call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 (M) 4*512kB (UM) 3*1024kB (UM) 3*2048kB (M) 3*4096kB (M) = 25264kB Node 0 Normal: 942*4kB (UME) 338*8kB (UMEH) 149*16kB expire_timers kernel/time/timer.c:1363 [inline] __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 (UME) 84*32kB (UMEH) 25*64kB (UM) 2*128kB (UH) 0*256kB 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 13912kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 175 total pagecache pages 0 pages in swap cache __do_softirq+0x30b/0xad8 kernel/softirq.c:292 Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 342307 pages reserved 0 pages cma reserved ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| __GFP_COMP), nodemask=(null) rsyslogd cpuset= invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 / exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 mems_allowed=0 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 </IRQ> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 [inline] RIP: 0010:slab_alloc mm/slab.c:3385 [inline] RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552 Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00 e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23 RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000 RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286 RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4 R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000 R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020 skb_clone+0x1bb/0x500 net/core/skbuff.c:1280 ____bpf_clone_redirect net/core/filter.c:2079 [inline] bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066 bpf_prog_41f2bcae09cd4ac3+0x194/0x1000 CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118 ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| __GFP_COMP), nodemask=(null) warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 syz-executor0 cpuset= syz0 mems_allowed=0 __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 __alloc_pages include/linux/gfp.h:473 [inline] __alloc_pages_node include/linux/gfp.h:486 [inline] kmem_getpages mm/slab.c:1409 [inline] cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 fallback_alloc+0x203/0x2e0 mm/slab.c:3219 ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 slab_alloc_node mm/slab.c:3327 [inline] kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 __alloc_skb+0x119/0x770 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:997 [inline] ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 expire_timers kernel/time/timer.c:1363 [inline] __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 __do_softirq+0x30b/0xad8 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 </IRQ> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 [inline] RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409 Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f 84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00 e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00 RSP: 0000:ffff8801bccde450 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293 RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0 R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000 R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0 vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922 vprintk_default+0x28/0x30 kernel/printk/printk.c:1963 vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398 printk+0xa7/0xcf kernel/printk/printk.c:1996 dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371 dump_header+0x7cc/0xf72 mm/oom_kill.c:447 oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953 out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120 __alloc_pages_may_oom mm/page_alloc.c:3522 [inline] __alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235 __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 __alloc_pages include/linux/gfp.h:473 [inline] __alloc_pages_node include/linux/gfp.h:486 [inline] kmem_getpages mm/slab.c:1409 [inline] cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 fallback_alloc+0x203/0x2e0 mm/slab.c:3219 ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 __do_cache_alloc mm/slab.c:3356 [inline] slab_alloc mm/slab.c:3384 [inline] kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618 kmalloc include/linux/slab.h:513 [inline] syslog_print kernel/printk/printk.c:1297 [inline] do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465 kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40 proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231 __vfs_read+0x117/0x9b0 fs/read_write.c:416 vfs_read+0x17f/0x3c0 fs/read_write.c:452 ksys_read+0x101/0x260 fs/read_write.c:578 __do_sys_read fs/read_write.c:588 [inline] __se_sys_read fs/read_write.c:586 [inline] __x64_sys_read+0x73/0xb0 fs/read_write.c:586 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f5bbee581fd Code: Bad RIP value. RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000 R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420 R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003 warn_alloc_show_mem: 1 callbacks suppressed CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118 Mem-Info: active_anon:48193 inactive_anon:137 isolated_anon:0 active_file:16 inactive_file:15 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:9165 slab_unreclaimable:1475206 mapped:8194 shmem:144 pagetables:402 bounce:0 free:13771 free_pcp:443 free_cma:0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Call Trace: Node 0 <IRQ> DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 lowmem_reserve[]: 0 warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 2819 6323 6323 Node 0 __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 3503 3503 Node 0 Normal free:13912kB min:37352kB low:46688kB high:56024kB active_anon:192772kB inactive_anon:548kB active_file:60kB inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB __alloc_pages include/linux/gfp.h:473 [inline] __alloc_pages_node include/linux/gfp.h:486 [inline] kmem_getpages mm/slab.c:1409 [inline] cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 (M) 3*4096kB fallback_alloc+0x203/0x2e0 mm/slab.c:3219 (M) = 15908kB ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 Node 0 slab_alloc_node mm/slab.c:3327 [inline] kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 DMA32: 4*4kB __alloc_skb+0x119/0x770 net/core/skbuff.c:193 (UM) 2*8kB (M) 3*16kB (M) 3*32kB (M) alloc_skb include/linux/skbuff.h:997 [inline] ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 4*64kB ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 (UM) addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 4*128kB (UM) call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 3*256kB (M) 4*512kB (UM) 3*1024kB (UM) 3*2048kB (M) 3*4096kB (M) = 25264kB Node 0 Normal: 942*4kB (UME) 338*8kB (UMEH) expire_timers kernel/time/timer.c:1363 [inline] __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 149*16kB (UME) 84*32kB (UMEH) 25*64kB (UM) 2*128kB (UH) 0*256kB 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 13912kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 175 total pagecache pages __do_softirq+0x30b/0xad8 kernel/softirq.c:292 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 342307 pages reserved 0 pages cma reserved ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| __GFP_COMP), nodemask=(null) invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 rsyslogd cpuset= exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 / mems_allowed=0 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 </IRQ> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 [inline] RIP: 0010:slab_alloc mm/slab.c:3385 [inline] RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552 Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00 e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23 RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000 RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286 RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4 R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000 R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020 skb_clone+0x1bb/0x500 net/core/skbuff.c:1280 ____bpf_clone_redirect net/core/filter.c:2079 [inline] bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066 bpf_prog_41f2bcae09cd4ac3+0x194/0x1000 CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118 ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| __GFP_COMP), nodemask=(null) syz-executor0 cpuset= syz0 mems_allowed=0 __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 __alloc_pages include/linux/gfp.h:473 [inline] __alloc_pages_node include/linux/gfp.h:486 [inline] kmem_getpages mm/slab.c:1409 [inline] cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 fallback_alloc+0x203/0x2e0 mm/slab.c:3219 ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 slab_alloc_node mm/slab.c:3327 [inline] kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 __alloc_skb+0x119/0x770 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:997 [inline] ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 expire_timers kernel/time/timer.c:1363 [inline] __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with syzbot. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb @ 2018-12-31 7:49 ` Dmitry Vyukov 0 siblings, 0 replies; 20+ messages in thread From: Dmitry Vyukov @ 2018-12-31 7:49 UTC (permalink / raw) To: syzbot Cc: David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM On Mon, Dec 31, 2018 at 8:42 AM syzbot <syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com> wrote: > > Hello, > > syzbot found the following crash on: > > HEAD commit: ef4ab8447aa2 selftests: bpf: install script with_addr.sh > git tree: bpf-next > console output: https://syzkaller.appspot.com/x/log.txt?x=14a28b6e400000 > kernel config: https://syzkaller.appspot.com/x/.config?x=7e7e2279c0020d5f > dashboard link: https://syzkaller.appspot.com/bug?extid=ea7d9cb314b4ab49a18a > compiler: gcc (GCC) 8.0.1 20180413 (experimental) > > Unfortunately, I don't have any reproducer for this crash yet. > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com Since this involves OOMs and looks like a one-off induced memory corruption: #syz dup: kernel panic: corrupted stack end in wb_workfn > CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118 > rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > rcu: (detected by 0, t=10712 jiffies, g=90369, q=135) > <IRQ> > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 > rcu: All QSes seen, last rcu_preempt kthread activity 10548 > (4295003843-4294993295), jiffies_till_next_fqs=1, root ->qsmask 0x0 > syz-executor0 R > running task > warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 > 22896 7592 5826 0x8010000c > Call Trace: > <IRQ> > sched_show_task.cold.83+0x2b6/0x30a kernel/sched/core.c:5296 > __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 > print_other_cpu_stall.cold.79+0xa83/0xba5 kernel/rcu/tree.c:1430 > check_cpu_stall kernel/rcu/tree.c:1557 [inline] > __rcu_pending kernel/rcu/tree.c:3276 [inline] > rcu_pending kernel/rcu/tree.c:3319 [inline] > rcu_check_callbacks+0xafc/0x1990 kernel/rcu/tree.c:2665 > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > slab_alloc_node mm/slab.c:3327 [inline] > kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 > __alloc_skb+0x119/0x770 net/core/skbuff.c:193 > alloc_skb include/linux/skbuff.h:997 [inline] > ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 > ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 > update_process_times+0x2d/0x70 kernel/time/timer.c:1636 > addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 > tick_sched_handle+0x9f/0x180 kernel/time/tick-sched.c:164 > tick_sched_timer+0x45/0x130 kernel/time/tick-sched.c:1274 > __run_hrtimer kernel/time/hrtimer.c:1398 [inline] > __hrtimer_run_queues+0x41c/0x10d0 kernel/time/hrtimer.c:1460 > call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 > hrtimer_interrupt+0x313/0x780 kernel/time/hrtimer.c:1518 > local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1029 [inline] > smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1054 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 > RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 > [inline] > RIP: 0010:slab_alloc_node mm/slab.c:3329 [inline] > RIP: 0010:kmem_cache_alloc_node+0x247/0x730 mm/slab.c:3642 > Code: 3f 7e 0f 85 32 ff ff ff e8 a5 7f 3e ff e9 28 ff ff ff e8 0c e3 c2 ff > 48 83 3d 5c f4 6f 07 00 0f 84 33 01 00 00 4c 89 ff 57 9d <0f> 1f 44 00 00 > e9 bf fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23 > RSP: 0000:ffff8801dae07450 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 > RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffffff8184e1ca > RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286 > RBP: ffff8801dae074c0 R08: ffff880193c38700 R09: fffffbfff12812c4 > R10: ffff8801dae06098 R11: ffffffff89409623 R12: ffff8801d9a04040 > R13: ffff8801d9a04040 R14: 0000000000000000 R15: 0000000000000286 > __alloc_skb+0x119/0x770 net/core/skbuff.c:193 > alloc_skb include/linux/skbuff.h:997 [inline] > ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 > expire_timers kernel/time/timer.c:1363 [inline] > __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 > ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 > addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 > call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 > run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 > __do_softirq+0x30b/0xad8 kernel/softirq.c:292 > expire_timers kernel/time/timer.c:1363 [inline] > __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 > invoke_softirq kernel/softirq.c:372 [inline] > irq_exit+0x17f/0x1c0 kernel/softirq.c:412 > exiting_irq arch/x86/include/asm/apic.h:536 [inline] > smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 > run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 > __do_softirq+0x30b/0xad8 kernel/softirq.c:292 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 > </IRQ> > RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 > [inline] > RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409 > Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f > 84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00 > e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00 > RSP: 0000:ffff8801bccde450 EFLAGS: 00000293 > ORIG_RAX: ffffffffffffff13 > invoke_softirq kernel/softirq.c:372 [inline] > irq_exit+0x17f/0x1c0 kernel/softirq.c:412 > RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca > RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293 > exiting_irq arch/x86/include/asm/apic.h:536 [inline] > smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 > RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0 > R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000 > R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0 > vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 > </IRQ> > RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 > [inline] > RIP: 0010:slab_alloc mm/slab.c:3385 [inline] > RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552 > Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48 > 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00 > e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23 > RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 > vprintk_default+0x28/0x30 kernel/printk/printk.c:1963 > ORIG_RAX: ffffffffffffff13 > vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398 > RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000 > printk+0xa7/0xcf kernel/printk/printk.c:1996 > RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286 > RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4 > R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000 > dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371 > R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020 > dump_header+0x7cc/0xf72 mm/oom_kill.c:447 > skb_clone+0x1bb/0x500 net/core/skbuff.c:1280 > ____bpf_clone_redirect net/core/filter.c:2079 [inline] > bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066 > bpf_prog_41f2bcae09cd4ac3+0x194/0x1000 > oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953 > out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120 > __alloc_pages_may_oom mm/page_alloc.c:3522 [inline] > __alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235 > rcu: rcu_preempt kthread starved for 10548 jiffies! g90369 f0x2 > RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 > rcu: RCU grace-period kthread stack dump: > rcu_preempt R > running task 22736 10 2 0x80000000 > Call Trace: > context_switch kernel/sched/core.c:2825 [inline] > __schedule+0x86c/0x1ed0 kernel/sched/core.c:3473 > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > schedule+0xfe/0x460 kernel/sched/core.c:3517 > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > schedule_timeout+0x140/0x260 kernel/time/timer.c:1804 > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > __do_cache_alloc mm/slab.c:3356 [inline] > slab_alloc mm/slab.c:3384 [inline] > kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618 > rcu_gp_kthread+0x9d9/0x2310 kernel/rcu/tree.c:2194 > kmalloc include/linux/slab.h:513 [inline] > syslog_print kernel/printk/printk.c:1297 [inline] > do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465 > kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40 > proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231 > __vfs_read+0x117/0x9b0 fs/read_write.c:416 > vfs_read+0x17f/0x3c0 fs/read_write.c:452 > ksys_read+0x101/0x260 fs/read_write.c:578 > __do_sys_read fs/read_write.c:588 [inline] > __se_sys_read fs/read_write.c:586 [inline] > __x64_sys_read+0x73/0xb0 fs/read_write.c:586 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > RIP: 0033:0x7f5bbee581fd > Code: Bad RIP value. > RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293 > ORIG_RAX: 0000000000000000 > RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd > RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004 > RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000 > R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420 > R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003 > warn_alloc_show_mem: 1 callbacks suppressed > Mem-Info: > active_anon:48193 inactive_anon:137 isolated_anon:0 > active_file:16 inactive_file:15 isolated_file:0 > unevictable:0 dirty:0 writeback:0 unstable:0 > slab_reclaimable:9165 slab_unreclaimable:1475206 > mapped:8194 shmem:144 pagetables:402 bounce:0 > free:13771 free_pcp:443 free_cma:0 > Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB > inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB > mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB > shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB > all_unreclaimable? yes > Node 0 > DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB > inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB > writepending:0kB present:15992kB managed:15908kB mlocked:0kB > kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB > free_cma:0kB > lowmem_reserve[]: > 0 > 2819 > 6323 > 6323 > Node 0 > DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB > inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB > writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB > kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB > free_cma:0kB > lowmem_reserve[]: > 0 > 0 > 3503 > 3503 > Node 0 > Normal free:13912kB min:37352kB low:46688kB high:56024kB > active_anon:192772kB inactive_anon:548kB active_file:60kB > inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB > managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB > bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB > lowmem_reserve[]: > kthread+0x35a/0x420 kernel/kthread.c:246 > 0 > 0 > 0 > ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413 > 0 > ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb > Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB > syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| > __GFP_COMP), nodemask=(null) > (U) > syz-executor0 cpuset= > 2*64kB > syz0 > (U) > mems_allowed=0 > 1*128kB > CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118 > (U) > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > 1*256kB (U) > Call Trace: > 0*512kB > <IRQ> > 1*1024kB > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 > (U) > 1*2048kB > warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 > (M) > 3*4096kB > (M) > = 15908kB > Node 0 > __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 > DMA32: > 4*4kB > (UM) > 2*8kB (M) > 3*16kB > (M) > 3*32kB > (M) > 4*64kB > (UM) > 4*128kB > (UM) > 3*256kB > (M) > 4*512kB > (UM) > 3*1024kB > (UM) > 3*2048kB > (M) > 3*4096kB > (M) > = 25264kB > Node 0 > Normal: > 942*4kB > (UME) > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > 338*8kB > (UMEH) > 149*16kB > (UME) > 84*32kB > (UMEH) > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > 25*64kB (UM) > 2*128kB > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > (UH) > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > 0*256kB > slab_alloc_node mm/slab.c:3327 [inline] > kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 > 1*512kB > (H) > __alloc_skb+0x119/0x770 net/core/skbuff.c:193 > 0*1024kB > 0*2048kB 0*4096kB > = 13912kB > Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 > hugepages_size=1048576kB > Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 > hugepages_size=2048kB > 175 total pagecache pages > 0 pages in swap cache > alloc_skb include/linux/skbuff.h:997 [inline] > ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 > Swap cache stats: add 0, delete 0, find 0/0 > ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 > Free swap = 0kB > addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 > Total swap = 0kB > 1965979 pages RAM > call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 > 0 pages HighMem/MovableOnly > 342307 pages reserved > 0 pages cma reserved > ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb > rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| > __GFP_COMP), nodemask=(null) > rsyslogd cpuset= > / > mems_allowed=0 > expire_timers kernel/time/timer.c:1363 [inline] > __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 > run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 > __do_softirq+0x30b/0xad8 kernel/softirq.c:292 > invoke_softirq kernel/softirq.c:372 [inline] > irq_exit+0x17f/0x1c0 kernel/softirq.c:412 > exiting_irq arch/x86/include/asm/apic.h:536 [inline] > smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 > </IRQ> > RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 > [inline] > RIP: 0010:slab_alloc mm/slab.c:3385 [inline] > RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552 > Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48 > 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00 > e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23 > RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 > RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000 > RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286 > RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4 > R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000 > R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020 > skb_clone+0x1bb/0x500 net/core/skbuff.c:1280 > ____bpf_clone_redirect net/core/filter.c:2079 [inline] > bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066 > bpf_prog_41f2bcae09cd4ac3+0x194/0x1000 > Mem-Info: > CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > active_anon:48193 inactive_anon:137 isolated_anon:0 > active_file:16 inactive_file:15 isolated_file:0 > unevictable:0 dirty:0 writeback:0 unstable:0 > slab_reclaimable:9165 slab_unreclaimable:1475206 > mapped:8194 shmem:144 pagetables:402 bounce:0 > free:13771 free_pcp:443 free_cma:0 > Call Trace: > Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB > inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB > mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB > shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB > all_unreclaimable? yes > <IRQ> > Node 0 > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 > DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB > inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB > writepending:0kB present:15992kB managed:15908kB mlocked:0kB > kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB > free_cma:0kB > lowmem_reserve[]: > warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 > 0 > 2819 > 6323 > 6323 > __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 > Node 0 > DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB > inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB > writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB > kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:248kB > free_cma:0kB > lowmem_reserve[]: > 0 > 0 > 3503 > 3503 > Node 0 > Normal free:13912kB min:37352kB low:46688kB high:56024kB > active_anon:192772kB inactive_anon:548kB active_file:60kB > inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB > managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB > bounce:0kB free_pcp:1524kB local_pcp:68kB free_cma:0kB > lowmem_reserve[]: 0 > 0 > 0 > 0 > Node 0 DMA: > 1*4kB > (U) > 0*8kB > 0*16kB > 1*32kB > (U) > 2*64kB > (U) > 1*128kB > (U) > 1*256kB > (U) > 0*512kB > 1*1024kB > (U) > 1*2048kB > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > (M) > 3*4096kB > (M) > = 15908kB > Node 0 > DMA32: > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > 4*4kB > (UM) > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > 2*8kB > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > (M) > slab_alloc_node mm/slab.c:3327 [inline] > kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 > 3*16kB > (M) > __alloc_skb+0x119/0x770 net/core/skbuff.c:193 > 3*32kB > (M) > 4*64kB > (UM) > 4*128kB > (UM) > 3*256kB > alloc_skb include/linux/skbuff.h:997 [inline] > ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 > (M) > ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 > 4*512kB > addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 > (UM) > 3*1024kB > (UM) > call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 > 3*2048kB > (M) > 3*4096kB > (M) > = 25264kB > Node 0 > Normal: > 942*4kB > (UME) > 338*8kB > (UMEH) > 149*16kB > (UME) > 84*32kB > (UMEH) > 25*64kB > (UM) > expire_timers kernel/time/timer.c:1363 [inline] > __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 > 2*128kB > (UH) > 0*256kB > 1*512kB > (H) > 0*1024kB > 0*2048kB > 0*4096kB > = 13912kB > Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 > hugepages_size=1048576kB > Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 > hugepages_size=2048kB > 175 total pagecache pages > 0 pages in swap cache > Swap cache stats: add 0, delete 0, find 0/0 > Free swap = 0kB > Total swap = 0kB > run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 > 1965979 pages RAM > 0 pages HighMem/MovableOnly > __do_softirq+0x30b/0xad8 kernel/softirq.c:292 > 342307 pages reserved > 0 pages cma reserved > ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb > syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| > __GFP_COMP), nodemask=(null) > syz-executor0 cpuset= > syz0 > mems_allowed=0 > invoke_softirq kernel/softirq.c:372 [inline] > irq_exit+0x17f/0x1c0 kernel/softirq.c:412 > exiting_irq arch/x86/include/asm/apic.h:536 [inline] > smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 > </IRQ> > RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 > [inline] > RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409 > Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f > 84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00 > e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00 > RSP: 0000:ffff8801bccde450 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 > RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca > RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293 > RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0 > R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000 > R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0 > vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922 > vprintk_default+0x28/0x30 kernel/printk/printk.c:1963 > vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398 > printk+0xa7/0xcf kernel/printk/printk.c:1996 > dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371 > dump_header+0x7cc/0xf72 mm/oom_kill.c:447 > oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953 > out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120 > __alloc_pages_may_oom mm/page_alloc.c:3522 [inline] > __alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235 > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > __do_cache_alloc mm/slab.c:3356 [inline] > slab_alloc mm/slab.c:3384 [inline] > kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618 > kmalloc include/linux/slab.h:513 [inline] > syslog_print kernel/printk/printk.c:1297 [inline] > do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465 > kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40 > proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231 > __vfs_read+0x117/0x9b0 fs/read_write.c:416 > vfs_read+0x17f/0x3c0 fs/read_write.c:452 > ksys_read+0x101/0x260 fs/read_write.c:578 > __do_sys_read fs/read_write.c:588 [inline] > __se_sys_read fs/read_write.c:586 [inline] > __x64_sys_read+0x73/0xb0 fs/read_write.c:586 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > RIP: 0033:0x7f5bbee581fd > Code: Bad RIP value. > RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 > RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd > RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004 > RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000 > R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420 > R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003 > CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118 > Mem-Info: > active_anon:48193 inactive_anon:137 isolated_anon:0 > active_file:16 inactive_file:15 isolated_file:0 > unevictable:0 dirty:0 writeback:0 unstable:0 > slab_reclaimable:9165 slab_unreclaimable:1475206 > mapped:8194 shmem:144 pagetables:402 bounce:0 > free:13771 free_pcp:443 free_cma:0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB > inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB > mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB > shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB > all_unreclaimable? yes > Call Trace: > Node 0 > <IRQ> > DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB > inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB > writepending:0kB present:15992kB managed:15908kB mlocked:0kB > kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB > free_cma:0kB > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 > lowmem_reserve[]: > 0 > warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 > 2819 > 6323 6323 > Node 0 DMA32 free:25264kB min:30060kB low:37572kB high:45084kB > active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:0kB > unevictable:0kB writepending:0kB present:3129332kB managed:2890736kB > mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB > local_pcp:0kB free_cma:0kB > __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 > lowmem_reserve[]: > 0 > 0 3503 > 3503 > Node 0 > Normal free:13912kB min:37352kB low:46688kB high:56024kB > active_anon:192772kB inactive_anon:548kB active_file:60kB > inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB > managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB > bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB > lowmem_reserve[]: > 0 > 0 > 0 > 0 > Node 0 DMA: > 1*4kB > (U) > 0*8kB > 0*16kB > 1*32kB > (U) > 2*64kB > (U) > 1*128kB > (U) > 1*256kB > (U) > 0*512kB > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > 1*1024kB > (U) > 1*2048kB > (M) > 3*4096kB > (M) > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > = 15908kB > Node 0 > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > DMA32: > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > 4*4kB > slab_alloc_node mm/slab.c:3327 [inline] > kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 > (UM) > 2*8kB > __alloc_skb+0x119/0x770 net/core/skbuff.c:193 > (M) > 3*16kB > (M) > 3*32kB > (M) > 4*64kB > alloc_skb include/linux/skbuff.h:997 [inline] > ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 > (UM) > ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 > 4*128kB > addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 > (UM) > 3*256kB > call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 > (M) > 4*512kB > (UM) > 3*1024kB > (UM) > 3*2048kB > (M) > 3*4096kB > (M) > = 25264kB > Node 0 > Normal: > 942*4kB > (UME) > 338*8kB > (UMEH) > 149*16kB > expire_timers kernel/time/timer.c:1363 [inline] > __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 > (UME) > 84*32kB > (UMEH) > 25*64kB > (UM) > 2*128kB > (UH) > 0*256kB > 1*512kB > (H) > 0*1024kB > 0*2048kB > 0*4096kB > = 13912kB > Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 > hugepages_size=1048576kB > Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 > hugepages_size=2048kB > run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 > 175 total pagecache pages > 0 pages in swap cache > __do_softirq+0x30b/0xad8 kernel/softirq.c:292 > Swap cache stats: add 0, delete 0, find 0/0 > Free swap = 0kB > Total swap = 0kB > 1965979 pages RAM > 0 pages HighMem/MovableOnly > 342307 pages reserved > 0 pages cma reserved > ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb > rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| > __GFP_COMP), nodemask=(null) > rsyslogd cpuset= > invoke_softirq kernel/softirq.c:372 [inline] > irq_exit+0x17f/0x1c0 kernel/softirq.c:412 > / > exiting_irq arch/x86/include/asm/apic.h:536 [inline] > smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 > mems_allowed=0 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 > </IRQ> > RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 > [inline] > RIP: 0010:slab_alloc mm/slab.c:3385 [inline] > RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552 > Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48 > 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00 > e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23 > RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 > RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000 > RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286 > RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4 > R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000 > R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020 > skb_clone+0x1bb/0x500 net/core/skbuff.c:1280 > ____bpf_clone_redirect net/core/filter.c:2079 [inline] > bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066 > bpf_prog_41f2bcae09cd4ac3+0x194/0x1000 > CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118 > ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > <IRQ> > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 > syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| > __GFP_COMP), nodemask=(null) > warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 > syz-executor0 cpuset= > syz0 > mems_allowed=0 > __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > slab_alloc_node mm/slab.c:3327 [inline] > kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 > __alloc_skb+0x119/0x770 net/core/skbuff.c:193 > alloc_skb include/linux/skbuff.h:997 [inline] > ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 > ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 > addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 > call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 > expire_timers kernel/time/timer.c:1363 [inline] > __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 > run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 > __do_softirq+0x30b/0xad8 kernel/softirq.c:292 > invoke_softirq kernel/softirq.c:372 [inline] > irq_exit+0x17f/0x1c0 kernel/softirq.c:412 > exiting_irq arch/x86/include/asm/apic.h:536 [inline] > smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 > </IRQ> > RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 > [inline] > RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409 > Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f > 84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00 > e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00 > RSP: 0000:ffff8801bccde450 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 > RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca > RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293 > RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0 > R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000 > R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0 > vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922 > vprintk_default+0x28/0x30 kernel/printk/printk.c:1963 > vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398 > printk+0xa7/0xcf kernel/printk/printk.c:1996 > dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371 > dump_header+0x7cc/0xf72 mm/oom_kill.c:447 > oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953 > out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120 > __alloc_pages_may_oom mm/page_alloc.c:3522 [inline] > __alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235 > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > __do_cache_alloc mm/slab.c:3356 [inline] > slab_alloc mm/slab.c:3384 [inline] > kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618 > kmalloc include/linux/slab.h:513 [inline] > syslog_print kernel/printk/printk.c:1297 [inline] > do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465 > kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40 > proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231 > __vfs_read+0x117/0x9b0 fs/read_write.c:416 > vfs_read+0x17f/0x3c0 fs/read_write.c:452 > ksys_read+0x101/0x260 fs/read_write.c:578 > __do_sys_read fs/read_write.c:588 [inline] > __se_sys_read fs/read_write.c:586 [inline] > __x64_sys_read+0x73/0xb0 fs/read_write.c:586 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > RIP: 0033:0x7f5bbee581fd > Code: Bad RIP value. > RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 > RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd > RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004 > RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000 > R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420 > R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003 > warn_alloc_show_mem: 1 callbacks suppressed > CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118 > Mem-Info: > active_anon:48193 inactive_anon:137 isolated_anon:0 > active_file:16 inactive_file:15 isolated_file:0 > unevictable:0 dirty:0 writeback:0 unstable:0 > slab_reclaimable:9165 slab_unreclaimable:1475206 > mapped:8194 shmem:144 pagetables:402 bounce:0 > free:13771 free_pcp:443 free_cma:0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB > inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB > mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB > shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB > all_unreclaimable? yes > Call Trace: > Node 0 > <IRQ> > DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB > inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB > writepending:0kB present:15992kB managed:15908kB mlocked:0kB > kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB > free_cma:0kB > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 > lowmem_reserve[]: > 0 > warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 > 2819 > 6323 > 6323 > Node 0 > __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 > DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB > inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB > writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB > kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB > free_cma:0kB > lowmem_reserve[]: > 0 > 0 > 3503 3503 > Node 0 Normal free:13912kB min:37352kB low:46688kB high:56024kB > active_anon:192772kB inactive_anon:548kB active_file:60kB > inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB > managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB > bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB > lowmem_reserve[]: > 0 0 > 0 > 0 > Node 0 DMA: > 1*4kB > (U) > 0*8kB > 0*16kB > 1*32kB > (U) > 2*64kB > (U) 1*128kB > (U) > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > 1*256kB > (U) > 0*512kB > 1*1024kB > (U) > 1*2048kB > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > (M) > 3*4096kB > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > (M) = 15908kB > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > Node 0 > slab_alloc_node mm/slab.c:3327 [inline] > kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 > DMA32: > 4*4kB > __alloc_skb+0x119/0x770 net/core/skbuff.c:193 > (UM) > 2*8kB > (M) > 3*16kB > (M) > 3*32kB > (M) > alloc_skb include/linux/skbuff.h:997 [inline] > ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 > 4*64kB > ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 > (UM) > addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 > 4*128kB > (UM) > call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 > 3*256kB > (M) > 4*512kB > (UM) > 3*1024kB > (UM) > 3*2048kB > (M) > 3*4096kB > (M) > = 25264kB > Node 0 > Normal: > 942*4kB > (UME) > 338*8kB > (UMEH) > expire_timers kernel/time/timer.c:1363 [inline] > __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 > 149*16kB > (UME) > 84*32kB > (UMEH) > 25*64kB > (UM) > 2*128kB > (UH) > 0*256kB > 1*512kB > (H) > 0*1024kB > 0*2048kB > 0*4096kB > = 13912kB > Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 > hugepages_size=1048576kB > run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 > Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 > hugepages_size=2048kB > 175 total pagecache pages > __do_softirq+0x30b/0xad8 kernel/softirq.c:292 > 0 pages in swap cache > Swap cache stats: add 0, delete 0, find 0/0 > Free swap = 0kB > Total swap = 0kB > 1965979 pages RAM > 0 pages HighMem/MovableOnly > 342307 pages reserved > 0 pages cma reserved > ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb > rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| > __GFP_COMP), nodemask=(null) > invoke_softirq kernel/softirq.c:372 [inline] > irq_exit+0x17f/0x1c0 kernel/softirq.c:412 > rsyslogd cpuset= > exiting_irq arch/x86/include/asm/apic.h:536 [inline] > smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 > / > mems_allowed=0 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 > </IRQ> > RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 > [inline] > RIP: 0010:slab_alloc mm/slab.c:3385 [inline] > RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552 > Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48 > 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00 > e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23 > RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 > RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000 > RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286 > RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4 > R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000 > R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020 > skb_clone+0x1bb/0x500 net/core/skbuff.c:1280 > ____bpf_clone_redirect net/core/filter.c:2079 [inline] > bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066 > bpf_prog_41f2bcae09cd4ac3+0x194/0x1000 > CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118 > ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > <IRQ> > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 > warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 > syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| > __GFP_COMP), nodemask=(null) > syz-executor0 cpuset= > syz0 mems_allowed=0 > __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > slab_alloc_node mm/slab.c:3327 [inline] > kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 > __alloc_skb+0x119/0x770 net/core/skbuff.c:193 > alloc_skb include/linux/skbuff.h:997 [inline] > ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 > ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 > addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 > call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 > expire_timers kernel/time/timer.c:1363 [inline] > __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 > > > --- > This bug is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this bug report. See: > https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with > syzbot. > > -- > You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/0000000000007beca9057e4c8c14%40google.com. > For more options, visit https://groups.google.com/d/optout. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb @ 2018-12-31 7:49 ` Dmitry Vyukov 0 siblings, 0 replies; 20+ messages in thread From: Dmitry Vyukov @ 2018-12-31 7:49 UTC (permalink / raw) To: syzbot Cc: David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM On Mon, Dec 31, 2018 at 8:42 AM syzbot <syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com> wrote: > > Hello, > > syzbot found the following crash on: > > HEAD commit: ef4ab8447aa2 selftests: bpf: install script with_addr.sh > git tree: bpf-next > console output: https://syzkaller.appspot.com/x/log.txt?x=14a28b6e400000 > kernel config: https://syzkaller.appspot.com/x/.config?x=7e7e2279c0020d5f > dashboard link: https://syzkaller.appspot.com/bug?extid=ea7d9cb314b4ab49a18a > compiler: gcc (GCC) 8.0.1 20180413 (experimental) > > Unfortunately, I don't have any reproducer for this crash yet. > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com Since this involves OOMs and looks like a one-off induced memory corruption: #syz dup: kernel panic: corrupted stack end in wb_workfn > CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118 > rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > rcu: (detected by 0, t=10712 jiffies, g=90369, q=135) > <IRQ> > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 > rcu: All QSes seen, last rcu_preempt kthread activity 10548 > (4295003843-4294993295), jiffies_till_next_fqs=1, root ->qsmask 0x0 > syz-executor0 R > running task > warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 > 22896 7592 5826 0x8010000c > Call Trace: > <IRQ> > sched_show_task.cold.83+0x2b6/0x30a kernel/sched/core.c:5296 > __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 > print_other_cpu_stall.cold.79+0xa83/0xba5 kernel/rcu/tree.c:1430 > check_cpu_stall kernel/rcu/tree.c:1557 [inline] > __rcu_pending kernel/rcu/tree.c:3276 [inline] > rcu_pending kernel/rcu/tree.c:3319 [inline] > rcu_check_callbacks+0xafc/0x1990 kernel/rcu/tree.c:2665 > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > slab_alloc_node mm/slab.c:3327 [inline] > kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 > __alloc_skb+0x119/0x770 net/core/skbuff.c:193 > alloc_skb include/linux/skbuff.h:997 [inline] > ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 > ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 > update_process_times+0x2d/0x70 kernel/time/timer.c:1636 > addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 > tick_sched_handle+0x9f/0x180 kernel/time/tick-sched.c:164 > tick_sched_timer+0x45/0x130 kernel/time/tick-sched.c:1274 > __run_hrtimer kernel/time/hrtimer.c:1398 [inline] > __hrtimer_run_queues+0x41c/0x10d0 kernel/time/hrtimer.c:1460 > call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 > hrtimer_interrupt+0x313/0x780 kernel/time/hrtimer.c:1518 > local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1029 [inline] > smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1054 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 > RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 > [inline] > RIP: 0010:slab_alloc_node mm/slab.c:3329 [inline] > RIP: 0010:kmem_cache_alloc_node+0x247/0x730 mm/slab.c:3642 > Code: 3f 7e 0f 85 32 ff ff ff e8 a5 7f 3e ff e9 28 ff ff ff e8 0c e3 c2 ff > 48 83 3d 5c f4 6f 07 00 0f 84 33 01 00 00 4c 89 ff 57 9d <0f> 1f 44 00 00 > e9 bf fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23 > RSP: 0000:ffff8801dae07450 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 > RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffffff8184e1ca > RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286 > RBP: ffff8801dae074c0 R08: ffff880193c38700 R09: fffffbfff12812c4 > R10: ffff8801dae06098 R11: ffffffff89409623 R12: ffff8801d9a04040 > R13: ffff8801d9a04040 R14: 0000000000000000 R15: 0000000000000286 > __alloc_skb+0x119/0x770 net/core/skbuff.c:193 > alloc_skb include/linux/skbuff.h:997 [inline] > ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 > expire_timers kernel/time/timer.c:1363 [inline] > __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 > ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 > addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 > call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 > run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 > __do_softirq+0x30b/0xad8 kernel/softirq.c:292 > expire_timers kernel/time/timer.c:1363 [inline] > __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 > invoke_softirq kernel/softirq.c:372 [inline] > irq_exit+0x17f/0x1c0 kernel/softirq.c:412 > exiting_irq arch/x86/include/asm/apic.h:536 [inline] > smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 > run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 > __do_softirq+0x30b/0xad8 kernel/softirq.c:292 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 > </IRQ> > RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 > [inline] > RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409 > Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f > 84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00 > e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00 > RSP: 0000:ffff8801bccde450 EFLAGS: 00000293 > ORIG_RAX: ffffffffffffff13 > invoke_softirq kernel/softirq.c:372 [inline] > irq_exit+0x17f/0x1c0 kernel/softirq.c:412 > RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca > RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293 > exiting_irq arch/x86/include/asm/apic.h:536 [inline] > smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 > RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0 > R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000 > R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0 > vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 > </IRQ> > RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 > [inline] > RIP: 0010:slab_alloc mm/slab.c:3385 [inline] > RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552 > Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48 > 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00 > e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23 > RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 > vprintk_default+0x28/0x30 kernel/printk/printk.c:1963 > ORIG_RAX: ffffffffffffff13 > vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398 > RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000 > printk+0xa7/0xcf kernel/printk/printk.c:1996 > RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286 > RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4 > R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000 > dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371 > R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020 > dump_header+0x7cc/0xf72 mm/oom_kill.c:447 > skb_clone+0x1bb/0x500 net/core/skbuff.c:1280 > ____bpf_clone_redirect net/core/filter.c:2079 [inline] > bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066 > bpf_prog_41f2bcae09cd4ac3+0x194/0x1000 > oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953 > out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120 > __alloc_pages_may_oom mm/page_alloc.c:3522 [inline] > __alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235 > rcu: rcu_preempt kthread starved for 10548 jiffies! g90369 f0x2 > RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 > rcu: RCU grace-period kthread stack dump: > rcu_preempt R > running task 22736 10 2 0x80000000 > Call Trace: > context_switch kernel/sched/core.c:2825 [inline] > __schedule+0x86c/0x1ed0 kernel/sched/core.c:3473 > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > schedule+0xfe/0x460 kernel/sched/core.c:3517 > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > schedule_timeout+0x140/0x260 kernel/time/timer.c:1804 > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > __do_cache_alloc mm/slab.c:3356 [inline] > slab_alloc mm/slab.c:3384 [inline] > kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618 > rcu_gp_kthread+0x9d9/0x2310 kernel/rcu/tree.c:2194 > kmalloc include/linux/slab.h:513 [inline] > syslog_print kernel/printk/printk.c:1297 [inline] > do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465 > kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40 > proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231 > __vfs_read+0x117/0x9b0 fs/read_write.c:416 > vfs_read+0x17f/0x3c0 fs/read_write.c:452 > ksys_read+0x101/0x260 fs/read_write.c:578 > __do_sys_read fs/read_write.c:588 [inline] > __se_sys_read fs/read_write.c:586 [inline] > __x64_sys_read+0x73/0xb0 fs/read_write.c:586 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > RIP: 0033:0x7f5bbee581fd > Code: Bad RIP value. > RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293 > ORIG_RAX: 0000000000000000 > RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd > RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004 > RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000 > R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420 > R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003 > warn_alloc_show_mem: 1 callbacks suppressed > Mem-Info: > active_anon:48193 inactive_anon:137 isolated_anon:0 > active_file:16 inactive_file:15 isolated_file:0 > unevictable:0 dirty:0 writeback:0 unstable:0 > slab_reclaimable:9165 slab_unreclaimable:1475206 > mapped:8194 shmem:144 pagetables:402 bounce:0 > free:13771 free_pcp:443 free_cma:0 > Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB > inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB > mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB > shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB > all_unreclaimable? yes > Node 0 > DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB > inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB > writepending:0kB present:15992kB managed:15908kB mlocked:0kB > kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB > free_cma:0kB > lowmem_reserve[]: > 0 > 2819 > 6323 > 6323 > Node 0 > DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB > inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB > writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB > kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB > free_cma:0kB > lowmem_reserve[]: > 0 > 0 > 3503 > 3503 > Node 0 > Normal free:13912kB min:37352kB low:46688kB high:56024kB > active_anon:192772kB inactive_anon:548kB active_file:60kB > inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB > managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB > bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB > lowmem_reserve[]: > kthread+0x35a/0x420 kernel/kthread.c:246 > 0 > 0 > 0 > ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413 > 0 > ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb > Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB > syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| > __GFP_COMP), nodemask=(null) > (U) > syz-executor0 cpuset= > 2*64kB > syz0 > (U) > mems_allowed=0 > 1*128kB > CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118 > (U) > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > 1*256kB (U) > Call Trace: > 0*512kB > <IRQ> > 1*1024kB > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 > (U) > 1*2048kB > warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 > (M) > 3*4096kB > (M) > = 15908kB > Node 0 > __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 > DMA32: > 4*4kB > (UM) > 2*8kB (M) > 3*16kB > (M) > 3*32kB > (M) > 4*64kB > (UM) > 4*128kB > (UM) > 3*256kB > (M) > 4*512kB > (UM) > 3*1024kB > (UM) > 3*2048kB > (M) > 3*4096kB > (M) > = 25264kB > Node 0 > Normal: > 942*4kB > (UME) > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > 338*8kB > (UMEH) > 149*16kB > (UME) > 84*32kB > (UMEH) > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > 25*64kB (UM) > 2*128kB > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > (UH) > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > 0*256kB > slab_alloc_node mm/slab.c:3327 [inline] > kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 > 1*512kB > (H) > __alloc_skb+0x119/0x770 net/core/skbuff.c:193 > 0*1024kB > 0*2048kB 0*4096kB > = 13912kB > Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 > hugepages_size=1048576kB > Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 > hugepages_size=2048kB > 175 total pagecache pages > 0 pages in swap cache > alloc_skb include/linux/skbuff.h:997 [inline] > ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 > Swap cache stats: add 0, delete 0, find 0/0 > ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 > Free swap = 0kB > addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 > Total swap = 0kB > 1965979 pages RAM > call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 > 0 pages HighMem/MovableOnly > 342307 pages reserved > 0 pages cma reserved > ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb > rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| > __GFP_COMP), nodemask=(null) > rsyslogd cpuset= > / > mems_allowed=0 > expire_timers kernel/time/timer.c:1363 [inline] > __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 > run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 > __do_softirq+0x30b/0xad8 kernel/softirq.c:292 > invoke_softirq kernel/softirq.c:372 [inline] > irq_exit+0x17f/0x1c0 kernel/softirq.c:412 > exiting_irq arch/x86/include/asm/apic.h:536 [inline] > smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 > </IRQ> > RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 > [inline] > RIP: 0010:slab_alloc mm/slab.c:3385 [inline] > RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552 > Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48 > 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00 > e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23 > RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 > RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000 > RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286 > RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4 > R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000 > R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020 > skb_clone+0x1bb/0x500 net/core/skbuff.c:1280 > ____bpf_clone_redirect net/core/filter.c:2079 [inline] > bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066 > bpf_prog_41f2bcae09cd4ac3+0x194/0x1000 > Mem-Info: > CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > active_anon:48193 inactive_anon:137 isolated_anon:0 > active_file:16 inactive_file:15 isolated_file:0 > unevictable:0 dirty:0 writeback:0 unstable:0 > slab_reclaimable:9165 slab_unreclaimable:1475206 > mapped:8194 shmem:144 pagetables:402 bounce:0 > free:13771 free_pcp:443 free_cma:0 > Call Trace: > Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB > inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB > mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB > shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB > all_unreclaimable? yes > <IRQ> > Node 0 > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 > DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB > inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB > writepending:0kB present:15992kB managed:15908kB mlocked:0kB > kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB > free_cma:0kB > lowmem_reserve[]: > warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 > 0 > 2819 > 6323 > 6323 > __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 > Node 0 > DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB > inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB > writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB > kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:248kB > free_cma:0kB > lowmem_reserve[]: > 0 > 0 > 3503 > 3503 > Node 0 > Normal free:13912kB min:37352kB low:46688kB high:56024kB > active_anon:192772kB inactive_anon:548kB active_file:60kB > inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB > managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB > bounce:0kB free_pcp:1524kB local_pcp:68kB free_cma:0kB > lowmem_reserve[]: 0 > 0 > 0 > 0 > Node 0 DMA: > 1*4kB > (U) > 0*8kB > 0*16kB > 1*32kB > (U) > 2*64kB > (U) > 1*128kB > (U) > 1*256kB > (U) > 0*512kB > 1*1024kB > (U) > 1*2048kB > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > (M) > 3*4096kB > (M) > = 15908kB > Node 0 > DMA32: > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > 4*4kB > (UM) > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > 2*8kB > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > (M) > slab_alloc_node mm/slab.c:3327 [inline] > kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 > 3*16kB > (M) > __alloc_skb+0x119/0x770 net/core/skbuff.c:193 > 3*32kB > (M) > 4*64kB > (UM) > 4*128kB > (UM) > 3*256kB > alloc_skb include/linux/skbuff.h:997 [inline] > ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 > (M) > ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 > 4*512kB > addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 > (UM) > 3*1024kB > (UM) > call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 > 3*2048kB > (M) > 3*4096kB > (M) > = 25264kB > Node 0 > Normal: > 942*4kB > (UME) > 338*8kB > (UMEH) > 149*16kB > (UME) > 84*32kB > (UMEH) > 25*64kB > (UM) > expire_timers kernel/time/timer.c:1363 [inline] > __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 > 2*128kB > (UH) > 0*256kB > 1*512kB > (H) > 0*1024kB > 0*2048kB > 0*4096kB > = 13912kB > Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 > hugepages_size=1048576kB > Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 > hugepages_size=2048kB > 175 total pagecache pages > 0 pages in swap cache > Swap cache stats: add 0, delete 0, find 0/0 > Free swap = 0kB > Total swap = 0kB > run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 > 1965979 pages RAM > 0 pages HighMem/MovableOnly > __do_softirq+0x30b/0xad8 kernel/softirq.c:292 > 342307 pages reserved > 0 pages cma reserved > ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb > syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| > __GFP_COMP), nodemask=(null) > syz-executor0 cpuset= > syz0 > mems_allowed=0 > invoke_softirq kernel/softirq.c:372 [inline] > irq_exit+0x17f/0x1c0 kernel/softirq.c:412 > exiting_irq arch/x86/include/asm/apic.h:536 [inline] > smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 > </IRQ> > RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 > [inline] > RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409 > Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f > 84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00 > e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00 > RSP: 0000:ffff8801bccde450 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 > RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca > RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293 > RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0 > R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000 > R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0 > vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922 > vprintk_default+0x28/0x30 kernel/printk/printk.c:1963 > vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398 > printk+0xa7/0xcf kernel/printk/printk.c:1996 > dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371 > dump_header+0x7cc/0xf72 mm/oom_kill.c:447 > oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953 > out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120 > __alloc_pages_may_oom mm/page_alloc.c:3522 [inline] > __alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235 > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > __do_cache_alloc mm/slab.c:3356 [inline] > slab_alloc mm/slab.c:3384 [inline] > kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618 > kmalloc include/linux/slab.h:513 [inline] > syslog_print kernel/printk/printk.c:1297 [inline] > do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465 > kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40 > proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231 > __vfs_read+0x117/0x9b0 fs/read_write.c:416 > vfs_read+0x17f/0x3c0 fs/read_write.c:452 > ksys_read+0x101/0x260 fs/read_write.c:578 > __do_sys_read fs/read_write.c:588 [inline] > __se_sys_read fs/read_write.c:586 [inline] > __x64_sys_read+0x73/0xb0 fs/read_write.c:586 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > RIP: 0033:0x7f5bbee581fd > Code: Bad RIP value. > RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 > RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd > RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004 > RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000 > R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420 > R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003 > CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118 > Mem-Info: > active_anon:48193 inactive_anon:137 isolated_anon:0 > active_file:16 inactive_file:15 isolated_file:0 > unevictable:0 dirty:0 writeback:0 unstable:0 > slab_reclaimable:9165 slab_unreclaimable:1475206 > mapped:8194 shmem:144 pagetables:402 bounce:0 > free:13771 free_pcp:443 free_cma:0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB > inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB > mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB > shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB > all_unreclaimable? yes > Call Trace: > Node 0 > <IRQ> > DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB > inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB > writepending:0kB present:15992kB managed:15908kB mlocked:0kB > kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB > free_cma:0kB > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 > lowmem_reserve[]: > 0 > warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 > 2819 > 6323 6323 > Node 0 DMA32 free:25264kB min:30060kB low:37572kB high:45084kB > active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:0kB > unevictable:0kB writepending:0kB present:3129332kB managed:2890736kB > mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB > local_pcp:0kB free_cma:0kB > __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 > lowmem_reserve[]: > 0 > 0 3503 > 3503 > Node 0 > Normal free:13912kB min:37352kB low:46688kB high:56024kB > active_anon:192772kB inactive_anon:548kB active_file:60kB > inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB > managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB > bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB > lowmem_reserve[]: > 0 > 0 > 0 > 0 > Node 0 DMA: > 1*4kB > (U) > 0*8kB > 0*16kB > 1*32kB > (U) > 2*64kB > (U) > 1*128kB > (U) > 1*256kB > (U) > 0*512kB > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > 1*1024kB > (U) > 1*2048kB > (M) > 3*4096kB > (M) > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > = 15908kB > Node 0 > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > DMA32: > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > 4*4kB > slab_alloc_node mm/slab.c:3327 [inline] > kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 > (UM) > 2*8kB > __alloc_skb+0x119/0x770 net/core/skbuff.c:193 > (M) > 3*16kB > (M) > 3*32kB > (M) > 4*64kB > alloc_skb include/linux/skbuff.h:997 [inline] > ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 > (UM) > ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 > 4*128kB > addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 > (UM) > 3*256kB > call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 > (M) > 4*512kB > (UM) > 3*1024kB > (UM) > 3*2048kB > (M) > 3*4096kB > (M) > = 25264kB > Node 0 > Normal: > 942*4kB > (UME) > 338*8kB > (UMEH) > 149*16kB > expire_timers kernel/time/timer.c:1363 [inline] > __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 > (UME) > 84*32kB > (UMEH) > 25*64kB > (UM) > 2*128kB > (UH) > 0*256kB > 1*512kB > (H) > 0*1024kB > 0*2048kB > 0*4096kB > = 13912kB > Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 > hugepages_size=1048576kB > Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 > hugepages_size=2048kB > run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 > 175 total pagecache pages > 0 pages in swap cache > __do_softirq+0x30b/0xad8 kernel/softirq.c:292 > Swap cache stats: add 0, delete 0, find 0/0 > Free swap = 0kB > Total swap = 0kB > 1965979 pages RAM > 0 pages HighMem/MovableOnly > 342307 pages reserved > 0 pages cma reserved > ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb > rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| > __GFP_COMP), nodemask=(null) > rsyslogd cpuset= > invoke_softirq kernel/softirq.c:372 [inline] > irq_exit+0x17f/0x1c0 kernel/softirq.c:412 > / > exiting_irq arch/x86/include/asm/apic.h:536 [inline] > smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 > mems_allowed=0 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 > </IRQ> > RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 > [inline] > RIP: 0010:slab_alloc mm/slab.c:3385 [inline] > RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552 > Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48 > 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00 > e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23 > RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 > RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000 > RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286 > RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4 > R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000 > R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020 > skb_clone+0x1bb/0x500 net/core/skbuff.c:1280 > ____bpf_clone_redirect net/core/filter.c:2079 [inline] > bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066 > bpf_prog_41f2bcae09cd4ac3+0x194/0x1000 > CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118 > ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > <IRQ> > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 > syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| > __GFP_COMP), nodemask=(null) > warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 > syz-executor0 cpuset= > syz0 > mems_allowed=0 > __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > slab_alloc_node mm/slab.c:3327 [inline] > kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 > __alloc_skb+0x119/0x770 net/core/skbuff.c:193 > alloc_skb include/linux/skbuff.h:997 [inline] > ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 > ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 > addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 > call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 > expire_timers kernel/time/timer.c:1363 [inline] > __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 > run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 > __do_softirq+0x30b/0xad8 kernel/softirq.c:292 > invoke_softirq kernel/softirq.c:372 [inline] > irq_exit+0x17f/0x1c0 kernel/softirq.c:412 > exiting_irq arch/x86/include/asm/apic.h:536 [inline] > smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 > </IRQ> > RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 > [inline] > RIP: 0010:console_unlock+0xfdf/0x1160 kernel/printk/printk.c:2409 > Code: c1 e8 03 42 80 3c 20 00 0f 85 d1 00 00 00 48 83 3d cd 54 cd 07 00 0f > 84 bc 00 00 00 e8 ca 37 1a 00 48 8b bd b0 fe ff ff 57 9d <0f> 1f 44 00 00 > e9 cc f9 ff ff 48 8b bd c8 fe ff ff e8 3b d8 5d 00 > RSP: 0000:ffff8801bccde450 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 > RAX: ffff8801bd36a180 RBX: 0000000000000200 RCX: ffffffff8184e1ca > RDX: 0000000000000000 RSI: ffffffff81649dc6 RDI: 0000000000000293 > RBP: ffff8801bccde5b8 R08: ffff8801bd36a180 R09: fffffbfff12720c0 > R10: fffffbfff12720c0 R11: ffffffff89390603 R12: dffffc0000000000 > R13: ffffffff84885bf0 R14: dffffc0000000000 R15: ffffffff899428d0 > vprintk_emit+0x33d/0x930 kernel/printk/printk.c:1922 > vprintk_default+0x28/0x30 kernel/printk/printk.c:1963 > vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398 > printk+0xa7/0xcf kernel/printk/printk.c:1996 > dump_unreclaimable_slab.cold.22+0xd8/0xe5 mm/slab_common.c:1371 > dump_header+0x7cc/0xf72 mm/oom_kill.c:447 > oom_kill_process.cold.27+0x10/0x903 mm/oom_kill.c:953 > out_of_memory+0xa84/0x1430 mm/oom_kill.c:1120 > __alloc_pages_may_oom mm/page_alloc.c:3522 [inline] > __alloc_pages_slowpath+0x2318/0x2d80 mm/page_alloc.c:4235 > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > __do_cache_alloc mm/slab.c:3356 [inline] > slab_alloc mm/slab.c:3384 [inline] > kmem_cache_alloc_trace+0x214/0x750 mm/slab.c:3618 > kmalloc include/linux/slab.h:513 [inline] > syslog_print kernel/printk/printk.c:1297 [inline] > do_syslog+0xb9b/0x1690 kernel/printk/printk.c:1465 > kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40 > proc_reg_read+0x2a3/0x3d0 fs/proc/inode.c:231 > __vfs_read+0x117/0x9b0 fs/read_write.c:416 > vfs_read+0x17f/0x3c0 fs/read_write.c:452 > ksys_read+0x101/0x260 fs/read_write.c:578 > __do_sys_read fs/read_write.c:588 [inline] > __se_sys_read fs/read_write.c:586 [inline] > __x64_sys_read+0x73/0xb0 fs/read_write.c:586 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > RIP: 0033:0x7f5bbee581fd > Code: Bad RIP value. > RSP: 002b:00007f5bbc3f7e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 > RAX: ffffffffffffffda RBX: 0000000001bc9ce0 RCX: 00007f5bbee581fd > RDX: 0000000000000fff RSI: 00007f5bbdc2c5a0 RDI: 0000000000000004 > RBP: 0000000000000000 R08: 0000000001bb5260 R09: 0000000000000000 > R10: 6b205d3334383630 R11: 0000000000000293 R12: 000000000065e420 > R13: 00007f5bbc3f89c0 R14: 00007f5bbf49d040 R15: 0000000000000003 > warn_alloc_show_mem: 1 callbacks suppressed > CPU: 0 PID: 7592 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #118 > Mem-Info: > active_anon:48193 inactive_anon:137 isolated_anon:0 > active_file:16 inactive_file:15 isolated_file:0 > unevictable:0 dirty:0 writeback:0 unstable:0 > slab_reclaimable:9165 slab_unreclaimable:1475206 > mapped:8194 shmem:144 pagetables:402 bounce:0 > free:13771 free_pcp:443 free_cma:0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Node 0 active_anon:192772kB inactive_anon:548kB active_file:64kB > inactive_file:60kB unevictable:0kB isolated(anon):0kB isolated(file):0kB > mapped:32776kB dirty:0kB writeback:0kB shmem:576kB shmem_thp: 0kB > shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB > all_unreclaimable? yes > Call Trace: > Node 0 > <IRQ> > DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB > inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB > writepending:0kB present:15992kB managed:15908kB mlocked:0kB > kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB > free_cma:0kB > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 > lowmem_reserve[]: > 0 > warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 > 2819 > 6323 > 6323 > Node 0 > __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 > DMA32 free:25264kB min:30060kB low:37572kB high:45084kB active_anon:0kB > inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB > writepending:0kB present:3129332kB managed:2890736kB mlocked:0kB > kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB > free_cma:0kB > lowmem_reserve[]: > 0 > 0 > 3503 3503 > Node 0 Normal free:13912kB min:37352kB low:46688kB high:56024kB > active_anon:192772kB inactive_anon:548kB active_file:60kB > inactive_file:60kB unevictable:0kB writepending:0kB present:4718592kB > managed:3588044kB mlocked:0kB kernel_stack:5248kB pagetables:1608kB > bounce:0kB free_pcp:1524kB local_pcp:1456kB free_cma:0kB > lowmem_reserve[]: > 0 0 > 0 > 0 > Node 0 DMA: > 1*4kB > (U) > 0*8kB > 0*16kB > 1*32kB > (U) > 2*64kB > (U) 1*128kB > (U) > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > 1*256kB > (U) > 0*512kB > 1*1024kB > (U) > 1*2048kB > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > (M) > 3*4096kB > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > (M) = 15908kB > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > Node 0 > slab_alloc_node mm/slab.c:3327 [inline] > kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 > DMA32: > 4*4kB > __alloc_skb+0x119/0x770 net/core/skbuff.c:193 > (UM) > 2*8kB > (M) > 3*16kB > (M) > 3*32kB > (M) > alloc_skb include/linux/skbuff.h:997 [inline] > ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 > 4*64kB > ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 > (UM) > addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 > 4*128kB > (UM) > call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 > 3*256kB > (M) > 4*512kB > (UM) > 3*1024kB > (UM) > 3*2048kB > (M) > 3*4096kB > (M) > = 25264kB > Node 0 > Normal: > 942*4kB > (UME) > 338*8kB > (UMEH) > expire_timers kernel/time/timer.c:1363 [inline] > __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 > 149*16kB > (UME) > 84*32kB > (UMEH) > 25*64kB > (UM) > 2*128kB > (UH) > 0*256kB > 1*512kB > (H) > 0*1024kB > 0*2048kB > 0*4096kB > = 13912kB > Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 > hugepages_size=1048576kB > run_timer_softirq+0x52/0xb0 kernel/time/timer.c:1695 > Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 > hugepages_size=2048kB > 175 total pagecache pages > __do_softirq+0x30b/0xad8 kernel/softirq.c:292 > 0 pages in swap cache > Swap cache stats: add 0, delete 0, find 0/0 > Free swap = 0kB > Total swap = 0kB > 1965979 pages RAM > 0 pages HighMem/MovableOnly > 342307 pages reserved > 0 pages cma reserved > ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb > rsyslogd: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| > __GFP_COMP), nodemask=(null) > invoke_softirq kernel/softirq.c:372 [inline] > irq_exit+0x17f/0x1c0 kernel/softirq.c:412 > rsyslogd cpuset= > exiting_irq arch/x86/include/asm/apic.h:536 [inline] > smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1056 > / > mems_allowed=0 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864 > </IRQ> > RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:788 > [inline] > RIP: 0010:slab_alloc mm/slab.c:3385 [inline] > RIP: 0010:kmem_cache_alloc+0x297/0x730 mm/slab.c:3552 > Code: 7e 0f 85 cf fe ff ff e8 06 60 3e ff e9 c5 fe ff ff e8 6d c3 c2 ff 48 > 83 3d bd d4 6f 07 00 0f 84 3b 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00 > e9 54 fe ff ff 31 d2 be a5 01 00 00 48 c7 c7 62 23 > RSP: 0000:ffff8801980a7748 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 > RAX: 0000000000000000 RBX: 0000000000480020 RCX: ffffc90001e5c000 > RDX: 0000000000000004 RSI: ffffffff8184e1e4 RDI: 0000000000000286 > RBP: ffff8801980a77b0 R08: ffff880193c38700 R09: fffffbfff12812c4 > R10: ffff8801980a6390 R11: ffffffff89409623 R12: 0000000000000000 > R13: ffff8801d9a04040 R14: ffff8801d9a04040 R15: 0000000000480020 > skb_clone+0x1bb/0x500 net/core/skbuff.c:1280 > ____bpf_clone_redirect net/core/filter.c:2079 [inline] > bpf_clone_redirect+0xb9/0x490 net/core/filter.c:2066 > bpf_prog_41f2bcae09cd4ac3+0x194/0x1000 > CPU: 1 PID: 5702 Comm: rsyslogd Not tainted 4.19.0-rc6+ #118 > ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > <IRQ> > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 > warn_alloc.cold.119+0xb7/0x1bd mm/page_alloc.c:3426 > syz-executor0: page allocation failure: order:0, mode:0x484020(GFP_ATOMIC| > __GFP_COMP), nodemask=(null) > syz-executor0 cpuset= > syz0 mems_allowed=0 > __alloc_pages_slowpath+0x2667/0x2d80 mm/page_alloc.c:4297 > __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 > __alloc_pages include/linux/gfp.h:473 [inline] > __alloc_pages_node include/linux/gfp.h:486 [inline] > kmem_getpages mm/slab.c:1409 [inline] > cache_grow_begin+0x91/0x8c0 mm/slab.c:2677 > fallback_alloc+0x203/0x2e0 mm/slab.c:3219 > ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3287 > slab_alloc_node mm/slab.c:3327 [inline] > kmem_cache_alloc_node+0xe3/0x730 mm/slab.c:3642 > __alloc_skb+0x119/0x770 net/core/skbuff.c:193 > alloc_skb include/linux/skbuff.h:997 [inline] > ndisc_alloc_skb+0x144/0x340 net/ipv6/ndisc.c:403 > ndisc_send_rs+0x331/0x6e0 net/ipv6/ndisc.c:669 > addrconf_rs_timer+0x314/0x690 net/ipv6/addrconf.c:3836 > call_timer_fn+0x272/0x920 kernel/time/timer.c:1326 > expire_timers kernel/time/timer.c:1363 [inline] > __run_timers+0x7e5/0xc70 kernel/time/timer.c:1682 > > > --- > This bug is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this bug report. See: > https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with > syzbot. > > -- > You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/0000000000007beca9057e4c8c14%40google.com. > For more options, visit https://groups.google.com/d/optout. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb 2018-12-31 7:49 ` Dmitry Vyukov (?) @ 2018-12-31 8:17 ` Tetsuo Handa 2018-12-31 8:24 ` Dmitry Vyukov -1 siblings, 1 reply; 20+ messages in thread From: Tetsuo Handa @ 2018-12-31 8:17 UTC (permalink / raw) To: Dmitry Vyukov, syzbot Cc: David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM On 2018/12/31 16:49, Dmitry Vyukov wrote: > On Mon, Dec 31, 2018 at 8:42 AM syzbot > <syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com> wrote: >> >> Hello, >> >> syzbot found the following crash on: >> >> HEAD commit: ef4ab8447aa2 selftests: bpf: install script with_addr.sh >> git tree: bpf-next >> console output: https://syzkaller.appspot.com/x/log.txt?x=14a28b6e400000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=7e7e2279c0020d5f >> dashboard link: https://syzkaller.appspot.com/bug?extid=ea7d9cb314b4ab49a18a >> compiler: gcc (GCC) 8.0.1 20180413 (experimental) >> >> Unfortunately, I don't have any reproducer for this crash yet. >> >> IMPORTANT: if you fix the bug, please add the following tag to the commit: >> Reported-by: syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com > > Since this involves OOMs and looks like a one-off induced memory corruption: > > #syz dup: kernel panic: corrupted stack end in wb_workfn > Why? RCU stall in this case is likely to be latency caused by flooding of printk(). ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb @ 2018-12-31 8:24 ` Dmitry Vyukov 0 siblings, 0 replies; 20+ messages in thread From: Dmitry Vyukov @ 2018-12-31 8:24 UTC (permalink / raw) To: Tetsuo Handa Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM On Mon, Dec 31, 2018 at 9:17 AM Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > > On 2018/12/31 16:49, Dmitry Vyukov wrote: > > On Mon, Dec 31, 2018 at 8:42 AM syzbot > > <syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com> wrote: > >> > >> Hello, > >> > >> syzbot found the following crash on: > >> > >> HEAD commit: ef4ab8447aa2 selftests: bpf: install script with_addr.sh > >> git tree: bpf-next > >> console output: https://syzkaller.appspot.com/x/log.txt?x=14a28b6e400000 > >> kernel config: https://syzkaller.appspot.com/x/.config?x=7e7e2279c0020d5f > >> dashboard link: https://syzkaller.appspot.com/bug?extid=ea7d9cb314b4ab49a18a > >> compiler: gcc (GCC) 8.0.1 20180413 (experimental) > >> > >> Unfortunately, I don't have any reproducer for this crash yet. > >> > >> IMPORTANT: if you fix the bug, please add the following tag to the commit: > >> Reported-by: syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com > > > > Since this involves OOMs and looks like a one-off induced memory corruption: > > > > #syz dup: kernel panic: corrupted stack end in wb_workfn > > > > Why? > > RCU stall in this case is likely to be latency caused by flooding of printk(). Just a hypothesis. OOMs lead to arbitrary memory corruptions, so can cause stalls as well. But can be what you said too. I just thought that cleaner dashboard is more useful than a large assorted pile of crashes. If you think it's actionable in some way, feel free to undup. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb @ 2018-12-31 8:24 ` Dmitry Vyukov 0 siblings, 0 replies; 20+ messages in thread From: Dmitry Vyukov @ 2018-12-31 8:24 UTC (permalink / raw) To: Tetsuo Handa Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM On Mon, Dec 31, 2018 at 9:17 AM Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > > On 2018/12/31 16:49, Dmitry Vyukov wrote: > > On Mon, Dec 31, 2018 at 8:42 AM syzbot > > <syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com> wrote: > >> > >> Hello, > >> > >> syzbot found the following crash on: > >> > >> HEAD commit: ef4ab8447aa2 selftests: bpf: install script with_addr.sh > >> git tree: bpf-next > >> console output: https://syzkaller.appspot.com/x/log.txt?x=14a28b6e400000 > >> kernel config: https://syzkaller.appspot.com/x/.config?x=7e7e2279c0020d5f > >> dashboard link: https://syzkaller.appspot.com/bug?extid=ea7d9cb314b4ab49a18a > >> compiler: gcc (GCC) 8.0.1 20180413 (experimental) > >> > >> Unfortunately, I don't have any reproducer for this crash yet. > >> > >> IMPORTANT: if you fix the bug, please add the following tag to the commit: > >> Reported-by: syzbot+ea7d9cb314b4ab49a18a@syzkaller.appspotmail.com > > > > Since this involves OOMs and looks like a one-off induced memory corruption: > > > > #syz dup: kernel panic: corrupted stack end in wb_workfn > > > > Why? > > RCU stall in this case is likely to be latency caused by flooding of printk(). Just a hypothesis. OOMs lead to arbitrary memory corruptions, so can cause stalls as well. But can be what you said too. I just thought that cleaner dashboard is more useful than a large assorted pile of crashes. If you think it's actionable in some way, feel free to undup. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb 2018-12-31 8:24 ` Dmitry Vyukov (?) @ 2019-01-02 17:06 ` Tetsuo Handa 2019-01-05 10:49 ` Tetsuo Handa -1 siblings, 1 reply; 20+ messages in thread From: Tetsuo Handa @ 2019-01-02 17:06 UTC (permalink / raw) To: Dmitry Vyukov Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM On 2018/12/31 17:24, Dmitry Vyukov wrote: >>> Since this involves OOMs and looks like a one-off induced memory corruption: >>> >>> #syz dup: kernel panic: corrupted stack end in wb_workfn >>> >> >> Why? >> >> RCU stall in this case is likely to be latency caused by flooding of printk(). > > Just a hypothesis. OOMs lead to arbitrary memory corruptions, so can > cause stalls as well. But can be what you said too. I just thought > that cleaner dashboard is more useful than a large assorted pile of > crashes. If you think it's actionable in some way, feel free to undup. > We don't know why bpf tree is hitting this problem. Let's continue monitoring this problem. #syz undup ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb 2019-01-02 17:06 ` Tetsuo Handa @ 2019-01-05 10:49 ` Tetsuo Handa 2019-01-06 13:24 ` Dmitry Vyukov 0 siblings, 1 reply; 20+ messages in thread From: Tetsuo Handa @ 2019-01-05 10:49 UTC (permalink / raw) To: Dmitry Vyukov Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM On 2019/01/03 2:06, Tetsuo Handa wrote: > On 2018/12/31 17:24, Dmitry Vyukov wrote: >>>> Since this involves OOMs and looks like a one-off induced memory corruption: >>>> >>>> #syz dup: kernel panic: corrupted stack end in wb_workfn >>>> >>> >>> Why? >>> >>> RCU stall in this case is likely to be latency caused by flooding of printk(). >> >> Just a hypothesis. OOMs lead to arbitrary memory corruptions, so can >> cause stalls as well. But can be what you said too. I just thought >> that cleaner dashboard is more useful than a large assorted pile of >> crashes. If you think it's actionable in some way, feel free to undup. >> > > We don't know why bpf tree is hitting this problem. > Let's continue monitoring this problem. > > #syz undup > A report at 2019/01/05 10:08 from "no output from test machine (2)" ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 ) says that there are flood of memory allocation failure messages. Since continuous memory allocation failure messages itself is not recognized as a crash, we might be misunderstanding that this problem is not occurring recently. It will be nice if we can run testcases which are executed on bpf-next tree. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb @ 2019-01-06 13:24 ` Dmitry Vyukov 0 siblings, 0 replies; 20+ messages in thread From: Dmitry Vyukov @ 2019-01-06 13:24 UTC (permalink / raw) To: Tetsuo Handa Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM On Sat, Jan 5, 2019 at 11:49 AM Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > > On 2019/01/03 2:06, Tetsuo Handa wrote: > > On 2018/12/31 17:24, Dmitry Vyukov wrote: > >>>> Since this involves OOMs and looks like a one-off induced memory corruption: > >>>> > >>>> #syz dup: kernel panic: corrupted stack end in wb_workfn > >>>> > >>> > >>> Why? > >>> > >>> RCU stall in this case is likely to be latency caused by flooding of printk(). > >> > >> Just a hypothesis. OOMs lead to arbitrary memory corruptions, so can > >> cause stalls as well. But can be what you said too. I just thought > >> that cleaner dashboard is more useful than a large assorted pile of > >> crashes. If you think it's actionable in some way, feel free to undup. > >> > > > > We don't know why bpf tree is hitting this problem. > > Let's continue monitoring this problem. > > > > #syz undup > > > > A report at 2019/01/05 10:08 from "no output from test machine (2)" > ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 ) > says that there are flood of memory allocation failure messages. > Since continuous memory allocation failure messages itself is not > recognized as a crash, we might be misunderstanding that this problem > is not occurring recently. It will be nice if we can run testcases > which are executed on bpf-next tree. What exactly do you mean by running test cases on bpf-next tree? syzbot tests bpf-next, so it executes lots of test cases on that tree. One can also ask for patch testing on bpf-next tree to test a specific test case. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb @ 2019-01-06 13:24 ` Dmitry Vyukov 0 siblings, 0 replies; 20+ messages in thread From: Dmitry Vyukov @ 2019-01-06 13:24 UTC (permalink / raw) To: Tetsuo Handa Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM On Sat, Jan 5, 2019 at 11:49 AM Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > > On 2019/01/03 2:06, Tetsuo Handa wrote: > > On 2018/12/31 17:24, Dmitry Vyukov wrote: > >>>> Since this involves OOMs and looks like a one-off induced memory corruption: > >>>> > >>>> #syz dup: kernel panic: corrupted stack end in wb_workfn > >>>> > >>> > >>> Why? > >>> > >>> RCU stall in this case is likely to be latency caused by flooding of printk(). > >> > >> Just a hypothesis. OOMs lead to arbitrary memory corruptions, so can > >> cause stalls as well. But can be what you said too. I just thought > >> that cleaner dashboard is more useful than a large assorted pile of > >> crashes. If you think it's actionable in some way, feel free to undup. > >> > > > > We don't know why bpf tree is hitting this problem. > > Let's continue monitoring this problem. > > > > #syz undup > > > > A report at 2019/01/05 10:08 from "no output from test machine (2)" > ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 ) > says that there are flood of memory allocation failure messages. > Since continuous memory allocation failure messages itself is not > recognized as a crash, we might be misunderstanding that this problem > is not occurring recently. It will be nice if we can run testcases > which are executed on bpf-next tree. What exactly do you mean by running test cases on bpf-next tree? syzbot tests bpf-next, so it executes lots of test cases on that tree. One can also ask for patch testing on bpf-next tree to test a specific test case. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb 2019-01-06 13:24 ` Dmitry Vyukov (?) @ 2019-01-06 13:47 ` Tetsuo Handa 2019-01-07 11:12 ` Dmitry Vyukov -1 siblings, 1 reply; 20+ messages in thread From: Tetsuo Handa @ 2019-01-06 13:47 UTC (permalink / raw) To: Dmitry Vyukov Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM On 2019/01/06 22:24, Dmitry Vyukov wrote: >> A report at 2019/01/05 10:08 from "no output from test machine (2)" >> ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 ) >> says that there are flood of memory allocation failure messages. >> Since continuous memory allocation failure messages itself is not >> recognized as a crash, we might be misunderstanding that this problem >> is not occurring recently. It will be nice if we can run testcases >> which are executed on bpf-next tree. > > What exactly do you mean by running test cases on bpf-next tree? > syzbot tests bpf-next, so it executes lots of test cases on that tree. > One can also ask for patch testing on bpf-next tree to test a specific > test case. syzbot ran "some tests" before getting this report, but we can't find from this report what the "some tests" are. If we could record all tests executed in syzbot environments before getting this report, we could rerun the tests (with manually examining where the source of memory consumption is) in local environments. Since syzbot is now using memcg, maybe we can test with sysctl_panic_on_oom == 1. Any memory consumption that triggers global OOM killer could be considered as a problem (e.g. memory leak or uncontrolled memory allocation). ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb @ 2019-01-07 11:12 ` Dmitry Vyukov 0 siblings, 0 replies; 20+ messages in thread From: Dmitry Vyukov @ 2019-01-07 11:12 UTC (permalink / raw) To: Tetsuo Handa Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt On Sun, Jan 6, 2019 at 2:47 PM Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > > On 2019/01/06 22:24, Dmitry Vyukov wrote: > >> A report at 2019/01/05 10:08 from "no output from test machine (2)" > >> ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 ) > >> says that there are flood of memory allocation failure messages. > >> Since continuous memory allocation failure messages itself is not > >> recognized as a crash, we might be misunderstanding that this problem > >> is not occurring recently. It will be nice if we can run testcases > >> which are executed on bpf-next tree. > > > > What exactly do you mean by running test cases on bpf-next tree? > > syzbot tests bpf-next, so it executes lots of test cases on that tree. > > One can also ask for patch testing on bpf-next tree to test a specific > > test case. > > syzbot ran "some tests" before getting this report, but we can't find from > this report what the "some tests" are. If we could record all tests executed > in syzbot environments before getting this report, we could rerun the tests > (with manually examining where the source of memory consumption is) in local > environments. Filed https://github.com/google/syzkaller/issues/917 for this. > Since syzbot is now using memcg, maybe we can test with sysctl_panic_on_oom == 1. > Any memory consumption that triggers global OOM killer could be considered as > a problem (e.g. memory leak or uncontrolled memory allocation). Interesting idea. This will also alleviate the previous problem as I think only a stream of OOMs currently produces 1+MB of output. +Shakeel who was interested in catching more memcg-escaping allocations. To do this we need a buy-in from kernel community to consider this as a bug/something to fix in kernel. Systematic testing can't work gray checks requiring humans to look at each case and some cases left as being working-as-intended. There are also 2 interesting points: - testing of kernel without memcg-enabled (some kernel users obviously do this); it's doable, but currently syzkaller have no precedents/infrastructure to consider some output patterns as bugs or not depending on kernel features - false positives for minimized C reproducers that have memcg code stripped off (people complain that reproducers are too large/complex otherwise) ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb @ 2019-01-07 11:12 ` Dmitry Vyukov 0 siblings, 0 replies; 20+ messages in thread From: Dmitry Vyukov @ 2019-01-07 11:12 UTC (permalink / raw) To: Tetsuo Handa Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt On Sun, Jan 6, 2019 at 2:47 PM Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > > On 2019/01/06 22:24, Dmitry Vyukov wrote: > >> A report at 2019/01/05 10:08 from "no output from test machine (2)" > >> ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 ) > >> says that there are flood of memory allocation failure messages. > >> Since continuous memory allocation failure messages itself is not > >> recognized as a crash, we might be misunderstanding that this problem > >> is not occurring recently. It will be nice if we can run testcases > >> which are executed on bpf-next tree. > > > > What exactly do you mean by running test cases on bpf-next tree? > > syzbot tests bpf-next, so it executes lots of test cases on that tree. > > One can also ask for patch testing on bpf-next tree to test a specific > > test case. > > syzbot ran "some tests" before getting this report, but we can't find from > this report what the "some tests" are. If we could record all tests executed > in syzbot environments before getting this report, we could rerun the tests > (with manually examining where the source of memory consumption is) in local > environments. Filed https://github.com/google/syzkaller/issues/917 for this. > Since syzbot is now using memcg, maybe we can test with sysctl_panic_on_oom == 1. > Any memory consumption that triggers global OOM killer could be considered as > a problem (e.g. memory leak or uncontrolled memory allocation). Interesting idea. This will also alleviate the previous problem as I think only a stream of OOMs currently produces 1+MB of output. +Shakeel who was interested in catching more memcg-escaping allocations. To do this we need a buy-in from kernel community to consider this as a bug/something to fix in kernel. Systematic testing can't work gray checks requiring humans to look at each case and some cases left as being working-as-intended. There are also 2 interesting points: - testing of kernel without memcg-enabled (some kernel users obviously do this); it's doable, but currently syzkaller have no precedents/infrastructure to consider some output patterns as bugs or not depending on kernel features - false positives for minimized C reproducers that have memcg code stripped off (people complain that reproducers are too large/complex otherwise) ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb 2019-01-07 11:12 ` Dmitry Vyukov (?) @ 2019-01-18 5:20 ` Tetsuo Handa 2019-01-19 12:16 ` Dmitry Vyukov -1 siblings, 1 reply; 20+ messages in thread From: Tetsuo Handa @ 2019-01-18 5:20 UTC (permalink / raw) To: Dmitry Vyukov Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt Dmitry Vyukov wrote: > On Sun, Jan 6, 2019 at 2:47 PM Tetsuo Handa > <penguin-kernel@i-love.sakura.ne.jp> wrote: > > > > On 2019/01/06 22:24, Dmitry Vyukov wrote: > > >> A report at 2019/01/05 10:08 from "no output from test machine (2)" > > >> ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 ) > > >> says that there are flood of memory allocation failure messages. > > >> Since continuous memory allocation failure messages itself is not > > >> recognized as a crash, we might be misunderstanding that this problem > > >> is not occurring recently. It will be nice if we can run testcases > > >> which are executed on bpf-next tree. > > > > > > What exactly do you mean by running test cases on bpf-next tree? > > > syzbot tests bpf-next, so it executes lots of test cases on that tree. > > > One can also ask for patch testing on bpf-next tree to test a specific > > > test case. > > > > syzbot ran "some tests" before getting this report, but we can't find from > > this report what the "some tests" are. If we could record all tests executed > > in syzbot environments before getting this report, we could rerun the tests > > (with manually examining where the source of memory consumption is) in local > > environments. > > Filed https://github.com/google/syzkaller/issues/917 for this. Thanks. Here is what I would suggest. Let syz-fuzzer write to /dev/kmsg . But don't directly write syz-program lines. Instead, just write the hash value of syz-program lines, and allow downloading syz-program lines from external URL. Also, use the first 12 characters of the hash value as comm name executing that syz-program lines. An example of console output would look something like below. [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_0123456789abcdef0123456789abcdef_are_here) [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123 [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567 [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address) [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz#89abcdef0123 Not tainted $(version) #$(build) [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here) [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception Then, we can build CrashLog by picking up all "executing program #" lines and "latest lines up to available space" from console output like below. [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123 [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567 [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address) [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz89abcdef0123 Not tainted $(version) #$(build) [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here) [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception Then, we can understand that a crash happened when executing 89abcdef0123 and download 89abcdef0123456789abcdef01234567 for analysis. Also, we can download 0123456789abcdef0123456789abcdef and 456789abcdef0123456789abcdef0123 as needed. Honestly, since lines which follows "$(date) executing program $(num):" line can become so long, it is difficult to find where previous/next kernel messages are. If only one-liner "executing program #" output is used, it is easy to find previous/next kernel messages. The program referenced by "executing program #" would be made downloadable via Web server or git repository. Maybe "executing program https://$server/$hash" for the former case. But repeating "https://$server/" part would be redundant. The question for me is, whether sysbot can detect hash collision with different syz-program lines before writing the hash value to /dev/kmsg, and retry by modifying syz-program lines in order to get a new hash value until collision is avoided. If it is difficult, simpler choice like current Unix time and PID could be used instead... ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb @ 2019-01-19 12:16 ` Dmitry Vyukov 0 siblings, 0 replies; 20+ messages in thread From: Dmitry Vyukov @ 2019-01-19 12:16 UTC (permalink / raw) To: Tetsuo Handa Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt, syzkaller On Fri, Jan 18, 2019 at 6:20 AM Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > > Dmitry Vyukov wrote: > > On Sun, Jan 6, 2019 at 2:47 PM Tetsuo Handa > > <penguin-kernel@i-love.sakura.ne.jp> wrote: > > > > > > On 2019/01/06 22:24, Dmitry Vyukov wrote: > > > >> A report at 2019/01/05 10:08 from "no output from test machine (2)" > > > >> ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 ) > > > >> says that there are flood of memory allocation failure messages. > > > >> Since continuous memory allocation failure messages itself is not > > > >> recognized as a crash, we might be misunderstanding that this problem > > > >> is not occurring recently. It will be nice if we can run testcases > > > >> which are executed on bpf-next tree. > > > > > > > > What exactly do you mean by running test cases on bpf-next tree? > > > > syzbot tests bpf-next, so it executes lots of test cases on that tree. > > > > One can also ask for patch testing on bpf-next tree to test a specific > > > > test case. > > > > > > syzbot ran "some tests" before getting this report, but we can't find from > > > this report what the "some tests" are. If we could record all tests executed > > > in syzbot environments before getting this report, we could rerun the tests > > > (with manually examining where the source of memory consumption is) in local > > > environments. > > > > Filed https://github.com/google/syzkaller/issues/917 for this. > > Thanks. Here is what I would suggest. > > Let syz-fuzzer write to /dev/kmsg . But don't directly write syz-program lines. > Instead, just write the hash value of syz-program lines, and allow downloading > syz-program lines from external URL. Also, use the first 12 characters of the > hash value as comm name executing that syz-program lines. An example of console > output would look something like below. > > > [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef > [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_0123456789abcdef0123456789abcdef_are_here) > [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123 > [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) > [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567 > [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) > [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address) > [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz#89abcdef0123 Not tainted $(version) #$(build) > [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here) > [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception > > Then, we can build CrashLog by picking up all "executing program #" lines and > "latest lines up to available space" from console output like below. > > [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef > [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123 > [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567 > [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) > [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address) > [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz89abcdef0123 Not tainted $(version) #$(build) > [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here) > [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception > > Then, we can understand that a crash happened when executing 89abcdef0123 and > download 89abcdef0123456789abcdef01234567 for analysis. Also, we can download > 0123456789abcdef0123456789abcdef and 456789abcdef0123456789abcdef0123 as needed. > > Honestly, since lines which follows "$(date) executing program $(num):" line can > become so long, it is difficult to find where previous/next kernel messages are. > If only one-liner "executing program #" output is used, it is easy to find > previous/next kernel messages. > > The program referenced by "executing program #" would be made downloadable via > Web server or git repository. Maybe "executing program https://$server/$hash" > for the former case. But repeating "https://$server/" part would be redundant. > > The question for me is, whether sysbot can detect hash collision with different > syz-program lines before writing the hash value to /dev/kmsg, and retry by modifying > syz-program lines in order to get a new hash value until collision is avoided. > If it is difficult, simpler choice like current Unix time and PID could be used > instead... Hummm, say, if you run syz-manager locally and report a bug, where will the webserver and database that allows to download all satellite info work? How long you need to keep this info and provide the web service? You will also need to pay and maintain the server for... how long? I don't see how this can work and how we can ask people to do this. This frankly looks like overly complex solution to a problem were simpler solutions will work. Keeping all info in a self-contained file looks like the only option to make it work reliably. It's also not possible to attribute kernel output to individual programs. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb @ 2019-01-19 12:16 ` Dmitry Vyukov 0 siblings, 0 replies; 20+ messages in thread From: Dmitry Vyukov @ 2019-01-19 12:16 UTC (permalink / raw) To: Tetsuo Handa Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt, syzkaller On Fri, Jan 18, 2019 at 6:20 AM Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > > Dmitry Vyukov wrote: > > On Sun, Jan 6, 2019 at 2:47 PM Tetsuo Handa > > <penguin-kernel@i-love.sakura.ne.jp> wrote: > > > > > > On 2019/01/06 22:24, Dmitry Vyukov wrote: > > > >> A report at 2019/01/05 10:08 from "no output from test machine (2)" > > > >> ( https://syzkaller.appspot.com/text?tag=CrashLog&x=1700726f400000 ) > > > >> says that there are flood of memory allocation failure messages. > > > >> Since continuous memory allocation failure messages itself is not > > > >> recognized as a crash, we might be misunderstanding that this problem > > > >> is not occurring recently. It will be nice if we can run testcases > > > >> which are executed on bpf-next tree. > > > > > > > > What exactly do you mean by running test cases on bpf-next tree? > > > > syzbot tests bpf-next, so it executes lots of test cases on that tree. > > > > One can also ask for patch testing on bpf-next tree to test a specific > > > > test case. > > > > > > syzbot ran "some tests" before getting this report, but we can't find from > > > this report what the "some tests" are. If we could record all tests executed > > > in syzbot environments before getting this report, we could rerun the tests > > > (with manually examining where the source of memory consumption is) in local > > > environments. > > > > Filed https://github.com/google/syzkaller/issues/917 for this. > > Thanks. Here is what I would suggest. > > Let syz-fuzzer write to /dev/kmsg . But don't directly write syz-program lines. > Instead, just write the hash value of syz-program lines, and allow downloading > syz-program lines from external URL. Also, use the first 12 characters of the > hash value as comm name executing that syz-program lines. An example of console > output would look something like below. > > > [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef > [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_0123456789abcdef0123456789abcdef_are_here) > [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123 > [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) > [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567 > [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) > [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address) > [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz#89abcdef0123 Not tainted $(version) #$(build) > [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here) > [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception > > Then, we can build CrashLog by picking up all "executing program #" lines and > "latest lines up to available space" from console output like below. > > [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef > [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123 > [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567 > [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) > [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address) > [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz89abcdef0123 Not tainted $(version) #$(build) > [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here) > [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception > > Then, we can understand that a crash happened when executing 89abcdef0123 and > download 89abcdef0123456789abcdef01234567 for analysis. Also, we can download > 0123456789abcdef0123456789abcdef and 456789abcdef0123456789abcdef0123 as needed. > > Honestly, since lines which follows "$(date) executing program $(num):" line can > become so long, it is difficult to find where previous/next kernel messages are. > If only one-liner "executing program #" output is used, it is easy to find > previous/next kernel messages. > > The program referenced by "executing program #" would be made downloadable via > Web server or git repository. Maybe "executing program https://$server/$hash" > for the former case. But repeating "https://$server/" part would be redundant. > > The question for me is, whether sysbot can detect hash collision with different > syz-program lines before writing the hash value to /dev/kmsg, and retry by modifying > syz-program lines in order to get a new hash value until collision is avoided. > If it is difficult, simpler choice like current Unix time and PID could be used > instead... Hummm, say, if you run syz-manager locally and report a bug, where will the webserver and database that allows to download all satellite info work? How long you need to keep this info and provide the web service? You will also need to pay and maintain the server for... how long? I don't see how this can work and how we can ask people to do this. This frankly looks like overly complex solution to a problem were simpler solutions will work. Keeping all info in a self-contained file looks like the only option to make it work reliably. It's also not possible to attribute kernel output to individual programs. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb 2019-01-19 12:16 ` Dmitry Vyukov (?) @ 2019-01-19 13:10 ` Tetsuo Handa 2019-01-20 13:30 ` Dmitry Vyukov -1 siblings, 1 reply; 20+ messages in thread From: Tetsuo Handa @ 2019-01-19 13:10 UTC (permalink / raw) To: Dmitry Vyukov Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt, syzkaller On 2019/01/19 21:16, Dmitry Vyukov wrote: >> The question for me is, whether sysbot can detect hash collision with different >> syz-program lines before writing the hash value to /dev/kmsg, and retry by modifying >> syz-program lines in order to get a new hash value until collision is avoided. >> If it is difficult, simpler choice like current Unix time and PID could be used >> instead... > > Hummm, say, if you run syz-manager locally and report a bug, where > will the webserver and database that allows to download all satellite > info work? How long you need to keep this info and provide the web > service? You will also need to pay and maintain the server for... how > long? I don't see how this can work and how we can ask people to do > this. This frankly looks like overly complex solution to a problem > were simpler solutions will work. Keeping all info in a self-contained > file looks like the only option to make it work reliably. > It's also not possible to attribute kernel output to individual programs. The first messages I want to look at is kernel output. Then, I look at syz-program lines as needed. But current "a self-contained file" is hard to find kernel output. Even if we keep both kernel output and syz-program lines in a single file, we can improve readability by splitting into kernel output section and syz-program section. # Kernel output section start [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_0123456789abcdef0123456789abcdef_are_here) [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123 [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567 [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address) [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz#89abcdef0123 Not tainted $(version) #$(build) [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here) [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception # Kernel output section end # syzbot code section start Program for #0123456789abcdef0123456789abcdef $(program_lines_for_0123456789abcdef0123456789abcdef_is_here) Program for #456789abcdef0123456789abcdef0123 $(program_lines_for_456789abcdef0123456789abcdef0123_is_here) Program for #89abcdef0123456789abcdef01234567 $(program_lines_for_89abcdef0123456789abcdef01234567_is_here) # syzbot code section end ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb @ 2019-01-20 13:30 ` Dmitry Vyukov 0 siblings, 0 replies; 20+ messages in thread From: Dmitry Vyukov @ 2019-01-20 13:30 UTC (permalink / raw) To: Tetsuo Handa Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt, syzkaller On Sat, Jan 19, 2019 at 2:10 PM Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > > On 2019/01/19 21:16, Dmitry Vyukov wrote: > >> The question for me is, whether sysbot can detect hash collision with different > >> syz-program lines before writing the hash value to /dev/kmsg, and retry by modifying > >> syz-program lines in order to get a new hash value until collision is avoided. > >> If it is difficult, simpler choice like current Unix time and PID could be used > >> instead... > > > > Hummm, say, if you run syz-manager locally and report a bug, where > > will the webserver and database that allows to download all satellite > > info work? How long you need to keep this info and provide the web > > service? You will also need to pay and maintain the server for... how > > long? I don't see how this can work and how we can ask people to do > > this. This frankly looks like overly complex solution to a problem > > were simpler solutions will work. Keeping all info in a self-contained > > file looks like the only option to make it work reliably. > > It's also not possible to attribute kernel output to individual programs. > > The first messages I want to look at is kernel output. Then, I look at > syz-program lines as needed. But current "a self-contained file" is > hard to find kernel output. I think everybody looks at kernel crash first, that's why we provide kernel crash inline in the email so it's super easy to find. One does not need to look at console output at all to read the crash message. Console output is meant for more complex cases when a developer needs to extract some long tail of custom information. We don't know what exactly information a developer is looking for and it is different in each case, so it's not possible to optimize for this. We preserve console output intact to not destroy some potentially important information. Say, if we start reordering messages, we lose timing information and timing/interleaving information is important in some cases. > Even if we keep both kernel output and > syz-program lines in a single file, we can improve readability by > splitting into kernel output section and syz-program section. > > # Kernel output section start > [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef > [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_0123456789abcdef0123456789abcdef_are_here) > [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123 > [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) > [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567 > [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) > [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address) > [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz#89abcdef0123 Not tainted $(version) #$(build) > [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here) > [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception > # Kernel output section end > # syzbot code section start > Program for #0123456789abcdef0123456789abcdef > $(program_lines_for_0123456789abcdef0123456789abcdef_is_here) > Program for #456789abcdef0123456789abcdef0123 > $(program_lines_for_456789abcdef0123456789abcdef0123_is_here) > Program for #89abcdef0123456789abcdef01234567 > $(program_lines_for_89abcdef0123456789abcdef01234567_is_here) > # syzbot code section end > ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb @ 2019-01-20 13:30 ` Dmitry Vyukov 0 siblings, 0 replies; 20+ messages in thread From: Dmitry Vyukov @ 2019-01-20 13:30 UTC (permalink / raw) To: Tetsuo Handa Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt, syzkaller On Sat, Jan 19, 2019 at 2:10 PM Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > > On 2019/01/19 21:16, Dmitry Vyukov wrote: > >> The question for me is, whether sysbot can detect hash collision with different > >> syz-program lines before writing the hash value to /dev/kmsg, and retry by modifying > >> syz-program lines in order to get a new hash value until collision is avoided. > >> If it is difficult, simpler choice like current Unix time and PID could be used > >> instead... > > > > Hummm, say, if you run syz-manager locally and report a bug, where > > will the webserver and database that allows to download all satellite > > info work? How long you need to keep this info and provide the web > > service? You will also need to pay and maintain the server for... how > > long? I don't see how this can work and how we can ask people to do > > this. This frankly looks like overly complex solution to a problem > > were simpler solutions will work. Keeping all info in a self-contained > > file looks like the only option to make it work reliably. > > It's also not possible to attribute kernel output to individual programs. > > The first messages I want to look at is kernel output. Then, I look at > syz-program lines as needed. But current "a self-contained file" is > hard to find kernel output. I think everybody looks at kernel crash first, that's why we provide kernel crash inline in the email so it's super easy to find. One does not need to look at console output at all to read the crash message. Console output is meant for more complex cases when a developer needs to extract some long tail of custom information. We don't know what exactly information a developer is looking for and it is different in each case, so it's not possible to optimize for this. We preserve console output intact to not destroy some potentially important information. Say, if we start reordering messages, we lose timing information and timing/interleaving information is important in some cases. > Even if we keep both kernel output and > syz-program lines in a single file, we can improve readability by > splitting into kernel output section and syz-program section. > > # Kernel output section start > [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef > [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_0123456789abcdef0123456789abcdef_are_here) > [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123 > [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) > [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567 > [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) > [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address) > [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz#89abcdef0123 Not tainted $(version) #$(build) > [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here) > [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception > # Kernel output section end > # syzbot code section start > Program for #0123456789abcdef0123456789abcdef > $(program_lines_for_0123456789abcdef0123456789abcdef_is_here) > Program for #456789abcdef0123456789abcdef0123 > $(program_lines_for_456789abcdef0123456789abcdef0123_is_here) > Program for #89abcdef0123456789abcdef01234567 > $(program_lines_for_89abcdef0123456789abcdef01234567_is_here) > # syzbot code section end > ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: INFO: rcu detected stall in ndisc_alloc_skb 2019-01-20 13:30 ` Dmitry Vyukov (?) @ 2019-01-20 14:24 ` Tetsuo Handa -1 siblings, 0 replies; 20+ messages in thread From: Tetsuo Handa @ 2019-01-20 14:24 UTC (permalink / raw) To: Dmitry Vyukov Cc: syzbot, David Miller, Alexey Kuznetsov, LKML, netdev, syzkaller-bugs, Hideaki YOSHIFUJI, Linux-MM, Shakeel Butt, syzkaller On 2019/01/20 22:30, Dmitry Vyukov wrote: >> The first messages I want to look at is kernel output. Then, I look at >> syz-program lines as needed. But current "a self-contained file" is >> hard to find kernel output. > > I think everybody looks at kernel crash first, that's why we provide > kernel crash inline in the email so it's super easy to find. One does > not need to look at console output at all to read the crash message. I don't think so. Sometimes it happens that a backtrace of memory allocation fault injection prior to the crash tells everything. But since such lines are not immediately findable from a file containing console output, people fails to understand what has happened. And one (of my two suggestions) is about helping people to easily find kernel messages from console output, by moving syzbot-program lines into a dedicated location. > Console output is meant for more complex cases when a developer needs > to extract some long tail of custom information. This "INFO: rcu detected stall in ndisc_alloc_skb" is exactly a case where only syzbot-program lines can provide some clue. And the other (of my two suggestions) is about preserving all syzbot-program lines in a file containing console output. > We don't know what > exactly information a developer is looking for and it is different in > each case, so it's not possible to optimize for this. I'm not asking to optimize. I'm asking to preserve all syzbot-program lines. > We preserve > console output intact to not destroy some potentially important > information. Say, if we start reordering messages, we lose timing > information and timing/interleaving information is important in some > cases. My suggestion is not a reordering of messages. It is a cross referencing. The [$(uptime)] part acts as the timing information. Since inlining syzbot-program line there makes difficult to find previous/next kernel messages, I'm suggesting to move syzbot-program lines into a dedicated block and cross reference using some identifiers like hash. There is no loss of timing information, and we can reconstruct interleaved output (if needed) as long as identifiers are unique within that report. > >> Even if we keep both kernel output and >> syz-program lines in a single file, we can improve readability by >> splitting into kernel output section and syz-program section. >> >> # Kernel output section start >> [$(uptime)][$(caller_info)] executing program #0123456789abcdef0123456789abcdef >> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_0123456789abcdef0123456789abcdef_are_here) >> [$(uptime)][$(caller_info)] executing program #456789abcdef0123456789abcdef0123 >> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) >> [$(uptime)][$(caller_info)] executing program #89abcdef0123456789abcdef01234567 >> [$(uptime)][$(caller_info)] $(kernel_messages_caused_by_89abcdef0123456789abcdef01234567_456789abcdef0123456789abcdef0123_and_0123456789abcdef0123456789abcdef_are_here) >> [$(uptime)][$(caller_info)] BUG: unable to handle kernel paging request at $(address) >> [$(uptime)][$(caller_info)] CPU: $(cpu) PID: $(pid) Comm: syz#89abcdef0123 Not tainted $(version) #$(build) >> [$(uptime)][$(caller_info)] $(backtrace_of_caller_info_is_here) >> [$(uptime)][$(caller_info)] Kernel panic - not syncing: Fatal exception >> # Kernel output section end >> # syzbot code section start >> Program for #0123456789abcdef0123456789abcdef >> $(program_lines_for_0123456789abcdef0123456789abcdef_is_here) >> Program for #456789abcdef0123456789abcdef0123 >> $(program_lines_for_456789abcdef0123456789abcdef0123_is_here) >> Program for #89abcdef0123456789abcdef01234567 >> $(program_lines_for_89abcdef0123456789abcdef01234567_is_here) >> # syzbot code section end >> > -------------------- Current output -------------------- [ 938.184721][T10912] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 938.193080][T10912] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 938.202030][T10912] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 938.210375][T10912] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock 22:37:55 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460000040000000000000000000000d40000004800000000000000000000000000000000001cca000000e4"], 0x2e) [ 938.275686][T10912] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 938.300740][T10912] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock 22:37:55 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xe, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x64, 0x4c000000}}, &(0x7f0000000200)='7R\xec\x1f\x83\"\x8e@\xb7Ec\x80!\xe8\x98\xb9\x0fc\x1e\xf9\x04`\x0e\x963kU\xd5:\n\x86\xfc\f`v\x92\xa0F\xa6R\xd10a\v7\x8cA\xd5taZ\xa8\x15\xb164\xd0\x98\xacm\x1c\x15\x8e}\xa9~\a?\x01\xbe\xfe\x04\f\xd2\x8b#A\x84J\x87\x02o\xb4\xd7\xaa\x83\xda\xfe\xfc\xf57\x90\xe0D\xcd\xd1Z\xe9\x99-\x82\xd0\'\a{\xe4\xef\x85\x83\xadJ\x8f\x88\xdeDH@\\\xea\xc4>\xc4\"\xdcl\a\x00\x00\x00\x00\x00\x00J\x88g\x1c\x19\xe52\xa2\x98\x06j8@iV\xb6Z\xdbR{,\xed\x05\x00c\xa5\xc8\x8fF\xd2\a\x11\xcdC1k\x8b\xb4[\xb16\xa6a\xe2\xe7\x8d\x88\x8d\xa8:\xc1\xcb\b', 0x2, 0x1074, &(0x7f0000014000)=""/4096, 0x0, 0x0, [0x3f000000]}, 0x48) 22:37:55 executing program 1: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x0, 0x0) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000140)="a7e66891b3c4503a1061c17727c1d522854b5b6493f286a24a29c4741f0e38eef3c3f9843d3a0c490f0bb1e7d2d609accfefa8227ac2a7a79ae00d7c6f696bcd50d24eff01b9368c754ef748fe352124ced7d38607ec80d03d3ce497a5d65ef83da9366e221f7b509516091fb311b69319947307836405776778f944826f7364999fbc557e3d3a27e73b463ee362329e8d62294e51036508bb382c7830a2d4c728a3bfabeb544e0f3672a5019c9bc03bcd69c2e62721aabcc02386c74fd1e793610011348c794e5cee9763e05f0d3220e2da70007bd337bf4b1463c390ffb10611e8d0335e0ab726d63a4fc3dc3e16d18b536b6f8fc2d178c300d26ae9358d67") ioctl$TIOCCONS(r0, 0x541d) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000040)={0x1, {{0x2, 0x4e23, @multicast1}}}, 0x88) read$FUSE(r0, 0x0, 0xfffffffffffffe69) [ 938.449693][T10937] sg_write: data in/out 262108/4 bytes for SCSI command 0x0-- guessing data in; [ 938.449693][T10937] program syz-executor4 not setting count and/or reply_len properly 22:37:56 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_adj\x00') exit(0x0) preadv(r0, &(0x7f0000001600), 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000000)=0x20) 22:37:56 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff}) syz_mount_image$f2fs(&(0x7f0000000180)='f2fs\x00', &(0x7f00000001c0)='./file0\x00', 0x3d04, 0x0, 0x0, 0x4, &(0x7f0000002380)={[{@norecovery='norecovery'}, {@data_flush='data_flush'}, {@four_active_logs='active_logs=4'}, {@quota='quota'}, {@lazytime='lazytime'}, {@usrjquota={'usrjquota', 0x3d, 'security.SMACK64TRANSMUTE\x00'}}, {@jqfmt_vfsold='jqfmt=vfsold'}, {@discard='discard'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}], [{@defcontext={'defcontext', 0x3d, 'system_u'}}, {@appraise='appraise'}, {@subj_role={'subj_role', 0x3d, '@\xb0#posix_acl_access'}}, {@dont_measure='dont_measure'}]}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 22:37:56 executing program 1: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000080)=@assoc_value={<r1=>0x0}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000100)={r1, @in={{0x2, 0x4e21, @multicast2}}, 0xfffffffffffff177, 0x9, 0xd9e, 0x4, 0x100}, &(0x7f00000001c0)=0x98) read$FUSE(r0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000040)=0x7fffffff, 0x4) 22:37:56 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460000040000000000000000000000d40000004c00000000000000000000000000000000001cca000000e4"], 0x2e) 22:37:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xe, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x64, 0x4c000000}}, &(0x7f0000000200)='7R\xec\x1f\x83\"\x8e@\xb7Ec\x80!\xe8\x98\xb9\x0fc\x1e\xf9\x04`\x0e\x963kU\xd5:\n\x86\xfc\f`v\x92\xa0F\xa6R\xd10a\v7\x8cA\xd5taZ\xa8\x15\xb164\xd0\x98\xacm\x1c\x15\x8e}\xa9~\a?\x01\xbe\xfe\x04\f\xd2\x8b#A\x84J\x87\x02o\xb4\xd7\xaa\x83\xda\xfe\xfc\xf57\x90\xe0D\xcd\xd1Z\xe9\x99-\x82\xd0\'\a{\xe4\xef\x85\x83\xadJ\x8f\x88\xdeDH@\\\xea\xc4>\xc4\"\xdcl\a\x00\x00\x00\x00\x00\x00J\x88g\x1c\x19\xe52\xa2\x98\x06j8@iV\xb6Z\xdbR{,\xed\x05\x00c\xa5\xc8\x8fF\xd2\a\x11\xcdC1k\x8b\xb4[\xb16\xa6a\xe2\xe7\x8d\x88\x8d\xa8:\xc1\xcb\b', 0x2, 0x1074, &(0x7f0000014000)=""/4096, 0x0, 0x0, [0x40000000]}, 0x48) 22:37:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xe, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x64, 0x4c000000}}, &(0x7f0000000200)='7R\xec\x1f\x83\"\x8e@\xb7Ec\x80!\xe8\x98\xb9\x0fc\x1e\xf9\x04`\x0e\x963kU\xd5:\n\x86\xfc\f`v\x92\xa0F\xa6R\xd10a\v7\x8cA\xd5taZ\xa8\x15\xb164\xd0\x98\xacm\x1c\x15\x8e}\xa9~\a?\x01\xbe\xfe\x04\f\xd2\x8b#A\x84J\x87\x02o\xb4\xd7\xaa\x83\xda\xfe\xfc\xf57\x90\xe0D\xcd\xd1Z\xe9\x99-\x82\xd0\'\a{\xe4\xef\x85\x83\xadJ\x8f\x88\xdeDH@\\\xea\xc4>\xc4\"\xdcl\a\x00\x00\x00\x00\x00\x00J\x88g\x1c\x19\xe52\xa2\x98\x06j8@iV\xb6Z\xdbR{,\xed\x05\x00c\xa5\xc8\x8fF\xd2\a\x11\xcdC1k\x8b\xb4[\xb16\xa6a\xe2\xe7\x8d\x88\x8d\xa8:\xc1\xcb\b', 0x2, 0x1074, &(0x7f0000014000)=""/4096, 0x0, 0x0, [0x43000000]}, 0x48) 22:37:56 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460000040000000000000000000000d40000006800000000000000000000000000000000001cca000000e4"], 0x2e) [ 939.167542][T10956] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) 22:37:56 executing program 1: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000140)=ANY=[@ANYBLOB="6e61740000000000000000000000000000000000001842000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005810f528769d7fe60000000000000000000000000000000000000000000000080000000000000000000000000000000000008f93902e54bd6eee49bc89d5b50eb7c3e052d70064eef4bf3662c39f4d2a02ff3b3ea9b3ff0966d2295abf3525052e464025ac0019bf93103e68000222fd35d68a327e56f5ad1b43412cb6247787f783ea08e94f7d1ec55d6597df55dee150eb05600937a9e13d2afaac2edc72736559068a6f1d"], 0x78) prctl$PR_GET_NAME(0x10, &(0x7f0000000040)=""/119) [ 939.214806][T10956] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 939.276518][T10956] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 939.285099][T10956] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 939.336812][T10956] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 939.377329][T10956] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 939.411893][T10956] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 939.425615][T10956] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 942.734545][ T1043] ------------[ cut here ]------------ [ 942.740643][ T1043] kernel BUG at mm/page_alloc.c:3112! [ 942.746017][ T1043] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 942.752096][ T1043] CPU: 0 PID: 1043 Comm: kcompactd0 Not tainted 5.0.0-rc2-next-20190116 #13 [ 942.760748][ T1043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 942.770806][ T1043] RIP: 0010:__isolate_free_page+0x4a8/0x680 [ 942.776697][ T1043] Code: 4c 39 e3 77 c0 0f b6 8d 74 ff ff ff b8 01 00 00 00 48 d3 e0 e9 11 fd ff ff 48 c7 c6 a0 65 52 88 4c 89 e7 e8 6a 14 10 00 0f 0b <0f> 0b 48 c7 c6 c0 66 52 88 4c 89 e7 e8 57 14 10 00 0f 0b 48 89 cf [ 942.796291][ T1043] RSP: 0018:ffff8880a783ef58 EFLAGS: 00010003 [ 942.802345][ T1043] RAX: 0000000020000080 RBX: 0000000000000000 RCX: ffff88812fffc7e0 [ 942.810304][ T1043] RDX: 1ffff11025fff8fc RSI: 0000000000000008 RDI: ffff88812fffc7b0 [ 942.818281][ T1043] RBP: ffff8880a783f018 R08: ffff8880a78c8000 R09: ffffed1014f07df2 [ 942.826243][ T1043] R10: ffffed1014f07df1 R11: 0000000000000003 R12: ffff88812fffc7b0 [ 942.834209][ T1043] R13: 1ffff11014f07df2 R14: ffff88812fffc7b0 R15: ffff8880a783eff0 [ 942.842182][ T1043] FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 942.851103][ T1043] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 942.857681][ T1043] CR2: 000000c4313a9410 CR3: 0000000009871000 CR4: 00000000001406f0 [ 942.865657][ T1043] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 942.873614][ T1043] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 942.881587][ T1043] Call Trace: [ 942.884872][ T1043] ? lock_release+0xc40/0xc40 [ 942.889544][ T1043] ? rwlock_bug.part.0+0x90/0x90 [ 942.894489][ T1043] ? zone_watermark_ok+0x1b0/0x1b0 [ 942.899589][ T1043] ? trace_hardirqs_on+0xbd/0x310 [ 942.904619][ T1043] ? kasan_check_read+0x11/0x20 [ 942.909464][ T1043] compaction_alloc+0xd05/0x2970 -------------------- Current output -------------------- -------------------- My suggested output -------------------- [ 938.184721][T10912] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 938.193080][T10912] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 938.202030][T10912] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 938.210375][T10912] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 938.XXXXXX][ T$pid] 22:37:55 executing program #01234567: [ 938.275686][T10912] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 938.300740][T10912] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 938.XXXXXX][ T$pid] 22:37:55 executing program #12345678: [ 938.XXXXXX][ T$pid] 22:37:55 executing program #23456789: [ 938.449693][T10937] sg_write: data in/out 262108/4 bytes for SCSI command 0x0-- guessing data in; [ 938.449693][T10937] program syz-executor4 not setting count and/or reply_len properly [ 939.XXXXXX][ T$pid] 22:37:56 executing program #3456789a: [ 939.XXXXXX][ T$pid] 22:37:56 executing program #456789ab: [ 939.XXXXXX][ T$pid] 22:37:56 executing program #56789abc: [ 939.XXXXXX][ T$pid] 22:37:56 executing program #6789abcd: [ 939.XXXXXX][ T$pid] 22:37:56 executing program #789abcde: [ 939.XXXXXX][ T$pid] 22:37:56 executing program #89abcdef: [ 939.XXXXXX][ T$pid] 22:37:56 executing program #9abcdef0: [ 939.167542][T10956] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 939.XXXXXX][ T$pid] 22:37:56 executing program #abcdef01: [ 939.214806][T10956] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 939.276518][T10956] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 939.285099][T10956] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 939.336812][T10956] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 939.377329][T10956] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 939.411893][T10956] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 939.425615][T10956] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 942.734545][ T1043] ------------[ cut here ]------------ [ 942.740643][ T1043] kernel BUG at mm/page_alloc.c:3112! [ 942.746017][ T1043] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 942.752096][ T1043] CPU: 0 PID: 1043 Comm: kcompactd0 Not tainted 5.0.0-rc2-next-20190116 #13 [ 942.760748][ T1043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 942.770806][ T1043] RIP: 0010:__isolate_free_page+0x4a8/0x680 [ 942.776697][ T1043] Code: 4c 39 e3 77 c0 0f b6 8d 74 ff ff ff b8 01 00 00 00 48 d3 e0 e9 11 fd ff ff 48 c7 c6 a0 65 52 88 4c 89 e7 e8 6a 14 10 00 0f 0b <0f> 0b 48 c7 c6 c0 66 52 88 4c 89 e7 e8 57 14 10 00 0f 0b 48 89 cf [ 942.796291][ T1043] RSP: 0018:ffff8880a783ef58 EFLAGS: 00010003 [ 942.802345][ T1043] RAX: 0000000020000080 RBX: 0000000000000000 RCX: ffff88812fffc7e0 [ 942.810304][ T1043] RDX: 1ffff11025fff8fc RSI: 0000000000000008 RDI: ffff88812fffc7b0 [ 942.818281][ T1043] RBP: ffff8880a783f018 R08: ffff8880a78c8000 R09: ffffed1014f07df2 [ 942.826243][ T1043] R10: ffffed1014f07df1 R11: 0000000000000003 R12: ffff88812fffc7b0 [ 942.834209][ T1043] R13: 1ffff11014f07df2 R14: ffff88812fffc7b0 R15: ffff8880a783eff0 [ 942.842182][ T1043] FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 942.851103][ T1043] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 942.857681][ T1043] CR2: 000000c4313a9410 CR3: 0000000009871000 CR4: 00000000001406f0 [ 942.865657][ T1043] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 942.873614][ T1043] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 942.881587][ T1043] Call Trace: [ 942.884872][ T1043] ? lock_release+0xc40/0xc40 [ 942.889544][ T1043] ? rwlock_bug.part.0+0x90/0x90 [ 942.894489][ T1043] ? zone_watermark_ok+0x1b0/0x1b0 [ 942.899589][ T1043] ? trace_hardirqs_on+0xbd/0x310 [ 942.904619][ T1043] ? kasan_check_read+0x11/0x20 [ 942.909464][ T1043] compaction_alloc+0xd05/0x2970 Program for #01234567 r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460000040000000000000000000000d40000004800000000000000000000000000000000001cca000000e4"], 0x2e) Program for #12345678 bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xe, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x64, 0x4c000000}}, &(0x7f0000000200)='7R\xec\x1f\x83\"\x8e@\xb7Ec\x80!\xe8\x98\xb9\x0fc\x1e\xf9\x04`\x0e\x963kU\xd5:\n\x86\xfc\f`v\x92\xa0F\xa6R\xd10a\v7\x8cA\xd5taZ\xa8\x15\xb164\xd0\x98\xacm\x1c\x15\x8e}\xa9~\a?\x01\xbe\xfe\x04\f\xd2\x8b#A\x84J\x87\x02o\xb4\xd7\xaa\x83\xda\xfe\xfc\xf57\x90\xe0D\xcd\xd1Z\xe9\x99-\x82\xd0\'\a{\xe4\xef\x85\x83\xadJ\x8f\x88\xdeDH@\\\xea\xc4>\xc4\"\xdcl\a\x00\x00\x00\x00\x00\x00J\x88g\x1c\x19\xe52\xa2\x98\x06j8@iV\xb6Z\xdbR{,\xed\x05\x00c\xa5\xc8\x8fF\xd2\a\x11\xcdC1k\x8b\xb4[\xb16\xa6a\xe2\xe7\x8d\x88\x8d\xa8:\xc1\xcb\b', 0x2, 0x1074, &(0x7f0000014000)=""/4096, 0x0, 0x0, [0x3f000000]}, 0x48) Program for #23456789 r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x0, 0x0) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000140)="a7e66891b3c4503a1061c17727c1d522854b5b6493f286a24a29c4741f0e38eef3c3f9843d3a0c490f0bb1e7d2d609accfefa8227ac2a7a79ae00d7c6f696bcd50d24eff01b9368c754ef748fe352124ced7d38607ec80d03d3ce497a5d65ef83da9366e221f7b509516091fb311b69319947307836405776778f944826f7364999fbc557e3d3a27e73b463ee362329e8d62294e51036508bb382c7830a2d4c728a3bfabeb544e0f3672a5019c9bc03bcd69c2e62721aabcc02386c74fd1e793610011348c794e5cee9763e05f0d3220e2da70007bd337bf4b1463c390ffb10611e8d0335e0ab726d63a4fc3dc3e16d18b536b6f8fc2d178c300d26ae9358d67") ioctl$TIOCCONS(r0, 0x541d) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000040)={0x1, {{0x2, 0x4e23, @multicast1}}}, 0x88) read$FUSE(r0, 0x0, 0xfffffffffffffe69) Program for #3456789a r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_adj\x00') exit(0x0) preadv(r0, &(0x7f0000001600), 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000000)=0x20) Program for #456789ab socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff}) syz_mount_image$f2fs(&(0x7f0000000180)='f2fs\x00', &(0x7f00000001c0)='./file0\x00', 0x3d04, 0x0, 0x0, 0x4, &(0x7f0000002380)={[{@norecovery='norecovery'}, {@data_flush='data_flush'}, {@four_active_logs='active_logs=4'}, {@quota='quota'}, {@lazytime='lazytime'}, {@usrjquota={'usrjquota', 0x3d, 'security.SMACK64TRANSMUTE\x00'}}, {@jqfmt_vfsold='jqfmt=vfsold'}, {@discard='discard'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}], [{@defcontext={'defcontext', 0x3d, 'system_u'}}, {@appraise='appraise'}, {@subj_role={'subj_role', 0x3d, '@\xb0#posix_acl_access'}}, {@dont_measure='dont_measure'}]}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) Program for #56789abc r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000080)=@assoc_value={<r1=>0x0}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000100)={r1, @in={{0x2, 0x4e21, @multicast2}}, 0xfffffffffffff177, 0x9, 0xd9e, 0x4, 0x100}, &(0x7f00000001c0)=0x98) read$FUSE(r0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000040)=0x7fffffff, 0x4) Program for #6789abcd r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460000040000000000000000000000d40000004c00000000000000000000000000000000001cca000000e4"], 0x2e) Program for #789abcde bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xe, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x64, 0x4c000000}}, &(0x7f0000000200)='7R\xec\x1f\x83\"\x8e@\xb7Ec\x80!\xe8\x98\xb9\x0fc\x1e\xf9\x04`\x0e\x963kU\xd5:\n\x86\xfc\f`v\x92\xa0F\xa6R\xd10a\v7\x8cA\xd5taZ\xa8\x15\xb164\xd0\x98\xacm\x1c\x15\x8e}\xa9~\a?\x01\xbe\xfe\x04\f\xd2\x8b#A\x84J\x87\x02o\xb4\xd7\xaa\x83\xda\xfe\xfc\xf57\x90\xe0D\xcd\xd1Z\xe9\x99-\x82\xd0\'\a{\xe4\xef\x85\x83\xadJ\x8f\x88\xdeDH@\\\xea\xc4>\xc4\"\xdcl\a\x00\x00\x00\x00\x00\x00J\x88g\x1c\x19\xe52\xa2\x98\x06j8@iV\xb6Z\xdbR{,\xed\x05\x00c\xa5\xc8\x8fF\xd2\a\x11\xcdC1k\x8b\xb4[\xb16\xa6a\xe2\xe7\x8d\x88\x8d\xa8:\xc1\xcb\b', 0x2, 0x1074, &(0x7f0000014000)=""/4096, 0x0, 0x0, [0x40000000]}, 0x48) Program for #89abcdef bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xe, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x64, 0x4c000000}}, &(0x7f0000000200)='7R\xec\x1f\x83\"\x8e@\xb7Ec\x80!\xe8\x98\xb9\x0fc\x1e\xf9\x04`\x0e\x963kU\xd5:\n\x86\xfc\f`v\x92\xa0F\xa6R\xd10a\v7\x8cA\xd5taZ\xa8\x15\xb164\xd0\x98\xacm\x1c\x15\x8e}\xa9~\a?\x01\xbe\xfe\x04\f\xd2\x8b#A\x84J\x87\x02o\xb4\xd7\xaa\x83\xda\xfe\xfc\xf57\x90\xe0D\xcd\xd1Z\xe9\x99-\x82\xd0\'\a{\xe4\xef\x85\x83\xadJ\x8f\x88\xdeDH@\\\xea\xc4>\xc4\"\xdcl\a\x00\x00\x00\x00\x00\x00J\x88g\x1c\x19\xe52\xa2\x98\x06j8@iV\xb6Z\xdbR{,\xed\x05\x00c\xa5\xc8\x8fF\xd2\a\x11\xcdC1k\x8b\xb4[\xb16\xa6a\xe2\xe7\x8d\x88\x8d\xa8:\xc1\xcb\b', 0x2, 0x1074, &(0x7f0000014000)=""/4096, 0x0, 0x0, [0x43000000]}, 0x48) Program for #9abcdef0 r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460000040000000000000000000000d40000006800000000000000000000000000000000001cca000000e4"], 0x2e) Program for #abcdef01 r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000140)=ANY=[@ANYBLOB="6e61740000000000000000000000000000000000001842000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005810f528769d7fe60000000000000000000000000000000000000000000000080000000000000000000000000000000000008f93902e54bd6eee49bc89d5b50eb7c3e052d70064eef4bf3662c39f4d2a02ff3b3ea9b3ff0966d2295abf3525052e464025ac0019bf93103e68000222fd35d68a327e56f5ad1b43412cb6247787f783ea08e94f7d1ec55d6597df55dee150eb05600937a9e13d2afaac2edc72736559068a6f1d"], 0x78) prctl$PR_GET_NAME(0x10, &(0x7f0000000040)=""/119) -------------------- My suggested output -------------------- ^ permalink raw reply [flat|nested] 20+ messages in thread
end of thread, other threads:[~2019-01-20 14:25 UTC | newest] Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-12-31 7:42 INFO: rcu detected stall in ndisc_alloc_skb syzbot 2018-12-31 7:49 ` Dmitry Vyukov 2018-12-31 7:49 ` Dmitry Vyukov 2018-12-31 8:17 ` Tetsuo Handa 2018-12-31 8:24 ` Dmitry Vyukov 2018-12-31 8:24 ` Dmitry Vyukov 2019-01-02 17:06 ` Tetsuo Handa 2019-01-05 10:49 ` Tetsuo Handa 2019-01-06 13:24 ` Dmitry Vyukov 2019-01-06 13:24 ` Dmitry Vyukov 2019-01-06 13:47 ` Tetsuo Handa 2019-01-07 11:12 ` Dmitry Vyukov 2019-01-07 11:12 ` Dmitry Vyukov 2019-01-18 5:20 ` Tetsuo Handa 2019-01-19 12:16 ` Dmitry Vyukov 2019-01-19 12:16 ` Dmitry Vyukov 2019-01-19 13:10 ` Tetsuo Handa 2019-01-20 13:30 ` Dmitry Vyukov 2019-01-20 13:30 ` Dmitry Vyukov 2019-01-20 14:24 ` Tetsuo Handa
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.