syzbot

 sign-in | mailing list | source | docs
🐞 Open [196] 🐞 Fixed [42] 🐞 Invalid [470] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: bad unlock balance in dump_stack (2)

Status: auto-closed as invalid on 2019/02/22 15:23
First crash: 2340d, last: 2323d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-49 BUG: bad unlock balance in dump_stack 1 2340d 2340d 0/3 closed as invalid on 2017/11/29 09:20

Sample crash report:
keychord: invalid keycode count 0
keychord: invalid keycode count 0

=====================================
[ BUG: bad unlock balance detected! ]
4.9.69-g3f1d77c #108 Not tainted
-------------------------------------
syz-executor7/6181 is trying to release lock ([   45.364299] devpts: called with bogus options
mrt_lock) at:
but there are no more locks to release!

other info that might help us debug this:
2 locks held by syz-executor7/6181:
 #0:  (&f->f_pos_lock){+.+.+.}[   45.401237] FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 6195 Comm: syz-executor0 Not tainted 4.9.69-g3f1d77c #108
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d89b78e0
 ffffffff81d90a29 ffff8801d89b7bc0 0000000000000000 ffff8801a7037310
 ffff8801d89b7ab0 ffff8801a7037200 ffff8801d89b7ad8 ffffffff8165e557
 ffff8801d5783000 ffff8801d89b7a30 00000001cec38067Call Trace:
 [<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e557>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cd781>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd781>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd781>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd781>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838abcd8>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff815a084e>] getname_flags+0x10e/0x580 fs/namei.c:148
 [<ffffffff815a4156>] getname fs/namei.c:208 [inline]
 [<ffffffff815a4156>] user_path_create fs/namei.c:3695 [inline]
 [<ffffffff815a4156>] SYSC_mkdirat fs/namei.c:3839 [inline]
 [<ffffffff815a4156>] SyS_mkdirat fs/namei.c:3831 [inline]
 [<ffffffff815a4156>] SYSC_mkdir fs/namei.c:3858 [inline]
 [<ffffffff815a4156>] SyS_mkdir+0xa6/0x260 fs/namei.c:3856
 [<ffffffff838aab05>] entry_SYSCALL_64_fastpath+0x23/0xc6
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 6188 Comm: syz-executor0 Not tainted 4.9.69-g3f1d77c #108
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801cff5f480
 ffffffff81d90a29 ffff8801cff5f760 0000000000000000 ffff8801a7037310
 ffff8801cff5f650 ffff8801a7037200 ffff8801cff5f678 ffffffff8165e557
 00000000000027db ffff8801cff5f5d0 00000001cec38067Call Trace:
 [<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e557>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cd781>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd781>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd781>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd781>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838abcd8>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff83208467>] do_ip_setsockopt.isra.12+0x1977/0x2960 net/ipv4/ip_sockglue.c:1151
 [<ffffffff8320948a>] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240
 [<ffffffff832291c2>] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736
 [<ffffffff82ed6265>] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706
 [<ffffffff82ed3220>] SYSC_setsockopt net/socket.c:1771 [inline]
 [<ffffffff82ed3220>] SyS_setsockopt+0x160/0x250 net/socket.c:1750
 [<ffffffff838aab05>] entry_SYSCALL_64_fastpath+0x23/0xc6
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 6208 Comm: syz-executor0 Not tainted 4.9.69-g3f1d77c #108
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d5dcf8e0
 ffffffff81d90a29 ffff8801d5dcfbc0 0000000000000000 ffff8801a7037490
 ffff8801d5dcfab0 ffff8801a7037380 ffff8801d5dcfad8 ffffffff8165e557
 0000000000000000 ffff8801d5dcfa30 00000001c9603067Call Trace:
 [<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e557>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cd781>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd781>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd781>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd781>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838abcd8>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff815a084e>] getname_flags+0x10e/0x580 fs/namei.c:148
 [<ffffffff815a4156>] getname fs/namei.c:208 [inline]
 [<ffffffff815a4156>] user_path_create fs/namei.c:3695 [inline]
 [<ffffffff815a4156>] SYSC_mkdirat fs/namei.c:3839 [inline]
 [<ffffffff815a4156>] SyS_mkdirat fs/namei.c:3831 [inline]
 [<ffffffff815a4156>] SYSC_mkdir fs/namei.c:3858 [inline]
 [<ffffffff815a4156>] SyS_mkdir+0xa6/0x260 fs/namei.c:3856
 [<ffffffff838aab05>] entry_SYSCALL_64_fastpath+0x23/0xc6
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 6204 Comm: syz-executor0 Not tainted 4.9.69-g3f1d77c #108
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d5cc7480
 ffffffff81d90a29 ffff8801d5cc7760 0000000000000000 ffff8801a7037490
 ffff8801d5cc7650 ffff8801a7037380 ffff8801d5cc7678 ffffffff8165e557
 0000000000000000 ffff8801d5cc75d0 00000001c9603067Call Trace:
 [<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e557>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cd781>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd781>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd781>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd781>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838abcd8>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff83208467>] do_ip_setsockopt.isra.12+0x1977/0x2960 net/ipv4/ip_sockglue.c:1151
 [<ffffffff8320948a>] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240
 [<ffffffff832291c2>] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736
 [<ffffffff82ed6265>] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706
 [<ffffffff82ed3220>] SYSC_setsockopt net/socket.c:1771 [inline]
 [<ffffffff82ed3220>] SyS_setsockopt+0x160/0x250 net/socket.c:1750
 [<ffffffff838aab05>] entry_SYSCALL_64_fastpath+0x23/0xc6
netlink: 16 bytes leftover after parsing attributes in process `syz-executor3'.
, at: [<ffffffff815cfb1f>] __fdget_pos+0x9f/0xc0 fs/file.c:781
 #1:  (&p->lock){+.+.+.}, at: [<ffffffff815e4f1d>] seq_read+0xdd/0x1290 fs/seq_file.c:178

stack backtrace:
CPU: 1 PID: 6181 Comm: syz-executor7 Not tainted 4.9.69-g3f1d77c #108
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801cf3bf8e8 ffffffff81d90a29 ffffffff849ae9f8 ffff8801d8149800
 ffffffff834dfd74 ffffffff849ae9f8 ffff8801d814a088 ffff8801cf3bf918
 ffffffff81235404 dffffc0000000000 ffffffff849ae9f8 00000000ffffffff
Call Trace:
 [<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81235404>] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3398
 [<ffffffff8123ded8>] __lock_release kernel/locking/lockdep.c:3540 [inline]
 [<ffffffff8123ded8>] lock_release+0x6f8/0xb80 kernel/locking/lockdep.c:3775
 [<ffffffff838aa67a>] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline]
 [<ffffffff838aa67a>] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255
 [<ffffffff834dfd74>] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553
 [<ffffffff815e58c3>] seq_read+0xa83/0x1290 fs/seq_file.c:283
 [<ffffffff816be57f>] proc_reg_read+0xef/0x170 fs/proc/inode.c:202
 [<ffffffff81568ef1>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156cd60>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156cd60>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156d014>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156d136>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff81570627>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff81570627>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838aab05>] entry_SYSCALL_64_fastpath+0x23/0xc6
netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'.
audit: type=1400 audit(1513442032.461:31): avc:  denied  { write } for  pid=6254 comm="syz-executor3" name="net" dev="proc" ino=16805 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1
audit: type=1400 audit(1513442032.491:32): avc:  denied  { add_name } for  pid=6254 comm="syz-executor3" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1
device gre0 entered promiscuous mode
netlink: 6 bytes leftover after parsing attributes in process `syz-executor7'.
device lo entered promiscuous mode
netlink: 6 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'.
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6416:6432 ioctl 40046207 0 returned -16
binder_alloc: 6416: binder_alloc_buf, no vma
netlink: 13 bytes leftover after parsing attributes in process `syz-executor5'.
binder: 6416:6432 transaction failed 29189/-3, size 0-0 line 3130
binder: 6416:6480 BC_FREE_BUFFER u000000002000c000 no match
device gre0 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=45 sclass=netlink_xfrm_socket pig=6597 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=45 sclass=netlink_xfrm_socket pig=6597 comm=syz-executor2
binder: 6606:6608 ioctl 85 20416000 returned -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6606:6608 ioctl 40046207 0 returned -16
binder: 6606:6608 ioctl c0306201 2004f000 returned -14
binder: 6606:6608 ioctl c018620b 20088000 returned -14
binder: 6606:6608 ioctl c0306201 204ef000 returned -14
binder: 6606:6610 ioctl 85 20416000 returned -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6606:6610 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 6606:6610 ioctl 40046207 0 returned -16
binder: 6606:6608 ioctl c0306201 2004f000 returned -14
binder: 6606:6608 ioctl c018620b 20088000 returned -14
binder: 6606:6608 ioctl c0306201 204ef000 returned -14
IPv6: ADDRCONF(NETDEV_UP): gre0: link is not ready
device gre0 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6649 comm=syz-executor0
device gre0 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6659 comm=syz-executor0
netlink: 16 bytes leftover after parsing attributes in process `syz-executor7'.
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=6851 comm=syz-executor0
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=6851 comm=syz-executor0
device gre0 entered promiscuous mode
keychord: Insufficient bytes present for keycount 18
keychord: Insufficient bytes present for keycount 18
nla_parse: 5 callbacks suppressed
netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'.
handle_userfault: 16 callbacks suppressed
FAULT_FLAG_ALLOW_RETRY missing 30
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 6967 Comm: syz-executor4 Not tainted 4.9.69-g3f1d77c #108
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801cb9c7980 ffffffff81d90a29 ffff8801cb9c7c60 0000000000000000
 ffff8801a7036290 ffff8801cb9c7b50 ffff8801a7036180 ffff8801cb9c7b78
 ffffffff8165e557 1ffff1003b6442a4 ffff8801cb9c7ad0 00000001c22dd067
Call Trace:
 [<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e557>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cd781>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd781>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd781>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd781>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838abcd8>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838aab05>] entry_SYSCALL_64_fastpath+0x23/0xc6
device gre0 entered promiscuous mode
IPv6: Can't replace route, no match found
binder: 7020:7026 ERROR: BC_REGISTER_LOOPER called without request
binder: 7020:7026 ioctl c0306201 20008fd0 returned -11
binder: 7020:7026 BC_DEAD_BINDER_DONE 0000000000000000 not found
binder: 7020:7026 got reply transaction with no transaction stack
binder: 7020:7026 transaction failed 29201/-71, size 48-16 line 2923
IPv6: Can't replace route, no match found
binder: 7020:7026 ERROR: BC_REGISTER_LOOPER called without request
binder: 7020:7026 BC_DEAD_BINDER_DONE 0000000000000000 not found
binder: 7020:7026 got reply transaction with no transaction stack
binder: 7020:7026 transaction failed 29201/-71, size 48-16 line 2923
netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor2'.
CPU: 1 PID: 6974 Comm: syz-executor4 Not tainted 4.9.69-g3f1d77c #108
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d6197920 ffffffff81d90a29 ffff8801d6197c00 0000000000000000
 ffff8801a7036290 ffff8801d6197af0 ffff8801a7036180 ffff8801d6197b18
 ffffffff8165e557 0000000000000000 ffff8801d6197a70 00000001c22dd067
Call Trace:
 [<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8165e557>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cd781>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cd781>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cd781>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cd781>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
 [<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff838abcd8>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838aab05>] entry_SYSCALL_64_fastpath+0x23/0xc6
netlink: 2 bytes leftover after parsing attributes in process `syz-executor4'.
syz-executor0: vmalloc: allocation failure: 17179607040 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM)
CPU: 0 PID: 7135 Comm: syz-executor0 Not tainted 4.9.69-g3f1d77c #108
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff88016909f880 ffffffff81d90a29 1ffff1002d213f13 ffff8801a1261800
 ffffffff83ab7dc0 0000000000000001 0000000000400000 ffff88016909f990
 ffffffff8144eb92 024000c2ca10bc85 0000000041b58ab3 ffffffff8419160d
Call Trace:
 [<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8144eb92>] warn_alloc+0x212/0x240 mm/page_alloc.c:3056
 [<ffffffff814fc415>] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722
 [<ffffffff814fc6db>] __vmalloc_node mm/vmalloc.c:1744 [inline]
 [<ffffffff814fc6db>] __vmalloc_node_flags mm/vmalloc.c:1758 [inline]
 [<ffffffff814fc6db>] vmalloc+0x5b/0x70 mm/vmalloc.c:1773
 [<ffffffff83138911>] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722
 [<ffffffff8351680a>] translate_table+0x21a/0x1e80 net/ipv6/netfilter/ip6_tables.c:730
 [<ffffffff810002b8>] ? 0xffffffff810002b8
 [<ffffffff8351a6ee>] do_replace net/ipv6/netfilter/ip6_tables.c:1182 [inline]
 [<ffffffff8351a6ee>] do_ip6t_set_ctl+0x2be/0x470 net/ipv6/netfilter/ip6_tables.c:1708
 [<ffffffff83099587>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
 [<ffffffff83099587>] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114
 [<ffffffff83472115>] ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:911
 [<ffffffff832291c2>] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736
 [<ffffffff82ed6265>] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706
 [<ffffffff82ed3220>] SYSC_setsockopt net/socket.c:1771 [inline]
 [<ffffffff82ed3220>] SyS_setsockopt+0x160/0x250 net/socket.c:1750
 [<ffffffff838aab05>] entry_SYSCALL_64_fastpath+0x23/0xc6
Mem-Info:
active_anon:87920 inactive_anon:45 isolated_anon:0
 active_file:3618 inactive_file:7369 isolated_file:0
 unevictable:0 dirty:84 writeback:0 unstable:0
 slab_reclaimable:5414 slab_unreclaimable:31300
 mapped:22867 shmem:84 pagetables:790 bounce:0
 free:1470775 free_pcp:392 free_cma:0
Node 0 active_anon:358004kB inactive_anon:180kB active_file:14472kB inactive_file:29476kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91368kB dirty:188kB writeback:148kB shmem:336kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 34816kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no
syz-executor0: vmalloc: allocation failure: 17179607040 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM)
CPU: 1 PID: 7147 Comm: syz-executor0 Not tainted 4.9.69-g3f1d77c #108
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff880199847880 ffffffff81d90a29 1ffff10033308f13 ffff88019d91e000
 ffffffff83ab7dc0 0000000000000001 0000000000400000 ffff880199847990
 ffffffff8144eb92 024000c2ece0c830 0000000041b58ab3 ffffffff8419160d
Call Trace:
 [<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8144eb92>] warn_alloc+0x212/0x240 mm/page_alloc.c:3056
 [<ffffffff814fc415>] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722
 [<ffffffff814fc6db>] __vmalloc_node mm/vmalloc.c:1744 [inline]
 [<ffffffff814fc6db>] __vmalloc_node_flags mm/vmalloc.c:1758 [inline]
 [<ffffffff814fc6db>] vmalloc+0x5b/0x70 mm/vmalloc.c:1773
 [<ffffffff83138911>] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722
 [<ffffffff8351680a>] translate_table+0x21a/0x1e80 net/ipv6/netfilter/ip6_tables.c:730
 [<ffffffff810002b8>] ? 0xffffffff810002b8
 [<ffffffff8351a6ee>] do_replace net/ipv6/netfilter/ip6_tables.c:1182 [inline]
 [<ffffffff8351a6ee>] do_ip6t_set_ctl+0x2be/0x470 net/ipv6/netfilter/ip6_tables.c:1708
 [<ffffffff83099587>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
 [<ffffffff83099587>] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114
 [<ffffffff83472115>] ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:911
 [<ffffffff832291c2>] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736
 [<ffffffff82ed6265>] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706
 [<ffffffff82ed3220>] SYSC_setsockopt net/socket.c:1771 [inline]
 [<ffffffff82ed3220>] SyS_setsockopt+0x160/0x250 net/socket.c:1750
 [<ffffffff838aab05>] entry_SYSCALL_64_fastpath+0x23/0xc6
Mem-Info:
active_anon:90014 inactive_anon:45 isolated_anon:0
 active_file:3618 inactive_file:7369 isolated_file:0
 unevictable:0 dirty:47 writeback:37 unstable:0
 slab_reclaimable:5414 slab_unreclaimable:31529
 mapped:22842 shmem:84 pagetables:790 bounce:0
 free:1468384 free_pcp:397 free_cma:0
Node 0 active_anon:360056kB inactive_anon:180kB active_file:14472kB inactive_file:29476kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91368kB dirty:188kB writeback:148kB shmem:336kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 34816kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no
DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
DMA32 free:2981148kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:696kB local_pcp:0kB free_cma:0kB
Normal free:2876480kB min:36816kB low:46020kB high:55224kB active_anon:360056kB inactive_anon:180kB active_file:14472kB inactive_file:29476kB unevictable:0kB writepending:336kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:21656kB slab_unreclaimable:126116kB kernel_stack:6208kB pagetables:3160kB bounce:0kB free_pcp:892kB local_pcp:372kB free_cma:0kB
DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
11070 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
320236 pages reserved
netlink: 2 bytes leftover after parsing attributes in process `syz-executor4'.
DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=4 sclass=netlink_tcpdiag_socket pig=7215 comm=syz-executor1
lowmem_reserve[]: 0 2910 6411 6411
DMA32 free:2981148kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:696kB local_pcp:696kB free_cma:0kB
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=4 sclass=netlink_tcpdiag_socket pig=7215 comm=syz-executor1
lowmem_reserve[]: 0 0 3501 3501
Normal free:2855556kB min:36816kB low:46020kB high:55224kB active_anon:374360kB inactive_anon:180kB active_file:14492kB inactive_file:29512kB unevictable:0kB writepending:0kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:21700kB slab_unreclaimable:130840kB kernel_stack:5984kB pagetables:3276kB bounce:0kB free_pcp:1040kB local_pcp:400kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
DMA32: 1*4kB (M) 3*8kB (M) 6*16kB (M) 3*32kB (M) 3*64kB (M) 3*128kB (M) 2*256kB (M) 2*512kB (M) 1*1024kB (M) 2*2048kB (M) 726*4096kB (M) = 2981148kB
Normal: 67*4kB (M) 456*8kB (UME) 805*16kB (UME) 65*32kB (UME) 1178*64kB (UME) 650*128kB (UME) 345*256kB (UM) 174*512kB (UM) 127*1024kB (UM) 77*2048kB (UM) 544*4096kB (UM) = 2870844kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
11084 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
320236 pages reserved
audit: type=1400 audit(1513442036.941:38): avc:  denied  { dyntransition } for  pid=7249 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=process permissive=1
netlink: 13 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 13 bytes leftover after parsing attributes in process `syz-executor3'.
PF_BRIDGE: RTM_SETLINK with unknown ifindex
PF_BRIDGE: RTM_SETLINK with unknown ifindex
PF_BRIDGE: RTM_SETLINK with unknown ifindex
PF_BRIDGE: RTM_SETLINK with unknown ifindex
audit: type=1400 audit(1513442037.231:39): avc:  denied  { read } for  pid=7373 comm="syz-executor1" path="socket:[18522]" dev="sockfs" ino=18522 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
device lo entered promiscuous mode
blk_update_request: I/O error, dev loop7, sector 0
Buffer I/O error on dev loop7, logical block 0, lost async page write
blk_update_request: I/O error, dev loop7, sector 8
Buffer I/O error on dev loop7, logical block 1, lost async page write
blk_update_request: I/O error, dev loop7, sector 16
Buffer I/O error on dev loop7, logical block 2, lost async page write
blk_update_request: I/O error, dev loop7, sector 24
Buffer I/O error on dev loop7, logical block 3, lost async page write
blk_update_request: I/O error, dev loop7, sector 32
Buffer I/O error on dev loop7, logical block 4, lost async page write
blk_update_request: I/O error, dev loop7, sector 40
Buffer I/O error on dev loop7, logical block 5, lost async page write
blk_update_request: I/O error, dev loop7, sector 48
Buffer I/O error on dev loop7, logical block 6, lost async page write
blk_update_request: I/O error, dev loop7, sector 56
Buffer I/O error on dev loop7, logical block 7, lost async page write
blk_update_request: I/O error, dev loop7, sector 64
Buffer I/O error on dev loop7, logical block 8, lost async page write
blk_update_request: I/O error, dev loop7, sector 72
Buffer I/O error on dev loop7, logical block 9, lost async page write
binder: 7492:7493 transaction failed 29201/-28, size 72-32 line 3130
binder_alloc: binder_alloc_mmap_handler: 7492 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 7492:7493 ioctl 40046207 0 returned -16
binder_alloc: 7492: binder_alloc_buf, no vma
binder: 7492:7495 transaction failed 29189/-3, size 72-32 line 3130
audit: type=1400 audit(1513442037.561:40): avc:  denied  { create } for  pid=7496 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1
audit: type=1400 audit(1513442037.571:41): avc:  denied  { getattr } for  pid=7496 comm="syz-executor6" path="socket:[18615]" dev="sockfs" ino=18615 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1
audit: type=1400 audit(1513442037.591:42): avc:  denied  { fsetid } for  pid=7522 comm="syz-executor5" capability=4  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1513442037.981:43): avc:  denied  { create } for  pid=7574 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_iscsi_socket permissive=1
audit: type=1400 audit(1513442038.121:44): avc:  denied  { net_bind_service } for  pid=7651 comm="syz-executor0" capability=10  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/12/16 16:34 https://android.googlesource.com/kernel/common android-4.9 3f1d77ca5f8f b6f0c91b .config console log report ci-android-49-kasan-gce
2017/12/10 12:32 https://android.googlesource.com/kernel/common android-4.9 f26d3c76d376 5ad0ce95 .config console log report ci-android-49-kasan-gce
2017/12/10 02:40 https://android.googlesource.com/kernel/common android-4.9 f26d3c76d376 5ad0ce95 .config console log report ci-android-49-kasan-gce
2017/12/10 01:21 https://android.googlesource.com/kernel/common android-4.9 f26d3c76d376 5ad0ce95 .config console log report ci-android-49-kasan-gce
2017/12/08 22:50 https://android.googlesource.com/kernel/common android-4.9 f26d3c76d376 5ad0ce95 .config console log report ci-android-49-kasan-gce
2017/12/08 14:58 https://android.googlesource.com/kernel/common android-4.9 f26d3c76d376 b0fa969c .config console log report ci-android-49-kasan-gce
2017/12/08 03:10 https://android.googlesource.com/kernel/common android-4.9 f26d3c76d376 5d643f8e .config console log report ci-android-49-kasan-gce
2017/12/07 13:33 https://android.googlesource.com/kernel/common android-4.9 f26d3c76d376 5d643f8e .config console log report ci-android-49-kasan-gce
2017/12/05 22:25 https://android.googlesource.com/kernel/common android-4.9 12cae95a096c de212f1a .config console log report ci-android-49-kasan-gce
2017/11/29 13:26 https://android.googlesource.com/kernel/common android-4.9 8ae26d17330c 34f2c233 .config console log report ci-android-49-kasan-gce
* Struck through repros no longer work on HEAD.