===================================== [ BUG: bad unlock balance detected! ] 4.9.67-gf26d3c7 #106 Not tainted ------------------------------------- syz-executor4/10400 is trying to release lock ([ 80.528936] device gre0 entered promiscuous mode mrt_lock) at: but there are no more locks to release! other info that might help us debug this: 1 lock held by syz-executor4/10400: #0: (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x1290 fs/seq_file.c:178 stack backtrace: CPU: 1 PID: 10400 Comm: syz-executor4 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d963f8e8 ffffffff81d906e9 ffffffff849ae8f8 ffff8801d9636000 ffffffff834dec54 ffffffff849ae8f8 ffff8801d9636888 ffff8801d963f918 ffffffff812353f4 dffffc0000000000 ffffffff849ae8f8 00000000ffffffff Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3398 [] __lock_release kernel/locking/lockdep.c:3540 [inline] [] lock_release+0x6f8/0xb80 kernel/locking/lockdep.c:3775 [] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline] [] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255 [] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553 [] seq_read+0xa83/0x1290 fs/seq_file.c:283 [] proc_reg_read+0xef/0x170 fs/proc/inode.c:202 [] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714 [] do_loop_readv_writev fs/read_write.c:880 [inline] [] do_readv_writev+0x520/0x750 fs/read_write.c:874 [] vfs_readv+0x84/0xc0 fs/read_write.c:898 [] do_readv+0xe6/0x250 fs/read_write.c:924 [] SYSC_readv fs/read_write.c:1011 [inline] [] SyS_readv+0x27/0x30 fs/read_write.c:1008 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode binder: 10647:10648 ERROR: BC_REGISTER_LOOPER called without request FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 10628 Comm: syz-executor4 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a93a7990 ffffffff81d906e9 ffff8801a93a7c70 0000000000000000 ffff8801c6c4df10 ffff8801a93a7b60 ffff8801c6c4de00 ffff8801a93a7b88 ffffffff8165e307 ffff8801a8d2b000 ffff8801a93a7ae0 00000001a75c2067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder_alloc: binder_alloc_mmap_handler: 10647 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 10647:10648 ioctl 40046207 0 returned -16 binder: 10647:10648 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 10647: binder_alloc_buf, no vma binder: 10647:10655 transaction failed 29189/-3, size 0-0 line 3130 device gre0 entered promiscuous mode binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 98, process died. device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device gre0 entered promiscuous mode CPU: 1 PID: 10641 Comm: syz-executor4 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cb48f9c0 ffffffff81d906e9 ffff8801cb48fca0 0000000000000000 ffff8801c6c4df10 ffff8801cb48fb90 ffff8801c6c4de00 ffff8801cb48fbb8 ffffffff8165e307 b49a72d30de86cba ffff8801cb48fb10 00000001a75c2067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_keyctl security/keys/keyctl.c:1604 [inline] [] SyS_keyctl+0x1fb/0x230 security/keys/keyctl.c:1592 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 10652 Comm: syz-executor4 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c6f8f9c0 ffffffff81d906e9 ffff8801c6f8fca0 0000000000000000 ffff8801c6c4d010 ffff8801c6f8fb90 ffff8801c6c4cf00 ffff8801c6f8fbb8 ffffffff8165e307 a281b37535b35a56 ffff8801c6f8fb10 00000001cfdcb067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_keyctl security/keys/keyctl.c:1604 [inline] [] SyS_keyctl+0x1fb/0x230 security/keys/keyctl.c:1592 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 10641 Comm: syz-executor4 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cb48f990 ffffffff81d906e9 ffff8801cb48fc70 0000000000000000 ffff8801c6c4d010 ffff8801cb48fb60 ffff8801c6c4cf00 ffff8801cb48fb88 ffffffff8165e307 ffff8801a8d2e000 ffff8801cb48fae0 00000001cfdcb067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode binder: 10758:10767 BC_FREE_BUFFER u0000000000000000 no match binder: 10758:10767 ERROR: BC_REGISTER_LOOPER called without request binder: 10759:10768 ERROR: BC_REGISTER_LOOPER called without request binder: 10758:10767 got transaction to invalid handle binder: 10758:10767 transaction failed 29201/-22, size 72-56 line 3007 binder: 10758:10775 BC_FREE_BUFFER u0000000000000000 no match binder_alloc: binder_alloc_mmap_handler: 10759 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 10759:10789 ioctl 40046207 0 returned -16 binder: 10759:10768 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 10759: binder_alloc_buf, no vma binder: 10759:10789 transaction failed 29189/-3, size 0-0 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 10759:10768 transaction 102 in, still active binder: send failed reply for transaction 102 to 10759:10789 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 device gre0 entered promiscuous mode FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 10853 Comm: syz-executor3 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a7eef8a0 ffffffff81d906e9 ffff8801a7eefb80 0000000000000000 ffff8801c6c4c110 ffff8801a7eefa70 ffff8801c6c4c000 ffff8801a7eefa98 ffffffff8165e307 ffff8801d02979c0 ffff8801a7eef9f0 00000001d5470067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: 10928:10930 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 10928:10930 BC_INCREFS_DONE u000000002011a000 no match binder: 10928:10930 got transaction with invalid parent offset or type binder: 10928:10930 transaction failed 29201/-22, size 32-24 line 3253 device gre0 entered promiscuous mode binder: 10928:10930 got transaction with unaligned buffers size, 58534 binder: 10928:10930 transaction failed 29201/-22, size 0-40 line 3175 binder: BINDER_SET_CONTEXT_MGR already set binder: 10928:10936 ioctl 40046207 0 returned -16 binder: 10928:10930 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 10928:10930 BC_INCREFS_DONE u000000002011a000 no match binder_alloc: 10928: binder_alloc_buf, no vma binder: 10928:10930 transaction failed 29189/-3, size 32-24 line 3130 binder_alloc: 10928: binder_alloc_buf, no vma binder: 10928:10936 transaction failed 29189/-3, size 0-40 line 3130 binder: 10928:10930 ioctl c0306201 2000f000 returned -14 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 loop_reread_partitions: partition scan of loop0 (2°]€fI¸Òæ¶Ì”B±!S,›ùDÏ') failed (rc=-13) loop_reread_partitions: partition scan of loop0 (2°]€fI¸Òæ¶Ì”B±!S,›ùDÏ') failed (rc=-13) CPU: 1 PID: 10863 Comm: syz-executor3 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d53676c0 ffffffff81d906e9 ffff8801d53679a0 0000000000000000 ffff8801c6c4c110 ffff8801d5367890 ffff8801c6c4c000 ffff8801d53678b8 ffffffff8165e307 1ffff1003aa6cedc ffff8801d5367810 00000001d5470067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] sock_do_ioctl+0x94/0xb0 net/socket.c:899 [] sock_ioctl+0x2e0/0x3d0 net/socket.c:978 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x23/0xc6 loop_reread_partitions: partition scan of loop0 () failed (rc=-13) FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 11014 Comm: syz-executor2 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d4fdf4e0[ 83.581100] sg_write: data in/out 822404280/197 bytes for SCSI command 0x12-- guessing data in; program syz-executor6 not setting count and/or reply_len properly ffffffff81d906e9 ffff8801d4fdf7c0 0000000000000000 ffff8801c6c4c290 ffff8801d4fdf6b0 ffff8801c6c4c180 ffff8801d4fdf6d8 ffffffff8165e307 ffff880102408040 ffff8801d4fdf630 00000001d8c05067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] generic_perform_write+0x1dc/0x500 mm/filemap.c:2731 [] __generic_file_write_iter+0x348/0x570 mm/filemap.c:2866 [] generic_file_write_iter+0x2d5/0x600 mm/filemap.c:2894 [] new_sync_write fs/read_write.c:499 [inline] [] __vfs_write+0x4bf/0x680 fs/read_write.c:512 [] vfs_write+0x189/0x530 fs/read_write.c:560 [] SYSC_write fs/read_write.c:607 [inline] [] SyS_write+0xd9/0x1b0 fs/read_write.c:599 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 11014 Comm: syz-executor2 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d4fdf4e0 ffffffff81d906e9 ffff8801d4fdf7c0 0000000000000000 ffff8801c6c4cb90 ffff8801d4fdf6b0 ffff8801c6c4ca80 ffff8801d4fdf6d8 ffffffff8165e307 ffff8801d6c7b080 ffff8801d4fdf630 00000001d6f05067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] generic_perform_write+0x1dc/0x500 mm/filemap.c:2731 [] __generic_file_write_iter+0x348/0x570 mm/filemap.c:2866 [] generic_file_write_iter+0x2d5/0x600 mm/filemap.c:2894 [] new_sync_write fs/read_write.c:499 [inline] [] __vfs_write+0x4bf/0x680 fs/read_write.c:512 [] vfs_write+0x189/0x530 fs/read_write.c:560 [] SYSC_write fs/read_write.c:607 [inline] [] SyS_write+0xd9/0x1b0 fs/read_write.c:599 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: 11126:11138 BC_FREE_BUFFER u0000000000000000 no match device gre0 entered promiscuous mode binder: 11126:11150 BC_FREE_BUFFER u0000000000000000 no match device gre0 entered promiscuous mode binder: 11184 RLIMIT_NICE not set binder_alloc: 11183: binder_alloc_buf, no vma binder: 11183:11184 transaction failed 29189/-3, size 0-0 line 3130 binder: BINDER_SET_CONTEXT_MGR already set binder: 11183:11194 ioctl 40046207 0 returned -16 binder_alloc: 11183: binder_alloc_buf, no vma binder: 11183:11194 transaction failed 29189/-3, size 0-0 line 3130 binder_alloc: 11183: binder_alloc_buf, no vma binder: 11183:11184 transaction failed 29189/-3, size 0-0 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 11183:11184 transaction 110 out, still active IPVS: Creating netns size=2536 id=14 binder: undelivered TRANSACTION_COMPLETE binder: release 11183:11184 transaction 110 in, still active binder: send failed reply for transaction 110, target dead binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: 11257:11258 not enough space to store 7 fds in buffer binder: 11257:11258 transaction failed 29201/-22, size 72-24 line 3272 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pig=11266 comm=syz-executor0 binder: BINDER_SET_CONTEXT_MGR already set binder: 11257:11281 ioctl 40046207 0 returned -16 binder_alloc: 11257: binder_alloc_buf, no vma binder: 11257:11258 transaction failed 29189/-3, size 72-24 line 3130 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pig=11273 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=11273 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pig=11291 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pig=11273 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=11291 comm=syz-executor0 device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads device gre0 entered promiscuous mode nla_parse: 21 callbacks suppressed netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. IPv6: Can't replace route, no match found netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. IPv6: Can't replace route, no match found netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. loop_reread_partitions: partition scan of loop0 (2°]€fI¸Òæ¶Ì”B±!S,›ùDÏ') failed (rc=-13) SELinux: unrecognized netlink message: protocol=6 nlmsg_type=3131 sclass=netlink_xfrm_socket pig=11625 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=3131 sclass=netlink_xfrm_socket pig=11625 comm=syz-executor0 loop_reread_partitions: partition scan of loop0 () failed (rc=-13) netlink: 11 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'. @: renamed from syz2 tc_dump_action: action bad kind tc_dump_action: action bad kind PF_BRIDGE: RTM_SETLINK with unknown ifindex PF_BRIDGE: RTM_SETLINK with unknown ifindex binder: 11998:11999 BC_FREE_BUFFER u0000000000000000 no match binder_alloc: 11998: binder_alloc_buf, no vma binder: 11998:11999 transaction failed 29189/-3, size 72-8 line 3130 binder: BINDER_SET_CONTEXT_MGR already set binder: 11998:11999 ioctl 40046207 0 returned -16 binder: 11998:12011 BC_FREE_BUFFER u0000000000000000 no match binder_alloc: 11998: binder_alloc_buf, no vma binder: 11998:12011 transaction failed 29189/-3, size 72-8 line 3130 @: renamed from syz3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12096 comm=syz-executor5 binder: 12097:12101 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 12097:12101 BC_INCREFS_DONE u000000002011a000 no match binder: 12097:12101 got transaction with invalid parent offset or type binder: 12097:12101 transaction failed 29201/-22, size 32-24 line 3253 binder: 12097:12101 got transaction with unaligned buffers size, 58534 binder: 12097:12101 transaction failed 29201/-22, size 0-40 line 3175 binder_alloc: binder_alloc_mmap_handler: 12097 2011a000-2051a000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 12097:12108 ioctl 40046207 0 returned -16 binder: 12097:12101 ioctl c0306201 2000f000 returned -14 binder_alloc: 12097: binder_alloc_buf, no vma binder: 12097:12108 transaction failed 29189/-3, size 0-40 line 3130 binder: undelivered TRANSACTION_ERROR: 29201 device gre0 entered promiscuous mode syz-executor7: vmalloc: allocation failure: 17179082768 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 1 PID: 12131 Comm: syz-executor7 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a3fdf880 ffffffff81d906e9 1ffff100347fbf13 ffff8801c7246000 ffffffff83ab7dc0 0000000000000001 0000000000400000 ffff8801a3fdf990 ffffffff8144ea02 024000c2ec07aee8 0000000041b58ab3 ffffffff841913b5 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3063 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x2da/0x1cd0 net/ipv4/netfilter/arp_tables.c:549 [] do_replace net/ipv4/netfilter/arp_tables.c:986 [inline] [] do_arpt_set_ctl+0x2b7/0x650 net/ipv4/netfilter/arp_tables.c:1465 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1248 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:103252 inactive_anon:38 isolated_anon:0 active_file:3678 inactive_file:6886 isolated_file:0 unevictable:0 dirty:2 writeback:0 unstable:0 slab_reclaimable:4514 slab_unreclaimable:15037 mapped:22768 shmem:47 pagetables:829 bounce:0 free:1475273 free_pcp:361 free_cma:0 Node 0 active_anon:413008kB inactive_anon:152kB active_file:14712kB inactive_file:27544kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91072kB dirty:8kB writeback:0kB shmem:188kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 8192kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB DMA32 free:2981148kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:696kB local_pcp:648kB free_cma:0kB Normal free:2904036kB min:36816kB low:46020kB high:55224kB active_anon:413008kB inactive_anon:152kB active_file:14712kB inactive_file:27544kB unevictable:0kB writepending:72kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:18056kB slab_unreclaimable:60148kB kernel_stack:6080kB pagetables:3316kB bounce:0kB free_pcp:748kB local_pcp:416kB free_cma:0kB DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 10610 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved device lo left promiscuous mode device lo entered promiscuous mode qtaguid: iface_stat: create(lo): no inet dev qtaguid: iface_stat: create6(lo): no inet dev IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev device lo left promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pig=12310 comm=syz-executor6 : renamed from syz3 IPVS: set_ctl: invalid protocol: 31912 1.136.255.255:25979 F binder: 12582:12584 ioctl 8924 20002000 returned -22 devpts: called with bogus options devpts: called with bogus options IPVS: Creating netns size=2536 id=15 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode