vmalloc: allocation failure: 17179869180 bytes BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor2/5590 syz-executor4: page allocation failure: order:0, mode:0x24000c2 CPU: 0 PID: 5592 Comm: syz-executor4 Not tainted 4.4.119-g855ea74 #27 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 75b1d1364ed8e749 ffff8800a9247880 ffffffff81d0402d 1ffff10015248f13 ffff8801c7156000 00000000024000c2 0000000000000000 0000000000000001 ffff8800a9247990 ffffffff81431019 ffffffff838ac620 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] warn_alloc_failed+0x1d9/0x240 mm/page_alloc.c:2757 [] __vmalloc_node_range+0x41d/0x630 mm/vmalloc.c:1692 [] __vmalloc_node mm/vmalloc.c:1715 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1729 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1744 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:725 [] translate_table+0x21a/0x1eb0 net/ipv4/netfilter/ip_tables.c:820 [] ? 0xffffffff810002b8 [] do_replace net/ipv4/netfilter/ip_tables.c:1294 [inline] [] do_ipt_set_ctl+0x2a3/0x450 net/ipv4/netfilter/ip_tables.c:1857 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0x97/0xa0 net/ipv4/ip_sockglue.c:1225 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2641 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2659 [] SYSC_setsockopt net/socket.c:1767 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1746 [] entry_SYSCALL_64_fastpath+0x1c/0x98 Mem-Info: active_anon:56977 inactive_anon:44 isolated_anon:0 active_file:3568 inactive_file:8394 isolated_file:0 unevictable:0 dirty:185 writeback:0 unstable:0 slab_reclaimable:5089 slab_unreclaimable:60049 mapped:24314 shmem:51 pagetables:675 bounce:0 free:1471423 free_pcp:416 free_cma:0 DMA free:15904kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15992kB managed:15904kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes lowmem_reserve[]: 0 2911 6411 6411 DMA32 free:2671836kB min:30608kB low:38260kB high:45912kB active_anon:97660kB inactive_anon:64kB active_file:6164kB inactive_file:11464kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3129292kB managed:2982732kB mlocked:0kB dirty:364kB writeback:0kB mapped:43988kB shmem:80kB slab_reclaimable:9880kB slab_unreclaimable:107888kB kernel_stack:2400kB pagetables:1124kB unstable:0kB bounce:0kB free_pcp:1168kB local_pcp:568kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 3500 3500 Normal free:3197952kB min:36808kB low:46008kB high:55212kB active_anon:130248kB inactive_anon:112kB active_file:8108kB inactive_file:22112kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3584660kB mlocked:0kB dirty:376kB writeback:0kB mapped:53268kB shmem:124kB slab_reclaimable:10476kB slab_unreclaimable:132308kB kernel_stack:3168kB pagetables:1576kB unstable:0kB bounce:0kB free_pcp:496kB local_pcp:156kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no lowmem_reserve[]: 0 0 0 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15904kB DMA32: 125*4kB (UME) 95*8kB (UME) 79*16kB (UM) 14*32kB (M) 10*64kB (UME) 7*128kB (UME) 5*256kB (ME) 7*512kB (UME) 10*1024kB (UM) 1*2048kB (M) 647*4096kB (M) = 2671772kB Normal: 720*4kB (UME) 240*8kB (UME) 150*16kB (UM) 37*32kB (UM) 16*64kB (UME) 10*128kB (UME) 10*256kB (ME) 8*512kB (ME) 6*1024kB (ME) 2*2048kB (ME) 774*4096kB (UM) = 3197888kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 12012 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965969 pages RAM 0 pages HighMem/MovableOnly 320145 pages reserved capability: warning: `syz-executor3' uses 32-bit capabilities (legacy support in use) mmap: syz-executor7 (5609) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. binder: 5639:5644 unknown command 1668068900 binder: 5639:5644 ioctl c0306201 20a20000 returned -22 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 1 PID: 5590 Comm: syz-executor2 Not tainted 4.4.119-g855ea74 #27 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 4950c004c41bfc3c ffff8800a90bf480 ffffffff81d0402d 0000000000000001 ffffffff839fe5a0 ffffffff83d0be20 ffff8800a90c8000 0000000000000003 ffff8800a90bf4c0 ffffffff81d63f84 ffff8800a90bf4d8 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x980 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2058 [] xfrm_state_construct net/xfrm/xfrm_user.c:590 [inline] [] xfrm_add_sa+0x1916/0x2e40 net/xfrm/xfrm_user.c:636 [] xfrm_user_rcv_msg+0x41c/0x6b0 net/xfrm/xfrm_user.c:2549 [] netlink_rcv_skb+0x13e/0x370 net/netlink/af_netlink.c:2349 [] xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2557 [] netlink_unicast_kernel net/netlink/af_netlink.c:1267 [inline] [] netlink_unicast+0x522/0x760 net/netlink/af_netlink.c:1293 [] netlink_sendmsg+0x8e8/0xc50 net/netlink/af_netlink.c:1847 [] sock_sendmsg_nosec net/socket.c:625 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:635 [] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962 [] __sys_sendmsg+0xd3/0x190 net/socket.c:1996 [] SYSC_sendmsg net/socket.c:2007 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2003 [] entry_SYSCALL_64_fastpath+0x1c/0x98 audit: type=1400 audit(1520063653.657:9): avc: denied { setopt } for pid=5662 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1520063653.697:10): avc: denied { getopt } for pid=5662 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket keychord: keycode 5120 out of range keychord: Insufficient bytes present for keycount 1765 keychord: keycode 5120 out of range keychord: Insufficient bytes present for keycount 1765 netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. audit: type=1400 audit(1520063654.437:11): avc: denied { accept } for pid=5800 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. audit: type=1400 audit(1520063654.517:12): avc: denied { attach_queue } for pid=5814 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=tun_socket permissive=1 capability: warning: `syz-executor1' uses deprecated v2 capabilities in a way that may be insecure SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket syz-executor5 uses obsolete (PF_INET,SOCK_PACKET) audit: type=1400 audit(1520063656.067:13): avc: denied { create } for pid=6160 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1520063656.277:14): avc: denied { call } for pid=6244 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder_alloc: 6244: binder_alloc_buf, no vma binder: 6244:6253 transaction failed 29189/-3, size 0--2569022112438157312 line 3128 binder_alloc: 6244: binder_alloc_buf, no vma binder: BINDER_SET_CONTEXT_MGR already set binder: 6244:6259 transaction failed 29189/-3, size 0--2569022112438157312 line 3128 binder: 6244:6253 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. binder: send failed reply for transaction 6 to 6412:6430 binder: 6412:6416 ioctl c0306201 20007fd0 returned -14 binder: BINDER_SET_CONTEXT_MGR already set binder: 6412:6430 ioctl 40046207 0 returned -16 binder: 6412:6416 ioctl c0306201 20007fd0 returned -14 binder_alloc: 6412: binder_alloc_buf, no vma binder: 6412:6416 transaction failed 29189/-3, size 0-0 line 3128 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 IPVS: set_ctl: invalid protocol: 13703 39.52.93.236:60696 Ɓtpm`x/.HݼބDBC+zq audit: type=1400 audit(1520063657.347:15): avc: denied { create } for pid=6483 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 IPVS: set_ctl: invalid protocol: 13703 39.52.93.236:60696 Ɓtpm`x/.HݼބDBC+s'O audit: type=1400 audit(1520063657.647:16): avc: denied { transfer } for pid=6560 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 6560:6568 ioctl 40046207 0 returned -16 binder_alloc: 6560: binder_alloc_buf, no vma binder: 6560:6574 transaction failed 29189/-3, size 40-8 line 3128 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 6560:6568 transaction 9 out, still active binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 9, target dead binder: 6652:6655 ioctl c0306201 20004000 returned -14 binder_alloc: binder_alloc_mmap_handler: 6652 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 6652:6655 ioctl 40046207 0 returned -16 binder_alloc: 6652: binder_alloc_buf, no vma binder: 6652:6655 transaction failed 29189/-3, size 0-0 line 3128 binder: release 6652:6655 transaction 14 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 14, target dead binder: undelivered TRANSACTION_ERROR: 29189 binder: 6697:6720 ioctl c0306201 20004000 returned -14 binder_alloc: binder_alloc_mmap_handler: 6697 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 6697:6720 ioctl 40046207 0 returned -16 binder_alloc: 6697: binder_alloc_buf, no vma binder: 6697:6720 transaction failed 29189/-3, size 0-0 line 3128 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 6697:6709 transaction 17 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 17, target dead tc_dump_action: action bad kind audit: type=1400 audit(1520063660.177:17): avc: denied { write } for pid=7003 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 binder: 7059:7062 BC_REQUEST_DEATH_NOTIFICATION death notification already set binder: BINDER_SET_CONTEXT_MGR already set binder: 7059:7062 ioctl 40046207 0 returned -16 binder: 7059:7079 BC_REQUEST_DEATH_NOTIFICATION death notification already set binder: 7059:7062 BC_REQUEST_DEATH_NOTIFICATION death notification already set SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket syz-executor6 (7376): /proc/7372/oom_adj is deprecated, please use /proc/7372/oom_score_adj instead. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket SELinux: Invalid class 86 SELinux: Invalid class 86 SELinux: Invalid class 86 SELinux: policydb string length -462615800 does not match expected length 8 SELinux: policydb string length -462615800 does not match expected length 8 vmalloc: allocation failure: 0 bytes syz-executor6: page allocation failure: order:0, mode:0x24000c2 CPU: 1 PID: 7667 Comm: syz-executor6 Not tainted 4.4.119-g855ea74 #27 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 070f611907244dea ffff8800b54e7938 ffffffff81d0402d 1ffff10016a9cf2a ffff8801d4681800 00000000024000c2 0000000000000000 0000000000000001 ffff8800b54e7a48 ffffffff81431019 ffffffff838ac620 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] warn_alloc_failed+0x1d9/0x240 mm/page_alloc.c:2757 [] __vmalloc_node_range+0x41d/0x630 mm/vmalloc.c:1692 [] __vmalloc_node mm/vmalloc.c:1715 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1729 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1744 [] sel_write_load+0x130/0xff0 security/selinux/selinuxfs.c:527 [] __vfs_write+0x103/0x450 fs/read_write.c:489 [] vfs_write+0x18a/0x530 fs/read_write.c:538 [] SYSC_write fs/read_write.c:585 [inline] [] SyS_write+0xd9/0x1b0 fs/read_write.c:577 [] entry_SYSCALL_64_fastpath+0x1c/0x98 Mem-Info: active_anon:54436 inactive_anon:43 isolated_anon:0 active_file:3624 inactive_file:8381 isolated_file:0 unevictable:0 dirty:104 writeback:0 unstable:0 slab_reclaimable:6164 slab_unreclaimable:58689 mapped:24286 shmem:50 pagetables:649 bounce:0 free:1474198 free_pcp:614 free_cma:0 DMA free:15904kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15992kB managed:15904kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes lowmem_reserve[]: 0 2911 6411 6411