syz-executor.5: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) ============================= WARNING: suspicious RCU usage 4.14.139 #35 Not tainted syz-executor.5 cpuset=syz5 mems_allowed=0-1 ----------------------------- xt_AUDIT: Audit type out of range (valid range: 0..2) net/tipc/bearer.c:177 suspicious rcu_dereference_protected() usage! other info that might help us debug this: CPU: 0 PID: 8665 Comm: syz-executor.5 Not tainted 4.14.139 #35 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 xt_AUDIT: Audit type out of range (valid range: 0..2) Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x138/0x19c lib/dump_stack.c:53 warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3248 rcu_scheduler_active = 2, debug_locks = 1 __vmalloc_node_range mm/vmalloc.c:1786 [inline] __vmalloc_node_range+0x3c3/0x6a0 mm/vmalloc.c:1746 2 locks held by syz-executor.2/8681: __vmalloc_node mm/vmalloc.c:1815 [inline] __vmalloc_node_flags mm/vmalloc.c:1829 [inline] vmalloc+0x46/0x50 mm/vmalloc.c:1851 sel_write_load+0x1a0/0x1050 security/selinux/selinuxfs.c:495 #0: __vfs_write+0x105/0x6b0 fs/read_write.c:480 ( vfs_write+0x198/0x500 fs/read_write.c:544 SYSC_write fs/read_write.c:590 [inline] SyS_write+0xfd/0x230 fs/read_write.c:582 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 cb_lock entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x459879 RSP: 002b:00007f64c4a80c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f64c4a816d4 R13: 00000000004c9b08 R14: 00000000004e1248 R15: 00000000ffffffff Mem-Info: ){++++} active_anon:155156 inactive_anon:186 isolated_anon:0 active_file:8217 inactive_file:10952 isolated_file:0 unevictable:0 dirty:479 writeback:0 unstable:0 slab_reclaimable:12741 slab_unreclaimable:108786 mapped:59092 shmem:244 pagetables:2180 bounce:0 free:1235577 free_pcp:236 free_cma:0 , at: [] genl_rcv+0x1a/0x40 net/netlink/genetlink.c:635 Node 0 active_anon:620616kB inactive_anon:744kB active_file:32732kB inactive_file:43808kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:236368kB dirty:1916kB writeback:0kB shmem:976kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 258048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 1 active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no #1: Node 0 DMA free:15908kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB ( lowmem_reserve[]: genl_mutex 0 ){+.+.} 2580 , at: [] genl_lock net/netlink/genetlink.c:33 [inline] , at: [] genl_rcv_msg+0x119/0x150 net/netlink/genetlink.c:623 stack backtrace: CPU: 1 PID: 8681 Comm: syz-executor.2 Not tainted 4.14.139 #35 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x138/0x19c lib/dump_stack.c:53 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:4662 tipc_bearer_find+0x20a/0x300 net/tipc/bearer.c:177 tipc_nl_compat_link_set+0x433/0xbf0 net/tipc/netlink_compat.c:797 __tipc_nl_compat_doit net/tipc/netlink_compat.c:306 [inline] tipc_nl_compat_doit+0x1a2/0x550 net/tipc/netlink_compat.c:354 tipc_nl_compat_handle net/tipc/netlink_compat.c:1198 [inline] tipc_nl_compat_recv+0x9ec/0xb20 net/tipc/netlink_compat.c:1280 genl_family_rcv_msg+0x614/0xc30 net/netlink/genetlink.c:600 genl_rcv_msg+0xb4/0x150 net/netlink/genetlink.c:625 netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432 genl_rcv+0x29/0x40 net/netlink/genetlink.c:636 netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline] netlink_unicast+0x45d/0x640 net/netlink/af_netlink.c:1312 netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xce/0x110 net/socket.c:656 ___sys_sendmsg+0x70a/0x840 net/socket.c:2062 __sys_sendmsg+0xb9/0x140 net/socket.c:2096 SYSC_sendmsg net/socket.c:2107 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2103 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x459879 RSP: 002b:00007f7f3a0bbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f3a0bc6d4 R13: 00000000004c74b0 R14: 00000000004dcbf8 R15: 00000000ffffffff 2580 2580 Node 0 DMA32 free:1145808kB min:36468kB low:45584kB high:54700kB active_anon:616368kB inactive_anon:744kB active_file:32828kB inactive_file:43796kB unevictable:0kB writepending:2004kB present:3129332kB managed:2644892kB mlocked:0kB kernel_stack:8448kB pagetables:8528kB bounce:0kB free_pcp:1332kB local_pcp:616kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 1 Normal free:3785680kB min:53420kB low:66772kB high:80124kB active_anon:0kB inactive_anon:0kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870208kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 7885*4kB (UME) 77*8kB (UM) 25*16kB (UME) 71*32kB (UME) 44*64kB (UME) 39*128kB (UME) 30*256kB (UM) 126*512kB (UM) 61*1024kB (UM) 29*2048kB (UME) 222*4096kB (UM) = 1145996kB Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB Node 1 Normal: 48*4kB (UME) 314*8kB (UME) 264*16kB (UM) 66*32kB (UME) 16*64kB (UM) 13*128kB (U) 6*256kB (UME) 2*512kB (UE) 3*1024kB (UME) 4*2048kB (ME) 918*4096kB (M) = 3785680kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 19433 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 333227 pages reserved 0 pages cma reserved xt_AUDIT: Audit type out of range (valid range: 0..2) xt_AUDIT: Audit type out of range (valid range: 0..2) audit: type=1400 audit(1566598323.486:72): avc: denied { name_bind } for pid=8756 comm="syz-executor.1" src=20003 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 device bond0 entered promiscuous mode device bond_slave_0 entered promiscuous mode device bond_slave_1 entered promiscuous mode xt_AUDIT: Audit type out of range (valid range: 0..2) device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode device bond0 left promiscuous mode device bond_slave_0 left promiscuous mode device bond_slave_1 left promiscuous mode device bond0 entered promiscuous mode device bond_slave_0 entered promiscuous mode device bond_slave_1 entered promiscuous mode device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode device bond0 left promiscuous mode device bond_slave_0 left promiscuous mode device bond_slave_1 left promiscuous mode IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 audit: type=1804 audit(1566598326.306:73): pid=8939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="file0" dev="sda1" ino=16894 res=1 audit: type=1804 audit(1566598326.356:74): pid=8939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="file0" dev="sda1" ino=16894 res=1 audit: type=1401 audit(1566598327.156:75): op=setxattr invalid_context=7371222223A6F02812ACBF6A65968925208E637401000000000000005F6465761770F276C80DDB073378FCBB4CB08D95C85366F25378F45838FB597384022E7E0F1B2BBDD572BB80A0FFD98EE46625838EDAB9F0919F4A9657899B0E3405AA5BE2F6B06D867E256F0A8295F70D8EB081982FAC3FDC3ABA90BDC562D6ADD6DF9CDAF8C46EF04C8836D489D817ECF4FA7C3C205B74BB2F459A946F2EB6EB608049C9273F5B6176CEBDBE0F4E7E04479ED54FE607E328667F4B62B211741DA30400000076CEBF8EF88AE8F39D2D5443846541E7E161B8CFF32839BD6B58B74EC48EB5A9F375730EE3383C44CE35FB000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 SELinux: Context sq""#¦ð(¬¿je–‰% Žct is not valid (left unmapped). openvswitch: netlink: Flow actions attr not present in new flow. openvswitch: netlink: Flow actions attr not present in new flow. audit: type=1400 audit(1566598327.176:76): avc: denied { mac_admin } for pid=8979 comm="syz-executor.0" capability=33 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. audit: type=1400 audit(1566598327.546:77): avc: denied { relabelto } for pid=8979 comm="syz-executor.0" name="UDP-Lite" dev="sockfs" ino=32909 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=rawip_socket permissive=1 audit: type=1400 audit(1566598327.656:78): avc: denied { setattr } for pid=9019 comm="syz-executor.0" name="NETLINK" dev="sockfs" ino=32767 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1566598328.376:79): avc: denied { getopt } for pid=9052 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 syz-executor.2 uses obsolete (PF_INET,SOCK_PACKET) 9pnet: Insufficient options for proto=fd team0: Device ip6tnl0 is of different type 9pnet: Insufficient options for proto=fd sctp: [Deprecated]: syz-executor.1 (pid 9162) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor.1 (pid 9162) Use of int in max_burst socket option. Use struct sctp_assoc_value instead