syz-executor7: vmalloc: allocation failure: 15157949456 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 5125 Comm: syz-executor7 Not tainted 4.9.80-g550c01d #29 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801b511f880[ 34.870285] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor3/5166 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 ffffffff81d94b69 1ffff10036a23f13 ffff8801bc5ab000 ffffffff83ab8ea0 0000000000000001 0000000000400000 ffff8801b511f990 ffffffff81451ca2 024000c200000003 0000000041b58ab3 ffffffff84195215 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3056 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x2da/0x1cd0 net/ipv4/netfilter/arp_tables.c:549 [] ? 0xffffffff810002b8 [] do_replace net/ipv4/netfilter/arp_tables.c:986 [inline] [] do_arpt_set_ctl+0x2b7/0x650 net/ipv4/netfilter/arp_tables.c:1465 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1248 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2740 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1772 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1751 [] entry_SYSCALL_64_fastpath+0x29/0xe8 CPU: 1 PID: 5166 Comm: syz-executor3 Not tainted 4.9.80-g550c01d #29 Mem-Info: active_anon:53980 inactive_anon:45 isolated_anon:0 active_file:3471 inactive_file:8264 isolated_file:0 unevictable:0 dirty:122 writeback:0 unstable:0 slab_reclaimable:5348 slab_unreclaimable:59760 mapped:24009 shmem:52 pagetables:708 bounce:0 free:1476019 free_pcp:432 free_cma:0 Node 0 active_anon:215920kB inactive_anon:180kB active_file:13884kB inactive_file:33056kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:96036kB dirty:488kB writeback:0kB shmem:208kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 55296kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB DMA32 free:2980084kB min:30592kB low:38240kB high:45888kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2980720kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:636kB local_pcp:636kB free_cma:0kB Normal free:2908084kB min:36824kB low:46028kB high:55232kB active_anon:215920kB inactive_anon:180kB active_file:13884kB inactive_file:33056kB unevictable:0kB writepending:488kB present:4718592kB managed:3585212kB mlocked:0kB slab_reclaimable:21392kB slab_unreclaimable:239040kB kernel_stack:5696kB pagetables:2832kB bounce:0kB free_pcp:1092kB local_pcp:444kB free_cma:0kB DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11786 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965969 pages RAM 0 pages HighMem/MovableOnly 320509 pages reserved Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801b6adf490 ffffffff81d94b69 0000000000000001 ffffffff83c18800 ffffffff83f454c0 ffff8801b8178000 0000000000000003 ffff8801b6adf4d0 ffffffff81dfc144 ffff8801b6adf4e8 ffffffff83f454c0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_state_construct net/xfrm/xfrm_user.c:590 [inline] [] xfrm_add_sa+0x1916/0x2e40 net/xfrm/xfrm_user.c:639 [] xfrm_user_rcv_msg+0x413/0x6a0 net/xfrm/xfrm_user.c:2525 [] netlink_rcv_skb+0x13e/0x370 net/netlink/af_netlink.c:2351 [] xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2533 [] netlink_unicast_kernel net/netlink/af_netlink.c:1275 [inline] [] netlink_unicast+0x511/0x750 net/netlink/af_netlink.c:1301 [] netlink_sendmsg+0x8e8/0xc50 net/netlink/af_netlink.c:1847 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1969 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2003 [] SYSC_sendmsg net/socket.c:2014 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2010 [] entry_SYSCALL_64_fastpath+0x29/0xe8 ALSA: seq fatal error: cannot create timer (-16) syz-executor5 uses obsolete (PF_INET,SOCK_PACKET) device lo entered promiscuous mode device lo left promiscuous mode audit: type=1400 audit(1517969341.854:10): avc: denied { setgid } for pid=5206 comm="syz-executor4" capability=6 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode audit: type=1400 audit(1517969342.214:11): avc: denied { set_context_mgr } for pid=5302 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 binder_alloc: binder_alloc_mmap_handler: 5302 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 5302:5341 ioctl 40046207 0 returned -16 audit: type=1400 audit(1517969342.364:12): avc: denied { dyntransition } for pid=5362 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0 tclass=process permissive=1 audit: type=1400 audit(1517969342.424:13): avc: denied { setpcap } for pid=5388 comm="syz-executor2" capability=8 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. binder_alloc: 5486: binder_alloc_buf failed to map page at 20000000 in userspace binder: 5486:5488 transaction failed 29201/-12, size 0-0 line 3127 binder: BINDER_SET_CONTEXT_MGR already set binder: 5486:5498 ioctl 40046207 0 returned -16 binder_alloc: 5486: binder_alloc_buf, no vma binder: 5486:5498 transaction failed 29189/-3, size 0-0 line 3127 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 IPv4: Oversized IP packet from 172.20.4.16 audit_printk_skb: 6 callbacks suppressed audit: type=1400 audit(1517969343.194:16): avc: denied { create } for pid=5559 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1517969343.204:17): avc: denied { dac_override } for pid=3879 comm="syz-executor1" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969343.204:18): avc: denied { net_admin } for pid=3879 comm="syz-executor1" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969343.214:19): avc: denied { net_raw } for pid=5538 comm="syz-executor4" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969343.314:20): avc: denied { net_admin } for pid=3887 comm="syz-executor3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969343.314:21): avc: denied { dac_override } for pid=5584 comm="syz-executor5" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969343.324:22): avc: denied { net_admin } for pid=3877 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969343.324:23): avc: denied { net_admin } for pid=3885 comm="syz-executor6" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969343.324:24): avc: denied { dac_override } for pid=5584 comm="syz-executor5" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969343.334:26): avc: denied { net_admin } for pid=3886 comm="syz-executor4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 SELinux: policydb magic number 0xafc8fe25 does not match expected magic number 0xf97cff8c SELinux: policydb magic number 0xafc8fe25 does not match expected magic number 0xf97cff8c mmap: syz-executor6 (5785) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. binder: 5859:5879 got new transaction with bad transaction stack, transaction 7 has target 5859:5866 binder: 5859:5879 transaction failed 29201/-71, size 0-0 line 3031 syz-executor1 (5884) used greatest stack depth: 22688 bytes left binder: BINDER_SET_CONTEXT_MGR already set binder: 5859:5895 ioctl 40046207 0 returned -16 binder_alloc: 5859: binder_alloc_buf, no vma binder: 5859:5896 transaction failed 29189/-3, size 0-0 line 3127 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 5859:5866 transaction 7 in, still active binder: send failed reply for transaction 7 to 5859:5879 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_ERROR: 29189 sg_write: data in/out 36090/443 bytes for SCSI command 0x67-- guessing data in; program syz-executor2 not setting count and/or reply_len properly binder: 5950:5958 BC_FREE_BUFFER u0000000020000000 matched unreturned buffer binder_alloc: 5950:5976 FREE_BUFFER u0000000020000000 user freed buffer twice binder: 5950:5976 BC_FREE_BUFFER u0000000020000000 no match binder: BINDER_SET_CONTEXT_MGR already set binder: 5950:5985 ioctl 40046207 0 returned -16 binder_alloc: 5950: binder_alloc_buf, no vma binder: 5950:5985 transaction failed 29189/-3, size 0-0 line 3127 binder: 5950:5976 BC_FREE_BUFFER u0000000020000000 no match binder: undelivered TRANSACTION_ERROR: 29189 binder: release 5950:5958 transaction 11 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 11, target dead TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. audit_printk_skb: 2303 callbacks suppressed audit: type=1400 audit(1517969348.204:793): avc: denied { net_admin } for pid=3877 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969348.214:794): avc: denied { net_admin } for pid=6353 comm="syz-executor3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969348.224:795): avc: denied { net_admin } for pid=3885 comm="syz-executor6" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969348.234:796): avc: denied { net_admin } for pid=3870 comm="syz-executor5" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969348.244:797): avc: denied { net_admin } for pid=3883 comm="syz-executor2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969348.244:798): avc: denied { net_admin } for pid=3883 comm="syz-executor2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969348.244:799): avc: denied { net_admin } for pid=3883 comm="syz-executor2" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969348.244:800): avc: denied { net_admin } for pid=3872 comm="syz-executor7" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969348.244:801): avc: denied { net_admin } for pid=3872 comm="syz-executor7" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1517969348.254:802): avc: denied { net_admin } for pid=6353 comm="syz-executor3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 device lo entered promiscuous mode device lo left promiscuous mode TCP: request_sock_TCPv6: Possible SYN flooding on port 20006. Sending cookies. Check SNMP counters. device lo entered promiscuous mode device lo left promiscuous mode 9pnet_virtio: no channels available for device H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H H netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. PF_BRIDGE: RTM_NEWNEIGH with invalid address