====================================================== WARNING: possible circular locking dependency detected 4.15.0+ #221 Not tainted ------------------------------------------------------ syz-executor3/5195 is trying to acquire lock: (sk_lock-AF_INET){+.+.}, at: [<000000004db705b5>] lock_sock include/net/sock.h:1463 [inline] (sk_lock-AF_INET){+.+.}, at: [<000000004db705b5>] do_ip_setsockopt.isra.12+0x1d9/0x3210 net/ipv4/ip_sockglue.c:646 but task is already holding lock: (rtnl_mutex){+.+.}, at: [<000000009510f10a>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (rtnl_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 unregister_netdevice_notifier+0x91/0x4e0 net/core/dev.c:1673 clusterip_config_entry_put net/ipv4/netfilter/ipt_CLUSTERIP.c:114 [inline] clusterip_tg_destroy+0x389/0x6e0 net/ipv4/netfilter/ipt_CLUSTERIP.c:518 cleanup_entry+0x218/0x350 net/ipv4/netfilter/ip_tables.c:654 __do_replace+0x79d/0xa50 net/ipv4/netfilter/ip_tables.c:1089 do_replace net/ipv4/netfilter/ip_tables.c:1145 [inline] do_ipt_set_ctl+0x40f/0x5f0 net/ipv4/netfilter/ip_tables.c:1675 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115 ip_setsockopt+0x97/0xa0 net/ipv4/ip_sockglue.c:1259 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2905 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 -> #1 (&xt[i].mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1041 xt_request_find_table_lock+0x28/0xc0 net/netfilter/x_tables.c:1088 get_info+0x154/0x690 net/ipv6/netfilter/ip6_tables.c:989 do_ipt_get_ctl+0x159/0xac0 net/ipv4/netfilter/ip_tables.c:1699 nf_sockopt net/netfilter/nf_sockopt.c:104 [inline] nf_getsockopt+0x6a/0xc0 net/netfilter/nf_sockopt.c:122 ip_getsockopt+0x15c/0x220 net/ipv4/ip_sockglue.c:1571 tcp_getsockopt+0x82/0xd0 net/ipv4/tcp.c:3359 sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2934 SYSC_getsockopt net/socket.c:1880 [inline] SyS_getsockopt+0x178/0x340 net/socket.c:1862 entry_SYSCALL_64_fastpath+0x29/0xa0 -> #0 (sk_lock-AF_INET){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920 lock_sock_nested+0xc2/0x110 net/core/sock.c:2777 lock_sock include/net/sock.h:1463 [inline] do_ip_setsockopt.isra.12+0x1d9/0x3210 net/ipv4/ip_sockglue.c:646 ip_setsockopt+0x3a/0xa0 net/ipv4/ip_sockglue.c:1252 sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4104 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 other info that might help us debug this: Chain exists of: sk_lock-AF_INET --> &xt[i].mutex --> rtnl_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(rtnl_mutex); lock(&xt[i].mutex); lock(rtnl_mutex); lock(sk_lock-AF_INET); *** DEADLOCK *** 1 lock held by syz-executor3/5195: #0: (rtnl_mutex){+.+.}, at: [<000000009510f10a>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 stack backtrace: CPU: 1 PID: 5195 Comm: syz-executor3 Not tainted 4.15.0+ #221 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug.isra.38+0x2cd/0x2dc kernel/locking/lockdep.c:1223 check_prev_add kernel/locking/lockdep.c:1863 [inline] check_prevs_add kernel/locking/lockdep.c:1976 [inline] validate_chain kernel/locking/lockdep.c:2417 [inline] __lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3431 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920 lock_sock_nested+0xc2/0x110 net/core/sock.c:2777 lock_sock include/net/sock.h:1463 [inline] do_ip_setsockopt.isra.12+0x1d9/0x3210 net/ipv4/ip_sockglue.c:646 ip_setsockopt+0x3a/0xa0 net/ipv4/ip_sockglue.c:1252 sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4104 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007fc0b8958c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007fc0b8959700 RCX: 0000000000453299 RDX: 000000000000002d RSI: 0000000000000000 RDI: 0000000000000013 RBP: 0000000000000000 R08: 0000000000000090 R09: 0000000000000000 R10: 0000000020468000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a2f33f R14: 00007fc0b89599c0 R15: 0000000000000000 audit: type=1400 audit(1517933496.969:14): avc: denied { prog_load } for pid=5215 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1517933497.253:15): avc: denied { create } for pid=5308 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1517933497.322:16): avc: denied { name_bind } for pid=5319 comm="syz-executor6" src=20024 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 audit: type=1400 audit(1517933497.322:17): avc: denied { node_bind } for pid=5319 comm="syz-executor6" saddr=::1 src=20024 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 audit: type=1400 audit(1517933497.324:18): avc: denied { name_connect } for pid=5319 comm="syz-executor6" dest=20024 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 mip6: mip6_destopt_init_state: state's mode is not 2: 0 audit: type=1400 audit(1517933497.433:19): avc: denied { write } for pid=5349 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1517933497.434:20): avc: denied { getattr } for pid=5349 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 mip6: mip6_destopt_init_state: state's mode is not 2: 0 audit: type=1400 audit(1517933497.658:21): avc: denied { map_create } for pid=5409 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 netlink: 'syz-executor2': attribute type 11 has an invalid length. IPv4: Oversized IP packet from 127.0.0.1 netlink: 'syz-executor2': attribute type 11 has an invalid length. IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 netlink: 'syz-executor5': attribute type 21 has an invalid length. netlink: 'syz-executor5': attribute type 2 has an invalid length. netlink: 'syz-executor2': attribute type 11 has an invalid length. oom_reaper: reaped process 5529 (syz-executor6), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB syz-executor6 invoked oom-killer: gfp_mask=0x14002c2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN), nodemask=(null), order=0, oom_score_adj=0 syz-executor6 cpuset=/ mems_allowed=0 CPU: 1 PID: 5522 Comm: syz-executor6 Not tainted 4.15.0+ #221 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 dump_header+0x28c/0xe1e mm/oom_kill.c:437 oom_kill_process+0x8b9/0x1550 mm/oom_kill.c:866 out_of_memory+0x86d/0x1220 mm/oom_kill.c:1080 __alloc_pages_may_oom mm/page_alloc.c:3402 [inline] __alloc_pages_slowpath+0x1d1b/0x2d00 mm/page_alloc.c:4103 __alloc_pages_nodemask+0x9fb/0xd80 mm/page_alloc.c:4259 alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2055 alloc_pages include/linux/gfp.h:492 [inline] __vmalloc_area_node mm/vmalloc.c:1699 [inline] __vmalloc_node_range+0x409/0x650 mm/vmalloc.c:1759 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826 kvmalloc_node+0x82/0xd0 mm/util.c:428 kvmalloc include/linux/mm.h:541 [inline] xt_alloc_table_info+0x63/0xe0 net/netfilter/x_tables.c:1011 do_replace net/ipv4/netfilter/ip_tables.c:1130 [inline] do_ipt_set_ctl+0x29b/0x5f0 net/ipv4/netfilter/ip_tables.c:1675 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115 ip_setsockopt+0x97/0xa0 net/ipv4/ip_sockglue.c:1259 sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4104 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007fec2e501c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007fec2e502700 RCX: 0000000000453299 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000013 RBP: 0000000000000000 R08: 00000000000002e8 R09: 0000000000000000 R10: 000000002000d000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a2f33f R14: 00007fec2e5029c0 R15: 0000000000000000 Mem-Info: active_anon:45958 inactive_anon:63 isolated_anon:0 active_file:32 inactive_file:0 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:6816 slab_unreclaimable:91715 mapped:16522 shmem:70 pagetables:612 bounce:0 free:15791 free_pcp:117 free_cma:0 Node 0 active_anon:183832kB inactive_anon:252kB active_file:128kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:66088kB dirty:0kB writeback:0kB shmem:280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 71680kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2868 6378 6378 Node 0 DMA32 free:29012kB min:30316kB low:37892kB high:45468kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2939956kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 3510 3510 Node 0 Normal free:18244kB min:37100kB low:46372kB high:55644kB active_anon:183832kB inactive_anon:252kB active_file:228kB inactive_file:116kB unevictable:0kB writepending:0kB present:4718592kB managed:3594332kB mlocked:0kB kernel_stack:3776kB pagetables:2448kB bounce:0kB free_pcp:468kB local_pcp:352kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 3*4kB (M) 1*8kB (M) 0*16kB 2*32kB (UM) 0*64kB 2*128kB (M) 4*256kB (UM) 2*512kB (M) 4*1024kB (UM) 1*2048kB (M) 5*4096kB (M) = 29012kB Node 0 Normal: 655*4kB (UME) 367*8kB (ME) 173*16kB (UME) 87*32kB (ME) 70*64kB (UME) 22*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18404kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 106 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965969 pages RAM 0 pages HighMem/MovableOnly 328420 pages reserved Unreclaimable slab info: Name Used Total pid_2 156KB 156KB hashtab_node 118KB 119KB ebitmap_node 1122KB 1122KB avtab_node 1012KB 1013KB TIPC 21KB 21KB RDS 7KB 7KB SCTPv6 60KB 60KB SCTP 25KB 25KB sctp_chunk 22KB 22KB sctp_bind_bucket 2KB 3KB tw_sock_DCCPv6 3KB 3KB request_sock_DCCPv6 3KB 3KB DCCPv6 43KB 43KB DCCP 33KB 33KB ccid2_hc_tx_sock 6KB 6KB ccid2_hc_rx_sock 0KB 3KB dccp_ackvec_record 1KB 3KB dccp_ackvec 7KB 7KB dccp_bind_bucket 2KB 4KB bridge_fdb_cache 6KB 7KB fib6_nodes 28KB 28KB ip6_dst_cache 397KB 397KB PINGv6 6KB 6KB RAWv6 104KB 104KB UDPv6 28KB 28KB TCPv6 22KB 22KB ashmem_area_cache 0KB 3KB sd_ext_cdb 0KB 3KB scsi_sense_cache 64KB 96KB virtio_scsi_cmd 16KB 16KB sgpool-128 8KB 8KB sgpool-64 4KB 6KB sgpool-32 54KB 70KB sgpool-16 18KB 26KB sgpool-8 142KB 157KB cfq_io_cq 5KB 15KB cfq_queue 9KB 27KB mqueue_inode_cache 1KB 7KB fuse_request 0KB 4KB nfs_commit_data 3KB 7KB nfs_write_data 34KB 37KB jbd2_inode 2KB 3KB ext4_system_zone 0KB 3KB bio-1 1KB 3KB pid_namespace 3KB 7KB rpc_buffers 17KB 19KB rpc_tasks 2KB 3KB UNIX 668KB 693KB ip4-frags 7KB 7KB tcp_bind_bucket 2KB 4KB inet_peer_cache 4KB 4KB ip_fib_trie 6KB 7KB ip_fib_alias 51KB 51KB ip_dst_cache 12KB 12KB PING 7KB 7KB RAW 64KB 64KB UDP 70KB 70KB tw_sock_TCP 0KB 3KB TCP 55KB 55KB hugetlbfs_inode_cache 1KB 7KB eventpoll_pwq 41KB 63KB eventpoll_epi 73KB 110KB inotify_inode_mark 3KB 7KB request_queue 31KB 39KB blkdev_ioc 7KB 23KB bio-0 242KB 273KB biovec-(1<<(21-12)) 585KB 585KB biovec-64 72KB 102KB biovec-16 5KB 15KB bio_integrity_payload 0KB 4KB khugepaged_mm_slot 7KB 7KB user_namespace 5KB 7KB uid_cache 0KB 3KB dmaengine-unmap-2 0KB 3KB audit_buffer 3KB 3KB skbuff_fclone_cache 217KB 217KB skbuff_head_cache 6926KB 6926KB configfs_dir_cache 0KB 4KB file_lock_cache 149KB 162KB file_lock_ctx 0KB 3KB fsnotify_mark_connector 2KB 3KB net_namespace 54KB 54KB shmem_inode_cache 1202KB 1202KB task_delay_info 355KB 359KB taskstats 30KB 30KB sigqueue 456KB 456KB kernfs_node_cache 5162KB 5166KB mnt_cache 84KB 84KB filp 5878KB 8568KB names_cache 75565KB 75603KB avc_node 51KB 51KB selinux_file_security 305KB 643KB selinux_inode_security 1693KB 1948KB key_jar 3KB 7KB nsproxy 4KB 7KB vm_area_struct 16397KB 16474KB mm_struct 3815KB 4734KB fs_cache 480KB 480KB files_cache 1424KB 1725KB signal_cache 2080KB 2573KB sighand_cache 339KB 346KB task_struct 9126KB 9181KB cred_jar 2040KB 2324KB anon_vma_chain 4421KB 6343KB anon_vma 218KB 389KB pid 112KB 228KB Acpi-Operand 312KB 792KB Acpi-Namespace 102KB 104KB numa_policy 0KB 3KB debug_objects_cache 464KB 539KB trace_event_file 149KB 151KB ftrace_event_field 261KB 263KB pool_workqueue 40KB 40KB page->ptl 2758KB 3427KB kmalloc-262144 1032KB 1032KB kmalloc-131072 1170KB 1170KB kmalloc-65536 396KB 396KB kmalloc-32768 37422KB 37422KB kmalloc-16384 4504KB 4504KB kmalloc-8192 1798KB 1798KB kmalloc-4096 8474KB 8474KB kmalloc-2048 8963KB 8963KB kmalloc-1024 5142KB 5142KB kmalloc-512 4848KB 4848KB kmalloc-256 2371KB 2655KB kmalloc-128 732KB 732KB kmalloc-96 672KB 672KB kmalloc-64 1104KB 1104KB kmalloc-32 1852KB 2803KB kmalloc-192 408KB 408KB kmem_cache 105KB 112KB [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 2103] 0 2103 5550 326 90112 0 -1000 udevd [ 3900] 0 3900 2493 573 61440 0 0 dhclient [ 4035] 0 4035 14232 109 114688 0 0 rsyslogd [ 4086] 0 4086 4725 51 86016 0 0 cron [ 4100] 0 4100 3735 44 73728 0 0 mcstransd [ 4106] 0 4106 12927 1231 135168 0 0 restorecond [ 4136] 0 4136 12490 153 135168 0 -1000 sshd [ 4160] 0 4160 3694 39 73728 0 0 getty [ 4161] 0 4161 3694 40 73728 0 0 getty [ 4162] 0 4162 3694 39 73728 0 0 getty [ 4163] 0 4163 3694 40 69632 0 0 getty [ 4164] 0 4164 3694 41 73728 0 0 getty [ 4165] 0 4165 3694 41 69632 0 0 getty [ 4166] 0 4166 3649 40 77824 0 0 getty [ 4171] 0 4171 5681 455 86016 0 -1000 udevd [ 4172] 0 4172 5681 455 86016 0 -1000 udevd [ 4187] 0 4187 17821 197 184320 0 0 sshd [ 4189] 0 4189 88422 41746 499712 0 0 syz-fuzzer [ 4229] 0 4229 7297 16 65536 0 0 syz-executor0 [ 4230] 0 4230 7297 15 65536 0 0 syz-executor7 [ 4231] 0 4231 7297 15 65536 0 0 syz-executor3 [ 4232] 0 4232 7297 15 69632 0 0 syz-executor1 [ 4233] 0 4233 7297 17 69632 0 0 syz-executor2 [ 4234] 0 4234 7296 2072 73728 0 0 syz-executor3 [ 4235] 0 4235 7297 15 65536 0 0 syz-executor6 [ 4236] 0 4236 7296 2073 73728 0 0 syz-executor0 [ 4237] 0 4237 7297 16 65536 0 0 syz-executor5 [ 4238] 0 4238 7296 2072 77824 0 0 syz-executor1 [ 4239] 0 4239 7297 16 69632 0 0 syz-executor4 [ 4240] 0 4240 7296 2072 73728 0 0 syz-executor7 [ 4241] 0 4241 7296 2074 77824 0 0 syz-executor2 [ 4242] 0 4242 7296 2072 73728 0 0 syz-executor6 [ 4243] 0 4243 7296 2073 73728 0 0 syz-executor5 [ 4244] 0 4244 7296 2073 77824 0 0 syz-executor4 [ 5522] 0 5520 7415 0 77824 0 0 syz-executor6 Out of memory: Kill process 4189 (syz-fuzzer) score 24 or sacrifice child Killed process 4233 (syz-executor2) total-vm:29188kB, anon-rss:64kB, file-rss:4kB, shmem-rss:0kB syz-fuzzer invoked oom-killer: gfp_mask=0x14200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 syz-fuzzer cpuset=/ mems_allowed=0 syz-executor6: vmalloc: allocation failure, allocated 2922676224 of 4294975488 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) CPU: 1 PID: 4193 Comm: syz-fuzzer Not tainted 4.15.0+ #221 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 syz-executor6 cpuset= / dump_header+0x28c/0xe1e mm/oom_kill.c:437 mems_allowed=0 oom_kill_process+0x8b9/0x1550 mm/oom_kill.c:866 out_of_memory+0x86d/0x1220 mm/oom_kill.c:1080 __alloc_pages_may_oom mm/page_alloc.c:3402 [inline] __alloc_pages_slowpath+0x1d1b/0x2d00 mm/page_alloc.c:4103 __alloc_pages_nodemask+0x9fb/0xd80 mm/page_alloc.c:4259 alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2055 alloc_pages include/linux/gfp.h:492 [inline] __page_cache_alloc+0x334/0x500 mm/filemap.c:945 page_cache_read mm/filemap.c:2387 [inline] filemap_fault+0xf34/0x1ca0 mm/filemap.c:2571 ext4_filemap_fault+0x82/0xad fs/ext4/inode.c:6177 __do_fault+0xeb/0x315 mm/memory.c:3228 do_read_fault mm/memory.c:3638 [inline] do_fault mm/memory.c:3738 [inline] handle_pte_fault mm/memory.c:3969 [inline] __handle_mm_fault+0x1d8f/0x3ce0 mm/memory.c:4093 handle_mm_fault+0x38f/0x930 mm/memory.c:4130 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1426 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1501 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1261 RIP: 0033:0x45db60 RSP: 002b:000000c42011bab8 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 000000c420088a80 RCX: 000000000045ddf3 RDX: 000000c42011bac0 RSI: 000000c42011bbf0 RDI: 0000000000000011 RBP: 000000c420121e30 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000286 R12: 01ffffffffffffff R13: 00000000000000ff R14: 00000000000000ff R15: 0000000000000021 CPU: 0 PID: 5529 Comm: syz-executor6 Not tainted 4.15.0+ #221 Mem-Info: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 active_anon:45929 inactive_anon:63 isolated_anon:0 active_file:13 inactive_file:13 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:6812 slab_unreclaimable:91708 mapped:14489 shmem:70 pagetables:612 bounce:0 free:15857 free_pcp:133 free_cma:0 warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3306 Node 0 active_anon:183716kB inactive_anon:252kB active_file:52kB inactive_file:52kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:57956kB dirty:0kB writeback:0kB shmem:280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 71680kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 0 __vmalloc_area_node mm/vmalloc.c:1718 [inline] __vmalloc_node_range+0x482/0x650 mm/vmalloc.c:1759 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826 lowmem_reserve[]: kvmalloc_node+0x82/0xd0 mm/util.c:428 kvmalloc include/linux/mm.h:541 [inline] xt_alloc_table_info+0x63/0xe0 net/netfilter/x_tables.c:1011 0 do_replace net/ipv4/netfilter/ip_tables.c:1130 [inline] do_ipt_set_ctl+0x29b/0x5f0 net/ipv4/netfilter/ip_tables.c:1675 2868 6378 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115 ip_setsockopt+0x97/0xa0 net/ipv4/ip_sockglue.c:1259 6378 sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4104 Node 0 DMA32 free:29012kB min:30316kB low:37892kB high:45468kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2939956kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 3510 3510 Node 0 Normal free:18508kB min:37100kB low:46372kB high:55644kB active_anon:183716kB inactive_anon:252kB active_file:52kB inactive_file:52kB unevictable:0kB writepending:0kB present:4718592kB managed:3594332kB mlocked:0kB kernel_stack:3744kB pagetables:2448kB bounce:0kB free_pcp:532kB local_pcp:228kB free_cma:0kB lowmem_reserve[]: 0 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975 0 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 0 0 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007fec2e4bfc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007fec2e4c0700 RCX: 0000000000453299 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000013 RBP: 0000000000a2f3c0 R08: 00000000000002e8 R09: 0000000000000000 R10: 000000002000d000 R11: 0000000000000212 R12: 0000000000000000 Node 0 R13: 0000000000a2f33f R14: 00007fec2e4c09c0 R15: 0000000000000002 Mem-Info: DMA: active_anon:45929 inactive_anon:63 isolated_anon:0 active_file:13 inactive_file:13 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:6812 slab_unreclaimable:91708 mapped:14489 shmem:70 pagetables:612 bounce:0 free:15857 free_pcp:132 free_cma:0 1*4kB Node 0 active_anon:183716kB inactive_anon:252kB active_file:52kB inactive_file:52kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:57956kB dirty:0kB writeback:0kB shmem:280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 71680kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 0 (U) DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0*8kB 0 0*16kB 2868 6378 1*32kB 6378 (U) Node 0 2*64kB DMA32 free:29012kB min:30316kB low:37892kB high:45468kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2939956kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: (U) 0 1*128kB 0 (U) 3510 3510 1*256kB Node 0 (U) Normal free:18508kB min:37100kB low:46372kB high:55644kB active_anon:183716kB inactive_anon:252kB active_file:52kB inactive_file:52kB unevictable:0kB writepending:0kB present:4718592kB managed:3594332kB mlocked:0kB kernel_stack:3744kB pagetables:2448kB bounce:0kB free_pcp:528kB local_pcp:300kB free_cma:0kB 0*512kB lowmem_reserve[]: 0 0 1*1024kB 0 0 (U) Node 0 1*2048kB DMA: (M) 1*4kB 3*4096kB (U) 0*8kB (M) 0*16kB 1*32kB = 15908kB (U) Node 0 2*64kB (U) DMA32: 1*128kB (U) 3*4kB 1*256kB (U) (M) 0*512kB 1*1024kB 1*8kB (U) (M) 0*16kB 1*2048kB (M) 2*32kB 3*4096kB (M) (UM) = 15908kB Node 0 0*64kB DMA32: 3*4kB 2*128kB (M) (M) 1*8kB 4*256kB (M) 0*16kB (UM) 2*32kB (UM) 2*512kB 0*64kB 2*128kB (M) (M) 4*256kB 4*1024kB (UM) (UM) 2*512kB (M) 1*2048kB 4*1024kB (UM) (M) 1*2048kB (M) 5*4096kB 5*4096kB (M) (M) = 29012kB Node 0 = 29012kB Normal: 653*4kB Node 0 (ME) 368*8kB Normal: (ME) 172*16kB 653*4kB (UME) 92*32kB (ME) (UME) 68*64kB 368*8kB (UME) 21*128kB (ME) (UM) 1*256kB 172*16kB (M) 0*512kB (UME) 0*1024kB 0*2048kB 92*32kB 0*4096kB = 18548kB (UME) Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 68*64kB 96 total pagecache pages 0 pages in swap cache (UME) Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB 21*128kB Total swap = 0kB 1965969 pages RAM (UM) 0 pages HighMem/MovableOnly 328420 pages reserved 1*256kB syz-executor6: vmalloc: allocation failure, allocated 2972282880 of 4294975488 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18548kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB syz-executor6 cpuset= 96 total pagecache pages / mems_allowed=0 CPU: 0 PID: 5522 Comm: syz-executor6 Not tainted 4.15.0+ #221 0 pages in swap cache Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3306 Total swap = 0kB __vmalloc_area_node mm/vmalloc.c:1718 [inline] __vmalloc_node_range+0x482/0x650 mm/vmalloc.c:1759 1965969 pages RAM __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826 0 pages HighMem/MovableOnly kvmalloc_node+0x82/0xd0 mm/util.c:428 kvmalloc include/linux/mm.h:541 [inline] xt_alloc_table_info+0x63/0xe0 net/netfilter/x_tables.c:1011 328420 pages reserved do_replace net/ipv4/netfilter/ip_tables.c:1130 [inline] do_ipt_set_ctl+0x29b/0x5f0 net/ipv4/netfilter/ip_tables.c:1675 Unreclaimable slab info: Name Used Total nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115 ip_setsockopt+0x97/0xa0 net/ipv4/ip_sockglue.c:1259 pid_2 155KB 156KB sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4104 hashtab_node 118KB 119KB ebitmap_node 1119KB 1122KB avtab_node 1012KB 1013KB TIPC 18KB 21KB RDS 4KB 7KB SCTPv6 60KB 60KB SCTP 23KB 25KB sctp_chunk 21KB 22KB sctp_bind_bucket 1KB 3KB tw_sock_DCCPv6 0KB 3KB request_sock_DCCPv6 1KB 3KB DCCPv6 26KB 43KB DCCP 31KB 33KB ccid2_hc_tx_sock 4KB 6KB ccid2_hc_rx_sock 0KB 3KB dccp_ackvec_record 0KB 3KB dccp_ackvec 4KB 7KB dccp_bind_bucket 1KB 4KB sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 bridge_fdb_cache 5KB 7KB fib6_nodes 26KB 28KB entry_SYSCALL_64_fastpath+0x29/0xa0 ip6_dst_cache 405KB 405KB RIP: 0033:0x453299 RSP: 002b:00007fec2e501c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007fec2e502700 RCX: 0000000000453299 PINGv6 4KB 6KB RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000013 RBP: 0000000000000000 R08: 00000000000002e8 R09: 0000000000000000 R10: 000000002000d000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a2f33f R14: 00007fec2e5029c0 R15: 0000000000000000 RAWv6 102KB 104KB UDPv6 28KB 28KB TCPv6 8KB 22KB ashmem_area_cache 0KB 3KB sd_ext_cdb 0KB 3KB scsi_sense_cache 49KB 88KB virtio_scsi_cmd 16KB 16KB sgpool-128 8KB 8KB sgpool-64 4KB 6KB sgpool-32 42KB 63KB sgpool-16 16KB 22KB sgpool-8 125KB 150KB cfq_io_cq 5KB 15KB cfq_queue 5KB 23KB mqueue_inode_cache 1KB 7KB fuse_request 0KB 4KB nfs_commit_data 3KB 7KB nfs_write_data 34KB 37KB jbd2_inode 2KB 3KB ext4_system_zone 0KB 3KB bio-1 1KB 3KB pid_namespace 2KB 7KB rpc_buffers 17KB 19KB rpc_tasks 2KB 3KB UNIX 616KB 675KB ip4-frags 5KB 7KB tcp_bind_bucket 1KB 4KB inet_peer_cache 2KB 4KB ip_fib_trie 6KB 7KB ip_fib_alias 49KB 51KB ip_dst_cache 10KB 12KB PING 7KB 7KB RAW 63KB 64KB UDP 67KB 70KB tw_sock_TCP 0KB 3KB TCP 52KB 55KB hugetlbfs_inode_cache 1KB 7KB eventpoll_pwq 28KB 55KB eventpoll_epi 46KB 86KB inotify_inode_mark 3KB 7KB request_queue 31KB 39KB blkdev_ioc 7KB 23KB bio-0 239KB 273KB biovec-(1<<(21-12)) 585KB 585KB biovec-64 60KB 102KB biovec-16 3KB 15KB bio_integrity_payload 0KB 4KB khugepaged_mm_slot 5KB 7KB user_namespace 5KB 7KB uid_cache 0KB 3KB dmaengine-unmap-2 0KB 3KB audit_buffer 2KB 3KB skbuff_fclone_cache 215KB 217KB skbuff_head_cache 6930KB 6930KB configfs_dir_cache 0KB 4KB file_lock_cache 138KB 154KB file_lock_ctx 0KB 3KB fsnotify_mark_connector 2KB 3KB net_namespace 54KB 54KB shmem_inode_cache 1202KB 1202KB task_delay_info 353KB 359KB taskstats 29KB 30KB sigqueue 451KB 456KB kernfs_node_cache 5161KB 5166KB mnt_cache 83KB 84KB filp 5871KB 8565KB names_cache 75565KB 75603KB avc_node 50KB 51KB selinux_file_security 304KB 643KB selinux_inode_security 1690KB 1948KB key_jar 3KB 7KB nsproxy 4KB 7KB vm_area_struct 16394KB 16474KB mm_struct 3807KB 4734KB fs_cache 450KB 480KB files_cache 1413KB 1717KB signal_cache 2072KB 2573KB sighand_cache 328KB 346KB task_struct 9114KB 9169KB cred_jar 2034KB 2324KB anon_vma_chain 4419KB 6343KB anon_vma 212KB 389KB pid 97KB 224KB Acpi-Operand 312KB 792KB Acpi-Namespace 102KB 104KB numa_policy 0KB 3KB debug_objects_cache 463KB 539KB trace_event_file 149KB 151KB ftrace_event_field 261KB 263KB pool_workqueue 40KB 40KB page->ptl 2756KB 3427KB kmalloc-262144 1032KB 1032KB kmalloc-131072 1170KB 1170KB kmalloc-65536 396KB 396KB kmalloc-32768 37422KB 37422KB kmalloc-16384 4504KB 4504KB kmalloc-8192 1798KB 1798KB kmalloc-4096 8474KB 8474KB kmalloc-2048 8963KB 8963KB kmalloc-1024 5142KB 5142KB kmalloc-512 4848KB 4848KB kmalloc-256 2368KB 2651KB kmalloc-128 730KB 732KB kmalloc-96 672KB 672KB kmalloc-64 1101KB 1104KB kmalloc-32 1850KB 2803KB kmalloc-192 407KB 408KB kmem_cache 105KB 112KB [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 2103] 0 2103 5550 326 90112 0 -1000 udevd [ 3900] 0 3900 2493 573 61440 0 0 dhclient [ 4035] 0 4035 14232 109 114688 0 0 rsyslogd [ 4086] 0 4086 4725 51 86016 0 0 cron [ 4100] 0 4100 3735 44 73728 0 0 mcstransd [ 4106] 0 4106 12927 1231 135168 0 0 restorecond [ 4136] 0 4136 12490 153 135168 0 -1000 sshd [ 4160] 0 4160 3694 39 73728 0 0 getty [ 4161] 0 4161 3694 40 73728 0 0 getty [ 4162] 0 4162 3694 39 73728 0 0 getty [ 4163] 0 4163 3694 40 69632 0 0 getty syz-executor6 (5522) used greatest stack depth: 14824 bytes left [ 4164] 0 4164 3694 41 73728 0 0 getty [ 4165] 0 4165 3694 41 69632 0 0 getty [ 4166] 0 4166 3649 40 77824 0 0 getty [ 4171] 0 4171 5681 455 86016 0 -1000 udevd [ 4172] 0 4172 5681 455 86016 0 -1000 udevd [ 4187] 0 4187 17821 197 184320 0 0 sshd [ 4189] 0 4189 88422 41746 499712 0 0 syz-fuzzer [ 4229] 0 4229 7297 16 65536 0 0 syz-executor0 [ 4230] 0 4230 7297 15 65536 0 0 syz-executor7 [ 4231] 0 4231 7297 15 65536 0 0 syz-executor3 [ 4232] 0 4232 7297 15 69632 0 0 syz-executor1 [ 4234] 0 4234 7296 2072 73728 0 0 syz-executor3 [ 4235] 0 4235 7297 15 65536 0 0 syz-executor6 [ 4236] 0 4236 7296 2073 73728 0 0 syz-executor0 [ 4237] 0 4237 7297 16 65536 0 0 syz-executor5 [ 4238] 0 4238 7296 2072 77824 0 0 syz-executor1 [ 4239] 0 4239 7297 16 69632 0 0 syz-executor4 [ 4240] 0 4240 7296 2072 73728 0 0 syz-executor7 [ 4242] 0 4242 7296 2072 73728 0 0 syz-executor6 [ 4243] 0 4243 7296 2073 73728 0 0 syz-executor5 [ 4244] 0 4244 7296 2073 77824 0 0 syz-executor4 [ 5529] 0 5520 7415 0 77824 0 0 syz-executor6 Out of memory: Kill process 4189 (syz-fuzzer) score 24 or sacrifice child Killed process 4239 (syz-executor4) total-vm:29188kB, anon-rss:60kB, file-rss:4kB, shmem-rss:0kB netlink: 28 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 28 bytes leftover after parsing attributes in process `syz-executor6'. mip6: mip6_destopt_init_state: spi is not 0: 3741581312 mip6: mip6_destopt_init_state: spi is not 0: 3741581312