====================================================== WARNING: possible circular locking dependency detected 4.15.0+ #297 Not tainted ------------------------------------------------------ syz-executor2/4226 is trying to acquire lock: (rtnl_mutex){+.+.}, at: [<000000003c05d37c>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 but task is already holding lock: (&xt[i].mutex){+.+.}, at: [<0000000006bd0211>] xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1041 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&xt[i].mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1041 get_entries net/ipv6/netfilter/ip6_tables.c:1045 [inline] do_ip6t_get_ctl+0x432/0xaf0 net/ipv6/netfilter/ip6_tables.c:1714 nf_sockopt net/netfilter/nf_sockopt.c:104 [inline] nf_getsockopt+0x6a/0xc0 net/netfilter/nf_sockopt.c:122 ipv6_getsockopt+0x1df/0x2e0 net/ipv6/ipv6_sockglue.c:1371 udpv6_getsockopt+0x45/0x80 net/ipv6/udp.c:1441 sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2934 SYSC_getsockopt net/socket.c:1880 [inline] SyS_getsockopt+0x178/0x340 net/socket.c:1862 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b -> #1 (sk_lock-AF_INET6){+.+.}: lock_sock_nested+0xc2/0x110 net/core/sock.c:2777 lock_sock include/net/sock.h:1463 [inline] do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167 ipv6_setsockopt+0xd7/0x130 net/ipv6/ipv6_sockglue.c:922 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2905 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b -> #0 (rtnl_mutex){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 unregister_netdevice_notifier+0x91/0x4e0 net/core/dev.c:1673 tee_tg_destroy+0x61/0xc0 net/netfilter/xt_TEE.c:123 cleanup_entry+0x218/0x350 net/ipv4/netfilter/ip_tables.c:654 __do_replace+0x79d/0xa50 net/ipv4/netfilter/ip_tables.c:1089 do_replace net/ipv4/netfilter/ip_tables.c:1145 [inline] do_ipt_set_ctl+0x40f/0x5f0 net/ipv4/netfilter/ip_tables.c:1675 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115 ip_setsockopt+0x97/0xa0 net/ipv4/ip_sockglue.c:1259 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2905 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b other info that might help us debug this: Chain exists of: rtnl_mutex --> sk_lock-AF_INET6 --> &xt[i].mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&xt[i].mutex); lock(sk_lock-AF_INET6); lock(&xt[i].mutex); lock(rtnl_mutex); *** DEADLOCK *** 1 lock held by syz-executor2/4226: #0: (&xt[i].mutex){+.+.}, at: [<0000000006bd0211>] xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1041 stack backtrace: CPU: 0 PID: 4226 Comm: syz-executor2 Not tainted 4.15.0+ #297 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug.isra.38+0x2cd/0x2dc kernel/locking/lockdep.c:1223 check_prev_add kernel/locking/lockdep.c:1863 [inline] check_prevs_add kernel/locking/lockdep.c:1976 [inline] validate_chain kernel/locking/lockdep.c:2417 [inline] __lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3431 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 unregister_netdevice_notifier+0x91/0x4e0 net/core/dev.c:1673 tee_tg_destroy+0x61/0xc0 net/netfilter/xt_TEE.c:123 cleanup_entry+0x218/0x350 net/ipv4/netfilter/ip_tables.c:654 __do_replace+0x79d/0xa50 net/ipv4/netfilter/ip_tables.c:1089 do_replace net/ipv4/netfilter/ip_tables.c:1145 [inline] do_ipt_set_ctl+0x40f/0x5f0 net/ipv4/netfilter/ip_tables.c:1675 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115 ip_setsockopt+0x97/0xa0 net/ipv4/ip_sockglue.c:1259 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2905 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x455d8a RSP: 002b:0000000000a2f598 EFLAGS: 00000206 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00000000006f8a40 RCX: 0000000000455d8a RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000013 RBP: 00000000006f8a40 R08: 00000000000002d8 R09: 0000000000000001 R10: 00000000006f8e68 R11: 0000000000000206 R12: 0000000000000013 R13: 00000000006fb9e8 R14: 0000000000027dc4 R15: 0000000000000010 ipt_CLUSTERIP: bad local_nodes[0] 0 ipt_CLUSTERIP: bad local_nodes[0] 0 netlink: 'syz-executor4': attribute type 21 has an invalid length. binder: BINDER_SET_CONTEXT_MGR already set binder: 25688:25702 ioctl 40046207 0 returned -16 QAT: Invalid ioctl l2tp_ppp: sess 59/0: set debug=eaff5b7f l2tp_ppp: sess 59/0: get mtu=65495 QAT: Invalid ioctl handle_userfault: 142 callbacks suppressed FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 25869 Comm: syz-executor2 Not tainted 4.15.0+ #297 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 handle_userfault+0xbd9/0x2500 fs/userfaultfd.c:430 do_anonymous_page mm/memory.c:3153 [inline] handle_pte_fault mm/memory.c:3967 [inline] __handle_mm_fault+0x32a3/0x3ce0 mm/memory.c:4093 handle_mm_fault+0x38f/0x930 mm/memory.c:4130 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1426 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1501 page_fault+0x2c/0x60 arch/x86/entry/entry_64.S:1148 RIP: 0010:fault_in_pages_readable arch/x86/include/asm/smap.h:58 [inline] RIP: 0010:iov_iter_fault_in_readable+0x1aa/0x420 lib/iov_iter.c:421 RSP: 0018:ffff8801b76177e0 EFLAGS: 00010246 RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff825be591 RDX: 0000000000000120 RSI: ffffc90004c64000 RDI: ffff8801b7617be0 RBP: ffff8801b76178c0 R08: 1ffff10036e9554a R09: 1ffff10036ec2ef1 R10: ffff8801b7617408 R11: 1ffff1003b684ffc R12: 1ffff10036ec2eff R13: ffff8801b7617898 R14: 0000000000000000 R15: ffff8801b7617bd8 generic_perform_write+0x200/0x600 mm/filemap.c:3128 __generic_file_write_iter+0x366/0x5b0 mm/filemap.c:3263 generic_file_write_iter+0x399/0x790 mm/filemap.c:3291 call_write_iter include/linux/fs.h:1781 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x684/0x970 fs/read_write.c:482 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453299 RSP: 002b:00007f9c907b1c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299 RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000017 RBP: 000000000000065e R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f8970 R13: 00000000ffffffff R14: 00007f9c907b26d4 R15: 0000000000000000 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 25877 Comm: syz-executor2 Not tainted 4.15.0+ #297 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 handle_userfault+0xbd9/0x2500 fs/userfaultfd.c:430 do_anonymous_page mm/memory.c:3153 [inline] handle_pte_fault mm/memory.c:3967 [inline] __handle_mm_fault+0x32a3/0x3ce0 mm/memory.c:4093 handle_mm_fault+0x38f/0x930 mm/memory.c:4130 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1426 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1501 page_fault+0x2c/0x60 arch/x86/entry/entry_64.S:1148 RIP: 0010:fault_in_pages_readable arch/x86/include/asm/smap.h:58 [inline] RIP: 0010:iov_iter_fault_in_readable+0x1aa/0x420 lib/iov_iter.c:421 RSP: 0018:ffff8801b27ef7e0 EFLAGS: 00010246 RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff825be591 RDX: 0000000000000118 RSI: ffffc90004ce5000 RDI: ffff8801b27efbe0 RBP: ffff8801b27ef8c0 R08: ffff8801db427fc0 R09: 1ffff100364fdea8 R10: ffff8801b27ef908 R11: 1ffff1003b684ffc R12: 1ffff100364fdeff R13: ffff8801b27ef898 R14: 0000000000000000 R15: ffff8801b27efbd8 generic_perform_write+0x200/0x600 mm/filemap.c:3128 __generic_file_write_iter+0x366/0x5b0 mm/filemap.c:3263 generic_file_write_iter+0x399/0x790 mm/filemap.c:3291 call_write_iter include/linux/fs.h:1781 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x684/0x970 fs/read_write.c:482 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453299 RSP: 002b:00007f9c90790c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000453299 RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000017 RBP: 000000000000065e R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f8970 R13: 00000000ffffffff R14: 00007f9c907916d4 R15: 0000000000000011 binder: 25931:25934 transaction failed 29189/-22, size 96-16 line 2842 insert transport fail, errno -17 binder: 25931:25934 transaction failed 29189/-22, size 96-16 line 2842 binder_alloc: binder_alloc_mmap_handler: 26049 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder_alloc: 26049: binder_alloc_buf, no vma binder: 26049:26054 ioctl 40046207 0 returned -16 binder: 26049:26063 transaction failed 29189/-3, size 24-8 line 2957 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 26049:26054 transaction 114 out, still active binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 114, target dead FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 1 PID: 26072 Comm: syz-executor0 Not tainted 4.15.0+ #297 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc_trace+0x4b/0x750 mm/slab.c:3605 kmalloc include/linux/slab.h:512 [inline] tcp_fastopen_reset_cipher+0xbb/0x560 net/ipv4/tcp_fastopen.c:76 do_tcp_setsockopt.isra.37+0x26f/0x2130 net/ipv4/tcp.c:2617 tcp_setsockopt+0xb0/0xd0 net/ipv4/tcp.c:2907 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453299 RSP: 002b:00007ff8208f9c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299 RDX: 0000000000000021 RSI: 0000000000000006 RDI: 0000000000000013 RBP: 000000000000057c R08: 0000000000000010 R09: 0000000000000000 R10: 00000000208adff0 R11: 0000000000000212 R12: 00000000006f7440 R13: 0000000000000014 R14: 00007ff8208fa6d4 R15: ffffffffffffffff FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 26107 Comm: syz-executor0 Not tainted 4.15.0+ #297 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3365 [inline] __do_kmalloc mm/slab.c:3703 [inline] __kmalloc+0x63/0x760 mm/slab.c:3714 kmalloc include/linux/slab.h:517 [inline] kzalloc include/linux/slab.h:701 [inline] __crypto_alloc_tfm+0xd0/0x4e0 crypto/api.c:359 crypto_alloc_base+0x4b/0x1d0 crypto/api.c:423 crypto_alloc_cipher include/linux/crypto.h:1455 [inline] tcp_fastopen_reset_cipher+0xe2/0x560 net/ipv4/tcp_fastopen.c:79 do_tcp_setsockopt.isra.37+0x26f/0x2130 net/ipv4/tcp.c:2617 tcp_setsockopt+0xb0/0xd0 net/ipv4/tcp.c:2907 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453299 RSP: 002b:00007ff8208f9c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299 RDX: 0000000000000021 RSI: 0000000000000006 RDI: 0000000000000013 RBP: 000000000000057c R08: 0000000000000010 R09: 0000000000000000 R10: 00000000208adff0 R11: 0000000000000212 R12: 00000000006f7440 R13: 0000000000000014 R14: 00007ff8208fa6d4 R15: ffffffffffffffff TCP: TFO aes cipher alloc error: -12 audit: type=1326 audit(1517837060.111:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26196 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=21180 sclass=netlink_route_socket pig=26228 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=21180 sclass=netlink_route_socket pig=26228 comm=syz-executor6 device eql entered promiscuous mode QAT: Invalid ioctl binder: 26257:26259 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 26257:26259 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 26257:26259 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 26259 RLIMIT_NICE not set QAT: Invalid ioctl binder: 26257:26262 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: 26257:26276 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 26257:26276 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 26257:26262 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 26257:26276 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 26262 RLIMIT_NICE not set binder: 26257:26277 BC_DEAD_BINDER_DONE 0000000000000003 not found QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl SELinux: unrecognized netlink message: protocol=4 nlmsg_type=27 sclass=netlink_tcpdiag_socket pig=26373 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=27 sclass=netlink_tcpdiag_socket pig=26373 comm=syz-executor1 dccp_invalid_packet: P.Data Offset(4) too small dccp_invalid_packet: P.Data Offset(4) too small audit: type=1326 audit(1517837061.300:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26461 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517837061.301:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26461 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517837061.305:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26461 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=53 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517837061.341:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26461 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517837061.342:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26461 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517837061.375:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26461 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=54 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517837061.375:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26461 comm="syz-executor1" exe="/root/syz-executor1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 can: request_module (can-proto-6) failed. binder_alloc: binder_alloc_mmap_handler: 26634 20000000-20002000 already mapped failed -16 can: request_module (can-proto-6) failed. binder: 26752 RLIMIT_NICE not set binder: 26738:26752 ioctl c0306201 2000ffd0 returned -11 binder: 26738:26752 BC_FREE_BUFFER u0000000000000000 no match kauditd_printk_skb: 32 callbacks suppressed audit: type=1326 audit(1517837062.565:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26743 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 binder: 26738:26752 Acquire 1 refcount change on invalid ref 2 ret -22 audit: type=1326 audit(1517837062.581:903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26743 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=52 compat=0 ip=0x453299 code=0x7ffc0000 binder: 26738:26752 got transaction to invalid handle binder: 26738:26752 transaction failed 29201/-22, size 24-32 line 2842 audit: type=1326 audit(1517837062.581:904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26743 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517837062.582:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26743 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=257 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517837062.584:906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26743 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517837062.584:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26743 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=54 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517837062.584:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26743 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517837062.585:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26743 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=68 compat=0 ip=0x453299 code=0x7ffc0000 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50746 sclass=netlink_route_socket pig=26769 comm=syz-executor4 audit: type=1326 audit(1517837062.585:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26743 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x453299 code=0x7ffc0000 audit: type=1326 audit(1517837062.585:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=26743 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=71 compat=0 ip=0x453299 code=0x7ffc0000 netlink: 'syz-executor3': attribute type 33 has an invalid length. netlink: 'syz-executor3': attribute type 33 has an invalid length. SELinux: policydb version -1394192808 does not match my version range 15-31 SELinux: failed to load policy syz-executor7: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) syz-executor7 cpuset=/ mems_allowed=0 CPU: 0 PID: 27165 Comm: syz-executor7 Not tainted 4.15.0+ #297 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3306 __vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vmalloc+0x45/0x50 mm/vmalloc.c:1840 sel_write_load+0x1f5/0x1910 security/selinux/selinuxfs.c:495 __vfs_write+0xef/0x970 fs/read_write.c:480 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453299 RSP: 002b:00007f7375fbbc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000453299 RDX: 0000000000000000 RSI: 000000002097a000 RDI: 0000000000000013 RBP: 0000000000000654 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f8880 R13: 00000000ffffffff R14: 00007f7375fbc6d4 R15: 0000000000000003 Mem-Info: active_anon:103008 inactive_anon:891 isolated_anon:0 active_file:3639 inactive_file:8589 isolated_file:0 unevictable:0 dirty:76 writeback:0 unstable:0 slab_reclaimable:9398 slab_unreclaimable:90016 mapped:25014 shmem:901 pagetables:791 bounce:0 free:1385128 free_pcp:442 free_cma:0 Node 0 active_anon:405980kB inactive_anon:4464kB active_file:14556kB inactive_file:34356kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:101156kB dirty:304kB writeback:0kB shmem:4504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 186368kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB could not allocate digest TFM handle sha256_mb lowmem_reserve[]: 0 2868 6378 6378 Node 0 DMA32 free:2939120kB min:30316kB low:37892kB high:45468kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2939956kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:832kB local_pcp:676kB free_cma:0kB lowmem_reserve[]: 0 0 3510 3510 Node 0 Normal free:2576988kB min:37100kB low:46372kB high:55644kB active_anon:418376kB inactive_anon:7164kB active_file:14556kB inactive_file:34356kB unevictable:0kB writepending:304kB present:4718592kB managed:3594332kB mlocked:0kB kernel_stack:5120kB pagetables:3312kB bounce:0kB free_pcp:432kB local_pcp:288kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 4*4kB (M) 4*8kB (UM) 2*16kB (UM) 3*32kB (M) 3*64kB (UM) 1*128kB (M) 3*256kB (UM) 4*512kB (UM) 3*1024kB (UM) 2*2048kB (UM) 715*4096kB (M) = 2939120kB Node 0 Normal: 914*4kB (UME) 485*8kB (ME) 1067*16kB (UME) 1177*32kB (UME) 532*64kB (UM) 124*128kB (UM) 70*256kB (UM) 45*512kB (UM) 22*1024kB (UME) 16*2048kB (UME) 579*4096kB (UM) = 2580032kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 12303 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965969 pages RAM 0 pages HighMem/MovableOnly 328420 pages reserved could not allocate digest TFM handle sha256_mb syz-executor7: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) syz-executor7 cpuset=/ mems_allowed=0 CPU: 1 PID: 27154 Comm: syz-executor7 Not tainted 4.15.0+ #297 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3306 __vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vmalloc+0x45/0x50 mm/vmalloc.c:1840 sel_write_load+0x1f5/0x1910 security/selinux/selinuxfs.c:495 __vfs_write+0xef/0x970 fs/read_write.c:480 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x453299 RSP: 002b:00007f7375fdcc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299