===================================== [ BUG: bad unlock balance detected! ] 4.9.67-gf26d3c7 #106 Not tainted ------------------------------------- PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. syz-executor3/19877 is trying to release lock ([ 112.221758] netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. mrt_lock) at: PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex but there are no more locks to release! other info that might help us debug this: 1 lock held by syz-executor3/19877: #0: (&p->lock){+.+.+.}, at: [] seq_read+0xdd/0x1290 fs/seq_file.c:178 stack backtrace: CPU: 1 PID: 19877 Comm: syz-executor3 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c61978e8 ffffffff81d906e9 ffffffff849ae8f8 ffff8801d1fb0000 ffffffff834dec54 ffffffff849ae8f8 ffff8801d1fb0888 ffff8801c6197918 ffffffff812353f4 dffffc0000000000 ffffffff849ae8f8 00000000ffffffff Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3398 [] __lock_release kernel/locking/lockdep.c:3540 [inline] [] lock_release+0x6f8/0xb80 kernel/locking/lockdep.c:3775 [] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline] [] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255 [] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553 [] seq_read+0xa83/0x1290 fs/seq_file.c:283 FAULT_FLAG_ALLOW_RETRY missing 30 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=19907 comm=syz-executor5 [] proc_reg_read+0xef/0x170 fs/proc/inode.c:202 [] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714 [] do_loop_readv_writev fs/read_write.c:880 [inline] [] do_readv_writev+0x520/0x750 fs/read_write.c:874 [] vfs_readv+0x84/0xc0 fs/read_write.c:898 [] do_readv+0xe6/0x250 fs/read_write.c:924 [] SYSC_readv fs/read_write.c:1011 [inline] [] SyS_readv+0x27/0x30 fs/read_write.c:1008 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 19903 Comm: syz-executor5 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c89cf8e0 ffffffff81d906e9 ffff8801c89cfbc0 0000000000000000 ffff8801ceb78d10 ffff8801c89cfab0 ffff8801ceb78c00 ffff8801c89cfad8 ffffffff8165e307 ffff8801d88eb000 ffff8801c89cfa30 00000001a7ffc067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] strndup_user+0x28/0xb0 mm/util.c:160 [] SYSC_request_key security/keys/keyctl.c:186 [inline] [] SyS_request_key+0xd6/0x2d0 security/keys/keyctl.c:158 [] entry_SYSCALL_64_fastpath+0x23/0xc6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=19907 comm=syz-executor5 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 19953 Comm: syz-executor2 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d90d7830 ffffffff81d906e9 ffff8801d90d7b10 0000000000000000 ffff8801c6b1ff10 ffff8801d90d7a00 ffff8801c6b1fe00 ffff8801d90d7a28 ffffffff8165e307 ffff8801db321400 ffff8801d90d7980 00000001d1dc9067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_mq_timedreceive ipc/mqueue.c:1092 [inline] [] SyS_mq_timedreceive+0xcd/0xdb0 ipc/mqueue.c:1077 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 19963 Comm: syz-executor2 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a38af990 ffffffff81d906e9 ffff8801a38afc70 0000000000000000 ffff8801c6b1ff10 ffff8801a38afb60 ffff8801c6b1fe00 ffff8801a38afb88 ffffffff8165e307 0000000000000000 ffff8801a38afae0 00000001d1dc9067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode device syz6 entered promiscuous mode device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode binder: 20149:20151 got transaction with invalid offset (56, min 72 max 72) or object. binder: 20149:20151 transaction failed 29201/-22, size 72-32 line 3193 binder_alloc: binder_alloc_mmap_handler: 20149 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 20149:20154 ioctl 40046207 0 returned -16 binder_alloc: 20149: binder_alloc_buf, no vma binder: 20149:20151 transaction failed 29189/-3, size 72-32 line 3130 devpts: called with bogus options devpts: called with bogus options device gre0 entered promiscuous mode blk_update_request: I/O error, dev loop0, sector 0 blk_update_request: I/O error, dev loop0, sector 255 binder: 20258:20259 ioctl 40046205 8 returned -22 blk_update_request: I/O error, dev loop0, sector 0 blk_update_request: I/O error, dev loop0, sector 255 binder: binder_mmap: 20258 20010000-20013000 bad vm_flags failed -1 binder: 20258:20270 got reply transaction with no transaction stack binder: 20258:20270 transaction failed 29201/-71, size 0-56 line 2923 binder: 20258:20288 ioctl 40046205 8 returned -22 binder_alloc: binder_alloc_mmap_handler: 20258 20000000-20002000 already mapped failed -16 binder: 20285:20286 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 20258:20288 ioctl 40046207 0 returned -16 binder_alloc: 20258: binder_alloc_buf, no vma binder: 20258:20301 transaction failed 29189/-3, size 80-16 line 3130 binder: binder_mmap: 20258 20010000-20013000 bad vm_flags failed -1 binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 262 to 20258:20270 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: 20285:20311 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: 20285:20311 got reply transaction with no transaction stack binder: 20285:20311 transaction failed 29201/-71, size 48-16 line 2923 binder: 20285:20286 ERROR: BC_REGISTER_LOOPER called without request binder: 20285:20311 BC_DEAD_BINDER_DONE 0000000000000000 not found device gre0 entered promiscuous mode IPv6: Can't replace route, no match found binder: 20285:20311 got reply transaction with no transaction stack binder: 20285:20311 transaction failed 29201/-71, size 48-16 line 2923 IPv6: Can't replace route, no match found PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex device eql entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device gre0 entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready keychord: invalid keycode count 0 PF_BRIDGE: RTM_SETLINK with unknown ifindex PF_BRIDGE: RTM_SETLINK with unknown ifindex device lo entered promiscuous mode device lo left promiscuous mode blk_update_request: I/O error, dev loop0, sector 0 blk_update_request: I/O error, dev loop0, sector 255 device gre0 entered promiscuous mode binder: 21126:21127 transaction failed 29189/-22, size 0-0 line 3007 binder: undelivered TRANSACTION_ERROR: 29189 device gre0 entered promiscuous mode blk_update_request: I/O error, dev loop0, sector 0 device syz4 entered promiscuous mode FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 21212 Comm: syz-executor2 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ce5ff4e0 ffffffff81d906e9 ffff8801ce5ff7c0 0000000000000000 ffff8801c6b1e890 ffff8801ce5ff6b0 ffff8801c6b1e780 ffff8801ce5ff6d8 ffffffff8165e307 ffff880102408040 ffff8801ce5ff630 00000001c613d067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] generic_perform_write+0x1dc/0x500 mm/filemap.c:2731 [] __generic_file_write_iter+0x348/0x570 mm/filemap.c:2866 [] generic_file_write_iter+0x2d5/0x600 mm/filemap.c:2894 [] new_sync_write fs/read_write.c:499 [inline] [] __vfs_write+0x4bf/0x680 fs/read_write.c:512 [] vfs_write+0x189/0x530 fs/read_write.c:560 [] SYSC_write fs/read_write.c:607 [inline] [] SyS_write+0xd9/0x1b0 fs/read_write.c:599 [] entry_SYSCALL_64_fastpath+0x23/0xc6 blk_update_request: I/O error, dev loop0, sector 0 binder: 21352:21355 ioctl 40046205 0 returned -22 binder: 21352:21355 ERROR: BC_REGISTER_LOOPER called without request binder: 21352:21355 BC_FREE_BUFFER u00000000ffffffff no match binder: 21352:21355 sending u0000000000000000 node 272, cookie mismatch 0000000000000004 != 0000000000000000 binder: 21352:21355 transaction failed 29201/-22, size 72-8 line 3209 binder: 21352:21355 ioctl c0306201 20005fd0 returned -14 binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 274, process died. binder: 21352:21355 ioctl 40046205 0 returned -22 binder: 21352:21376 ERROR: BC_REGISTER_LOOPER called without request binder: 21352:21355 got reply transaction with bad transaction stack, transaction 280 has target 21352:0 binder: 21352:21355 transaction failed 29201/-71, size 24-8 line 2938 binder: 21352:21376 BC_FREE_BUFFER u0000000000000000 no match binder: 21352:21376 sending u0000000000000000 node 279, cookie mismatch 0000000000000004 != 0000000000000000 binder: 21352:21376 transaction failed 29201/-22, size 72-8 line 3209 binder: 21352:21376 ioctl c0306201 20005fd0 returned -14 binder: release 21352:21355 transaction 280 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: BINDER_SET_CONTEXT_MGR already set binder: 21430:21433 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 280, target dead 9pnet_virtio: no channels available for device ûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûû nla_parse: 12 callbacks suppressed netlink: 13 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. 9pnet_virtio: no channels available for device ûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûûû binder: 21535:21537 got transaction with invalid parent offset or type device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready binder: 21535:21537 transaction failed 29201/-22, size 80-32 line 3315 device lo entered promiscuous mode device lo left promiscuous mode binder_alloc: binder_alloc_mmap_handler: 21535 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 21535:21537 ioctl 40046207 0 returned -16 binder_alloc: 21535: binder_alloc_buf, no vma binder: 21535:21563 transaction failed 29189/-3, size 80-32 line 3130 device lo entered promiscuous mode device lo left promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. devpts: called with bogus options keychord: Insufficient bytes present for keycount 30 device gre0 entered promiscuous mode device lo left promiscuous mode devpts: called with bogus options keychord: Insufficient bytes present for keycount 30 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 device lo entered promiscuous mode device lo left promiscuous mode device gre0 entered promiscuous mode device  entered promiscuous mode device  left promiscuous mode device  entered promiscuous mode device  left promiscuous mode qtaguid: iface_stat: create(lo): no inet dev qtaguid: iface_stat: create6(lo): no inet dev IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. IPv6: NLM_F_REPLACE set, but no existing node found! mmap: syz-executor0 (22114): VmData 2068480 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. binder_alloc: binder_alloc_mmap_handler: 22124 2011a000-2051a000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. syz-executor0: vmalloc: allocation failure: 17179082768 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 22137 Comm: syz-executor0 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d0e6f880 ffffffff81d906e9 1ffff1003a1cdf13 ffff8801c8da8000 ffffffff83ab7dc0 0000000000000001 0000000000400000 ffff8801d0e6f990 ffffffff8144ea02 024000c2e183a874 0000000041b58ab3 ffffffff841913b5 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3063 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x2da/0x1cd0 net/ipv4/netfilter/arp_tables.c:549 [] do_replace net/ipv4/netfilter/arp_tables.c:986 [inline] [] do_arpt_set_ctl+0x2b7/0x650 net/ipv4/netfilter/arp_tables.c:1465 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1248 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:99532 inactive_anon:39 isolated_anon:0 active_file:3971 inactive_file:6985 isolated_file:0 unevictable:0 dirty:105 writeback:0 unstable:0 slab_reclaimable:6408 slab_unreclaimable:15521 mapped:22880 shmem:111 pagetables:725 bounce:0 free:1476638 free_pcp:358 free_cma:0 Node 0 active_anon:398128kB inactive_anon:156kB active_file:15884kB inactive_file:27940kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91520kB dirty:420kB writeback:0kB shmem:444kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 34816kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB DMA32 free:2981148kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:696kB local_pcp:696kB free_cma:0kB Normal free:2909496kB min:36816kB low:46020kB high:55224kB active_anon:398128kB inactive_anon:156kB active_file:15884kB inactive_file:27940kB unevictable:0kB writepending:420kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:25632kB slab_unreclaimable:62084kB kernel_stack:5728kB pagetables:2900kB bounce:0kB free_pcp:736kB local_pcp:244kB free_cma:0kB DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11066 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved syz-executor0: vmalloc: allocation failure: 17179082768 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 1 PID: 22149 Comm: syz-executor0 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c82f7880 ffffffff81d906e9 1ffff1003905ef13 ffff8801c7de8000 ffffffff83ab7dc0 0000000000000001 0000000000400000 ffff8801c82f7990 ffffffff8144ea02 024000c25e73cd51 0000000041b58ab3 ffffffff841913b5 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3063 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x2da/0x1cd0 net/ipv4/netfilter/arp_tables.c:549 [] do_replace net/ipv4/netfilter/arp_tables.c:986 [inline] [] do_arpt_set_ctl+0x2b7/0x650 net/ipv4/netfilter/arp_tables.c:1465 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1248 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:98479 inactive_anon:39 isolated_anon:0 active_file:3971 inactive_file:6985 isolated_file:0 unevictable:0 dirty:105 writeback:0 unstable:0 slab_reclaimable:6408 slab_unreclaimable:15576 mapped:22830 shmem:111 pagetables:725 bounce:0 free:1477080 free_pcp:370 free_cma:0 Node 0 active_anon:393916kB inactive_anon:156kB active_file:15884kB inactive_file:27940kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91320kB dirty:420kB writeback:0kB shmem:444kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 34816kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB DMA32 free:2981148kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:696kB local_pcp:0kB free_cma:0kB Normal free:2911264kB min:36816kB low:46020kB high:55224kB active_anon:393916kB inactive_anon:156kB active_file:15884kB inactive_file:27940kB unevictable:0kB writepending:420kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:25632kB slab_unreclaimable:62304kB kernel_stack:5888kB pagetables:2900kB bounce:0kB free_pcp:784kB local_pcp:472kB free_cma:0kB DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11066 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'. blk_update_request: I/O error, dev loop0, sector 0 blk_update_request: I/O error, dev loop0, sector 255 blk_update_request: I/O error, dev loop0, sector 0 blk_update_request: I/O error, dev loop0, sector 255 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 22200 Comm: syz-executor7 Not tainted 4.9.67-gf26d3c7 #106 FAULT_FLAG_ALLOW_RETRY missing 30 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ca2776b0 ffffffff81d906e9 ffff8801ca277990 0000000000000000 ffff8801c6b1ee90 ffff8801ca277880 ffff8801c6b1ed80 ffff8801ca2778a8 ffffffff8165e307 0000000000000046 ffff8801ca277800 00000001c921a067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] inet_ioctl+0x117/0x1c0 net/ipv4/af_inet.c:908 [] sock_do_ioctl+0x65/0xb0 net/socket.c:892 [] sock_ioctl+0x2e0/0x3d0 net/socket.c:978 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 22207 Comm: syz-executor7 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d27df6c0 ffffffff81d906e9 ffff8801d27df9a0 0000000000000000 ffff8801c6b1ee90 ffff8801d27df890 ffff8801c6b1ed80 ffff8801d27df8b8 ffffffff8165e307 1ffff1003a4fbedc ffff8801d27df810 00000001c921a067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] process_vm_rw+0x1bf/0x210 mm/process_vm_access.c:280 [] SYSC_process_vm_writev mm/process_vm_access.c:307 [inline] [] SyS_process_vm_writev+0x47/0x60 mm/process_vm_access.c:302 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 22210 Comm: syz-executor7 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c8caf6c0 ffffffff81d906e9 ffff8801c8caf9a0 0000000000000000 ffff8801c6b1ed10 ffff8801c8caf890 ffff8801c6b1ec00 ffff8801c8caf8b8 ffffffff8165e307 1ffff10039195edc ffff8801c8caf810 00000001a50a8067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] process_vm_rw+0x1bf/0x210 mm/process_vm_access.c:280 [] SYSC_process_vm_writev mm/process_vm_access.c:307 [inline] [] SyS_process_vm_writev+0x47/0x60 mm/process_vm_access.c:302 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 22207 Comm: syz-executor7 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d27df6b0 ffffffff81d906e9 ffff8801d27df990 0000000000000000 ffff8801c6b1ed10 ffff8801d27df880 ffff8801c6b1ec00 ffff8801d27df8a8 ffffffff8165e307 0000000000000046 ffff8801d27df800 00000001a50a8067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406