sock: sock_set_timeout: `syz-executor1' (pid 22209) tries to set negative timeout BUG: Bad rss-counter state mm:00000000bff7eab9 idx:0 val:10 sock: sock_set_timeout: `syz-executor3' (pid 22216) tries to set negative timeout sock: sock_set_timeout: `syz-executor3' (pid 22216) tries to set negative timeout sctp: [Deprecated]: syz-executor7 (pid 22341) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor7 (pid 22366) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead device gre0 entered promiscuous mode device gre0 entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl sock: sock_set_timeout: `syz-executor0' (pid 22667) tries to set negative timeout device gre0 entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor4'. kvm [22922]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0x186 data 0x8 kvm [22922]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0x186 data 0x8 sctp: [Deprecated]: syz-executor2 (pid 23112) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 'syz-executor3': attribute type 18 has an invalid length. sctp: [Deprecated]: syz-executor2 (pid 23112) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 'syz-executor3': attribute type 18 has an invalid length. device syz1 entered promiscuous mode autofs4:pid:23236:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(0.0), cmd(0x0000937e) autofs4:pid:23236:validate_dev_ioctl: invalid device control module version supplied for cmd(0x0000937e) autofs4:pid:23260:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(0.0), cmd(0x0000937e) autofs4:pid:23260:validate_dev_ioctl: invalid device control module version supplied for cmd(0x0000937e) device syz6 entered promiscuous mode netlink: 17 bytes leftover after parsing attributes in process `syz-executor2'. device  left promiscuous mode netlink: 17 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 'syz-executor6': attribute type 10 has an invalid length. netlink: 'syz-executor6': attribute type 10 has an invalid length. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1537 sclass=netlink_route_socket pig=23493 comm=syz-executor1 device syz0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1537 sclass=netlink_route_socket pig=23504 comm=syz-executor1 netlink: 17 bytes leftover after parsing attributes in process `syz-executor2'. SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pig=23583 comm=syz-executor6 binder: 23610:23615 ioctl c018620b 20008000 returned -14 ALSA: seq fatal error: cannot create timer (-22) binder: 23685 RLIMIT_NICE not set binder: BINDER_SET_CONTEXT_MGR already set binder: 23673:23700 ioctl 40046207 0 returned -16 binder_alloc: 23673: binder_alloc_buf, no vma binder: 23673:23710 transaction failed 29189/-3, size 0-0 line 2947 binder: 23685 RLIMIT_NICE not set binder: release 23673:23675 transaction 160 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 23673:23685 transaction 160 in, still active binder: send failed reply for transaction 160, target dead TCP: request_sock_TCP: Possible SYN flooding on port 20007. Sending cookies. Check SNMP counters. netlink: 'syz-executor1': attribute type 4 has an invalid length. device gre0 entered promiscuous mode netlink: 'syz-executor1': attribute type 4 has an invalid length. do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl binder: 23973:23974 Acquire 1 refcount change on invalid ref 4 ret -22 QAT: Invalid ioctl binder_alloc: binder_alloc_mmap_handler: 23973 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 23973:23990 ioctl 40046207 0 returned -16 binder: 23973:23990 Acquire 1 refcount change on invalid ref 4 ret -22 QAT: Invalid ioctl binder: 24008:24009 got transaction with invalid offsets size, 4 binder: 24008:24009 transaction failed 29201/-22, size 0-4 line 2983 netlink: 'syz-executor5': attribute type 16 has an invalid length. binder_alloc: binder_alloc_mmap_handler: 24008 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 24008:24037 ioctl 40046207 0 returned -16 netlink: 'syz-executor5': attribute type 16 has an invalid length. binder: undelivered TRANSACTION_ERROR: 29201 nla_parse: 4 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. device eql entered promiscuous mode binder: 24167:24170 ioctl c0306201 20e68000 returned -14 binder: 24167:24177 ioctl c0306201 20e68000 returned -14 device gre0 entered promiscuous mode device gre0 entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl encrypted_key: insufficient parameters specified kauditd_printk_skb: 327 callbacks suppressed audit: type=1400 audit(1513676151.803:1636): avc: denied { setopt } for pid=24421 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 encrypted_key: insufficient parameters specified audit: type=1326 audit(1513676152.694:1637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24643 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 binder: 24653:24654 BC_ACQUIRE_DONE node 165 has no pending acquire request binder_alloc: binder_alloc_mmap_handler: 24653 20000000-20002000 already mapped failed -16 audit: type=1326 audit(1513676152.695:1638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24643 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452a09 code=0x7ffc0000 binder: BINDER_SET_CONTEXT_MGR already set binder: 24653:24656 ioctl 40046207 0 returned -16 binder: 24653:24656 BC_ACQUIRE_DONE u0000000000000000 no match binder_alloc: 24653: binder_alloc_buf, no vma binder: 24653:24654 transaction failed 29189/-3, size 80-16 line 2947 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 24653:24654 transaction 166 out, still active binder: unexpected work type, 4, not freed binder: unexpected work type, 4, not freed binder: undelivered TRANSACTION_COMPLETE binder: send failed reply for transaction 166, target dead audit: type=1326 audit(1513676152.695:1639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24643 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513676152.695:1640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24643 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=72 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513676152.695:1641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24643 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513676152.695:1642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24643 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=16 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513676152.695:1643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24643 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513676152.695:1644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24643 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=53 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513676152.695:1645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=24643 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 device gre0 entered promiscuous mode RDS: rds_bind could not find a transport for 172.20.1.170, load rds_tcp or rds_rdma? RDS: rds_bind could not find a transport for 172.20.1.170, load rds_tcp or rds_rdma? FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 0 PID: 24848 Comm: syz-executor3 Not tainted 4.15.0-rc3-next-20171214+ #67 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xe9/0x14b lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x1e5/0x220 lib/fault-inject.c:149 should_failslab+0x73/0x90 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3372 [inline] kmem_cache_alloc+0x47/0x720 mm/slab.c:3546 dst_alloc+0x6b/0xb0 net/core/dst.c:104 rt_dst_alloc+0x76/0x110 net/ipv4/route.c:1500 __mkroute_output net/ipv4/route.c:2242 [inline] ip_route_output_key_hash_rcu+0x3eb/0xe70 net/ipv4/route.c:2470 ip_route_output_key_hash+0xba/0x180 net/ipv4/route.c:2299 __ip_route_output_key include/net/route.h:125 [inline] ip_route_output_flow+0x26/0x70 net/ipv4/route.c:2553 raw_sendmsg+0x402/0x10e0 net/ipv4/raw.c:638 inet_sendmsg+0x54/0x250 net/ipv4/af_inet.c:763 sock_sendmsg_nosec net/socket.c:636 [inline] sock_sendmsg+0x51/0x70 net/socket.c:646 SYSC_sendto+0x17f/0x1d0 net/socket.c:1727 SyS_sendto+0x40/0x50 net/socket.c:1695 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a09 RSP: 002b:00007f7665f5ac58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f7665f5aaa0 RCX: 0000000000452a09 RDX: 0000000000000000 RSI: 00000000205a2a4b RDI: 0000000000000013 RBP: 00007f7665f5aa90 R08: 0000000020e40ff0 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75bb R13: 00007f7665f5abc8 R14: 00000000004b75bb R15: 0000000000000000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 24869 Comm: syz-executor3 Not tainted 4.15.0-rc3-next-20171214+ #67 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xe9/0x14b lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x1e5/0x220 lib/fault-inject.c:149 should_failslab+0x73/0x90 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc_node mm/slab.c:3293 [inline] kmem_cache_alloc_node+0x56/0x730 mm/slab.c:3636 __alloc_skb+0x61/0x220 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:983 [inline] sock_wmalloc+0x4f/0x80 net/core/sock.c:1930 __ip_append_data.isra.46+0x8c2/0xa40 net/ipv4/ip_output.c:976 ip_append_data.part.48+0x9b/0x100 net/ipv4/ip_output.c:1170 ip_append_data+0x5a/0x80 net/ipv4/ip_output.c:1159 raw_sendmsg+0x64c/0x10e0 net/ipv4/raw.c:663 inet_sendmsg+0x54/0x250 net/ipv4/af_inet.c:763 sock_sendmsg_nosec net/socket.c:636 [inline] sock_sendmsg+0x51/0x70 net/socket.c:646 SYSC_sendto+0x17f/0x1d0 net/socket.c:1727 SyS_sendto+0x40/0x50 net/socket.c:1695 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a09 RSP: 002b:00007f7665f5ac58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f7665f5aaa0 RCX: 0000000000452a09 RDX: 0000000000000000 RSI: 00000000205a2a4b RDI: 0000000000000013 RBP: 00007f7665f5aa90 R08: 0000000020e40ff0 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75bb R13: 00007f7665f5abc8 R14: 00000000004b75bb R15: 0000000000000000 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=62002 sclass=netlink_route_socket pig=24901 comm=syz-executor1 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 24903 Comm: syz-executor3 Not tainted 4.15.0-rc3-next-20171214+ #67 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xe9/0x14b lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x1e5/0x220 lib/fault-inject.c:149 should_failslab+0x73/0x90 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc_node mm/slab.c:3293 [inline] kmem_cache_alloc_node_trace+0x5a/0x720 mm/slab.c:3655 __do_kmalloc_node mm/slab.c:3675 [inline] __kmalloc_node_track_caller+0x2c/0x40 mm/slab.c:3690 __kmalloc_reserve.isra.41+0x41/0xb0 net/core/skbuff.c:137 __alloc_skb+0x92/0x220 net/core/skbuff.c:205 alloc_skb include/linux/skbuff.h:983 [inline] sock_wmalloc+0x4f/0x80 net/core/sock.c:1930 __ip_append_data.isra.46+0x8c2/0xa40 net/ipv4/ip_output.c:976 ip_append_data.part.48+0x9b/0x100 net/ipv4/ip_output.c:1170 ip_append_data+0x5a/0x80 net/ipv4/ip_output.c:1159 raw_sendmsg+0x64c/0x10e0 net/ipv4/raw.c:663 inet_sendmsg+0x54/0x250 net/ipv4/af_inet.c:763 sock_sendmsg_nosec net/socket.c:636 [inline] sock_sendmsg+0x51/0x70 net/socket.c:646 SYSC_sendto+0x17f/0x1d0 net/socket.c:1727 SyS_sendto+0x40/0x50 net/socket.c:1695 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a09 RSP: 002b:00007f7665f5ac58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f7665f5aaa0 RCX: 0000000000452a09 RDX: 0000000000000000 RSI: 00000000205a2a4b RDI: 0000000000000013 RBP: 00007f7665f5aa90 R08: 0000000020e40ff0 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75bb R13: 00007f7665f5abc8 R14: 00000000004b75bb R15: 0000000000000000 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=62002 sclass=netlink_route_socket pig=24932 comm=syz-executor1 netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'. QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl binder_alloc: binder_alloc_mmap_handler: 25265 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder_alloc: 25265: binder_alloc_buf, no vma binder: 25265:25270 ioctl 40046207 0 returned -16 binder: 25265:25282 transaction failed 29189/-3, size 64-0 line 2947 binder: undelivered transaction 173, process died. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=25350 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=25356 comm=syz-executor1 netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'. binder: tried to use weak ref as strong ref binder: 25481:25484 got transaction to invalid handle binder: 25481:25484 transaction failed 29201/-22, size 0-0 line 2832 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=25487 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=25487 comm=syz-executor5 binder_alloc: binder_alloc_mmap_handler: 25481 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 25481:25484 ioctl 40046207 0 returned -16 binder_alloc: 25481: binder_alloc_buf, no vma binder: 25481:25488 transaction failed 29189/-3, size 80-16 line 2947 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 25481:25484 transaction 176 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 176, target dead binder: 25588:25591 ioctl c0306201 20e68000 returned -14 binder: 25588:25591 ioctl c0306201 20e68000 returned -14 binder: 25598:25600 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 25598:25600 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 25598:25617 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 25598:25600 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. device gre0 left promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl netlink: 'syz-executor2': attribute type 10 has an invalid length. QAT: Invalid ioctl QAT: Invalid ioctl device gre0 entered promiscuous mode sctp: [Deprecated]: syz-executor6 (pid 26122) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor6 (pid 26122) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor6 (pid 26122) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor6 (pid 26159) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=26241 comm=syz-executor1 netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=26241 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=26241 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=26261 comm=syz-executor1 netlink: 'syz-executor7': attribute type 2 has an invalid length. netlink: 'syz-executor7': attribute type 2 has an invalid length. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=26381 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=26388 comm=syz-executor1 syz-executor6: vmalloc: allocation failure: 17179344896 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor6 cpuset=/ mems_allowed=0 CPU: 0 PID: 26430 Comm: syz-executor6 Not tainted 4.15.0-rc3-next-20171214+ #67 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xe9/0x14b lib/dump_stack.c:53 warn_alloc+0xb6/0x130 mm/page_alloc.c:3313 __vmalloc_node_range+0x2ef/0x320 mm/vmalloc.c:1775 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:541 [inline] kvmalloc_array include/linux/mm.h:557 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x79/0x780 net/ipv6/netfilter/ip6_tables.c:699 do_replace net/ipv6/netfilter/ip6_tables.c:1162 [inline] do_ip6t_set_ctl+0x12e/0x1f0 net/ipv6/netfilter/ip6_tables.c:1688 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x4c/0x80 net/netfilter/nf_sockopt.c:115 ipv6_setsockopt+0xc7/0xe0 net/ipv6/ipv6_sockglue.c:927 tcp_setsockopt+0x43/0x80 net/ipv4/tcp.c:2872 sock_common_setsockopt+0x3a/0x50 net/core/sock.c:2968 SYSC_setsockopt net/socket.c:1829 [inline] SyS_setsockopt+0x8a/0x100 net/socket.c:1808 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a09 RSP: 002b:00007f5916411c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452a09 RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000013 RBP: 0000000000000563 R08: 0000000000000004 R09: 0000000000000000 R10: 0000000020001fde R11: 0000000000000212 R12: 00000000006f51e8 R13: 00000000ffffffff R14: 00007f59164126d4 R15: 0000000000000000 Mem-Info: SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=26444 comm=syz-executor1 active_anon:69950 inactive_anon:34 isolated_anon:0 active_file:3654 inactive_file:9514 isolated_file:0 unevictable:0 dirty:80 writeback:0 unstable:0 slab_reclaimable:4135 slab_unreclaimable:6133 mapped:23195 shmem:41 pagetables:738 bounce:0 free:1781848 free_pcp:456 free_cma:0 Node 0 active_anon:281936kB inactive_anon:136kB active_file:14616kB inactive_file:38056kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:92780kB dirty:320kB writeback:0kB shmem:164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 131072kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:140kB low:172kB high:204kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2943 7430 7430 Node 0 DMA32 free:3015144kB min:26716kB low:33392kB high:40068kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:3015912kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:768kB local_pcp:84kB free_cma:0kB lowmem_reserve[]: 0 0 4487 4487 Node 0 Normal free:4098140kB min:40724kB low:50904kB high:61084kB active_anon:279888kB inactive_anon:136kB active_file:14616kB inactive_file:38056kB unevictable:0kB writepending:320kB present:4718592kB managed:4594860kB mlocked:0kB kernel_stack:2240kB pagetables:3124kB bounce:0kB free_pcp:1044kB local_pcp:380kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 2*4kB (M) 2*8kB (UM) 3*16kB (M) 3*32kB (UM) 3*64kB (UM) 3*128kB (M) 3*256kB (UM) 4*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 733*4096kB (M) = 3015144kB Node 0 Normal: 463*4kB (UME) 255*8kB (UME) 240*16kB (UME) 213*32kB (UME) 104*64kB (UME) 25*128kB (UME) 17*256kB (UM) 10*512kB (UME) 11*1024kB (UME) 7*2048kB (UME) 986*4096kB (UM) = 4098132kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 13208 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 59309 pages reserved syz-executor6: vmalloc: allocation failure: 17179344896 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor6 cpuset=/ mems_allowed=0 CPU: 1 PID: 26452 Comm: syz-executor6 Not tainted 4.15.0-rc3-next-20171214+ #67 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xe9/0x14b lib/dump_stack.c:53 warn_alloc+0xb6/0x130 mm/page_alloc.c:3313 __vmalloc_node_range+0x2ef/0x320 mm/vmalloc.c:1775 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:541 [inline] kvmalloc_array include/linux/mm.h:557 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x79/0x780 net/ipv6/netfilter/ip6_tables.c:699 do_replace net/ipv6/netfilter/ip6_tables.c:1162 [inline] do_ip6t_set_ctl+0x12e/0x1f0 net/ipv6/netfilter/ip6_tables.c:1688 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x4c/0x80 net/netfilter/nf_sockopt.c:115 ipv6_setsockopt+0xc7/0xe0 net/ipv6/ipv6_sockglue.c:927 tcp_setsockopt+0x43/0x80 net/ipv4/tcp.c:2872 sock_common_setsockopt+0x3a/0x50 net/core/sock.c:2968 SYSC_setsockopt net/socket.c:1829 [inline] SyS_setsockopt+0x8a/0x100 net/socket.c:1808 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a09 RSP: 002b:00007f59163cfc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007f59163cf950 RCX: 0000000000452a09 RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000013 RBP: 00007f59163cf940 R08: 0000000000000004 R09: 0000000000000000 R10: 0000000020001fde R11: 0000000000000212 R12: 00000000004b7374 R13: 00007f59163cfac8 R14: 00000000004b7386 R15: 0000000000000000 device gre0 entered promiscuous mode device gre0 entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl