====================================================== WARNING: possible circular locking dependency detected 4.15.0-rc9+ #215 Not tainted ------------------------------------------------------ syz-executor7/5544 is trying to acquire lock: (&xt[i].mutex){+.+.}, at: [<00000000ecf27ab4>] xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1036 but task is already holding lock: (sk_lock-AF_INET6){+.+.}, at: [<00000000fc772797>] lock_sock include/net/sock.h:1463 [inline] (sk_lock-AF_INET6){+.+.}, at: [<00000000fc772797>] ip_getsockopt+0x143/0x220 net/ipv4/ip_sockglue.c:1576 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (sk_lock-AF_INET6){+.+.}: lock_sock_nested+0xc2/0x110 net/core/sock.c:2780 lock_sock include/net/sock.h:1463 [inline] do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2899 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 -> #1 (rtnl_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74 unregister_netdevice_notifier+0x91/0x4e0 net/core/dev.c:1673 clusterip_config_entry_put net/ipv4/netfilter/ipt_CLUSTERIP.c:114 [inline] clusterip_tg_destroy+0x389/0x6e0 net/ipv4/netfilter/ipt_CLUSTERIP.c:508 cleanup_entry+0x218/0x350 net/ipv4/netfilter/ip_tables.c:659 __do_replace+0x79d/0xa50 net/ipv4/netfilter/ip_tables.c:1094 do_replace net/ipv4/netfilter/ip_tables.c:1150 [inline] do_ipt_set_ctl+0x40f/0x5f0 net/ipv4/netfilter/ip_tables.c:1680 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1260 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2899 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 -> #0 (&xt[i].mutex){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1036 xt_request_find_table_lock+0x28/0xc0 net/netfilter/x_tables.c:1083 get_info+0x154/0x690 net/ipv6/netfilter/ip6_tables.c:994 do_arpt_get_ctl+0x2a9/0xa00 net/ipv4/netfilter/arp_tables.c:1486 nf_sockopt net/netfilter/nf_sockopt.c:104 [inline] nf_getsockopt+0x6a/0xc0 net/netfilter/nf_sockopt.c:122 ip_getsockopt+0x15c/0x220 net/ipv4/ip_sockglue.c:1577 udp_getsockopt+0x45/0x80 net/ipv4/udp.c:2473 ipv6_getsockopt+0xf3/0x2e0 net/ipv6/ipv6_sockglue.c:1363 tcp_getsockopt+0x82/0xd0 net/ipv4/tcp.c:3353 sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2937 SYSC_getsockopt net/socket.c:1880 [inline] SyS_getsockopt+0x178/0x340 net/socket.c:1862 entry_SYSCALL_64_fastpath+0x29/0xa0 other info that might help us debug this: Chain exists of: &xt[i].mutex --> rtnl_mutex --> sk_lock-AF_INET6 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sk_lock-AF_INET6); lock(rtnl_mutex); lock(sk_lock-AF_INET6); lock(&xt[i].mutex); *** DEADLOCK *** 1 lock held by syz-executor7/5544: #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000fc772797>] lock_sock include/net/sock.h:1463 [inline] #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000fc772797>] ip_getsockopt+0x143/0x220 net/ipv4/ip_sockglue.c:1576 stack backtrace: CPU: 0 PID: 5544 Comm: syz-executor7 Not tainted 4.15.0-rc9+ #215 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug.isra.37+0x2cd/0x2dc kernel/locking/lockdep.c:1218 check_prev_add kernel/locking/lockdep.c:1858 [inline] check_prevs_add kernel/locking/lockdep.c:1971 [inline] validate_chain kernel/locking/lockdep.c:2412 [inline] __lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3426 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1036 xt_request_find_table_lock+0x28/0xc0 net/netfilter/x_tables.c:1083 get_info+0x154/0x690 net/ipv6/netfilter/ip6_tables.c:994 do_arpt_get_ctl+0x2a9/0xa00 net/ipv4/netfilter/arp_tables.c:1486 nf_sockopt net/netfilter/nf_sockopt.c:104 [inline] nf_getsockopt+0x6a/0xc0 net/netfilter/nf_sockopt.c:122 ip_getsockopt+0x15c/0x220 net/ipv4/ip_sockglue.c:1577 udp_getsockopt+0x45/0x80 net/ipv4/udp.c:2473 ipv6_getsockopt+0xf3/0x2e0 net/ipv6/ipv6_sockglue.c:1363 tcp_getsockopt+0x82/0xd0 net/ipv4/tcp.c:3353 sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2937 SYSC_getsockopt net/socket.c:1880 [inline] SyS_getsockopt+0x178/0x340 net/socket.c:1862 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007fa847069c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007fa84706a700 RCX: 0000000000453299 RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000013 RBP: 0000000000000000 R08: 0000000020d23000 R09: 0000000000000000 R10: 00000000201e3000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a2f33f R14: 00007fa84706a9c0 R15: 0000000000000000 netlink: 16 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1316 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 'syz-executor0': attribute type 6 has an invalid length. netlink: 1316 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 'syz-executor0': attribute type 6 has an invalid length. syz-executor3 (5753) used greatest stack depth: 12656 bytes left oom_reaper: reaped process 5783 (syz-executor1), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB syz-executor1 invoked oom-killer: gfp_mask=0x14002c2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN), nodemask=(null), order=0, oom_score_adj=0 syz-executor1: vmalloc: allocation failure, allocated 2791477248 of 4294971392 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) syz-executor1 cpuset=/ mems_allowed=0 CPU: 1 PID: 5793 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #215 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3299 __vmalloc_area_node mm/vmalloc.c:1718 [inline] __vmalloc_node_range+0x482/0x650 mm/vmalloc.c:1759 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:541 [inline] xt_alloc_table_info+0x64/0xe0 net/netfilter/x_tables.c:1006 do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline] do_ipt_set_ctl+0x29b/0x5f0 net/ipv4/netfilter/ip_tables.c:1680 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1260 sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4141 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007fcd79983c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071c010 RCX: 0000000000453299 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000016 RBP: 00000000000003d6 R08: 00000000000002e8 R09: 0000000000000000 R10: 0000000020015000 R11: 0000000000000212 R12: 00000000006f4cb0 R13: 00000000ffffffff R14: 00007fcd799846d4 R15: 0000000000000002 Mem-Info: active_anon:45395 inactive_anon:65 isolated_anon:0 active_file:10 inactive_file:18 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:6878 slab_unreclaimable:91335 mapped:16515 shmem:70 pagetables:614 bounce:0 free:15762 free_pcp:30 free_cma:0 Node 0 active_anon:181580kB inactive_anon:260kB active_file:40kB inactive_file:72kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:66060kB dirty:0kB writeback:0kB shmem:280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 65536kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2868 6378 6378 Node 0 DMA32 free:28748kB min:30316kB low:37892kB high:45468kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2939976kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 3510 3510 Node 0 Normal free:18392kB min:37096kB low:46368kB high:55640kB active_anon:181580kB inactive_anon:260kB active_file:40kB inactive_file:72kB unevictable:0kB writepending:0kB present:4718592kB managed:3594332kB mlocked:0kB kernel_stack:3776kB pagetables:2456kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 3*4kB (UM) 4*8kB (M) 2*16kB (M) 2*32kB (M) 1*64kB (M) 3*128kB (M) 2*256kB (M) 2*512kB (M) 4*1024kB (UM) 1*2048kB (M) 5*4096kB (M) = 28748kB Node 0 Normal: 584*4kB (UME) 328*8kB (UME) 197*16kB (UME) 53*32kB (ME) 58*64kB (UME) 39*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18512kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 98 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965969 pages RAM 0 pages HighMem/MovableOnly 328415 pages reserved syz-executor1 cpuset=/ mems_allowed=0 CPU: 0 PID: 5783 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #215 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 dump_header+0x28c/0xe1e mm/oom_kill.c:437 oom_kill_process+0x8b5/0x14a0 mm/oom_kill.c:865 out_of_memory+0x86d/0x1220 mm/oom_kill.c:1079 __alloc_pages_may_oom mm/page_alloc.c:3395 [inline] __alloc_pages_slowpath+0x1d1b/0x2d00 mm/page_alloc.c:4096 __alloc_pages_nodemask+0x9fb/0xd80 mm/page_alloc.c:4252 alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2036 alloc_pages include/linux/gfp.h:492 [inline] __vmalloc_area_node mm/vmalloc.c:1699 [inline] __vmalloc_node_range+0x409/0x650 mm/vmalloc.c:1759 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:541 [inline] xt_alloc_table_info+0x64/0xe0 net/netfilter/x_tables.c:1006 do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline] do_ipt_set_ctl+0x29b/0x5f0 net/ipv4/netfilter/ip_tables.c:1680 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1260 sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4141 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007fcd799c5c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000013 RBP: 0000000000000040 R08: 00000000000002e8 R09: 0000000000000000 R10: 0000000020015000 R11: 0000000000000212 R12: 00000000006ef6a0 R13: 00000000ffffffff R14: 00007fcd799c66d4 R15: 0000000000000000 Mem-Info: active_anon:45395 inactive_anon:65 isolated_anon:0 active_file:13 inactive_file:342 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:6879 slab_unreclaimable:91336 mapped:16739 shmem:70 pagetables:614 bounce:0 free:698623 free_pcp:445 free_cma:0 Node 0 active_anon:181580kB inactive_anon:260kB active_file:52kB inactive_file:1468kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:66956kB dirty:0kB writeback:0kB shmem:280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 65536kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2868 6378 6378 Node 0 DMA32 free:1461444kB min:30316kB low:37892kB high:45468kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2939976kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:744kB local_pcp:120kB free_cma:0kB lowmem_reserve[]: 0 0 3510 3510 Node 0 Normal free:1316204kB min:37096kB low:46368kB high:55640kB active_anon:181584kB inactive_anon:260kB active_file:56kB inactive_file:2120kB unevictable:0kB writepending:76kB present:4718592kB managed:3594332kB mlocked:0kB kernel_stack:3744kB pagetables:2456kB bounce:0kB free_pcp:1236kB local_pcp:392kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 11535*4kB (UM) 11527*8kB (UM) 11527*16kB (UM) 11525*32kB (UM) 11527*64kB (UM) 21*128kB (UM) 3*256kB (UM) 4*512kB (UM) 4*1024kB (UM) 1*2048kB (M) 5*4096kB (M) = 1461444kB Node 0 Normal: 10726*4kB (UE) 10701*8kB (UME) 10567*16kB (UME) 10384*32kB (UME) 10352*64kB (UME) 95*128kB (UM) 9*256kB (U) 6*512kB (U) 4*1024kB (U) 1*2048kB (U) 0*4096kB = 1316080kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 657 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965969 pages RAM 0 pages HighMem/MovableOnly 328415 pages reserved Unreclaimable slab info: Name Used Total pid_2 187KB 188KB hashtab_node 118KB 119KB ebitmap_node 1274KB 1275KB avtab_node 1012KB 1013KB TIPC 25KB 28KB RDS 12KB 15KB rds_connection 2KB 4KB SCTPv6 62KB 64KB SCTP 45KB 47KB sctp_chunk 43KB 45KB sctp_bind_bucket 1KB 3KB DCCPv6 29KB 43KB DCCP 29KB 33KB dccp_bind_bucket 1KB 4KB KCM 15KB 15KB kcm_psock_cache 4KB 7KB kcm_mux_cache 13KB 15KB bridge_fdb_cache 4KB 7KB fib6_nodes 25KB 32KB ip6_dst_cache 412KB 412KB PINGv6 16KB 19KB RAWv6 108KB 110KB UDPv6 36KB 38KB TCPv6 14KB 28KB ashmem_area_cache 0KB 3KB AF_VSOCK 13KB 13KB sd_ext_cdb 0KB 3KB scsi_sense_cache 47KB 96KB virtio_scsi_cmd 16KB 16KB sgpool-128 8KB 8KB sgpool-64 4KB 6KB sgpool-32 51KB 63KB sgpool-16 19KB 22KB sgpool-8 91KB 131KB cfq_io_cq 5KB 19KB cfq_queue 8KB 27KB mqueue_inode_cache 12KB 21KB fuse_request 0KB 4KB nfs_commit_data 3KB 7KB nfs_write_data 34KB 37KB jbd2_inode 2KB 3KB ext4_system_zone 0KB 3KB bio-1 1KB 3KB pid_namespace 2KB 7KB rpc_buffers 17KB 19KB rpc_tasks 2KB 3KB UNIX 420KB 486KB tcp_bind_bucket 3KB 4KB ip_fib_trie 3KB 7KB ip_fib_alias 42KB 43KB ip_dst_cache 10KB 12KB PING 10KB 14KB RAW 67KB 71KB UDP 68KB 70KB tw_sock_TCP 2KB 7KB TCP 52KB 55KB hugetlbfs_inode_cache 1KB 7KB eventpoll_pwq 43KB 63KB eventpoll_epi 75KB 110KB inotify_inode_mark 3KB 7KB request_queue 42KB 113KB blkdev_ioc 7KB 23KB bio-0 118KB 187KB biovec-(1<<(21-12)) 495KB 495KB biovec-64 72KB 102KB biovec-16 10KB 15KB bio_integrity_payload 0KB 4KB khugepaged_mm_slot 7KB 7KB user_namespace 5KB 7KB uid_cache 0KB 3KB dmaengine-unmap-2 0KB 3KB audit_buffer 2KB 3KB skbuff_fclone_cache 228KB 262KB skbuff_head_cache 6685KB 6735KB configfs_dir_cache 0KB 4KB file_lock_cache 78KB 106KB file_lock_ctx 0KB 3KB fsnotify_mark_connector 2KB 3KB net_namespace 54KB 54KB shmem_inode_cache 1283KB 1283KB task_delay_info 359KB 359KB taskstats 63KB 65KB sigqueue 384KB 401KB kernfs_node_cache 5161KB 5166KB mnt_cache 88KB 92KB filp 5912KB 8595KB names_cache 73520KB 73559KB avc_node 48KB 51KB selinux_file_security 303KB 651KB selinux_inode_security 1686KB 1980KB key_jar 3KB 7KB nsproxy 4KB 7KB vm_area_struct 16682KB 16698KB mm_struct 3793KB 4625KB fs_cache 455KB 476KB files_cache 1426KB 1668KB signal_cache 2048KB 2465KB sighand_cache 330KB 457KB task_struct 10706KB 10706KB cred_jar 2012KB 2296KB anon_vma_chain 4422KB 6496KB anon_vma 213KB 389KB pid 102KB 220KB Acpi-Operand 312KB 792KB Acpi-ParseExt 0KB 3KB Acpi-State 0KB 3KB Acpi-Namespace 102KB 104KB numa_policy 0KB 3KB debug_objects_cache 419KB 578KB trace_event_file 149KB 151KB ftrace_event_field 261KB 263KB pool_workqueue 40KB 44KB page->ptl 2808KB 3277KB kmalloc-262144 1032KB 1032KB kmalloc-131072 780KB 780KB kmalloc-65536 594KB 594KB kmalloc-32768 37356KB 37356KB kmalloc-16384 4488KB 4488KB kmalloc-8192 1839KB 1856KB kmalloc-4096 8440KB 8453KB kmalloc-2048 9156KB 9192KB kmalloc-1024 5261KB 5268KB kmalloc-512 4826KB 4833KB kmalloc-256 2364KB 2771KB kmalloc-128 786KB 791KB kmalloc-96 768KB 768KB kmalloc-64 1253KB 1256KB kmalloc-32 1943KB 2815KB kmalloc-192 415KB 416KB kmem_cache 106KB 112KB [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 2097] 0 2097 5517 313 86016 0 -1000 udevd [ 3867] 0 3867 2493 574 57344 0 0 dhclient [ 3999] 0 3999 14265 173 114688 0 0 rsyslogd [ 4038] 0 4038 4725 50 77824 0 0 cron [ 4068] 0 4068 3735 44 65536 0 0 mcstransd [ 4080] 0 4080 12927 1228 139264 0 0 restorecond [ 4100] 0 4100 12490 153 135168 0 -1000 sshd [ 4124] 0 4124 3694 40 73728 0 0 getty [ 4125] 0 4125 3694 40 73728 0 0 getty [ 4126] 0 4126 3694 39 77824 0 0 getty [ 4127] 0 4127 3694 42 73728 0 0 getty [ 4128] 0 4128 3694 41 77824 0 0 getty [ 4129] 0 4129 3694 41 69632 0 0 getty [ 4130] 0 4130 3649 39 77824 0 0 getty [ 4133] 0 4133 5681 454 86016 0 -1000 udevd [ 4134] 0 4134 5681 454 86016 0 -1000 udevd [ 4147] 0 4147 17821 197 188416 0 0 sshd [ 4149] 0 4149 87739 41161 503808 0 0 syz-fuzzer [ 4192] 0 4192 7297 15 65536 0 0 syz-executor7 [ 4193] 0 4193 7297 17 65536 0 0 syz-executor3 [ 4194] 0 4194 7297 16 73728 0 0 syz-executor4 [ 4195] 0 4195 7296 2074 73728 0 0 syz-executor3 [ 4196] 0 4196 7297 16 65536 0 0 syz-executor0 [ 4197] 0 4197 7296 2072 73728 0 0 syz-executor7 [ 4198] 0 4198 7297 17 65536 0 0 syz-executor1 [ 4199] 0 4199 7297 16 69632 0 0 syz-executor2 [ 4200] 0 4200 7296 2073 81920 0 0 syz-executor4 [ 4201] 0 4201 7297 15 69632 0 0 syz-executor6 [ 4202] 0 4202 7296 2073 73728 0 0 syz-executor0 [ 4203] 0 4203 7297 17 61440 0 0 syz-executor5 [ 4204] 0 4204 7296 2074 73728 0 0 syz-executor1 [ 4206] 0 4206 7296 2073 77824 0 0 syz-executor2 [ 4207] 0 4207 7296 2074 69632 0 0 syz-executor5 [ 4208] 0 4208 7296 2072 77824 0 0 syz-executor6 [ 5783] 0 5775 7432 0 77824 0 0 syz-executor1 Out of memory: Kill process 4149 (syz-fuzzer) score 24 or sacrifice child Killed process 4194 (syz-executor4) total-vm:29188kB, anon-rss:60kB, file-rss:4kB, shmem-rss:0kB syz-executor1: vmalloc: allocation failure, allocated 3105042432 of 4294971392 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) syz-executor1 cpuset=/ mems_allowed=0 CPU: 1 PID: 5783 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #215 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3299 __vmalloc_area_node mm/vmalloc.c:1718 [inline] __vmalloc_node_range+0x482/0x650 mm/vmalloc.c:1759 __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:541 [inline] xt_alloc_table_info+0x64/0xe0 net/netfilter/x_tables.c:1006 do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline] do_ipt_set_ctl+0x29b/0x5f0 net/ipv4/netfilter/ip_tables.c:1680 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1260 sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4141 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978 SYSC_setsockopt net/socket.c:1849 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1828 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x453299 RSP: 002b:00007fcd799c5c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000013 RBP: 0000000000000040 R08: 00000000000002e8 R09: 0000000000000000 R10: 0000000020015000 R11: 0000000000000212 R12: 00000000006ef6a0 R13: 00000000ffffffff R14: 00007fcd799c66d4 R15: 0000000000000000 Mem-Info: active_anon:45371 inactive_anon:65 isolated_anon:0 active_file:14 inactive_file:597 isolated_file:0 unevictable:0 dirty:33 writeback:0 unstable:0 slab_reclaimable:6833 slab_unreclaimable:91065 mapped:14857 shmem:70 pagetables:577 bounce:0 free:698635 free_pcp:543 free_cma:0 Node 0 active_anon:181484kB inactive_anon:260kB active_file:56kB inactive_file:2388kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:59428kB dirty:132kB writeback:0kB shmem:280kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 65536kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2868 6378 6378 Node 0 DMA32 free:1461444kB min:30316kB low:37892kB high:45468kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2939976kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:744kB local_pcp:624kB free_cma:0kB lowmem_reserve[]: 0 0 3510 3510 Node 0 Normal free:1317188kB min:37096kB low:46368kB high:55640kB active_anon:181484kB inactive_anon:260kB active_file:56kB inactive_file:2388kB unevictable:0kB writepending:132kB present:4718592kB managed:3594332kB mlocked:0kB kernel_stack:3712kB pagetables:2308kB bounce:0kB free_pcp:1424kB local_pcp:772kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 11535*4kB (UM) 11527*8kB (UM) 11527*16kB (UM) 11525*32kB (UM) 11527*64kB (UM) 21*128kB (UM) 3*256kB (UM) 4*512kB (UM) 4*1024kB (UM) 1*2048kB (M) 5*4096kB (M) = 1461444kB Node 0 Normal: 10781*4kB (UME) 10740*8kB (UME) 10595*16kB (UME) 10386*32kB (UME) 10352*64kB (UME) 95*128kB (UM) 9*256kB (U) 6*512kB (U) 4*1024kB (U) 1*2048kB (U) 0*4096kB = 1317124kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 706 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965969 pages RAM 0 pages HighMem/MovableOnly 328415 pages reserved ieee80211 phy2: Selected rate control algorithm 'minstrel_ht' ieee80211 phy3: Selected rate control algorithm 'minstrel_ht' ieee80211 phy4: Selected rate control algorithm 'minstrel_ht' IPVS: ftp: loaded support on port[0] = 21 IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready TCP: request_sock_TCPv6: Possible SYN flooding on port 20006. Sending cookies. Check SNMP counters. kauditd_printk_skb: 13 callbacks suppressed audit: type=1400 audit(1517248800.611:35): avc: denied { map } for pid=6022 comm="syz-executor2" path="socket:[15001]" dev="sockfs" ino=15001 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=rawip_socket permissive=1 Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! Cannot find add_set index 0 as target Cannot find add_set index 0 as target dccp_xmit_packet: Payload too large (65423) for featneg. audit: type=1400 audit(1517248800.662:36): avc: denied { name_connect } for pid=6041 comm="syz-executor4" dest=20019 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 dccp_close: ABORT with 65423 bytes unread netlink: 7 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor3'. audit: type=1400 audit(1517248801.090:37): avc: denied { accept } for pid=6179 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 netlink: 16 bytes leftover after parsing attributes in process `syz-executor3'. ieee80211 phy5: Selected rate control algorithm 'minstrel_ht' netlink: 16 bytes leftover after parsing attributes in process `syz-executor3'. ieee80211 phy6: Selected rate control algorithm 'minstrel_ht' netlink: 16 bytes leftover after parsing attributes in process `syz-executor3'.