syz-executor7: vmalloc: allocation failure: 8015577088 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 6078 Comm: syz-executor7 Not tainted 4.9.85-g4c4262a #47 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d732f828 ffffffff81d95739 1ffff1003ae65f08 ffff8801d72fc800 ffffffff83ab93e0[ 35.550496] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor0/6105 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 0000000000000001 0000000000400000 ffff8801d732f938 ffffffff81451ce2 024000c200000003 0000000041b58ab3 ffffffff841958e5 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3056 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:726 [] translate_table+0x21a/0x1e80 net/ipv6/netfilter/ip6_tables.c:730 [] do_replace net/ipv6/netfilter/ip6_tables.c:1182 [inline] [] do_ip6t_set_ctl+0x2be/0x470 net/ipv6/netfilter/ip6_tables.c:1708 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ipv6_setsockopt+0x10b/0x130 net/ipv6/ipv6_sockglue.c:911 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2755 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1772 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1751 [] do_syscall_64+0x1a4/0x490 arch/x86/entry/common.c:282 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb CPU: 1 PID: 6105 Comm: syz-executor0 Not tainted 4.9.85-g4c4262a #47 Mem-Info: active_anon:58272 inactive_anon:44 isolated_anon:0 active_file:3506 inactive_file:8494 isolated_file:0 unevictable:0 dirty:55 writeback:0 unstable:0 slab_reclaimable:5555 slab_unreclaimable:59505 mapped:24240 shmem:181 pagetables:684 bounce:0 free:1470450 free_pcp:288 free_cma:0 Node 0 active_anon:233088kB inactive_anon:176kB active_file:14024kB inactive_file:33976kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:96960kB dirty:220kB writeback:0kB shmem:724kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 71680kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB DMA32 free:2980076kB min:30592kB low:38240kB high:45888kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2980720kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:644kB local_pcp:644kB free_cma:0kB Normal free:2885816kB min:36824kB low:46028kB high:55232kB active_anon:233088kB inactive_anon:176kB active_file:14024kB inactive_file:33976kB unevictable:0kB writepending:220kB present:4718592kB managed:3585212kB mlocked:0kB slab_reclaimable:22220kB slab_unreclaimable:238020kB kernel_stack:6112kB pagetables:2736kB bounce:0kB free_pcp:508kB local_pcp:248kB free_cma:0kB DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 12180 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965969 pages RAM 0 pages HighMem/MovableOnly 320509 pages reserved Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d74ff430 ffffffff81d95739 0000000000000001 ffffffff83c18e00 ffffffff83f45c20 ffff8801d6c46000 0000000000000003 ffff8801d74ff470 ffffffff81dfcd34 ffff8801d74ff488 ffffffff83f45c20 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_state_construct net/xfrm/xfrm_user.c:590 [inline] [] xfrm_add_sa+0x1916/0x2e40 net/xfrm/xfrm_user.c:639 [] xfrm_user_rcv_msg+0x40d/0x6a0 net/xfrm/xfrm_user.c:2549 [] netlink_rcv_skb+0x13e/0x370 net/netlink/af_netlink.c:2351 [] xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2557 [] netlink_unicast_kernel net/netlink/af_netlink.c:1275 [inline] [] netlink_unicast+0x511/0x750 net/netlink/af_netlink.c:1301 [] netlink_sendmsg+0x8e8/0xc50 net/netlink/af_netlink.c:1847 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1969 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2003 [] SYSC_sendmsg net/socket.c:2014 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2010 [] do_syscall_64+0x1a4/0x490 arch/x86/entry/common.c:282 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb audit: type=1400 audit(1519963682.225:28): avc: denied { read } for pid=6191 comm="syz-executor4" path="socket:[15435]" dev="sockfs" ino=15435 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1519963682.405:29): avc: denied { getattr } for pid=6245 comm="syz-executor4" path="socket:[16487]" dev="sockfs" ino=16487 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1519963682.445:30): avc: denied { getopt } for pid=6245 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1519963682.475:31): avc: denied { ioctl } for pid=6245 comm="syz-executor4" path="socket:[16487]" dev="sockfs" ino=16487 ioctlcmd=0x8914 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 IPv4: Oversized IP packet from 127.0.0.1 binder: 6430:6432 got transaction with invalid data ptr audit: type=1400 audit(1519963683.145:32): avc: denied { setopt } for pid=6431 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 binder: 6430:6432 transaction failed 29201/-14, size 24-8 line 3146 binder: BINDER_SET_CONTEXT_MGR already set binder_alloc: binder_alloc_mmap_handler: 6430 20000000-20002000 already mapped failed -16 binder: 6430:6458 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29201 binder: 6465:6471 BC_INCREFS_DONE u0000000000000000 no match binder: 6465:6483 BC_INCREFS_DONE u0000000000000000 no match tc_dump_action: action bad kind tc_dump_action: action bad kind binder: 6663:6671 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 6663:6671 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 6663:6671 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 6697:6698 ioctl 894b 20000180 returned -22 binder: 6697:6707 ioctl 894b 20000180 returned -22 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. program syz-executor0 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 program syz-executor0 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 binder: 7013:7015 transaction failed 29189/-22, size 0-0 line 3004 binder: 7013:7015 transaction failed 29189/-22, size 0-0 line 3004 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: 7089:7100 unknown command 0 binder: 7089:7100 ioctl c0306201 204edfd0 returned -22 binder: 7089:7100 BC_INCREFS_DONE node 19 has no pending increfs request binder: BINDER_SET_CONTEXT_MGR already set binder: 7089:7129 unknown command 0 binder: 7089:7129 ioctl c0306201 204edfd0 returned -22 binder: 7089:7135 ioctl c0306201 20007000 returned -14 binder: 7089:7129 got reply transaction with no transaction stack binder: 7089:7129 transaction failed 29201/-71, size 32-8 line 2920 binder: 7089:7135 BC_INCREFS_DONE u0000000000000000 no match binder: 7089:7124 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_ERROR: 29201 mmap: syz-executor6 (7155): VmData 18530304 exceed data ulimit 2. Update limits or use boot option ignore_rlimit_data.