netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. ================================= [ INFO: inconsistent lock state ] 4.9.141+ #1 Not tainted --------------------------------- inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-W} usage. syz-executor.2/6302 [HC0[0]:SC0[0]:HE1:SE1] takes: (&sb->s_type->i_mutex_key#10){+.+.?.}, at: [] inode_lock include/linux/fs.h:766 [inline] (&sb->s_type->i_mutex_key#10){+.+.?.}, at: [] shmem_fallocate+0x13c/0xb10 mm/shmem.c:2676 mark_held_locks+0xc7/0x130 kernel/locking/lockdep.c:2660 __lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline] lockdep_trace_alloc+0x18e/0x2a0 kernel/locking/lockdep.c:2897 __alloc_pages_nodemask+0x14a/0x1bd0 mm/page_alloc.c:3804 __alloc_pages include/linux/gfp.h:433 [inline] __alloc_pages_node include/linux/gfp.h:446 [inline] alloc_pages_node include/linux/gfp.h:460 [inline] shmem_alloc_page mm/shmem.c:1420 [inline] shmem_alloc_and_acct_page mm/shmem.c:1450 [inline] shmem_getpage_gfp+0xc7c/0x18f0 mm/shmem.c:1724 shmem_getpage mm/shmem.c:123 [inline] shmem_write_begin+0xf4/0x1a0 mm/shmem.c:2205 generic_perform_write+0x28a/0x500 mm/filemap.c:2753 __generic_file_write_iter+0x352/0x540 mm/filemap.c:2878 generic_file_write_iter+0x37a/0x620 mm/filemap.c:2906 new_sync_write fs/read_write.c:496 [inline] __vfs_write+0x3d7/0x580 fs/read_write.c:509 vfs_write+0x187/0x520 fs/read_write.c:557 SYSC_write fs/read_write.c:604 [inline] SyS_write+0xd9/0x1c0 fs/read_write.c:596 do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb irq event stamp: 1375605 hardirqs last enabled at (1375605): [] __mutex_trylock_slowpath kernel/locking/mutex.c:885 [inline] hardirqs last enabled at (1375605): [] mutex_trylock+0x258/0x3e0 kernel/locking/mutex.c:908 hardirqs last disabled at (1375604): [] __mutex_trylock_slowpath kernel/locking/mutex.c:873 [inline] hardirqs last disabled at (1375604): [] mutex_trylock+0xaf/0x3e0 kernel/locking/mutex.c:908 softirqs last enabled at (1374550): [] __do_softirq+0x46d/0x964 kernel/softirq.c:314 softirqs last disabled at (1374543): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (1374543): [] irq_exit+0x11c/0x150 kernel/softirq.c:409 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&sb->s_type->i_mutex_key#10); lock(&sb->s_type->i_mutex_key#10); *** DEADLOCK *** 2 locks held by syz-executor.2/6302: #0: (shrinker_rwsem){++++..}, at: [] shrink_slab.part.8+0xb2/0xa00 mm/vmscan.c:471 #1: (ashmem_mutex){+.+.+.}, at: [] ashmem_shrink_scan+0x55/0x4c0 drivers/staging/android/ashmem.c:455 stack backtrace: CPU: 1 PID: 6302 Comm: syz-executor.2 Not tainted 4.9.141+ #1 ffff8801d4cf6d80 ffffffff81b42e79 ffff8801a3a94740 ffffffff83cac600 ffff8801a3a95040 ffff8801a3a95060 ffffffff84244d40 ffff8801d4cf6df8 ffffffff81400780 0000000000000000 ffffffff00000001 0000000000000001 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_usage_bug.cold.40+0x44e/0x57e kernel/locking/lockdep.c:2387 [] valid_state kernel/locking/lockdep.c:2400 [inline] [] mark_lock_irq kernel/locking/lockdep.c:2602 [inline] [] mark_lock+0x2f2/0x1290 kernel/locking/lockdep.c:3065 [] mark_irqflags kernel/locking/lockdep.c:2958 [inline] [] __lock_acquire+0x632/0x4a10 kernel/locking/lockdep.c:3302 [] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 [] down_write+0x41/0xa0 kernel/locking/rwsem.c:52 [] inode_lock include/linux/fs.h:766 [inline] [] shmem_fallocate+0x13c/0xb10 mm/shmem.c:2676 [] ashmem_shrink_scan+0x1b9/0x4c0 drivers/staging/android/ashmem.c:462 [] do_shrink_slab mm/vmscan.c:398 [inline] [] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501 [] shrink_slab mm/vmscan.c:465 [inline] [] shrink_node+0x1ed/0x740 mm/vmscan.c:2602 [] shrink_zones mm/vmscan.c:2749 [inline] [] do_try_to_free_pages mm/vmscan.c:2791 [inline] [] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002 [] __perform_reclaim mm/page_alloc.c:3324 [inline] [] __alloc_pages_direct_reclaim mm/page_alloc.c:3345 [inline] [] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline] [] __alloc_pages_nodemask+0x981/0x1bd0 mm/page_alloc.c:3862 [] __alloc_pages include/linux/gfp.h:433 [inline] [] __alloc_pages_node include/linux/gfp.h:446 [inline] [] alloc_pages_node include/linux/gfp.h:460 [inline] [] __vmalloc_area_node mm/vmalloc.c:1644 [inline] [] __vmalloc_node_range+0x25b/0x600 mm/vmalloc.c:1702 [] __vmalloc_node mm/vmalloc.c:1745 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1759 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1774 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:758 [] translate_table+0x215/0x1600 net/ipv4/netfilter/ip_tables.c:705 [] do_replace net/ipv4/netfilter/ip_tables.c:1157 [inline] [] do_ipt_set_ctl+0x2ce/0x460 net/ipv4/netfilter/ip_tables.c:1693 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0x88/0xa0 net/ipv4/ip_sockglue.c:1249 [] udp_setsockopt+0x4a/0x90 net/ipv4/udp.c:2110 [] ipv6_setsockopt+0x10a/0x130 net/ipv6/ipv6_sockglue.c:912 [] tcp_setsockopt+0x88/0xe0 net/ipv4/tcp.c:2758 [] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1785 [inline] [] SyS_setsockopt+0x166/0x260 net/socket.c:1764 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb lowmemorykiller: Killing 'syz-executor.3' (28368) (tgid 28368), adj 1000, to free 52456kB on behalf of 'syz-executor.2' (6356) because cache 65524kB is below limit 65536kB for oom_score_adj 12 Free memory is -13016kB above reserved lowmemorykiller: Killing 'syz-executor.3' (30344) (tgid 30344), adj 1000, to free 52436kB on behalf of 'kswapd0' (33) because cache 64224kB is below limit 65536kB for oom_score_adj 12 Free memory is 5084kB above reserved lowmemorykiller: Killing 'syz-executor.2' (8387) (tgid 8387), adj 1000, to free 52404kB on behalf of 'kswapd0' (33) because cache 64224kB is below limit 65536kB for oom_score_adj 12 Free memory is 21884kB above reserved lowmemorykiller: Killing 'syz-executor.3' (14325) (tgid 14325), adj 1000, to free 52404kB on behalf of 'kswapd0' (33) because cache 64224kB is below limit 65536kB for oom_score_adj 12 Free memory is 21884kB above reserved lowmemorykiller: Killing 'syz-executor.2' (16516) (tgid 16516), adj 1000, to free 52400kB on behalf of 'kswapd0' (33) because cache 64224kB is below limit 65536kB for oom_score_adj 12 Free memory is 49484kB above reserved lowmemorykiller: Killing 'syz-executor.4' (18892) (tgid 18892), adj 1000, to free 52400kB on behalf of 'kswapd0' (33) because cache 64224kB is below limit 65536kB for oom_score_adj 12 Free memory is 50684kB above reserved lowmemorykiller: Killing 'syz-executor.1' (24664) (tgid 24664), adj 1000, to free 52400kB on behalf of 'kswapd0' (33) because cache 63824kB is below limit 65536kB for oom_score_adj 12 Free memory is -9624kB above reserved lowmemorykiller: Killing 'syz-executor.0' (31807) (tgid 31807), adj 1000, to free 52388kB on behalf of 'kswapd0' (33) because cache 60124kB is below limit 65536kB for oom_score_adj 12 Free memory is 5036kB above reserved lowmemorykiller: Killing 'syz-executor.1' (9935) (tgid 9935), adj 1000, to free 52384kB on behalf of 'syz-executor.2' (6302) because cache 53724kB is below limit 65536kB for oom_score_adj 12 Free memory is -13188kB above reserved lowmemorykiller: Killing 'syz-executor.2' (6149) (tgid 6149), adj 1000, to free 52356kB on behalf of 'syz-executor.2' (6302) because cache 51924kB is below limit 65536kB for oom_score_adj 12 Free memory is -12092kB above reserved lowmemorykiller: Killing 'syz-executor.4' (24198) (tgid 24198), adj 1000, to free 52356kB on behalf of 'kswapd0' (33) because cache 45824kB is below limit 65536kB for oom_score_adj 12 Free memory is -8976kB above reserved lowmemorykiller: Killing 'syz-executor.1' (22228) (tgid 22228), adj 1000, to free 52352kB on behalf of 'kswapd0' (33) because cache 45824kB is below limit 65536kB for oom_score_adj 12 Free memory is 956kB above reserved lowmemorykiller: Killing 'syz-executor.2' (9464) (tgid 9464), adj 1000, to free 52340kB on behalf of 'syz-executor.2' (6302) because cache 44224kB is below limit 65536kB for oom_score_adj 12 Free memory is -13140kB above reserved lowmemorykiller: Killing 'syz-executor.4' (26553) (tgid 26553), adj 1000, to free 52336kB on behalf of 'syz-executor.2' (6302) because cache 35824kB is below limit 65536kB for oom_score_adj 12 Free memory is -6540kB above reserved lowmemorykiller: Killing 'syz-executor.0' (7077) (tgid 7077), adj 1000, to free 52320kB on behalf of 'syz-executor.2' (6302) because cache 32524kB is below limit 65536kB for oom_score_adj 12 Free memory is 7620kB above reserved lowmemorykiller: Killing 'syz-executor.2' (18316) (tgid 18316), adj 1000, to free 52320kB on behalf of 'syz-executor.2' (6302) because cache 32524kB is below limit 65536kB for oom_score_adj 12 Free memory is 38020kB above reserved lowmemorykiller: Killing 'syz-executor.3' (3290) (tgid 3290), adj 1000, to free 51404kB on behalf of 'kswapd0' (33) because cache 31524kB is below limit 65536kB for oom_score_adj 12 Free memory is -7912kB above reserved lowmemorykiller: Killing 'syz-executor.3' (4831) (tgid 4831), adj 1000, to free 51404kB on behalf of 'kswapd0' (33) because cache 30524kB is below limit 65536kB for oom_score_adj 12 Free memory is 18868kB above reserved lowmemorykiller: Killing 'syz-executor.3' (15368) (tgid 15368), adj 1000, to free 51388kB on behalf of 'kswapd0' (33) because cache 30524kB is below limit 65536kB for oom_score_adj 12 Free memory is 35460kB above reserved lowmemorykiller: Killing 'syz-executor.3' (3289) (tgid 3289), adj 1000, to free 51404kB on behalf of 'syz-executor.2' (6302) because cache 30524kB is below limit 65536kB for oom_score_adj 12 Free memory is -13136kB above reserved lowmemorykiller: Killing 'syz-executor.1' (20946) (tgid 20946), adj 1000, to free 51388kB on behalf of 'kswapd0' (33) because cache 30524kB is below limit 65536kB for oom_score_adj 12 Free memory is -9448kB above reserved lowmemorykiller: Killing 'syz-executor.1' (930) (tgid 930), adj 1000, to free 51388kB on behalf of 'kswapd0' (33) because cache 30424kB is below limit 65536kB for oom_score_adj 12 Free memory is -7256kB above reserved lowmemorykiller: Killing 'syz-executor.3' (10897) (tgid 10897), adj 1000, to free 51384kB on behalf of 'kswapd0' (33) because cache 29224kB is below limit 65536kB for oom_score_adj 12 Free memory is -8948kB above reserved lowmemorykiller: Killing 'syz-executor.0' (31856) (tgid 31856), adj 1000, to free 51384kB on behalf of 'syz-executor.2' (6302) because cache 27924kB is below limit 65536kB for oom_score_adj 12 Free memory is -13332kB above reserved lowmemorykiller: Killing 'syz-executor.4' (18905) (tgid 18905), adj 1000, to free 51376kB on behalf of 'syz-executor.2' (6302) because cache 27824kB is below limit 65536kB for oom_score_adj 12 Free memory is 22780kB above reserved lowmemorykiller: Killing 'syz-executor.4' (7274) (tgid 7274), adj 1000, to free 47436kB on behalf of 'syz-executor.2' (6302) because cache 27724kB is below limit 65536kB for oom_score_adj 12 Free memory is 48480kB above reserved lowmemorykiller: Killing 'syz-executor.4' (13124) (tgid 13124), adj 1000, to free 47436kB on behalf of 'kswapd0' (33) because cache 27724kB is below limit 65536kB for oom_score_adj 12 Free memory is -9720kB above reserved lowmemorykiller: Killing 'syz-executor.0' (17239) (tgid 17239), adj 1000, to free 47368kB on behalf of 'syz-executor.2' (6302) because cache 27484kB is below limit 65536kB for oom_score_adj 12 Free memory is 8308kB above reserved lowmemorykiller: Killing 'syz-executor.1' (8891) (tgid 8891), adj 1000, to free 44436kB on behalf of 'kswapd0' (33) because cache 27384kB is below limit 65536kB for oom_score_adj 12 Free memory is -9740kB above reserved lowmemorykiller: Killing 'syz-executor.1' (27884) (tgid 27884), adj 1000, to free 44192kB on behalf of 'kswapd0' (33) because cache 27384kB is below limit 65536kB for oom_score_adj 12 Free memory is -9740kB above reserved lowmemorykiller: Killing 'syz-executor.4' (7277) (tgid 7277), adj 1000, to free 42932kB on behalf of 'syz-executor.2' (6302) because cache 27332kB is below limit 65536kB for oom_score_adj 12 Free memory is -1264kB above reserved lowmemorykiller: Killing 'syz-executor.3' (10889) (tgid 10889), adj 1000, to free 41644kB on behalf of 'syz-executor.2' (6302) because cache 27280kB is below limit 65536kB for oom_score_adj 12 Free memory is -11008kB above reserved lowmemorykiller: Killing 'syz-executor.2' (28239) (tgid 28239), adj 1000, to free 41296kB on behalf of 'syz-executor.2' (6302) because cache 27180kB is below limit 65536kB for oom_score_adj 12 Free memory is 4692kB above reserved lowmemorykiller: Killing 'syz-executor.3' (5787) (tgid 5787), adj 1000, to free 39768kB on behalf of 'syz-executor.2' (6302) because cache 24280kB is below limit 65536kB for oom_score_adj 12 Free memory is 5296kB above reserved lowmemorykiller: Killing 'syz-executor.2' (4126) (tgid 4126), adj 1000, to free 39756kB on behalf of 'kswapd0' (33) because cache 24080kB is below limit 65536kB for oom_score_adj 12 Free memory is -13060kB above reserved lowmemorykiller: Killing 'syz-executor.0' (5367) (tgid 5367), adj 1000, to free 39244kB on behalf of 'kswapd0' (33) because cache 21880kB is below limit 65536kB for oom_score_adj 12 Free memory is -10960kB above reserved lowmemorykiller: Killing 'syz-executor.4' (31838) (tgid 31838), adj 1000, to free 38828kB on behalf of 'kswapd0' (33) because cache 21880kB is below limit 65536kB for oom_score_adj 12 Free memory is -7060kB above reserved lowmemorykiller: Killing 'syz-executor.3' (3269) (tgid 3269), adj 1000, to free 38016kB on behalf of 'kswapd0' (33) because cache 21880kB is below limit 65536kB for oom_score_adj 12 Free memory is -2960kB above reserved lowmemorykiller: Killing 'syz-executor.1' (20913) (tgid 20913), adj 1000, to free 37552kB on behalf of 'kswapd0' (33) because cache 21880kB is below limit 65536kB for oom_score_adj 12 Free memory is -2060kB above reserved lowmemorykiller: Killing 'syz-executor.3' (3244) (tgid 3244), adj 1000, to free 37248kB on behalf of 'kswapd0' (33) because cache 21880kB is below limit 65536kB for oom_score_adj 12 Free memory is 840kB above reserved lowmemorykiller: Killing 'syz-executor.4' (18940) (tgid 18940), adj 1000, to free 37036kB on behalf of 'kswapd0' (33) because cache 21880kB is below limit 65536kB for oom_score_adj 12 Free memory is 3340kB above reserved lowmemorykiller: Killing 'syz-executor.5' (5348) (tgid 5348), adj 1000, to free 36604kB on behalf of 'syz-executor.2' (6302) because cache 22228kB is below limit 65536kB for oom_score_adj 12 Free memory is 10140kB above reserved lowmemorykiller: Killing 'syz-executor.1' (19530) (tgid 19530), adj 1000, to free 36520kB on behalf of 'kswapd0' (33) because cache 22028kB is below limit 65536kB for oom_score_adj 12 Free memory is -9556kB above reserved lowmemorykiller: Killing 'syz-executor.3' (32525) (tgid 32525), adj 1000, to free 36056kB on behalf of 'kswapd0' (33) because cache 21828kB is below limit 65536kB for oom_score_adj 12 Free memory is -7540kB above reserved lowmemorykiller: Killing 'syz-executor.3' (514) (tgid 514), adj 1000, to free 36020kB on behalf of 'syz-executor.2' (6302) because cache 19428kB is below limit 65536kB for oom_score_adj 12 Free memory is -12792kB above reserved lowmemorykiller: Killing 'syz-executor.3' (463) (tgid 463), adj 1000, to free 36020kB on behalf of 'kswapd0' (33) because cache 19528kB is below limit 65536kB for oom_score_adj 12 Free memory is -5140kB above reserved lowmemorykiller: Killing 'syz-executor.5' (4607) (tgid 4607), adj 1000, to free 36016kB on behalf of 'syz-executor.2' (6302) because cache 14976kB is below limit 16384kB for oom_score_adj 6 Free memory is -12748kB above reserved lowmemorykiller: Killing 'syz-executor.4' (5776) (tgid 5776), adj 1000, to free 36000kB on behalf of 'syz-executor.2' (6302) because cache 14976kB is below limit 16384kB for oom_score_adj 6 Free memory is -13412kB above reserved lowmemorykiller: Killing 'syz-executor.1' (26711) (tgid 26711), adj 1000, to free 35936kB on behalf of 'syz-executor.2' (6302) because cache 13376kB is below limit 16384kB for oom_score_adj 6 Free memory is -11612kB above reserved lowmemorykiller: Killing 'syz-executor.0' (15953) (tgid 15953), adj 1000, to free 35916kB on behalf of 'syz-executor.2' (6302) because cache 10776kB is below limit 16384kB for oom_score_adj 6 Free memory is -13160kB above reserved lowmemorykiller: Killing 'syz-executor.0' (2813) (tgid 2813), adj 1000, to free 35912kB on behalf of 'syz-executor.2' (6302) because cache 9276kB is below limit 16384kB for oom_score_adj 6 Free memory is 1244kB above reserved lowmemorykiller: Killing 'syz-executor.3' (29729) (tgid 29729), adj 1000, to free 35912kB on behalf of 'kswapd0' (33) because cache 9076kB is below limit 16384kB for oom_score_adj 6 Free memory is 576kB above reserved lowmemorykiller: Killing 'syz-executor.1' (1934) (tgid 1934), adj 1000, to free 35912kB on behalf of 'syz-executor.2' (6302) because cache 8476kB is below limit 16384kB for oom_score_adj 6 Free memory is -12996kB above reserved lowmemorykiller: Killing 'syz-executor.1' (2009) (tgid 2009), adj 1000, to free 35912kB on behalf of 'syz-executor.2' (6302) because cache 7576kB is below limit 8192kB for oom_score_adj 1 Free memory is -13336kB above reserved lowmemorykiller: Killing 'syz-executor.3' (29770) (tgid 29770), adj 1000, to free 35912kB on behalf of 'kswapd0' (33) because cache 7576kB is below limit 8192kB for oom_score_adj 1 Free memory is -12096kB above reserved lowmemorykiller: Killing 'syz-executor.2' (6302) (tgid 6283), adj 1000, to free 35912kB on behalf of 'syz-executor.2' (6302) because cache 5676kB is below limit 6144kB for oom_score_adj 0 Free memory is -11624kB above reserved lowmemorykiller: Killing 'syz-executor.1' (6087) (tgid 6087), adj 1000, to free 35912kB on behalf of 'kswapd0' (33) because cache 5676kB is below limit 6144kB for oom_score_adj 0 Free memory is -12344kB above reserved lowmemorykiller: Killing 'syz-executor.2' (6302) (tgid 6283), adj 1000, to free 35016kB on behalf of 'udevd' (2266) because cache 736kB is below limit 6144kB for oom_score_adj 0 Free memory is -13300kB above reserved lowmemorykiller: Killing 'syz-executor.2' (6302) (tgid 6283), adj 1000, to free 35016kB on behalf of 'syz-fuzzer' (2060) because cache 736kB is below limit 6144kB for oom_score_adj 0 Free memory is -13304kB above reserved lowmemorykiller: Killing 'syz-executor.2' (6302) (tgid 6283), adj 1000, to free 35016kB on behalf of 'udevd' (2849) because cache 312kB is below limit 6144kB for oom_score_adj 0 Free memory is -13364kB above reserved syz-executor.2: vmalloc: allocation failure, allocated 2245677056 of 4294971392 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 6356 Comm: syz-executor.2 Not tainted 4.9.141+ #1 ffff880146d87818 ffffffff81b42e79 1ffff10028db0f05 dffffc0000000000 ffffffff82aa8ba0 0000000000000000 0000000000400000 ffff880146d87960 ffffffff814fc7c8 0000000041b58ab3 ffffffff82e37a10 ffffffff81427db0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc.cold.31+0x7f/0x9c mm/page_alloc.c:3068 [] __vmalloc_area_node mm/vmalloc.c:1661 [inline] [] __vmalloc_node_range+0x3f8/0x600 mm/vmalloc.c:1702 [] __vmalloc_node mm/vmalloc.c:1745 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1759 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1774 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:758 [] translate_table+0x215/0x1600 net/ipv4/netfilter/ip_tables.c:705 [] do_replace net/ipv4/netfilter/ip_tables.c:1157 [inline] [] do_ipt_set_ctl+0x2ce/0x460 net/ipv4/netfilter/ip_tables.c:1693 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0x88/0xa0 net/ipv4/ip_sockglue.c:1249 [] udp_setsockopt+0x4a/0x90 net/ipv4/udp.c:2110 [] ipv6_setsockopt+0x10a/0x130 net/ipv6/ipv6_sockglue.c:912 [] tcp_setsockopt+0x88/0xe0 net/ipv4/tcp.c:2758 [] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1785 [inline] [] SyS_setsockopt+0x166/0x260 net/socket.c:1764 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb oom_reaper: reaped process 6356 (syz-executor.2), now anon-rss:0kB, file-rss:20kB, shmem-rss:0kB Mem-Info: active_anon:73699 inactive_anon:30485 isolated_anon:0 active_file:9 inactive_file:53 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:6379 slab_unreclaimable:64340 mapped:52285 shmem:33484 pagetables:11355 bounce:0 free:576 free_pcp:9 free_cma:0 Node 0 active_anon:294796kB inactive_anon:121940kB active_file:36kB inactive_file:212kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:209140kB dirty:0kB writeback:0kB shmem:133936kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA32 free:8kB min:4696kB low:7712kB high:10728kB active_anon:312kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3020132kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 3505 3505 Normal free:2296kB min:5580kB low:9168kB high:12756kB active_anon:294484kB inactive_anon:121940kB active_file:36kB inactive_file:212kB unevictable:0kB writepending:0kB present:4718592kB managed:3589316kB mlocked:0kB slab_reclaimable:25516kB slab_unreclaimable:257360kB kernel_stack:18368kB pagetables:45420kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmemorykiller: Killing 'syz-executor.3' (23727) (tgid 23727), adj 1000, to free 35012kB on behalf of 'kswapd0' (33) because cache 256kB is below limit 6144kB for oom_score_adj 0 Free memory is -35200kB above reserved lowmem_reserve[]: 0 0 0 DMA32: 2*4kB (UM) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB Normal: 139*4kB (UMH) 2*8kB (U) 3*16kB (U) 45*32kB (U) 0*64kB 3*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2444kB 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 syz-executor.2 invoked oom-killer: gfp_mask=0x24002c2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN), nodemask=0, order=0, oom_score_adj=1000 CPU: 0 PID: 6302 Comm: syz-executor.2 Not tainted 4.9.141+ #1 ffff8801d4cf7518 ffffffff81b42e79 ffff8801d4cf78d8 ffffffff833e92b0 00000000000003e8 ffff8801d4cf78f0 0000000000000000 ffff8801d4cf7598 ffffffff814fb526 0000000000000000 00000000000003e8 ffffffff82816fa5 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] dump_header.isra.4+0x142/0x747 mm/oom_kill.c:417 [] oom_kill_process.cold.10+0xd/0xa6e mm/oom_kill.c:852 [] out_of_memory+0x292/0xe90 mm/oom_kill.c:1061 [] __alloc_pages_may_oom mm/page_alloc.c:3135 [inline] [] __alloc_pages_slowpath mm/page_alloc.c:3751 [inline] [] __alloc_pages_nodemask+0x18ee/0x1bd0 mm/page_alloc.c:3862 [] __alloc_pages include/linux/gfp.h:433 [inline] [] __alloc_pages_node include/linux/gfp.h:446 [inline] [] alloc_pages_node include/linux/gfp.h:460 [inline] [] __vmalloc_area_node mm/vmalloc.c:1644 [inline] [] __vmalloc_node_range+0x25b/0x600 mm/vmalloc.c:1702 [] __vmalloc_node mm/vmalloc.c:1745 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1759 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1774 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:758 [] translate_table+0x215/0x1600 net/ipv4/netfilter/ip_tables.c:705 [] do_replace net/ipv4/netfilter/ip_tables.c:1157 [inline] [] do_ipt_set_ctl+0x2ce/0x460 net/ipv4/netfilter/ip_tables.c:1693 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0x88/0xa0 net/ipv4/ip_sockglue.c:1249 [] udp_setsockopt+0x4a/0x90 net/ipv4/udp.c:2110 [] ipv6_setsockopt+0x10a/0x130 net/ipv6/ipv6_sockglue.c:912 [] tcp_setsockopt+0x88/0xe0 net/ipv4/tcp.c:2758 [] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1785 [inline] [] SyS_setsockopt+0x166/0x260 net/socket.c:1764 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Mem-Info: active_anon:73699 inactive_anon:30485 isolated_anon:0 active_file:9 inactive_file:53 isolated_file:0 unevictable:0 dirty:0 writeback:0 unstable:0 slab_reclaimable:6379 slab_unreclaimable:64340 mapped:52285 shmem:33484 pagetables:11355 bounce:0 free:604 free_pcp:0 free_cma:0 Node 0 active_anon:294796kB inactive_anon:121940kB active_file:36kB inactive_file:212kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:209140kB dirty:0kB writeback:0kB shmem:133936kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA32 free:8kB min:4696kB low:7712kB high:10728kB active_anon:312kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3020132kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB Normal free:2408kB min:5580kB low:9168kB high:12756kB active_anon:294484kB inactive_anon:121940kB active_file:36kB inactive_file:212kB unevictable:0kB writepending:0kB present:4718592kB managed:3589316kB mlocked:0kB slab_reclaimable:25516kB slab_unreclaimable:257360kB kernel_stack:18336kB pagetables:45420kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB DMA32: 2*4kB (UM) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 313617 pages reserved [ pid ] uid tgid total_vm rss nr_ptes nr_pmds swapents oom_score_adj name [ 470] 0 470 5401 204 17 3 0 -1000 udevd [ 594] 0 594 5680 454 16 3 0 -1000 udevd [ 595] 0 595 5647 447 16 3 0 -1000 udevd [ 1756] 0 1756 2492 573 9 3 0 0 dhclient [ 1897] 0 1897 14264 173 24 3 0 0 rsyslogd [ 1952] 0 1952 3735 44 11 3 0 0 mcstransd [ 1954] 0 1954 4724 51 15 3 0 0 cron [ 1972] 0 1972 12926 1233 29 3 0 0 restorecond [ 1998] 0 1998 12489 153 27 3 0 -1000 sshd [ 2028] 0 2028 3648 39 13 3 0 0 getty [ 2044] 0 2044 17820 196 40 3 0 0 sshd [ 2046] 0 2046 93746 53803 147 5 0 0 syz-fuzzer [ 2074] 0 2074 18112 15 23 4 0 0 syz-executor.0 [ 2076] 0 2076 18112 16 23 3 0 0 syz-executor.1 [ 2077] 0 2077 18112 15 23 4 0 0 syz-executor.4 [ 2078] 0 2078 18112 16 23 3 0 0 syz-executor.2 [ 2079] 0 2079 18112 16 23 3 0 0 syz-executor.3 [ 2080] 0 2080 18111 8734 24 4 0 0 syz-executor.1 [ 2081] 0 2081 18111 8733 24 5 0 0 syz-executor.0 [ 2095] 0 2095 18111 8733 24 5 0 0 syz-executor.4 [ 2096] 0 2096 18111 8736 24 4 0 0 syz-executor.3 [ 2100] 0 2100 18111 8734 24 4 0 0 syz-executor.2 [ 2266] 0 2266 5659 448 16 3 0 -1000 udevd [ 2282] 0 2282 18210 8748 26 4 0 1000 syz-executor.1 [ 2387] 0 2387 18177 8745 26 4 0 1000 syz-executor.2 [ 2390] 0 2390 18177 8745 26 4 0 1000 syz-executor.2