====================================================== WARNING: possible circular locking dependency detected 4.13.0-rc6-next-20170825+ #9 Not tainted ------------------------------------------------------ kworker/0:2/1254 is trying to acquire lock: (reg_work){+.+.}, at: [] process_one_work+0xb2c/0x1be0 kernel/workqueue.c:2094 but now in release context of a crosslock acquired at the following: ((complete)&rcu.completion){+.+.}, at: [] __synchronize_srcu+0x1b5/0x250 kernel/rcu/srcutree.c:898 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 ((complete)&rcu.completion){+.+.}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 complete_acquire include/linux/completion.h:39 [inline] __wait_for_common kernel/sched/completion.c:108 [inline] wait_for_common kernel/sched/completion.c:122 [inline] wait_for_completion+0xc8/0x770 kernel/sched/completion.c:143 __synchronize_srcu+0x1b5/0x250 kernel/rcu/srcutree.c:898 synchronize_srcu_expedited kernel/rcu/srcutree.c:923 [inline] synchronize_srcu+0x1a3/0x560 kernel/rcu/srcutree.c:974 quarantine_remove_cache+0xd7/0xf0 mm/kasan/quarantine.c:327 kasan_cache_shrink+0x9/0x10 mm/kasan/kasan.c:380 kmem_cache_shrink+0x15/0x30 mm/slab_common.c:857 acpi_os_purge_cache+0x15/0x20 drivers/acpi/osl.c:1560 acpi_purge_cached_objects+0x38/0xc9 drivers/acpi/acpica/utxface.c:271 acpi_initialize_objects+0xc5/0x112 drivers/acpi/acpica/utxfinit.c:302 acpi_bus_init drivers/acpi/bus.c:1131 [inline] acpi_init+0x23c/0x8e6 drivers/acpi/bus.c:1220 do_one_initcall+0x9e/0x330 init/main.c:826 do_initcall_level init/main.c:892 [inline] do_initcalls init/main.c:900 [inline] do_basic_setup init/main.c:918 [inline] kernel_init_freeable+0x469/0x521 init/main.c:1066 kernel_init+0x13/0x172 init/main.c:993 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 -> #2 (cpu_hotplug_lock.rw_sem){++++}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:218 get_online_cpus include/linux/cpu.h:126 [inline] flush_all_backlogs net/core/dev.c:4592 [inline] rollback_registered_many+0x587/0xe80 net/core/dev.c:7127 rollback_registered+0x1be/0x3c0 net/core/dev.c:7183 unregister_netdevice_queue+0x2e3/0x5d0 net/core/dev.c:8171 unregister_netdevice include/linux/netdevice.h:2428 [inline] __tun_detach+0x1020/0x1390 drivers/net/tun.c:576 tun_detach drivers/net/tun.c:587 [inline] tun_chr_close+0x44/0x60 drivers/net/tun.c:2595 __fput+0x333/0x7f0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:246 task_work_run+0x199/0x270 kernel/task_work.c:112 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x2a6/0x300 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath+0x42f/0x500 arch/x86/entry/common.c:266 entry_SYSCALL_64_fastpath+0xbc/0xbe -> #1 (rtnl_mutex){+.+.}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72 reg_todo+0xc6/0xbe0 net/wireless/reg.c:2337 process_one_work+0xbfd/0x1be0 kernel/workqueue.c:2098 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 -> #0 (reg_work){+.+.}: process_one_work+0xba5/0x1be0 kernel/workqueue.c:2095 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 0xffffffffffffffff other info that might help us debug this: Chain exists of: reg_work --> cpu_hotplug_lock.rw_sem --> (complete)&rcu.completion Possible unsafe locking scenario by crosslock: CPU0 CPU1 ---- ---- lock(cpu_hotplug_lock.rw_sem); lock((complete)&rcu.completion); lock(reg_work); unlock((complete)&rcu.completion); *** DEADLOCK *** 3 locks held by kworker/0:2/1254: #0: ("events_power_efficient"){.+.+}, at: [] __write_once_size include/linux/compiler.h:305 [inline] #0: ("events_power_efficient"){.+.+}, at: [] atomic64_set arch/x86/include/asm/atomic64_64.h:33 [inline] #0: ("events_power_efficient"){.+.+}, at: [] atomic_long_set include/asm-generic/atomic-long.h:56 [inline] #0: ("events_power_efficient"){.+.+}, at: [] set_work_data kernel/workqueue.c:617 [inline] #0: ("events_power_efficient"){.+.+}, at: [] set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: ("events_power_efficient"){.+.+}, at: [] process_one_work+0xad4/0x1be0 kernel/workqueue.c:2090 #1: ((&(&sdp->work)->work)){+.+.}, at: [] process_one_work+0xb2c/0x1be0 kernel/workqueue.c:2094 #2: (&x->wait#5){....}, at: [] complete+0x18/0x80 kernel/sched/completion.c:34 stack backtrace: CPU: 0 PID: 1254 Comm: kworker/0:2 Not tainted 4.13.0-rc6-next-20170825+ #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Workqueue: events_power_efficient srcu_invoke_callbacks Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 print_circular_bug+0x503/0x710 kernel/locking/lockdep.c:1259 check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894 commit_xhlock kernel/locking/lockdep.c:5002 [inline] commit_xhlocks kernel/locking/lockdep.c:5046 [inline] lock_commit_crosslock+0xe73/0x1d10 kernel/locking/lockdep.c:5085 complete_release_commit include/linux/completion.h:49 [inline] complete+0x24/0x80 kernel/sched/completion.c:39 wakeme_after_rcu+0xd/0x10 kernel/rcu/update.c:376 srcu_invoke_callbacks+0x280/0x4d0 kernel/rcu/srcutree.c:1161 process_one_work+0xbfd/0x1be0 kernel/workqueue.c:2098 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14606 sclass=netlink_route_socket pig=6824 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14606 sclass=netlink_route_socket pig=6824 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6421 sclass=netlink_route_socket pig=6948 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6421 sclass=netlink_route_socket pig=6948 comm=syz-executor1 device lo entered promiscuous mode semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. The task syz-executor7 (6961) triggered the difference, watch for misbehavior. sctp: [Deprecated]: syz-executor4 (pid 6958) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor4 (pid 6958) Use of int in max_burst socket option. Use struct sctp_assoc_value instead SELinux: unrecognized netlink message: protocol=0 nlmsg_type=30758 sclass=netlink_route_socket pig=7092 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=30758 sclass=netlink_route_socket pig=7092 comm=syz-executor4 PF_BRIDGE: br_mdb_parse() with invalid ifindex PF_BRIDGE: br_mdb_parse() with invalid ifindex dccp_close: ABORT with 7834 bytes unread RDS: rds_bind could not find a transport for 172.20.1.187, load rds_tcp or rds_rdma? dccp_close: ABORT with 7834 bytes unread RDS: rds_bind could not find a transport for 172.20.1.187, load rds_tcp or rds_rdma? sctp: [Deprecated]: syz-executor1 (pid 7422) Use of int in maxseg socket option. Use struct sctp_assoc_value instead syz-executor0: vmalloc: allocation failure: 4833356120 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor0 cpuset=/ mems_allowed=0-1 CPU: 3 PID: 7427 Comm: syz-executor0 Not tainted 4.13.0-rc6-next-20170825+ #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254 __vmalloc_node_range+0x599/0x730 mm/vmalloc.c:1781 __vmalloc_node mm/vmalloc.c:1810 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1832 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:529 [inline] kvmalloc_array include/linux/mm.h:545 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:692 do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline] do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1669 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1251 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2800 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2970 SYSC_setsockopt net/socket.c:1852 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1831 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x446749 RSP: 002b:00007fa8bb56cc08 EFLAGS: 00000296 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000018 RCX: 0000000000446749 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000018 RBP: 0000000000708000 R08: 0000000000000056 R09: 0000000000000000 R10: 0000000020006000 R11: 0000000000000296 R12: 00000000ffffffff R13: 00000000000052d0 R14: 00000000006e7390 R15: 0000000000000001 Mem-Info: active_anon:94114 inactive_anon:55 isolated_anon:0 active_file:3502 inactive_file:4642 isolated_file:0 unevictable:0 dirty:121 writeback:0 unstable:0 slab_reclaimable:6273 slab_unreclaimable:33305 mapped:20808 shmem:194 pagetables:787 bounce:0 free:250776 free_pcp:1052 free_cma:0 Node 0 active_anon:73140kB inactive_anon:92kB active_file:6540kB inactive_file:3288kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36264kB dirty:188kB writeback:0kB shmem:616kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 2048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 1 active_anon:303372kB inactive_anon:128kB active_file:7468kB inactive_file:15292kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:46968kB dirty:308kB writeback:0kB shmem:160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:640kB low:800kB high:960kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 886 886 886 Node 0 DMA32 free:688216kB min:36536kB low:45668kB high:54800kB active_anon:73104kB inactive_anon:92kB active_file:6540kB inactive_file:3288kB unevictable:0kB writepending:188kB present:1032192kB managed:909748kB mlocked:0kB kernel_stack:3136kB pagetables:1316kB bounce:0kB free_pcp:2284kB local_pcp:672kB free_cma:0kB sctp: [Deprecated]: syz-executor1 (pid 7433) Use of int in maxseg socket option. Use struct sctp_assoc_value instead lowmem_reserve[]: 0 0 0 0 Node 1 DMA32 free:305152kB min:30404kB low:38004kB high:45604kB active_anon:297224kB inactive_anon:128kB active_file:7468kB inactive_file:15292kB unevictable:0kB writepending:316kB present:1048560kB managed:755216kB mlocked:0kB kernel_stack:1952kB pagetables:1768kB bounce:0kB free_pcp:1808kB local_pcp:184kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 356*4kB (UME) 985*8kB (UME) 1086*16kB (ME) 935*32kB (UME) 501*64kB (UME) 78*128kB (UME) 5*256kB (UME) 9*512kB (UM) 8*1024kB (UME) 5*2048kB (UM) 138*4096kB (M) = 688216kB Node 1 DMA32: 129*4kB (UE) 288*8kB (UME) 989*16kB (UME) 761*32kB (UME) 364*64kB (UME) 113*128kB (UME) 36*256kB (UM) 20*512kB (UM) 6*1024kB (UME) 1*2048kB (M) 48*4096kB (M) = 305012kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 8342 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 524186 pages RAM 0 pages HighMem/MovableOnly 103968 pages reserved syz-executor0: vmalloc: allocation failure: 4833356120 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor0 cpuset=/ mems_allowed=0-1 CPU: 3 PID: 7427 Comm: syz-executor0 Not tainted 4.13.0-rc6-next-20170825+ #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254 __vmalloc_node_range+0x599/0x730 mm/vmalloc.c:1781 __vmalloc_node mm/vmalloc.c:1810 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1832 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:529 [inline] kvmalloc_array include/linux/mm.h:545 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:692 do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline] do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1669 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1251 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2800 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2970 SYSC_setsockopt net/socket.c:1852 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1831 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x446749 RSP: 002b:00007fa8bb56cc08 EFLAGS: 00000296 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000020 RCX: 0000000000446749 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000020 RBP: 0000000000708000 R08: 0000000000000056 R09: 0000000000000000 R10: 0000000020006000 R11: 0000000000000296 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fa8bb56d9c0 R15: 00007fa8bb56d700 kvm [7517]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0x186 data 0x8 kvm [7517]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0x186 data 0x8 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl ?: renamed from sit0 dccp_close: ABORT with 11333 bytes unread QAT: Invalid ioctl QAT: Invalid ioctl Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app kvm: apic: phys broadcast and lowest prio QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl device lo entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl sctp: [Deprecated]: syz-executor6 (pid 8549) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor6 (pid 8562) Use of int in maxseg socket option. Use struct sctp_assoc_value instead SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=8618 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pig=8629 comm=syz-executor3 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl *** Guest State *** CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000000 RIP = 0x000000000000fff0 RFLAGS=0x00000100 DR7 = 0x0000000000000409 Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810 CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 sg_write: data in/out 134152156/188 bytes for SCSI command 0xa1-- guessing data in; program syz-executor6 not setting count and/or reply_len properly DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GDTR: limit=0x0000ffff, base=0x0000000000000000 LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 IDTR: limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 BndCfgS = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 sg_write: data in/out 134152156/188 bytes for SCSI command 0xa1-- guessing data in; program syz-executor6 not setting count and/or reply_len properly *** Host State *** RIP = 0xffffffff811b8fd7 RSP = 0xffff88006c44f4c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f8d627db700 GSBase=ffff88006de00000 TRBase=ffff88006de23100 GDTBase=ffffffffff575000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=000000004f14e000 CR4=00000000000026e0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84da5a70 EFER = 0x0000000000000d01 PAT = 0x0007040600070406 *** Control State *** PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 EntryControls=0001d1ff ExitControls=00afefff ExceptionBitmap=0006004a PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffdde5c64e9e TPR Threshold = 0x00 EPT pointer = 0x000000005154801e Virtual processor ID = 0x00b7 *** Guest State *** CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000000 RIP = 0x000000000000fff0 RFLAGS=0x00000100 DR7 = 0x0000000000000409 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GDTR: limit=0x0000ffff, base=0x0000000000000000 LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 IDTR: limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 BndCfgS = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811b8fd7 RSP = 0xffff88006c44f4c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f8d627db700 GSBase=ffff88006de00000 TRBase=ffff88006de23100 GDTBase=ffffffffff575000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=000000004f14e000 CR4=00000000000026e0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84da5a70 EFER = 0x0000000000000d01 PAT = 0x0007040600070406 *** Control State *** PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 EntryControls=0001d1ff ExitControls=00afefff ExceptionBitmap=0006004a PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffddd143e342 TPR Threshold = 0x00 EPT pointer = 0x000000006b3d101e Virtual processor ID = 0x00b9 nla_parse: 30 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. IPv6: NLM_F_REPLACE set, but no existing node found! netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. IPv6: NLM_F_REPLACE set, but no existing node found! QAT: Invalid ioctl QAT: Invalid ioctl sctp: [Deprecated]: syz-executor5 (pid 8867) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor5 (pid 8867) Use of int in maxseg socket option. Use struct sctp_assoc_value instead netlink: 11 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor3'. sctp: [Deprecated]: syz-executor5 (pid 8869) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor5 (pid 8889) Use of int in maxseg socket option. Use struct sctp_assoc_value instead SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1025 sclass=netlink_route_socket pig=8959 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1025 sclass=netlink_route_socket pig=8972 comm=syz-executor2 RDS: rds_bind could not find a transport for 224.0.0.1, load rds_tcp or rds_rdma? RDS: rds_bind could not find a transport for 224.0.0.1, load rds_tcp or rds_rdma? sctp: [Deprecated]: syz-executor2 (pid 9025) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor2 (pid 9026) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'. QAT: Invalid ioctl kauditd_printk_skb: 3 callbacks suppressed audit: type=1326 audit(1503716166.036:1831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=9286 comm="syz-executor1" exe="/syz-executor1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0xffff0000 syz-executor2: vmalloc: allocation failure: 4833356120 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor2 cpuset=/ mems_allowed=0-1 CPU: 2 PID: 9317 Comm: syz-executor2 Not tainted 4.13.0-rc6-next-20170825+ #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254 __vmalloc_node_range+0x599/0x730 mm/vmalloc.c:1781 __vmalloc_node mm/vmalloc.c:1810 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1832 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:529 [inline] kvmalloc_array include/linux/mm.h:545 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:692 do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline] do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1669 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1251 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2800 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2970 SYSC_setsockopt net/socket.c:1852 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1831 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x446749 RSP: 002b:00007f8d627dac08 EFLAGS: 00000296 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000018 RCX: 0000000000446749 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000018 RBP: 0000000000708000 R08: 0000000000000056 R09: 0000000000000000 R10: 0000000020006000 R11: 0000000000000296 R12: 00000000ffffffff R13: 00000000000056b0 R14: 00000000006e7770 R15: 0000200000000004 warn_alloc_show_mem: 1 callbacks suppressed Mem-Info: active_anon:115508 inactive_anon:47 isolated_anon:0 active_file:3522 inactive_file:4664 isolated_file:0 unevictable:0 dirty:135 writeback:0 unstable:0 slab_reclaimable:6848 slab_unreclaimable:36407 mapped:20808 shmem:187 pagetables:873 bounce:0 free:225242 free_pcp:1059 free_cma:0 audit: type=1326 audit(1503716166.110:1832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=9286 comm="syz-executor1" exe="/syz-executor1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0xffff0000 Node 0 active_anon:144660kB inactive_anon:76kB active_file:6620kB inactive_file:3316kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36264kB dirty:236kB writeback:0kB shmem:600kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 59392kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 1 active_anon:317204kB inactive_anon:112kB active_file:7468kB inactive_file:15344kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:46968kB dirty:308kB writeback:0kB shmem:148kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:640kB low:800kB high:960kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 886 886 886 Node 0 DMA32 free:641216kB min:36536kB low:45668kB high:54800kB active_anon:138528kB inactive_anon:76kB active_file:6620kB inactive_file:3320kB unevictable:0kB writepending:240kB present:1032192kB managed:909748kB mlocked:0kB kernel_stack:3456kB pagetables:1596kB bounce:0kB free_pcp:2084kB local_pcp:692kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 1 DMA32 free:240292kB min:30404kB low:38004kB high:45604kB active_anon:329760kB inactive_anon:112kB active_file:7468kB inactive_file:15344kB unevictable:0kB writepending:316kB present:1048560kB managed:755216kB mlocked:0kB kernel_stack:1952kB pagetables:1908kB bounce:0kB free_pcp:2272kB local_pcp:736kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 192*4kB (UME) 400*8kB (UME) 503*16kB (UME) 972*32kB (UME) 507*64kB (UME) 115*128kB (UM) 24*256kB (UM) 13*512kB (UM) 15*1024kB (UME) 3*2048kB (UM) 125*4096kB (M) = 636592kB Node 1 DMA32: 9*4kB (M) 94*8kB (UME) 8*16kB (UE) 196*32kB (UME) 329*64kB (UM) 70*128kB (UME) 4*256kB (UME) 4*512kB (UM) 9*1024kB (UME) 3*2048kB (UE) 43*4096kB (M) = 231764kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 8375 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 524186 pages RAM 0 pages HighMem/MovableOnly 103968 pages reserved syz-executor2: vmalloc: allocation failure: 4833356120 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor2 cpuset=/ mems_allowed=0-1 CPU: 2 PID: 9326 Comm: syz-executor2 Not tainted 4.13.0-rc6-next-20170825+ #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254 __vmalloc_node_range+0x599/0x730 mm/vmalloc.c:1781 __vmalloc_node mm/vmalloc.c:1810 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1832 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:529 [inline] kvmalloc_array include/linux/mm.h:545 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:692 do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline] do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1669 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1251 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2800 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2970 kvm_hv_set_msr: 134 callbacks suppressed kvm [9367]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x4000008f data 0x71 kvm [9367]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x4000008e data 0x71 kvm [9367]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x4000008d data 0x71 kvm [9367]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x4000008c data 0x71 kvm [9367]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x4000008b data 0xd1 kvm [9367]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x4000008a data 0x31 kvm [9367]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x40000089 data 0x31 kvm [9367]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x40000088 data 0x31 kvm [9367]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x40000087 data 0x31 kvm [9367]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x40000086 data 0x31 kvm [9367]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x40000020 data 0xb SYSC_setsockopt net/socket.c:1852 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1831 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x446749 RSP: 002b:00007f8d627b9c08 EFLAGS: 00000296 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000021 RCX: 0000000000446749 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000021 RBP: 0000000000a5f870 R08: 0000000000000056 R09: 0000000000000000 R10: 0000000020006000 R11: 0000000000000296 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f8d627ba9c0 R15: 00007f8d627ba700 kvm [9367]: vcpu0, guest rIP: 0x9112 Hyper-V uhandled wrmsr: 0x40000020 data 0xb *** Guest State *** CR0: actual=0x0000000000000021, shadow=0x0000000020000001, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000022050, shadow=0x0000000000020000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810 CS: sel=0x0010, attr=0x0009b, limit=0x000fffff, base=0x0000000000000000 DS: sel=0x0018, attr=0x00093, limit=0x000fffff, base=0x0000000000000000 SS: sel=0x0018, attr=0x00093, limit=0x000fffff, base=0x0000000000000000 ES: sel=0x0018, attr=0x00093, limit=0x000fffff, base=0x0000000000000000 FS: sel=0x0018, attr=0x00093, limit=0x000fffff, base=0x0000000000000000 GS: sel=0x0018, attr=0x00093, limit=0x000fffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x000001ff, base=0x0000000000003800 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000001 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 BndCfgS = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811b8fd7 RSP = 0xffff88003ae5f4c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f6949165700 GSBase=ffff88006df00000 TRBase=ffff88006df23100 GDTBase=ffffffffff574000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=000000003dae2000 CR4=00000000000026e0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84da5a70 EFER = 0x0000000000000d01 PAT = 0x0007040600070406 *** Control State *** PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 EntryControls=0001d1ff ExitControls=00afefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffdccae0fd14 EPT pointer = 0x000000003d80301e Virtual processor ID = 0x00d4 audit: type=1326 audit(1503716166.377:1833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=9423 comm="syz-executor6" exe="/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0xffff0000 sctp: [Deprecated]: syz-executor5 (pid 9442) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor5 (pid 9442) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sd 0:0:0:0: [sg0] tag#0 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:0:0: [sg0] tag#0 CDB: Test Unit Ready sd 0:0:0:0: [sg0] tag#0 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:0:0: [sg0] tag#0 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:0:0: [sg0] tag#0 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:0:0: [sg0] tag#0 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 QAT: Invalid ioctl *** Guest State *** CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000000 RIP = 0x000000000000fff0 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GDTR: limit=0x0000ffff, base=0x0000000000000000 LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 IDTR: limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 audit: type=1326 audit(1503716166.508:1834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=9423 comm="syz-executor6" exe="/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0xffff0000 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 BndCfgS = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811b8fd7 RSP = 0xffff88005017f4c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f609ab4f700 GSBase=ffff88006df00000 TRBase=ffff88006df23100 GDTBase=ffffffffff574000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=00000000517c2000 CR4=00000000000026e0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84da5a70 EFER = 0x0000000000000d01 PAT = 0x0007040600070406 *** Control State *** PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000e2 EntryControls=0001d1ff ExitControls=00afefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=800000ff errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffdc94fd3f1c EPT pointer = 0x00000000517f101e Virtual processor ID = 0x00d4 sd 0:0:0:0: [sg0] tag#0 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:0:0: [sg0] tag#0 CDB: Test Unit Ready sd 0:0:0:0: [sg0] tag#0 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:0:0: [sg0] tag#0 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:0:0: [sg0] tag#0 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:0:0: [sg0] tag#0 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 QAT: Invalid ioctl rpcbind: RPC call returned error 22 rpcbind: RPC call returned error 22 netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'. selinux_nlmsg_perm: 3 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=58450 sclass=netlink_route_socket pig=9680 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=58450 sclass=netlink_route_socket pig=9693 comm=syz-executor7 QAT: Invalid ioctl QAT: Invalid ioctl rpcbind: RPC call returned error 22 rpcbind: RPC call returned error 22 sg_write: data in/out 131038/42 bytes for SCSI command 0xa1-- guessing data in; program syz-executor7 not setting count and/or reply_len properly sg_write: data in/out 131038/42 bytes for SCSI command 0xa1-- guessing data in; program syz-executor7 not setting count and/or reply_len properly sctp: [Deprecated]: syz-executor5 (pid 9875) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sg_write: data in/out 1161363419/4052 bytes for SCSI command 0x86-- guessing data in; program syz-executor3 not setting count and/or reply_len properly rpcbind: RPC call returned error 22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9879 comm=syz-executor5 sctp: [Deprecated]: syz-executor5 (pid 9875) Use of int in max_burst socket option. Use struct sctp_assoc_value instead rpcbind: RPC call returned error 22 sg_write: data in/out 1161363419/4052 bytes for SCSI command 0x86-- guessing data in; program syz-executor3 not setting count and/or reply_len properly audit: type=1326 audit(1503716167.297:1835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=9909 comm="syz-executor7" exe="/syz-executor7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0x0 TCP: request_sock_TCP: Possible SYN flooding on port 20028. Sending cookies. Check SNMP counters. audit: type=1326 audit(1503716167.508:1836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=10032 comm="syz-executor5" exe="/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0xffff0000 *** Guest State *** CR0: actual=0x0000000000000031, shadow=0x0000000060000031, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000222050, shadow=0x0000000000220020, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810 CS: sel=0x0010, attr=0x0009b, limit=0x000fffff, base=0x0000000000000000 DS: sel=0x0018, attr=0x00093, limit=0x000fffff, base=0x0000000000000000 SS: sel=0x0018, attr=0x00093, limit=0x000fffff, base=0x0000000000000000 ES: sel=0x0018, attr=0x00093, limit=0x000fffff, base=0x0000000000000000 FS: sel=0x0018, attr=0x00093, limit=0x000fffff, base=0x0000000000000000 GS: sel=0x0018, attr=0x00093, limit=0x000fffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x000001ff, base=0x0000000000003800 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000001 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 BndCfgS = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811b8fd7 RSP = 0xffff880051b0f4c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007fa8bb56d700 GSBase=ffff88006de00000 TRBase=ffff88006de23100 GDTBase=ffffffffff575000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=000000006c48e000 CR4=00000000000026e0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84da5a70 EFER = 0x0000000000000d01 PAT = 0x0007040600070406 *** Control State *** PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 EntryControls=0001d1ff ExitControls=00afefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffdbc489d818 TPR Threshold = 0x00 EPT pointer = 0x00000000681b201e Virtual processor ID = 0x0082 audit: type=1326 audit(1503716167.567:1837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=10032 comm="syz-executor5" exe="/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0xffff0000 audit: type=1326 audit(1503716167.571:1838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=10066 comm="syz-executor3" exe="/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0xffff0000 audit: type=1326 audit(1503716167.677:1839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=10066 comm="syz-executor3" exe="/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0xffff0000 sctp: [Deprecated]: syz-executor5 (pid 10264) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor5 (pid 10272) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead device syz2 left promiscuous mode audit: type=1326 audit(1503716168.926:1840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=10358 comm="syz-executor7" exe="/syz-executor7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0xffff0000 sock: process `syz-executor4' is using obsolete setsockopt SO_BSDCOMPAT sg_write: data in/out 989/4 bytes for SCSI command 0x15-- guessing data in; program syz-executor3 not setting count and/or reply_len properly kvm [10505]: vcpu0, guest rIP: 0x9110 Hyper-V uhandled wrmsr: 0x40000020 data 0x47 sctp: [Deprecated]: syz-executor0 (pid 10543) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead loop_reread_partitions: partition scan of loop0 () failed (rc=-13) sctp: [Deprecated]: syz-executor0 (pid 10543) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead syz-executor0: vmalloc: allocation failure: 4833356120 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor0 cpuset=/ mems_allowed=0-1 CPU: 1 PID: 10584 Comm: syz-executor0 Not tainted 4.13.0-rc6-next-20170825+ #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254 __vmalloc_node_range+0x599/0x730 mm/vmalloc.c:1781 __vmalloc_node mm/vmalloc.c:1810 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1832 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:529 [inline] kvmalloc_array include/linux/mm.h:545 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:692 do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline] do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1669 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1251 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2800 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2970 SYSC_setsockopt net/socket.c:1852 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1831 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x446749 RSP: 002b:00007fa8bb56cc08 EFLAGS: 00000296 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000018 RCX: 0000000000446749 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000018 RBP: 0000000000708000 R08: 0000000000000056 R09: 0000000000000000 R10: 0000000020006000 R11: 0000000000000296 R12: 00000000ffffffff R13: 00000000000052d0 R14: 00000000006e7390 R15: 0000000000000001 warn_alloc_show_mem: 1 callbacks suppressed Mem-Info: active_anon:109329 inactive_anon:51 isolated_anon:0 active_file:3538 inactive_file:4721 isolated_file:0 unevictable:0 dirty:105 writeback:0 unstable:0 slab_reclaimable:6931 slab_unreclaimable:36093 mapped:20852 shmem:192 pagetables:815 bounce:0 free:231492 free_pcp:1091 free_cma:0 Node 0 active_anon:124928kB inactive_anon:100kB active_file:6632kB inactive_file:3376kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36280kB dirty:180kB writeback:0kB shmem:628kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 4096kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 1 active_anon:318448kB inactive_anon:100kB active_file:7520kB inactive_file:15528kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:47128kB dirty:240kB writeback:0kB shmem:140kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:640kB low:800kB high:960kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 886 886 886 Node 0 DMA32 free:627564kB min:36536kB low:45668kB high:54800kB active_anon:127176kB inactive_anon:96kB active_file:6632kB inactive_file:3376kB unevictable:0kB writepending:180kB present:1032192kB managed:909748kB mlocked:0kB kernel_stack:3680kB pagetables:1360kB bounce:0kB free_pcp:1928kB local_pcp:168kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 1 DMA32 free:272924kB min:30404kB low:38004kB high:45604kB active_anon:318540kB inactive_anon:108kB active_file:7520kB inactive_file:15528kB unevictable:0kB writepending:240kB present:1048560kB managed:755216kB mlocked:0kB kernel_stack:1920kB pagetables:1992kB bounce:0kB free_pcp:2080kB local_pcp:668kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 39*4kB (UM) 286*8kB (UME) 308*16kB (UME) 923*32kB (UME) 466*64kB (UME) 66*128kB (M) 5*256kB (ME) 3*512kB (ME) 7*1024kB (UM) 4*2048kB (UM) 130*4096kB (UM) = 625836kB Node 1 DMA32: 85*4kB (UME) 455*8kB (UME) 265*16kB (UME) 277*32kB (UME) 387*64kB (UME) 51*128kB (UME) 24*256kB (UME) 16*512kB (UM) 10*1024kB (UME) 4*2048kB (UME) 45*4096kB (UM) = 265468kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 8460 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 524186 pages RAM 0 pages HighMem/MovableOnly 103968 pages reserved syz-executor0: vmalloc: allocation failure: 4833356120 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor0 cpuset=/ mems_allowed=0-1 CPU: 3 PID: 10592 Comm: syz-executor0 Not tainted 4.13.0-rc6-next-20170825+ #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254 __vmalloc_node_range+0x599/0x730 mm/vmalloc.c:1781 __vmalloc_node mm/vmalloc.c:1810 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1832 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:529 [inline] kvmalloc_array include/linux/mm.h:545 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:692 do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline] do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1669 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1251 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2800 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2970 SYSC_setsockopt net/socket.c:1852 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1831 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x446749 RSP: 002b:00007fa8bb54bc08 EFLAGS: 00000296 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000018 RCX: 0000000000446749 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000018 RBP: 0000000000a5f870 R08: 0000000000000056 R09: 0000000000000000 R10: 0000000020006000 R11: 0000000000000296 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fa8bb54c9c0 R15: 00007fa8bb54c700 sctp: [Deprecated]: syz-executor5 (pid 10705) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor5 (pid 10743) Use of int in maxseg socket option. Use struct sctp_assoc_value instead *** Guest State *** CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000000 RIP = 0x000000000000fff0 RFLAGS=0x00010000 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GDTR: limit=0x0000ffff, base=0x0000000000000000 LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 IDTR: limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 BndCfgS = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811b8fd7 RSP = 0xffff8800510d74c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f9fc215c700 GSBase=ffff88006df00000 TRBase=ffff88003ed23100 GDTBase=ffffffffff576000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=000000003a3f4000 CR4=00000000000026e0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84da5a70 EFER = 0x0000000000000d01 PAT = 0x0007040600070406 *** Control State *** PinBased=0000003f CPUBased=b6e1edfa SecondaryExec=000000e3 EntryControls=0001d1ff ExitControls=00afefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=8000030e errcode=00008634 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffd9ebe32010 TPR Threshold = 0x00 EPT pointer = 0x000000006d39801e Virtual processor ID = 0x0102 sctp: [Deprecated]: syz-executor4 (pid 10876) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead QAT: Invalid ioctl QAT: Invalid ioctl sctp: [Deprecated]: syz-executor4 (pid 10876) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl device syz5 entered promiscuous mode device lo entered promiscuous mode device  entered promiscuous mode device  left promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=25263 sclass=netlink_route_socket pig=10965 comm=syz-executor0 device  entered promiscuous mode device  left promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=25263 sclass=netlink_route_socket pig=10987 comm=syz-executor0 TCP: request_sock_TCPv6: Possible SYN flooding on port 20009. Sending cookies. Check SNMP counters. sock: sock_set_timeout: `syz-executor5' (pid 11105) tries to set negative timeout nla_parse: 21 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. sock: sock_set_timeout: `syz-executor5' (pid 11124) tries to set negative timeout netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. kvm: emulating exchange as write netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'.