9pnet_virtio: no channels available for device ./file0 ================================================================== BUG: KASAN: use-after-free in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801c8cec050 BUG: KASAN: use-after-free in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801c8cec050 BUG: KASAN: use-after-free in static_key_count include/linux/jump_label.h:174 [inline] at addr ffff8801c8cec050 BUG: KASAN: use-after-free in static_key_false include/linux/jump_label.h:184 [inline] at addr ffff8801c8cec050 BUG: KASAN: use-after-free in perf_sw_event include/linux/perf_event.h:1039 [inline] at addr ffff8801c8cec050 BUG: KASAN: use-after-free in __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 at addr ffff8801c8cec050 Read of size 8 by task syz-executor1/13333 CPU: 0 PID: 13333 Comm: syz-executor1 Not tainted 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d4cdfd88 ffffffff81d90429 ffff8801da155140 ffff8801c8cec000 ffff8801c8cec0b8 ffffed003919d80a ffff8801c8cec050 ffff8801d4cdfdb0 ffffffff8153a3ac ffffed003919d80a ffff8801da155140 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [] print_address_description mm/kasan/report.c:198 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:330 [inline] [] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330 [] __read_once_size include/linux/compiler.h:243 [inline] [] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [] static_key_count include/linux/jump_label.h:174 [inline] [] static_key_false include/linux/jump_label.h:184 [inline] [] perf_sw_event include/linux/perf_event.h:1039 [inline] [] __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 Object at ffff8801c8cec000, in cache vm_area_struct size: 184 Allocated: PID = 13333 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 kmem_cache_zalloc include/linux/slab.h:626 [inline] mmap_region+0x587/0xfd0 mm/mmap.c:1662 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2018 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 13344 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2958 [inline] kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980 remove_vma+0x11d/0x160 mm/mmap.c:175 remove_vma_list mm/mmap.c:2482 [inline] do_munmap+0x7ff/0xeb0 mm/mmap.c:2705 mmap_region+0x14d/0xfd0 mm/mmap.c:1635 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2018 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff8801c8cebf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8801c8cebf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8801c8cec000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8801c8cec080: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fb ffff8801c8cec100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== device tunl0 entered promiscuous mode device lo left promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=13573 comm=syz-executor1 nla_parse: 9 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. binder: 13610:13612 ioctl c08c5335 209dcf74 returned -22 binder: 13610:13612 ioctl 80084503 20664000 returned -22 binder: 13610:13612 ioctl c08c5335 209dcf74 returned -22 binder: 13610:13612 ioctl 80084503 20664000 returned -22 IPVS: length: 24 != 8 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=13737 comm=syz-executor2 Option 'Þ¾š„'' to dns_resolver key: bad/missing value SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=13737 comm=syz-executor2 syz-executor3: vmalloc: allocation failure: 17179869168 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 1 PID: 13784 Comm: syz-executor3 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c71c7880 ffffffff81d90429 1ffff10038e38f13 ffff8801a84eb000 ffffffff83ab7d80 0000000000000001 0000000000400000 ffff8801c71c7990 ffffffff8144ead2 024000c2580ef237 0000000041b58ab3 ffffffff8419115d Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3054 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e30 net/ipv4/netfilter/ip_tables.c:700 [] do_replace net/ipv4/netfilter/ip_tables.c:1151 [inline] [] do_ipt_set_ctl+0x2be/0x470 net/ipv4/netfilter/ip_tables.c:1687 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1243 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:88951 inactive_anon:40 isolated_anon:0 active_file:3731 inactive_file:6599 isolated_file:0 unevictable:0 dirty:0 writeback:12 unstable:0 slab_reclaimable:6284 slab_unreclaimable:52219 mapped:22797 shmem:77 pagetables:798 bounce:0 free:1451218 free_pcp:422 free_cma:0 Node 0 active_anon:343412kB inactive_anon:160kB active_file:14924kB inactive_file:26396kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91088kB dirty:0kB writeback:48kB shmem:308kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 59392kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2910 6411 6411 DMA32 free:2981144kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:700kB local_pcp:48kB free_cma:0kB lowmem_reserve[]: 0 0 3501[ 89.546266] syz-executor3: vmalloc: allocation failure: 17179869168 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 1 PID: 13838 Comm: syz-executor3 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c956f880 ffffffff81d90429 1ffff100392adf13 ffff8801c9560000 ffffffff83ab7d80 0000000000000001 0000000000400000 ffff8801c956f990 ffffffff8144ead2 024000c2d26f1b80 0000000041b58ab3 ffffffff8419115dCall Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3054 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e30 net/ipv4/netfilter/ip_tables.c:700 [] do_replace net/ipv4/netfilter/ip_tables.c:1151 [inline] [] do_ipt_set_ctl+0x2be/0x470 net/ipv4/netfilter/ip_tables.c:1687 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1243 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:84284 inactive_anon:40 isolated_anon:0 active_file:3731 inactive_file:6599 isolated_file:0 unevictable:0 dirty:30 writeback:0 unstable:0 slab_reclaimable:6316 slab_unreclaimable:53052 mapped:22770 shmem:77 pagetables:750 bounce:0 free:1455072 free_pcp:478 free_cma:0 Node 0 active_anon:337136kB inactive_anon:160kB active_file:14924kB inactive_file:26396kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91080kB dirty:120kB writeback:0kB shmem:308kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 73728kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 0 2910 6411 6411DMA32 free:2981144kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:700kB local_pcp:652kB free_cma:0kB 0 0 3501 3501Normal free:2823236kB min:36816kB low:46020kB high:55224kB active_anon:337136kB inactive_anon:160kB active_file:14924kB inactive_file:26396kB unevictable:0kB writepending:112kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:25264kB slab_unreclaimable:212208kB kernel_stack:5952kB pagetables:3000kB bounce:0kB free_pcp:1212kB local_pcp:556kB free_cma:0kB 0 0 0 0DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 10406 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved SELinux: unrecognized netlink message: protocol=6 nlmsg_type=133 sclass=netlink_xfrm_socket pig=13873 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=133 sclass=netlink_xfrm_socket pig=13873 comm=syz-executor2 3501Normal free:2849580kB min:36816kB low:46020kB high:55224kB active_anon:309672kB inactive_anon:152kB active_file:14944kB inactive_file:26412kB unevictable:0kB writepending:260kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:25400kB slab_unreclaimable:214864kB kernel_stack:5408kB pagetables:2712kB bounce:0kB free_pcp:1064kB local_pcp:432kB free_cma:0kB DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 10415 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device gre0 entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor7'. FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 14134 Comm: syz-executor5 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d66a7930 ffffffff81d90429 ffff8801d66a7c10 0000000000000000 ffff8801aa1ec290 ffff8801d66a7b00 ffff8801aa1ec180 ffff8801d66a7b28 ffffffff8165e3c7 0000000000000001 ffff8801d66a7a80 00000001c64ce067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 14145 Comm: syz-executor5 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d561f920 ffffffff81d90429 ffff8801d561fc00 0000000000000000 ffff8801aa1ec290 ffff8801d561faf0 ffff8801aa1ec180 ffff8801d561fb18 ffffffff8165e3c7 0000000000000000 ffff8801d561fa70 00000001c64ce067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 14134 Comm: syz-executor5 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d66a7920 ffffffff81d90429 ffff8801d66a7c00 0000000000000000 ffff8801c9f4b790 ffff8801d66a7af0 ffff8801c9f4b680 ffff8801d66a7b18 ffffffff8165e3c7 0000000000000000 ffff8801d66a7a70 00000001a94b1067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 FAULT_FLAG_ALLOW_RETRY missing 30 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 14145 Comm: syz-executor5 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d561f900 ffffffff81d90429 ffff8801d561fbe0 0000000000000000 ffff8801c9f4b790 ffff8801d561fad0 ffff8801c9f4b680 ffff8801d561faf8 ffffffff8165e3c7 ffffffff00000002 ffff8801000000c8 0000002200000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] copy_from_user arch/x86/include/asm/uaccess.h:702 [inline] [] SYSC_timerfd_settime fs/timerfd.c:542 [inline] [] SyS_timerfd_settime+0xb0/0x190 fs/timerfd.c:535 [] entry_SYSCALL_64_fastpath+0x23/0xc6 ?: renamed from tunl0 IPVS: Creating netns size=2536 id=29 netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode tmpfs: No value for mount option '‹' tmpfs: No value for mount option '‹' device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 syz-executor2: vmalloc: allocation failure: 17179869168 bytes[ 93.810019] selinux_nlmsg_perm: 3 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59136 sclass=netlink_route_socket pig=14855 comm=syz-executor5 , mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59136 sclass=netlink_route_socket pig=14865 comm=syz-executor5 CPU: 1 PID: 14857 Comm: syz-executor2 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ced87880 ffffffff81d90429 1ffff10039db0f13 ffff8801c9ab9800 ffffffff83ab7d80 0000000000000001 0000000000400000 ffff8801ced87990 ffffffff8144ead2 024000c295d3e5c9 0000000041b58ab3 ffffffff8419115d Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3054 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e30 net/ipv4/netfilter/ip_tables.c:700 [] do_replace net/ipv4/netfilter/ip_tables.c:1151 [inline] [] do_ipt_set_ctl+0x2be/0x470 net/ipv4/netfilter/ip_tables.c:1687 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1243 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:80701 inactive_anon:38 isolated_anon:0 active_file:3753 inactive_file:6622 isolated_file:0 unevictable:0 dirty:87 writeback:0 unstable:0 slab_reclaimable:5774 slab_unreclaimable:26556 mapped:22774 shmem:77 pagetables:745 bounce:0 free:1485983 free_pcp:401 free_cma:0 Node 0 active_anon:314412kB inactive_anon:152kB active_file:15012kB inactive_file:26504kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91084kB dirty:364kB writeback:0kB shmem:308kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2910 6411 6411 DMA32 free:2981144kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:700kB local_pcp:652kB free_cma:0kB syz-executor2: vmalloc: allocation failure: 17179869168 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 14902 Comm: syz-executor2 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c6287880 ffffffff81d90429 1ffff10038c50f13 ffff8801cf13c800 ffffffff83ab7d80 0000000000000001 0000000000400000 ffff8801c6287990 ffffffff8144ead2 024000c2b68fcf73 0000000041b58ab3 ffffffff8419115d Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3054 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e30 net/ipv4/netfilter/ip_tables.c:700 [] do_replace net/ipv4/netfilter/ip_tables.c:1151 [inline] [] do_ipt_set_ctl+0x2be/0x470 net/ipv4/netfilter/ip_tables.c:1687 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1243 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:79653 inactive_anon:38 isolated_anon:0 active_file:3753 inactive_file:6626 isolated_file:0 unevictable:0 dirty:91 writeback:0 unstable:0 slab_reclaimable:5774 slab_unreclaimable:26729 mapped:22771 shmem:77 pagetables:728 bounce:0 free:1486933 free_pcp:361 free_cma:0 Node 0 active_anon:318612kB inactive_anon:152kB active_file:15012kB inactive_file:26504kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91084kB dirty:364kB writeback:0kB shmem:308kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB DMA32 free:2981144kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:700kB local_pcp:48kB free_cma:0kB Normal free:2950680kB min:36816kB low:46020kB high:55224kB active_anon:318612kB inactive_anon:152kB active_file:15012kB inactive_file:26504kB unevictable:0kB writepending:364kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:23096kB slab_unreclaimable:106916kB kernel_stack:5824kB pagetables:2912kB bounce:0kB free_pcp:744kB local_pcp:580kB free_cma:0kB DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 10455 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved lowmem_reserve[]: 0 0 3501 3501 Normal free:2958256kB min:36816kB low:46020kB high:55224kB active_anon:310200kB inactive_anon:152kB active_file:15012kB inactive_file:26528kB unevictable:0kB writepending:396kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:23160kB slab_unreclaimable:108608kB kernel_stack:5408kB pagetables:2656kB bounce:0kB free_pcp:816kB local_pcp:160kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 3*32kB (M) 4*64kB (M) 3*128kB (M) 2*256kB (M) 2*512kB (M) 1*1024kB (M) 2*2048kB (M) 726*4096kB (M) = 2981144kB Normal: 1150*4kB (UME) 1427*8kB (UME) 830*16kB (UME) 481*32kB (UME) 1579*64kB (UME) 317*128kB (UME) 50*256kB (UE) 11*512kB (UME) 3*1024kB (UME) 1*2048kB (M) 671*4096kB (UM) = 2958288kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 10463 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved nla_parse: 9 callbacks suppressed netlink: 73 bytes leftover after parsing attributes in process `syz-executor1'. sd 0:0:1:0: [sg0] tag#408 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#408 CDB: opcode=0xff (vendor) sd 0:0:1:0: [sg0] tag#408 CDB[00]: ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#408 CDB[10]: 00 00 00 00 10 27 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#408 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#408 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#408 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#408 CDB: opcode=0xff (vendor) sd 0:0:1:0: [sg0] tag#408 CDB[00]: ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#408 CDB[10]: 00 00 00 00 10 27 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#408 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#408 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 netlink: 73 bytes leftover after parsing attributes in process `syz-executor1'. sg_write: data in/out 9969/38 bytes for SCSI command 0x8-- guessing data in; program syz-executor5 not setting count and/or reply_len properly device gre0 entered promiscuous mode device gre0 entered promiscuous mode binder: 15181:15184 ioctl c0286404 20c0dfd8 returned -22 binder: 15181:15184 ioctl c0286404 20c0dfd8 returned -22 device lo entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pig=15293 comm=syz-executor4 netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pig=15293 comm=syz-executor4 IPVS: Creating netns size=2536 id=30 qtaguid: iface_stat: create(lo): no inet dev qtaguid: iface_stat: create6(lo): no inet dev IPVS: Creating netns size=2536 id=31 IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev IPVS: Creating netns size=2536 id=32 netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads