suspicious RCU usage at ./include/net/inet_sock.h:LINE

[syzbot]

Hello,

syzkaller hit the following crash on
5a3517e009e979f21977d362212b7729c5165d92
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.





=============================
WARNING: suspicious RCU usage
4.14.0-rc7-next-20171103+ #10 Not tainted
-----------------------------
./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor0/836:
#0: (sk_lock-AF_INET6){+.+.}, at: [<ffffffff840fe133>] lock_sock
include/net/sock.h:1461 [inline]
#0: (sk_lock-AF_INET6){+.+.}, at: [<ffffffff840fe133>]
sock_setsockopt+0x163/0x1ae0 net/core/sock.c:715

stack backtrace:
CPU: 0 PID: 836 Comm: syz-executor0 Not tainted 4.14.0-rc7-next-20171103+
#10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4675
ireq_opt_deref include/net/inet_sock.h:135 [inline]
inet_csk_route_req+0x82a/0xca0 net/ipv4/inet_connection_sock.c:544
dccp_v4_send_response+0xa7/0x640 net/dccp/ipv4.c:485
dccp_v4_conn_request+0x9f4/0x11b0 net/dccp/ipv4.c:633
dccp_v6_conn_request+0xd30/0x1350 net/dccp/ipv6.c:317
dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612
dccp_v4_do_rcv+0xeb/0x160 net/dccp/ipv4.c:682
dccp_v6_do_rcv+0x81a/0x9b0 net/dccp/ipv6.c:578
sk_backlog_rcv include/net/sock.h:909 [inline]
__release_sock+0x124/0x360 net/core/sock.c:2264
release_sock+0xa4/0x2a0 net/core/sock.c:2776
sock_setsockopt+0x513/0x1ae0 net/core/sock.c:1066
SYSC_setsockopt net/socket.c:1847 [inline]
SyS_setsockopt+0x2ff/0x360 net/socket.c:1830
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x447c89
RSP: 002b:00007f86cc482bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f86cc4836cc RCX: 0000000000447c89
RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000013
RBP: 0000000000000086 R08: 0000000000000010 R09: 0000000000000000
R10: 0000000020c3a000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000006c0 R14: 00000000006e4760 R15: 00007f86cc483700

=============================
WARNING: suspicious RCU usage
4.14.0-rc7-next-20171103+ #10 Not tainted
-----------------------------
./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor0/836:
#0: (sk_lock-AF_INET6){+.+.}, at: [<ffffffff840fe133>] lock_sock
include/net/sock.h:1461 [inline]
#0: (sk_lock-AF_INET6){+.+.}, at: [<ffffffff840fe133>]
sock_setsockopt+0x163/0x1ae0 net/core/sock.c:715

stack backtrace:
CPU: 0 PID: 836 Comm: syz-executor0 Not tainted 4.14.0-rc7-next-20171103+
#10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4675
ireq_opt_deref include/net/inet_sock.h:135 [inline]
dccp_v4_send_response+0x4b0/0x640 net/dccp/ipv4.c:496
dccp_v4_conn_request+0x9f4/0x11b0 net/dccp/ipv4.c:633
dccp_v6_conn_request+0xd30/0x1350 net/dccp/ipv6.c:317
dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612
dccp_v4_do_rcv+0xeb/0x160 net/dccp/ipv4.c:682
dccp_v6_do_rcv+0x81a/0x9b0 net/dccp/ipv6.c:578
sk_backlog_rcv include/net/sock.h:909 [inline]
__release_sock+0x124/0x360 net/core/sock.c:2264
release_sock+0xa4/0x2a0 net/core/sock.c:2776
sock_setsockopt+0x513/0x1ae0 net/core/sock.c:1066
SYSC_setsockopt net/socket.c:1847 [inline]
SyS_setsockopt+0x2ff/0x360 net/socket.c:1830
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x447c89
RSP: 002b:00007f86cc482bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f86cc4836cc RCX: 0000000000447c89
RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000013
RBP: 0000000000000086 R08: 0000000000000010 R09: 0000000000000000
R10: 0000000020c3a000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000006c0 R14: 00000000006e4760 R15: 00007f86cc483700
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=864 comm=syz-executor4
device gre0 entered promiscuous mode
audit: type=1326 audit(1509843339.583:8923): auid=4294967295 uid=0 gid=0
ses=4294967295 subj=kernel pid=956 comm="syz-executor6"
exe="/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x447c89
code=0xffff0000
Started in network mode
Own node address <64.15.3901>, network identity 4711
QAT: Invalid ioctl
device eql entered promiscuous mode
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535
sclass=netlink_route_socket pig=1220 comm=syz-executor4
syz-executor6: vmalloc: allocation failure: 4833356120 bytes,
mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
syz-executor6 cpuset=/ mems_allowed=0-1
CPU: 2 PID: 1253 Comm: syz-executor6 Not tainted 4.14.0-rc7-next-20171103+
#10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3265
__vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775
__vmalloc_node mm/vmalloc.c:1804 [inline]
__vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826
kvmalloc_node+0x82/0xd0 mm/util.c:406
kvmalloc include/linux/mm.h:539 [inline]
kvmalloc_array include/linux/mm.h:555 [inline]
xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774
translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:686
do_replace net/ipv4/netfilter/ip_tables.c:1149 [inline]
do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1683
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1256
tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2877
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2965
SYSC_setsockopt net/socket.c:1851 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1830
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x447c89
RSP: 002b:00007f5954db7bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f5954db86cc RCX: 0000000000447c89
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000014
RBP: 0000000000000086 R08: 0000000000000056 R09: 0000000000000000
R10: 0000000020006000 R11: 0000000000000246 R12: 0000000000748048
R13: 0000000000005568 R14: 00000000006e9608 R15: 00007f5954db8700
warn_alloc_show_mem: 1 callbacks suppressed
Mem-Info:
active_anon:120735 inactive_anon:90 isolated_anon:0
active_file:4006 inactive_file:9199 isolated_file:0
unevictable:0 dirty:79 writeback:0 unstable:0
slab_reclaimable:8560 slab_unreclaimable:44010
mapped:22880 shmem:379 pagetables:885 bounce:0
free:202148 free_pcp:1073 free_cma:0
Node 0 active_anon:188676kB inactive_anon:172kB active_file:8232kB
inactive_file:28804kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:41344kB dirty:184kB writeback:0kB shmem:368kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 4096kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? no
Node 1 active_anon:294264kB inactive_anon:188kB active_file:7792kB
inactive_file:7992kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:50176kB dirty:132kB writeback:0kB shmem:1148kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 30720kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? no
Node 0 DMA free:15908kB min:640kB low:800kB high:960kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15992kB managed:15908kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
free_cma:0kB
lowmem_reserve[]: 0 882 882 882
Node 0 DMA32 free:543392kB min:36464kB low:45580kB high:54696kB
active_anon:188676kB inactive_anon:172kB active_file:8232kB
inactive_file:28804kB unevictable:0kB writepending:184kB present:1032192kB
managed:905808kB mlocked:0kB kernel_stack:2432kB pagetables:1504kB
bounce:0kB free_pcp:1876kB local_pcp:684kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 1 DMA32 free:249292kB min:30476kB low:38092kB high:45708kB
active_anon:294264kB inactive_anon:188kB active_file:7792kB
inactive_file:7992kB unevictable:0kB writepending:132kB present:1048560kB
managed:755124kB mlocked:0kB kernel_stack:3168kB pagetables:2036kB
bounce:0kB free_pcp:2416kB local_pcp:656kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U)
1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 280*4kB (UME) 278*8kB (UME) 200*16kB (UME) 282*32kB (UME)
521*64kB (UME) 144*128kB (UM) 36*256kB (UME) 16*512kB (UM) 10*1024kB (UM)
1*2048kB (U) 109*4096kB (UM) = 543504kB
Node 1 DMA32: 281*4kB (UME) 409*8kB (UM) 269*16kB (UME) 420*32kB (UM)
429*64kB (UM) 70*128kB (ME) 9*256kB (UME) 20*512kB (UM) 18*1024kB (UME)
6*2048kB (UM) 36*4096kB (M) = 249276kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
13583 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
524186 pages RAM
0 pages HighMem/MovableOnly
104976 pages reserved
syz-executor6: vmalloc: allocation failure: 4833356120 bytes,
mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
syz-executor6 cpuset=/ mems_allowed=0-1
CPU: 2 PID: 1253 Comm: syz-executor6 Not tainted 4.14.0-rc7-next-20171103+
#10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3265
__vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775
__vmalloc_node mm/vmalloc.c:1804 [inline]
__vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826
kvmalloc_node+0x82/0xd0 mm/util.c:406
kvmalloc include/linux/mm.h:539 [inline]
kvmalloc_array include/linux/mm.h:555 [inline]
xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774
translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:686
do_replace net/ipv4/netfilter/ip_tables.c:1149 [inline]
do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1683
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1256
tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2877
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2965
SYSC_setsockopt net/socket.c:1851 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1830
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x447c89
RSP: 002b:00007f5954db7bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f5954db86cc RCX: 0000000000447c89
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 000000000000001c
RBP: 0000000000000086 R08: 0000000000000056 R09: 0000000000000000
R10: 0000000020006000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000006ea0 R14: 00000000006eaf40 R15: 00007f5954db8700
SELinux: unknown mount option
SELinux: unknown mount option
device gre0 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=274
sclass=netlink_route_socket pig=1422 comm=syz-executor4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=274
sclass=netlink_route_socket pig=1422 comm=syz-executor4
QAT: Invalid ioctl
sd 0:0:0:0: tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
sd 0:0:0:0: tag#0 Sense Key : No Sense [current]
sd 0:0:0:0: tag#0 Add. Sense: No additional sense information
sd 0:0:0:0: tag#0 CDB: Request Sense 03 00 00 00 71 75
QAT: Invalid ioctl
sd 0:0:0:0: tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
sd 0:0:0:0: tag#0 Sense Key : No Sense [current]
sd 0:0:0:0: tag#0 Add. Sense: No additional sense information
sd 0:0:0:0: tag#0 CDB: Request Sense 03 00 00 00 71 75
syz-executor4: vmalloc: allocation failure: 4833356120 bytes,
mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
syz-executor4 cpuset=/ mems_allowed=0-1
CPU: 0 PID: 1601 Comm: syz-executor4 Not tainted 4.14.0-rc7-next-20171103+
#10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3265
__vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775
__vmalloc_node mm/vmalloc.c:1804 [inline]
__vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826
kvmalloc_node+0x82/0xd0 mm/util.c:406
kvmalloc include/linux/mm.h:539 [inline]
kvmalloc_array include/linux/mm.h:555 [inline]
xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774
translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:686
do_replace net/ipv4/netfilter/ip_tables.c:1149 [inline]
do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1683
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1256
tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2877
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2965
SYSC_setsockopt net/socket.c:1851 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1830
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x447c89
RSP: 002b:00007fdc14a73bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fdc14a746cc RCX: 0000000000447c89
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000019
RBP: 0000000000000086 R08: 0000000000000056 R09: 0000000000000000
R10: 0000000020006000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000007ed8 R14: 00000000006ebf78 R15: 00007fdc14a74700
warn_alloc_show_mem: 1 callbacks suppressed
Mem-Info:
active_anon:117117 inactive_anon:90 isolated_anon:0
active_file:4007 inactive_file:9240 isolated_file:0
unevictable:0 dirty:136 writeback:0 unstable:0
slab_reclaimable:8483 slab_unreclaimable:40145
mapped:22881 shmem:379 pagetables:837 bounce:0
free:209890 free_pcp:884 free_cma:0
Node 0 active_anon:169944kB inactive_anon:172kB active_file:8232kB
inactive_file:28844kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:41276kB dirty:352kB writeback:0kB shmem:368kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 14336kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? no
Node 1 active_anon:298524kB inactive_anon:188kB active_file:7796kB
inactive_file:8116kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:50248kB dirty:192kB writeback:0kB shmem:1148kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 65536kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? no
Node 0 DMA free:15908kB min:640kB low:800kB high:960kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15992kB managed:15908kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
free_cma:0kB
lowmem_reserve[]: 0 882 882 882
Node 0 DMA32 free:551396kB min:36464kB low:45580kB high:54696kB
active_anon:169944kB inactive_anon:172kB active_file:8232kB
inactive_file:28844kB unevictable:0kB writepending:352kB present:1032192kB
managed:905808kB mlocked:0kB kernel_stack:2368kB pagetables:1372kB
bounce:0kB free_pcp:1892kB local_pcp:380kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 1 DMA32 free:265528kB min:30476kB low:38092kB high:45708kB
active_anon:304784kB inactive_anon:188kB active_file:7796kB
inactive_file:8116kB unevictable:0kB writepending:192kB present:1048560kB
managed:755124kB mlocked:0kB kernel_stack:3360kB pagetables:1976kB
bounce:0kB free_pcp:1704kB local_pcp:624kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U)
1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 283*4kB (UME) 197*8kB (UME) 203*16kB (UME) 228*32kB (UME)
432*64kB (ME) 112*128kB (UM) 38*256kB (UME) 16*512kB (UM) 11*1024kB (UM)
2*2048kB (UM) 113*4096kB (UM) = 551364kB
Node 1 DMA32: 194*4kB (UME) 725*8kB (UME) 502*16kB (UME) 485*32kB (UM)
522*64kB (UM) 144*128kB (UME) 15*256kB (UME) 23*512kB (UM) 18*1024kB (UME)
3*2048kB (U) 35*4096kB (M) = 265520kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
13625 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
524186 pages RAM
0 pages HighMem/MovableOnly
104976 pages reserved
syz-executor4: vmalloc: allocation failure: 4833356120 bytes,
mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
syz-executor4 cpuset=/ mems_allowed=0-1
CPU: 0 PID: 1612 Comm: syz-executor4 Not tainted 4.14.0-rc7-next-20171103+
#10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3265
__vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775
__vmalloc_node mm/vmalloc.c:1804 [inline]
__vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826
kvmalloc_node+0x82/0xd0 mm/util.c:406
kvmalloc include/linux/mm.h:539 [inline]
kvmalloc_array include/linux/mm.h:555 [inline]
xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774
translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:686
do_replace net/ipv4/netfilter/ip_tables.c:1149 [inline]
do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1683
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1256
tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2877
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2965
SYSC_setsockopt net/socket.c:1851 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1830
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x447c89
RSP: 002b:00007fdc14a10bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fdc14a116cc RCX: 0000000000447c89
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000019
RBP: 0000000000000086 R08: 0000000000000056 R09: 0000000000000000
R10: 0000000020006000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000028b0 R14: 00000000006e6950 R15: 00007fdc14a11700
loop_reread_partitions: partition scan of loop0
(2�]� fI� ��� �B�!S ,��D�') failed (rc=-13)
loop: Write error at byte offset 18446744073709547520, length 512.
print_req_error: I/O error, dev loop0, sector 0
Buffer I/O error on dev loop0, logical block 0, lost async page write
loop_reread_partitions: partition scan of loop0 () failed (rc=-13)
loop_reread_partitions: partition scan of loop0
(2�]� fI� ��� �B�!S ,��D�') failed (rc=-13)
loop_reread_partitions: partition scan of loop0 () failed (rc=-13)
loop_reread_partitions: partition scan of loop0
(2�]� fI� ��� �B�!S ,��D�') failed (rc=-13)
loop: Write error at byte offset 18446744073709547520, length 512.
print_req_error: I/O error, dev loop0, sector 0
Buffer I/O error on dev loop0, logical block 0, lost async page write
Buffer I/O error on dev loop0, logical block 0, lost async page write
loop_reread_partitions: partition scan of loop0 () failed (rc=-13)
device gre0 entered promiscuous mode
QAT: Invalid ioctl
nla_parse: 7 callbacks suppressed
netlink: 8 bytes leftover after parsing attributes in process
`syz-executor0'.
QAT: Invalid ioctl
netlink: 8 bytes leftover after parsing attributes in process
`syz-executor0'.
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): lo: link is not ready
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=1827 comm=syz-executor4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=1828 comm=syz-executor4
device lo left promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): lo: link is not ready
device lo left promiscuous mode
RDS: rds_bind could not find a transport for 172.20.1.170, load rds_tcp or
rds_rdma?
audit: type=1326 audit(1509843344.624:8924): auid=4294967295 uid=0 gid=0
ses=4294967295 subj=kernel pid=1892 comm="syz-executor0"
exe="/syz-executor0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x447c89
code=0x0
audit: type=1326 audit(1509843344.736:8925): auid=4294967295 uid=0 gid=0
ses=4294967295 subj=kernel pid=1892 comm="syz-executor0"
exe="/syz-executor0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x447c89
code=0x0
RDS: rds_bind could not find a transport for 172.20.1.170, load rds_tcp or
rds_rdma?
audit: type=1326 audit(1509843344.853:8926): auid=4294967295 uid=0 gid=0
ses=4294967295 subj=kernel pid=1961 comm="syz-executor4"
exe="/syz-executor4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x447c89
code=0xffff0000
sctp: [Deprecated]: syz-executor6 (pid 1981) Use of struct sctp_assoc_value
in delayed_ack socket option.
Use struct sctp_sack_info instead
audit: type=1326 audit(1509843344.991:8927): auid=4294967295 uid=0 gid=0
ses=4294967295 subj=kernel pid=1961 comm="syz-executor4"
exe="/syz-executor4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x447c89
code=0xffff0000
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
sg_write: data in/out 156/63 bytes for SCSI command 0x85-- guessing data in;
program syz-executor3 not setting count and/or reply_len properly
sg_write: data in/out 156/63 bytes for SCSI command 0x85-- guessing data in;
program syz-executor3 not setting count and/or reply_len properly
print_req_error: I/O error, dev loop0, sector 0
netlink: 11 bytes leftover after parsing attributes in process
`syz-executor0'.
print_req_error: I/O error, dev loop0, sector 0
netlink: 7 bytes leftover after parsing attributes in process
`syz-executor4'.
PF_BRIDGE: br_mdb_parse() with invalid attr
device gre0 entered promiscuous mode
netlink: 7 bytes leftover after parsing attributes in process
`syz-executor4'.
PF_BRIDGE: br_mdb_parse() with invalid attr
syz-executor1: vmalloc: allocation failure: 4833356120 bytes,
mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
syz-executor1 cpuset=/ mems_allowed=0-1
CPU: 1 PID: 2279 Comm: syz-executor1 Not tainted 4.14.0-rc7-next-20171103+
#10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3265
__vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775
__vmalloc_node mm/vmalloc.c:1804 [inline]
__vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826
kvmalloc_node+0x82/0xd0 mm/util.c:406
kvmalloc include/linux/mm.h:539 [inline]
kvmalloc_array include/linux/mm.h:555 [inline]
xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774
translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:686
do_replace net/ipv4/netfilter/ip_tables.c:1149 [inline]
do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1683
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1256
tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2877
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2965
SYSC_setsockopt net/socket.c:1851 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1830
do_syscall_64+0x26c/0x8d0 arch/x86/entry/common.c:287
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x447c89
RSP: 002b:00007f434c033bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f434c0346cc RCX: 0000000000447c89
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 000000000000001a
RBP: 0000000000748020 R08: 0000000000000056 R09: 0000000000000000
R10: 0000000020006000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000006ea0 R14: 00000000006eaf40 R15: 00007f434c034700
warn_alloc_show_mem: 1 callbacks suppressed
Mem-Info:
active_anon:125431 inactive_anon:116 isolated_anon:0
active_file:4012 inactive_file:9262 isolated_file:0
unevictable:0 dirty:131 writeback:0 unstable:0
slab_reclaimable:8535 slab_unreclaimable:40232
mapped:22907 shmem:414 pagetables:931 bounce:0
free:201027 free_pcp:1138 free_cma:0
Node 0 active_anon:168088kB inactive_anon:184kB active_file:8248kB
inactive_file:28860kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:41348kB dirty:320kB writeback:0kB shmem:380kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 34816kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? no
Node 1 active_anon:323364kB inactive_anon:280kB active_file:7800kB
inactive_file:8188kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:50280kB dirty:204kB writeback:0kB shmem:1276kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 47104kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? no
Node 0 DMA free:15908kB min:640kB low:800kB high:960kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15992kB managed:15908kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
free_cma:0kB
lowmem_reserve[]: 0 882 882 882
Node 0 DMA32 free:535484kB min:36464kB low:45580kB high:54696kB
active_anon:190728kB inactive_anon:184kB active_file:8248kB
inactive_file:28860kB unevictable:0kB writepending:320kB present:1032192kB
managed:905808kB mlocked:0kB kernel_stack:2528kB pagetables:1624kB
bounce:0kB free_pcp:1796kB local_pcp:76kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 1 DMA32 free:247084kB min:30476kB low:38092kB high:45708kB
active_anon:317136kB inactive_anon:280kB active_file:7800kB
inactive_file:8188kB unevictable:0kB writepending:204kB present:1048560kB
managed:755124kB mlocked:0kB kernel_stack:3360kB pagetables:2248kB
bounce:0kB free_pcp:2472kB local_pcp:732kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U)
1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 285*4kB (UME) 306*8kB (UME) 224*16kB (UME) 252*32kB (UME)
449*64kB (UME) 106*128kB (UM) 28*256kB (UME) 17*512kB (UM) 11*1024kB (UM)
2*2048kB (UM) 109*4096kB (UM) = 535236kB
Node 1 DMA32: 80*4kB (UME) 254*8kB (UME) 453*16kB (UME) 542*32kB (UME)
541*64kB (UME) 104*128kB (UM) 19*256kB (UME) 23*512kB (UM) 18*1024kB (UME)
4*2048kB (UM) 31*4096kB (M) = 245120kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
13687 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
524186 pages RAM
0 pages HighMem/MovableOnly
104976 pages reserved
syz-executor1: vmalloc: allocation failure: 4833356120 bytes,
mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
syz-executor1 cpuset=/ mems_allowed=0-1
CPU: 3 PID: 2292 Comm: syz-executor1 Not tainted 4.14.0-rc7-next-20171103+
#10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3265
__vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775
__vmalloc_node mm/vmalloc.c:1804 [inline]
__vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826
kvmalloc_node+0x82/0xd0 mm/util.c:406
kvmalloc include/linux/mm.h:539 [inline]
kvmalloc_array include/linux/mm.h:555 [inline]
xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774
translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:686
do_replace net/ipv4/netfilter/ip_tables.c:1149 [inline]
do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1683
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1256
tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2877
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2965
SYSC_setsockopt net/socket.c:1851 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1830
do_syscall_64+0x26c/0x8d0 arch/x86/entry/common.c:287
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x447c89
RSP: 002b:00007f434c012bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f434c0136cc RCX: 0000000000447c89
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 000000000000001a
RBP: 00000000007480d8 R08: 0000000000000056 R09: 0000000000000000
R10: 0000000020006000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000006ea0 R14: 00000000006eaf40 R15: 00007f434c013700
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=2368 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3250
sclass=netlink_route_socket pig=2400 comm=syz-executor4
netlink: 13 bytes leftover after parsing attributes in process
`syz-executor4'.
netlink: 4 bytes leftover after parsing attributes in process
`syz-executor5'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3250
sclass=netlink_route_socket pig=2400 comm=syz-executor4
netlink: 13 bytes leftover after parsing attributes in process
`syz-executor4'.
netlink: 3 bytes leftover after parsing attributes in process
`syz-executor7'.
netlink: 2 bytes leftover after parsing attributes in process
`syz-executor7'.
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=19564
sclass=netlink_route_socket pig=2485 comm=syz-executor4
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
A link change request failed with some changes committed already. Interface
lo may have been left with an inconsistent configuration, please check.
device eql entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
A link change request failed with some changes committed already. Interface
lo may have been left with an inconsistent configuration, please check.
device eql entered promiscuous mode
device eql entered promiscuous mode
loop_reread_partitions: partition scan of loop5
(���t�?�� `�� J�z�P[�� �p��>�TK6C � =�"��L� ��l��!� V�#�F-��') failed
(rc=-13)
����: renamed from syz3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=2863 comm=syz-executor5
loop_reread_partitions: partition scan of loop0
(- \� t�@�� r�9h �x G�Q:[��i�l �
�L�*� �@� ���R�-�T�r-�x�� ) failed (rc=-13)
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=3060 comm=syz-executor4
device eql entered promiscuous mode
device eql left promiscuous mode
device eql entered promiscuous mode
device eql left promiscuous mode
device syz5 left promiscuous mode
syz-executor4: vmalloc: allocation failure: 4833356120 bytes,
mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
syz-executor4 cpuset=/ mems_allowed=0-1
CPU: 0 PID: 3353 Comm: syz-executor4 Not tainted 4.14.0-rc7-next-20171103+
#10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3265
__vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775
__vmalloc_node mm/vmalloc.c:1804 [inline]
__vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826
kvmalloc_node+0x82/0xd0 mm/util.c:406
kvmalloc include/linux/mm.h:539 [inline]
kvmalloc_array include/linux/mm.h:555 [inline]
xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774
translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:686
do_replace net/ipv4/netfilter/ip_tables.c:1149 [inline]
do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1683
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1256
tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2877
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2965
SYSC_setsockopt net/socket.c:1851 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1830
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x447c89
RSP: 002b:00007fdc14ad6bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fdc14ad76cc RCX: 0000000000447c89
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000016
RBP: 0000000000000086 R08: 0000000000000056 R09: 0000000000000000
R10: 0000000020006000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000007ed8 R14: 00000000006ebf78 R15: 00007fdc14ad7700
warn_alloc_show_mem: 1 callbacks suppressed
Mem-Info:
active_anon:123384 inactive_anon:139 isolated_anon:0
active_file:4021 inactive_file:9265 isolated_file:0
unevictable:0 dirty:193 writeback:0 unstable:0
slab_reclaimable:8753 slab_unreclaimable:44702
mapped:22940 shmem:411 pagetables:931 bounce:0
free:198350 free_pcp:1135 free_cma:0
Node 0 active_anon:182480kB inactive_anon:272kB active_file:8284kB
inactive_file:28852kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:41476kB dirty:464kB writeback:0kB shmem:364kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? no
Node 1 active_anon:304756kB inactive_anon:284kB active_file:7800kB
inactive_file:8208kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:50284kB dirty:308kB writeback:0kB shmem:1280kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 88064kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? no
Node 0 DMA free:15908kB min:640kB low:800kB high:960kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15992kB managed:15908kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
free_cma:0kB
lowmem_reserve[]: 0 882 882 882
Node 0 DMA32 free:533660kB min:36464kB low:45580kB high:54696kB
active_anon:176324kB inactive_anon:272kB active_file:8284kB
inactive_file:28852kB unevictable:0kB writepending:464kB present:1032192kB
managed:905808kB mlocked:0kB kernel_stack:2368kB pagetables:1436kB
bounce:0kB free_pcp:2220kB local_pcp:432kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 1 DMA32 free:244272kB min:30476kB low:38092kB high:45708kB
active_anon:317068kB inactive_anon:284kB active_file:7800kB
inactive_file:8208kB unevictable:0kB writepending:308kB present:1048560kB
managed:755124kB mlocked:0kB kernel_stack:3360kB pagetables:2288kB
bounce:0kB free_pcp:2408kB local_pcp:708kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U)
1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 211*4kB (UM) 313*8kB (UM) 412*16kB (UM) 256*32kB (UME)
463*64kB (UME) 96*128kB (UM) 14*256kB (UME) 16*512kB (UM) 13*1024kB (UM)
4*2048kB (UM) 108*4096kB (M) = 535700kB
Node 1 DMA32: 134*4kB (UME) 211*8kB (UME) 476*16kB (UME) 543*32kB (UME)
544*64kB (UME) 82*128kB (UME) 18*256kB (UME) 24*512kB (UME) 17*1024kB (UM)
4*2048kB (U) 31*4096kB (M) = 242000kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
13696 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
524186 pages RAM
0 pages HighMem/MovableOnly
104976 pages reserved
device gre0 entered promiscuous mode
syz-executor4: vmalloc: allocation failure: 4833356120 bytes,
mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
syz-executor4 cpuset=/ mems_allowed=0-1
CPU: 0 PID: 3353 Comm: syz-executor4 Not tainted 4.14.0-rc7-next-20171103+
#10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3265
__vmalloc_node_range+0x4f0/0x650 mm/vmalloc.c:1775
__vmalloc_node mm/vmalloc.c:1804 [inline]
__vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826
kvmalloc_node+0x82/0xd0 mm/util.c:406
kvmalloc include/linux/mm.h:539 [inline]
kvmalloc_array include/linux/mm.h:555 [inline]
xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774
translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:686
do_replace net/ipv4/netfilter/ip_tables.c:1149 [inline]
do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1683
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1256
tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2877
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2965
SYSC_setsockopt net/socket.c:1851 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1830
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x447c89
RSP: 002b:00007fdc14ad6bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fdc14ad76cc RCX: 0000000000447c89
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 000000000000001f
RBP: 0000000000000086 R08: 0000000000000056 R09: 0000000000000000
R10: 0000000020006000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000005568 R14: 00000000006e9608 R15: 00007fdc14ad7700


---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>

syzbot will keep track of this bug report.
Once a fix for this bug is committed, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line.

[Dmitry Vyukov]

On Sun, Nov 5, 2017 at 11:35 AM, syzbot
<bot+79de6f09efc55fec08...@syzkaller.appspotmail.com>
wrote:

+dccp mailing list

> ---
> This bug is generated by a dumb bot. It may contain errors.
> See https://goo.gl/tpsmEJ for details.
> Direct all questions to syzk...@googlegroups.com.
> Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
>
> syzbot will keep track of this bug report.
> Once a fix for this bug is committed, please reply to this email with:
> #syz fix: exact-commit-title
> To mark this as a duplicate of another syzbot report, please reply with:
> #syz dup: exact-subject-of-another-report
> If it's a one-off invalid bug report, please reply with:
> #syz invalid
> Note: if the crash happens again, it will cause creation of a new bug
> report.
> Note: all commands must start from beginning of the line.
>

> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/001a1140ad88c4f006055d3836d2%40google.com.
> For more options, visit https://groups.google.com/d/optout.

[syzbot]

syzkaller has found reproducer for the following crash on
fba961ab29e5ffb055592442808bb0f7962e05da
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master

compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.

C reproducer is attached
syzkaller reproducer is attached. See https://goo.gl/kgGztJ
for information about syzkaller reproducers


Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable

=============================
WARNING: suspicious RCU usage

4.15.0-rc4+ #164 Not tainted

-----------------------------
./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1

1 lock held by syzkaller667189/5780:
#0: (sk_lock-AF_INET6){+.+.}, at: [<000000008d7d4e62>] lock_sock
include/net/sock.h:1462 [inline]
#0: (sk_lock-AF_INET6){+.+.}, at: [<000000008d7d4e62>]
do_ipv6_setsockopt.isra.9+0x23d/0x38f0 net/ipv6/ipv6_sockglue.c:167

stack backtrace:
CPU: 0 PID: 5780 Comm: syzkaller667189 Not tainted 4.15.0-rc4+ #164
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011

Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53

lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585
ireq_opt_deref include/net/inet_sock.h:135 [inline]
inet_csk_route_req+0x824/0xca0 net/ipv4/inet_connection_sock.c:544
dccp_v4_send_response+0xa7/0x640 net/dccp/ipv4.c:485
dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633

dccp_v6_conn_request+0xd30/0x1350 net/dccp/ipv6.c:317
dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612
dccp_v4_do_rcv+0xeb/0x160 net/dccp/ipv4.c:682
dccp_v6_do_rcv+0x81a/0x9b0 net/dccp/ipv6.c:578

sk_backlog_rcv include/net/sock.h:907 [inline]
__release_sock+0x124/0x360 net/core/sock.c:2274
release_sock+0xa4/0x2a0 net/core/sock.c:2789
do_ipv6_setsockopt.isra.9+0x50f/0x38f0 net/ipv6/ipv6_sockglue.c:898
ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922
dccp_setsockopt+0x85/0xd0 net/dccp/proto.c:573
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
SYSC_setsockopt net/socket.c:1821 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1800
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x445ec9
RSP: 002b:00007fa001b58db8 EFLAGS: 00000297 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00000000006dbc24 RCX: 0000000000445ec9
RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000004
RBP: 00000000006dbc20 R08: 0000000000000020 R09: 0000000000000000
R10: 000000002030a000 R11: 0000000000000297 R12: 0000000000000000
R13: 00007fff809eec1f R14: 00007fa001b599c0 R15: 0000000000000001

=============================
WARNING: suspicious RCU usage

4.15.0-rc4+ #164 Not tainted

-----------------------------
./include/net/inet_sock.h:136 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1

1 lock held by syzkaller667189/5780:
#0: (sk_lock-AF_INET6){+.+.}, at: [<000000008d7d4e62>] lock_sock
include/net/sock.h:1462 [inline]
#0: (sk_lock-AF_INET6){+.+.}, at: [<000000008d7d4e62>]
do_ipv6_setsockopt.isra.9+0x23d/0x38f0 net/ipv6/ipv6_sockglue.c:167

stack backtrace:
CPU: 0 PID: 5780 Comm: syzkaller667189 Not tainted 4.15.0-rc4+ #164
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011

Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53

lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585

ireq_opt_deref include/net/inet_sock.h:135 [inline]
dccp_v4_send_response+0x4b0/0x640 net/dccp/ipv4.c:496

dccp_v4_conn_request+0x9ee/0x11b0 net/dccp/ipv4.c:633

dccp_v6_conn_request+0xd30/0x1350 net/dccp/ipv6.c:317
dccp_rcv_state_process+0x574/0x1620 net/dccp/input.c:612
dccp_v4_do_rcv+0xeb/0x160 net/dccp/ipv4.c:682
dccp_v6_do_rcv+0x81a/0x9b0 net/dccp/ipv6.c:578

sk_backlog_rcv include/net/sock.h:907 [inline]
__release_sock+0x124/0x360 net/core/sock.c:2274
release_sock+0xa4/0x2a0 net/core/sock.c:2789
do_ipv6_setsockopt.isra.9+0x50f/0x38f0 net/ipv6/ipv6_sockglue.c:898
ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922
dccp_setsockopt+0x85/0xd0 net/dccp/proto.c:573
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
SYSC_setsockopt net/socket.c:1821 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1800
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x445ec9
RSP: 002b:00007fa001b58db8 EFLAGS: 00000297 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00000000006dbc24 RCX: 0000000000445ec9
RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000004
RBP: 00000000006dbc20 R08: 0000000000000020 R09: 0000000000000000
R10: 000000002030a000 R11: 0000000000000297 R12: 0000000000000000
R13: 00007fff809eec1f R14: 00007fa001b599c0 R15: 0000000000000001
net_ratelimit: 986 callbacks suppressed
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
net_ratelimit: 1063 callbacks suppressed
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable

[Eric Biggers]

syzbot stopped hitting this for some reason, but the bug is still there.
Here's a simplified reproducer that works on Linus' tree as of today:

#include <linux/in.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <unistd.h>

int main()
{
int is_parent = (fork() != 0);
for (;;) {
int fd = socket(AF_INET, SOCK_DCCP, 0);
struct sockaddr_in addr = {
.sin_family = AF_INET,
.sin_port = htobe16(0x4e23),
};
if (is_parent) {
connect(fd, (void *)&addr, sizeof(addr));
} else {
bind(fd, (void *)&addr, sizeof(addr));
listen(fd, 100);
setsockopt(fd, 0, 0xFFFF, NULL, 0);
}
close(fd);
}
}

[Dmitry Vyukov]

Still happens on the current upstream HEAD
e6506eb241871d68647c53cb6d0a16299550ae97.

[syzbot]

syzbot suspects this bug was fixed by commit:

commit 3f32d0be6c16b902b687453c962d17eea5b8ea19
Author: Parthasarathy Bhuvaragan <parthasarath...@ericsson.com>
Date: Tue Sep 25 20:09:10 2018 +0000

tipc: lock wakeup & inputq at tipc_link_reset()

bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1368cfa2600000
start commit: 464e1d5f
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=bace9f7ec244b823
dashboard link:
https://syzkaller.appspot.com/bug?extid=79de6f09efc55fec084b706de3c91e9457433ac5
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=126079e1800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=101499e1800000

If the result looks correct, please mark the bug fixed by replying with:

#syz fix: tipc: lock wakeup & inputq at tipc_link_reset()

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

[syzbot]

> #syz fix: tipc: lock wakeup & inputq at tipc_link_reset()

Your 'fix:' command is accepted, but please keep
syzkall...@googlegroups.com mailing list in CC next time. It serves as
a history of what happened with each bug report. Thank you.


>> -----Original Message-----
>> From: syzbot
>> <syzbot+79de6f09efc55fec...@syzkaller.appspotmail.com>
>> Sent: 7-Nov-19 08:42
>> To: da...@davemloft.net; dc...@vger.kernel.org; dvy...@google.com;
>> ebig...@gmail.com;
>> ger...@erg.abdn.ac.uk; Jon Maloy <jon....@ericsson.com>;
>> kuz...@ms2.inr.ac.ru; linux-
>> ker...@vger.kernel.org; net...@vger.kernel.org;
>> parthasarath...@ericsson.com; syzkaller-
>> bu...@googlegroups.com; tipc-di...@lists.sourceforge.net;
>> ying...@windriver.com;
>> yosh...@linux-ipv6.org
>> Subject: Re: suspicious RCU usage at ./include/net/inet_sock.h:LINE

>> syzbot suspects this bug was fixed by commit:

>> commit 3f32d0be6c16b902b687453c962d17eea5b8ea19
>> Author: Parthasarathy Bhuvaragan <parthasarath...@ericsson.com>
>> Date: Tue Sep 25 20:09:10 2018 +0000

>> tipc: lock wakeup & inputq at tipc_link_reset()

>> bisection log:

>> https://protect2.fireeye.com/v1/url?k=5a848a54-060e412b-5a84cacf-86717581b0b5-
>> a1e1ccfc6ae4c633&q=1&e=72e0ae9a-9a1a-45d6-a3fa-
>> fe4c59c0f3fe&u=https%3A%2F%2Fsyzkaller.appspot.com%2Fx%2Fbisect.txt%3Fx%3D1368cfa2600000

>> start commit: 464e1d5f
>> git tree: upstream
>> kernel config:

>> https://protect2.fireeye.com/v1/url?k=073d5f69-5bb79416-073d1ff2-86717581b0b5-
>> a21c435c0b0b603e&q=1&e=72e0ae9a-9a1a-45d6-a3fa-
>> fe4c59c0f3fe&u=https%3A%2F%2Fsyzkaller.appspot.com%2Fx%2F.config%3Fx%3Dbace9f7ec244b823
>> dashboard link:
>> https://protect2.fireeye.com/v1/url?k=15b3c29a-493909e5-15b38201-86717581b0b5-
>> 6697d5e4fd687e18&q=1&e=72e0ae9a-9a1a-45d6-a3fa-
>> fe4c59c0f3fe&u=https%3A%2F%2Fsyzkaller.appspot.com%2Fbug%3Fextid%3D79de6f09efc55fec084b70
>> 6de3c91e9457433ac5
>> syz repro:
>> https://protect2.fireeye.com/v1/url?k=38773b68-64fdf017-38777bf3-86717581b0b5-
>> d3d7e442394a9994&q=1&e=72e0ae9a-9a1a-45d6-a3fa-
>> fe4c59c0f3fe&u=https%3A%2F%2Fsyzkaller.appspot.com%2Fx%2Frepro.syz%3Fx%3D126079e1800000
>> C reproducer:
>> https://protect2.fireeye.com/v1/url?k=c2cbf613-9e413d6c-c2cbb688-86717581b0b5-
>> 26798f156c58814f&q=1&e=72e0ae9a-9a1a-45d6-a3fa-
>> fe4c59c0f3fe&u=https%3A%2F%2Fsyzkaller.appspot.com%2Fx%2Frepro.c%3Fx%3D101499e1800000

>> If the result looks correct, please mark the bug fixed by replying with:

>> #syz fix: tipc: lock wakeup & inputq at tipc_link_reset()

>> For information about bisection process see:

>> https://protect2.fireeye.com/v1/url?k=be15fac5-e29f31ba-
>> be15ba5e-86717581b0b5-b5255f6294681258&q=1&e=72e0ae9a-9a1a-45d6-a3fa-
>> fe4c59c0f3fe&u=https%3A%2F%2Fgoo.gl%2FtpsmEJ%23bisection