possible deadlock in xt_find_table_lock
15 views
Skip to first unread message
syzbot
Jan 30, 2018, 3:54:17āÆAM1/30/18
to core...@netfilter.org, da...@davemloft.net, f...@strlen.de, kad...@blackhole.kfki.hu, linux-...@vger.kernel.org, net...@vger.kernel.org, netfilt...@vger.kernel.org, pa...@netfilter.org, syzkall...@googlegroups.com
Hello,
syzbot hit the following crash on net-next commit
3e3ab9ccca5b50b11bd4d16c2048b667343354bd (Mon Jan 29 15:14:59 2018 +0000)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Unfortunately, I don't have any reproducer for this crash yet.
Raw console output is attached.
compiler: gcc (GCC) 7.1.1 20170620
.config is attached.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ed1af2...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
======================================================
WARNING: possible circular locking dependency detected
4.15.0-rc9+ #215 Not tainted
------------------------------------------------------
syz-executor7/5544 is trying to acquire lock:
(&xt[i].mutex){+.+.}, at: [<00000000ecf27ab4>]
xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1036
but task is already holding lock:
(sk_lock-AF_INET6){+.+.}, at: [<00000000fc772797>] lock_sock
include/net/sock.h:1463 [inline]
(sk_lock-AF_INET6){+.+.}, at: [<00000000fc772797>]
ip_getsockopt+0x143/0x220 net/ipv4/ip_sockglue.c:1576
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (sk_lock-AF_INET6){+.+.}:
lock_sock_nested+0xc2/0x110 net/core/sock.c:2780
lock_sock include/net/sock.h:1463 [inline]
do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167
ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922
tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2899
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
entry_SYSCALL_64_fastpath+0x29/0xa0
-> #1 (rtnl_mutex){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74
unregister_netdevice_notifier+0x91/0x4e0 net/core/dev.c:1673
clusterip_config_entry_put net/ipv4/netfilter/ipt_CLUSTERIP.c:114
[inline]
clusterip_tg_destroy+0x389/0x6e0
net/ipv4/netfilter/ipt_CLUSTERIP.c:508
cleanup_entry+0x218/0x350 net/ipv4/netfilter/ip_tables.c:659
__do_replace+0x79d/0xa50 net/ipv4/netfilter/ip_tables.c:1094
do_replace net/ipv4/netfilter/ip_tables.c:1150 [inline]
do_ipt_set_ctl+0x40f/0x5f0 net/ipv4/netfilter/ip_tables.c:1680
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1260
tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2899
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
entry_SYSCALL_64_fastpath+0x29/0xa0
-> #0 (&xt[i].mutex){+.+.}:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1036
xt_request_find_table_lock+0x28/0xc0 net/netfilter/x_tables.c:1083
get_info+0x154/0x690 net/ipv6/netfilter/ip6_tables.c:994
do_arpt_get_ctl+0x2a9/0xa00 net/ipv4/netfilter/arp_tables.c:1486
nf_sockopt net/netfilter/nf_sockopt.c:104 [inline]
nf_getsockopt+0x6a/0xc0 net/netfilter/nf_sockopt.c:122
ip_getsockopt+0x15c/0x220 net/ipv4/ip_sockglue.c:1577
udp_getsockopt+0x45/0x80 net/ipv4/udp.c:2473
ipv6_getsockopt+0xf3/0x2e0 net/ipv6/ipv6_sockglue.c:1363
tcp_getsockopt+0x82/0xd0 net/ipv4/tcp.c:3353
sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2937
SYSC_getsockopt net/socket.c:1880 [inline]
SyS_getsockopt+0x178/0x340 net/socket.c:1862
entry_SYSCALL_64_fastpath+0x29/0xa0
other info that might help us debug this:
Chain exists of:
&xt[i].mutex --> rtnl_mutex --> sk_lock-AF_INET6
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sk_lock-AF_INET6);
lock(rtnl_mutex);
lock(sk_lock-AF_INET6);
lock(&xt[i].mutex);
*** DEADLOCK ***
1 lock held by syz-executor7/5544:
#0: (sk_lock-AF_INET6){+.+.}, at: [<00000000fc772797>] lock_sock
include/net/sock.h:1463 [inline]
#0: (sk_lock-AF_INET6){+.+.}, at: [<00000000fc772797>]
ip_getsockopt+0x143/0x220 net/ipv4/ip_sockglue.c:1576
stack backtrace:
CPU: 0 PID: 5544 Comm: syz-executor7 Not tainted 4.15.0-rc9+ #215
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
print_circular_bug.isra.37+0x2cd/0x2dc kernel/locking/lockdep.c:1218
check_prev_add kernel/locking/lockdep.c:1858 [inline]
check_prevs_add kernel/locking/lockdep.c:1971 [inline]
validate_chain kernel/locking/lockdep.c:2412 [inline]
__lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3426
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1036
xt_request_find_table_lock+0x28/0xc0 net/netfilter/x_tables.c:1083
get_info+0x154/0x690 net/ipv6/netfilter/ip6_tables.c:994
do_arpt_get_ctl+0x2a9/0xa00 net/ipv4/netfilter/arp_tables.c:1486
nf_sockopt net/netfilter/nf_sockopt.c:104 [inline]
nf_getsockopt+0x6a/0xc0 net/netfilter/nf_sockopt.c:122
ip_getsockopt+0x15c/0x220 net/ipv4/ip_sockglue.c:1577
udp_getsockopt+0x45/0x80 net/ipv4/udp.c:2473
ipv6_getsockopt+0xf3/0x2e0 net/ipv6/ipv6_sockglue.c:1363
tcp_getsockopt+0x82/0xd0 net/ipv4/tcp.c:3353
sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2937
SYSC_getsockopt net/socket.c:1880 [inline]
SyS_getsockopt+0x178/0x340 net/socket.c:1862
entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fa847069c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 00007fa84706a700 RCX: 0000000000453299
RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000013
RBP: 0000000000000000 R08: 0000000020d23000 R09: 0000000000000000
R10: 00000000201e3000 R11: 0000000000000212 R12: 0000000000000000
R13: 0000000000a2f33f R14: 00007fa84706a9c0 R15: 0000000000000000
netlink: 16 bytes leftover after parsing attributes in process
`syz-executor1'.
netlink: 16 bytes leftover after parsing attributes in process
`syz-executor1'.
netlink: 1316 bytes leftover after parsing attributes in process
`syz-executor0'.
netlink: 'syz-executor0': attribute type 6 has an invalid length.
netlink: 1316 bytes leftover after parsing attributes in process
`syz-executor0'.
netlink: 'syz-executor0': attribute type 6 has an invalid length.
syz-executor3 (5753) used greatest stack depth: 12656 bytes left
oom_reaper: reaped process 5783 (syz-executor1), now anon-rss:0kB,
file-rss:0kB, shmem-rss:0kB
syz-executor1 invoked oom-killer: gfp_mask=0x14002c2(GFP_KERNEL|
__GFP_HIGHMEM|__GFP_NOWARN), nodemask=(null), order=0, oom_score_adj=0
syz-executor1: vmalloc: allocation failure, allocated 2791477248 of
4294971392 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
syz-executor1 cpuset=/ mems_allowed=0
CPU: 1 PID: 5793 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #215
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3299
__vmalloc_area_node mm/vmalloc.c:1718 [inline]
__vmalloc_node_range+0x482/0x650 mm/vmalloc.c:1759
__vmalloc_node mm/vmalloc.c:1804 [inline]
__vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826
kvmalloc_node+0x82/0xd0 mm/util.c:406
kvmalloc include/linux/mm.h:541 [inline]
xt_alloc_table_info+0x64/0xe0 net/netfilter/x_tables.c:1006
do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline]
do_ipt_set_ctl+0x29b/0x5f0 net/ipv4/netfilter/ip_tables.c:1680
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1260
sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4141
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fcd79983c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 000000000071c010 RCX: 0000000000453299
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000016
RBP: 00000000000003d6 R08: 00000000000002e8 R09: 0000000000000000
R10: 0000000020015000 R11: 0000000000000212 R12: 00000000006f4cb0
R13: 00000000ffffffff R14: 00007fcd799846d4 R15: 0000000000000002
Mem-Info:
active_anon:45395 inactive_anon:65 isolated_anon:0
active_file:10 inactive_file:18 isolated_file:0
unevictable:0 dirty:0 writeback:0 unstable:0
slab_reclaimable:6878 slab_unreclaimable:91335
mapped:16515 shmem:70 pagetables:614 bounce:0
free:15762 free_pcp:30 free_cma:0
Node 0 active_anon:181580kB inactive_anon:260kB active_file:40kB
inactive_file:72kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:66060kB dirty:0kB writeback:0kB shmem:280kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 65536kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? yes
Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15992kB managed:15908kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
free_cma:0kB
lowmem_reserve[]: 0 2868 6378 6378
Node 0 DMA32 free:28748kB min:30316kB low:37892kB high:45468kB
active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB
unevictable:0kB writepending:0kB present:3129292kB managed:2939976kB
mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:120kB
local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 3510 3510
Node 0 Normal free:18392kB min:37096kB low:46368kB high:55640kB
active_anon:181580kB inactive_anon:260kB active_file:40kB
inactive_file:72kB unevictable:0kB writepending:0kB present:4718592kB
managed:3594332kB mlocked:0kB kernel_stack:3776kB pagetables:2456kB
bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U)
1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 3*4kB (UM) 4*8kB (M) 2*16kB (M) 2*32kB (M) 1*64kB (M) 3*128kB
(M) 2*256kB (M) 2*512kB (M) 4*1024kB (UM) 1*2048kB (M) 5*4096kB (M) =
28748kB
Node 0 Normal: 584*4kB (UME) 328*8kB (UME) 197*16kB (UME) 53*32kB (ME)
58*64kB (UME) 39*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB =
18512kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
98 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965969 pages RAM
0 pages HighMem/MovableOnly
328415 pages reserved
syz-executor1 cpuset=/ mems_allowed=0
CPU: 0 PID: 5783 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #215
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
dump_header+0x28c/0xe1e mm/oom_kill.c:437
oom_kill_process+0x8b5/0x14a0 mm/oom_kill.c:865
out_of_memory+0x86d/0x1220 mm/oom_kill.c:1079
__alloc_pages_may_oom mm/page_alloc.c:3395 [inline]
__alloc_pages_slowpath+0x1d1b/0x2d00 mm/page_alloc.c:4096
__alloc_pages_nodemask+0x9fb/0xd80 mm/page_alloc.c:4252
alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2036
alloc_pages include/linux/gfp.h:492 [inline]
__vmalloc_area_node mm/vmalloc.c:1699 [inline]
__vmalloc_node_range+0x409/0x650 mm/vmalloc.c:1759
__vmalloc_node mm/vmalloc.c:1804 [inline]
__vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826
kvmalloc_node+0x82/0xd0 mm/util.c:406
kvmalloc include/linux/mm.h:541 [inline]
xt_alloc_table_info+0x64/0xe0 net/netfilter/x_tables.c:1006
do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline]
do_ipt_set_ctl+0x29b/0x5f0 net/ipv4/netfilter/ip_tables.c:1680
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1260
sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4141
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fcd799c5c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000013
RBP: 0000000000000040 R08: 00000000000002e8 R09: 0000000000000000
R10: 0000000020015000 R11: 0000000000000212 R12: 00000000006ef6a0
R13: 00000000ffffffff R14: 00007fcd799c66d4 R15: 0000000000000000
Mem-Info:
active_anon:45395 inactive_anon:65 isolated_anon:0
active_file:13 inactive_file:342 isolated_file:0
unevictable:0 dirty:0 writeback:0 unstable:0
slab_reclaimable:6879 slab_unreclaimable:91336
mapped:16739 shmem:70 pagetables:614 bounce:0
free:698623 free_pcp:445 free_cma:0
Node 0 active_anon:181580kB inactive_anon:260kB active_file:52kB
inactive_file:1468kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:66956kB dirty:0kB writeback:0kB shmem:280kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 65536kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? yes
Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15992kB managed:15908kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
free_cma:0kB
lowmem_reserve[]: 0 2868 6378 6378
Node 0 DMA32 free:1461444kB min:30316kB low:37892kB high:45468kB
active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB
unevictable:0kB writepending:0kB present:3129292kB managed:2939976kB
mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:744kB
local_pcp:120kB free_cma:0kB
lowmem_reserve[]: 0 0 3510 3510
Node 0 Normal free:1316204kB min:37096kB low:46368kB high:55640kB
active_anon:181584kB inactive_anon:260kB active_file:56kB
inactive_file:2120kB unevictable:0kB writepending:76kB present:4718592kB
managed:3594332kB mlocked:0kB kernel_stack:3744kB pagetables:2456kB
bounce:0kB free_pcp:1236kB local_pcp:392kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U)
1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 11535*4kB (UM) 11527*8kB (UM) 11527*16kB (UM) 11525*32kB (UM)
11527*64kB (UM) 21*128kB (UM) 3*256kB (UM) 4*512kB (UM) 4*1024kB (UM)
1*2048kB (M) 5*4096kB (M) = 1461444kB
Node 0 Normal: 10726*4kB (UE) 10701*8kB (UME) 10567*16kB (UME) 10384*32kB
(UME) 10352*64kB (UME) 95*128kB (UM) 9*256kB (U) 6*512kB (U) 4*1024kB (U)
1*2048kB (U) 0*4096kB = 1316080kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
657 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965969 pages RAM
0 pages HighMem/MovableOnly
328415 pages reserved
Unreclaimable slab info:
Name Used Total
pid_2 187KB 188KB
hashtab_node 118KB 119KB
ebitmap_node 1274KB 1275KB
avtab_node 1012KB 1013KB
TIPC 25KB 28KB
RDS 12KB 15KB
rds_connection 2KB 4KB
SCTPv6 62KB 64KB
SCTP 45KB 47KB
sctp_chunk 43KB 45KB
sctp_bind_bucket 1KB 3KB
DCCPv6 29KB 43KB
DCCP 29KB 33KB
dccp_bind_bucket 1KB 4KB
KCM 15KB 15KB
kcm_psock_cache 4KB 7KB
kcm_mux_cache 13KB 15KB
bridge_fdb_cache 4KB 7KB
fib6_nodes 25KB 32KB
ip6_dst_cache 412KB 412KB
PINGv6 16KB 19KB
RAWv6 108KB 110KB
UDPv6 36KB 38KB
TCPv6 14KB 28KB
ashmem_area_cache 0KB 3KB
AF_VSOCK 13KB 13KB
sd_ext_cdb 0KB 3KB
scsi_sense_cache 47KB 96KB
virtio_scsi_cmd 16KB 16KB
sgpool-128 8KB 8KB
sgpool-64 4KB 6KB
sgpool-32 51KB 63KB
sgpool-16 19KB 22KB
sgpool-8 91KB 131KB
cfq_io_cq 5KB 19KB
cfq_queue 8KB 27KB
mqueue_inode_cache 12KB 21KB
fuse_request 0KB 4KB
nfs_commit_data 3KB 7KB
nfs_write_data 34KB 37KB
jbd2_inode 2KB 3KB
ext4_system_zone 0KB 3KB
bio-1 1KB 3KB
pid_namespace 2KB 7KB
rpc_buffers 17KB 19KB
rpc_tasks 2KB 3KB
UNIX 420KB 486KB
tcp_bind_bucket 3KB 4KB
ip_fib_trie 3KB 7KB
ip_fib_alias 42KB 43KB
ip_dst_cache 10KB 12KB
PING 10KB 14KB
RAW 67KB 71KB
UDP 68KB 70KB
tw_sock_TCP 2KB 7KB
TCP 52KB 55KB
hugetlbfs_inode_cache 1KB 7KB
eventpoll_pwq 43KB 63KB
eventpoll_epi 75KB 110KB
inotify_inode_mark 3KB 7KB
request_queue 42KB 113KB
blkdev_ioc 7KB 23KB
bio-0 118KB 187KB
biovec-(1<<(21-12)) 495KB 495KB
biovec-64 72KB 102KB
biovec-16 10KB 15KB
bio_integrity_payload 0KB 4KB
khugepaged_mm_slot 7KB 7KB
user_namespace 5KB 7KB
uid_cache 0KB 3KB
dmaengine-unmap-2 0KB 3KB
audit_buffer 2KB 3KB
skbuff_fclone_cache 228KB 262KB
skbuff_head_cache 6685KB 6735KB
configfs_dir_cache 0KB 4KB
file_lock_cache 78KB 106KB
file_lock_ctx 0KB 3KB
fsnotify_mark_connector 2KB 3KB
net_namespace 54KB 54KB
shmem_inode_cache 1283KB 1283KB
task_delay_info 359KB 359KB
taskstats 63KB 65KB
sigqueue 384KB 401KB
kernfs_node_cache 5161KB 5166KB
mnt_cache 88KB 92KB
filp 5912KB 8595KB
names_cache 73520KB 73559KB
avc_node 48KB 51KB
selinux_file_security 303KB 651KB
selinux_inode_security 1686KB 1980KB
key_jar 3KB 7KB
nsproxy 4KB 7KB
vm_area_struct 16682KB 16698KB
mm_struct 3793KB 4625KB
fs_cache 455KB 476KB
files_cache 1426KB 1668KB
signal_cache 2048KB 2465KB
sighand_cache 330KB 457KB
task_struct 10706KB 10706KB
cred_jar 2012KB 2296KB
anon_vma_chain 4422KB 6496KB
anon_vma 213KB 389KB
pid 102KB 220KB
Acpi-Operand 312KB 792KB
Acpi-ParseExt 0KB 3KB
Acpi-State 0KB 3KB
Acpi-Namespace 102KB 104KB
numa_policy 0KB 3KB
debug_objects_cache 419KB 578KB
trace_event_file 149KB 151KB
ftrace_event_field 261KB 263KB
pool_workqueue 40KB 44KB
page->ptl 2808KB 3277KB
kmalloc-262144 1032KB 1032KB
kmalloc-131072 780KB 780KB
kmalloc-65536 594KB 594KB
kmalloc-32768 37356KB 37356KB
kmalloc-16384 4488KB 4488KB
kmalloc-8192 1839KB 1856KB
kmalloc-4096 8440KB 8453KB
kmalloc-2048 9156KB 9192KB
kmalloc-1024 5261KB 5268KB
kmalloc-512 4826KB 4833KB
kmalloc-256 2364KB 2771KB
kmalloc-128 786KB 791KB
kmalloc-96 768KB 768KB
kmalloc-64 1253KB 1256KB
kmalloc-32 1943KB 2815KB
kmalloc-192 415KB 416KB
kmem_cache 106KB 112KB
[ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj
name
[ 2097] 0 2097 5517 313 86016 0 -1000 udevd
[ 3867] 0 3867 2493 574 57344 0 0
dhclient
[ 3999] 0 3999 14265 173 114688 0 0
rsyslogd
[ 4038] 0 4038 4725 50 77824 0 0 cron
[ 4068] 0 4068 3735 44 65536 0 0
mcstransd
[ 4080] 0 4080 12927 1228 139264 0 0
restorecond
[ 4100] 0 4100 12490 153 135168 0 -1000 sshd
[ 4124] 0 4124 3694 40 73728 0 0 getty
[ 4125] 0 4125 3694 40 73728 0 0 getty
[ 4126] 0 4126 3694 39 77824 0 0 getty
[ 4127] 0 4127 3694 42 73728 0 0 getty
[ 4128] 0 4128 3694 41 77824 0 0 getty
[ 4129] 0 4129 3694 41 69632 0 0 getty
[ 4130] 0 4130 3649 39 77824 0 0 getty
[ 4133] 0 4133 5681 454 86016 0 -1000 udevd
[ 4134] 0 4134 5681 454 86016 0 -1000 udevd
[ 4147] 0 4147 17821 197 188416 0 0 sshd
[ 4149] 0 4149 87739 41161 503808 0 0
syz-fuzzer
[ 4192] 0 4192 7297 15 65536 0 0
syz-executor7
[ 4193] 0 4193 7297 17 65536 0 0
syz-executor3
[ 4194] 0 4194 7297 16 73728 0 0
syz-executor4
[ 4195] 0 4195 7296 2074 73728 0 0
syz-executor3
[ 4196] 0 4196 7297 16 65536 0 0
syz-executor0
[ 4197] 0 4197 7296 2072 73728 0 0
syz-executor7
[ 4198] 0 4198 7297 17 65536 0 0
syz-executor1
[ 4199] 0 4199 7297 16 69632 0 0
syz-executor2
[ 4200] 0 4200 7296 2073 81920 0 0
syz-executor4
[ 4201] 0 4201 7297 15 69632 0 0
syz-executor6
[ 4202] 0 4202 7296 2073 73728 0 0
syz-executor0
[ 4203] 0 4203 7297 17 61440 0 0
syz-executor5
[ 4204] 0 4204 7296 2074 73728 0 0
syz-executor1
[ 4206] 0 4206 7296 2073 77824 0 0
syz-executor2
[ 4207] 0 4207 7296 2074 69632 0 0
syz-executor5
[ 4208] 0 4208 7296 2072 77824 0 0
syz-executor6
[ 5783] 0 5775 7432 0 77824 0 0
syz-executor1
Out of memory: Kill process 4149 (syz-fuzzer) score 24 or sacrifice child
Killed process 4194 (syz-executor4) total-vm:29188kB, anon-rss:60kB,
file-rss:4kB, shmem-rss:0kB
syz-executor1: vmalloc: allocation failure, allocated 3105042432 of
4294971392 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
syz-executor1 cpuset=/ mems_allowed=0
CPU: 1 PID: 5783 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #215
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3299
__vmalloc_area_node mm/vmalloc.c:1718 [inline]
__vmalloc_node_range+0x482/0x650 mm/vmalloc.c:1759
__vmalloc_node mm/vmalloc.c:1804 [inline]
__vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826
kvmalloc_node+0x82/0xd0 mm/util.c:406
kvmalloc include/linux/mm.h:541 [inline]
xt_alloc_table_info+0x64/0xe0 net/netfilter/x_tables.c:1006
do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline]
do_ipt_set_ctl+0x29b/0x5f0 net/ipv4/netfilter/ip_tables.c:1680
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1260
sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4141
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fcd799c5c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000013
RBP: 0000000000000040 R08: 00000000000002e8 R09: 0000000000000000
R10: 0000000020015000 R11: 0000000000000212 R12: 00000000006ef6a0
R13: 00000000ffffffff R14: 00007fcd799c66d4 R15: 0000000000000000
Mem-Info:
active_anon:45371 inactive_anon:65 isolated_anon:0
active_file:14 inactive_file:597 isolated_file:0
unevictable:0 dirty:33 writeback:0 unstable:0
slab_reclaimable:6833 slab_unreclaimable:91065
mapped:14857 shmem:70 pagetables:577 bounce:0
free:698635 free_pcp:543 free_cma:0
Node 0 active_anon:181484kB inactive_anon:260kB active_file:56kB
inactive_file:2388kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:59428kB dirty:132kB writeback:0kB shmem:280kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 65536kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? yes
Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15992kB managed:15908kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
free_cma:0kB
lowmem_reserve[]: 0 2868 6378 6378
Node 0 DMA32 free:1461444kB min:30316kB low:37892kB high:45468kB
active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB
unevictable:0kB writepending:0kB present:3129292kB managed:2939976kB
mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:744kB
local_pcp:624kB free_cma:0kB
lowmem_reserve[]: 0 0 3510 3510
Node 0 Normal free:1317188kB min:37096kB low:46368kB high:55640kB
active_anon:181484kB inactive_anon:260kB active_file:56kB
inactive_file:2388kB unevictable:0kB writepending:132kB present:4718592kB
managed:3594332kB mlocked:0kB kernel_stack:3712kB pagetables:2308kB
bounce:0kB free_pcp:1424kB local_pcp:772kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U)
1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 11535*4kB (UM) 11527*8kB (UM) 11527*16kB (UM) 11525*32kB (UM)
11527*64kB (UM) 21*128kB (UM) 3*256kB (UM) 4*512kB (UM) 4*1024kB (UM)
1*2048kB (M) 5*4096kB (M) = 1461444kB
Node 0 Normal: 10781*4kB (UME) 10740*8kB (UME) 10595*16kB (UME) 10386*32kB
(UME) 10352*64kB (UME) 95*128kB (UM) 9*256kB (U) 6*512kB (U) 4*1024kB (U)
1*2048kB (U) 0*4096kB = 1317124kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
706 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965969 pages RAM
0 pages HighMem/MovableOnly
328415 pages reserved
ieee80211 phy2: Selected rate control algorithm 'minstrel_ht'
ieee80211 phy3: Selected rate control algorithm 'minstrel_ht'
ieee80211 phy4: Selected rate control algorithm 'minstrel_ht'
IPVS: ftp: loaded support on port[0] = 21
IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
TCP: request_sock_TCPv6: Possible SYN flooding on port 20006. Sending
cookies. Check SNMP counters.
kauditd_printk_skb: 13 callbacks suppressed
audit: type=1400 audit(1517248800.611:35): avc: denied { map } for
pid=6022 comm="syz-executor2" path="socket:[15001]" dev="sockfs" ino=15001
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=rawip_socket
permissive=1
Dead loop on virtual device ip6_vti0, fix it urgently!
Dead loop on virtual device ip6_vti0, fix it urgently!
Cannot find add_set index 0 as target
Cannot find add_set index 0 as target
dccp_xmit_packet: Payload too large (65423) for featneg.
audit: type=1400 audit(1517248800.662:36): avc: denied { name_connect }
for pid=6041 comm="syz-executor4" dest=20019
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1
dccp_close: ABORT with 65423 bytes unread
netlink: 7 bytes leftover after parsing attributes in process
`syz-executor7'.
netlink: 7 bytes leftover after parsing attributes in process
`syz-executor7'.
netlink: 7 bytes leftover after parsing attributes in process
`syz-executor7'.
netlink: 7 bytes leftover after parsing attributes in process
`syz-executor7'.
netlink: 7 bytes leftover after parsing attributes in process
`syz-executor7'.
netlink: 7 bytes leftover after parsing attributes in process
`syz-executor2'.
netlink: 16 bytes leftover after parsing attributes in process
`syz-executor3'.
audit: type=1400 audit(1517248801.090:37): avc: denied { accept } for
pid=6179 comm="syz-executor3"
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tclass=netlink_generic_socket permissive=1
netlink: 16 bytes leftover after parsing attributes in process
`syz-executor3'.
ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
netlink: 16 bytes leftover after parsing attributes in process
`syz-executor3'.
ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
netlink: 16 bytes leftover after parsing attributes in process
`syz-executor3'.
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
syzbot hit the following crash on net-next commit
3e3ab9ccca5b50b11bd4d16c2048b667343354bd (Mon Jan 29 15:14:59 2018 +0000)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Unfortunately, I don't have any reproducer for this crash yet.
Raw console output is attached.
compiler: gcc (GCC) 7.1.1 20170620
.config is attached.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ed1af2...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
======================================================
WARNING: possible circular locking dependency detected
4.15.0-rc9+ #215 Not tainted
------------------------------------------------------
syz-executor7/5544 is trying to acquire lock:
(&xt[i].mutex){+.+.}, at: [<00000000ecf27ab4>]
xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1036
but task is already holding lock:
(sk_lock-AF_INET6){+.+.}, at: [<00000000fc772797>] lock_sock
include/net/sock.h:1463 [inline]
(sk_lock-AF_INET6){+.+.}, at: [<00000000fc772797>]
ip_getsockopt+0x143/0x220 net/ipv4/ip_sockglue.c:1576
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (sk_lock-AF_INET6){+.+.}:
lock_sock_nested+0xc2/0x110 net/core/sock.c:2780
lock_sock include/net/sock.h:1463 [inline]
do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167
ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922
tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2899
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
entry_SYSCALL_64_fastpath+0x29/0xa0
-> #1 (rtnl_mutex){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74
unregister_netdevice_notifier+0x91/0x4e0 net/core/dev.c:1673
clusterip_config_entry_put net/ipv4/netfilter/ipt_CLUSTERIP.c:114
[inline]
clusterip_tg_destroy+0x389/0x6e0
net/ipv4/netfilter/ipt_CLUSTERIP.c:508
cleanup_entry+0x218/0x350 net/ipv4/netfilter/ip_tables.c:659
__do_replace+0x79d/0xa50 net/ipv4/netfilter/ip_tables.c:1094
do_replace net/ipv4/netfilter/ip_tables.c:1150 [inline]
do_ipt_set_ctl+0x40f/0x5f0 net/ipv4/netfilter/ip_tables.c:1680
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1260
tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2899
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
entry_SYSCALL_64_fastpath+0x29/0xa0
-> #0 (&xt[i].mutex){+.+.}:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1036
xt_request_find_table_lock+0x28/0xc0 net/netfilter/x_tables.c:1083
get_info+0x154/0x690 net/ipv6/netfilter/ip6_tables.c:994
do_arpt_get_ctl+0x2a9/0xa00 net/ipv4/netfilter/arp_tables.c:1486
nf_sockopt net/netfilter/nf_sockopt.c:104 [inline]
nf_getsockopt+0x6a/0xc0 net/netfilter/nf_sockopt.c:122
ip_getsockopt+0x15c/0x220 net/ipv4/ip_sockglue.c:1577
udp_getsockopt+0x45/0x80 net/ipv4/udp.c:2473
ipv6_getsockopt+0xf3/0x2e0 net/ipv6/ipv6_sockglue.c:1363
tcp_getsockopt+0x82/0xd0 net/ipv4/tcp.c:3353
sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2937
SYSC_getsockopt net/socket.c:1880 [inline]
SyS_getsockopt+0x178/0x340 net/socket.c:1862
entry_SYSCALL_64_fastpath+0x29/0xa0
other info that might help us debug this:
Chain exists of:
&xt[i].mutex --> rtnl_mutex --> sk_lock-AF_INET6
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sk_lock-AF_INET6);
lock(rtnl_mutex);
lock(sk_lock-AF_INET6);
lock(&xt[i].mutex);
*** DEADLOCK ***
1 lock held by syz-executor7/5544:
#0: (sk_lock-AF_INET6){+.+.}, at: [<00000000fc772797>] lock_sock
include/net/sock.h:1463 [inline]
#0: (sk_lock-AF_INET6){+.+.}, at: [<00000000fc772797>]
ip_getsockopt+0x143/0x220 net/ipv4/ip_sockglue.c:1576
stack backtrace:
CPU: 0 PID: 5544 Comm: syz-executor7 Not tainted 4.15.0-rc9+ #215
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
print_circular_bug.isra.37+0x2cd/0x2dc kernel/locking/lockdep.c:1218
check_prev_add kernel/locking/lockdep.c:1858 [inline]
check_prevs_add kernel/locking/lockdep.c:1971 [inline]
validate_chain kernel/locking/lockdep.c:2412 [inline]
__lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3426
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1036
xt_request_find_table_lock+0x28/0xc0 net/netfilter/x_tables.c:1083
get_info+0x154/0x690 net/ipv6/netfilter/ip6_tables.c:994
do_arpt_get_ctl+0x2a9/0xa00 net/ipv4/netfilter/arp_tables.c:1486
nf_sockopt net/netfilter/nf_sockopt.c:104 [inline]
nf_getsockopt+0x6a/0xc0 net/netfilter/nf_sockopt.c:122
ip_getsockopt+0x15c/0x220 net/ipv4/ip_sockglue.c:1577
udp_getsockopt+0x45/0x80 net/ipv4/udp.c:2473
ipv6_getsockopt+0xf3/0x2e0 net/ipv6/ipv6_sockglue.c:1363
tcp_getsockopt+0x82/0xd0 net/ipv4/tcp.c:3353
sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2937
SYSC_getsockopt net/socket.c:1880 [inline]
SyS_getsockopt+0x178/0x340 net/socket.c:1862
entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fa847069c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 00007fa84706a700 RCX: 0000000000453299
RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000013
RBP: 0000000000000000 R08: 0000000020d23000 R09: 0000000000000000
R10: 00000000201e3000 R11: 0000000000000212 R12: 0000000000000000
R13: 0000000000a2f33f R14: 00007fa84706a9c0 R15: 0000000000000000
netlink: 16 bytes leftover after parsing attributes in process
`syz-executor1'.
netlink: 16 bytes leftover after parsing attributes in process
`syz-executor1'.
netlink: 1316 bytes leftover after parsing attributes in process
`syz-executor0'.
netlink: 'syz-executor0': attribute type 6 has an invalid length.
netlink: 1316 bytes leftover after parsing attributes in process
`syz-executor0'.
netlink: 'syz-executor0': attribute type 6 has an invalid length.
syz-executor3 (5753) used greatest stack depth: 12656 bytes left
oom_reaper: reaped process 5783 (syz-executor1), now anon-rss:0kB,
file-rss:0kB, shmem-rss:0kB
syz-executor1 invoked oom-killer: gfp_mask=0x14002c2(GFP_KERNEL|
__GFP_HIGHMEM|__GFP_NOWARN), nodemask=(null), order=0, oom_score_adj=0
syz-executor1: vmalloc: allocation failure, allocated 2791477248 of
4294971392 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
syz-executor1 cpuset=/ mems_allowed=0
CPU: 1 PID: 5793 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #215
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3299
__vmalloc_area_node mm/vmalloc.c:1718 [inline]
__vmalloc_node_range+0x482/0x650 mm/vmalloc.c:1759
__vmalloc_node mm/vmalloc.c:1804 [inline]
__vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826
kvmalloc_node+0x82/0xd0 mm/util.c:406
kvmalloc include/linux/mm.h:541 [inline]
xt_alloc_table_info+0x64/0xe0 net/netfilter/x_tables.c:1006
do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline]
do_ipt_set_ctl+0x29b/0x5f0 net/ipv4/netfilter/ip_tables.c:1680
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1260
sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4141
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fcd79983c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 000000000071c010 RCX: 0000000000453299
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000016
RBP: 00000000000003d6 R08: 00000000000002e8 R09: 0000000000000000
R10: 0000000020015000 R11: 0000000000000212 R12: 00000000006f4cb0
R13: 00000000ffffffff R14: 00007fcd799846d4 R15: 0000000000000002
Mem-Info:
active_anon:45395 inactive_anon:65 isolated_anon:0
active_file:10 inactive_file:18 isolated_file:0
unevictable:0 dirty:0 writeback:0 unstable:0
slab_reclaimable:6878 slab_unreclaimable:91335
mapped:16515 shmem:70 pagetables:614 bounce:0
free:15762 free_pcp:30 free_cma:0
Node 0 active_anon:181580kB inactive_anon:260kB active_file:40kB
inactive_file:72kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:66060kB dirty:0kB writeback:0kB shmem:280kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 65536kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? yes
Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15992kB managed:15908kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
free_cma:0kB
lowmem_reserve[]: 0 2868 6378 6378
Node 0 DMA32 free:28748kB min:30316kB low:37892kB high:45468kB
active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB
unevictable:0kB writepending:0kB present:3129292kB managed:2939976kB
mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:120kB
local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 3510 3510
Node 0 Normal free:18392kB min:37096kB low:46368kB high:55640kB
active_anon:181580kB inactive_anon:260kB active_file:40kB
inactive_file:72kB unevictable:0kB writepending:0kB present:4718592kB
managed:3594332kB mlocked:0kB kernel_stack:3776kB pagetables:2456kB
bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U)
1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 3*4kB (UM) 4*8kB (M) 2*16kB (M) 2*32kB (M) 1*64kB (M) 3*128kB
(M) 2*256kB (M) 2*512kB (M) 4*1024kB (UM) 1*2048kB (M) 5*4096kB (M) =
28748kB
Node 0 Normal: 584*4kB (UME) 328*8kB (UME) 197*16kB (UME) 53*32kB (ME)
58*64kB (UME) 39*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB =
18512kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
98 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965969 pages RAM
0 pages HighMem/MovableOnly
328415 pages reserved
syz-executor1 cpuset=/ mems_allowed=0
CPU: 0 PID: 5783 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #215
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
dump_header+0x28c/0xe1e mm/oom_kill.c:437
oom_kill_process+0x8b5/0x14a0 mm/oom_kill.c:865
out_of_memory+0x86d/0x1220 mm/oom_kill.c:1079
__alloc_pages_may_oom mm/page_alloc.c:3395 [inline]
__alloc_pages_slowpath+0x1d1b/0x2d00 mm/page_alloc.c:4096
__alloc_pages_nodemask+0x9fb/0xd80 mm/page_alloc.c:4252
alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2036
alloc_pages include/linux/gfp.h:492 [inline]
__vmalloc_area_node mm/vmalloc.c:1699 [inline]
__vmalloc_node_range+0x409/0x650 mm/vmalloc.c:1759
__vmalloc_node mm/vmalloc.c:1804 [inline]
__vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826
kvmalloc_node+0x82/0xd0 mm/util.c:406
kvmalloc include/linux/mm.h:541 [inline]
xt_alloc_table_info+0x64/0xe0 net/netfilter/x_tables.c:1006
do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline]
do_ipt_set_ctl+0x29b/0x5f0 net/ipv4/netfilter/ip_tables.c:1680
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1260
sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4141
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fcd799c5c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000013
RBP: 0000000000000040 R08: 00000000000002e8 R09: 0000000000000000
R10: 0000000020015000 R11: 0000000000000212 R12: 00000000006ef6a0
R13: 00000000ffffffff R14: 00007fcd799c66d4 R15: 0000000000000000
Mem-Info:
active_anon:45395 inactive_anon:65 isolated_anon:0
active_file:13 inactive_file:342 isolated_file:0
unevictable:0 dirty:0 writeback:0 unstable:0
slab_reclaimable:6879 slab_unreclaimable:91336
mapped:16739 shmem:70 pagetables:614 bounce:0
free:698623 free_pcp:445 free_cma:0
Node 0 active_anon:181580kB inactive_anon:260kB active_file:52kB
inactive_file:1468kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:66956kB dirty:0kB writeback:0kB shmem:280kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 65536kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? yes
Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15992kB managed:15908kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
free_cma:0kB
lowmem_reserve[]: 0 2868 6378 6378
Node 0 DMA32 free:1461444kB min:30316kB low:37892kB high:45468kB
active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB
unevictable:0kB writepending:0kB present:3129292kB managed:2939976kB
mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:744kB
local_pcp:120kB free_cma:0kB
lowmem_reserve[]: 0 0 3510 3510
Node 0 Normal free:1316204kB min:37096kB low:46368kB high:55640kB
active_anon:181584kB inactive_anon:260kB active_file:56kB
inactive_file:2120kB unevictable:0kB writepending:76kB present:4718592kB
managed:3594332kB mlocked:0kB kernel_stack:3744kB pagetables:2456kB
bounce:0kB free_pcp:1236kB local_pcp:392kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U)
1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 11535*4kB (UM) 11527*8kB (UM) 11527*16kB (UM) 11525*32kB (UM)
11527*64kB (UM) 21*128kB (UM) 3*256kB (UM) 4*512kB (UM) 4*1024kB (UM)
1*2048kB (M) 5*4096kB (M) = 1461444kB
Node 0 Normal: 10726*4kB (UE) 10701*8kB (UME) 10567*16kB (UME) 10384*32kB
(UME) 10352*64kB (UME) 95*128kB (UM) 9*256kB (U) 6*512kB (U) 4*1024kB (U)
1*2048kB (U) 0*4096kB = 1316080kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
657 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965969 pages RAM
0 pages HighMem/MovableOnly
328415 pages reserved
Unreclaimable slab info:
Name Used Total
pid_2 187KB 188KB
hashtab_node 118KB 119KB
ebitmap_node 1274KB 1275KB
avtab_node 1012KB 1013KB
TIPC 25KB 28KB
RDS 12KB 15KB
rds_connection 2KB 4KB
SCTPv6 62KB 64KB
SCTP 45KB 47KB
sctp_chunk 43KB 45KB
sctp_bind_bucket 1KB 3KB
DCCPv6 29KB 43KB
DCCP 29KB 33KB
dccp_bind_bucket 1KB 4KB
KCM 15KB 15KB
kcm_psock_cache 4KB 7KB
kcm_mux_cache 13KB 15KB
bridge_fdb_cache 4KB 7KB
fib6_nodes 25KB 32KB
ip6_dst_cache 412KB 412KB
PINGv6 16KB 19KB
RAWv6 108KB 110KB
UDPv6 36KB 38KB
TCPv6 14KB 28KB
ashmem_area_cache 0KB 3KB
AF_VSOCK 13KB 13KB
sd_ext_cdb 0KB 3KB
scsi_sense_cache 47KB 96KB
virtio_scsi_cmd 16KB 16KB
sgpool-128 8KB 8KB
sgpool-64 4KB 6KB
sgpool-32 51KB 63KB
sgpool-16 19KB 22KB
sgpool-8 91KB 131KB
cfq_io_cq 5KB 19KB
cfq_queue 8KB 27KB
mqueue_inode_cache 12KB 21KB
fuse_request 0KB 4KB
nfs_commit_data 3KB 7KB
nfs_write_data 34KB 37KB
jbd2_inode 2KB 3KB
ext4_system_zone 0KB 3KB
bio-1 1KB 3KB
pid_namespace 2KB 7KB
rpc_buffers 17KB 19KB
rpc_tasks 2KB 3KB
UNIX 420KB 486KB
tcp_bind_bucket 3KB 4KB
ip_fib_trie 3KB 7KB
ip_fib_alias 42KB 43KB
ip_dst_cache 10KB 12KB
PING 10KB 14KB
RAW 67KB 71KB
UDP 68KB 70KB
tw_sock_TCP 2KB 7KB
TCP 52KB 55KB
hugetlbfs_inode_cache 1KB 7KB
eventpoll_pwq 43KB 63KB
eventpoll_epi 75KB 110KB
inotify_inode_mark 3KB 7KB
request_queue 42KB 113KB
blkdev_ioc 7KB 23KB
bio-0 118KB 187KB
biovec-(1<<(21-12)) 495KB 495KB
biovec-64 72KB 102KB
biovec-16 10KB 15KB
bio_integrity_payload 0KB 4KB
khugepaged_mm_slot 7KB 7KB
user_namespace 5KB 7KB
uid_cache 0KB 3KB
dmaengine-unmap-2 0KB 3KB
audit_buffer 2KB 3KB
skbuff_fclone_cache 228KB 262KB
skbuff_head_cache 6685KB 6735KB
configfs_dir_cache 0KB 4KB
file_lock_cache 78KB 106KB
file_lock_ctx 0KB 3KB
fsnotify_mark_connector 2KB 3KB
net_namespace 54KB 54KB
shmem_inode_cache 1283KB 1283KB
task_delay_info 359KB 359KB
taskstats 63KB 65KB
sigqueue 384KB 401KB
kernfs_node_cache 5161KB 5166KB
mnt_cache 88KB 92KB
filp 5912KB 8595KB
names_cache 73520KB 73559KB
avc_node 48KB 51KB
selinux_file_security 303KB 651KB
selinux_inode_security 1686KB 1980KB
key_jar 3KB 7KB
nsproxy 4KB 7KB
vm_area_struct 16682KB 16698KB
mm_struct 3793KB 4625KB
fs_cache 455KB 476KB
files_cache 1426KB 1668KB
signal_cache 2048KB 2465KB
sighand_cache 330KB 457KB
task_struct 10706KB 10706KB
cred_jar 2012KB 2296KB
anon_vma_chain 4422KB 6496KB
anon_vma 213KB 389KB
pid 102KB 220KB
Acpi-Operand 312KB 792KB
Acpi-ParseExt 0KB 3KB
Acpi-State 0KB 3KB
Acpi-Namespace 102KB 104KB
numa_policy 0KB 3KB
debug_objects_cache 419KB 578KB
trace_event_file 149KB 151KB
ftrace_event_field 261KB 263KB
pool_workqueue 40KB 44KB
page->ptl 2808KB 3277KB
kmalloc-262144 1032KB 1032KB
kmalloc-131072 780KB 780KB
kmalloc-65536 594KB 594KB
kmalloc-32768 37356KB 37356KB
kmalloc-16384 4488KB 4488KB
kmalloc-8192 1839KB 1856KB
kmalloc-4096 8440KB 8453KB
kmalloc-2048 9156KB 9192KB
kmalloc-1024 5261KB 5268KB
kmalloc-512 4826KB 4833KB
kmalloc-256 2364KB 2771KB
kmalloc-128 786KB 791KB
kmalloc-96 768KB 768KB
kmalloc-64 1253KB 1256KB
kmalloc-32 1943KB 2815KB
kmalloc-192 415KB 416KB
kmem_cache 106KB 112KB
[ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj
name
[ 2097] 0 2097 5517 313 86016 0 -1000 udevd
[ 3867] 0 3867 2493 574 57344 0 0
dhclient
[ 3999] 0 3999 14265 173 114688 0 0
rsyslogd
[ 4038] 0 4038 4725 50 77824 0 0 cron
[ 4068] 0 4068 3735 44 65536 0 0
mcstransd
[ 4080] 0 4080 12927 1228 139264 0 0
restorecond
[ 4100] 0 4100 12490 153 135168 0 -1000 sshd
[ 4124] 0 4124 3694 40 73728 0 0 getty
[ 4125] 0 4125 3694 40 73728 0 0 getty
[ 4126] 0 4126 3694 39 77824 0 0 getty
[ 4127] 0 4127 3694 42 73728 0 0 getty
[ 4128] 0 4128 3694 41 77824 0 0 getty
[ 4129] 0 4129 3694 41 69632 0 0 getty
[ 4130] 0 4130 3649 39 77824 0 0 getty
[ 4133] 0 4133 5681 454 86016 0 -1000 udevd
[ 4134] 0 4134 5681 454 86016 0 -1000 udevd
[ 4147] 0 4147 17821 197 188416 0 0 sshd
[ 4149] 0 4149 87739 41161 503808 0 0
syz-fuzzer
[ 4192] 0 4192 7297 15 65536 0 0
syz-executor7
[ 4193] 0 4193 7297 17 65536 0 0
syz-executor3
[ 4194] 0 4194 7297 16 73728 0 0
syz-executor4
[ 4195] 0 4195 7296 2074 73728 0 0
syz-executor3
[ 4196] 0 4196 7297 16 65536 0 0
syz-executor0
[ 4197] 0 4197 7296 2072 73728 0 0
syz-executor7
[ 4198] 0 4198 7297 17 65536 0 0
syz-executor1
[ 4199] 0 4199 7297 16 69632 0 0
syz-executor2
[ 4200] 0 4200 7296 2073 81920 0 0
syz-executor4
[ 4201] 0 4201 7297 15 69632 0 0
syz-executor6
[ 4202] 0 4202 7296 2073 73728 0 0
syz-executor0
[ 4203] 0 4203 7297 17 61440 0 0
syz-executor5
[ 4204] 0 4204 7296 2074 73728 0 0
syz-executor1
[ 4206] 0 4206 7296 2073 77824 0 0
syz-executor2
[ 4207] 0 4207 7296 2074 69632 0 0
syz-executor5
[ 4208] 0 4208 7296 2072 77824 0 0
syz-executor6
[ 5783] 0 5775 7432 0 77824 0 0
syz-executor1
Out of memory: Kill process 4149 (syz-fuzzer) score 24 or sacrifice child
Killed process 4194 (syz-executor4) total-vm:29188kB, anon-rss:60kB,
file-rss:4kB, shmem-rss:0kB
syz-executor1: vmalloc: allocation failure, allocated 3105042432 of
4294971392 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null)
syz-executor1 cpuset=/ mems_allowed=0
CPU: 1 PID: 5783 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #215
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
warn_alloc+0x19a/0x2b0 mm/page_alloc.c:3299
__vmalloc_area_node mm/vmalloc.c:1718 [inline]
__vmalloc_node_range+0x482/0x650 mm/vmalloc.c:1759
__vmalloc_node mm/vmalloc.c:1804 [inline]
__vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1826
kvmalloc_node+0x82/0xd0 mm/util.c:406
kvmalloc include/linux/mm.h:541 [inline]
xt_alloc_table_info+0x64/0xe0 net/netfilter/x_tables.c:1006
do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline]
do_ipt_set_ctl+0x29b/0x5f0 net/ipv4/netfilter/ip_tables.c:1680
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1260
sctp_setsockopt+0x2b6/0x61d0 net/sctp/socket.c:4141
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007fcd799c5c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000013
RBP: 0000000000000040 R08: 00000000000002e8 R09: 0000000000000000
R10: 0000000020015000 R11: 0000000000000212 R12: 00000000006ef6a0
R13: 00000000ffffffff R14: 00007fcd799c66d4 R15: 0000000000000000
Mem-Info:
active_anon:45371 inactive_anon:65 isolated_anon:0
active_file:14 inactive_file:597 isolated_file:0
unevictable:0 dirty:33 writeback:0 unstable:0
slab_reclaimable:6833 slab_unreclaimable:91065
mapped:14857 shmem:70 pagetables:577 bounce:0
free:698635 free_pcp:543 free_cma:0
Node 0 active_anon:181484kB inactive_anon:260kB active_file:56kB
inactive_file:2388kB unevictable:0kB isolated(anon):0kB isolated(file):0kB
mapped:59428kB dirty:132kB writeback:0kB shmem:280kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 65536kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? yes
Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15992kB managed:15908kB mlocked:0kB
kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB
free_cma:0kB
lowmem_reserve[]: 0 2868 6378 6378
Node 0 DMA32 free:1461444kB min:30316kB low:37892kB high:45468kB
active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB
unevictable:0kB writepending:0kB present:3129292kB managed:2939976kB
mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:744kB
local_pcp:624kB free_cma:0kB
lowmem_reserve[]: 0 0 3510 3510
Node 0 Normal free:1317188kB min:37096kB low:46368kB high:55640kB
active_anon:181484kB inactive_anon:260kB active_file:56kB
inactive_file:2388kB unevictable:0kB writepending:132kB present:4718592kB
managed:3594332kB mlocked:0kB kernel_stack:3712kB pagetables:2308kB
bounce:0kB free_pcp:1424kB local_pcp:772kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U)
1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 DMA32: 11535*4kB (UM) 11527*8kB (UM) 11527*16kB (UM) 11525*32kB (UM)
11527*64kB (UM) 21*128kB (UM) 3*256kB (UM) 4*512kB (UM) 4*1024kB (UM)
1*2048kB (M) 5*4096kB (M) = 1461444kB
Node 0 Normal: 10781*4kB (UME) 10740*8kB (UME) 10595*16kB (UME) 10386*32kB
(UME) 10352*64kB (UME) 95*128kB (UM) 9*256kB (U) 6*512kB (U) 4*1024kB (U)
1*2048kB (U) 0*4096kB = 1317124kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
706 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965969 pages RAM
0 pages HighMem/MovableOnly
328415 pages reserved
ieee80211 phy2: Selected rate control algorithm 'minstrel_ht'
ieee80211 phy3: Selected rate control algorithm 'minstrel_ht'
ieee80211 phy4: Selected rate control algorithm 'minstrel_ht'
IPVS: ftp: loaded support on port[0] = 21
IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
TCP: request_sock_TCPv6: Possible SYN flooding on port 20006. Sending
cookies. Check SNMP counters.
kauditd_printk_skb: 13 callbacks suppressed
audit: type=1400 audit(1517248800.611:35): avc: denied { map } for
pid=6022 comm="syz-executor2" path="socket:[15001]" dev="sockfs" ino=15001
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=rawip_socket
permissive=1
Dead loop on virtual device ip6_vti0, fix it urgently!
Dead loop on virtual device ip6_vti0, fix it urgently!
Cannot find add_set index 0 as target
Cannot find add_set index 0 as target
dccp_xmit_packet: Payload too large (65423) for featneg.
audit: type=1400 audit(1517248800.662:36): avc: denied { name_connect }
for pid=6041 comm="syz-executor4" dest=20019
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1
dccp_close: ABORT with 65423 bytes unread
netlink: 7 bytes leftover after parsing attributes in process
`syz-executor7'.
netlink: 7 bytes leftover after parsing attributes in process
`syz-executor7'.
netlink: 7 bytes leftover after parsing attributes in process
`syz-executor7'.
netlink: 7 bytes leftover after parsing attributes in process
`syz-executor7'.
netlink: 7 bytes leftover after parsing attributes in process
`syz-executor7'.
netlink: 7 bytes leftover after parsing attributes in process
`syz-executor2'.
netlink: 16 bytes leftover after parsing attributes in process
`syz-executor3'.
audit: type=1400 audit(1517248801.090:37): avc: denied { accept } for
pid=6179 comm="syz-executor3"
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tclass=netlink_generic_socket permissive=1
netlink: 16 bytes leftover after parsing attributes in process
`syz-executor3'.
ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
netlink: 16 bytes leftover after parsing attributes in process
`syz-executor3'.
ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
netlink: 16 bytes leftover after parsing attributes in process
`syz-executor3'.
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
Florian Westphal
Jan 30, 2018, 4:07:28āÆAM1/30/18
to syzbot, f...@strlen.de, kad...@blackhole.kfki.hu, linux-...@vger.kernel.org, net...@vger.kernel.org, netfilt...@vger.kernel.org, pa...@netfilter.org, syzkall...@googlegroups.com
#syz dup: possible deadlock in do_ip_getsockopt
Reply all
Reply to author
Forward
0 new messages