====================================================== WARNING: possible circular locking dependency detected 4.13.0-rc6-next-20170824+ #8 Not tainted ------------------------------------------------------ kworker/0:2/3380 is trying to acquire lock: ((&(&key->work)->work)){+.+.}, at: [] process_one_work+0xb2c/0x1be0 kernel/workqueue.c:2094 but now in release context of a crosslock acquired at the following: ((complete)&rcu.completion){+.+.}, at: [] __synchronize_srcu+0x1b5/0x250 kernel/rcu/srcutree.c:898 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 ((complete)&rcu.completion){+.+.}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 complete_acquire include/linux/completion.h:39 [inline] __wait_for_common kernel/sched/completion.c:108 [inline] wait_for_common kernel/sched/completion.c:122 [inline] wait_for_completion+0xc8/0x770 kernel/sched/completion.c:143 __synchronize_srcu+0x1b5/0x250 kernel/rcu/srcutree.c:898 synchronize_srcu_expedited kernel/rcu/srcutree.c:923 [inline] synchronize_srcu+0x1a3/0x560 kernel/rcu/srcutree.c:974 quarantine_remove_cache+0xd7/0xf0 mm/kasan/quarantine.c:327 kasan_cache_shrink+0x9/0x10 mm/kasan/kasan.c:380 kmem_cache_shrink+0x15/0x30 mm/slab_common.c:857 acpi_os_purge_cache+0x15/0x20 drivers/acpi/osl.c:1560 acpi_purge_cached_objects+0x38/0xc9 drivers/acpi/acpica/utxface.c:271 acpi_initialize_objects+0xc5/0x112 drivers/acpi/acpica/utxfinit.c:302 acpi_bus_init drivers/acpi/bus.c:1131 [inline] acpi_init+0x23c/0x8e6 drivers/acpi/bus.c:1220 do_one_initcall+0x9e/0x330 init/main.c:826 do_initcall_level init/main.c:892 [inline] do_initcalls init/main.c:900 [inline] do_basic_setup init/main.c:918 [inline] kernel_init_freeable+0x469/0x521 init/main.c:1066 kernel_init+0x13/0x172 init/main.c:993 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 -> #1 (cpu_hotplug_lock.rw_sem){++++}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:218 __static_key_slow_dec kernel/jump_label.c:213 [inline] jump_label_update_timeout+0x12/0x30 kernel/jump_label.c:222 process_one_work+0xbfd/0x1be0 kernel/workqueue.c:2098 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 -> #0 ((&(&key->work)->work)){+.+.}: process_one_work+0xba5/0x1be0 kernel/workqueue.c:2095 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 0xffffffffffffffff other info that might help us debug this: Chain exists of: (&(&key->work)->work) --> cpu_hotplug_lock.rw_sem --> (complete)&rcu.completion Possible unsafe locking scenario by crosslock: CPU0 CPU1 ---- ---- lock(cpu_hotplug_lock.rw_sem); lock((complete)&rcu.completion); lock((&(&key->work)->work)); unlock((complete)&rcu.completion); *** DEADLOCK *** 3 locks held by kworker/0:2/3380: #0: ("events_power_efficient"){.+.+}, at: [] __write_once_size include/linux/compiler.h:305 [inline] #0: ("events_power_efficient"){.+.+}, at: [] atomic64_set arch/x86/include/asm/atomic64_64.h:33 [inline] #0: ("events_power_efficient"){.+.+}, at: [] atomic_long_set include/asm-generic/atomic-long.h:56 [inline] #0: ("events_power_efficient"){.+.+}, at: [] set_work_data kernel/workqueue.c:617 [inline] #0: ("events_power_efficient"){.+.+}, at: [] set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: ("events_power_efficient"){.+.+}, at: [] process_one_work+0xad4/0x1be0 kernel/workqueue.c:2090 #1: ((&(&sdp->work)->work)){+.+.}, at: [] process_one_work+0xb2c/0x1be0 kernel/workqueue.c:2094 #2: (&x->wait#5){....}, at: [] complete+0x18/0x80 kernel/sched/completion.c:34 stack backtrace: CPU: 0 PID: 3380 Comm: kworker/0:2 Not tainted 4.13.0-rc6-next-20170824+ #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Workqueue: events_power_efficient srcu_invoke_callbacks Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 print_circular_bug+0x503/0x710 kernel/locking/lockdep.c:1259 check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894 commit_xhlock kernel/locking/lockdep.c:5002 [inline] commit_xhlocks kernel/locking/lockdep.c:5046 [inline] lock_commit_crosslock+0xe73/0x1d10 kernel/locking/lockdep.c:5085 complete_release_commit include/linux/completion.h:49 [inline] complete+0x24/0x80 kernel/sched/completion.c:39 wakeme_after_rcu+0xd/0x10 kernel/rcu/update.c:376 srcu_invoke_callbacks+0x280/0x4d0 kernel/rcu/srcutree.c:1161 process_one_work+0xbfd/0x1be0 kernel/workqueue.c:2098 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 netlink: 64 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 14 bytes leftover after parsing attributes in process `syz-executor5'. kauditd_printk_skb: 9 callbacks suppressed audit: type=1326 audit(1503591350.853:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=10251 comm="syz-executor3" exe="/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0x50000 audit: type=1326 audit(1503591350.853:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=10251 comm="syz-executor3" exe="/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0x50000 audit: type=1326 audit(1503591350.853:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=10251 comm="syz-executor3" exe="/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0x50000 audit: type=1326 audit(1503591350.853:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=10251 comm="syz-executor3" exe="/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0x50000 audit: type=1326 audit(1503591350.853:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=10251 comm="syz-executor3" exe="/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0x50000 audit: type=1326 audit(1503591350.853:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=10251 comm="syz-executor3" exe="/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0x50000 audit: type=1326 audit(1503591350.853:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=10251 comm="syz-executor3" exe="/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0x50000 audit: type=1326 audit(1503591350.854:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=10251 comm="syz-executor3" exe="/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0x50000 audit: type=1326 audit(1503591350.854:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=10251 comm="syz-executor3" exe="/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0x50000 audit: type=1326 audit(1503591350.854:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=10251 comm="syz-executor3" exe="/syz-executor3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0x50000 sg_write: data in/out 1161363419/4052 bytes for SCSI command 0x86-- guessing data in; program syz-executor0 not setting count and/or reply_len properly sg_write: data in/out 1161363419/4052 bytes for SCSI command 0x86-- guessing data in; program syz-executor0 not setting count and/or reply_len properly sctp: [Deprecated]: syz-executor0 (pid 10456) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead 9pnet_virtio: no channels available for device ./file0 sctp: [Deprecated]: syz-executor0 (pid 10475) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead 9pnet_virtio: no channels available for device ./file0 device lo entered promiscuous mode QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl sg_write: data in/out 131038/42 bytes for SCSI command 0xa1-- guessing data in; program syz-executor0 not setting count and/or reply_len properly sg_write: data in/out 131038/42 bytes for SCSI command 0xa1-- guessing data in; program syz-executor0 not setting count and/or reply_len properly PF_BRIDGE: RTM_NEWNEIGH with invalid ifindex PF_BRIDGE: RTM_NEWNEIGH with invalid ifindex sock: sock_set_timeout: `syz-executor2' (pid 10874) tries to set negative timeout syz-executor2: vmalloc: allocation failure: 4833356120 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor2 cpuset=/ mems_allowed=0-1 CPU: 2 PID: 10874 Comm: syz-executor2 Not tainted 4.13.0-rc6-next-20170824+ #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254 __vmalloc_node_range+0x599/0x730 mm/vmalloc.c:1781 __vmalloc_node mm/vmalloc.c:1810 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1832 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:529 [inline] kvmalloc_array include/linux/mm.h:545 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:692 do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline] do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1669 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1251 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2735 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2973 SYSC_setsockopt net/socket.c:1852 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1831 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x446749 RSP: 002b:00007f1eb2d8fc08 EFLAGS: 00000296 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000017 RCX: 0000000000446749 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000017 RBP: 00000000007080a8 R08: 0000000000000056 R09: 0000000000000000 R10: 0000000020006000 R11: 0000000000000296 R12: 00000000ffffffff R13: 0000000000005e90 R14: 00000000006e7f50 R15: 000000002090f000 Mem-Info: active_anon:99058 inactive_anon:43 isolated_anon:0 active_file:3573 inactive_file:4671 isolated_file:0 unevictable:0 dirty:95 writeback:0 unstable:0 slab_reclaimable:5702 slab_unreclaimable:30445 mapped:20880 shmem:59 pagetables:796 bounce:0 free:248997 free_pcp:1083 free_cma:0 Node 0 active_anon:89584kB inactive_anon:92kB active_file:9776kB inactive_file:11728kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:45604kB dirty:308kB writeback:0kB shmem:124kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 1 active_anon:304380kB inactive_anon:84kB active_file:4516kB inactive_file:6960kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:37916kB dirty:140kB writeback:0kB shmem:116kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 36864kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:640kB low:800kB high:960kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 886 886 886 Node 0 DMA32 free:670748kB min:36536kB low:45668kB high:54800kB active_anon:89584kB inactive_anon:92kB active_file:9776kB inactive_file:11728kB unevictable:0kB writepending:308kB present:1032192kB managed:909748kB mlocked:0kB kernel_stack:2816kB pagetables:1236kB bounce:0kB free_pcp:2436kB local_pcp:716kB free_cma:0kB QAT: Invalid ioctl lowmem_reserve[]: 0 0 0 0 Node 1 DMA32 free:301260kB min:30404kB low:38004kB high:45604kB active_anon:314652kB inactive_anon:84kB active_file:4516kB inactive_file:6980kB unevictable:0kB writepending:140kB present:1048560kB managed:755216kB mlocked:0kB kernel_stack:2336kB pagetables:1796kB bounce:0kB free_pcp:1832kB local_pcp:188kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 293*4kB (UME) 188*8kB (UME) 122*16kB (UME) 189*32kB (UME) 167*64kB (UME) 33*128kB (UME) 18*256kB (UME) 13*512kB (UME) 11*1024kB (UM) 6*2048kB (UM) 149*4096kB (UM) = 670708kB Node 1 DMA32: 265*4kB (UME) 275*8kB (UME) 843*16kB (UME) 1127*32kB (UME) 684*64kB (UME) 119*128kB (UM) 28*256kB (UME) 14*512kB (U) 5*1024kB (UME) 3*2048kB (ME) 41*4096kB (UM) = 305356kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 8309 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 524186 pages RAM 0 pages HighMem/MovableOnly sock: sock_set_timeout: `syz-executor2' (pid 10883) tries to set negative timeout syz-executor2: vmalloc: allocation failure: 4833356120 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor2 cpuset=/ mems_allowed=0-1 CPU: 0 PID: 10883 Comm: syz-executor2 Not tainted 4.13.0-rc6-next-20170824+ #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254 __vmalloc_node_range+0x599/0x730 mm/vmalloc.c:1781 __vmalloc_node mm/vmalloc.c:1810 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1832 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:529 [inline] kvmalloc_array include/linux/mm.h:545 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:692 do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline] do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1669 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1251 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2735 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2973 SYSC_setsockopt net/socket.c:1852 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1831 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x446749 RSP: 002b:00007f1eb2ceac08 EFLAGS: 00000296 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 000000000000001e RCX: 0000000000446749 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 000000000000001e RBP: 00000000007083f0 R08: 0000000000000056 R09: 0000000000000000 R10: 0000000020006000 R11: 0000000000000296 R12: 00000000ffffffff R13: 0000000000005030 R14: 00000000006e70f0 R15: 0000000000000001 syz-executor1: vmalloc: allocation failure: 4833356120 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor1 cpuset=/ mems_allowed=0-1 CPU: 1 PID: 10893 Comm: syz-executor1 Not tainted 4.13.0-rc6-next-20170824+ #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254 __vmalloc_node_range+0x599/0x730 mm/vmalloc.c:1781 __vmalloc_node mm/vmalloc.c:1810 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1832 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:529 [inline] kvmalloc_array include/linux/mm.h:545 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:692 do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline] do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1669 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1251 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2735 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2973 SYSC_setsockopt net/socket.c:1852 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1831 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x446749 RSP: 002b:00007fc058cc2c08 EFLAGS: 00000296 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000018 RCX: 0000000000446749 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000018 RBP: 0000000000708000 R08: 0000000000000056 R09: 0000000000000000 R10: 0000000020006000 R11: 0000000000000296 R12: 00000000ffffffff R13: 00000000000056b0 R14: 00000000006e7770 R15: 0000200000000004 device lo left promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready syz-executor1: vmalloc: allocation failure: 4833356120 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor1 cpuset=/ mems_allowed=0-1 CPU: 3 PID: 10898 Comm: syz-executor1 Not tainted 4.13.0-rc6-next-20170824+ #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254 __vmalloc_node_range+0x599/0x730 mm/vmalloc.c:1781 __vmalloc_node mm/vmalloc.c:1810 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1832 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:529 [inline] kvmalloc_array include/linux/mm.h:545 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:692 do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline] do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1669 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1251 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2735 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2973 SYSC_setsockopt net/socket.c:1852 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1831 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x446749 RSP: 002b:00007fc058ca1c08 EFLAGS: 00000296 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000022 RCX: 0000000000446749 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000022 RBP: 00000000007080a8 R08: 0000000000000056 R09: 0000000000000000 R10: 0000000020006000 R11: 0000000000000296 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fc058ca29c0 R15: 00007fc058ca2700 syz-executor1: vmalloc: allocation failure: 4833356120 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor1 cpuset=/ mems_allowed=0-1 CPU: 1 PID: 10924 Comm: syz-executor1 Not tainted 4.13.0-rc6-next-20170824+ #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254 __vmalloc_node_range+0x599/0x730 mm/vmalloc.c:1781 __vmalloc_node mm/vmalloc.c:1810 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1832 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:529 [inline] kvmalloc_array include/linux/mm.h:545 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:692 do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline] do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1669 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1251 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2735 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2973 SYSC_setsockopt net/socket.c:1852 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1831 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x446749 RSP: 002b:00007fc058cc2c08 EFLAGS: 00000296 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000018 RCX: 0000000000446749 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000018 RBP: 0000000000708000 R08: 0000000000000056 R09: 0000000000000000 R10: 0000000020006000 R11: 0000000000000296 R12: 00000000ffffffff R13: 00000000000056b0 R14: 00000000006e7770 R15: 0000200000000004 syz-executor1: vmalloc: allocation failure: 4833356120 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor1 cpuset=/ mems_allowed=0-1 CPU: 1 PID: 10934 Comm: syz-executor1 Not tainted 4.13.0-rc6-next-20170824+ #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3254 __vmalloc_node_range+0x599/0x730 mm/vmalloc.c:1781 __vmalloc_node mm/vmalloc.c:1810 [inline] __vmalloc_node_flags_caller+0x50/0x60 mm/vmalloc.c:1832 kvmalloc_node+0x82/0xd0 mm/util.c:406 kvmalloc include/linux/mm.h:529 [inline] kvmalloc_array include/linux/mm.h:545 [inline] xt_alloc_entry_offsets+0x21/0x30 net/netfilter/x_tables.c:774 translate_table+0x235/0x1610 net/ipv4/netfilter/ip_tables.c:692 do_replace net/ipv4/netfilter/ip_tables.c:1135 [inline] do_ipt_set_ctl+0x34b/0x5c0 net/ipv4/netfilter/ip_tables.c:1669 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1251 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2735 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2973 SYSC_setsockopt net/socket.c:1852 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1831 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x446749 RSP: 002b:00007fc058c80c08 EFLAGS: 00000296 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000021 RCX: 0000000000446749 RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000021 RBP: 0000000000a5f870 R08: 0000000000000056 R09: 0000000000000000 R10: 0000000020006000 R11: 0000000000000296 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fc058c819c0 R15: 00007fc058c81700 103968 pages reserved sctp: [Deprecated]: syz-executor0 (pid 11013) Use of int in max_burst socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor0 (pid 11023) Use of int in max_burst socket option. Use struct sctp_assoc_value instead QAT: Invalid ioctl QAT: Invalid ioctl sg_write: data in/out 327646/42 bytes for SCSI command 0xa1-- guessing data in; program syz-executor1 not setting count and/or reply_len properly sg_write: data in/out 327646/42 bytes for SCSI command 0xa1-- guessing data in; program syz-executor1 not setting count and/or reply_len properly device bond0 entered promiscuous mode kauditd_printk_skb: 2893 callbacks suppressed audit: type=1326 audit(1503591356.460:2950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=11548 comm="syz-executor3" exe="/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0xffff0000 audit: type=1326 audit(1503591356.561:2951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=11548 comm="syz-executor3" exe="/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x446749 code=0xffff0000 RDS: rds_bind could not find a transport for 172.20.4.187, load rds_tcp or rds_rdma? nla_parse: 20 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. RDS: rds_bind could not find a transport for 172.20.4.187, load rds_tcp or rds_rdma? netlink: 11 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor6'. kvm [11828]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0x186 data 0x8 kvm [11828]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0x186 data 0x8