Hello, The following program triggers WARNING In kmalloc: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 6754 at mm/page_alloc.c:2989 __alloc_pages_nodemask+0x771/0x15f0() Modules linked in: CPU: 2 PID: 6754 Comm: a.out Not tainted 4.4.0-rc7+ #181 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 00000000ffffffff ffff88006275f5e0 ffffffff8289d9dd 0000000000000000 ffff8800621c8000 ffffffff85dbab40 ffff88006275f620 ffffffff812ebbb9 ffffffff815fc6b1 ffffffff85dbab40 0000000000000bad ffff88006275f8a8 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [<ffffffff8289d9dd>] dump_stack+0x6f/0xa2 lib/dump_stack.c:50 [<ffffffff812ebbb9>] warn_slowpath_common+0xd9/0x140 kernel/panic.c:460 [<ffffffff812ebde9>] warn_slowpath_null+0x29/0x30 kernel/panic.c:493 [< inline >] __alloc_pages_slowpath mm/page_alloc.c:2989 [<ffffffff815fc6b1>] __alloc_pages_nodemask+0x771/0x15f0 mm/page_alloc.c:3235 [<ffffffff816bd74e>] alloc_pages_current+0xee/0x340 mm/mempolicy.c:2055 [< inline >] alloc_pages include/linux/gfp.h:451 [<ffffffff815f8866>] alloc_kmem_pages+0x16/0xf0 mm/page_alloc.c:3414 [<ffffffff8164842f>] kmalloc_order+0x1f/0x80 mm/slab_common.c:1007 [<ffffffff816484af>] kmalloc_order_trace+0x1f/0x140 mm/slab_common.c:1018 [< inline >] kmalloc_large include/linux/slab.h:390 [<ffffffff816ccf0e>] __kmalloc+0x2de/0x330 mm/slub.c:3555 [< inline >] kmalloc include/linux/slab.h:463 [< inline >] kzalloc include/linux/slab.h:602 [<ffffffff85bea75c>] nfc_llcp_send_ui_frame+0xdc/0x3d0 net/nfc/llcp_commands.c:732 [<ffffffff85bebbb0>] llcp_sock_sendmsg+0x250/0x310 net/nfc/llcp_sock.c:782 [< inline >] sock_sendmsg_nosec net/socket.c:610 [<ffffffff84b5cc9a>] sock_sendmsg+0xca/0x110 net/socket.c:620 [<ffffffff84b5eaea>] ___sys_sendmsg+0x72a/0x840 net/socket.c:1946 [<ffffffff84b60aae>] __sys_sendmsg+0xce/0x170 net/socket.c:1980 [< inline >] SYSC_sendmsg net/socket.c:1991 [<ffffffff84b60b7d>] SyS_sendmsg+0x2d/0x50 net/socket.c:1987 [<ffffffff85c8eb36>] entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185 ---[ end trace 62962d1ed2b9f41a ]--- // autogenerated by syzkaller (http://github.com/google/syzkaller) #include <unistd.h> #include <sys/syscall.h> #include <string.h> #include <stdint.h> long r[68]; int main() { memset(r, -1, sizeof(r)); r[0] = syscall(SYS_mmap, 0x20000000ul, 0x20000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul); r[1] = syscall(SYS_socket, 0x27ul, 0x2ul, 0x1ul, 0, 0, 0); *(uint16_t*)0x2000cfa0 = (uint16_t)0x27; *(uint32_t*)0x2000cfa4 = (uint32_t)0x1; *(uint32_t*)0x2000cfa8 = (uint32_t)0x8; *(uint32_t*)0x2000cfac = (uint32_t)0x7; *(uint8_t*)0x2000cfb0 = (uint8_t)0x0; *(uint8_t*)0x2000cfb1 = (uint8_t)0x38; *(uint8_t*)0x2000cfb2 = (uint8_t)0x6; *(uint8_t*)0x2000cfb3 = (uint8_t)0x0; *(uint32_t*)0x2000cfb4 = (uint32_t)0x9; *(uint32_t*)0x2000cfb8 = (uint32_t)0x7; *(uint32_t*)0x2000cfbc = (uint32_t)0x9; *(uint32_t*)0x2000cfc0 = (uint32_t)0xfffffffffffffff7; *(uint32_t*)0x2000cfc4 = (uint32_t)0x8; *(uint32_t*)0x2000cfc8 = (uint32_t)0xcf77; *(uint32_t*)0x2000cfcc = (uint32_t)0x39; *(uint32_t*)0x2000cfd0 = (uint32_t)0x6; *(uint32_t*)0x2000cfd4 = (uint32_t)0x8; *(uint32_t*)0x2000cfd8 = (uint32_t)0x4; *(uint32_t*)0x2000cfdc = (uint32_t)0x4b; *(uint32_t*)0x2000cfe0 = (uint32_t)0x9; *(uint32_t*)0x2000cfe4 = (uint32_t)0x5; *(uint32_t*)0x2000cfe8 = (uint32_t)0x4; *(uint32_t*)0x2000cfec = (uint32_t)0x7; *(uint8_t*)0x2000cff0 = (uint8_t)0xfffffffffffffffd; *(uint64_t*)0x2000cff8 = (uint64_t)0x8; r[27] = syscall(SYS_bind, r[1], 0x2000cfa0ul, 0x60ul, 0, 0, 0); *(uint64_t*)0x20014fc8 = (uint64_t)0x20014000; *(uint32_t*)0x20014fd0 = (uint32_t)0x60; *(uint64_t*)0x20014fd8 = (uint64_t)0x20014000; *(uint64_t*)0x20014fe0 = (uint64_t)0x1; *(uint64_t*)0x20014fe8 = (uint64_t)0x20014000; *(uint64_t*)0x20014ff0 = (uint64_t)0x11; *(uint32_t*)0x20014ff8 = (uint32_t)0x0; *(uint16_t*)0x20014000 = (uint16_t)0x27; *(uint32_t*)0x20014004 = (uint32_t)0x3; *(uint32_t*)0x20014008 = (uint32_t)0x0; *(uint32_t*)0x2001400c = (uint32_t)0x0; *(uint8_t*)0x20014010 = (uint8_t)0x2; *(uint8_t*)0x20014011 = (uint8_t)0x52; *(uint8_t*)0x20014012 = (uint8_t)0x7; *(uint8_t*)0x20014013 = (uint8_t)0x2; *(uint32_t*)0x20014014 = (uint32_t)0x3; *(uint32_t*)0x20014018 = (uint32_t)0x8; *(uint32_t*)0x2001401c = (uint32_t)0x9; *(uint32_t*)0x20014020 = (uint32_t)0xde4; *(uint32_t*)0x20014024 = (uint32_t)0x8; *(uint32_t*)0x20014028 = (uint32_t)0x6; *(uint32_t*)0x2001402c = (uint32_t)0x6850; *(uint32_t*)0x20014030 = (uint32_t)0x24; *(uint32_t*)0x20014034 = (uint32_t)0x0; *(uint32_t*)0x20014038 = (uint32_t)0xffffffffffffffe4; *(uint32_t*)0x2001403c = (uint32_t)0x6; *(uint32_t*)0x20014040 = (uint32_t)0x4e; *(uint32_t*)0x20014044 = (uint32_t)0x6; *(uint32_t*)0x20014048 = (uint32_t)0xf14c; *(uint32_t*)0x2001404c = (uint32_t)0x2; *(uint8_t*)0x20014050 = (uint8_t)0x1; *(uint64_t*)0x20014058 = (uint64_t)0x3e; *(uint64_t*)0x20014000 = (uint64_t)0x20014000; *(uint64_t*)0x20014008 = (uint64_t)0xd2; *(uint64_t*)0x20014000 = (uint64_t)0x11; *(uint32_t*)0x20014008 = (uint32_t)0x4; *(uint32_t*)0x2001400c = (uint32_t)0x9; *(uint8_t*)0x20014010 = (uint8_t)0x0; r[67] = syscall(SYS_sendmsg, r[1], 0x20014fc8ul, 0x80ul, 0, 0, 0); return 0; } On commit 8513342170278468bac126640a5d2d12ffbff106 (Dec 28). -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
