[] entry_SYSCALL_64_fastpath+0x23/0xc6 BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor1/7854 binder: 7855:7860 ERROR: BC_REGISTER_LOOPER called without request binder: 7855:7860 IncRefs 0 refcount change on invalid ref 131 ret -22 binder: 7855:7860 DecRefs 0 refcount change on invalid ref 0 ret -22 binder: 7855:7860 unknown command 0 binder: 7855:7860 ioctl c0306201 20000000 returned -22 binder: 7855:7860 ERROR: BC_REGISTER_LOOPER called without request binder: 7855:7860 IncRefs 0 refcount change on invalid ref 131 ret -22 binder: 7855:7860 DecRefs 0 refcount change on invalid ref 0 ret -22 binder: 7855:7860 unknown command 0 binder: 7855:7860 ioctl c0306201 20000000 returned -22 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7870 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d8c57480 ffffffff81d90889 ffff8801d8c57760 0000000000000000 ffff8801d5a04e90 ffff8801d8c57650 ffff8801d5a04d80 ffff8801d8c57678 ffffffff8165e497 0000000000007d27 ffff8801cc43a118 ffff8801cc43a0a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_ip_setsockopt.isra.12+0x1977/0x2960 net/ipv4/ip_sockglue.c:1151 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: 7881:7882 ioctl 40046205 1fc returned -22 binder: 7881:7882 ERROR: BC_REGISTER_LOOPER called without request binder: 7881:7882 BC_ACQUIRE_DONE u0000000000000000 no match binder: 7881:7882 got reply transaction with no transaction stack binder: 7881:7882 transaction failed 29201/-71, size 48-40 line 2923 binder: 7881:7895 ioctl 40046205 1fc returned -22 binder: 7881:7885 ERROR: BC_REGISTER_LOOPER called without request binder: 7881:7885 BC_ACQUIRE_DONE u0000000000000000 no match binder: 7881:7885 got reply transaction with no transaction stack binder: 7881:7885 transaction failed 29201/-71, size 48-40 line 2923 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7898 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d19af860 ffffffff81d90889 ffff8801d19afb40 0000000000000000 ffff8801d5a05490 ffff8801d19afa30 ffff8801d5a05380 ffff8801d19afa58 ffffffff8165e497 0000000000007d81 ffff8801d9af68f0 ffff8801d9af68a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 CPU: 0 PID: 7854 Comm: syz-executor1 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a4b976d8 ffffffff81d90889 0000000000000000 ffffffff83c17800 ffffffff83f42ec0 ffff8801a4404800 0000000000000003 ffff8801a4b97718 ffffffff81df7854 ffff8801a4b97730 ffffffff83f42ec0 dffffc0000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46 [] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62 [] ipcomp_alloc_tfms net/xfrm/xfrm_ipcomp.c:286 [inline] [] ipcomp_init_state+0x188/0x930 net/xfrm/xfrm_ipcomp.c:363 [] ipcomp4_init_state+0xb0/0x7d0 net/ipv4/ipcomp.c:137 [] __xfrm_init_state+0x3e7/0xb30 net/xfrm/xfrm_state.c:2096 [] xfrm_init_state+0x1a/0x20 net/xfrm/xfrm_state.c:2122 [] pfkey_msg2xfrm_state net/key/af_key.c:1281 [inline] [] pfkey_add+0x1fb9/0x3470 net/key/af_key.c:1498 [] pfkey_process+0x61e/0x730 net/key/af_key.c:2826 [] pfkey_sendmsg+0x3a9/0x760 net/key/af_key.c:3670 [] sock_sendmsg_nosec net/socket.c:635 [inline] [] sock_sendmsg+0xca/0x110 net/socket.c:645 [] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1968 [] __sys_sendmsg+0xd6/0x190 net/socket.c:2002 [] SYSC_sendmsg net/socket.c:2013 [inline] [] SyS_sendmsg+0x2d/0x50 net/socket.c:2009 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7933 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d012f480 ffffffff81d90889 ffff8801d012f760 0000000000000000 ffff8801a50c4710 ffff8801d012f650 ffff8801a50c4600 ffff8801d012f678 ffffffff8165e497 0000000000007d27 ffff8801d0120918 ffff8801d01208a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_ip_setsockopt.isra.12+0x1977/0x2960 net/ipv4/ip_sockglue.c:1151 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Option 'tÅgæ©Âˆ‹²ða9mÄ¼w&€ èå[Ž% é¢Së¯íMÂ?¶4 æ-' to dns_resolver key: bad/missing value Option 'tÅgæ©Âˆ‹²ða9mÄ¼w&€ èå[Ž% é¢Së¯íMÂ?¶4 æ-' to dns_resolver key: bad/missing value CPU: 1 PID: 7919 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c6aff860 ffffffff81d90889 ffff8801c6affb40 0000000000000000 ffff8801a50c4710 ffff8801c6affa30 ffff8801a50c4600 ffff8801c6affa58 ffffffff8165e497 0000000000007d81 ffff8801cd7208f0 ffff8801cd7208a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 8008 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d8baf860 ffffffff81d90889 ffff8801d8bafb40 0000000000000000 ffff8801d5a05c10 ffff8801d8bafa30 ffff8801d5a05b00 ffff8801d8bafa58 ffffffff8165e497 0000000000007d81 ffff8801d8b938f0 ffff8801d8b938a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 8045 Comm: syz-executor2 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cd66f9a0 ffffffff81d90889 ffff8801cd66fc80 0000000000000000 ffff8801d5a05f10 ffff8801cd66fb70 ffff8801d5a05e00 ffff8801cd66fb98 ffffffff8165e497 0000000000007d81 ffff8801cd6608f0 ffff8801cd6608a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 8038 Comm: syz-executor2 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cd7d78a0 ffffffff81d90889 ffff8801cd7d7b80 0000000000000000 ffff8801d5a05f10 ffff8801cd7d7a70 ffff8801d5a05e00 ffff8801cd7d7a98 ffffffff8165e497 0000000000007d81 ffff8801cd7f50f0 ffff8801cd7f50a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 8041 Comm: syz-executor2 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cf20f8f0 ffffffff81d90889 ffff8801cf20fbd0 0000000000000000 ffff8801d5a05f10 ffff8801cf20fac0 ffff8801d5a05e00 ffff8801cf20fae8 ffffffff8165e497 0000000000007d81 ffff8801a385a0f0 ffff8801a385a0a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. binder: 8214:8221 got transaction with invalid parent offset or type binder: 8214:8221 transaction failed 29201/-22, size 80-16 line 3315 binder_alloc: binder_alloc_mmap_handler: 8214 20000000-20002000 already mapped failed -16 selinux_nlmsg_perm: 1 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=8256 comm=syz-executor6 binder: BINDER_SET_CONTEXT_MGR already set binder: 8214:8221 ioctl 40046207 0 returned -16 binder_alloc: 8214: binder_alloc_buf, no vma binder: 8214:8221 transaction failed 29189/-3, size 80-16 line 3130 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=8256 comm=syz-executor6 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder: 8321:8328 got reply transaction with no transaction stack binder: 8321:8328 transaction failed 29201/-71, size 88-8 line 2923 device eql entered promiscuous mode binder: 8321:8340 Acquire 1 refcount change on invalid ref 1 ret -22 binder: 8321:8340 got transaction to invalid handle binder: 8321:8340 transaction failed 29201/-22, size 64-32 line 3007 binder: 8321:8340 got transaction with invalid offset (120, min 0 max 0) or object. binder: 8321:8340 transaction failed 29201/-22, size 0-48 line 3193 binder: 8321:8340 BC_CLEAR_DEATH_NOTIFICATION invalid ref 2 binder: 8321:8340 BC_FREE_BUFFER u000000002000c000 no match binder: 8321:8387 got reply transaction with no transaction stack binder: 8321:8387 transaction failed 29201/-71, size 88-8 line 2923 binder: BINDER_SET_CONTEXT_MGR already set binder: 8321:8362 ioctl 40046207 0 returned -16 binder: 8321:8387 Acquire 1 refcount change on invalid ref 1 ret -22 binder: 8321:8387 got transaction to invalid handle binder: 8321:8387 transaction failed 29201/-22, size 64-32 line 3007 binder_alloc: 8321: binder_alloc_buf, no vma binder: 8321:8387 transaction failed 29189/-3, size 0-48 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 Option 'tÅgæ©Âˆ‹²ða9mÄ¼w&€ èå[Ž% é¢Së¯íMÂ?¶4 æ-' to dns_resolver key: bad/missing value netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. program syz-executor2 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 program syz-executor2 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 handle_userfault: 8 callbacks suppressed FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 8539 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c3c57480 ffffffff81d90889 ffff8801c3c57760 0000000000000000 ffff8801d1ddc410 ffff8801c3c57650 ffff8801d1ddc300 ffff8801c3c57678 ffffffff8165e497 0000000000007d27 ffff8801d926d118 ffff8801d926d0a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 binder: 8579:8580 ioctl 85 20416000 returned -22 binder: 8579:8580 ioctl 4b4a 2022e000 returned -22 binder: 8579:8580 IncRefs 0 refcount change on invalid ref 2 ret -22 binder: 8579:8580 Acquire 1 refcount change on invalid ref 4 ret -22 binder: 8579:8580 unknown command 0 binder: 8579:8580 ioctl c0306201 20000fd0 returned -22 binder: 8579:8582 ioctl 85 20416000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 8579:8582 ioctl 40046207 0 returned -16 binder: 8579:8582 ioctl 4b4a 2022e000 returned -22 [] do_ip_setsockopt.isra.12+0x1977/0x2960 net/ipv4/ip_sockglue.c:1151 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 syz-executor6 (8594): /proc/8592/oom_adj is deprecated, please use /proc/8592/oom_score_adj instead. FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 8551 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a7d67860 ffffffff81d90889 ffff8801a7d67b40 0000000000000000 ffff8801d1ddc590 ffff8801a7d67a30 ffff8801d1ddc480 ffff8801a7d67a58 ffffffff8165e497 0000000000007d81 ffff8801c71138f0 ffff8801c71138a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 8630 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d9687480 ffffffff81d90889 ffff8801d9687760 0000000000000000 ffff8801a50c5f10 ffff8801d9687650 ffff8801a50c5e00 ffff8801d9687678 ffffffff8165e497 0000000000007d27 ffff8801a928b918 ffff8801a928b8a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 netlink: 73 bytes leftover after parsing attributes in process `syz-executor2'. [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_ip_setsockopt.isra.12+0x1977/0x2960 net/ipv4/ip_sockglue.c:1151 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 8711 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d569f480 ffffffff81d90889 ffff8801d569f760 0000000000000000 ffff8801d1ddc290 ffff8801d569f650 ffff8801d1ddc180 ffff8801d569f678 ffffffff8165e497 0000000000007d27 ffff8801c4b2e918 ffff8801c4b2e8a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_ip_setsockopt.isra.12+0x1977/0x2960 net/ipv4/ip_sockglue.c:1151 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode sock: process `syz-executor1' is using obsolete getsockopt SO_BSDCOMPAT device lo left promiscuous mode CPU: 0 PID: 8696 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d9687860 ffffffff81d90889 ffff8801d9687b40 0000000000000000 ffff8801d1ddc290 ffff8801d9687a30 ffff8801d1ddc180 ffff8801d9687a58 ffffffff8165e497 0000000000007d81 ffff8801c5a508f0 ffff8801c5a508a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: 8789:8796 got reply transaction with no transaction stack binder: 8789:8796 transaction failed 29201/-71, size 2-1144397507205 line 2923 device gre0 entered promiscuous mode binder: 8789:8807 Acquire 1 refcount change on invalid ref 1 ret -22 binder: 8789:8807 got transaction to invalid handle binder: 8789:8807 transaction failed 29201/-22, size 64-32 line 3007 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 8806 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cf73f480 ffffffff81d90889 ffff8801cf73f760 0000000000000000 ffff8801d5a05d90 ffff8801cf73f650 ffff8801d5a05c80 ffff8801cf73f678 ffffffff8165e497 0000000000007d27 ffff8801a61ad118 ffff8801a61ad0a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_ip_setsockopt.isra.12+0x1977/0x2960 net/ipv4/ip_sockglue.c:1151 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 8795 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d53cf860 ffffffff81d90889 ffff8801d53cfb40 0000000000000000 ffff8801d5a05d90 ffff8801d53cfa30 ffff8801d5a05c80 ffff8801d53cfa58 ffffffff8165e497 0000000000007d81 ffff8801a61aa0f0 ffff8801a61aa0a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 73 bytes leftover after parsing attributes in process `syz-executor2'. binder: send failed reply for transaction 92 to 8789:8807 binder: 8789:8796 ioctl c0306201 2000efd0 returned -14 netlink: 73 bytes leftover after parsing attributes in process `syz-executor2'. binder: 8789:8807 BC_CLEAR_DEATH_NOTIFICATION invalid ref 2 binder: 8789:8807 BC_FREE_BUFFER u000000002000c000 matched unreturned buffer FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 8806 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cf73f860 ffffffff81d90889 ffff8801cf73fb40 0000000000000000 ffff8801d1ddd310 ffff8801cf73fa30 ffff8801d1ddd200 ffff8801cf73fa58 ffffffff8165e497 0000000000007d81 ffff8801a61ad0f0 ffff8801a61ad0a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: 8789:8832 got reply transaction with no transaction stack binder: 8789:8832 transaction failed 29201/-71, size 2-1144397507205 line 2923 binder: BINDER_SET_CONTEXT_MGR already set binder: 8789:8807 ioctl 40046207 0 returned -16 binder: 8789:8807 Acquire 1 refcount change on invalid ref 1 ret -22 binder: 8789:8807 got transaction to invalid handle binder: 8789:8807 transaction failed 29201/-22, size 64-32 line 3007 binder_alloc: 8789: binder_alloc_buf, no vma binder: 8789:8807 transaction failed 29189/-3, size 0-0 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 8852 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cf50f480 ffffffff81d90889 ffff8801cf50f760 0000000000000000 ffff8801d5a05490 ffff8801cf50f650 ffff8801d5a05380 ffff8801cf50f678 ffffffff8165e497 0000000000007d27 ffff8801c498e918 ffff8801c498e8a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_ip_setsockopt.isra.12+0x1977/0x2960 net/ipv4/ip_sockglue.c:1151 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1240 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 8840 Comm: syz-executor5 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d4db7860 ffffffff81d90889 ffff8801d4db7b40 0000000000000000 ffff8801d5a05490 ffff8801d4db7a30 ffff8801d5a05380 ffff8801d4db7a58 ffffffff8165e497 0000000000007d81 ffff8801c498a0f0 ffff8801c498a0a0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. sock: sock_set_timeout: `syz-executor0' (pid 8918) tries to set negative timeout sock: sock_set_timeout: `syz-executor0' (pid 8930) tries to set negative timeout netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8921 comm=syz-executor2 netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. syz-executor6: vmalloc: allocation failure: 17177772032 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 8974 Comm: syz-executor6 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d891f880 ffffffff81d90889 1ffff1003b123f13 ffff8801cf5d6000 ffffffff83ab7dc0 0000000000000001 0000000000400000 ffff8801d891f990 ffffffff8144eb82 024000c200000003 0000000041b58ab3 ffffffff84191625 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3056 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e80 net/ipv6/netfilter/ip6_tables.c:730 [] ? 0xffffffff810002b8 [] do_replace net/ipv6/netfilter/ip6_tables.c:1182 [inline] [] do_ip6t_set_ctl+0x2be/0x470 net/ipv6/netfilter/ip6_tables.c:1708 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:911 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:89671 inactive_anon:39 isolated_anon:0 active_file:3682 inactive_file:7393 isolated_file:0 unevictable:0 dirty:55 writeback:37 unstable:0 slab_reclaimable:5812 slab_unreclaimable:28693 mapped:22887 shmem:48 pagetables:764 bounce:0 free:1472241 free_pcp:392 free_cma:0 Node 0 active_anon:356636kB inactive_anon:156kB active_file:14728kB inactive_file:29572kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91548kB dirty:220kB writeback:148kB shmem:192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 18432kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2910 6411 6411 DMA32 free:2981148kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:696kB local_pcp:648kB free_cma:0kB syz-executor6: vmalloc: allocation failure: 17177772032 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 8985 Comm: syz-executor6 Not tainted 4.9.68-gfb66dc2 #107 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cf4e7880 ffffffff81d90889 1ffff10039e9cf13 ffff8801cf030000 ffffffff83ab7dc0 0000000000000001 0000000000400000 ffff8801cf4e7990 ffffffff8144eb82 024000c200000003 0000000041b58ab3 ffffffff84191625 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3056 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e80 net/ipv6/netfilter/ip6_tables.c:730 [] ? 0xffffffff810002b8 [] do_replace net/ipv6/netfilter/ip6_tables.c:1182 [inline] [] do_ip6t_set_ctl+0x2be/0x470 net/ipv6/netfilter/ip6_tables.c:1708 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:911 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:90201 inactive_anon:39 isolated_anon:0 active_file:3688 inactive_file:7415 isolated_file:0 unevictable:0 dirty:80 writeback:0 unstable:0 slab_reclaimable:5858 slab_unreclaimable:28905 mapped:20814 shmem:48 pagetables:761 bounce:0 free:1470755 free_pcp:367 free_cma:0 Node 0 active_anon:360804kB inactive_anon:156kB active_file:14752kB inactive_file:29660kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:83256kB dirty:320kB writeback:0kB shmem:192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 16384kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB DMA32 free:2981148kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:696kB local_pcp:48kB free_cma:0kB Normal free:2885964kB min:36816kB low:46020kB high:55224kB active_anon:360804kB inactive_anon:156kB active_file:14752kB inactive_file:29660kB unevictable:0kB writepending:320kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:23432kB slab_unreclaimable:115620kB kernel_stack:5696kB pagetables:3044kB bounce:0kB free_pcp:772kB local_pcp:164kB free_cma:0kB DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 11150 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved keychord: keycode 16224 out of range keychord: keycode 16224 out of range lowmem_reserve[]: 0 0 3501 3501 Normal free:2870976kB min:36816kB low:46020kB high:55224kB active_anon:360836kB inactive_anon:156kB active_file:14752kB inactive_file:29664kB unevictable:0kB writepending:344kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:23816kB slab_unreclaimable:133200kB kernel_stack:5344kB pagetables:2980kB bounce:0kB free_pcp:988kB local_pcp:456kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB DMA32: 1*4kB (M) 1*8kB (M) 3*16kB (M) 3*32kB (M) 4*64kB (M) 3*128kB (M) 2*256kB (M) 2*512kB (M) 1*1024kB (M) 2*2048kB (M) 726*4096kB (M) = 2981148kB