BUG: Bad rss-counter state mm:00000000c9a471c0 idx:0 val:10 BUG: Bad rss-counter state mm:0000000023b21441 idx:0 val:10 device gre0 entered promiscuous mode QAT: Invalid ioctl device gre0 entered promiscuous mode sctp: [Deprecated]: syz-executor4 (pid 11053) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor4 (pid 11059) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead device gre0 entered promiscuous mode device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=11072 comm=syz-executor2 netlink: 'syz-executor2': attribute type 2 has an invalid length. netlink: 'syz-executor2': attribute type 2 has an invalid length. netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 'syz-executor0': attribute type 1 has an invalid length. netlink: 'syz-executor0': attribute type 1 has an invalid length. kauditd_printk_skb: 87 callbacks suppressed audit: type=1326 audit(1513635551.528:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11286 comm="syz-executor2" exe="/root/syz-executor2" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x0 audit: type=1326 audit(1513635551.611:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11286 comm="syz-executor2" exe="/root/syz-executor2" sig=9 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x0 audit: type=1326 audit(1513635551.682:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11356 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x0 netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. audit: type=1326 audit(1513635551.765:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11356 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x0 binder: BINDER_SET_CONTEXT_MGR already set binder: 11377:11423 ioctl 40046207 0 returned -16 binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 71, process died. device gre0 entered promiscuous mode audit: type=1326 audit(1513635551.935:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11478 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513635551.935:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11478 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=29 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513635551.935:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11478 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513635551.935:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11478 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513635551.935:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11478 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 audit: type=1326 audit(1513635551.935:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11478 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452a09 code=0x7ffc0000 netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. binder: 11616:11624 ERROR: BC_REGISTER_LOOPER called without request binder: 11624 RLIMIT_NICE not set netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'. binder: 11624 RLIMIT_NICE not set binder: 11624 RLIMIT_NICE not set binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 74, process died. BUG: Bad rss-counter state mm:000000008029789f idx:0 val:171 BUG: Bad rss-counter state mm:000000008029789f idx:1 val:39 BUG: non-zero pgtables_bytes on freeing mm: 40960 binder: 11616:11624 ERROR: BC_REGISTER_LOOPER called without request binder: 11624 RLIMIT_NICE not set binder_alloc: 11616: binder_alloc_buf, no vma binder: 11616:11647 transaction failed 29189/-3, size 0-0 line 2947 binder: 11616:11624 got reply transaction with no transaction stack binder: 11616:11624 transaction failed 29201/-71, size 32-8 line 2747 netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. binder: undelivered TRANSACTION_ERROR: 29201 binder: binder_mmap: 11885 20d54000-20d58000 bad vm_flags failed -1 PF_BRIDGE: br_mdb_parse() with invalid ifindex PF_BRIDGE: br_mdb_parse() with invalid ifindex binder: 11885:11891 ERROR: BC_REGISTER_LOOPER called without request binder: 11885:11891 ERROR: BC_ENTER_LOOPER called after BC_REGISTER_LOOPER binder: 11885:11891 BC_INCREFS_DONE u0000000000000000 no match binder_alloc: binder_alloc_mmap_handler: 11895 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 11895:11902 ioctl 40046207 0 returned -16 binder_alloc: 11895: binder_alloc_buf, no vma binder: 11895:11896 transaction failed 29189/-3, size 24-0 line 2947 binder: binder_mmap: 11885 20d54000-20d58000 bad vm_flags failed -1 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 81, process died. binder: 11885:11911 unknown command 1818587951 binder: 11885:11911 ioctl c0306201 20000fd0 returned -22 binder: 11885:11891 unknown command 1040256985 binder: 11885:11891 ioctl c0306201 20000fd0 returned -22 device gre0 entered promiscuous mode binder: 12217:12221 ERROR: BC_REGISTER_LOOPER called without request binder: 12221 RLIMIT_NICE not set binder: 12221 RLIMIT_NICE not set binder: BINDER_SET_CONTEXT_MGR already set binder: 12217:12233 ioctl 40046207 0 returned -16 binder: 12217:12221 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 12217: binder_alloc_buf, no vma binder: 12217:12233 transaction failed 29189/-3, size 0-0 line 2947 binder: 12221 RLIMIT_NICE not set binder: undelivered TRANSACTION_ERROR: 29189 binder: release 12217:12233 transaction 84 out, still active binder: undelivered TRANSACTION_COMPLETE binder: release 12217:12221 transaction 84 in, still active binder: send failed reply for transaction 84, target dead general protection fault: 0000 [#1] SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 12382 Comm: syz-executor0 Not tainted 4.15.0-rc3-next-20171214+ #67 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:native_write_cr4+0x4/0x10 arch/x86/include/asm/special_insns.h:76 RSP: 0018:ffffc9000101fb10 EFLAGS: 00010093 RAX: ffff8802004242c0 RBX: 00000000001606e0 RCX: ffffffff8108d968 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000001606e0 RBP: ffffc9000101fb10 R08: 0000000000000001 R09: 0000000000000004 R10: ffffc9000101fb30 R11: 0000000000000004 R12: 0000000000000093 R13: ffff8802004242c0 R14: ffff8802083200d0 R15: ffff880208320098 FS: 00007f5ca7b62700(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f6d98297000 CR3: 000000000301e004 CR4: 00000000001626e0 Call Trace: __write_cr4 arch/x86/include/asm/paravirt.h:76 [inline] __cr4_set arch/x86/include/asm/tlbflush.h:252 [inline] cr4_clear_bits arch/x86/include/asm/tlbflush.h:275 [inline] kvm_cpu_vmxoff arch/x86/kvm/vmx.c:3582 [inline] hardware_disable+0x1a0/0x210 arch/x86/kvm/vmx.c:3588 kvm_arch_hardware_disable+0x14/0x50 arch/x86/kvm/x86.c:7983 hardware_disable_nolock+0x30/0x40 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3291 on_each_cpu+0x86/0x110 kernel/smp.c:604 hardware_disable_all_nolock+0x3e/0x50 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3309 hardware_disable_all arch/x86/kvm/../../../virt/kvm/kvm_main.c:3315 [inline] kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:742 [inline] kvm_put_kvm+0x349/0x4a0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:755 kvm_vm_release+0x24/0x30 arch/x86/kvm/../../../virt/kvm/kvm_main.c:766 __fput+0x120/0x270 fs/file_table.c:209 ____fput+0x15/0x20 fs/file_table.c:243 task_work_run+0xa3/0xe0 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x3e6/0x1050 kernel/exit.c:869 do_group_exit+0x60/0x100 kernel/exit.c:972 get_signal+0x36c/0xad0 kernel/signal.c:2337 do_signal+0x23/0x670 arch/x86/kernel/signal.c:809 exit_to_usermode_loop+0x13c/0x160 arch/x86/entry/common.c:161 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x1b4/0x1e0 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x94/0x96 RIP: 0033:0x452a09 RSP: 002b:00007f5ca7b61ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 000000000071bec8 RCX: 0000000000452a09 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000071bec8 RBP: 000000000071bec8 R08: 000000000000059d R09: 000000000071bea0 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000a2f7ff R14: 00007f5ca7b629c0 R15: 0000000000000000 Code: 0f 1f 80 00 00 00 00 55 48 89 e5 0f 20 d8 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 0f 22 df 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 <0f> 22 e7 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 44 0f 20 c0 5d RIP: native_write_cr4+0x4/0x10 arch/x86/include/asm/special_insns.h:76 RSP: ffffc9000101fb10 ---[ end trace ef13ff428ae7b1bd ]---