device gre0 entered promiscuous mode ================================================================== BUG: KASAN: stack-out-of-bounds in unwind_get_return_address+0x92/0xa0 arch/x86/kernel/unwind_frame.c:17 at addr ffff8801d0c2fde8 Read of size 8 by task syz-executor6/19236 page:ffffea0007430bc0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x8000000000000000() page dumped because: kasan: bad access detected CPU: 1 PID: 19236 Comm: syz-executor6 Not tainted 4.9.68-gfb66dc2 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cadbf8d0 ffffffff81d90889 ffffed003a185fbd 0000000000000008 0000000000000000 ffffed003a185fbd ffff8801d0c2fde8 ffff8801cadbf958 ffffffff8153a9b3 ffff8801cadbf990 ffff8801cadbf998 ffffffff810d3bd2 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:208 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x4c3/0x500 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:330 [inline] [] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330 [] unwind_get_return_address+0x92/0xa0 arch/x86/kernel/unwind_frame.c:17 [] __save_stack_trace+0x8d/0xf0 arch/x86/kernel/stacktrace.c:43 [] save_stack_trace_tsk+0x48/0x70 arch/x86/kernel/stacktrace.c:71 [] proc_pid_stack+0x146/0x230 fs/proc/base.c:466 [] proc_single_show+0xf8/0x170 fs/proc/base.c:768 [] seq_read+0x32f/0x1290 fs/seq_file.c:240 [] __vfs_read+0x103/0x670 fs/read_write.c:452 [] vfs_read+0x11e/0x380 fs/read_write.c:475 [] SYSC_read fs/read_write.c:591 [inline] [] SyS_read+0xd9/0x1b0 fs/read_write.c:584 [] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 Memory state around the buggy address: ffff8801d0c2fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801d0c2fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8801d0c2fd80: f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 ^ ffff8801d0c2fe00: f2 f2 f2 f2 00 00 f2 f2 00 00 00 00 00 00 00 00 ffff8801d0c2fe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== ================================================================== BUG: KASAN: stack-out-of-bounds in unwind_get_return_address+0x92/0xa0 arch/x86/kernel/unwind_frame.c:17 at addr ffff8801d0c2fe10 Read of size 8 by task syz-executor6/19236 page:ffffea0007430bc0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x8000000000000000() page dumped because: kasan: bad access detected CPU: 1 PID: 19236 Comm: syz-executor6 Tainted: G B 4.9.68-gfb66dc2 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cadbf8d0 ffffffff81d90889 ffffed003a185fc2 0000000000000008 0000000000000000 ffffed003a185fc2 ffff8801d0c2fe10 ffff8801cadbf958 ffffffff8153a9b3 0000000000000010 ffff880100000000 ffffffff810d3bd2 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:208 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x4c3/0x500 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:330 [inline] [] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330 [] unwind_get_return_address+0x92/0xa0 arch/x86/kernel/unwind_frame.c:17 [] __save_stack_trace+0x8d/0xf0 arch/x86/kernel/stacktrace.c:43 [] save_stack_trace_tsk+0x48/0x70 arch/x86/kernel/stacktrace.c:71 [] proc_pid_stack+0x146/0x230 fs/proc/base.c:466 [] proc_single_show+0xf8/0x170 fs/proc/base.c:768 [] seq_read+0x32f/0x1290 fs/seq_file.c:240 [] __vfs_read+0x103/0x670 fs/read_write.c:452 [] vfs_read+0x11e/0x380 fs/read_write.c:475 [] SYSC_read fs/read_write.c:591 [inline] [] SyS_read+0xd9/0x1b0 fs/read_write.c:584 [] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 Memory state around the buggy address: ffff8801d0c2fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801d0c2fd80: f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 >ffff8801d0c2fe00: f2 f2 f2 f2 00 00 f2 f2 00 00 00 00 00 00 00 00 ^ ffff8801d0c2fe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801d0c2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== ================================================================== BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0xd7/0xe0 arch/x86/kernel/unwind_frame.c:51 at addr ffff8801d0c2fe08 Read of size 8 by task syz-executor6/19236 page:ffffea0007430bc0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x8000000000000000() page dumped because: kasan: bad access detected CPU: 1 PID: 19236 Comm: syz-executor6 Tainted: G B 4.9.68-gfb66dc2 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cadbf8c0 ffffffff81d90889 ffffed003a185fc1 0000000000000008 0000000000000000 ffffed003a185fc1 ffff8801d0c2fe08 ffff8801cadbf948 ffffffff8153a9b3 ffff8801cadbf958 ffffffff8153a908 ffffffff810d3e07 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:208 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x4c3/0x500 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:330 [inline] [] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330 [] unwind_next_frame+0xd7/0xe0 arch/x86/kernel/unwind_frame.c:51 [] __save_stack_trace+0x7d/0xf0 arch/x86/kernel/stacktrace.c:42 [] save_stack_trace_tsk+0x48/0x70 arch/x86/kernel/stacktrace.c:71 [] proc_pid_stack+0x146/0x230 fs/proc/base.c:466 [] proc_single_show+0xf8/0x170 fs/proc/base.c:768 [] seq_read+0x32f/0x1290 fs/seq_file.c:240 [] __vfs_read+0x103/0x670 fs/read_write.c:452 [] vfs_read+0x11e/0x380 fs/read_write.c:475 [] SYSC_read fs/read_write.c:591 [inline] [] SyS_read+0xd9/0x1b0 fs/read_write.c:584 [] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 Memory state around the buggy address: ffff8801d0c2fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801d0c2fd80: f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 >ffff8801d0c2fe00: f2 f2 f2 f2 00 00 f2 f2 00 00 00 00 00 00 00 00 ^ ffff8801d0c2fe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801d0c2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'. SELinux: unrecognized netlink message: protocol=4 nlmsg_type=30173 sclass=netlink_tcpdiag_socket pig=19406 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=30173 sclass=netlink_tcpdiag_socket pig=19414 comm=syz-executor7 netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'. audit: type=1400 audit(1513240731.629:47): avc: denied { write } for pid=19487 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'. device gre0 entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=19879 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=19879 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=20085 comm=syz-executor3 device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=20085 comm=syz-executor3 nla_parse: 4 callbacks suppressed netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=20437 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=20444 comm=syz-executor2 netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor4'. device gre0 entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. audit: type=1400 audit(1513240737.519:48): avc: denied { write } for pid=21674 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable nla_parse: 10 callbacks suppressed netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'.