device gre0 entered promiscuous mode skbuff: bad partial csum: csum=98/65532 len=113 IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready ================================================================== BUG: KASAN: use-after-free in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801cca57718 BUG: KASAN: use-after-free in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801cca57718 BUG: KASAN: use-after-free in static_key_count include/linux/jump_label.h:174 [inline] at addr ffff8801cca57718 BUG: KASAN: use-after-free in static_key_false include/linux/jump_label.h:184 [inline] at addr ffff8801cca57718 BUG: KASAN: use-after-free in perf_sw_event include/linux/perf_event.h:1039 [inline] at addr ffff8801cca57718 BUG: KASAN: use-after-free in __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 at addr ffff8801cca57718 Read of size 8 by task syz-executor5/20280 CPU: 1 PID: 20280 Comm: syz-executor5 Not tainted 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d226fd88 ffffffff81d90429 ffff8801da155140 ffff8801cca576c8 ffff8801cca57780 ffffed003994aee3 ffff8801cca57718 ffff8801d226fdb0 ffffffff8153a3ac ffffed003994aee3 ffff8801da155140 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [] print_address_description mm/kasan/report.c:198 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:330 [inline] [] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330 [] __read_once_size include/linux/compiler.h:243 [inline] [] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [] static_key_count include/linux/jump_label.h:174 [inline] [] static_key_false include/linux/jump_label.h:184 [inline] [] perf_sw_event include/linux/perf_event.h:1039 [inline] [] __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 Object at ffff8801cca576c8, in cache vm_area_struct size: 184 Allocated: PID = 20280 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 kmem_cache_zalloc include/linux/slab.h:626 [inline] mmap_region+0x587/0xfd0 mm/mmap.c:1662 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2018 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 20283 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2958 [inline] kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980 remove_vma+0x11d/0x160 mm/mmap.c:175 remove_vma_list mm/mmap.c:2482 [inline] do_munmap+0x7ff/0xeb0 mm/mmap.c:2705 mmap_region+0x14d/0xfd0 mm/mmap.c:1635 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2018 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff8801cca57600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8801cca57680: fb fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb >ffff8801cca57700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8801cca57780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ffff8801cca57800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc ================================================================== device lo entered promiscuous mode qtaguid: iface_stat: create(lo): no inet dev qtaguid: iface_stat: create6(lo): no inet dev IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 20340 Comm: syz-executor6 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d741f970 ffffffff81d90429 ffff8801d741fc50 0000000000000000 ffff8801cde1c710 ffff8801d741fb40 ffff8801cde1c600 ffff8801d741fb68 ffffffff8165e3c7 ffffffff84186db4 ffff8801d741fac0 00000001d6e91067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 20334 Comm: syz-executor6 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d102f8a0 ffffffff81d90429 ffff8801d102fb80 0000000000000000 ffff8801cde1c710 ffff8801d102fa70 ffff8801cde1c600 ffff8801d102fa98 ffffffff8165e3c7 ffff8801c810b000 ffff8801d102f9f0 00000001d6e91067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 20334 Comm: syz-executor6 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d102f8a0 ffffffff81d90429 ffff8801d102fb80 0000000000000000 ffff8801cde1ce90 ffff8801d102fa70 ffff8801cde1cd80 ffff8801d102fa98 ffffffff8165e3c7 ffff8801c810b000 ffff8801d102f9f0 00000001d6e91067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 20340 Comm: syz-executor6 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d741f970 ffffffff81d90429 ffff8801d741fc50 0000000000000000 ffff8801cde1ce90 ffff8801d741fb40 ffff8801cde1cd80 ffff8801d741fb68 ffffffff8165e3c7 ffff8801d1ca1800 ffff8801d741fac0 00000001d6e91067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. binder: 20480:20481 ioctl c018aa3f 20fabfe8 returned -22 binder: 20480:20481 ioctl c018aa3f 20fabfe8 returned -22 binder: 20596:20597 ioctl 80605414 2011e000 returned -22 binder: 20596:20597 ioctl 890c 20d82000 returned -22 binder: 20596:20597 ioctl 80605414 2011e000 returned -22 9pnet_virtio: no channels available for device ./file0 binder: 20596:20597 ioctl 890c 20d82000 returned -22 9pnet_virtio: no channels available for device ./file0 selinux_nlmsg_perm: 6 callbacks suppressed SELinux: unrecognized netlink message: protocol=6 nlmsg_type=54832 sclass=netlink_xfrm_socket pig=20687 comm=syz-executor0 keychord: Insufficient bytes present for keycount 38 keychord: Insufficient bytes present for keycount 38 device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=6 nlmsg_type=54832 sclass=netlink_xfrm_socket pig=20687 comm=syz-executor0 IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev SELinux: unrecognized netlink message: protocol=4 nlmsg_type=28 sclass=netlink_tcpdiag_socket pig=20904 comm=syz-executor5 binder: 20905:20910 ioctl c0086423 20003000 returned -22 binder: 20905:20910 ioctl 5417 20001000 returned -22 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=28 sclass=netlink_tcpdiag_socket pig=20912 comm=syz-executor5 binder: 20905:20919 ioctl c0086423 20003000 returned -22 IPVS: Creating netns size=2536 id=43 device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=21009 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=21014 comm=syz-executor1 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads binder: 21037:21041 ioctl 5609 208daffa returned -22 device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev device lo left promiscuous mode binder: 21037:21041 ioctl 5609 208daffa returned -22 IPVS: Creating netns size=2536 id=44 device lo entered promiscuous mode qtaguid: iface_stat: create(lo): no inet dev qtaguid: iface_stat: create6(lo): no inet dev IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev device lo left promiscuous mode pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads nla_parse: 7 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. syz-executor6: vmalloc: allocation failure: 17179869168 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 21159 Comm: syz-executor6 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c7157880 ffffffff81d90429 1ffff10038e2af13 ffff8801d2229800 ffffffff83ab7d80 0000000000000001 0000000000400000 ffff8801c7157990 ffffffff8144ead2 024000c2edb6282f 0000000041b58ab3 ffffffff8419115d Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3054 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e30 net/ipv4/netfilter/ip_tables.c:700 [] do_replace net/ipv4/netfilter/ip_tables.c:1151 [inline] [] do_ipt_set_ctl+0x2be/0x470 net/ipv4/netfilter/ip_tables.c:1687 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1243 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:81076 inactive_anon:39 isolated_anon:0 active_file:3954 inactive_file:6649 isolated_file:0 unevictable:0 dirty:85 writeback:0 unstable:0 slab_reclaimable:5799 slab_unreclaimable:38582 mapped:22798 shmem:49 pagetables:702 bounce:0 free:1472944 free_pcp:429 free_cma:0 Node 0 active_anon:324304kB inactive_anon:156kB active_file:15816kB inactive_file:26596kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91192kB dirty:340kB writeback:0kB shmem:196kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 79872kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2910 6411 6411 DMA32 free:2981144kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:700kB local_pcp:48kB free_cma:0kB lowmem_reserve[]: 0 0 3501 3501[ 120.419867] device gre0 entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. Normal free:2878948kB min:36816kB low:46020kB high:55224kB active_anon:336684kB inactive_anon:160kB active_file:15816kB inactive_file:26600kB unevictable:0kB writepending:392kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:23212kB slab_unreclaimable:157520kB kernel_stack:6048kB pagetables:2716kB bounce:0kB free_pcp:784kB local_pcp:412kB free_cma:0kB netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. lowmem_reserve[]: 0 0 0 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 3*32kB (M) 4*64kB (M) 3*128kB (M) 2*256kB (M) 2*512kB (M) 1*1024kB (M) 2*2048kB (M) 726*4096kB (M) = 2981144kB Normal: 573*4kB (UME) 360*8kB [ 120.546469] syz-executor6: vmalloc: allocation failure: 17179869168 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 21170 Comm: syz-executor6 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cf85f880 ffffffff81d90429 1ffff10039f0bf13 ffff8801d97ae000 ffffffff83ab7d80 0000000000000001 0000000000400000 ffff8801cf85f990 ffffffff8144ead2 024000c24b2a0405 0000000041b58ab3 ffffffff8419115dCall Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3054 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e30 net/ipv4/netfilter/ip_tables.c:700 [] do_replace net/ipv4/netfilter/ip_tables.c:1151 [inline] [] do_ipt_set_ctl+0x2be/0x470 net/ipv4/netfilter/ip_tables.c:1687 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1243 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:79462 inactive_anon:39 isolated_anon:0 active_file:3954 inactive_file:6651 isolated_file:0 unevictable:0 dirty:104 writeback:0 unstable:0 slab_reclaimable:5811 slab_unreclaimable:39728 mapped:22791 shmem:48 pagetables:630 bounce:0 free:1473456 free_pcp:483 free_cma:0 Node 0 active_anon:317848kB inactive_anon:156kB active_file:15816kB inactive_file:26604kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91164kB dirty:416kB writeback:0kB shmem:192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 59392kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 0 2910 6411 6411DMA32 free:2981144kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:700kB local_pcp:48kB free_cma:0kB 0 0 3501 3501Normal free:2896772kB min:36816kB low:46020kB high:55224kB active_anon:317848kB inactive_anon:156kB active_file:15816kB inactive_file:26604kB unevictable:0kB writepending:416kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:23244kB slab_unreclaimable:158912kB kernel_stack:5664kB pagetables:2520kB bounce:0kB free_pcp:1232kB local_pcp:524kB free_cma:0kB 0 0 0 0DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 10653 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved (UME) 749*16kB (UME) 573*32kB (UME) 1418*64kB (UME) 269*128kB (UME) 24*256kB (UM) 6*512kB (UE) 3*1024kB (UM) 2*2048kB (ME) 664*4096kB (UM) = 2896804kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 10654 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 21279 Comm: syz-executor3 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c7f57930 ffffffff81d90429 ffff8801c7f57c10 0000000000000000 ffff8801cde1c410 ffff8801c7f57b00 ffff8801cde1c300 ffff8801c7f57b28 ffffffff8165e3c7 ffff8801c7f57ac8 ffff8801c7f57a80 00000001c9d73067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 21262 Comm: syz-executor3 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d1d478e0 ffffffff81d90429 ffff8801d1d47bc0 0000000000000000 ffff8801cde1c410 ffff8801d1d47ab0 ffff8801cde1c300 ffff8801d1d47ad8 ffffffff8165e3c7 ffff8801d87f8000 ffff8801d1d47a30 00000001c9d73067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] strndup_user+0x28/0xb0 mm/util.c:160 [] SYSC_add_key security/keys/keyctl.c:82 [inline] [] SyS_add_key+0xd3/0x390 security/keys/keyctl.c:60 [] entry_SYSCALL_64_fastpath+0x23/0xc6 IPVS: Creating netns size=2536 id=45 program syz-executor5 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 program syz-executor5 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 IPVS: Creating netns size=2536 id=46 IPVS: Creating netns size=2536 id=47 IPVS: Creating netns size=2536 id=48 CPU: 1 PID: 21251 Comm: syz-executor3 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c8f47960 ffffffff81d90429 ffff8801c8f47c40 0000000000000000 ffff8801cde1c410 ffff8801c8f47b30 ffff8801cde1c300 ffff8801c8f47b58 ffffffff8165e3c7 ffff8801c8f47980 ffff8801c8f47ab0 00000001c9d73067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 18 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 18 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 15 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21393 comm=syz-executor3 netlink: 15 bytes leftover after parsing attributes in process `syz-executor7'. tmpfs: No value for mount option '9,3' tmpfs: No value for mount option '9,3' pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads binder: 21584:21591 ioctl 40082406 20fdcff4 returned -22 binder: 21584:21591 ioctl c00c642d 20191000 returned -22 binder: 21584:21591 ioctl c010640b 207d3000 returned -22 binder: 21584:21591 ioctl c008640a 20b8b000 returned -22 sock: sock_set_timeout: `syz-executor7' (pid 21643) tries to set negative timeout binder: 21657:21663 ioctl c08c5335 209dcf74 returned -22 binder: 21657:21678 ioctl 2403 8 returned -22 sock: sock_set_timeout: `syz-executor7' (pid 21621) tries to set negative timeout binder: 21657:21678 ioctl c08c5335 209dcf74 returned -22 binder: 21657:21685 ioctl 2403 8 returned -22 PF_BRIDGE: RTM_SETLINK with unknown ifindex PF_BRIDGE: RTM_SETLINK with unknown ifindex 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21848 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21848 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21848 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=21848 comm=syz-executor3 keychord: Insufficient bytes present for keycount 42 keychord: Insufficient bytes present for keycount 42