device lo entered promiscuous mode ================================================================== BUG: KASAN: use-after-free in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801cc15f908 BUG: KASAN: use-after-free in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801cc15f908 BUG: KASAN: use-after-free in static_key_count include/linux/jump_label.h:174 [inline] at addr ffff8801cc15f908 BUG: KASAN: use-after-free in static_key_false include/linux/jump_label.h:184 [inline] at addr ffff8801cc15f908 BUG: KASAN: use-after-free in perf_sw_event include/linux/perf_event.h:1039 [inline] at addr ffff8801cc15f908 BUG: KASAN: use-after-free in __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 at addr ffff8801cc15f908 Read of size 8 by task syz-executor4/6462 CPU: 0 PID: 6462 Comm: syz-executor4 Not tainted 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d256fd88 ffffffff81d90429 ffff8801da155140 ffff8801cc15f8b8 ffff8801cc15f970 ffffed003982bf21 ffff8801cc15f908 ffff8801d256fdb0 ffffffff8153a3ac ffffed003982bf21 ffff8801da155140 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [] print_address_description mm/kasan/report.c:198 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:330 [inline] [] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330 [] __read_once_size include/linux/compiler.h:243 [inline] [] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [] static_key_count include/linux/jump_label.h:174 [inline] [] static_key_false include/linux/jump_label.h:184 [inline] [] perf_sw_event include/linux/perf_event.h:1039 [inline] [] __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 Object at ffff8801cc15f8b8, in cache vm_area_struct size: 184 Allocated: PID = 6462 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 kmem_cache_zalloc include/linux/slab.h:626 [inline] mmap_region+0x587/0xfd0 mm/mmap.c:1662 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2018 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 6474 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2958 [inline] kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980 remove_vma+0x11d/0x160 mm/mmap.c:175 remove_vma_list mm/mmap.c:2482 [inline] do_munmap+0x7ff/0xeb0 mm/mmap.c:2705 mmap_region+0x14d/0xfd0 mm/mmap.c:1635 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2018 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff8801cc15f800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc ffff8801cc15f880: fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb fb >ffff8801cc15f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc ^ ffff8801cc15f980: fc fc fc fc fc fc fb fb fb fb fb fb fb fb fb fb ffff8801cc15fa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc ================================================================== FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6506 Comm: syz-executor3 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d87e7740 ffffffff81d90429 ffff8801d87e7a20 0000000000000000 ffff8801aa947f10 ffff8801d87e7910 ffff8801aa947e00 ffff8801d87e7938 ffffffff8165e3c7 ffff8801d87e7798 ffff8801d87e7890 00000001ad83d067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_fcntl fs/fcntl.c:274 [inline] [] SYSC_fcntl fs/fcntl.c:372 [inline] [] SyS_fcntl+0x8fd/0xc70 fs/fcntl.c:357 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 6498 Comm: syz-executor3 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ce99f9a0 ffffffff81d90429 ffff8801ce99fc80 0000000000000000 ffff8801aa947f10 ffff8801ce99fb70 ffff8801aa947e00 ffff8801ce99fb98 ffffffff8165e3c7 0000000000000000 ffff8801ce99faf0 00000001ad83d067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode device gre0 entered promiscuous mode binder: 6610:6614 ioctl 40bc5311 203c8000 returned -22 nla_parse: 5 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. device lo entered promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. device lo left promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device gre0 entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode syz-executor4: vmalloc: allocation failure: 17179869168 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 6780 Comm: syz-executor4 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cadaf880 ffffffff81d90429 1ffff100395b5f13 ffff8801c8023000 ffffffff83ab7d80 0000000000000001 0000000000400000 ffff8801cadaf990 ffffffff8144ead2 024000c2b5ae4b82 0000000041b58ab3 ffffffff8419115d Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3054 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e30 net/ipv4/netfilter/ip_tables.c:700 [] do_replace net/ipv4/netfilter/ip_tables.c:1151 [inline] [] do_ipt_set_ctl+0x2be/0x470 net/ipv4/netfilter/ip_tables.c:1687 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1243 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:84018 inactive_anon:49 isolated_anon:0 active_file:3514 inactive_file:6519 isolated_file:0 unevictable:0 dirty:24 writeback:13 unstable:0 slab_reclaimable:4607 slab_unreclaimable:23247 mapped:22749 shmem:56 pagetables:768 bounce:0 free:1486308 free_pcp:508 free_cma:0 Node 0 active_anon:336072kB inactive_anon:196kB active_file:14056kB inactive_file:26076kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:90996kB dirty:96kB writeback:52kB shmem:224kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 59392kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB DMA32 free:2981144kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:700kB local_pcp:700kB free_cma:0kB Normal free:2948180kB min:36816kB low:46020kB high:55224kB active_anon:336072kB inactive_anon:196kB active_file:14056kB inactive_file:26076kB unevictable:0kB writepending:148kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:18428kB slab_unreclaimable:92988kB kernel_stack:5824kB pagetables:3072kB bounce:0kB free_pcp:1332kB local_pcp:656kB free_cma:0kB DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 10088 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved syz-executor4: vmalloc: allocation failure: 17179869168 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 6781 Comm: syz-executor4 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cc0a7880 ffffffff81d90429 1ffff10039814f13 ffff8801c8024800 ffffffff83ab7d80 0000000000000001 0000000000400000 ffff8801cc0a7990 ffffffff8144ead2 024000c231b4a0a2 0000000041b58ab3 ffffffff8419115d Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3054 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e30 net/ipv4/netfilter/ip_tables.c:700 [] do_replace net/ipv4/netfilter/ip_tables.c:1151 [inline] [] do_ipt_set_ctl+0x2be/0x470 net/ipv4/netfilter/ip_tables.c:1687 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1243 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:83507 inactive_anon:49 isolated_anon:0 active_file:3514 inactive_file:6519 isolated_file:0 unevictable:0 dirty:24 writeback:13 unstable:0 slab_reclaimable:4607 slab_unreclaimable:23247 mapped:22749 shmem:56 pagetables:768 bounce:0 free:1486826 free_pcp:498 free_cma:0 Node 0 active_anon:334028kB inactive_anon:196kB active_file:14056kB inactive_file:26076kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:90996kB dirty:96kB writeback:52kB shmem:224kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 59392kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB DMA32 free:2981144kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:700kB local_pcp:700kB free_cma:0kB Normal free:2950252kB min:36816kB low:46020kB high:55224kB active_anon:334028kB inactive_anon:196kB active_file:14056kB inactive_file:26076kB unevictable:0kB writepending:148kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:18428kB slab_unreclaimable:92988kB kernel_stack:5824kB pagetables:3072kB bounce:0kB free_pcp:1292kB local_pcp:616kB free_cma:0kB DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 10088 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved syz-executor4: vmalloc: allocation failure: 17179869168 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 6788 Comm: syz-executor4 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cb167880 ffffffff81d90429 1ffff1003962cf13 ffff8801ad974800 ffffffff83ab7d80 0000000000000001 0000000000400000 ffff8801cb167990 ffffffff8144ead2 024000c23f258944 0000000041b58ab3 ffffffff8419115d Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3054 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e30 net/ipv4/netfilter/ip_tables.c:700 [] do_replace net/ipv4/netfilter/ip_tables.c:1151 [inline] [] do_ipt_set_ctl+0x2be/0x470 net/ipv4/netfilter/ip_tables.c:1687 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1243 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:86590 inactive_anon:49 isolated_anon:0 active_file:3514 inactive_file:6519 isolated_file:0 unevictable:0 dirty:24 writeback:13 unstable:0 slab_reclaimable:4607 slab_unreclaimable:23308 mapped:22749 shmem:56 pagetables:768 bounce:0 free:1483691 free_pcp:464 free_cma:0 Node 0 active_anon:346360kB inactive_anon:196kB active_file:14056kB inactive_file:26076kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:90996kB dirty:96kB writeback:52kB shmem:224kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 59392kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB DMA32 free:2981144kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:700kB local_pcp:700kB free_cma:0kB Normal free:2937712kB min:36816kB low:46020kB high:55224kB active_anon:346360kB inactive_anon:196kB active_file:14056kB inactive_file:26076kB unevictable:0kB writepending:148kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:18428kB slab_unreclaimable:93232kB kernel_stack:5856kB pagetables:3072kB bounce:0kB free_pcp:1156kB local_pcp:536kB free_cma:0kB DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 10088 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved syz-executor4: vmalloc: allocation failure: 17179869168 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 6788 Comm: syz-executor4 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cb167880 ffffffff81d90429 1ffff1003962cf13 ffff8801ad974800 ffffffff83ab7d80 0000000000000001 0000000000400000 ffff8801cb167990 ffffffff8144ead2 024000c23f258944 0000000041b58ab3 ffffffff8419115d Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3054 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e30 net/ipv4/netfilter/ip_tables.c:700 [] do_replace net/ipv4/netfilter/ip_tables.c:1151 [inline] [] do_ipt_set_ctl+0x2be/0x470 net/ipv4/netfilter/ip_tables.c:1687 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1243 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:83500 inactive_anon:49 isolated_anon:0 active_file:3514 inactive_file:6519 isolated_file:0 unevictable:0 dirty:61 writeback:13 unstable:0 slab_reclaimable:4607 slab_unreclaimable:23308 mapped:22749 shmem:56 pagetables:731 bounce:0 free:1486761 free_pcp:501 free_cma:0 Node 0 active_anon:334000kB inactive_anon:196kB active_file:14056kB inactive_file:26076kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:90996kB dirty:244kB writeback:52kB shmem:224kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 59392kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB DMA32 free:2981144kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:700kB local_pcp:700kB free_cma:0kB Normal free:2949992kB min:36816kB low:46020kB high:55224kB active_anon:334000kB inactive_anon:196kB active_file:14056kB inactive_file:26076kB unevictable:0kB writepending:148kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:18428kB slab_unreclaimable:93232kB kernel_stack:5760kB pagetables:2924kB bounce:0kB free_pcp:1304kB local_pcp:664kB free_cma:0kB DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 10088 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320236 pages reserved netlink: 44 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 44 bytes leftover after parsing attributes in process `syz-executor4'. binder: 6834:6835 ioctl 40505412 20149000 returned -22 binder: 6834:6861 ioctl 40505412 20149000 returned -22 binder: 6867:6868 ioctl 40082404 20000ff8 returned -22 binder: 6867:6871 ioctl 40082404 20000ff8 returned -22 netlink: 48 bytes leftover after parsing attributes in process `syz-executor6'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36287 sclass=netlink_route_socket pig=6928 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36287 sclass=netlink_route_socket pig=6970 comm=syz-executor5 netlink: 48 bytes leftover after parsing attributes in process `syz-executor6'. SELinux: unrecognized netlink message: protocol=6 nlmsg_type=65535 sclass=netlink_xfrm_socket pig=6995 comm=syz-executor3 netlink: 58 bytes leftover after parsing attributes in process `syz-executor3'. SELinux: unrecognized netlink message: protocol=6 nlmsg_type=65535 sclass=netlink_xfrm_socket pig=6995 comm=syz-executor3 netlink: 58 bytes leftover after parsing attributes in process `syz-executor3'. binder: 7065:7068 ioctl 4b6a 204fd000 returned -22 binder: 7065:7068 ioctl 5411 20e27000 returned -22 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=7079 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=7079 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=7079 comm=syz-executor3 binder: 7065:7088 ioctl 80046402 200d4ffc returned -22 binder: 7065:7088 ioctl 4c01 0 returned -22 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=7084 comm=syz-executor3 IPv6: NLM_F_CREATE should be specified when creating new route SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=7079 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=7084 comm=syz-executor3 binder: 7065:7099 ioctl 5411 20e27000 returned -22 binder: 7065:7088 ioctl 4b6a 204fd000 returned -22 binder: 7065:7088 ioctl 80046402 200d4ffc returned -22 binder: 7065:7099 ioctl 4c01 0 returned -22 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode sg_write: data in/out 822404280/197 bytes for SCSI command 0x12-- guessing data in; program syz-executor4 not setting count and/or reply_len properly device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 7320 Comm: syz-executor2 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d53578b0 ffffffff81d90429 ffff8801d5357b90 0000000000000000 ffff8801d6923310 ffff8801d5357a80 ffff8801d6923200 ffff8801d5357aa8 ffffffff8165e3c7 ffffffff815359db ffff8801d5357a00 00000001c72ca067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] seccomp_prepare_filter kernel/seccomp.c:373 [inline] [] seccomp_prepare_user_filter kernel/seccomp.c:408 [inline] [] seccomp_set_mode_filter kernel/seccomp.c:750 [inline] [] do_seccomp+0x632/0x1860 kernel/seccomp.c:800 [] SYSC_seccomp kernel/seccomp.c:809 [inline] [] SyS_seccomp+0x24/0x30 kernel/seccomp.c:806 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 7336 Comm: syz-executor2 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d03ef830 ffffffff81d90429 ffff8801d03efb10 0000000000000000 ffff8801d6923310 ffff8801d03efa00 ffff8801d6923200 ffff8801d03efa28 ffffffff8165e3c7 ffff8801db221400 ffff8801d03ef980 00000001c72ca067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] move_addr_to_kernel net/socket.c:1568 [inline] [] SYSC_connect+0x288/0x310 net/socket.c:1553 [] SyS_connect+0x24/0x30 net/socket.c:1543 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: 7409:7410 ioctl 541c 20647000 returned -22 binder: 7409:7410 ioctl 8955 20a1e000 returned -22 device gre0 entered promiscuous mode binder: 7409:7438 ioctl 541c 20647000 returned -22 binder: 7409:7442 ioctl 8955 20a1e000 returned -22 device gre0 entered promiscuous mode IPVS: Creating netns size=2536 id=18 nla_parse: 4 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. binder: 7548:7552 ioctl 40086425 203c4000 returned -22 binder: 7548:7572 ioctl 40086425 203c4000 returned -22 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 9 bytes leftover after parsing attributes in process `syz-executor3'. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7668 Comm: syz-executor3 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cf95f4e0 ffffffff81d90429 ffff8801cf95f7c0 0000000000000000 ffff8801a669d910 ffff8801cf95f6b0 ffff8801a669d800 ffff8801cf95f6d8 ffffffff8165e3c7 ffff880102408040 ffff8801cf95f630 00000001ac562067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] generic_perform_write+0x1dc/0x500 mm/filemap.c:2731 [] __generic_file_write_iter+0x348/0x570 mm/filemap.c:2866 [] generic_file_write_iter+0x2d5/0x600 mm/filemap.c:2894 [] new_sync_write fs/read_write.c:499 [inline] [] __vfs_write+0x4bf/0x680 fs/read_write.c:512 [] vfs_write+0x189/0x530 fs/read_write.c:560 [] SYSC_write fs/read_write.c:607 [inline] [] SyS_write+0xd9/0x1b0 fs/read_write.c:599 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode netlink: 16 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor6'. FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 7906 Comm: syz-executor2 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c63cf8a0 ffffffff81d90429 ffff8801c63cfb80 0000000000000000 ffff8801a669d190 ffff8801c63cfa70 ffff8801a669d080 ffff8801c63cfa98 ffffffff8165e3c7 ffff8801abd31800 ffff8801c63cf9f0 00000001ad1d6067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 7939 Comm: syz-executor2 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c65a7940 ffffffff81d90429 ffff8801c65a7c20 0000000000000000 ffff8801a669d190 ffff8801c65a7b10 ffff8801a669d080 ffff8801c65a7b38 ffffffff8165e3c7 1ffff10038cb4f2f ffff8801c65a7a90 00000001ad1d6067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7906 Comm: syz-executor2 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c63cf8a0 ffffffff81d90429 ffff8801c63cfb80 0000000000000000 ffff8801a669d310 ffff8801c63cfa70 ffff8801a669d200 ffff8801c63cfa98 ffffffff8165e3c7 ffff8801abd31800 ffff8801c63cf9f0 00000001ad1d6067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 IPv6: ADDRCONF(NETDEV_UP): gre0: link is not ready device lo entered promiscuous mode qtaguid: iface_stat: iface_check_stats_reset_and_adjust(lo): iface reset its stats unexpectedly device lo left promiscuous mode