================================================================== BUG: KASAN: use-after-free in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801d638bbf0 BUG: KASAN: use-after-free in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801d638bbf0 BUG: KASAN: use-after-free in static_key_count include/linux/jump_label.h:174 [inline] at addr ffff8801d638bbf0 BUG: KASAN: use-after-free in static_key_false include/linux/jump_label.h:184 [inline] at addr ffff8801d638bbf0 BUG: KASAN: use-after-free in perf_sw_event include/linux/perf_event.h:1039 [inline] at addr ffff8801d638bbf0 BUG: KASAN: use-after-free in __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 at addr ffff8801d638bbf0 Read of size 8 by task syz-executor6/9316 CPU: 0 PID: 9316 Comm: syz-executor6 Not tainted 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c9f47d88 ffffffff81d91589 ffff8801da155140 ffff8801d638bba0 ffff8801d638bc58 ffffed003ac7177e ffff8801d638bbf0 ffff8801c9f47db0 ffffffff8153c1bc ffffed003ac7177e ffff8801da155140 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [] print_address_description mm/kasan/report.c:198 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:330 [inline] [] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330 [] __read_once_size include/linux/compiler.h:243 [inline] [] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [] static_key_count include/linux/jump_label.h:174 [inline] [] static_key_false include/linux/jump_label.h:184 [inline] [] perf_sw_event include/linux/perf_event.h:1039 [inline] [] __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 Object at ffff8801d638bba0, in cache vm_area_struct size: 184 Allocated: PID = 9316 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 kmem_cache_zalloc include/linux/slab.h:626 [inline] mmap_region+0x587/0xfd0 mm/mmap.c:1662 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2014 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 9320 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2958 [inline] kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980 remove_vma+0x11d/0x160 mm/mmap.c:175 remove_vma_list mm/mmap.c:2482 [inline] do_munmap+0x7ff/0xeb0 mm/mmap.c:2705 mmap_region+0x14d/0xfd0 mm/mmap.c:1635 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2014 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff8801d638ba80: fc fc fc fc fc fb fb fb fb fb fb fb fb fb fb fb ffff8801d638bb00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc >ffff8801d638bb80: fc fc fc fc fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8801d638bc00: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc ffff8801d638bc80: fc fc fc fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== IPVS: Creating netns size=2536 id=16 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9435 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=127 sclass=netlink_route_socket pig=9435 comm=syz-executor4 netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9435 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=127 sclass=netlink_route_socket pig=9435 comm=syz-executor4 netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'. FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 9449 Comm: syz-executor6 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c6ac78a0 ffffffff81d91589 ffff8801c6ac7b80 0000000000000000 ffff8801a60cb190 ffff8801c6ac7a70 ffff8801a60cb080 ffff8801c6ac7a98 ffffffff8165fe47 ffff8801aa256000 ffff8801c6ac79f0 00000001a5fef067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 9470 Comm: syz-executor6 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c699f940 ffffffff81d91589 ffff8801c699fc20 0000000000000000 ffff8801c7353910 ffff8801c699fb10 ffff8801c7353800 ffff8801c699fb38 ffffffff8165fe47 0000000000000000 ffff8801c699fa90 00000001a5fef067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 9449 Comm: syz-executor6 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c6ac78a0 ffffffff81d91589 ffff8801c6ac7b80 0000000000000000 ffff8801c7353910 ffff8801c6ac7a70 ffff8801c7353800 ffff8801c6ac7a98 ffffffff8165fe47 ffff8801aa251800 0000000000000000 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 keychord: invalid keycode count 0 keychord: invalid keycode count 0 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 9705 Comm: syz-executor0 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d1d77960 ffffffff81d91589 ffff8801d1d77c40 0000000000000000 ffff8801a60ca590 ffff8801d1d77b30 ffff8801a60ca480 ffff8801d1d77b58 ffffffff8165fe47 ffff8801d1d779e0 ffff8801d1d77ab0 00000001aa36d067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 9721 Comm: syz-executor0 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a7f27980 ffffffff81d91589 ffff8801a7f27c60 0000000000000000 ffff8801a60ca590 ffff8801a7f27b50 ffff8801a60ca480 ffff8801a7f27b78 ffffffff8165fe47 ffffffff812dca20 ffff8801a7f27ad0 00000001aa36d067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode binder: 9974:9980 ioctl 541c 20027fff returned -22 binder: 9974:9995 ioctl 541c 20027fff returned -22 binder: 10038:10039 ioctl 541c 20027fff returned -22 binder: 10038:10042 ioctl 541c 20027fff returned -22 IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: NLM_F_CREATE should be set when creating new route IPv6: NLM_F_CREATE should be set when creating new route IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE device gre0 entered promiscuous mode binder: 10133:10136 ioctl c08c5335 209dcf74 returned -22 binder: 10133:10159 ioctl c08c5335 209dcf74 returned -22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket pig=10191 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10191 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10191 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket pig=10191 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10225 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10225 comm=syz-executor3 IPVS: Creating netns size=2536 id=17 device gre0 entered promiscuous mode nla_parse: 18 callbacks suppressed netlink: 16 bytes leftover after parsing attributes in process `syz-executor6'. FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 10514 Comm: syz-executor3 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d807f940 ffffffff81d91589 ffff8801d807fc20 0000000000000000 ffff8801a60cbc10 ffff8801d807fb10 ffff8801a60cbb00 ffff8801d807fb38 ffffffff8165fe47 0000000000000000 ffff8801d807fa90 00000001cb225067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode device gre0 left promiscuous mode binder: 10487:10517 ioctl 400454ca 205a3fd8 returned -22 device gre0 entered promiscuous mode device gre0 left promiscuous mode netlink: 16 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. IPv6: Can't replace route, no match found netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. IPv6: Can't replace route, no match found FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 10624 Comm: syz-executor1 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cf7cf8e0 ffffffff81d91589 ffff8801cf7cfbc0 0000000000000000 ffff8801c7353790 ffff8801cf7cfab0 ffff8801c7353680 ffff8801cf7cfad8 ffffffff8165fe47 01ffffff811e8f8c ffff8801cf7cfa30 00000001aa36a067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] strndup_user+0x28/0xb0 mm/util.c:160 [] SYSC_request_key security/keys/keyctl.c:186 [inline] [] SyS_request_key+0xd6/0x2d0 security/keys/keyctl.c:158 [] entry_SYSCALL_64_fastpath+0x23/0xc6 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 10849 Comm: syz-executor5 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a613f8f0 ffffffff81d91589 ffff8801a613fbd0 0000000000000000 ffff8801cca6c110 ffff8801a613fac0 ffff8801cca6c000 ffff8801a613fae8 ffffffff8165fe47 ffffffff83a73e40 ffff8801a613fa40 00000001ceb17067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] key_get_type_from_user.constprop.10+0x24/0xe0 security/keys/keyctl.c:37 [] SYSC_add_key security/keys/keyctl.c:76 [inline] [] SyS_add_key+0xa7/0x390 security/keys/keyctl.c:60 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 10817 Comm: syz-executor5 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d88578c0 ffffffff81d91589 ffff8801d8857ba0 0000000000000000 ffff8801cca6c110 ffff8801d8857a90 ffff8801cca6c000 ffff8801d8857ab8 ffffffff8165fe47 ffff8801d8857950 ffff8801d8857a10 00000001ceb17067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 10832 Comm: syz-executor5 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cda47860 ffffffff81d91589 ffff8801cda47b40 0000000000000000 ffff8801cca6c110 ffff8801cda47a30 ffff8801cca6c000 ffff8801cda47a58 ffffffff8165fe47 ffffffff811b9b9d ffff8801cda479b0 00000001ceb17067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SyS_rt_sigtimedwait+0x2d/0x40 kernel/signal.c:2819 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 7 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor7'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=11044 comm=syz-executor1 Option 'Þ¾š„'' to dns_resolver key: bad/missing value device gre0 entered promiscuous mode device gre0 left promiscuous mode netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=11044 comm=syz-executor1 Option 'Þ¾š„'' to dns_resolver key: bad/missing value netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. binder: 11098:11100 ioctl 540f 20003000 returned -22 binder: 11098:11100 ioctl 5206 20004ffc returned -22 binder: 11098:11100 ioctl 541c 20006ff4 returned -22 binder: 11098:11100 ioctl 5411 20002ffc returned -22 binder: 11098:11100 ioctl 540f 20003000 returned -22 binder: 11098:11101 ioctl 5206 20004ffc returned -22 device gre0 entered promiscuous mode binder: 11098:11101 ioctl 541c 20006ff4 returned -22 device gre0 left promiscuous mode binder: 11098:11101 ioctl 5411 20002ffc returned -22 netlink: 13 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor5'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=11328 comm=syz-executor6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 11306 Comm: syz-executor2 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d55978e0 ffffffff81d91589 ffff8801d5597bc0 0000000000000000 ffff8801cca6ce90 ffff8801d5597ab0 ffff8801cca6cd80 ffff8801d5597ad8 ffffffff8165fe47 0000000000000246 ffff8801d5597a30 00000001c7cd9067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] strndup_user+0x28/0xb0 mm/util.c:160 [] SYSC_request_key security/keys/keyctl.c:186 [inline] [] SyS_request_key+0xd6/0x2d0 security/keys/keyctl.c:158 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 11306 Comm: syz-executor2 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d55978e0 ffffffff81d91589 ffff8801d5597bc0 0000000000000000 ffff8801cca6d010 ffff8801d5597ab0 ffff8801cca6cf00 ffff8801d5597ad8 ffffffff8165fe47 0000000000000246 ffff8801d5597a30 00000001c9d82067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] strndup_user+0x28/0xb0 mm/util.c:160 [] SYSC_request_key security/keys/keyctl.c:186 [inline] [] SyS_request_key+0xd6/0x2d0 security/keys/keyctl.c:158 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 11333 Comm: syz-executor5 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a9847890 ffffffff81d91589 ffff8801a9847b70 0000000000000000 ffff8801cca6cd10 ffff8801a9847a60 ffff8801cca6cc00 ffff8801a9847a88 ffffffff8165fe47 0000000000000000 ffff8801a98479e0 00000001c69e7067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] getname_flags+0x10e/0x580 fs/namei.c:148 [] getname+0x19/0x20 fs/namei.c:208 [] do_sys_open+0x21d/0x4c0 fs/open.c:1066 [] SYSC_openat fs/open.c:1099 [inline] [] SyS_openat+0x30/0x40 fs/open.c:1093 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 11319 Comm: syz-executor5 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d5407850 ffffffff81d91589 ffff8801d5407b30 0000000000000000 ffff8801cca6cd10 ffff8801d5407a20 ffff8801cca6cc00 ffff8801d5407a48 ffffffff8165fe47 ffff8801db321400 ffff8801d54079a0 00000001c69e7067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_fcntl fs/fcntl.c:284 [inline] [] SYSC_fcntl fs/fcntl.c:372 [inline] [] SyS_fcntl+0x81c/0xc70 fs/fcntl.c:357 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 11307 Comm: syz-executor5 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cc81f830 ffffffff81d91589 ffff8801cc81fb10 0000000000000000 ffff8801cca6cd10 ffff8801cc81fa00 ffff8801cca6cc00 ffff8801cc81fa28 ffffffff8165fe47 ffff8801db321400 ffff8801cc81f980 00000001c69e7067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_mq_timedreceive ipc/mqueue.c:1092 [inline] [] SyS_mq_timedreceive+0xcd/0xdb0 ipc/mqueue.c:1077 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 11333 Comm: syz-executor5 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a9847890 ffffffff81d91589 ffff8801a9847b70 0000000000000000 ffff8801c7352890 ffff8801a9847a60 ffff8801c7352780 ffff8801a9847a88 ffffffff8165fe47 ffff8801cc909800 ffff8801a98479e0 00000001c69e7067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] getname_flags+0x10e/0x580 fs/namei.c:148 [] getname+0x19/0x20 fs/namei.c:208 [] do_sys_open+0x21d/0x4c0 fs/open.c:1066 [] SYSC_openat fs/open.c:1099 [inline] [] SyS_openat+0x30/0x40 fs/open.c:1093 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 11319 Comm: syz-executor5 Tainted: G B 4.9.61-gc4789f8 #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d5407850 ffffffff81d91589 ffff8801d5407b30 0000000000000000 ffff8801c7352890 ffff8801d5407a20 ffff8801c7352780 ffff8801d5407a48 ffffffff8165fe47 ffff8801db321400 ffff8801d54079a0 00000001c69e7067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_fcntl fs/fcntl.c:284 [inline] [] SYSC_fcntl fs/fcntl.c:372 [inline] [] SyS_fcntl+0x81c/0xc70 fs/fcntl.c:357 [] entry_SYSCALL_64_fastpath+0x23/0xc6 nla_parse: 4 callbacks suppressed netlink: 7 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 7 bytes leftover after parsing attributes in process `syz-executor2'.