device gre0 entered promiscuous mode ================================================================== BUG: KASAN: use-after-free in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801c9430718 BUG: KASAN: use-after-free in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801c9430718 BUG: KASAN: use-after-free in static_key_count include/linux/jump_label.h:174 [inline] at addr ffff8801c9430718 BUG: KASAN: use-after-free in static_key_false include/linux/jump_label.h:184 [inline] at addr ffff8801c9430718 BUG: KASAN: use-after-free in perf_sw_event include/linux/perf_event.h:1039 [inline] at addr ffff8801c9430718 BUG: KASAN: use-after-free in __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 at addr ffff8801c9430718 Read of size 8 by task syz-executor7/6348 CPU: 1 PID: 6348 Comm: syz-executor7 Not tainted 4.9.61-g904c79c #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d814fd88 ffffffff81d91589 ffff8801da155140 ffff8801c94306c8 ffff8801c9430780 ffffed00392860e3 ffff8801c9430718 ffff8801d814fdb0 ffffffff8153c1bc ffffed00392860e3 ffff8801da155140 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [] print_address_description mm/kasan/report.c:198 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:330 [inline] [] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330 [] __read_once_size include/linux/compiler.h:243 [inline] [] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [] static_key_count include/linux/jump_label.h:174 [inline] [] static_key_false include/linux/jump_label.h:184 [inline] [] perf_sw_event include/linux/perf_event.h:1039 [inline] [] __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 Object at ffff8801c94306c8, in cache vm_area_struct size: 184 Allocated: PID = 6348 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 kmem_cache_zalloc include/linux/slab.h:626 [inline] mmap_region+0x587/0xfd0 mm/mmap.c:1662 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2014 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 6359 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2958 [inline] kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980 remove_vma+0x11d/0x160 mm/mmap.c:175 remove_vma_list mm/mmap.c:2482 [inline] do_munmap+0x7ff/0xeb0 mm/mmap.c:2705 mmap_region+0x14d/0xfd0 mm/mmap.c:1635 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2014 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff8801c9430600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8801c9430680: fb fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb >ffff8801c9430700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8801c9430780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ffff8801c9430800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc ================================================================== device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device gre0 left promiscuous mode pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads IPVS: Creating netns size=2536 id=14 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6528 comm=syz-executor2 device gre0 entered promiscuous mode nla_parse: 10 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6676 Comm: syz-executor0 Tainted: G B 4.9.61-g904c79c #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cd377930 ffffffff81d91589 ffff8801cd377c10 0000000000000000 ffff8801cd06c710 ffff8801cd377b00 ffff8801cd06c600 ffff8801cd377b28 ffffffff8165fe47 ffff8801cba31800 ffff8801cd377a80 00000001a6ff3067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'. CPU: 1 PID: 6689 Comm: syz-executor0 Tainted: G B 4.9.61-g904c79c #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a9dcf940 ffffffff81d91589 ffff8801a9dcfc20 0000000000000000 ffff8801cd06c710 ffff8801a9dcfb10 ffff8801cd06c600 ffff8801a9dcfb38 ffffffff8165fe47 0000000000000000 ffff8801a9dcfa90 00000001a6ff3067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6676 Comm: syz-executor0 Tainted: G B 4.9.61-g904c79c #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cd377930 ffffffff81d91589 ffff8801cd377c10 0000000000000000 ffff8801cd06c890 ffff8801cd377b00 ffff8801cd06c780 ffff8801cd377b28 ffffffff8165fe47 ffff8801cba31800 ffff8801cd377a80 00000001aa292067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 6689 Comm: syz-executor0 Tainted: G B 4.9.61-g904c79c #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a9dcf940 ffffffff81d91589 ffff8801a9dcfc20 0000000000000000 ffff8801cd06c890 ffff8801a9dcfb10 ffff8801cd06c780 ffff8801a9dcfb38 ffffffff8165fe47 0000000000000000 ffff8801a9dcfa90 00000001aa292067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 13 bytes leftover after parsing attributes in process `syz-executor3'. IPVS: Creating netns size=2536 id=15 device lo entered promiscuous mode qtaguid: iface_stat: iface_check_stats_reset_and_adjust(lo): iface reset its stats unexpectedly device lo left promiscuous mode netlink: 13 bytes leftover after parsing attributes in process `syz-executor3'. binder: 6830:6840 ioctl 541c 20dd8ff4 returned -22 binder: 6830:6840 ioctl 54a3 0 returned -22 IPVS: Creating netns size=2536 id=16 device lo entered promiscuous mode device lo left promiscuous mode binder: 6830:6848 ioctl 541c 20dd8ff4 returned -22 binder: 6830:6840 ioctl 54a3 0 returned -22 binder: 6859:6861 ioctl 5608 0 returned -22 device gre0 entered promiscuous mode binder: 6859:6861 ioctl 80605414 20dc2f8e returned -22 device lo entered promiscuous mode binder: 6859:6861 ioctl 408c5333 20cbf000 returned -22 binder: 6859:6861 ioctl 8927 204dcfd8 returned -22 device lo left promiscuous mode device lo entered promiscuous mode binder: 6859:6861 ioctl 8903 20eb7000 returned -22 binder: 6859:6861 ioctl 540e 8001 returned -22 binder: 6859:6861 ioctl 5608 0 returned -22 binder: 6859:6861 ioctl 80605414 20dc2f8e returned -22 binder: 6859:6861 ioctl 408c5333 20cbf000 returned -22 binder: 6859:6861 ioctl 8927 204dcfd8 returned -22 binder: 6859:6907 ioctl 8903 20eb7000 returned -22 binder: 6859:6908 ioctl 540e 8001 returned -22 device lo left promiscuous mode binder: 6919:6920 ioctl 80084502 2099ffaa returned -22 binder: 6919:6924 ioctl 80084502 2099ffaa returned -22 device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 6948 Comm: syz-executor4 Tainted: G B 4.9.61-g904c79c #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a875f8e0 ffffffff81d91589 ffff8801a875fbc0 0000000000000000 ffff8801c6fbf010 ffff8801a875fab0 ffff8801c6fbef00 ffff8801a875fad8 ffffffff8165fe47 0000000000000246 ffff8801a875fa30 00000001d0189067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] strndup_user+0x28/0xb0 mm/util.c:160 [] SYSC_request_key security/keys/keyctl.c:186 [inline] [] SyS_request_key+0xd6/0x2d0 security/keys/keyctl.c:158 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'. pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) IPVS: Creating netns size=2536 id=17 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 sd 0:0:1:0: [sg0] tag#24 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#24 CDB: opcode=0xff (vendor) sd 0:0:1:0: [sg0] tag#24 CDB[00]: ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#24 CDB[10]: 00 00 00 00 10 27 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#24 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#24 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 pktgen: Cannot create thread for cpu 1 (-4) sd 0:0:1:0: [sg0] tag#24 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#24 CDB: opcode=0xff (vendor) sd 0:0:1:0: [sg0] tag#24 CDB[00]: ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#24 CDB[10]: 00 00 00 00 10 27 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#24 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#24 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 pktgen: Initialization failed for all threads device gre0 entered promiscuous mode netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'. IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: NLM_F_CREATE should be set when creating new route IPv6: NLM_F_CREATE should be set when creating new route netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'. IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE ================================================================== BUG: KASAN: use-after-free in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801c93d5bf0 BUG: KASAN: use-after-free in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801c93d5bf0 BUG: KASAN: use-after-free in static_key_count include/linux/jump_label.h:174 [inline] at addr ffff8801c93d5bf0 BUG: KASAN: use-after-free in static_key_false include/linux/jump_label.h:184 [inline] at addr ffff8801c93d5bf0 BUG: KASAN: use-after-free in perf_sw_event include/linux/perf_event.h:1039 [inline] at addr ffff8801c93d5bf0 BUG: KASAN: use-after-free in __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 at addr ffff8801c93d5bf0 Read of size 8 by task syz-executor0/7266 CPU: 0 PID: 7266 Comm: syz-executor0 Tainted: G B 4.9.61-g904c79c #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d9907d88 ffffffff81d91589 ffff8801da155140 ffff8801c93d5ba0 ffff8801c93d5c58 ffffed003927ab7e ffff8801c93d5bf0 ffff8801d9907db0 ffffffff8153c1bc ffffed003927ab7e ffff8801da155140 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [] print_address_description mm/kasan/report.c:198 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:330 [inline] [] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330 [] __read_once_size include/linux/compiler.h:243 [inline] [] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [] static_key_count include/linux/jump_label.h:174 [inline] [] static_key_false include/linux/jump_label.h:184 [inline] [] perf_sw_event include/linux/perf_event.h:1039 [inline] [] __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 Object at ffff8801c93d5ba0, in cache vm_area_struct size: 184 Allocated: PID = 7266 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 kmem_cache_zalloc include/linux/slab.h:626 [inline] mmap_region+0x587/0xfd0 mm/mmap.c:1662 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2014 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 7275 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2958 [inline] kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980 remove_vma+0x11d/0x160 mm/mmap.c:175 remove_vma_list mm/mmap.c:2482 [inline] do_munmap+0x7ff/0xeb0 mm/mmap.c:2705 mmap_region+0x14d/0xfd0 mm/mmap.c:1635 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2014 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff8801c93d5a80: fc fc fc fc fc fb fb fb fb fb fb fb fb fb fb fb ffff8801c93d5b00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc >ffff8801c93d5b80: fc fc fc fc fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8801c93d5c00: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc ffff8801c93d5c80: fc fc fc fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 7334 Comm: syz-executor0 Tainted: G B 4.9.61-g904c79c #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cf71f990 ffffffff81d91589 ffff8801cf71fc70 0000000000000000 ffff8801c6fbf790 ffff8801cf71fb60 ffff8801c6fbf680 ffff8801cf71fb88 ffffffff8165fe47 0000000000000000 ffff8801cf71fae0 00000001cae50067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7357 Comm: syz-executor0 Tainted: G B 4.9.61-g904c79c #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d9b27860 ffffffff81d91589 ffff8801d9b27b40 0000000000000000 ffff8801c6fbf790 ffff8801d9b27a30 ffff8801c6fbf680 ffff8801d9b27a58 ffffffff8165fe47 ffffffff811b9b9d ffff8801d9b279b0 00000001cae50067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SyS_rt_sigtimedwait+0x2d/0x40 kernel/signal.c:2819 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7349 Comm: syz-executor0 Tainted: G B 4.9.61-g904c79c #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c64878c0 ffffffff81d91589 ffff8801c6487ba0 0000000000000000 ffff8801c6fbf790 ffff8801c6487a90 ffff8801c6fbf680 ffff8801c6487ab8 ffffffff8165fe47 ffff8801d9855f40 ffff8801c6487a10 00000001cae50067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 sock: process `syz-executor2' is using obsolete setsockopt SO_BSDCOMPAT CPU: 1 PID: 7368 Comm: syz-executor0 Tainted: G B 4.9.61-g904c79c #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c648f8f0 ffffffff81d91589 ffff8801c648fbd0 0000000000000000 ffff8801c6fbf790 ffff8801c648fac0 ffff8801c6fbf680 ffff8801c648fae8 ffffffff8165fe47 ffffffff83a73e40 ffff8801c648fa40 00000001cae50067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] key_get_type_from_user.constprop.10+0x24/0xe0 security/keys/keyctl.c:37 [] SYSC_add_key security/keys/keyctl.c:76 [inline] [] SyS_add_key+0xa7/0x390 security/keys/keyctl.c:60 [] entry_SYSCALL_64_fastpath+0x23/0xc6 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7527 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7527 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7527 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7527 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7527 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7540 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7540 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7540 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7540 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7540 comm=syz-executor6 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads IPVS: Creating netns size=2536 id=18 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads binder: 7798:7799 ioctl 80404507 20000fa4 returned -22 binder: 7798:7799 ioctl 80404521 20006000 returned -22 binder: 7798:7799 ioctl 40605346 20007fa4 returned -22 binder: 7803:7805 ioctl 890b 20fa4ffc returned -22 binder: 7803:7806 ioctl 890b 20fa4ffc returned -22 binder: 7798:7799 ioctl 891a 20003fe0 returned -22 binder: 7798:7799 ioctl 80404507 20000fa4 returned -22 binder: 7798:7814 ioctl 80404521 20006000 returned -22 binder: 7798:7814 ioctl 40605346 20007fa4 returned -22 binder: 7798:7799 ioctl 891a 20003fe0 returned -22 binder: 7891:7893 ioctl c08c5332 20e01f74 returned -22 binder: 7891:7893 ioctl c08c5332 20e01f74 returned -22 nla_parse: 9 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. binder: 7965:7967 ioctl 4b44 20ad2000 returned -22 netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor4'. binder: 7965:7986 ioctl 4b44 20ad2000 returned -22 netlink: 2 bytes leftover after parsing attributes in process `syz-executor4'. tmpfs: No value for mount option 'ij' netlink: 13 bytes leftover after parsing attributes in process `syz-executor7'. tmpfs: No value for mount option 'ij' netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. binder: 8059:8065 ioctl 5609 208daffa returned -22 binder_alloc: binder_alloc_mmap_handler: 8040 2076f000-20772000 already mapped failed -16 IPVS: Creating netns size=2536 id=19 netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. binder: 8059:8065 ioctl 5609 208daffa returned -22 netlink: 6 bytes leftover after parsing attributes in process `syz-executor4'. pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads IPVS: Creating netns size=2536 id=20 IPVS: Creating netns size=2536 id=21 FAULT_FLAG_ALLOW_RETRY missing 31 CPU: 0 PID: 8348 Comm: syz-executor6 Tainted: G B 4.9.61-g904c79c #86 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c7e77870 ffffffff81d91589 ffff8801c7e77b50 0000000000000000 ffff8801c6fbf910 ffff8801c7e77a40 ffff8801c6fbf800 ffff8801c7e77a68 ffffffff8165fe47 ffff8801c7e778a0 ffffffff811bb8dd 0000000006e235c0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2783 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1f82/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_getrandom drivers/char/random.c:1899 [inline] [] SyS_getrandom+0x165/0x2a0 drivers/char/random.c:1880 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready