9pnet_virtio: no channels available for device ./file0
==================================================================
BUG: KASAN: use-after-free in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801c8cec050
BUG: KASAN: use-after-free in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801c8cec050
BUG: KASAN: use-after-free in static_key_count include/linux/jump_label.h:174 [inline] at addr ffff8801c8cec050
BUG: KASAN: use-after-free in static_key_false include/linux/jump_label.h:184 [inline] at addr ffff8801c8cec050
BUG: KASAN: use-after-free in perf_sw_event include/linux/perf_event.h:1039 [inline] at addr ffff8801c8cec050
BUG: KASAN: use-after-free in __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 at addr ffff8801c8cec050
Read of size 8 by task syz-executor1/13333
CPU: 0 PID: 13333 Comm: syz-executor1 Not tainted 4.9.64-gfbb7468 #94
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d4cdfd88 ffffffff81d90429 ffff8801da155140 ffff8801c8cec000
ffff8801c8cec0b8 ffffed003919d80a ffff8801c8cec050 ffff8801d4cdfdb0
ffffffff8153a3ac ffffed003919d80a ffff8801da155140 0000000000000000
Call Trace:
[<ffffffff81d90429>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d90429>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153a3ac>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153a66c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153a66c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153a66c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153aa09>] kasan_report mm/kasan/report.c:330 [inline]
[<ffffffff8153aa09>] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330
[<ffffffff810ddb10>] __read_once_size include/linux/compiler.h:243 [inline]
[<ffffffff810ddb10>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
[<ffffffff810ddb10>] static_key_count include/linux/jump_label.h:174 [inline]
[<ffffffff810ddb10>] static_key_false include/linux/jump_label.h:184 [inline]
[<ffffffff810ddb10>] perf_sw_event include/linux/perf_event.h:1039 [inline]
[<ffffffff810ddb10>] __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438
[<ffffffff810ddc27>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
[<ffffffff838aa958>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
Object at ffff8801c8cec000, in cache vm_area_struct size: 184
Allocated:
PID = 13333
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
kmem_cache_zalloc include/linux/slab.h:626 [inline]
mmap_region+0x587/0xfd0 mm/mmap.c:1662
do_mmap+0x57b/0xbe0 mm/mmap.c:1473
do_mmap_pgoff include/linux/mm.h:2018 [inline]
vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305
SYSC_mmap_pgoff mm/mmap.c:1523 [inline]
SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481
SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline]
SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 13344
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
remove_vma+0x11d/0x160 mm/mmap.c:175
remove_vma_list mm/mmap.c:2482 [inline]
do_munmap+0x7ff/0xeb0 mm/mmap.c:2705
mmap_region+0x14d/0xfd0 mm/mmap.c:1635
do_mmap+0x57b/0xbe0 mm/mmap.c:1473
do_mmap_pgoff include/linux/mm.h:2018 [inline]
vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305
SYSC_mmap_pgoff mm/mmap.c:1523 [inline]
SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481
SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline]
SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86
entry_SYSCALL_64_fastpath+0x23/0xc6
Memory state around the buggy address:
ffff8801c8cebf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8801c8cebf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8801c8cec000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8801c8cec080: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fb
ffff8801c8cec100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
device tunl0 entered promiscuous mode
device lo left promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pig=13573 comm=syz-executor1
nla_parse: 9 callbacks suppressed
netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'.
binder: 13610:13612 ioctl c08c5335 209dcf74 returned -22
binder: 13610:13612 ioctl 80084503 20664000 returned -22
binder: 13610:13612 ioctl c08c5335 209dcf74 returned -22
binder: 13610:13612 ioctl 80084503 20664000 returned -22
IPVS: length: 24 != 8
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=13737 comm=syz-executor2
Option '��'' to dns_resolver key: bad/missing value
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=13737 comm=syz-executor2
syz-executor3: vmalloc: allocation failure: 17179869168 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM)
CPU: 1 PID: 13784 Comm: syz-executor3 Tainted: G B 4.9.64-gfbb7468 #94
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801c71c7880 ffffffff81d90429 1ffff10038e38f13 ffff8801a84eb000
ffffffff83ab7d80 0000000000000001 0000000000400000 ffff8801c71c7990
ffffffff8144ead2 024000c2580ef237 0000000041b58ab3 ffffffff8419115d
Call Trace:
[<ffffffff81d90429>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d90429>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8144ead2>] warn_alloc+0x212/0x240 mm/page_alloc.c:3054
[<ffffffff814fc435>] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722
[<ffffffff814fc6fb>] __vmalloc_node mm/vmalloc.c:1744 [inline]
[<ffffffff814fc6fb>] __vmalloc_node_flags mm/vmalloc.c:1758 [inline]
[<ffffffff814fc6fb>] vmalloc+0x5b/0x70 mm/vmalloc.c:1773
[<ffffffff83137791>] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722
[<ffffffff833799da>] translate_table+0x21a/0x1e30 net/ipv4/netfilter/ip_tables.c:700
[<ffffffff8337d7ce>] do_replace net/ipv4/netfilter/ip_tables.c:1151 [inline]
[<ffffffff8337d7ce>] do_ipt_set_ctl+0x2be/0x470 net/ipv4/netfilter/ip_tables.c:1687
[<ffffffff83098407>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
[<ffffffff83098407>] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114
[<ffffffff83208321>] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1243
[<ffffffff83227ff2>] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736
[<ffffffff82ed5265>] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706
[<ffffffff82ed2220>] SYSC_setsockopt net/socket.c:1771 [inline]
[<ffffffff82ed2220>] SyS_setsockopt+0x160/0x250 net/socket.c:1750
[<ffffffff838a9785>] entry_SYSCALL_64_fastpath+0x23/0xc6
Mem-Info:
active_anon:88951 inactive_anon:40 isolated_anon:0
active_file:3731 inactive_file:6599 isolated_file:0
unevictable:0 dirty:0 writeback:12 unstable:0
slab_reclaimable:6284 slab_unreclaimable:52219
mapped:22797 shmem:77 pagetables:798 bounce:0
free:1451218 free_pcp:422 free_cma:0
Node 0 active_anon:343412kB inactive_anon:160kB active_file:14924kB inactive_file:26396kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91088kB dirty:0kB writeback:48kB shmem:308kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 59392kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no
DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2910 6411 6411
DMA32 free:2981144kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:700kB local_pcp:48kB free_cma:0kB
lowmem_reserve[]: 0 0 3501[ 89.546266] syz-executor3:
vmalloc: allocation failure: 17179869168 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM)
CPU: 1 PID: 13838 Comm: syz-executor3 Tainted: G B 4.9.64-gfbb7468 #94
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801c956f880
ffffffff81d90429 1ffff100392adf13 ffff8801c9560000 ffffffff83ab7d80
0000000000000001 0000000000400000 ffff8801c956f990 ffffffff8144ead2
024000c2d26f1b80 0000000041b58ab3 ffffffff8419115dCall Trace:
[<ffffffff81d90429>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d90429>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8144ead2>] warn_alloc+0x212/0x240 mm/page_alloc.c:3054
[<ffffffff814fc435>] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722
[<ffffffff814fc6fb>] __vmalloc_node mm/vmalloc.c:1744 [inline]
[<ffffffff814fc6fb>] __vmalloc_node_flags mm/vmalloc.c:1758 [inline]
[<ffffffff814fc6fb>] vmalloc+0x5b/0x70 mm/vmalloc.c:1773
[<ffffffff83137791>] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722
[<ffffffff833799da>] translate_table+0x21a/0x1e30 net/ipv4/netfilter/ip_tables.c:700
[<ffffffff8337d7ce>] do_replace net/ipv4/netfilter/ip_tables.c:1151 [inline]
[<ffffffff8337d7ce>] do_ipt_set_ctl+0x2be/0x470 net/ipv4/netfilter/ip_tables.c:1687
[<ffffffff83098407>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
[<ffffffff83098407>] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114
[<ffffffff83208321>] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1243
[<ffffffff83227ff2>] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736
[<ffffffff82ed5265>] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706
[<ffffffff82ed2220>] SYSC_setsockopt net/socket.c:1771 [inline]
[<ffffffff82ed2220>] SyS_setsockopt+0x160/0x250 net/socket.c:1750
[<ffffffff838a9785>] entry_SYSCALL_64_fastpath+0x23/0xc6
Mem-Info:
active_anon:84284 inactive_anon:40 isolated_anon:0
active_file:3731 inactive_file:6599 isolated_file:0
unevictable:0 dirty:30 writeback:0 unstable:0
slab_reclaimable:6316 slab_unreclaimable:53052
mapped:22770 shmem:77 pagetables:750 bounce:0
free:1455072 free_pcp:478 free_cma:0
Node 0 active_anon:337136kB inactive_anon:160kB active_file:14924kB inactive_file:26396kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91080kB dirty:120kB writeback:0kB shmem:308kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 73728kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no
DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
0 2910 6411 6411DMA32 free:2981144kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:700kB local_pcp:652kB free_cma:0kB
0 0 3501 3501Normal free:2823236kB min:36816kB low:46020kB high:55224kB active_anon:337136kB inactive_anon:160kB active_file:14924kB inactive_file:26396kB unevictable:0kB writepending:112kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:25264kB slab_unreclaimable:212208kB kernel_stack:5952kB pagetables:3000kB bounce:0kB free_pcp:1212kB local_pcp:556kB free_cma:0kB
0 0 0 0DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
10406 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
320236 pages reserved
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=133 sclass=netlink_xfrm_socket pig=13873 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=133 sclass=netlink_xfrm_socket pig=13873 comm=syz-executor2
3501Normal free:2849580kB min:36816kB low:46020kB high:55224kB active_anon:309672kB inactive_anon:152kB active_file:14944kB inactive_file:26412kB unevictable:0kB writepending:260kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:25400kB slab_unreclaimable:214864kB kernel_stack:5408kB pagetables:2712kB bounce:0kB free_pcp:1064kB local_pcp:432kB free_cma:0kB
DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
10415 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
320236 pages reserved
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device gre0 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 13 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 13 bytes leftover after parsing attributes in process `syz-executor7'.
FAULT_FLAG_ALLOW_RETRY missing 30
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 14134 Comm: syz-executor5 Tainted: G B 4.9.64-gfbb7468 #94
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d66a7930 ffffffff81d90429 ffff8801d66a7c10 0000000000000000
ffff8801aa1ec290 ffff8801d66a7b00 ffff8801aa1ec180 ffff8801d66a7b28
ffffffff8165e3c7 0000000000000001 ffff8801d66a7a80 00000001c64ce067
Call Trace:
[<ffffffff81d90429>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d90429>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8165e3c7>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
[<ffffffff814cd6c1>] do_anonymous_page mm/memory.c:2747 [inline]
[<ffffffff814cd6c1>] handle_pte_fault mm/memory.c:3488 [inline]
[<ffffffff814cd6c1>] __handle_mm_fault mm/memory.c:3577 [inline]
[<ffffffff814cd6c1>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
[<ffffffff810dd447>] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396
[<ffffffff810ddc27>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
[<ffffffff838aa958>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
[<ffffffff838a9785>] entry_SYSCALL_64_fastpath+0x23/0xc6
CPU: 0 PID: 14145 Comm: syz-executor5 Tainted: G B 4.9.64-gfbb7468 #94
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d561f920 ffffffff81d90429 ffff8801d561fc00 0000000000000000
ffff8801aa1ec290 ffff8801d561faf0 ffff8801aa1ec180 ffff8801d561fb18
ffffffff8165e3c7 0000000000000000 ffff8801d561fa70 00000001c64ce067
Call Trace:
[<ffffffff81d90429>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d90429>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8165e3c7>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
[<ffffffff814cd6c1>] do_anonymous_page mm/memory.c:2747 [inline]
[<ffffffff814cd6c1>] handle_pte_fault mm/memory.c:3488 [inline]
[<ffffffff814cd6c1>] __handle_mm_fault mm/memory.c:3577 [inline]
[<ffffffff814cd6c1>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
[<ffffffff810dd447>] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396
[<ffffffff810ddc27>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
[<ffffffff838aa958>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
[<ffffffff838a9785>] entry_SYSCALL_64_fastpath+0x23/0xc6
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 14134 Comm: syz-executor5 Tainted: G B 4.9.64-gfbb7468 #94
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d66a7920 ffffffff81d90429 ffff8801d66a7c00 0000000000000000
ffff8801c9f4b790 ffff8801d66a7af0 ffff8801c9f4b680 ffff8801d66a7b18
ffffffff8165e3c7 0000000000000000 ffff8801d66a7a70 00000001a94b1067
Call Trace:
[<ffffffff81d90429>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d90429>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8165e3c7>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
FAULT_FLAG_ALLOW_RETRY missing 30
[<ffffffff814cd6c1>] do_anonymous_page mm/memory.c:2747 [inline]
[<ffffffff814cd6c1>] handle_pte_fault mm/memory.c:3488 [inline]
[<ffffffff814cd6c1>] __handle_mm_fault mm/memory.c:3577 [inline]
[<ffffffff814cd6c1>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
[<ffffffff810dd447>] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396
[<ffffffff810ddc27>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
[<ffffffff838aa958>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
[<ffffffff838a9785>] entry_SYSCALL_64_fastpath+0x23/0xc6
CPU: 1 PID: 14145 Comm: syz-executor5 Tainted: G B 4.9.64-gfbb7468 #94
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d561f900 ffffffff81d90429 ffff8801d561fbe0 0000000000000000
ffff8801c9f4b790 ffff8801d561fad0 ffff8801c9f4b680 ffff8801d561faf8
ffffffff8165e3c7 ffffffff00000002 ffff8801000000c8 0000002200000000
Call Trace:
[<ffffffff81d90429>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d90429>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8165e3c7>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
[<ffffffff814cd6c1>] do_anonymous_page mm/memory.c:2747 [inline]
[<ffffffff814cd6c1>] handle_pte_fault mm/memory.c:3488 [inline]
[<ffffffff814cd6c1>] __handle_mm_fault mm/memory.c:3577 [inline]
[<ffffffff814cd6c1>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
[<ffffffff810dd447>] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396
[<ffffffff810ddc27>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
[<ffffffff838aa958>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
[<ffffffff81657cc0>] copy_from_user arch/x86/include/asm/uaccess.h:702 [inline]
[<ffffffff81657cc0>] SYSC_timerfd_settime fs/timerfd.c:542 [inline]
[<ffffffff81657cc0>] SyS_timerfd_settime+0xb0/0x190 fs/timerfd.c:535
[<ffffffff838a9785>] entry_SYSCALL_64_fastpath+0x23/0xc6
?: renamed from tunl0
IPVS: Creating netns size=2536 id=29
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'.
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 left promiscuous mode
device gre0 entered promiscuous mode
device gre0 left promiscuous mode
tmpfs: No value for mount option '�'
tmpfs: No value for mount option '�'
device gre0 entered promiscuous mode
device gre0 left promiscuous mode
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 left promiscuous mode
9pnet_virtio: no channels available for device ./file0
9pnet_virtio: no channels available for device ./file0
syz-executor2: vmalloc: allocation failure: 17179869168 bytes[ 93.810019] selinux_nlmsg_perm: 3 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59136 sclass=netlink_route_socket pig=14855 comm=syz-executor5
, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM)
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59136 sclass=netlink_route_socket pig=14865 comm=syz-executor5
CPU: 1 PID: 14857 Comm: syz-executor2 Tainted: G B 4.9.64-gfbb7468 #94
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801ced87880 ffffffff81d90429 1ffff10039db0f13 ffff8801c9ab9800
ffffffff83ab7d80 0000000000000001 0000000000400000 ffff8801ced87990
ffffffff8144ead2 024000c295d3e5c9 0000000041b58ab3 ffffffff8419115d
Call Trace:
[<ffffffff81d90429>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d90429>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8144ead2>] warn_alloc+0x212/0x240 mm/page_alloc.c:3054
[<ffffffff814fc435>] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722
[<ffffffff814fc6fb>] __vmalloc_node mm/vmalloc.c:1744 [inline]
[<ffffffff814fc6fb>] __vmalloc_node_flags mm/vmalloc.c:1758 [inline]
[<ffffffff814fc6fb>] vmalloc+0x5b/0x70 mm/vmalloc.c:1773
[<ffffffff83137791>] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722
[<ffffffff833799da>] translate_table+0x21a/0x1e30 net/ipv4/netfilter/ip_tables.c:700
[<ffffffff8337d7ce>] do_replace net/ipv4/netfilter/ip_tables.c:1151 [inline]
[<ffffffff8337d7ce>] do_ipt_set_ctl+0x2be/0x470 net/ipv4/netfilter/ip_tables.c:1687
[<ffffffff83098407>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
[<ffffffff83098407>] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114
[<ffffffff83208321>] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1243
[<ffffffff83227ff2>] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736
[<ffffffff82ed5265>] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706
[<ffffffff82ed2220>] SYSC_setsockopt net/socket.c:1771 [inline]
[<ffffffff82ed2220>] SyS_setsockopt+0x160/0x250 net/socket.c:1750
[<ffffffff838a9785>] entry_SYSCALL_64_fastpath+0x23/0xc6
Mem-Info:
active_anon:80701 inactive_anon:38 isolated_anon:0
active_file:3753 inactive_file:6622 isolated_file:0
unevictable:0 dirty:87 writeback:0 unstable:0
slab_reclaimable:5774 slab_unreclaimable:26556
mapped:22774 shmem:77 pagetables:745 bounce:0
free:1485983 free_pcp:401 free_cma:0
Node 0 active_anon:314412kB inactive_anon:152kB active_file:15012kB inactive_file:26504kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91084kB dirty:364kB writeback:0kB shmem:308kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no
DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2910 6411 6411
DMA32 free:2981144kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:700kB local_pcp:652kB free_cma:0kB
syz-executor2: vmalloc: allocation failure: 17179869168 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM)
CPU: 0 PID: 14902 Comm: syz-executor2 Tainted: G B 4.9.64-gfbb7468 #94
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801c6287880 ffffffff81d90429 1ffff10038c50f13 ffff8801cf13c800
ffffffff83ab7d80 0000000000000001 0000000000400000 ffff8801c6287990
ffffffff8144ead2 024000c2b68fcf73 0000000041b58ab3 ffffffff8419115d
Call Trace:
[<ffffffff81d90429>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d90429>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8144ead2>] warn_alloc+0x212/0x240 mm/page_alloc.c:3054
[<ffffffff814fc435>] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722
[<ffffffff814fc6fb>] __vmalloc_node mm/vmalloc.c:1744 [inline]
[<ffffffff814fc6fb>] __vmalloc_node_flags mm/vmalloc.c:1758 [inline]
[<ffffffff814fc6fb>] vmalloc+0x5b/0x70 mm/vmalloc.c:1773
[<ffffffff83137791>] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722
[<ffffffff833799da>] translate_table+0x21a/0x1e30 net/ipv4/netfilter/ip_tables.c:700
[<ffffffff8337d7ce>] do_replace net/ipv4/netfilter/ip_tables.c:1151 [inline]
[<ffffffff8337d7ce>] do_ipt_set_ctl+0x2be/0x470 net/ipv4/netfilter/ip_tables.c:1687
[<ffffffff83098407>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
[<ffffffff83098407>] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114
[<ffffffff83208321>] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1243
[<ffffffff83227ff2>] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2736
[<ffffffff82ed5265>] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706
[<ffffffff82ed2220>] SYSC_setsockopt net/socket.c:1771 [inline]
[<ffffffff82ed2220>] SyS_setsockopt+0x160/0x250 net/socket.c:1750
[<ffffffff838a9785>] entry_SYSCALL_64_fastpath+0x23/0xc6
Mem-Info:
active_anon:79653 inactive_anon:38 isolated_anon:0
active_file:3753 inactive_file:6626 isolated_file:0
unevictable:0 dirty:91 writeback:0 unstable:0
slab_reclaimable:5774 slab_unreclaimable:26729
mapped:22771 shmem:77 pagetables:728 bounce:0
free:1486933 free_pcp:361 free_cma:0
Node 0 active_anon:318612kB inactive_anon:152kB active_file:15012kB inactive_file:26504kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:91084kB dirty:364kB writeback:0kB shmem:308kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no
DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
DMA32 free:2981144kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981844kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:700kB local_pcp:48kB free_cma:0kB
Normal free:2950680kB min:36816kB low:46020kB high:55224kB active_anon:318612kB inactive_anon:152kB active_file:15012kB inactive_file:26504kB unevictable:0kB writepending:364kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:23096kB slab_unreclaimable:106916kB kernel_stack:5824kB pagetables:2912kB bounce:0kB free_pcp:744kB local_pcp:580kB free_cma:0kB
DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
10455 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
320236 pages reserved
lowmem_reserve[]: 0 0 3501 3501
Normal free:2958256kB min:36816kB low:46020kB high:55224kB active_anon:310200kB inactive_anon:152kB active_file:15012kB inactive_file:26528kB unevictable:0kB writepending:396kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:23160kB slab_unreclaimable:108608kB kernel_stack:5408kB pagetables:2656kB bounce:0kB free_pcp:816kB local_pcp:160kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 3*32kB (M) 4*64kB (M) 3*128kB (M) 2*256kB (M) 2*512kB (M) 1*1024kB (M) 2*2048kB (M) 726*4096kB (M) = 2981144kB
Normal: 1150*4kB (UME) 1427*8kB (UME) 830*16kB (UME) 481*32kB (UME) 1579*64kB (UME) 317*128kB (UME) 50*256kB (UE) 11*512kB (UME) 3*1024kB (UME) 1*2048kB (M) 671*4096kB (UM) = 2958288kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
10463 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
320236 pages reserved
nla_parse: 9 callbacks suppressed
netlink: 73 bytes leftover after parsing attributes in process `syz-executor1'.
sd 0:0:1:0: [sg0] tag#408 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#408 CDB: opcode=0xff (vendor)
sd 0:0:1:0: [sg0] tag#408 CDB[00]: ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#408 CDB[10]: 00 00 00 00 10 27 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#408 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#408 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#408 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#408 CDB: opcode=0xff (vendor)
sd 0:0:1:0: [sg0] tag#408 CDB[00]: ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#408 CDB[10]: 00 00 00 00 10 27 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#408 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#408 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00
netlink: 73 bytes leftover after parsing attributes in process `syz-executor1'.
sg_write: data in/out 9969/38 bytes for SCSI command 0x8-- guessing data in;
program syz-executor5 not setting count and/or reply_len properly
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
binder: 15181:15184 ioctl c0286404 20c0dfd8 returned -22
binder: 15181:15184 ioctl c0286404 20c0dfd8 returned -22
device lo entered promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pig=15293 comm=syz-executor4
netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pig=15293 comm=syz-executor4
IPVS: Creating netns size=2536 id=30
qtaguid: iface_stat: create(lo): no inet dev
qtaguid: iface_stat: create6(lo): no inet dev
IPVS: Creating netns size=2536 id=31
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
qtaguid: iface_stat: create6(lo): no inet dev
IPVS: Creating netns size=2536 id=32
netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'.
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads