syz-executor.0 uses obsolete (PF_INET,SOCK_PACKET) ================================================================== BUG: KASAN: slab-out-of-bounds in shrink_folio_list+0x141d/0x37d0 Read of size 8 at addr ffff8880433281f1 by task syz-executor.7/4181 CPU: 0 PID: 4181 Comm: syz-executor.7 Not tainted 6.4.0-next-20230706 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0x91/0xf0 print_report+0xcc/0x620 kasan_report+0xbe/0xf0 kasan_check_range+0x39/0x1b0 shrink_folio_list+0x141d/0x37d0 reclaim_folio_list+0xc4/0x300 reclaim_pages+0x377/0x520 madvise_cold_or_pageout_pte_range+0xc9c/0xf90 walk_pgd_range+0xcc3/0x1740 __walk_page_range+0x5f6/0x720 walk_page_range+0x316/0x4b0 madvise_pageout+0x30b/0x580 madvise_vma_behavior+0x413/0x20a0 do_madvise.part.0+0x39a/0x650 __x64_sys_madvise+0x10c/0x160 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 RIP: 0033:0x7f60f062bb19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f60edba1188 EFLAGS: 00000246 ORIG_RAX: 000000000000001c RAX: ffffffffffffffda RBX: 00007f60f073ef60 RCX: 00007f60f062bb19 RDX: 0000000000000015 RSI: 0000000000004000 RDI: 0000000020ffa000 RBP: 00007f60f0685f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffed52a54bf R14: 00007f60edba1300 R15: 0000000000022000 Allocated by task 268: kasan_save_stack+0x22/0x50 kasan_set_track+0x25/0x30 __kasan_slab_alloc+0x59/0x70 kmem_cache_alloc+0x17b/0x390 anon_vma_fork+0xe6/0x630 dup_mmap+0xaf9/0x1250 copy_process+0x3e68/0x7320 kernel_clone+0xeb/0x7d0 __do_sys_clone+0xba/0x100 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 The buggy address belongs to the object at ffff888043328110 which belongs to the cache anon_vma of size 208 The buggy address is located 17 bytes to the right of allocated 208-byte region [ffff888043328110, ffff8880433281e0) The buggy address belongs to the physical page: page:00000000e0bee001 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43328 memcg:ffff88800dde5b01 flags: 0x100000000000200(slab|node=0|zone=1) page_type: 0xffffffff() raw: 0100000000000200 ffff8880087a2280 ffffea0000315ec0 0000000000000002 raw: 0000000000000000 00000000000f000f 00000001ffffffff ffff88800dde5b01 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888043328080: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc ffff888043328100: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff888043328180: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc ^ ffff888043328200: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 ffff888043328280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc ================================================================== netlink: 164 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 164 bytes leftover after parsing attributes in process `syz-executor.1'. audit: type=1400 audit(1688858792.840:11): avc: denied { write } for pid=4191 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 netlink: 164 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 164 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 164 bytes leftover after parsing attributes in process `syz-executor.1'.