INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-2,10.128.0.33' (ECDSA) to the list of known hosts. 2017/12/01 15:20:28 parsed 1 programs 2017/12/01 15:20:28 executed programs: 0 syzkaller login: [ 37.355335] ================================================================== [ 37.356370] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 at addr ffff8801ce7a78b8 [ 37.357487] Read of size 8 by task syz-executor6/3705 [ 37.358172] page:ffffea000739e9c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 37.359277] flags: 0x8000000000000000() [ 37.359803] page dumped because: kasan: bad access detected [ 37.360576] CPU: 0 PID: 3705 Comm: syz-executor6 Not tainted 4.9.66-g38884cc #102 [ 37.361583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.362840] ffff8801d15571a0 ffffffff81d90429 ffffed0039cf4f18 0000000000000008 [ 37.363967] 0000000000000000 ffffed0039cf4f18 ffff8801ce7a78b8 ffff8801d1557228 [ 37.365095] ffffffff8153a583 ffff8801ced7b000 ffffffff8389f09e ffffffff810d41b7 [ 37.366229] Call Trace: [ 37.366581] [] dump_stack+0xc1/0x128 [ 37.367330] [] kasan_report.part.1+0x4c3/0x500 [ 37.368178] [] ? mutex_lock_killable_nested+0x60e/0x960 [ 37.369098] [] ? __unwind_start+0x3a7/0x3c0 [ 37.369884] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 37.370816] [] __asan_report_load8_noabort+0x29/0x30 [ 37.371703] [] __unwind_start+0x3a7/0x3c0 [ 37.372486] [] ? ptrace_may_access+0x24/0x50 [ 37.373281] [] __save_stack_trace+0x59/0xf0 [ 37.374065] [] save_stack_trace_tsk+0x48/0x70 [ 37.374870] [] proc_pid_stack+0x146/0x230 [ 37.376938] [] ? lock_trace+0xc0/0xc0 [ 37.382349] [] proc_single_show+0xf8/0x170 [ 37.388201] [] seq_read+0x32f/0x1290 [ 37.393528] [] ? seq_escape+0x200/0x200 [ 37.399118] [] ? fsnotify+0x86/0xf30 [ 37.404442] [] ? fsnotify+0xf30/0xf30 [ 37.409854] [] ? avc_policy_seqno+0x9/0x20 [ 37.415701] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 37.422678] [] ? security_file_permission+0x89/0x1e0 [ 37.429392] [] ? seq_escape+0x200/0x200 [ 37.434978] [] ? seq_escape+0x200/0x200 [ 37.440564] [] do_readv_writev+0x520/0x750 [ 37.446410] [] ? vfs_write+0x530/0x530 [ 37.451911] [] ? kasan_unpoison_shadow+0x35/0x50 [ 37.458279] [] ? push_pipe+0x372/0x770 [ 37.463782] [] ? sanity+0x1ff/0x610 [ 37.469030] [] ? iov_iter_get_pages_alloc+0x2c7/0xf10 [ 37.475837] [] ? __unwind_start+0x1e3/0x3c0 [ 37.481771] [] vfs_readv+0x84/0xc0 [ 37.486925] [] default_file_splice_read+0x43f/0x7a0 [ 37.493565] [] ? depot_save_stack+0x122/0x4a0 [ 37.499677] [] ? do_splice_direct+0x270/0x270 [ 37.505786] [] ? save_stack+0x43/0xd0 [ 37.511198] [] ? kasan_kmalloc+0xad/0xe0 [ 37.516873] [] ? __kmalloc+0x11d/0x310 [ 37.522390] [] ? alloc_pipe_info+0x135/0x350 [ 37.528412] [] ? splice_direct_to_actor+0x64a/0x800 [ 37.535041] [] ? do_splice_direct+0x1a7/0x270 [ 37.541156] [] ? do_sendfile+0x54b/0xd30 [ 37.546833] [] ? entry_SYSCALL_64_fastpath+0x23/0xc6 [ 37.553552] [] ? futex_wait_queue_me+0x3e9/0x5e0 [ 37.559927] [] ? __fsnotify_parent+0xbc/0x340 [ 37.566035] [] ? fsnotify+0x86/0xf30 [ 37.571361] [] ? fsnotify+0xf30/0xf30 [ 37.576775] [] ? avc_policy_seqno+0x9/0x20 [ 37.582627] [] ? selinux_file_permission+0x82/0x460 [ 37.589254] [] ? security_file_permission+0x89/0x1e0 [ 37.595968] [] ? rw_verify_area+0xe5/0x2b0 [ 37.601821] [] ? do_splice_direct+0x270/0x270 [ 37.607925] [] do_splice_to+0x10a/0x160 [ 37.613510] [] splice_direct_to_actor+0x24d/0x800 [ 37.619966] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 37.626596] [] ? do_splice_to+0x160/0x160 [ 37.632357] [] ? security_file_permission+0x89/0x1e0 [ 37.639070] [] ? rw_verify_area+0xe5/0x2b0 [ 37.644919] [] do_splice_direct+0x1a7/0x270 [ 37.650855] [] ? splice_direct_to_actor+0x800/0x800 [ 37.657482] [] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 37.664022] [] ? __sb_start_write+0x14a/0x310 [ 37.670131] [] do_sendfile+0x54b/0xd30 [ 37.675637] [] ? do_compat_pwritev64+0x100/0x100 [ 37.682008] [] ? __might_fault+0x114/0x1d0 [ 37.687855] [] SyS_sendfile64+0xd1/0x160 [ 37.693526] [] ? SyS_sendfile+0x160/0x160 [ 37.699287] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 37.706086] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 37.712626] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 37.719167] Memory state around the buggy address: [ 37.724062] ffff8801ce7a7780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.731383] ffff8801ce7a7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.738704] >ffff8801ce7a7880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.746024] ^ [ 37.751439] ffff8801ce7a7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.758763] ffff8801ce7a7980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.766081] ================================================================== [ 37.773399] Disabling lock debugging due to kernel taint [ 37.947912] ================================================================== [ 37.955274] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 at addr ffff8801d6e978b8 [ 37.963811] Read of size 8 by task syz-executor4/3978 [ 37.968964] page:ffffea00075ba5c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 37.977178] flags: 0x8000000000000000() [ 37.981114] page dumped because: kasan: bad access detected [ 37.986788] CPU: 1 PID: 3978 Comm: syz-executor4 Tainted: G B 4.9.66-g38884cc #102 [ 37.995585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.004904] ffff8801d6e171a0 ffffffff81d90429 ffffed003add2f18 0000000000000008 [ 38.012840] 0000000000000000 ffffed003add2f18 ffff8801d6e978b8 ffff8801d6e17228 [ 38.020777] ffffffff8153a583 0000000000000000 0000000000000000 ffffffff810d41b7 [ 38.028717] Call Trace: [ 38.031267] [] dump_stack+0xc1/0x128 [ 38.036593] [] kasan_report.part.1+0x4c3/0x500 [ 38.042793] [] ? __unwind_start+0x3a7/0x3c0 [ 38.048736] [] __asan_report_load8_noabort+0x29/0x30 [ 38.055456] [] __unwind_start+0x3a7/0x3c0 [ 38.061221] [] ? ptrace_may_access+0x24/0x50 [ 38.067249] [] __save_stack_trace+0x59/0xf0 [ 38.073189] [] save_stack_trace_tsk+0x48/0x70 [ 38.079302] [] proc_pid_stack+0x146/0x230 [ 38.085066] [] ? lock_trace+0xc0/0xc0 [ 38.090481] [] proc_single_show+0xf8/0x170 [ 38.096328] [] seq_read+0x32f/0x1290 [ 38.101658] [] ? __check_object_size+0x174/0x3a9 [ 38.108029] [] ? seq_escape+0x200/0x200 [ 38.113620] [] ? fsnotify+0x86/0xf30 [ 38.118947] [] ? fsnotify+0xf30/0xf30 [ 38.124364] [] ? avc_policy_seqno+0x9/0x20 [ 38.130211] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 38.137187] [] ? security_file_permission+0x89/0x1e0 [ 38.143902] [] ? seq_escape+0x200/0x200 [ 38.149487] [] ? seq_escape+0x200/0x200 [ 38.155071] [] do_readv_writev+0x520/0x750 [ 38.160918] [] ? vfs_write+0x530/0x530 [ 38.166419] [] ? kasan_unpoison_shadow+0x35/0x50 [ 38.172787] [] ? push_pipe+0x372/0x770 [ 38.178289] [] ? sanity+0x1ff/0x610 [ 38.183536] [] ? iov_iter_get_pages_alloc+0x2c7/0xf10 [ 38.190342] [] ? __unwind_start+0x1e3/0x3c0 [ 38.196280] [] vfs_readv+0x84/0xc0 [ 38.201433] [] default_file_splice_read+0x43f/0x7a0 [ 38.208063] [] ? depot_save_stack+0x122/0x4a0 [ 38.214174] [] ? do_splice_direct+0x270/0x270 [ 38.220281] [] ? save_stack+0x43/0xd0 [ 38.225692] [] ? kasan_kmalloc+0xad/0xe0 [ 38.231363] [] ? __kmalloc+0x11d/0x310 [ 38.236863] [] ? alloc_pipe_info+0x135/0x350 [ 38.242888] [] ? splice_direct_to_actor+0x64a/0x800 [ 38.249518] [] ? do_splice_direct+0x1a7/0x270 [ 38.255634] [] ? do_sendfile+0x54b/0xd30 [ 38.261315] [] ? entry_SYSCALL_64_fastpath+0x23/0xc6 [ 38.268042] [] ? futex_wait_queue_me+0x3e9/0x5e0 [ 38.274411] [] ? refill_pi_state_cache.part.8+0x200/0x200 [ 38.281559] [] ? drop_futex_key_refs.isra.12+0x63/0xd0 [ 38.288449] [] ? __fsnotify_parent+0xbc/0x340 [ 38.294555] [] ? fsnotify+0x86/0xf30 [ 38.299883] [] ? fsnotify+0xf30/0xf30 [ 38.305300] [] ? avc_policy_seqno+0x9/0x20 [ 38.312033] [] ? selinux_file_permission+0x82/0x460 [ 38.318670] [] ? security_file_permission+0x89/0x1e0 [ 38.325388] [] ? rw_verify_area+0xe5/0x2b0 [ 38.331253] [] ? do_splice_direct+0x270/0x270 [ 38.337369] [] do_splice_to+0x10a/0x160 [ 38.342965] [] splice_direct_to_actor+0x24d/0x800 [ 38.349423] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 38.356050] [] ? do_splice_to+0x160/0x160 [ 38.361810] [] ? security_file_permission+0x89/0x1e0 [ 38.368524] [] ? rw_verify_area+0xe5/0x2b0 [ 38.374370] [] do_splice_direct+0x1a7/0x270 [ 38.380302] [] ? splice_direct_to_actor+0x800/0x800 [ 38.386929] [] ? check_preemption_disabled+0x3b/0x200 [ 38.393731] [] ? rcu_sync_lockdep_assert+0xd/0xb0 [ 38.400185] [] ? __sb_start_write+0x14a/0x310 [ 38.406295] [] do_sendfile+0x54b/0xd30 [ 38.411797] [] ? do_compat_pwritev64+0x100/0x100 [ 38.418165] [] ? __might_fault+0xe4/0x1d0 [ 38.423923] [] ? __might_fault+0x114/0x1d0 [ 38.429770] [] SyS_sendfile64+0xd1/0x160 [ 38.435443] [] ? SyS_sendfile+0x160/0x160 [ 38.441203] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 38.447745] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 38.454282] Memory state around the buggy address: [ 38.459172] ffff8801d6e97780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.466492] ffff8801d6e97800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.473812] >ffff8801d6e97880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.481134] ^ [ 38.486549] ffff8801d6e97900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.493872] ffff8801d6e97980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.501193] ================================================================== [ 38.614628] ================================================================== [ 38.621993] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 at addr ffff8801cedef8b8 [ 38.630531] Read of size 8 by task syz-executor6/4168 [ 38.635683] page:ffffea00073b7bc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 38.643897] flags: 0x8000000000000000() [ 38.647831] page dumped because: kasan: bad access detected [ 38.653506] CPU: 0 PID: 4168 Comm: syz-executor6 Tainted: G B 4.9.66-g38884cc #102 [ 38.662301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.671620] ffff8801d06ff1a0 ffffffff81d90429 ffffed0039dbdf18 0000000000000008 [ 38.679559] 0000000000000000 ffffed0039dbdf18 ffff8801cedef8b8 ffff8801d06ff228 [ 38.687498] ffffffff8153a583 0000000000000000 0000000000000000 ffffffff810d41b7 [ 38.695438] Call Trace: [ 38.697991] [] dump_stack+0xc1/0x128 [ 38.703323] [] kasan_report.part.1+0x4c3/0x500 [ 38.709519] [] ? __unwind_start+0x3a7/0x3c0 [ 38.715453] [] __asan_report_load8_noabort+0x29/0x30 [ 38.722170] [] __unwind_start+0x3a7/0x3c0 [ 38.727932] [] ? ptrace_may_access+0x24/0x50 [ 38.733952] [] __save_stack_trace+0x59/0xf0 [ 38.739885] [] save_stack_trace_tsk+0x48/0x70 [ 38.745993] [] proc_pid_stack+0x146/0x230 [ 38.751754] [] ? lock_trace+0xc0/0xc0 [ 38.757165] [] proc_single_show+0xf8/0x170 [ 38.763012] [] seq_read+0x32f/0x1290 [ 38.768338] [] ? __check_object_size+0x174/0x3a9 [ 38.774707] [] ? seq_escape+0x200/0x200 [ 38.780294] [] ? fsnotify+0x86/0xf30 [ 38.785619] [] ? fsnotify+0xf30/0xf30 [ 38.791031] [] ? avc_policy_seqno+0x9/0x20 [ 38.796879] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 38.803857] [] ? security_file_permission+0x89/0x1e0 [ 38.810578] [] ? seq_escape+0x200/0x200 [ 38.816166] [] ? seq_escape+0x200/0x200 [ 38.821756] [] do_readv_writev+0x520/0x750 [ 38.827601] [] ? vfs_write+0x530/0x530 [ 38.833101] [] ? kasan_unpoison_shadow+0x35/0x50 [ 38.839468] [] ? push_pipe+0x372/0x770 [ 38.844967] [] ? sanity+0x1ff/0x610 [ 38.850206] [] ? iov_iter_get_pages_alloc+0x2c7/0xf10 [ 38.857006] [] ? __unwind_start+0x1e3/0x3c0 [ 38.862941] [] vfs_readv+0x84/0xc0 [ 38.868095] [] default_file_splice_read+0x43f/0x7a0 [ 38.874724] [] ? depot_save_stack+0x122/0x4a0 [ 38.880831] [] ? do_splice_direct+0x270/0x270 [ 38.886936] [] ? save_stack+0x43/0xd0 [ 38.892349] [] ? kasan_kmalloc+0xad/0xe0 [ 38.898023] [] ? __kmalloc+0x11d/0x310 [ 38.903522] [] ? alloc_pipe_info+0x135/0x350 [ 38.909542] [] ? splice_direct_to_actor+0x64a/0x800 [ 38.916169] [] ? do_splice_direct+0x1a7/0x270 [ 38.922275] [] ? do_sendfile+0x54b/0xd30 [ 38.927950] [] ? entry_SYSCALL_64_fastpath+0x23/0xc6 [ 38.934665] [] ? futex_wait_queue_me+0x3e9/0x5e0 [ 38.941034] [] ? refill_pi_state_cache.part.8+0x200/0x200 [ 38.948182] [] ? drop_futex_key_refs.isra.12+0x63/0xd0 [ 38.955072] [] ? __fsnotify_parent+0xbc/0x340 [ 38.961179] [] ? fsnotify+0x86/0xf30 [ 38.966504] [] ? fsnotify+0xf30/0xf30 [ 38.971917] [] ? avc_policy_seqno+0x9/0x20 [ 38.977763] [] ? selinux_file_permission+0x82/0x460 [ 38.984392] [] ? security_file_permission+0x89/0x1e0 [ 38.991105] [] ? rw_verify_area+0xe5/0x2b0 [ 38.996954] [] ? do_splice_direct+0x270/0x270 [ 39.003061] [] do_splice_to+0x10a/0x160 [ 39.008646] [] splice_direct_to_actor+0x24d/0x800 [ 39.015101] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 39.021728] [] ? do_splice_to+0x160/0x160 [ 39.027488] [] ? security_file_permission+0x89/0x1e0 [ 39.034208] [] ? rw_verify_area+0xe5/0x2b0 [ 39.040053] [] do_splice_direct+0x1a7/0x270 [ 39.045987] [] ? splice_direct_to_actor+0x800/0x800 [ 39.052616] [] ? check_preemption_disabled+0x3b/0x200 [ 39.059425] [] ? rcu_sync_lockdep_assert+0xd/0xb0 [ 39.065878] [] ? __sb_start_write+0x14a/0x310 [ 39.071983] [] do_sendfile+0x54b/0xd30 [ 39.077483] [] ? do_compat_pwritev64+0x100/0x100 [ 39.083853] [] ? __might_fault+0xe4/0x1d0 [ 39.089626] [] ? __might_fault+0x114/0x1d0 [ 39.095481] [] SyS_sendfile64+0xd1/0x160 [ 39.101159] [] ? SyS_sendfile+0x160/0x160 [ 39.106933] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 39.113492] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 39.120031] Memory state around the buggy address: [ 39.124925] ffff8801cedef780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.132245] ffff8801cedef800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.139568] >ffff8801cedef880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.146886] ^ [ 39.152296] ffff8801cedef900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.159619] ffff8801cedef980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.166938] ================================================================== [ 39.463604] ================================================================== [ 39.470984] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 at addr ffff8801d65f78b8 [ 39.479542] Read of size 8 by task syz-executor5/4506 [ 39.484709] page:ffffea0007597dc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 39.492953] flags: 0x8000000000000000() [ 39.496902] page dumped because: kasan: bad access detected [ 39.502598] CPU: 1 PID: 4506 Comm: syz-executor5 Tainted: G B 4.9.66-g38884cc #102 [ 39.511415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.520741] ffff8801d927f1a0 ffffffff81d90429 ffffed003acbef18 0000000000000008 [ 39.528710] 0000000000000000 ffffed003acbef18 ffff8801d65f78b8 ffff8801d927f228 [ 39.536684] ffffffff8153a583 0000000000000000 0000000000000000 ffffffff810d41b7 [ 39.544636] Call Trace: [ 39.547188] [] dump_stack+0xc1/0x128 [ 39.552518] [] kasan_report.part.1+0x4c3/0x500 [ 39.558714] [] ? __unwind_start+0x3a7/0x3c0 [ 39.564651] [] __asan_report_load8_noabort+0x29/0x30 [ 39.571369] [] __unwind_start+0x3a7/0x3c0 [ 39.577136] [] ? ptrace_may_access+0x24/0x50 [ 39.583162] [] __save_stack_trace+0x59/0xf0 [ 39.589095] [] save_stack_trace_tsk+0x48/0x70 [ 39.595211] [] proc_pid_stack+0x146/0x230 [ 39.600972] [] ? lock_trace+0xc0/0xc0 [ 39.606384] [] proc_single_show+0xf8/0x170 [ 39.612235] [] seq_read+0x32f/0x1290 [ 39.617563] [] ? __check_object_size+0x174/0x3a9 [ 39.623934] [] ? seq_escape+0x200/0x200 [ 39.629522] [] ? fsnotify+0x86/0xf30 [ 39.634848] [] ? fsnotify+0xf30/0xf30 [ 39.640263] [] ? avc_policy_seqno+0x9/0x20 [ 39.646112] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 39.653090] [] ? security_file_permission+0x89/0x1e0 [ 39.659808] [] ? seq_escape+0x200/0x200 [ 39.665394] [] ? seq_escape+0x200/0x200 [ 39.670981] [] do_readv_writev+0x520/0x750 [ 39.676830] [] ? vfs_write+0x530/0x530 [ 39.682330] [] ? kasan_unpoison_shadow+0x35/0x50 [ 39.688699] [] ? push_pipe+0x372/0x770 [ 39.694200] [] ? sanity+0x1ff/0x610 [ 39.699439] [] ? iov_iter_get_pages_alloc+0x2c7/0xf10 [ 39.706242] [] ? __unwind_start+0x1e3/0x3c0 [ 39.712179] [] vfs_readv+0x84/0xc0 [ 39.717335] [] default_file_splice_read+0x43f/0x7a0 [ 39.723968] [] ? depot_save_stack+0x122/0x4a0 [ 39.730078] [] ? do_splice_direct+0x270/0x270 [ 39.736186] [] ? save_stack+0x43/0xd0 [ 39.741598] [] ? kasan_kmalloc+0xad/0xe0 [ 39.747274] [] ? __kmalloc+0x11d/0x310 [ 39.752777] [] ? alloc_pipe_info+0x135/0x350 [ 39.758797] [] ? splice_direct_to_actor+0x64a/0x800 [ 39.765429] [] ? do_splice_direct+0x1a7/0x270 [ 39.771538] [] ? do_sendfile+0x54b/0xd30 [ 39.777220] [] ? entry_SYSCALL_64_fastpath+0x23/0xc6 [ 39.783943] [] ? futex_wait_queue_me+0x3e9/0x5e0 [ 39.790581] [] ? refill_pi_state_cache.part.8+0x200/0x200 [ 39.797732] [] ? drop_futex_key_refs.isra.12+0x63/0xd0 [ 39.804622] [] ? __fsnotify_parent+0xbc/0x340 [ 39.810729] [] ? fsnotify+0x86/0xf30 [ 39.816055] [] ? fsnotify+0xf30/0xf30 [ 39.821474] [] ? avc_policy_seqno+0x9/0x20 [ 39.827323] [] ? selinux_file_permission+0x82/0x460 [ 39.833961] [] ? security_file_permission+0x89/0x1e0 [ 39.840681] [] ? rw_verify_area+0xe5/0x2b0 [ 39.846530] [] ? do_splice_direct+0x270/0x270 [ 39.852637] [] do_splice_to+0x10a/0x160 [ 39.858225] [] splice_direct_to_actor+0x24d/0x800 [ 39.864682] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 39.871312] [] ? do_splice_to+0x160/0x160 [ 39.877072] [] ? security_file_permission+0x89/0x1e0 [ 39.883788] [] ? rw_verify_area+0xe5/0x2b0 [ 39.889637] [] do_splice_direct+0x1a7/0x270 [ 39.895574] [] ? splice_direct_to_actor+0x800/0x800 [ 39.902208] [] ? check_preemption_disabled+0x3b/0x200 [ 39.909009] [] ? rcu_sync_lockdep_assert+0xd/0xb0 [ 39.915470] [] ? __sb_start_write+0x14a/0x310 [ 39.921580] [] do_sendfile+0x54b/0xd30 [ 39.927079] [] ? do_compat_pwritev64+0x100/0x100 [ 39.933450] [] ? __might_fault+0xe4/0x1d0 [ 39.939212] [] ? __might_fault+0x114/0x1d0 [ 39.945063] [] SyS_sendfile64+0xd1/0x160 [ 39.950744] [] ? SyS_sendfile+0x160/0x160 [ 39.956525] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 39.963084] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 39.969629] Memory state around the buggy address: [ 39.974526] ffff8801d65f7780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.981846] ffff8801d65f7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.989167] >ffff8801d65f7880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.996484] ^ [ 40.001894] ffff8801d65f7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.009217] ffff8801d65f7980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.016534] ================================================================== [ 40.489512] ================================================================== [ 40.496928] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 at addr ffff8801c9d478b8 [ 40.505490] Read of size 8 by task syz-executor5/5066 [ 40.510670] page:ffffea00072751c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 40.518914] flags: 0x8000000000000000() [ 40.522861] page dumped because: kasan: bad access detected [ 40.528544] CPU: 0 PID: 5066 Comm: syz-executor5 Tainted: G B 4.9.66-g38884cc #102 [ 40.537352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.546682] ffff8801cb18f1a0 ffffffff81d90429 ffffed00393a8f18 0000000000000008 [ 40.554698] 0000000000000000 ffffed00393a8f18 ffff8801c9d478b8 ffff8801cb18f228 [ 40.562673] ffffffff8153a583 0000000000000000 0000000000000000 ffffffff810d41b7 [ 40.570627] Call Trace: [ 40.573179] [] dump_stack+0xc1/0x128 [ 40.578508] [] kasan_report.part.1+0x4c3/0x500 [ 40.584707] [] ? __unwind_start+0x3a7/0x3c0 [ 40.590646] [] __asan_report_load8_noabort+0x29/0x30 [ 40.597363] [] __unwind_start+0x3a7/0x3c0 [ 40.603137] [] ? ptrace_may_access+0x24/0x50 [ 40.609159] [] __save_stack_trace+0x59/0xf0 [ 40.615092] [] save_stack_trace_tsk+0x48/0x70 [ 40.621201] [] proc_pid_stack+0x146/0x230 [ 40.626961] [] ? lock_trace+0xc0/0xc0 [ 40.632374] [] proc_single_show+0xf8/0x170 [ 40.638220] [] seq_read+0x32f/0x1290 [ 40.643546] [] ? __check_object_size+0x174/0x3a9 [ 40.649915] [] ? seq_escape+0x200/0x200 [ 40.655502] [] ? fsnotify+0x86/0xf30 [ 40.660827] [] ? fsnotify+0xf30/0xf30 [ 40.666241] [] ? avc_policy_seqno+0x9/0x20 [ 40.672088] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 40.679064] [] ? security_file_permission+0x89/0x1e0 [ 40.685783] [] ? seq_escape+0x200/0x200 [ 40.691388] [] ? seq_escape+0x200/0x200 [ 40.696975] [] do_readv_writev+0x520/0x750 [ 40.702822] [] ? vfs_write+0x530/0x530 [ 40.708323] [] ? kasan_unpoison_shadow+0x35/0x50 [ 40.714694] [] ? push_pipe+0x372/0x770 [ 40.720198] [] ? sanity+0x1ff/0x610 [ 40.725439] [] ? iov_iter_get_pages_alloc+0x2c7/0xf10 [ 40.732241] [] ? __unwind_start+0x1e3/0x3c0 [ 40.738175] [] vfs_readv+0x84/0xc0 [ 40.743330] [] default_file_splice_read+0x43f/0x7a0 [ 40.749961] [] ? depot_save_stack+0x122/0x4a0 [ 40.756072] [] ? do_splice_direct+0x270/0x270 [ 40.762180] [] ? save_stack+0x43/0xd0 [ 40.767594] [] ? kasan_kmalloc+0xad/0xe0 [ 40.773276] [] ? __kmalloc+0x11d/0x310 [ 40.778782] [] ? alloc_pipe_info+0x135/0x350 [ 40.784804] [] ? splice_direct_to_actor+0x64a/0x800 [ 40.791434] [] ? do_splice_direct+0x1a7/0x270 [ 40.797543] [] ? do_sendfile+0x54b/0xd30 [ 40.803218] [] ? entry_SYSCALL_64_fastpath+0x23/0xc6 [ 40.809935] [] ? futex_wait_queue_me+0x3e9/0x5e0 [ 40.816304] [] ? refill_pi_state_cache.part.8+0x200/0x200 [ 40.823453] [] ? drop_futex_key_refs.isra.12+0x63/0xd0 [ 40.830347] [] ? __fsnotify_parent+0xbc/0x340 [ 40.836459] [] ? fsnotify+0x86/0xf30 [ 40.841785] [] ? fsnotify+0xf30/0xf30 [ 40.847202] [] ? avc_policy_seqno+0x9/0x20 [ 40.853053] [] ? selinux_file_permission+0x82/0x460 [ 40.859682] [] ? security_file_permission+0x89/0x1e0 [ 40.866401] [] ? rw_verify_area+0xe5/0x2b0 [ 40.872250] [] ? do_splice_direct+0x270/0x270 [ 40.878363] [] do_splice_to+0x10a/0x160 [ 40.883951] [] splice_direct_to_actor+0x24d/0x800 [ 40.890405] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 40.897034] [] ? do_splice_to+0x160/0x160 [ 40.902803] [] ? security_file_permission+0x89/0x1e0 [ 40.909522] [] ? rw_verify_area+0xe5/0x2b0 [ 40.915368] [] do_splice_direct+0x1a7/0x270 [ 40.921301] [] ? splice_direct_to_actor+0x800/0x800 [ 40.927929] [] ? check_preemption_disabled+0x3b/0x200 [ 40.934732] [] ? rcu_sync_lockdep_assert+0xd/0xb0 [ 40.941187] [] ? __sb_start_write+0x14a/0x310 [ 40.947295] [] do_sendfile+0x54b/0xd30 [ 40.952798] [] ? do_compat_pwritev64+0x100/0x100 [ 40.959166] [] ? __might_fault+0xe4/0x1d0 [ 40.964931] [] ? __might_fault+0x114/0x1d0 [ 40.970778] [] SyS_sendfile64+0xd1/0x160 [ 40.976451] [] ? SyS_sendfile+0x160/0x160 [ 40.982215] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 40.988767] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 40.995305] Memory state around the buggy address: [ 41.000198] ffff8801c9d47780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.007518] ffff8801c9d47800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.014838] >ffff8801c9d47880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.022156] ^ [ 41.027568] ffff8801c9d47900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.034888] ffff8801c9d47980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.042209] ================================================================== [ 41.169988] ================================================================== [ 41.177388] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 at addr ffff8801c75278b8 [ 41.185946] Read of size 8 by task syz-executor5/5232 [ 41.191117] page:ffffea00071d49c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 41.199364] flags: 0x8000000000000000() [ 41.203319] page dumped because: kasan: bad access detected [ 41.209007] CPU: 1 PID: 5232 Comm: syz-executor5 Tainted: G B 4.9.66-g38884cc #102 [ 41.217811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.227139] ffff8801c752f1a0 ffffffff81d90429 ffffed0038ea4f18 0000000000000008 [ 41.235095] 0000000000000000 ffffed0038ea4f18 ffff8801c75278b8 ffff8801c752f228 [ 41.243048] ffffffff8153a583 0000000000000000 0000000000000000 ffffffff810d41b7 [ 41.251017] Call Trace: [ 41.253574] [] dump_stack+0xc1/0x128 [ 41.258902] [] kasan_report.part.1+0x4c3/0x500 [ 41.265099] [] ? __unwind_start+0x3a7/0x3c0 [ 41.271036] [] __asan_report_load8_noabort+0x29/0x30 [ 41.277760] [] __unwind_start+0x3a7/0x3c0 [ 41.283530] [] ? ptrace_may_access+0x24/0x50 [ 41.289551] [] __save_stack_trace+0x59/0xf0 [ 41.295488] [] save_stack_trace_tsk+0x48/0x70 [ 41.301597] [] proc_pid_stack+0x146/0x230 [ 41.307359] [] ? lock_trace+0xc0/0xc0 [ 41.312776] [] proc_single_show+0xf8/0x170 [ 41.318625] [] seq_read+0x32f/0x1290 [ 41.324047] [] ? __check_object_size+0x174/0x3a9 [ 41.330422] [] ? seq_escape+0x200/0x200 [ 41.336008] [] ? fsnotify+0x86/0xf30 [ 41.341342] [] ? fsnotify+0xf30/0xf30 [ 41.346761] [] ? avc_policy_seqno+0x9/0x20 [ 41.352612] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 41.359589] [] ? security_file_permission+0x89/0x1e0 [ 41.366305] [] ? seq_escape+0x200/0x200 [ 41.371892] [] ? seq_escape+0x200/0x200 [ 41.377484] [] do_readv_writev+0x520/0x750 [ 41.383335] [] ? vfs_write+0x530/0x530 [ 41.388841] [] ? kasan_unpoison_shadow+0x35/0x50 [ 41.395217] [] ? push_pipe+0x372/0x770 [ 41.400721] [] ? sanity+0x1ff/0x610 [ 41.405966] [] ? iov_iter_get_pages_alloc+0x2c7/0xf10 [ 41.412773] [] ? __unwind_start+0x1e3/0x3c0 [ 41.418712] [] vfs_readv+0x84/0xc0 [ 41.423870] [] default_file_splice_read+0x43f/0x7a0 [ 41.430502] [] ? depot_save_stack+0x122/0x4a0 [ 41.436611] [] ? do_splice_direct+0x270/0x270 [ 41.442720] [] ? save_stack+0x43/0xd0 [ 41.448132] [] ? kasan_kmalloc+0xad/0xe0 [ 41.453803] [] ? __kmalloc+0x11d/0x310 [ 41.459303] [] ? alloc_pipe_info+0x135/0x350 [ 41.465324] [] ? splice_direct_to_actor+0x64a/0x800 [ 41.471951] [] ? do_splice_direct+0x1a7/0x270 [ 41.478059] [] ? do_sendfile+0x54b/0xd30 [ 41.483735] [] ? entry_SYSCALL_64_fastpath+0x23/0xc6 [ 41.490449] [] ? __alloc_pages_slowpath+0x1d90/0x1d90 [ 41.497257] [] ? refill_pi_state_cache.part.8+0x200/0x200 [ 41.504414] [] ? new_slab+0x264/0x420 [ 41.509831] [] ? drop_futex_key_refs.isra.12+0x63/0xd0 [ 41.516721] [] ? __fsnotify_parent+0xbc/0x340 [ 41.522827] [] ? fsnotify+0x86/0xf30 [ 41.528152] [] ? fsnotify+0xf30/0xf30 [ 41.533572] [] ? avc_policy_seqno+0x9/0x20 [ 41.539419] [] ? selinux_file_permission+0x82/0x460 [ 41.546050] [] ? security_file_permission+0x89/0x1e0 [ 41.552768] [] ? rw_verify_area+0xe5/0x2b0 [ 41.558615] [] ? do_splice_direct+0x270/0x270 [ 41.564722] [] do_splice_to+0x10a/0x160 [ 41.570313] [] splice_direct_to_actor+0x24d/0x800 [ 41.576767] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 41.583397] [] ? do_splice_to+0x160/0x160 [ 41.589157] [] ? security_file_permission+0x89/0x1e0 [ 41.595884] [] ? rw_verify_area+0xe5/0x2b0 [ 41.601752] [] do_splice_direct+0x1a7/0x270 [ 41.601761] [] ? splice_direct_to_actor+0x800/0x800 [ 41.601769] [] ? check_preemption_disabled+0x3b/0x200 [ 41.601778] [] ? rcu_sync_lockdep_assert+0xd/0xb0 [ 41.601786] [] ? __sb_start_write+0x14a/0x310 [ 41.601792] [] do_sendfile+0x54b/0xd30 [ 41.601799] [] ? do_compat_pwritev64+0x100/0x100 [ 41.601808] [] ? __might_fault+0xe4/0x1d0 [ 41.601814] [] ? __might_fault+0x114/0x1d0 [ 41.601821] [] SyS_sendfile64+0xd1/0x160 [ 41.601827] [] ? SyS_sendfile+0x160/0x160 [ 41.601834] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 41.601844] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 41.601847] Memory state around the buggy address: [ 41.601853] ffff8801c7527780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.601857] ffff8801c7527800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.601861] >ffff8801c7527880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.601864] ^ [ 41.601868] ffff8801c7527900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.601872] ffff8801c7527980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.601874] ================================================================== 2017/12/01 15:20:33 executed programs: 768 [ 42.308221] ================================================================== [ 42.315614] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 at addr ffff8801cf0f78b8 [ 42.324165] Read of size 8 by task syz-executor0/5952 [ 42.329332] page:ffffea00073c3dc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 42.337567] flags: 0x8000000000000000() [ 42.341519] page dumped because: kasan: bad access detected [ 42.347204] CPU: 1 PID: 5952 Comm: syz-executor0 Tainted: G B 4.9.66-g38884cc #102 [ 42.356008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.365335] ffff8801cf0371a0 ffffffff81d90429 ffffed0039e1ef18 0000000000000008 [ 42.373285] 0000000000000000 ffffed0039e1ef18 ffff8801cf0f78b8 ffff8801cf037228 [ 42.381229] ffffffff8153a583 0000000000000000 0000000000000000 ffffffff810d41b7 [ 42.389181] Call Trace: [ 42.391734] [] dump_stack+0xc1/0x128 [ 42.397061] [] kasan_report.part.1+0x4c3/0x500 [ 42.403256] [] ? __unwind_start+0x3a7/0x3c0 [ 42.409189] [] __asan_report_load8_noabort+0x29/0x30 [ 42.415906] [] __unwind_start+0x3a7/0x3c0 [ 42.421668] [] ? ptrace_may_access+0x24/0x50 [ 42.427688] [] __save_stack_trace+0x59/0xf0 [ 42.433625] [] save_stack_trace_tsk+0x48/0x70 [ 42.439735] [] proc_pid_stack+0x146/0x230 [ 42.445494] [] ? lock_trace+0xc0/0xc0 [ 42.450906] [] proc_single_show+0xf8/0x170 [ 42.456754] [] seq_read+0x32f/0x1290 [ 42.462082] [] ? __check_object_size+0x174/0x3a9 [ 42.468450] [] ? seq_escape+0x200/0x200 [ 42.474039] [] ? fsnotify+0x86/0xf30 [ 42.479365] [] ? fsnotify+0xf30/0xf30 [ 42.484780] [] ? avc_policy_seqno+0x9/0x20 [ 42.490638] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 42.497617] [] ? security_file_permission+0x89/0x1e0 [ 42.504333] [] ? seq_escape+0x200/0x200 [ 42.509920] [] ? seq_escape+0x200/0x200 [ 42.515507] [] do_readv_writev+0x520/0x750 [ 42.521356] [] ? vfs_write+0x530/0x530 [ 42.526863] [] ? kasan_unpoison_shadow+0x35/0x50 [ 42.533233] [] ? push_pipe+0x372/0x770 [ 42.538731] [] ? sanity+0x1ff/0x610 [ 42.543971] [] ? iov_iter_get_pages_alloc+0x2c7/0xf10 [ 42.550781] [] ? __unwind_start+0x1e3/0x3c0 [ 42.556716] [] vfs_readv+0x84/0xc0 [ 42.561870] [] default_file_splice_read+0x43f/0x7a0 [ 42.568502] [] ? depot_save_stack+0x122/0x4a0 [ 42.574612] [] ? do_splice_direct+0x270/0x270 [ 42.580719] [] ? save_stack+0x43/0xd0 [ 42.586131] [] ? kasan_kmalloc+0xad/0xe0 [ 42.591804] [] ? __kmalloc+0x11d/0x310 [ 42.597305] [] ? alloc_pipe_info+0x135/0x350 [ 42.603326] [] ? splice_direct_to_actor+0x64a/0x800 [ 42.609953] [] ? do_splice_direct+0x1a7/0x270 [ 42.616061] [] ? do_sendfile+0x54b/0xd30 [ 42.621739] [] ? entry_SYSCALL_64_fastpath+0x23/0xc6 [ 42.628456] [] ? futex_wait_queue_me+0x3e9/0x5e0 [ 42.634822] [] ? refill_pi_state_cache.part.8+0x200/0x200 [ 42.641975] [] ? drop_futex_key_refs.isra.12+0x63/0xd0 [ 42.648866] [] ? __fsnotify_parent+0xbc/0x340 [ 42.654976] [] ? fsnotify+0x86/0xf30 [ 42.660301] [] ? fsnotify+0xf30/0xf30 [ 42.665715] [] ? avc_policy_seqno+0x9/0x20 [ 42.671566] [] ? selinux_file_permission+0x82/0x460 [ 42.678196] [] ? security_file_permission+0x89/0x1e0 [ 42.684919] [] ? rw_verify_area+0xe5/0x2b0 [ 42.690781] [] ? do_splice_direct+0x270/0x270 [ 42.696890] [] do_splice_to+0x10a/0x160 [ 42.702477] [] splice_direct_to_actor+0x24d/0x800 [ 42.708932] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 42.715561] [] ? do_splice_to+0x160/0x160 [ 42.721322] [] ? security_file_permission+0x89/0x1e0 [ 42.728039] [] ? rw_verify_area+0xe5/0x2b0 [ 42.733888] [] do_splice_direct+0x1a7/0x270 [ 42.739824] [] ? splice_direct_to_actor+0x800/0x800 [ 42.746462] [] ? check_preemption_disabled+0x3b/0x200 [ 42.753265] [] ? rcu_sync_lockdep_assert+0xd/0xb0 [ 42.759721] [] ? __sb_start_write+0x14a/0x310 [ 42.765829] [] do_sendfile+0x54b/0xd30 [ 42.771329] [] ? do_compat_pwritev64+0x100/0x100 [ 42.777707] [] ? __might_fault+0xe4/0x1d0 [ 42.783467] [] ? __might_fault+0x114/0x1d0 [ 42.789316] [] SyS_sendfile64+0xd1/0x160 [ 42.795014] [] ? SyS_sendfile+0x160/0x160 [ 42.800802] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 42.807364] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 42.813928] Memory state around the buggy address: [ 42.818829] ffff8801cf0f7780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.826156] ffff8801cf0f7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.833480] >ffff8801cf0f7880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.840804] ^ [ 42.846218] ffff8801cf0f7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.853546] ffff8801cf0f7980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.860869] ================================================================== [ 42.939485] ================================================================== [ 42.946878] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 at addr ffff8801d90a78b8 [ 42.955441] Read of size 8 by task syz-executor7/6071 [ 42.960614] page:ffffea00076429c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 42.968852] flags: 0x8000000000000000() [ 42.972796] page dumped because: kasan: bad access detected [ 42.978493] CPU: 1 PID: 6071 Comm: syz-executor7 Tainted: G B 4.9.66-g38884cc #102 [ 42.987305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.996630] ffff8801d94471a0 ffffffff81d90429 ffffed003b214f18 0000000000000008 [ 43.004581] 0000000000000000 ffffed003b214f18 ffff8801d90a78b8 ffff8801d9447228 [ 43.012520] ffffffff8153a583 0000000000000000 0000000000000000 ffffffff810d41b7 [ 43.020468] Call Trace: [ 43.023022] [] dump_stack+0xc1/0x128 [ 43.028350] [] kasan_report.part.1+0x4c3/0x500 [ 43.034545] [] ? __unwind_start+0x3a7/0x3c0 [ 43.040481] [] __asan_report_load8_noabort+0x29/0x30 [ 43.047198] [] __unwind_start+0x3a7/0x3c0 [ 43.052960] [] ? ptrace_may_access+0x24/0x50 [ 43.058982] [] __save_stack_trace+0x59/0xf0 [ 43.064918] [] save_stack_trace_tsk+0x48/0x70 [ 43.071028] [] proc_pid_stack+0x146/0x230 [ 43.076787] [] ? lock_trace+0xc0/0xc0 [ 43.082200] [] proc_single_show+0xf8/0x170 [ 43.088048] [] seq_read+0x32f/0x1290 [ 43.093374] [] ? __check_object_size+0x174/0x3a9 [ 43.099742] [] ? seq_escape+0x200/0x200 [ 43.105330] [] ? fsnotify+0x86/0xf30 [ 43.110659] [] ? fsnotify+0xf30/0xf30 [ 43.116076] [] ? avc_policy_seqno+0x9/0x20 [ 43.121926] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 43.128905] [] ? security_file_permission+0x89/0x1e0 [ 43.135624] [] ? seq_escape+0x200/0x200 [ 43.141210] [] ? seq_escape+0x200/0x200 [ 43.146796] [] do_readv_writev+0x520/0x750 [ 43.152642] [] ? vfs_write+0x530/0x530 [ 43.158147] [] ? kasan_unpoison_shadow+0x35/0x50 [ 43.164519] [] ? push_pipe+0x372/0x770 [ 43.170018] [] ? sanity+0x1ff/0x610 [ 43.175258] [] ? iov_iter_get_pages_alloc+0x2c7/0xf10 [ 43.182061] [] ? __unwind_start+0x1e3/0x3c0 [ 43.187995] [] vfs_readv+0x84/0xc0 [ 43.193148] [] default_file_splice_read+0x43f/0x7a0 [ 43.199777] [] ? depot_save_stack+0x122/0x4a0 [ 43.205883] [] ? do_splice_direct+0x270/0x270 [ 43.211994] [] ? save_stack+0x43/0xd0 [ 43.217407] [] ? kasan_kmalloc+0xad/0xe0 [ 43.223081] [] ? __kmalloc+0x11d/0x310 [ 43.228583] [] ? alloc_pipe_info+0x135/0x350 [ 43.234604] [] ? splice_direct_to_actor+0x64a/0x800 [ 43.241231] [] ? do_splice_direct+0x1a7/0x270 [ 43.247339] [] ? do_sendfile+0x54b/0xd30 [ 43.253014] [] ? entry_SYSCALL_64_fastpath+0x23/0xc6 [ 43.259732] [] ? futex_wait_queue_me+0x3e9/0x5e0 [ 43.266099] [] ? refill_pi_state_cache.part.8+0x200/0x200 [ 43.273253] [] ? drop_futex_key_refs.isra.12+0x63/0xd0 [ 43.280145] [] ? __fsnotify_parent+0xbc/0x340 [ 43.286252] [] ? fsnotify+0x86/0xf30 [ 43.291579] [] ? fsnotify+0xf30/0xf30 [ 43.296992] [] ? avc_policy_seqno+0x9/0x20 [ 43.302839] [] ? selinux_file_permission+0x82/0x460 [ 43.309467] [] ? security_file_permission+0x89/0x1e0 [ 43.316186] [] ? rw_verify_area+0xe5/0x2b0 [ 43.322036] [] ? do_splice_direct+0x270/0x270 [ 43.328143] [] do_splice_to+0x10a/0x160 [ 43.333730] [] splice_direct_to_actor+0x24d/0x800 [ 43.340184] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 43.346812] [] ? do_splice_to+0x160/0x160 [ 43.352575] [] ? security_file_permission+0x89/0x1e0 [ 43.359298] [] ? rw_verify_area+0xe5/0x2b0 [ 43.365144] [] do_splice_direct+0x1a7/0x270 [ 43.371083] [] ? splice_direct_to_actor+0x800/0x800 [ 43.377719] [] ? check_preemption_disabled+0x3b/0x200 [ 43.384521] [] ? rcu_sync_lockdep_assert+0xd/0xb0 [ 43.390979] [] ? __sb_start_write+0x14a/0x310 [ 43.397093] [] do_sendfile+0x54b/0xd30 [ 43.402593] [] ? do_compat_pwritev64+0x100/0x100 [ 43.408962] [] ? __might_fault+0xe4/0x1d0 [ 43.414722] [] ? __might_fault+0x114/0x1d0 [ 43.420583] [] SyS_sendfile64+0xd1/0x160 [ 43.426274] [] ? SyS_sendfile+0x160/0x160 [ 43.432065] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 43.438631] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 43.445182] Memory state around the buggy address: [ 43.450082] ffff8801d90a7780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.457407] ffff8801d90a7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.464735] >ffff8801d90a7880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.472064] ^ [ 43.477478] ffff8801d90a7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.484806] ffff8801d90a7980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.492133] ================================================================== [ 43.858505] ================================================================== [ 43.865901] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 at addr ffff8801c82bf8b8 [ 43.874453] Read of size 8 by task syz-executor3/6505 [ 43.879626] page:ffffea000720afc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 43.887850] flags: 0x8000000000000000() [ 43.891786] page dumped because: kasan: bad access detected [ 43.897462] CPU: 1 PID: 6505 Comm: syz-executor3 Tainted: G B 4.9.66-g38884cc #102 [ 43.906259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.915576] ffff8801c7c9f1a0 ffffffff81d90429 ffffed0039057f18 0000000000000008 [ 43.923525] 0000000000000000 ffffed0039057f18 ffff8801c82bf8b8 ffff8801c7c9f228 [ 43.931468] ffffffff8153a583 0000000000000000 0000000000000000 ffffffff810d41b7 [ 43.939412] Call Trace: [ 43.941964] [] dump_stack+0xc1/0x128 [ 43.947290] [] kasan_report.part.1+0x4c3/0x500 [ 43.953493] [] ? __unwind_start+0x3a7/0x3c0 [ 43.959435] [] __asan_report_load8_noabort+0x29/0x30 [ 43.966154] [] __unwind_start+0x3a7/0x3c0 [ 43.971920] [] ? ptrace_may_access+0x24/0x50 [ 43.977942] [] __save_stack_trace+0x59/0xf0 [ 43.983877] [] save_stack_trace_tsk+0x48/0x70 [ 43.989986] [] proc_pid_stack+0x146/0x230 [ 43.995746] [] ? lock_trace+0xc0/0xc0 [ 44.001159] [] proc_single_show+0xf8/0x170 [ 44.007008] [] seq_read+0x32f/0x1290 [ 44.012337] [] ? __check_object_size+0x174/0x3a9 [ 44.018707] [] ? seq_escape+0x200/0x200 [ 44.024303] [] ? fsnotify+0x86/0xf30 [ 44.029630] [] ? fsnotify+0xf30/0xf30 [ 44.035045] [] ? avc_policy_seqno+0x9/0x20 [ 44.040894] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 44.047871] [] ? security_file_permission+0x89/0x1e0 [ 44.054588] [] ? seq_escape+0x200/0x200 [ 44.060174] [] ? seq_escape+0x200/0x200 [ 44.065762] [] do_readv_writev+0x520/0x750 [ 44.071610] [] ? vfs_write+0x530/0x530 [ 44.077112] [] ? kasan_unpoison_shadow+0x35/0x50 [ 44.083487] [] ? push_pipe+0x372/0x770 [ 44.088987] [] ? sanity+0x1ff/0x610 [ 44.094229] [] ? iov_iter_get_pages_alloc+0x2c7/0xf10 [ 44.101035] [] ? __unwind_start+0x1e3/0x3c0 [ 44.106975] [] vfs_readv+0x84/0xc0 [ 44.112128] [] default_file_splice_read+0x43f/0x7a0 [ 44.118766] [] ? depot_save_stack+0x122/0x4a0 [ 44.124883] [] ? do_splice_direct+0x270/0x270 [ 44.131000] [] ? save_stack+0x43/0xd0 [ 44.136420] [] ? kasan_kmalloc+0xad/0xe0 [ 44.142100] [] ? __kmalloc+0x11d/0x310 [ 44.147609] [] ? alloc_pipe_info+0x135/0x350 [ 44.153636] [] ? splice_direct_to_actor+0x64a/0x800 [ 44.160265] [] ? do_splice_direct+0x1a7/0x270 [ 44.166375] [] ? do_sendfile+0x54b/0xd30 [ 44.172056] [] ? entry_SYSCALL_64_fastpath+0x23/0xc6 [ 44.178776] [] ? futex_wait_queue_me+0x3e9/0x5e0 [ 44.185158] [] ? refill_pi_state_cache.part.8+0x200/0x200 [ 44.192310] [] ? drop_futex_key_refs.isra.12+0x63/0xd0 [ 44.199201] [] ? __fsnotify_parent+0xbc/0x340 [ 44.205315] [] ? fsnotify+0x86/0xf30 [ 44.210643] [] ? fsnotify+0xf30/0xf30 [ 44.216059] [] ? avc_policy_seqno+0x9/0x20 [ 44.221911] [] ? selinux_file_permission+0x82/0x460 [ 44.228552] [] ? security_file_permission+0x89/0x1e0 [ 44.235273] [] ? rw_verify_area+0xe5/0x2b0 [ 44.241122] [] ? do_splice_direct+0x270/0x270 [ 44.247235] [] do_splice_to+0x10a/0x160 [ 44.252822] [] splice_direct_to_actor+0x24d/0x800 [ 44.259277] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 44.265906] [] ? do_splice_to+0x160/0x160 [ 44.271667] [] ? security_file_permission+0x89/0x1e0 [ 44.278385] [] ? rw_verify_area+0xe5/0x2b0 [ 44.284234] [] do_splice_direct+0x1a7/0x270 [ 44.290169] [] ? splice_direct_to_actor+0x800/0x800 [ 44.296800] [] ? check_preemption_disabled+0x3b/0x200 [ 44.303607] [] ? rcu_sync_lockdep_assert+0xd/0xb0 [ 44.310064] [] ? __sb_start_write+0x14a/0x310 [ 44.316172] [] do_sendfile+0x54b/0xd30 [ 44.321675] [] ? do_compat_pwritev64+0x100/0x100 [ 44.328055] [] ? __might_fault+0xe4/0x1d0 [ 44.333817] [] ? __might_fault+0x114/0x1d0 [ 44.339666] [] SyS_sendfile64+0xd1/0x160 [ 44.345360] [] ? SyS_sendfile+0x160/0x160 [ 44.351121] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 44.357667] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 44.364207] Memory state around the buggy address: [ 44.369105] ffff8801c82bf780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.376431] ffff8801c82bf800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.383753] >ffff8801c82bf880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.391079] ^ [ 44.396496] ffff8801c82bf900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.403818] ffff8801c82bf980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.411136] ================================================================== [ 44.849157] ================================================================== [ 44.856557] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 at addr ffff8801cce2f8b8 [ 44.865111] Read of size 8 by task syz-executor2/6941 [ 44.870282] page:ffffea0007338bc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 44.878529] flags: 0x8000000000000000() [ 44.882476] page dumped because: kasan: bad access detected [ 44.888164] CPU: 0 PID: 6941 Comm: syz-executor2 Tainted: G B 4.9.66-g38884cc #102 [ 44.896979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.906312] ffff8801c880f1a0 ffffffff81d90429 ffffed00399c5f18 0000000000000008 [ 44.914304] 0000000000000000 ffffed00399c5f18 ffff8801cce2f8b8 ffff8801c880f228 [ 44.922254] ffffffff8153a583 0000000000000000 0000000000000000 ffffffff810d41b7 [ 44.930239] Call Trace: [ 44.932796] [] dump_stack+0xc1/0x128 [ 44.938126] [] kasan_report.part.1+0x4c3/0x500 [ 44.944327] [] ? __unwind_start+0x3a7/0x3c0 [ 44.950267] [] __asan_report_load8_noabort+0x29/0x30 [ 44.956983] [] __unwind_start+0x3a7/0x3c0 [ 44.962747] [] ? ptrace_may_access+0x24/0x50 [ 44.968769] [] __save_stack_trace+0x59/0xf0 [ 44.974703] [] save_stack_trace_tsk+0x48/0x70 [ 44.980812] [] proc_pid_stack+0x146/0x230 [ 44.986573] [] ? lock_trace+0xc0/0xc0 [ 44.991987] [] proc_single_show+0xf8/0x170 [ 44.997839] [] seq_read+0x32f/0x1290 [ 45.003169] [] ? __check_object_size+0x174/0x3a9 [ 45.009536] [] ? seq_escape+0x200/0x200 [ 45.015124] [] ? fsnotify+0x86/0xf30 [ 45.020450] [] ? fsnotify+0xf30/0xf30 [ 45.025866] [] ? avc_policy_seqno+0x9/0x20 [ 45.031721] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 45.038704] [] ? security_file_permission+0x89/0x1e0 [ 45.045421] [] ? seq_escape+0x200/0x200 [ 45.051018] [] ? seq_escape+0x200/0x200 [ 45.056609] [] do_readv_writev+0x520/0x750 [ 45.062467] [] ? vfs_write+0x530/0x530 [ 45.067970] [] ? kasan_unpoison_shadow+0x35/0x50 [ 45.074341] [] ? push_pipe+0x372/0x770 [ 45.079844] [] ? sanity+0x1ff/0x610 [ 45.085086] [] ? iov_iter_get_pages_alloc+0x2c7/0xf10 [ 45.091891] [] ? __unwind_start+0x1e3/0x3c0 [ 45.097833] [] vfs_readv+0x84/0xc0 [ 45.102989] [] default_file_splice_read+0x43f/0x7a0 [ 45.109621] [] ? depot_save_stack+0x122/0x4a0 [ 45.115730] [] ? do_splice_direct+0x270/0x270 [ 45.121840] [] ? save_stack+0x43/0xd0 [ 45.127257] [] ? kasan_kmalloc+0xad/0xe0 [ 45.132930] [] ? __kmalloc+0x11d/0x310 [ 45.138429] [] ? alloc_pipe_info+0x135/0x350 [ 45.144450] [] ? splice_direct_to_actor+0x64a/0x800 [ 45.151078] [] ? do_splice_direct+0x1a7/0x270 [ 45.157188] [] ? do_sendfile+0x54b/0xd30 [ 45.162866] [] ? entry_SYSCALL_64_fastpath+0x23/0xc6 [ 45.169584] [] ? futex_wait_queue_me+0x3e9/0x5e0 [ 45.175954] [] ? refill_pi_state_cache.part.8+0x200/0x200 [ 45.183109] [] ? drop_futex_key_refs.isra.12+0x63/0xd0 [ 45.190003] [] ? __fsnotify_parent+0xbc/0x340 [ 45.196112] [] ? fsnotify+0x86/0xf30 [ 45.201438] [] ? fsnotify+0xf30/0xf30 [ 45.206854] [] ? avc_policy_seqno+0x9/0x20 [ 45.212709] [] ? selinux_file_permission+0x82/0x460 [ 45.219342] [] ? security_file_permission+0x89/0x1e0 [ 45.226069] [] ? rw_verify_area+0xe5/0x2b0 [ 45.231924] [] ? do_splice_direct+0x270/0x270 [ 45.238034] [] do_splice_to+0x10a/0x160 [ 45.243622] [] splice_direct_to_actor+0x24d/0x800 [ 45.250076] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 45.256705] [] ? do_splice_to+0x160/0x160 [ 45.262473] [] ? security_file_permission+0x89/0x1e0 [ 45.269190] [] ? rw_verify_area+0xe5/0x2b0 [ 45.275045] [] do_splice_direct+0x1a7/0x270 [ 45.280987] [] ? splice_direct_to_actor+0x800/0x800 [ 45.287621] [] ? check_preemption_disabled+0x3b/0x200 [ 45.294429] [] ? rcu_sync_lockdep_assert+0xd/0xb0 [ 45.300888] [] ? __sb_start_write+0x14a/0x310 [ 45.307000] [] do_sendfile+0x54b/0xd30 [ 45.312508] [] ? do_compat_pwritev64+0x100/0x100 [ 45.318879] [] ? __might_fault+0xe4/0x1d0 [ 45.324649] [] ? __might_fault+0x114/0x1d0 [ 45.330507] [] SyS_sendfile64+0xd1/0x160 [ 45.336188] [] ? SyS_sendfile+0x160/0x160 [ 45.341958] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 45.348505] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 45.355046] Memory state around the buggy address: [ 45.359940] ffff8801cce2f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.367262] ffff8801cce2f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.374585] >ffff8801cce2f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.381909] ^ [ 45.387326] ffff8801cce2f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.394645] ffff8801cce2f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.401968] ================================================================== [ 45.677849] ================================================================== [ 45.685241] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 at addr ffff8801c827f8b8 [ 45.693796] Read of size 8 by task syz-executor7/7234 [ 45.698964] page:ffffea0007209fc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 45.707208] flags: 0x8000000000000000() [ 45.711157] page dumped because: kasan: bad access detected [ 45.716849] CPU: 1 PID: 7234 Comm: syz-executor7 Tainted: G B 4.9.66-g38884cc #102 [ 45.725652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.734976] ffff8801d5a671a0 ffffffff81d90429 ffffed003904ff18 0000000000000008 [ 45.742943] 0000000000000000 ffffed003904ff18 ffff8801c827f8b8 ffff8801d5a67228 [ 45.750937] ffffffff8153a583 0000000000000000 0000000000000000 ffffffff810d41b7 [ 45.758887] Call Trace: [ 45.761439] [] dump_stack+0xc1/0x128 [ 45.766776] [] kasan_report.part.1+0x4c3/0x500 [ 45.772978] [] ? __unwind_start+0x3a7/0x3c0 [ 45.778912] [] __asan_report_load8_noabort+0x29/0x30 [ 45.785631] [] __unwind_start+0x3a7/0x3c0 [ 45.791822] [] ? ptrace_may_access+0x24/0x50 [ 45.797847] [] __save_stack_trace+0x59/0xf0 [ 45.803783] [] save_stack_trace_tsk+0x48/0x70 [ 45.809900] [] proc_pid_stack+0x146/0x230 [ 45.815664] [] ? lock_trace+0xc0/0xc0 [ 45.821079] [] proc_single_show+0xf8/0x170 [ 45.826928] [] seq_read+0x32f/0x1290 [ 45.832259] [] ? __check_object_size+0x174/0x3a9 [ 45.838628] [] ? seq_escape+0x200/0x200 [ 45.844228] [] ? fsnotify+0x86/0xf30 [ 45.849555] [] ? fsnotify+0xf30/0xf30 [ 45.854972] [] ? avc_policy_seqno+0x9/0x20 [ 45.860821] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 45.867800] [] ? security_file_permission+0x89/0x1e0 [ 45.874515] [] ? seq_escape+0x200/0x200 [ 45.880106] [] ? seq_escape+0x200/0x200 [ 45.885697] [] do_readv_writev+0x520/0x750 [ 45.891544] [] ? vfs_write+0x530/0x530 [ 45.897043] [] ? kasan_unpoison_shadow+0x35/0x50 [ 45.903418] [] ? push_pipe+0x372/0x770 [ 45.908920] [] ? sanity+0x1ff/0x610 [ 45.914159] [] ? iov_iter_get_pages_alloc+0x2c7/0xf10 [ 45.920963] [] ? __unwind_start+0x1e3/0x3c0 [ 45.926898] [] vfs_readv+0x84/0xc0 [ 45.932053] [] default_file_splice_read+0x43f/0x7a0 [ 45.938683] [] ? depot_save_stack+0x122/0x4a0 [ 45.944797] [] ? do_splice_direct+0x270/0x270 [ 45.950907] [] ? save_stack+0x43/0xd0 [ 45.956324] [] ? kasan_kmalloc+0xad/0xe0 [ 45.961999] [] ? __kmalloc+0x11d/0x310 [ 45.967501] [] ? alloc_pipe_info+0x135/0x350 [ 45.973522] [] ? splice_direct_to_actor+0x64a/0x800 [ 45.980150] [] ? do_splice_direct+0x1a7/0x270 [ 45.986260] [] ? do_sendfile+0x54b/0xd30 [ 45.991937] [] ? entry_SYSCALL_64_fastpath+0x23/0xc6 [ 45.998653] [] ? futex_wait_queue_me+0x3e9/0x5e0 [ 46.005021] [] ? refill_pi_state_cache.part.8+0x200/0x200 [ 46.012173] [] ? drop_futex_key_refs.isra.12+0x63/0xd0 [ 46.019068] [] ? __fsnotify_parent+0xbc/0x340 [ 46.025181] [] ? fsnotify+0x86/0xf30 [ 46.030508] [] ? fsnotify+0xf30/0xf30 [ 46.035933] [] ? avc_policy_seqno+0x9/0x20 [ 46.041793] [] ? selinux_file_permission+0x82/0x460 [ 46.048422] [] ? security_file_permission+0x89/0x1e0 [ 46.055137] [] ? rw_verify_area+0xe5/0x2b0 [ 46.060991] [] ? do_splice_direct+0x270/0x270 [ 46.067104] [] do_splice_to+0x10a/0x160 [ 46.072695] [] splice_direct_to_actor+0x24d/0x800 [ 46.079150] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 46.085780] [] ? do_splice_to+0x160/0x160 [ 46.091543] [] ? security_file_permission+0x89/0x1e0 [ 46.098259] [] ? rw_verify_area+0xe5/0x2b0 [ 46.104113] [] do_splice_direct+0x1a7/0x270 [ 46.110049] [] ? splice_direct_to_actor+0x800/0x800 [ 46.116680] [] ? check_preemption_disabled+0x3b/0x200 [ 46.123483] [] ? rcu_sync_lockdep_assert+0xd/0xb0 [ 46.129936] [] ? __sb_start_write+0x14a/0x310 [ 46.136046] [] do_sendfile+0x54b/0xd30 [ 46.141549] [] ? do_compat_pwritev64+0x100/0x100 [ 46.147919] [] ? __might_fault+0xe4/0x1d0 [ 46.153684] [] ? __might_fault+0x114/0x1d0 [ 46.159532] [] SyS_sendfile64+0xd1/0x160 [ 46.165225] [] ? SyS_sendfile+0x160/0x160 [ 46.171011] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 46.177565] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 46.184111] Memory state around the buggy address: [ 46.189011] ffff8801c827f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.196346] ffff8801c827f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.203673] >ffff8801c827f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.210993] ^ [ 46.216406] ffff8801c827f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.223729] ffff8801c827f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.231050] ================================================================== [ 46.419875] ================================================================== [ 46.427279] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 at addr ffff8801d94ff8b8 [ 46.435833] Read of size 8 by task syz-executor7/7466 [ 46.441002] page:ffffea0007653fc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 46.449238] flags: 0x8000000000000000() [ 46.453178] page dumped because: kasan: bad access detected [ 46.458864] CPU: 0 PID: 7466 Comm: syz-executor7 Tainted: G B 4.9.66-g38884cc #102 [ 46.467676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.477004] ffff8801d9adf1a0 ffffffff81d90429 ffffed003b29ff18 0000000000000008 [ 46.485006] 0000000000000000 ffffed003b29ff18 ffff8801d94ff8b8 ffff8801d9adf228 [ 46.492974] ffffffff8153a583 0000000000000000 0000000000000000 ffffffff810d41b7 [ 46.500936] Call Trace: [ 46.503489] [] dump_stack+0xc1/0x128 [ 46.508819] [] kasan_report.part.1+0x4c3/0x500 [ 46.515017] [] ? __unwind_start+0x3a7/0x3c0 [ 46.520952] [] __asan_report_load8_noabort+0x29/0x30 [ 46.527666] [] __unwind_start+0x3a7/0x3c0 [ 46.533430] [] ? ptrace_may_access+0x24/0x50 [ 46.539451] [] __save_stack_trace+0x59/0xf0 [ 46.545386] [] save_stack_trace_tsk+0x48/0x70 [ 46.551494] [] proc_pid_stack+0x146/0x230 [ 46.557254] [] ? lock_trace+0xc0/0xc0 [ 46.562669] [] proc_single_show+0xf8/0x170 [ 46.568521] [] seq_read+0x32f/0x1290 [ 46.573849] [] ? __check_object_size+0x174/0x3a9 [ 46.580217] [] ? seq_escape+0x200/0x200 [ 46.585806] [] ? fsnotify+0x86/0xf30 [ 46.591148] [] ? fsnotify+0xf30/0xf30 [ 46.596569] [] ? avc_policy_seqno+0x9/0x20 [ 46.602419] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 46.609398] [] ? security_file_permission+0x89/0x1e0 [ 46.616122] [] ? seq_escape+0x200/0x200 [ 46.621715] [] ? seq_escape+0x200/0x200 [ 46.627313] [] do_readv_writev+0x520/0x750 [ 46.633169] [] ? vfs_write+0x530/0x530 [ 46.638672] [] ? kasan_unpoison_shadow+0x35/0x50 [ 46.645043] [] ? push_pipe+0x372/0x770 [ 46.650544] [] ? sanity+0x1ff/0x610 [ 46.655783] [] ? iov_iter_get_pages_alloc+0x2c7/0xf10 [ 46.662590] [] ? __unwind_start+0x1e3/0x3c0 [ 46.668525] [] vfs_readv+0x84/0xc0 [ 46.673682] [] default_file_splice_read+0x43f/0x7a0 [ 46.680317] [] ? depot_save_stack+0x122/0x4a0 [ 46.686428] [] ? do_splice_direct+0x270/0x270 [ 46.692535] [] ? save_stack+0x43/0xd0 [ 46.697950] [] ? kasan_kmalloc+0xad/0xe0 [ 46.703633] [] ? __kmalloc+0x11d/0x310 [ 46.709159] [] ? alloc_pipe_info+0x135/0x350 [ 46.715183] [] ? splice_direct_to_actor+0x64a/0x800 [ 46.721810] [] ? do_splice_direct+0x1a7/0x270 [ 46.727920] [] ? do_sendfile+0x54b/0xd30 [ 46.733595] [] ? entry_SYSCALL_64_fastpath+0x23/0xc6 [ 46.740311] [] ? __alloc_pages_slowpath+0x1d90/0x1d90 [ 46.747121] [] ? refill_pi_state_cache.part.8+0x200/0x200 [ 46.754280] [] ? new_slab+0x264/0x420 [ 46.759695] [] ? drop_futex_key_refs.isra.12+0x63/0xd0 [ 46.766586] [] ? __fsnotify_parent+0xbc/0x340 [ 46.772695] [] ? fsnotify+0x86/0xf30 [ 46.778021] [] ? fsnotify+0xf30/0xf30 [ 46.783450] [] ? avc_policy_seqno+0x9/0x20 [ 46.789300] [] ? selinux_file_permission+0x82/0x460 [ 46.795932] [] ? security_file_permission+0x89/0x1e0 [ 46.802648] [] ? rw_verify_area+0xe5/0x2b0 [ 46.808496] [] ? do_splice_direct+0x270/0x270 [ 46.814607] [] do_splice_to+0x10a/0x160 [ 46.820198] [] splice_direct_to_actor+0x24d/0x800 [ 46.826656] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 46.833286] [] ? do_splice_to+0x160/0x160 [ 46.839050] [] ? security_file_permission+0x89/0x1e0 [ 46.845774] [] ? rw_verify_area+0xe5/0x2b0 [ 46.851623] [] do_splice_direct+0x1a7/0x270 [ 46.857560] [] ? splice_direct_to_actor+0x800/0x800 [ 46.864192] [] ? check_preemption_disabled+0x3b/0x200 [ 46.871004] [] ? rcu_sync_lockdep_assert+0xd/0xb0 [ 46.877461] [] ? __sb_start_write+0x14a/0x310 [ 46.883572] [] do_sendfile+0x54b/0xd30 [ 46.889087] [] ? do_compat_pwritev64+0x100/0x100 [ 46.895459] [] ? __might_fault+0xe4/0x1d0 [ 46.901314] [] ? __might_fault+0x114/0x1d0 [ 46.907172] [] SyS_sendfile64+0xd1/0x160 [ 46.912857] [] ? SyS_sendfile+0x160/0x160 [ 46.918628] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 46.925178] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 46.931717] Memory state around the buggy address: [ 46.936617] ffff8801d94ff780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.943938] ffff8801d94ff800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.951260] >ffff8801d94ff880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.958582] ^ [ 46.963995] ffff8801d94ff900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2017/12/01 15:20:38 executed programs: 1400 [ 46.971314] ffff8801d94ff980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.978632] ================================================================== [ 47.241067] ================================================================== [ 47.248461] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 at addr ffff8801c79678b8 [ 47.257026] Read of size 8 by task syz-executor7/7746 [ 47.262195] page:ffffea00071e59c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 47.270424] flags: 0x8000000000000000() [ 47.274362] page dumped because: kasan: bad access detected [ 47.280063] CPU: 1 PID: 7746 Comm: syz-executor7 Tainted: G B 4.9.66-g38884cc #102 [ 47.288876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.298206] ffff8801c780f1a0 ffffffff81d90429 ffffed0038f2cf18 0000000000000008 [ 47.306235] 0000000000000000 ffffed0038f2cf18 ffff8801c79678b8 ffff8801c780f228 [ 47.314260] ffffffff8153a583 0000000000000000 0000000000000000 ffffffff810d41b7 [ 47.322208] Call Trace: [ 47.324762] [] dump_stack+0xc1/0x128 [ 47.330098] [] kasan_report.part.1+0x4c3/0x500 [ 47.336297] [] ? __unwind_start+0x3a7/0x3c0 [ 47.342233] [] __asan_report_load8_noabort+0x29/0x30 [ 47.348951] [] __unwind_start+0x3a7/0x3c0 [ 47.354718] [] ? ptrace_may_access+0x24/0x50 [ 47.360747] [] __save_stack_trace+0x59/0xf0 [ 47.366683] [] save_stack_trace_tsk+0x48/0x70 [ 47.372794] [] proc_pid_stack+0x146/0x230 [ 47.378557] [] ? lock_trace+0xc0/0xc0 [ 47.383973] [] proc_single_show+0xf8/0x170