binder: 14085:14090 ioctl 40046207 0 returned -16 BUG: sleeping function called from invalid context at mm/slab.h:421 in_atomic(): 1, irqs_disabled(): 0, pid: 14111, name: syz-executor3 1 lock held by syz-executor3/14111: #0: 0000000028cc3eb7 (sk_lock-AF_ALG){+.+.}, at: lock_sock include/net/sock.h:1502 [inline] #0: 0000000028cc3eb7 (sk_lock-AF_ALG){+.+.}, at: skcipher_recvmsg+0xbb/0x1420 crypto/algif_skcipher.c:163 binder_alloc: binder_alloc_mmap_handler: 14112 20001000-20004000 already mapped failed -16 Preemption disabled at: [] kernel_fpu_begin+0x16/0x260 arch/x86/kernel/fpu/core.c:127 binder: BINDER_SET_CONTEXT_MGR already set CPU: 0 PID: 14111 Comm: syz-executor3 Not tainted 4.20.0-rc6-next-20181214+ #171 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 binder: 14112:14116 ioctl 40046207 0 returned -16 ___might_sleep.cold.86+0x221/0x254 kernel/sched/core.c:6148 __might_sleep+0x95/0x190 kernel/sched/core.c:6101 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3365 [inline] __do_kmalloc mm/slab.c:3707 [inline] __kmalloc+0x2da/0x760 mm/slab.c:3718 binder_alloc: binder_alloc_mmap_handler: 14120 20001000-20004000 already mapped failed -16 kmalloc include/linux/slab.h:550 [inline] kzalloc include/linux/slab.h:740 [inline] skcipher_next_slow crypto/skcipher.c:254 [inline] skcipher_walk_next+0x7f9/0x17f0 crypto/skcipher.c:358 skcipher_walk_first+0xff/0x3a0 crypto/skcipher.c:441 skcipher_walk_skcipher+0x541/0x700 crypto/skcipher.c:469 binder: BINDER_SET_CONTEXT_MGR already set skcipher_walk_virt+0x58/0xd0 crypto/skcipher.c:479 chacha_simd_stream_xor+0xb3/0xa40 arch/x86/crypto/chacha_glue.c:141 binder: 14120:14121 ioctl 40046207 0 returned -16 chacha_simd+0xd8/0x110 arch/x86/crypto/chacha_glue.c:179 crypto_skcipher_decrypt include/crypto/skcipher.h:538 [inline] _skcipher_recvmsg crypto/algif_skcipher.c:146 [inline] skcipher_recvmsg+0xcc9/0x1420 crypto/algif_skcipher.c:165 sock_recvmsg_nosec net/socket.c:795 [inline] sock_recvmsg+0xd0/0x110 net/socket.c:802 ___sys_recvmsg+0x2b6/0x680 net/socket.c:2279 do_recvmmsg+0x303/0xb90 net/socket.c:2392 __sys_recvmmsg+0xe5/0x2a0 net/socket.c:2473 __do_sys_recvmmsg net/socket.c:2494 [inline] __se_sys_recvmmsg net/socket.c:2487 [inline] __x64_sys_recvmmsg+0xe6/0x140 net/socket.c:2487 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457659 Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f6ab2af4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457659 RDX: 0000000000000001 RSI: 000000002000a280 RDI: 0000000000000004 RBP: 000000000072bf00 R08: 000000002000a500 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6ab2af56d4 R13: 00000000004c3b77 R14: 00000000004d6770 R15: 00000000ffffffff binder_alloc: binder_alloc_mmap_handler: 14127 20001000-20004000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 14127:14128 ioctl 40046207 0 returned -16 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 14103 Comm: syz-executor5 Tainted: G W 4.20.0-rc6-next-20181214+ #171 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 handle_userfault.cold.30+0x47/0x62 fs/userfaultfd.c:431 do_anonymous_page mm/memory.c:2926 [inline] handle_pte_fault mm/memory.c:3768 [inline] __handle_mm_fault+0x4d26/0x5b70 mm/memory.c:3894 handle_mm_fault+0x54f/0xc70 mm/memory.c:3931 do_user_addr_fault arch/x86/mm/fault.c:1475 [inline] __do_page_fault+0x5f6/0xd70 arch/x86/mm/fault.c:1541 do_page_fault+0xf2/0x7e0 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:__get_user_4+0x21/0x30 arch/x86/lib/getuser.S:76 Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 18 14 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 RSP: 0018:ffff8881828c7c40 EFLAGS: 00010202 RAX: 0000000020013ff7 RBX: 0000000020013ff4 RCX: ffffc9000fe3a000 RDX: ffffffffffffffff RSI: ffffffff81b2fa73 RDI: 0000000000000282 RBP: ffff8881828c7c80 R08: 1ffff11030518f65 R09: 0000000000000008 R10: 0000000000000001 R11: ffff8881b5e68440 R12: 000000000000000b R13: ffff8881c3a64840 R14: 0000000000000006 R15: 0000000000000011 udpv6_setsockopt+0x95/0xa0 net/ipv6/udp.c:1595 sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2986 __sys_setsockopt+0x1ba/0x3c0 net/socket.c:1903 __do_sys_setsockopt net/socket.c:1914 [inline] __se_sys_setsockopt net/socket.c:1911 [inline] __x64_sys_setsockopt+0xbe/0x150 net/socket.c:1911 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457659 Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f0b8d57ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457659 RDX: 000000000000000b RSI: 0000000000000088 RDI: 0000000000000007 RBP: 000000000072bf00 R08: 0000000000000006 R09: 0000000000000000 R10: 0000000020013ff4 R11: 0000000000000246 R12: 00007f0b8d57b6d4 R13: 00000000004c4c0a R14: 00000000004d8240 R15: 00000000ffffffff CPU: 1 PID: 14108 Comm: syz-executor5 Tainted: G W 4.20.0-rc6-next-20181214+ #171 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 handle_userfault.cold.30+0x47/0x62 fs/userfaultfd.c:431 do_anonymous_page mm/memory.c:2926 [inline] handle_pte_fault mm/memory.c:3768 [inline] __handle_mm_fault+0x4d26/0x5b70 mm/memory.c:3894 handle_mm_fault+0x54f/0xc70 mm/memory.c:3931 do_user_addr_fault arch/x86/mm/fault.c:1475 [inline] __do_page_fault+0x5f6/0xd70 arch/x86/mm/fault.c:1541 do_page_fault+0xf2/0x7e0 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_generic_unrolled+0x86/0xc0 arch/x86/lib/copy_user_64.S:65 Code: 4c 8b 5e 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 <4c> 8b 06 4c 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 RSP: 0018:ffff88817c68fd08 EFLAGS: 00010206 RAX: ffffed102f8d1fb2 RBX: 0000000000000018 RCX: 0000000000000003 RDX: 0000000000000000 RSI: 0000000020012000 RDI: ffff88817c68fd78 RBP: ffff88817c68fd40 R08: ffffed102f8d1fb2 R09: ffffed102f8d1faf R10: ffffed102f8d1fb1 R11: ffff88817c68fd8f R12: 0000000020012018 R13: 0000000020012000 R14: ffff88817c68fd78 R15: 00007ffffffff000 copy_from_user include/linux/uaccess.h:147 [inline] __do_sys_sigaltstack kernel/signal.c:3730 [inline] __se_sys_sigaltstack kernel/signal.c:3726 [inline] __x64_sys_sigaltstack+0xf1/0x3b0 kernel/signal.c:3726 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457659 Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f0b8d559c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000083 RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000457659 RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000020012000 RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0b8d55a6d4 R13: 00000000004c5010 R14: 00000000004d9248 R15: 00000000ffffffff binder_alloc: binder_alloc_mmap_handler: 14154 20001000-20004000 already mapped failed -16 BUG: sleeping function called from invalid context at mm/slab.h:421 in_atomic(): 1, irqs_disabled(): 0, pid: 14162, name: syz-executor3 1 lock held by syz-executor3/14162: #0: 0000000014bcd1cd (sk_lock-AF_ALG){+.+.}, at: lock_sock include/net/sock.h:1502 [inline] #0: 0000000014bcd1cd (sk_lock-AF_ALG){+.+.}, at: skcipher_recvmsg+0xbb/0x1420 crypto/algif_skcipher.c:163 Preemption disabled at: [] kernel_fpu_begin+0x16/0x260 arch/x86/kernel/fpu/core.c:127 binder: BINDER_SET_CONTEXT_MGR already set CPU: 0 PID: 14162 Comm: syz-executor3 Tainted: G W 4.20.0-rc6-next-20181214+ #171 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 binder: 14154:14165 ioctl 40046207 0 returned -16 ___might_sleep.cold.86+0x221/0x254 kernel/sched/core.c:6148 __might_sleep+0x95/0x190 kernel/sched/core.c:6101 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3365 [inline] __do_kmalloc mm/slab.c:3707 [inline] __kmalloc+0x2da/0x760 mm/slab.c:3718 kmalloc include/linux/slab.h:550 [inline] kzalloc include/linux/slab.h:740 [inline] skcipher_next_slow crypto/skcipher.c:254 [inline] skcipher_walk_next+0x7f9/0x17f0 crypto/skcipher.c:358 skcipher_walk_first+0xff/0x3a0 crypto/skcipher.c:441 skcipher_walk_skcipher+0x541/0x700 crypto/skcipher.c:469 skcipher_walk_virt+0x58/0xd0 crypto/skcipher.c:479 chacha_simd_stream_xor+0xb3/0xa40 arch/x86/crypto/chacha_glue.c:141 chacha_simd+0xd8/0x110 arch/x86/crypto/chacha_glue.c:179 crypto_skcipher_decrypt include/crypto/skcipher.h:538 [inline] _skcipher_recvmsg crypto/algif_skcipher.c:146 [inline] skcipher_recvmsg+0xcc9/0x1420 crypto/algif_skcipher.c:165 sock_recvmsg_nosec net/socket.c:795 [inline] sock_recvmsg+0xd0/0x110 net/socket.c:802 ___sys_recvmsg+0x2b6/0x680 net/socket.c:2279 do_recvmmsg+0x303/0xb90 net/socket.c:2392 binder: 14174:14183 ioctl c0306201 20000040 returned -14 __sys_recvmmsg+0xe5/0x2a0 net/socket.c:2473 binder_alloc: binder_alloc_mmap_handler: 14174 20001000-20004000 already mapped failed -16 __do_sys_recvmmsg net/socket.c:2494 [inline] __se_sys_recvmmsg net/socket.c:2487 [inline] __x64_sys_recvmmsg+0xe6/0x140 net/socket.c:2487 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 binder: BINDER_SET_CONTEXT_MGR already set binder: 14174:14183 ioctl 40046207 0 returned -16 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457659 Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 binder: 14174:14185 ioctl c0306201 20000040 returned -14 RSP: 002b:00007f6ab2af4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457659 RDX: 0000000000000001 RSI: 000000002000a280 RDI: 0000000000000004 RBP: 000000000072bf00 R08: 000000002000a500 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6ab2af56d4 R13: 00000000004c3b77 R14: 00000000004d6770 R15: 00000000ffffffff binder_alloc: binder_alloc_mmap_handler: 14192 20001000-20004000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 14192:14195 ioctl 40046207 0 returned -16 sg_write: data in/out 45788/1 bytes for SCSI command 0x0-- guessing data in; program syz-executor4 not setting count and/or reply_len properly binder_alloc: binder_alloc_mmap_handler: 14208 20001000-20004000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 14208:14209 ioctl 40046207 0 returned -16 sg_write: data in/out 45788/1 bytes for SCSI command 0x0-- guessing data in; program syz-executor4 not setting count and/or reply_len properly binder_alloc: binder_alloc_mmap_handler: 14234 20001000-20004000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 14234:14236 ioctl 40046207 0 returned -16 binder_alloc: binder_alloc_mmap_handler: 14263 20001000-20004000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 14288:14291 ioctl 40046207 0 returned -16 binder: 14303:14307 unknown command 0 binder: 14303:14307 ioctl c0306201 20000040 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 14303:14324 unknown command 0 binder: 14303:14307 ioctl 40046207 0 returned -16 binder: 14303:14324 ioctl c0306201 20000040 returned -22 9pnet_virtio: no channels available for device 127.0.0.1 ceph: device name is missing path (no : separator in ./file0) binder: 14345:14349 unknown command 0 ceph: device name is missing path (no : separator in ./file0) overlayfs: filesystem on './file0' not supported as upperdir binder: 14345:14349 ioctl c0306201 20000040 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 14345:14357 unknown command 0 binder: 14345:14357 ioctl c0306201 20000040 returned -22 binder: 14345:14349 ioctl 40046207 0 returned -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 14384:14385 ioctl 40046207 0 returned -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 14403:14406 ioctl 40046207 0 returned -16 binder_alloc_mmap_handler: 5 callbacks suppressed binder_alloc: binder_alloc_mmap_handler: 14418 20001000-20004000 already mapped failed -16 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 14390 Comm: syz-executor5 Tainted: G W 4.20.0-rc6-next-20181214+ #171 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 handle_userfault.cold.30+0x47/0x62 fs/userfaultfd.c:431 do_anonymous_page mm/memory.c:2926 [inline] handle_pte_fault mm/memory.c:3768 [inline] __handle_mm_fault+0x4d26/0x5b70 mm/memory.c:3894 handle_mm_fault+0x54f/0xc70 mm/memory.c:3931 do_user_addr_fault arch/x86/mm/fault.c:1475 [inline] __do_page_fault+0x5f6/0xd70 arch/x86/mm/fault.c:1541 do_page_fault+0xf2/0x7e0 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:__get_user_4+0x21/0x30 arch/x86/lib/getuser.S:76 Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 18 14 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 RSP: 0018:ffff8881721efc40 EFLAGS: 00010202 RAX: 0000000020013ff7 RBX: 0000000020013ff4 RCX: ffffc9000fe3a000 RDX: ffffffffffffffff RSI: ffffffff81b2fa73 RDI: 0000000000000282 RBP: ffff8881721efc80 R08: 1ffff1102e43df65 R09: 0000000000000008 R10: 0000000000000001 R11: ffff8881842e2140 R12: 000000000000000b R13: ffff8881c41ca800 R14: 0000000000000006 R15: 0000000000000011 udpv6_setsockopt+0x95/0xa0 net/ipv6/udp.c:1595 sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2986 __sys_setsockopt+0x1ba/0x3c0 net/socket.c:1903 __do_sys_setsockopt net/socket.c:1914 [inline] __se_sys_setsockopt net/socket.c:1911 [inline] __x64_sys_setsockopt+0xbe/0x150 net/socket.c:1911 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457659 Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f0b8d57ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457659 RDX: 000000000000000b RSI: 0000000000000088 RDI: 0000000000000007 RBP: 000000000072bf00 R08: 0000000000000006 R09: 0000000000000000 R10: 0000000020013ff4 R11: 0000000000000246 R12: 00007f0b8d57b6d4 R13: 00000000004c4c0a R14: 00000000004d8240 R15: 00000000ffffffff binder_alloc: binder_alloc_mmap_handler: 14444 20001000-20004000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 14444:14446 ioctl 40046207 0 returned -16 binder_alloc: binder_alloc_mmap_handler: 14472 20001000-20004000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 14472:14473 ioctl 40046207 0 returned -16 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 14481 Comm: syz-executor3 Tainted: G W 4.20.0-rc6-next-20181214+ #171 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0xa/0x17 lib/fault-inject.c:149 __should_failslab+0x124/0x180 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1576 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc mm/slab.c:3365 [inline] __do_kmalloc mm/slab.c:3707 [inline] __kmalloc+0x2e4/0x760 mm/slab.c:3718 kmalloc include/linux/slab.h:550 [inline] sock_kmalloc+0x15a/0x1f0 net/core/sock.c:1992 af_alg_alloc_areq+0x83/0x280 crypto/af_alg.c:1097 libceph: parse_ips bad ip '::,.:nullb' _skcipher_recvmsg crypto/algif_skcipher.c:75 [inline] skcipher_recvmsg+0x354/0x1420 crypto/algif_skcipher.c:165 libceph: parse_ips bad ip '::,.:nullb' sock_recvmsg_nosec net/socket.c:795 [inline] sock_recvmsg+0xd0/0x110 net/socket.c:802 ___sys_recvmsg+0x2b6/0x680 net/socket.c:2279 do_recvmmsg+0x303/0xb90 net/socket.c:2392 __sys_recvmmsg+0xe5/0x2a0 net/socket.c:2473 __do_sys_recvmmsg net/socket.c:2494 [inline] __se_sys_recvmmsg net/socket.c:2487 [inline] __x64_sys_recvmmsg+0xe6/0x140 net/socket.c:2487 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457659 Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f6ab2af4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b RAX: ffffffffffffffda RBX: 00007f6ab2af4c90 RCX: 0000000000457659 RDX: 0000000000000001 RSI: 000000002000a280 RDI: 0000000000000004 RBP: 000000000072bf00 R08: 000000002000a500 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6ab2af56d4 R13: 00000000004c3b77 R14: 00000000004d6770 R15: 0000000000000005 FAT-fs (loop1): bogus number of reserved sectors FAT-fs (loop1): Can't find a valid FAT filesystem binder: 14524:14527 BC_ACQUIRE_DONE u0000000000000000 no match binder: 14524:14527 unknown command 0 FAT-fs (loop1): bogus number of reserved sectors binder: 14524:14527 ioctl c0306201 20000040 returned -22 binder_alloc: binder_alloc_mmap_handler: 14524 20001000-20004000 already mapped failed -16 FAT-fs (loop1): Can't find a valid FAT filesystem binder: 14524:14539 BC_ACQUIRE_DONE u0000000000000000 no match binder: BINDER_SET_CONTEXT_MGR already set binder: 14524:14527 ioctl 40046207 0 returned -16 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 1 PID: 14546 Comm: syz-executor3 Tainted: G W 4.20.0-rc6-next-20181214+ #171 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 binder: 14524:14539 unknown command 0 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0xa/0x17 lib/fault-inject.c:149 binder: 14524:14539 ioctl c0306201 20000040 returned -22 __should_failslab+0x124/0x180 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1576 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc mm/slab.c:3365 [inline] __do_kmalloc mm/slab.c:3707 [inline] __kmalloc+0x2e4/0x760 mm/slab.c:3718 kmalloc include/linux/slab.h:550 [inline] sock_kmalloc+0x15a/0x1f0 net/core/sock.c:1992 _skcipher_recvmsg crypto/algif_skcipher.c:103 [inline] skcipher_recvmsg+0x4fa/0x1420 crypto/algif_skcipher.c:165 sock_recvmsg_nosec net/socket.c:795 [inline] sock_recvmsg+0xd0/0x110 net/socket.c:802 ___sys_recvmsg+0x2b6/0x680 net/socket.c:2279 do_recvmmsg+0x303/0xb90 net/socket.c:2392 __sys_recvmmsg+0xe5/0x2a0 net/socket.c:2473 __do_sys_recvmmsg net/socket.c:2494 [inline] __se_sys_recvmmsg net/socket.c:2487 [inline] __x64_sys_recvmmsg+0xe6/0x140 net/socket.c:2487 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457659 Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f6ab2af4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b RAX: ffffffffffffffda RBX: 00007f6ab2af4c90 RCX: 0000000000457659 RDX: 0000000000000001 RSI: 000000002000a280 RDI: 0000000000000004 RBP: 000000000072bf00 R08: 000000002000a500 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6ab2af56d4 R13: 00000000004c3b77 R14: 00000000004d6770 R15: 0000000000000005 binder: 14562:14564 unknown command 1077961548 binder: 14562:14564 ioctl c0306201 20000040 returned -22 FAT-fs (loop1): bogus number of reserved sectors FAT-fs (loop1): Can't find a valid FAT filesystem binder_alloc: binder_alloc_mmap_handler: 14562 20001000-20004000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 14562:14564 ioctl 40046207 0 returned -16 binder: 14562:14585 unknown command 1077961548 binder: 14562:14585 ioctl c0306201 20000040 returned -22 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 14550 Comm: syz-executor5 Tainted: G W 4.20.0-rc6-next-20181214+ #171 QAT: Invalid ioctl Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 handle_userfault.cold.30+0x47/0x62 fs/userfaultfd.c:431 QAT: Invalid ioctl do_anonymous_page mm/memory.c:2926 [inline] handle_pte_fault mm/memory.c:3768 [inline] __handle_mm_fault+0x4d26/0x5b70 mm/memory.c:3894 handle_mm_fault+0x54f/0xc70 mm/memory.c:3931 do_user_addr_fault arch/x86/mm/fault.c:1475 [inline] __do_page_fault+0x5f6/0xd70 arch/x86/mm/fault.c:1541 do_page_fault+0xf2/0x7e0 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:__get_user_4+0x21/0x30 arch/x86/lib/getuser.S:76 Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 18 14 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 RSP: 0018:ffff8881805b7c40 EFLAGS: 00010202 RAX: 0000000020013ff7 RBX: 0000000020013ff4 RCX: ffffc9001003b000 RDX: ffffffffffffffff RSI: ffffffff81b2fa73 RDI: 0000000000000282 RBP: ffff8881805b7c80 R08: 1ffff110300b6f65 R09: 0000000000000008 R10: 0000000000000001 R11: ffff8881bd7ae640 R12: 000000000000000b R13: ffff8881c398f140 R14: 0000000000000006 R15: 0000000000000011 udpv6_setsockopt+0x95/0xa0 net/ipv6/udp.c:1595 sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2986 __sys_setsockopt+0x1ba/0x3c0 net/socket.c:1903 __do_sys_setsockopt net/socket.c:1914 [inline] __se_sys_setsockopt net/socket.c:1911 [inline] __x64_sys_setsockopt+0xbe/0x150 net/socket.c:1911 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457659 Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f0b8d559c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457659 RDX: 000000000000000b RSI: 0000000000000088 RDI: 0000000000000006 RBP: 000000000072bfa0 R08: 0000000000000006 R09: 0000000000000000 R10: 0000000020013ff4 R11: 0000000000000246 R12: 00007f0b8d55a6d4 R13: 00000000004c4c0a R14: 00000000004d8240 R15: 00000000ffffffff binder: 14614:14619 unknown command 1077961580 binder: 14614:14619 ioctl c0306201 20000040 returned -22 binder_alloc: binder_alloc_mmap_handler: 14614 20001000-20004000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 14614:14619 ioctl 40046207 0 returned -16 binder: 14614:14623 unknown command 1077961580 binder: 14614:14623 ioctl c0306201 20000040 returned -22 binder: 14657:14659 unknown command 1077961479 binder: 14657:14659 ioctl c0306201 20000040 returned -22 binder_alloc: binder_alloc_mmap_handler: 14657 20001000-20004000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 14657:14659 ioctl 40046207 0 returned -16 binder: 14657:14675 unknown command 1077961479 binder: 14657:14675 ioctl c0306201 20000040 returned -22 binder: 14693:14694 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 14693:14694 unknown command 0 binder: 14693:14694 ioctl c0306201 20000040 returned -22 binder_alloc: binder_alloc_mmap_handler: 14693 20001000-20004000 already mapped failed -16 binder: 14693:14708 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 14693:14708 unknown command 0 binder: BINDER_SET_CONTEXT_MGR already set binder: 14693:14714 ioctl 40046207 0 returned -16 binder: 14693:14708 ioctl c0306201 20000040 returned -22 binder: 14737:14741 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 14737:14741 unknown command 0 binder: 14737:14741 ioctl c0306201 20000040 returned -22 binder_alloc: binder_alloc_mmap_handler: 14737 20001000-20004000 already mapped failed -16