================================================================== BUG: KASAN: wild-memory-access on address ffe708746d1c9000 Read of size 124 by task syz-executor4/10941 CPU: 0 PID: 10941 Comm: syz-executor4 Not tainted 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a617f9e8 ffffffff81d93149 ffe708746d1c9000 000000000000007c 0000000000000000 ffff8801ad6450c0 ffe708746d1c9000 ffff8801a617fa70 ffffffff8153d08f 0000000000000000 0000000000000001 ffffffff826648db Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_report_error mm/kasan/report.c:284 [inline] [] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309 [] kasan_report+0x20/0x30 mm/kasan/report.c:296 [] check_memory_region_inline mm/kasan/kasan.c:308 [inline] [] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315 [] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320 [] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline] [] sg_read_oxfer drivers/scsi/sg.c:1978 [inline] [] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520 [] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714 [] do_loop_readv_writev fs/read_write.c:880 [inline] [] do_readv_writev+0x520/0x750 fs/read_write.c:874 [] vfs_readv+0x84/0xc0 fs/read_write.c:898 [] do_readv+0xe6/0x250 fs/read_write.c:924 [] SYSC_readv fs/read_write.c:1011 [inline] [] SyS_readv+0x27/0x30 fs/read_write.c:1008 [] entry_SYSCALL_64_fastpath+0x23/0xc6 ================================================================== FAULT_FLAG_ALLOW_RETRY missing 70 CPU: 1 PID: 10950 Comm: syz-executor7 Tainted: G B 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ad347b50 ffffffff81d93149 ffff8801ad347e30 0000000000000000 ffff8801ab32c290 ffff8801ad347d20 ffff8801ab32c180 ffff8801ad347d48 ffffffff81660dc8 ffff8801ad347ca0 0000000020001000 00000001d5c2d067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 FAULT_FLAG_ALLOW_RETRY missing 70 CPU: 1 PID: 10965 Comm: syz-executor7 Tainted: G B 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d232fb50 ffffffff81d93149 ffff8801d232fe30 0000000000000000 ffff8801d5a22d10 ffff8801d232fd20 ffff8801d5a22c00 ffff8801d232fd48 ffffffff81660dc8 ffff8801d232fca0 0000000000000246 00000001cf139067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=10992 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=46486 sclass=netlink_route_socket pig=10997 comm=syz-executor1 device lo left promiscuous mode binder: 11010:11014 ioctl 4b66 20cf5000 returned -22 binder: 11010:11024 ioctl 4b66 20cf5000 returned -22 device lo entered promiscuous mode device lo left promiscuous mode IPVS: Creating netns size=2536 id=25 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads nla_parse: 19 callbacks suppressed netlink: 4 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor7'. device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 11400 Comm: syz-executor0 Tainted: G B 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d55775b0 ffffffff81d93149 ffff8801d5577890 0000000000000000 ffff8801d5a23a90 ffff8801d5577780 ffff8801d5a23980 ffff8801d55777a8 ffffffff81660dc8 ffff8801d5577700 ffffffff811eb235 00000001d1ef4067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1235 [] udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2086 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2705 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 11377 Comm: syz-executor0 Tainted: G B 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c6aefa00 ffffffff81d93149 ffff8801c6aefce0 0000000000000000 ffff8801d5a23a90 ffff8801c6aefbd0 ffff8801d5a23980 ffff8801c6aefbf8 ffffffff81660dc8 ffff8801c6aefb50 0000000041b58ab3 00000001d1ef4067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 11361 Comm: syz-executor0 Tainted: G B 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cb3776d0 ffffffff81d93149 ffff8801cb3779b0 0000000000000000 ffff8801d5a23a90 ffff8801cb3778a0 ffff8801d5a23980 ffff8801cb3778c8 ffffffff81660dc8 ffff8801cb377820 ffffffff84649140 00000001d1ef4067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] inet_ioctl+0x89/0x1c0 net/ipv4/af_inet.c:878 [] sock_do_ioctl+0x65/0xb0 net/socket.c:892 [] sock_ioctl+0x2e0/0x3d0 net/socket.c:978 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x10c0 fs/ioctl.c:679 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. binder_alloc: binder_alloc_mmap_handler: 11636 204f0000-204f4000 already mapped failed -16 binder_alloc: binder_alloc_mmap_handler: 11636 204f0000-204f4000 already mapped failed -16 device syz2 entered promiscuous mode device lo left promiscuous mode selinux_nlmsg_perm: 146 callbacks suppressed SELinux: unrecognized netlink message: protocol=4 nlmsg_type=4 sclass=netlink_tcpdiag_socket pig=11711 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=4 sclass=netlink_tcpdiag_socket pig=11719 comm=syz-executor5 device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device lo left promiscuous mode keychord: using input dev AT Translated Set 2 keyboard for fevent sg_write: data in/out 452821891/51 bytes for SCSI command 0x8f-- guessing data in; program syz-executor1 not setting count and/or reply_len properly binder: 11797:11805 ioctl 5402 20f72000 returned -22 binder: 11797:11810 ioctl 5402 20f72000 returned -22 keychord: invalid keycode count 0 netlink: 4 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor6'. keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: invalid keycode count 0 sg_write: data in/out 452821891/51 bytes for SCSI command 0x8f-- guessing data in; program syz-executor1 not setting count and/or reply_len properly netlink: 41 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 41 bytes leftover after parsing attributes in process `syz-executor5'. IPVS: Creating netns size=2536 id=26 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=11890 comm=syz-executor1 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 11887 Comm: syz-executor3 Tainted: G B 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d9b379d0 ffffffff81d93149 ffff8801d9b37cb0 0000000000000000 ffff8801ab32d610 ffff8801d9b37ba0 ffff8801ab32d500 ffff8801d9b37bc8 ffffffff81660dc8 ffff8801d9b37b20 ffff8801d9b379f8 00000001c661e067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 20 CPU: 0 PID: 11868 Comm: syz-executor3 Tainted: G B 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c98ff2a8 ffffffff81d93149 ffff8801c98ff588 0000000000000000 ffff8801ab32d610 ffff8801c98ff478 ffff8801ab32d500 ffff8801c98ff4a0 ffffffff81660dc8 ffff8801c98ff3f8 0000000000000000 00000001c661e067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] faultin_page mm/gup.c:386 [inline] [] __get_user_pages+0x3b4/0x1110 mm/gup.c:585 [] __get_user_pages_locked mm/gup.c:797 [inline] [] __get_user_pages_unlocked mm/gup.c:872 [inline] [] get_user_pages_unlocked+0x1d3/0x370 mm/gup.c:900 [] get_user_pages_fast+0x11e/0x320 arch/x86/mm/gup.c:440 [] get_futex_key+0x1f1/0x1000 kernel/futex.c:545 [] futex_requeue+0x215/0x15c0 kernel/futex.c:1743 [] do_futex+0x47f/0x1640 kernel/futex.c:3242 [] SYSC_futex kernel/futex.c:3280 [inline] [] SyS_futex+0x226/0x2d0 kernel/futex.c:3248 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 11860 Comm: syz-executor3 Tainted: G B 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ce6df8d0 ffffffff81d93149 ffff8801ce6dfbb0 0000000000000000 ffff8801ab32d610 ffff8801ce6dfaa0 ffff8801ab32d500 ffff8801ce6dfac8 ffffffff81660dc8 ffff8801ce6dfa20 ffff8801ab3de000 00000001c661e067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SyS_rt_sigtimedwait+0x2d/0x40 kernel/signal.c:2819 [] entry_SYSCALL_64_fastpath+0x23/0xc6 loop_reread_partitions: partition scan of loop5 () failed (rc=-13) pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads keychord: using input dev AT Translated Set 2 keyboard for fevent binder: 11984:11987 ioctl 4b45 20306000 returned -22 binder: 11984:11987 ioctl c06864a1 204d7f9c returned -22 keychord: invalid keycode count 0 binder: 11984:11987 ioctl 4b45 20306000 returned -22 keychord: using input dev AT Translated Set 2 keyboard for fevent binder: 11984:12021 ioctl c06864a1 204d7f9c returned -22 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 12016 Comm: syz-executor2 Tainted: G B 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c9f17a30 ffffffff81d93149 ffff8801c9f17d10 0000000000000000 ffff8801d5a23d90 ffff8801c9f17c00 ffff8801d5a23c80 ffff8801c9f17c28 ffffffff81660dc8 ffff8801c9f17b80 ffff8801c9f17a88 00000001c80a4067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_keyctl security/keys/keyctl.c:1600 [inline] [] SyS_keyctl+0x1fb/0x230 security/keys/keyctl.c:1588 [] entry_SYSCALL_64_fastpath+0x23/0xc6 keychord: invalid keycode count 0 CPU: 0 PID: 12028 Comm: syz-executor2 Tainted: G B 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a6367770 ffffffff81d93149 ffff8801a6367a50 0000000000000000 ffff8801d5a23d90 ffff8801a6367940 ffff8801d5a23c80 ffff8801a6367968 ffffffff81660dc8 ffff8801a63678c0 0000000000000046 00000001c80a4067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] import_iovec+0xc8/0x3c0 lib/iov_iter.c:1243 [] keyctl_instantiate_key_iov+0xd0/0x150 security/keys/keyctl.c:1160 [] SYSC_keyctl security/keys/keyctl.c:1679 [inline] [] SyS_keyctl+0x79/0x230 security/keys/keyctl.c:1588 [] entry_SYSCALL_64_fastpath+0x23/0xc6 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads keychord: unsupported version 65 keychord: invalid keycode count 0 keychord: unsupported version 65 keychord: invalid keycode count 0 loop_reread_partitions: partition scan of loop0 (��t�?��`��J�z�P[�� p��>�TK6C�=�"��L�� l��!�V�#�F-��') failed (rc=-13) device lo entered promiscuous mode FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 12193 Comm: syz-executor7 Tainted: G B 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cb767a30 ffffffff81d93149 ffff8801cb767d10 0000000000000000 ffff8801d5a23d90 ffff8801cb767c00 ffff8801d5a23c80 ffff8801cb767c28 ffffffff81660dc8 ffff8801cb767b80 ffff8801cb767a88 00000001cc0bc067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_keyctl security/keys/keyctl.c:1600 [inline] [] SyS_keyctl+0x1fb/0x230 security/keys/keyctl.c:1588 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 12208 Comm: syz-executor7 Tainted: G B 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d95e7770 ffffffff81d93149 ffff8801d95e7a50 0000000000000000 ffff8801d5a23d90 ffff8801d95e7940 ffff8801d5a23c80 ffff8801d95e7968 ffffffff81660dc8 ffff8801d95e78c0 0000000000000046 00000001cc0bc067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] import_iovec+0xc8/0x3c0 lib/iov_iter.c:1243 [] keyctl_instantiate_key_iov+0xd0/0x150 security/keys/keyctl.c:1160 [] SYSC_keyctl security/keys/keyctl.c:1679 [inline] [] SyS_keyctl+0x79/0x230 security/keys/keyctl.c:1588 [] entry_SYSCALL_64_fastpath+0x23/0xc6 IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: invalid keycode count 0 keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: invalid keycode count 0 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=41 sclass=netlink_audit_socket pig=12350 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=41 sclass=netlink_audit_socket pig=12350 comm=syz-executor2 binder: 12453:12456 ioctl 40a85323 20647f50 returned -22 binder: 12453:12466 ioctl 40a85323 20647f50 returned -22 keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: invalid keycode count 0 keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: invalid keycode count 0 IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev nla_parse: 5 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. binder: 12637:12645 ioctl 4b3b 1 returned -22 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=3973 sclass=netlink_tcpdiag_socket pig=12647 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=3973 sclass=netlink_tcpdiag_socket pig=12647 comm=syz-executor5 binder: 12637:12662 ioctl 4b3b 1 returned -22 binder: 12804:12809 ioctl 89e5 20000000 returned -22 binder: 12804:12820 ioctl 89e5 20000000 returned -22 netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: invalid keycode count 0 keychord: Insufficient bytes present for keycount 18 keychord: invalid keycode count 0 keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: invalid keycode count 0 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 13002 Comm: syz-executor4 Tainted: G B 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c7c1f9b0 ffffffff81d93149 ffff8801c7c1fc90 0000000000000000 ffff8801d5a22e90 ffff8801c7c1fb80 ffff8801d5a22d80 ffff8801c7c1fba8 ffffffff81660dc8 ffff8801c7c1fb00 ffffffff8418d948 00000001d667d067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 13003 Comm: syz-executor4 Tainted: G B 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ad587780 ffffffff81d93149 ffff8801ad587a60 0000000000000000 ffff8801d5a22e90 ffff8801ad587950 ffff8801d5a22d80 ffff8801ad587978 ffffffff81660dc8 ffff8801ad5878d0 0000000000000000 00000001d667d067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_select fs/select.c:652 [inline] [] SyS_select+0x158/0x1e0 fs/select.c:634 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 12993 Comm: syz-executor4 Tainted: G B 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cf1178c0 ffffffff81d93149 ffff8801cf117ba0 0000000000000000 ffff8801d5a22e90 ffff8801cf117a90 ffff8801d5a22d80 ffff8801cf117ab8 ffffffff81660dc8 ffff8801cf117a10 ffff8801d9847a80 00000001d667d067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] do_fcntl fs/fcntl.c:284 [inline] [] SYSC_fcntl fs/fcntl.c:372 [inline] [] SyS_fcntl+0x81c/0xc70 fs/fcntl.c:357