tmpfs: No value for mount option 'H!' device gre0 entered promiscuous mode ================================================================== BUG: KASAN: wild-memory-access on address ffe708762c108000 Read of size 158 by task syz-executor3/18155 CPU: 1 PID: 18155 Comm: syz-executor3 Not tainted 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a98bfae8 ffffffff81d93149 ffe708762c108000 000000000000009e 0000000000000000 ffff8801a893e0c0 ffe708762c108000 ffff8801a98bfb70 ffffffff8153d08f 0000000000000000 0000000000000001 ffffffff826648db Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_report_error mm/kasan/report.c:284 [inline] [] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309 [] kasan_report+0x20/0x30 mm/kasan/report.c:296 [] check_memory_region_inline mm/kasan/kasan.c:308 [inline] [] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315 [] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320 [] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline] [] sg_read_oxfer drivers/scsi/sg.c:1978 [inline] [] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520 [] __vfs_read+0x103/0x670 fs/read_write.c:452 [] vfs_read+0x107/0x330 fs/read_write.c:475 [] SYSC_read fs/read_write.c:591 [inline] [] SyS_read+0xd9/0x1b0 fs/read_write.c:584 [] entry_SYSCALL_64_fastpath+0x23/0xc6 ================================================================== FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 18282 Comm: syz-executor4 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a50579b0 ffffffff81d93149 ffff8801a5057c90 0000000000000000 ffff8801d66d3f10 ffff8801a5057b80 ffff8801d66d3e00 ffff8801a5057ba8 ffffffff81660dc8 ffff8801a5057b00 ffff8801a5057be0 00000001ca6c7067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 18274 Comm: syz-executor4 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c8b479e0 ffffffff81d93149 ffff8801c8b47cc0 0000000000000000 ffff8801d66d3f10 ffff8801c8b47bb0 ffff8801d66d3e00 ffff8801c8b47bd8 ffffffff81660dc8 ffff8801c8b47b30 ffff8801cb9b8000 00000001ca6c7067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 18262 Comm: syz-executor4 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c79c7910 ffffffff81d93149 ffff8801c79c7bf0 0000000000000000 ffff8801d66d3f10 ffff8801c79c7ae0 ffff8801d66d3e00 ffff8801c79c7b08 ffffffff81660dc8 ffff8801c79c7a60 ffffffff812dd279 00000001ca6c7067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: 18278:18280 ioctl 8910 20000ff0 returned -22 CPU: 1 PID: 18288 Comm: syz-executor4 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c838f9a0 ffffffff81d93149 ffff8801c838fc80 0000000000000000 ffff8801d66d3f10 ffff8801c838fb70 ffff8801d66d3e00 ffff8801c838fb98 ffffffff81660dc8 ffff8801c838faf0 0000000000000000 00000001ca6c7067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 IPVS: Creating netns size=2536 id=41 device syz4 left promiscuous mode pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads device lo left promiscuous mode TCP: request_sock_TCP: Possible SYN flooding on port 20000. Sending cookies. Check SNMP counters. nla_parse: 11 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. TCP: tcp_parse_options: Illegal window scaling value 64 >14 received TCP: tcp_parse_options: Illegal window scaling value 64 >14 received binder: 18955:18957 ioctl 4b6a 20df7fb3 returned -22 PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex IPVS: Creating netns size=2536 id=42 IPVS: set_ctl: invalid protocol: 31912 1.136.255.255:36599 F SELinux: unrecognized netlink message: protocol=9 nlmsg_type=21199 sclass=netlink_audit_socket pig=19120 comm=syz-executor6 IPVS: set_ctl: invalid protocol: 64680 1.136.255.255:4178 F SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pig=19123 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=41 sclass=netlink_audit_socket pig=19120 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=21199 sclass=netlink_audit_socket pig=19120 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=41 sclass=netlink_audit_socket pig=19120 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pig=19143 comm=syz-executor4 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1023 sclass=netlink_route_socket pig=19447 comm=syz-executor4 TCP: lo: Driver has suspect GRO implementation, TCP performance may be compromised. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1023 sclass=netlink_route_socket pig=19477 comm=syz-executor4 IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 19620 Comm: syz-executor7 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a99a76a0 ffffffff81d93149 ffff8801a99a7980[ 102.557603] keychord: using input dev AT Translated Set 2 keyboard for fevent 0000000000000000 ffff8801c8977f10 ffff8801a99a7870 ffff8801c8977e00 ffff8801a99a7898 ffffffff81660dc8 ffff8801a99a77f0 ffff8801cbad9880 00000001cb495067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 keychord: invalid keycode count 0 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 [] inet6_ioctl+0x133/0x1e0 net/ipv6/af_inet6.c:533 [] sock_do_ioctl+0x65/0xb0 net/socket.c:892 [] sock_ioctl+0x2e0/0x3d0 net/socket.c:978 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x1aa/0x10c0 fs/ioctl.c:679 binder: 19672:19676 ioctl 5420 20185ffc returned -22 [] SYSC_ioctl fs/ioctl.c:694 [inline] [] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 19642 Comm: syz-executor2 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801abb079e0 ffffffff81d93149 ffff8801abb07cc0 0000000000000000 ffff8801c8976590 ffff8801abb07bb0 ffff8801c8976480 ffff8801abb07bd8 ffffffff81660dc8 ffff8801abb07b30 ffff8801abb09800 00000001ac6df067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 binder: 19672:19678 ioctl 5420 20185ffc returned -22 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 19631 Comm: syz-executor2 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801aa517910 ffffffff81d93149 ffff8801aa517bf0 0000000000000000 ffff8801c8976590 ffff8801aa517ae0 ffff8801c8976480 ffff8801aa517b08 ffffffff81660dc8 ffff8801aa517a60 ffffffff812dd279 00000001ac6df067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 IPVS: Creating netns size=2536 id=43 CPU: 1 PID: 19658 Comm: syz-executor2 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c85ff9a0 ffffffff81d93149 ffff8801c85ffc80 0000000000000000 ffff8801c8976590 ffff8801c85ffb70 ffff8801c8976480 ffff8801c85ffb98 ffffffff81660dc8 ffff8801c85ffaf0 0000000000000000 00000001ac6df067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 19655 Comm: syz-executor2 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801aaf679b0 ffffffff81d93149 ffff8801aaf67c90 0000000000000000 ffff8801c8976590 ffff8801aaf67b80 ffff8801c8976480 ffff8801aaf67ba8 ffffffff81660dc8 ffff8801aaf67b00 ffff8801aaf67be0 00000001ac6df067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 keychord: invalid keycode count 0 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads nla_parse: 13 callbacks suppressed netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. IPVS: Creating netns size=2536 id=44 device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode IPVS: Creating netns size=2536 id=45 device gre0 left promiscuous mode device syz4 entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'.