BUG: KASAN: wild-memory-access on address ffe708746fe8d000 Read of size 55 by task syz-executor0/9354 CPU: 1 PID: 9354 Comm: syz-executor0 Not tainted 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d65979e8 ffffffff81d93149 ffe708746fe8d000 0000000000000037 0000000000000000 ffff8801c5843a20 ffe708746fe8d000 ffff8801d6597a70 ffffffff8153d08f 0000000000000000 0000000000000001 ffffffff826648db Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_report_error mm/kasan/report.c:284 [inline] [] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309 [] kasan_report+0x20/0x30 mm/kasan/report.c:296 [] check_memory_region_inline mm/kasan/kasan.c:308 [inline] [] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315 [] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320 [] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline] [] sg_read_oxfer drivers/scsi/sg.c:1978 [inline] [] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520 [] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714 [] do_loop_readv_writev fs/read_write.c:880 [inline] [] do_readv_writev+0x520/0x750 fs/read_write.c:874 [] vfs_readv+0x84/0xc0 fs/read_write.c:898 [] do_readv+0xe6/0x250 fs/read_write.c:924 [] SYSC_readv fs/read_write.c:1011 [inline] [] SyS_readv+0x27/0x30 fs/read_write.c:1008 [] entry_SYSCALL_64_fastpath+0x23/0xc6 ================================================================== sg_write: data in/out 31877/6 bytes for SCSI command 0x0-- guessing data in; program syz-executor0 not setting count and/or reply_len properly ================================================================== BUG: KASAN: wild-memory-access on address ffe7086a3b108000 Read of size 176 by task syz-executor0/9362 CPU: 1 PID: 9362 Comm: syz-executor0 Tainted: G B 4.9.52-gc30c69c #54 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801aacbf9e8 ffffffff81d93149 ffe7086a3b108000 00000000000000b0 0000000000000000 ffff8801c6c84360 ffe7086a3b108000 ffff8801aacbfa70 ffffffff8153d08f 0000000000000000 0000000000000001 ffffffff826648db Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_report_error mm/kasan/report.c:284 [inline] [] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309 [] kasan_report+0x20/0x30 mm/kasan/report.c:296 [] check_memory_region_inline mm/kasan/kasan.c:308 [inline] [] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315 [] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320 [] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline] [] sg_read_oxfer drivers/scsi/sg.c:1978 [inline] [] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520 [] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714 [] do_loop_readv_writev fs/read_write.c:880 [inline] [] do_readv_writev+0x520/0x750 fs/read_write.c:874 [] vfs_readv+0x84/0xc0 fs/read_write.c:898 [] do_readv+0xe6/0x250 fs/read_write.c:924 [] SYSC_readv fs/read_write.c:1011 [inline] [] SyS_readv+0x27/0x30 fs/read_write.c:1008 [] entry_SYSCALL_64_fastpath+0x23/0xc6 ================================================================== device syz4 entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device syz4 left promiscuous mode device syz4 entered promiscuous mode device syz4 left promiscuous mode binder: 9625:9627 ioctl c08c5336 20d23f74 returned -22 binder: 9625:9627 ioctl 5404 20d2a000 returned -22 binder: 9625:9627 ioctl 800454d7 20c8d000 returned -22 binder: 9625:9627 ioctl c08c5336 20d23f74 returned -22 binder: 9625:9639 ioctl 5404 20d2a000 returned -22 binder: 9625:9639 ioctl 800454d7 20c8d000 returned -22 binder: 9643:9644 ioctl 8915 20ff1fe0 returned -22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9649 comm=syz-executor6 binder: 9643:9651 ioctl 8915 20ff1fe0 returned -22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9649 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9649 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9649 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9649 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9649 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9649 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9649 comm=syz-executor6 binder: 9747:9753 ioctl c00c642e 2057b000 returned -22 binder: 9747:9767 ioctl 4c00 6 returned -22 binder: 9747:9785 ioctl c00c642e 2057b000 returned -22 binder: 9747:9787 ioctl 4c00 19 returned -22 binder: 9872:9873 ioctl 4b3b 81 returned -22 binder: 9872:9873 ioctl 4b3b 81 returned -22 binder: 9970:9979 ioctl 40605346 20f88000 returned -22 binder: 9970:9979 ioctl 40605346 20f88000 returned -22 binder: 10081:10084 ioctl c08c5335 209dcf74 returned -22 binder: 10081:10100 ioctl 80404532 200f2f20 returned -22 binder: 10081:10100 ioctl c08c5335 209dcf74 returned -22 binder: 10081:10084 ioctl 80404532 200f2f20 returned -22 binder: 10149:10150 ioctl 4b3b 1 returned -22 TCP: request_sock_TCP: Possible SYN flooding on port 20026. Sending cookies. Check SNMP counters. IPVS: Creating netns size=2536 id=19 binder: 10149:10150 ioctl 4b3b 1 returned -22 IPVS: Creating netns size=2536 id=20 tc_ctl_action: received NO action attribs tc_ctl_action: received NO action attribs device gre0 entered promiscuous mode nla_parse: 21 callbacks suppressed netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. IPVS: Creating netns size=2536 id=21 keychord: unsupported version 48 keychord: keycode 46132 out of range keychord: unsupported version 48 keychord: keycode 46132 out of range device syz4 entered promiscuous mode binder_alloc: binder_alloc_mmap_handler: 10726 20000000-20400000 already mapped failed -16 selinux_nlmsg_perm: 17 callbacks suppressed SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=10743 comm=syz-executor7 A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. tmpfs: Bad mount option "矓 鮐嵩{m񚥝Ⅻ3+ *SCXj轔逕扦A怅3朼i訡I|;)S#OVJ譺 tmpfs: Bad mount option "矓 鮐嵩{m񚥝Ⅻ3+ *SCXj轔逕扦A怅3朼i訡I|;)S#OVJ譺 loop_reread_partitions: partition scan of loop0 (洏飔?橎`衬J颍z霵[朊 宲は>塗K6C="圜L ül啘!V #碏-包') failed (rc=-13) A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31 sclass=netlink_route_socket pig=10917 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6490 sclass=netlink_route_socket pig=10921 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31 sclass=netlink_route_socket pig=10917 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=32 sclass=netlink_tcpdiag_socket pig=10985 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=32 sclass=netlink_tcpdiag_socket pig=10985 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=21199 sclass=netlink_audit_socket pig=11070 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=41 sclass=netlink_audit_socket pig=11070 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=21199 sclass=netlink_audit_socket pig=11070 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=11089 comm=syz-executor1 sg_write: data in/out 296463/34 bytes for SCSI command 0xfc-- guessing data in; program syz-executor3 not setting count and/or reply_len properly tmpfs: Bad mount option q黓g4劘G tmpfs: Bad mount option q黓g4劘G device syz0 entered promiscuous mode 9pnet_virtio: no channels available for device ./file0 device syz0 left promiscuous mode device syz0 entered promiscuous mode 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: invalid keycode count 0 keychord: Insufficient bytes present for keycount 18 keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: invalid keycode count 0 binder: 11652:11653 ioctl 5609 208daffa returned -22 binder: 11652:11653 ioctl 5609 208daffa returned -22 binder: 11708:11714 ioctl 4b6b 20bee000 returned -22 IPVS: Creating netns size=2536 id=22 IPVS: Creating netns size=2536 id=23 program syz-executor3 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 program syz-executor3 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 binder: 11861:11864 ioctl 89e1 20000ffc returned -22 binder: 11861:11870 ioctl 89e1 20000ffc returned -22 program syz-executor3 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 program syz-executor3 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads nla_parse: 24 callbacks suppressed netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'.