==================================================================
BUG: KASAN: wild-memory-access on address ffe7087451183000
keychord: invalid keycode count 0
Read of size 37 by task syz-executor0/17749
CPU: 0 PID: 17749 Comm: syz-executor0 Not tainted 4.9.54-ge5eba30 #61
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d2367ae8 ffffffff81d93659 ffe7087451183000 0000000000000025
 0000000000000000 ffff8801cd02c240 ffe7087451183000 ffff8801d2367b70
 ffffffff8153d48f[   99.443863] keychord: using input dev AT Translated Set 2 keyboard for fevent
 0000000000000000 0000000000000001 ffffffff826651bb
 [<ffffffff81d93659>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93659>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153d48f>] kasan_report_error mm/kasan/report.c:284 [inline]
 [<ffffffff8153d48f>] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309
 [<ffffffff8153d860>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153c1a7>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153c1a7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153c211>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320
 [<ffffffff826651bb>] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline]
 [<ffffffff826651bb>] sg_read_oxfer drivers/scsi/sg.c:1978 [inline]
 [<ffffffff826651bb>] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520
 [<ffffffff8156d753>] __vfs_read+0x103/0x670 fs/read_write.c:452
 [<ffffffff8156ece7>] vfs_read+0x107/0x330 fs/read_write.c:475
 [<ffffffff815728c9>] SYSC_read fs/read_write.c:591 [inline]
 [<ffffffff815728c9>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
 [<ffffffff838aeec5>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
nla_parse: 12 callbacks suppressed
netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'.
keychord: invalid keycode count 0
keychord: using input dev AT Translated Set 2 keyboard for fevent
keychord: invalid keycode count 0
binder: 17952:17953 ioctl c0206416 20ff9000 returned -22
binder: 17947:17958 ioctl c0a85352 203c7f50 returned -22
binder: 17947:17958 ioctl c0a85352 203c7f50 returned -22
binder: 17952:17967 ioctl c0206416 20ff9000 returned -22
binder: 17975:17977 ioctl c0286404 20c0dfd8 returned -22
binder: 17975:17994 ioctl c0286404 20c0dfd8 returned -22
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 18060 Comm: syz-executor0 Tainted: G    B           4.9.54-ge5eba30 #61
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c6fdf9a0 ffffffff81d93659 ffff8801c6fdfc80 0000000000000000
 ffff8801cd8b4290 ffff8801c6fdfb70 ffff8801cd8b4180 ffff8801c6fdfb98
 ffffffff816611c8 ffff8801c6fdfaf0 ffff8801ced007f8 00000001cab14067
Call Trace:
 [<ffffffff81d93659>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93659>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff816611c8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814d0171>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814d0171>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814d0171>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814d0171>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e0437>] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1397
 [<ffffffff810e0c17>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1461
 [<ffffffff838b0098>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838aeec5>] entry_SYSCALL_64_fastpath+0x23/0xc6
binder: 18222:18226 ioctl c06864a2 20bdcf9c returned -22
binder: 18222:18226 ioctl c06864a2 20bdcf9c returned -22
IPVS: Creating netns size=2536 id=50
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
IPVS: Creating netns size=2536 id=51
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=18473 comm=syz-executor6
pktgen: Initialization failed for all threads
netlink: 4 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor4'.
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
device lo entered promiscuous mode
netlink: 13 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'.
device lo left promiscuous mode
netlink: 9 bytes leftover after parsing attributes in process `syz-executor4'.
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
netlink: 13 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'.
device lo entered promiscuous mode
device lo left promiscuous mode
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
binder: 18553:18560 ioctl c0105303 203b4ff0 returned -22
keychord: using input dev AT Translated Set 2 keyboard for fevent
binder: 18572:18574 ioctl 4b3b 1 returned -22
IPVS: Creating netns size=2536 id=52
binder: 18572:18581 ioctl 4b3b 1 returned -22
IPVS: Creating netns size=2536 id=53
device gre0 entered promiscuous mode
netlink: 21 bytes leftover after parsing attributes in process `syz-executor2'.
keychord: invalid keycode count 0
keychord: Insufficient bytes present for keycount 18
keychord: using input dev AT Translated Set 2 keyboard for fevent
keychord: invalid keycode count 0
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
IPVS: Creating netns size=2536 id=54
binder: 18670:18671 ioctl 2403 7fff returned -22
binder: 18686:18688 ioctl 4c07 0 returned -22
binder: 18686:18688 ioctl 5204 20502000 returned -22
binder: 18686:18688 ioctl 4c07 0 returned -22
binder: 18686:18688 ioctl 5204 20502000 returned -22
device lo entered promiscuous mode
binder: 18670:18671 ioctl 2403 7fff returned -22
nla_parse: 1 callbacks suppressed
netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
device syz2 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket pig=18899 comm=syz-executor5
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pig=18923 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=18930 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket pig=18938 comm=syz-executor5
device lo entered promiscuous mode
qtaguid: iface_stat: create(lo): no inet dev
qtaguid: iface_stat: create6(lo): no inet dev
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
qtaguid: iface_stat: create6(lo): no inet dev
netlink: 13 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 13 bytes leftover after parsing attributes in process `syz-executor4'.
binder: 19191:19193 ioctl 4b6a 20df7fb3 returned -22
binder: 19191:19200 ioctl 4b6a 20df7fb3 returned -22
netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'.
IPVS: Creating netns size=2536 id=55
IPVS: Creating netns size=2536 id=56
binder: 19297:19298 ioctl 5424 20603ffc returned -22
binder: 19297:19304 ioctl 5424 20603ffc returned -22
device gre0 entered promiscuous mode
device gre0 left promiscuous mode
device gre0 entered promiscuous mode
device gre0 left promiscuous mode
binder: 19448:19449 ioctl 4b6a 20df7fb3 returned -22
keychord: using input dev AT Translated Set 2 keyboard for fevent
netlink: 21 bytes leftover after parsing attributes in process `syz-executor3'.
9pnet_virtio: no channels available for device ./file0
9pnet_virtio: no channels available for device ./file0
binder: 19494:19495 ioctl 4b3b 1 returned -22
binder: 19494:19503 ioctl 4b3b 1 returned -22
keychord: invalid keycode count 0
keychord: Insufficient bytes present for keycount 18
keychord: using input dev AT Translated Set 2 keyboard for fevent
keychord: invalid keycode count 0
device gre0 entered promiscuous mode
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'.
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
qtaguid: iface_stat: create(lo): no inet dev
qtaguid: iface_stat: create6(lo): no inet dev
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
qtaguid: iface_stat: create6(lo): no inet dev
binder: 19808:19811 ioctl 2401 6 returned -22
binder: 19808:19811 ioctl 40345410 20c19fcc returned -22
binder: 19808:19811 ioctl 2401 6 returned -22
binder: 19808:19823 ioctl 40345410 20c19fcc returned -22
device lo left promiscuous mode
IPVS: Creating netns size=2536 id=57
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
IPVS: Creating netns size=2536 id=58
device gre0 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
tmpfs: Bad mount option q�]g�4��G�
tmpfs: Bad mount option q�]g�4��G�
device syz1 entered promiscuous mode
device syz1 left promiscuous mode
device syz1 entered promiscuous mode
sg_write: data in/out 65500/34 bytes for SCSI command 0xfc-- guessing data in;
   program syz-executor6 not setting count and/or reply_len properly
IPVS: Creating netns size=2536 id=59
IPVS: Creating netns size=2536 id=60