binder: 5134:5158 ioctl 4b60 205baf8c returned -22 ================================================================== BUG: KASAN: wild-memory-access on address ffe7087450a0d000 Read of size 4060 by task syz-executor2/5181 CPU: 1 PID: 5181 Comm: syz-executor2 Not tainted 4.9.54-ge5eba30 #61 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a22479e8 ffffffff81d93659 ffe7087450a0d000 0000000000000fdc 0000000000000000 ffff8801a843b480 ffe7087450a0d000 ffff8801a2247a70 ffffffff8153d48f 0000000000000000 0000000000000001 ffffffff826651bb Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_report_error mm/kasan/report.c:284 [inline] [] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309 [] kasan_report+0x20/0x30 mm/kasan/report.c:296 [] check_memory_region_inline mm/kasan/kasan.c:308 [inline] [] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315 [] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320 [] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline] [] sg_read_oxfer drivers/scsi/sg.c:1978 [inline] [] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520 [] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714 [] do_loop_readv_writev fs/read_write.c:880 [inline] [] do_readv_writev+0x520/0x750 fs/read_write.c:874 [] vfs_readv+0x84/0xc0 fs/read_write.c:898 [] do_readv+0xe6/0x250 fs/read_write.c:924 [] SYSC_readv fs/read_write.c:1011 [inline] [] SyS_readv+0x27/0x30 fs/read_write.c:1008 [] entry_SYSCALL_64_fastpath+0x23/0xc6 ================================================================== program syz-executor0 is using a deprecated SCSI ioctl, please convert it to SG_IO netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 selinux_nlmsg_perm: 47 callbacks suppressed SELinux: unrecognized netlink message: protocol=9 nlmsg_type=37422 sclass=netlink_audit_socket pig=5252 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=37422 sclass=netlink_audit_socket pig=5252 comm=syz-executor7 program syz-executor0 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. program syz-executor0 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 program syz-executor0 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=28 sclass=netlink_tcpdiag_socket pig=5309 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=28 sclass=netlink_tcpdiag_socket pig=5319 comm=syz-executor2 binder: 5403:5404 ioctl 4b45 20306000 returned -22 binder: 5403:5404 ioctl 4b45 20306000 returned -22 9pnet_virtio: no channels available for device ./file0 sg_write: data in/out 65500/34 bytes for SCSI command 0xfc-- guessing data in; program syz-executor5 not setting count and/or reply_len properly 9pnet_virtio: no channels available for device ./file0 binder_alloc: binder_alloc_mmap_handler: 5539 204f0000-204f4000 already mapped failed -16 syz-executor6: vmalloc: allocation failure: 17178820608 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 5543 Comm: syz-executor6 Tainted: G B 4.9.54-ge5eba30 #61 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c8ec7880 ffffffff81d93659 1ffff100391d8f13 ffff8801a39f6000 ffffffff83ab7ac0 0000000000000001 0000000000400000 ffff8801c8ec7990 ffffffff81451172 024000c22d752bb3 0000000041b58ab3 ffffffff8418fe55 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3054 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e80 net/ipv6/netfilter/ip6_tables.c:730 [] ? 0xffffffff810002b8 [] do_replace net/ipv6/netfilter/ip6_tables.c:1182 [inline] [] do_ip6t_set_ctl+0x2be/0x470 net/ipv6/netfilter/ip6_tables.c:1708 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:903 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2705 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2705 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:83706 inactive_anon:43 isolated_anon:0 active_file:3429 inactive_file:5844 isolated_file:0 unevictable:0 dirty:78 writeback:0 unstable:0 slab_reclaimable:5478 slab_unreclaimable:24660 mapped:22010 shmem:179 pagetables:843 bounce:0 free:1484080 free_pcp:311 free_cma:0 Node 0 active_anon:334824kB inactive_anon:172kB active_file:13716kB inactive_file:23376kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:88040kB dirty:312kB writeback:0kB shmem:716kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 14336kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB DMA32 free:2981152kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981848kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:696kB local_pcp:48kB free_cma:0kB Normal free:2939260kB min:36816kB low:46020kB high:55224kB active_anon:334824kB inactive_anon:172kB active_file:13716kB inactive_file:23376kB unevictable:0kB writepending:312kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:21912kB slab_unreclaimable:98640kB kernel_stack:6048kB pagetables:3372kB bounce:0kB free_pcp:548kB local_pcp:120kB free_cma:0kB DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 9451 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320235 pages reserved syz-executor6: vmalloc: allocation failure: 17178820608 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM) CPU: 0 PID: 5555 Comm: syz-executor6 Tainted: G B 4.9.54-ge5eba30 #61 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d53bf880 ffffffff81d93659 1ffff1003aa77f13 ffff8801c8d46000 ffffffff83ab7ac0 0000000000000001 0000000000400000 ffff8801d53bf990 ffffffff81451172 024000c27182bc04 0000000041b58ab3 ffffffff8418fe55 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] warn_alloc+0x212/0x240 mm/page_alloc.c:3054 [] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722 [] __vmalloc_node mm/vmalloc.c:1744 [inline] [] __vmalloc_node_flags mm/vmalloc.c:1758 [inline] [] vmalloc+0x5b/0x70 mm/vmalloc.c:1773 [] xt_alloc_entry_offsets+0x41/0x60 net/netfilter/x_tables.c:722 [] translate_table+0x21a/0x1e80 net/ipv6/netfilter/ip6_tables.c:730 [] ? 0xffffffff810002b8 [] do_replace net/ipv6/netfilter/ip6_tables.c:1182 [inline] [] do_ip6t_set_ctl+0x2be/0x470 net/ipv6/netfilter/ip6_tables.c:1708 [] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline] [] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114 [] ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:903 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2705 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2705 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x160/0x250 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Mem-Info: active_anon:84745 inactive_anon:43 isolated_anon:0 active_file:3429 inactive_file:5844 isolated_file:0 unevictable:0 dirty:78 writeback:0 unstable:0 slab_reclaimable:5478 slab_unreclaimable:24769 mapped:22010 shmem:179 pagetables:843 bounce:0 free:1482925 free_pcp:309 free_cma:0 Node 0 active_anon:338980kB inactive_anon:172kB active_file:13716kB inactive_file:23376kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:88040kB dirty:312kB writeback:0kB shmem:716kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 14336kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB DMA32 free:2981152kB min:30600kB low:38248kB high:45896kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2981848kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:696kB local_pcp:48kB free_cma:0kB Normal free:2932584kB min:36816kB low:46020kB high:55224kB active_anon:338980kB inactive_anon:172kB active_file:13716kB inactive_file:23376kB unevictable:0kB writepending:312kB present:4718592kB managed:3585220kB mlocked:0kB slab_reclaimable:21912kB slab_unreclaimable:99076kB kernel_stack:6048kB pagetables:3372kB bounce:0kB free_pcp:536kB local_pcp:196kB free_cma:0kB DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 9451 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 1965979 pages RAM 0 pages HighMem/MovableOnly 320235 pages reserved netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. SELinux: unrecognized netlink message: protocol=6 nlmsg_type=65535 sclass=netlink_xfrm_socket pig=5715 comm=syz-executor0 netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. SELinux: unrecognized netlink message: protocol=6 nlmsg_type=65535 sclass=netlink_xfrm_socket pig=5715 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pig=5772 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pig=5790 comm=syz-executor6 TCP: tcp_parse_options: Illegal window scaling value 64 >14 received IPVS: Creating netns size=2536 id=14 TCP: tcp_parse_options: Illegal window scaling value 64 >14 received IPVS: Creating netns size=2536 id=15 TCP: request_sock_TCP: Possible SYN flooding on port 20006. Sending cookies. Check SNMP counters. binder: 5908:5910 ioctl 541b 20cf5000 returned -22 binder: 5908:5910 ioctl 541b 20cf5000 returned -22 device syz3 entered promiscuous mode device syz3 left promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23661 sclass=netlink_route_socket pig=5891 comm=syz-executor4 device syz3 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23661 sclass=netlink_route_socket pig=5984 comm=syz-executor4 device gre0 entered promiscuous mode IPVS: length: 24 != 8 skbuff: bad partial csum: csum=65535/0 len=1 IPVS: length: 24 != 8 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads binder: 6182:6186 ioctl 8953 206d4000 returned -22 binder: 6182:6186 ioctl c0106426 20c60000 returned -22 binder: 6182:6186 ioctl 8953 206d4000 returned -22 binder: 6182:6198 ioctl c0106426 20c60000 returned -22 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads device gre0 entered promiscuous mode skbuff: bad partial csum: csum=98/65532 len=264 skbuff: bad partial csum: csum=98/65532 len=264 9pnet_virtio: no channels available for device ./file0 nla_parse: 6 callbacks suppressed netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. 9pnet_virtio: no channels available for device ./file0 netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. IPv6: NLM_F_REPLACE set, but no existing node found! netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. IPv6: NLM_F_REPLACE set, but no existing node found! device syz6 entered promiscuous mode device syz6 left promiscuous mode binder: 6412:6417 ioctl c010640c 208f6000 returned -22 device syz6 entered promiscuous mode device syz6 left promiscuous mode device syz6 entered promiscuous mode binder: 6412:6444 ioctl c010640c 208f6000 returned -22 device lo entered promiscuous mode qtaguid: iface_stat: create(lo): no inet dev qtaguid: iface_stat: create6(lo): no inet dev IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev device lo left promiscuous mode binder: 6590:6595 ioctl 401845c0 20e26fe8 returned -22 binder: 6590:6599 ioctl 401845c0 20e26fe8 returned -22 device lo entered promiscuous mode qtaguid: iface_stat: create(lo): no inet dev qtaguid: iface_stat: create6(lo): no inet dev IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready qtaguid: iface_stat: create6(lo): no inet dev device lo left promiscuous mode IPVS: Creating netns size=2536 id=16 IPVS: Creating netns size=2536 id=17 binder: 6686:6690 ioctl 40304580 20121000 returned -22 netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. binder: 6686:6699 ioctl 40304580 20121000 returned -22 netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. device gre0 entered promiscuous mode netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 6939 Comm: syz-executor2 Tainted: G B 4.9.54-ge5eba30 #61 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a3b4f970 ffffffff81d93659 ffff8801a3b4fc50 0000000000000000 ffff8801ceb2ad10 ffff8801a3b4fb40 ffff8801ceb2ac00 ffff8801a3b4fb68 ffffffff816611c8 ffff8801a3b4fac0 ffff8801a79fe7f8 00000001c636b067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1461 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode sg_write: data in/out 2127708969/6 bytes for SCSI command 0xe3-- guessing data in; program syz-executor6 not setting count and/or reply_len properly CPU: 1 PID: 6945 Comm: syz-executor2 Tainted: G B 4.9.54-ge5eba30 #61 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c63978b0 ffffffff81d93659 ffff8801c6397b90 0000000000000000 ffff8801ceb2ad10 ffff8801c6397a80 ffff8801ceb2ac00 ffff8801c6397aa8 ffffffff816611c8 ffff8801c6397a00 0000000000000038 00000001c636b067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1461 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SyS_mq_getsetattr+0x24/0x30 ipc/mqueue.c:1321 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6939 Comm: syz-executor2 Tainted: G B 4.9.54-ge5eba30 #61 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a3b4f970 ffffffff81d93659 ffff8801a3b4fc50 0000000000000000 ffff8801d9157c10 ffff8801a3b4fb40 ffff8801d9157b00 ffff8801a3b4fb68 ffffffff816611c8 ffff8801a3b4fac0 000000400000000c 00000001a5524067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1461 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device syz5 entered promiscuous mode device syz5 left promiscuous mode device syz5 entered promiscuous mode IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! device lo entered promiscuous mode IPv6: Can't replace route, no match found loop_reread_partitions: partition scan of loop5 (t?`JzP[ p>TK6C="L l!V #F-') failed (rc=-13) IPv6: Can't replace route, no match found qtaguid: iface_stat: create6(lo): no inet dev device lo left promiscuous mode qtaguid: iface_stat: create6(lo): no inet dev device lo left promiscuous mode program syz-executor1 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 device lo entered promiscuous mode device lo left promiscuous mode program syz-executor1 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 device lo entered promiscuous mode device lo left promiscuous mode binder: 7428:7434 ioctl c0bc5351 20176000 returned -22 binder: 7428:7434 ioctl 4b36 0 returned -22 binder: 7428:7434 ioctl 4c02 20c1d000 returned -22 binder: 7447:7448 ioctl 5411 205b2ffc returned -22 binder: 7428:7452 ioctl c0bc5351 20176000 returned -22 binder: 7428:7454 ioctl 4b36 0 returned -22 binder: 7428:7455 ioctl 4c02 20c1d000 returned -22 device lo entered promiscuous mode IPVS: Creating netns size=2536 id=18 binder: 7447:7448 ioctl 5411 205b2ffc returned -22 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7476 Comm: syz-executor7 Tainted: G B 4.9.54-ge5eba30 #61 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c4177960 ffffffff81d93659 ffff8801c4177c40 0000000000000000 ffff8801ceb2ae90 ffff8801c4177b30 ffff8801ceb2ad80 ffff8801c4177b58 ffffffff816611c8 ffff8801c4177ab0 ffff8801db321500 00000001d0478067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1461 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 IPVS: Creating netns size=2536 id=19 selinux_nlmsg_perm: 4 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3803 sclass=netlink_route_socket pig=7513 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3803 sclass=netlink_route_socket pig=7513 comm=syz-executor3 loop_reread_partitions: partition scan of loop0 (-\t@r9hxGQ:[il L*@R-Tr-x) failed (rc=-13) binder: 7660:7664 ioctl 5404 207dcfec returned -22 binder: 7660:7697 ioctl 5404 207dcfec returned -22 device syz4 entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): syz4: link becomes ready device gre0 entered promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): syz4: link becomes ready IPVS: Creating netns size=2536 id=20 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads binder: 7874:7875 ioctl 4b45 20306000 returned -22 binder: 7874:7878 ioctl 4b45 20306000 returned -22