================================================================== BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0xd7/0xe0 arch/x86/kernel/unwind_frame.c:51 at addr ffff8801a95b7de8 Read of size 8 by task syz-executor1/4321 page:ffffea0006a56dc0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x8000000000000000() page dumped because: kasan: bad access detected CPU: 0 PID: 4321 Comm: syz-executor1 Not tainted 4.9.69-g3f1d77c #108 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801aaccf928 ffffffff81d90a29 ffffed00352b6fbd 0000000000000008 0000000000000000 ffffed00352b6fbd ffff8801a95b7de8 ffff8801aaccf9b0 ffffffff8153a9c3 ffff8801c63907d8 0000000000000003 ffffffff810d3e07 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:208 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x4c3/0x500 mm/kasan/report.c:309 device lo entered promiscuous mode [] kasan_report mm/kasan/report.c:330 [inline] [] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330 [] unwind_next_frame+0xd7/0xe0 arch/x86/kernel/unwind_frame.c:51 [] __save_stack_trace+0x7d/0xf0 arch/x86/kernel/stacktrace.c:42 [] save_stack_trace_tsk+0x48/0x70 arch/x86/kernel/stacktrace.c:71 [] proc_pid_stack+0x146/0x230 fs/proc/base.c:466 [] proc_single_show+0xf8/0x170 fs/proc/base.c:768 [] seq_read+0x32f/0x1290 fs/seq_file.c:240 device gre0 entered promiscuous mode [] __vfs_read+0x103/0x670 fs/read_write.c:452 [] vfs_read+0x11e/0x380 fs/read_write.c:475 [] SYSC_read fs/read_write.c:591 [inline] [] SyS_read+0xd9/0x1b0 fs/read_write.c:584 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff8801a95b7c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801a95b7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8801a95b7d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 ^ ffff8801a95b7e00: f1 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 ffff8801a95b7e80: f2 00 00 f2 f2 00 00 00 00 00 00 00 00 00 00 00 ================================================================== device gre0 entered promiscuous mode device gre0 entered promiscuous mode keychord: using input dev AT Translated Set 2 keyboard for fevent netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'. device lo entered promiscuous mode sd 0:0:1:0: [sg0] tag#378 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#378 CDB: Test Unit Ready sd 0:0:1:0: [sg0] tag#378 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#378 CDB[10]: 00 00 00 00 10 27 00 00 00 00 00 00 00 00 04 00 netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'. sd 0:0:1:0: [sg0] tag#378 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#378 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 device lo left promiscuous mode keychord: using input dev AT Translated Set 2 keyboard for fevent SELinux: unrecognized netlink message: protocol=4 nlmsg_type=770 sclass=netlink_tcpdiag_socket pig=4659 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=770 sclass=netlink_tcpdiag_socket pig=4659 comm=syz-executor2 device gre0 entered promiscuous mode device gre0 entered promiscuous mode pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads device gre0 entered promiscuous mode pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads audit_printk_skb: 44 callbacks suppressed audit: type=1400 audit(1513315760.878:27): avc: denied { setpcap } for pid=4806 comm="syz-executor0" capability=8 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 device gre0 entered promiscuous mode audit: type=1400 audit(1513315760.938:28): avc: denied { setopt } for pid=4802 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1513315760.978:29): avc: denied { accept } for pid=4822 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1513315761.008:30): avc: denied { bind } for pid=4822 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 audit: type=1400 audit(1513315761.038:31): avc: denied { getattr } for pid=4822 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 binder: 4858:4860 got transaction with invalid parent offset binder: 4858:4860 transaction failed 29201/-22, size 80-32 line 3315 binder_alloc: binder_alloc_mmap_handler: 4858 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 4858:4860 ioctl 40046207 0 returned -16 binder_alloc: 4858: binder_alloc_buf, no vma binder: 4858:4860 transaction failed 29189/-3, size 80-32 line 3130 : renamed from syz5 9pnet_virtio: no channels available for device ./file0 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket pig=4948 comm=syz-executor4 9pnet_virtio: no channels available for device ./file0 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket pig=4960 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket pig=4960 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=769 sclass=netlink_audit_socket pig=4948 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket pig=4960 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19975 sclass=netlink_audit_socket pig=4960 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=770 sclass=netlink_audit_socket pig=4960 comm=syz-executor4 capability: warning: `syz-executor3' uses deprecated v2 capabilities in a way that may be insecure device lo entered promiscuous mode device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14762 sclass=netlink_route_socket pig=5132 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14762 sclass=netlink_route_socket pig=5155 comm=syz-executor0 audit: type=1400 audit(1513315761.818:32): avc: denied { setuid } for pid=5147 comm="syz-executor6" capability=7 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 keychord: invalid keycode count 0 IPVS: Creating netns size=2536 id=10 keychord: invalid keycode count 0 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 audit: type=1400 audit(1513315762.078:33): avc: denied { net_broadcast } for pid=5220 comm="syz-executor0" capability=11 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1513315762.118:34): avc: denied { read } for pid=5220 comm="syz-executor0" path="socket:[12119]" dev="sockfs" ino=12119 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads blk_update_request: I/O error, dev loop7, sector 0 Buffer I/O error on dev loop7, logical block 0, lost async page write blk_update_request: I/O error, dev loop7, sector 8 Buffer I/O error on dev loop7, logical block 1, lost async page write blk_update_request: I/O error, dev loop7, sector 16 Buffer I/O error on dev loop7, logical block 2, lost async page write blk_update_request: I/O error, dev loop7, sector 24 Buffer I/O error on dev loop7, logical block 3, lost async page write blk_update_request: I/O error, dev loop7, sector 32 Buffer I/O error on dev loop7, logical block 4, lost async page write blk_update_request: I/O error, dev loop7, sector 40 Buffer I/O error on dev loop7, logical block 5, lost async page write blk_update_request: I/O error, dev loop7, sector 48 Buffer I/O error on dev loop7, logical block 6, lost async page write blk_update_request: I/O error, dev loop7, sector 56 Buffer I/O error on dev loop7, logical block 7, lost async page write blk_update_request: I/O error, dev loop7, sector 64 Buffer I/O error on dev loop7, logical block 8, lost async page write blk_update_request: I/O error, dev loop7, sector 72 Buffer I/O error on dev loop7, logical block 9, lost async page write device gre0 entered promiscuous mode device lo entered promiscuous mode sock: sock_set_timeout: `syz-executor7' (pid 5458) tries to set negative timeout audit: type=1400 audit(1513315763.628:35): avc: denied { create } for pid=5460 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1 sock: sock_set_timeout: `syz-executor7' (pid 5501) tries to set negative timeout nla_parse: 14 callbacks suppressed netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. IPVS: Creating netns size=2536 id=11 device eql entered promiscuous mode skbuff: bad partial csum: csum=65534/0 len=32 device gre0 entered promiscuous mode netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'. device gre0 left promiscuous mode device gre0 entered promiscuous mode pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) IPVS: Creating netns size=2536 id=12 binder: 5569:5573 DecRefs 0 refcount change on invalid ref 268435456 ret -22 binder: 5569:5573 Acquire 1 refcount change on invalid ref 0 ret -22 binder: 5569:5573 BC_INCREFS_DONE u0000000000000000 no match binder: 5569:5573 ERROR: BC_REGISTER_LOOPER called without request binder: 5569:5573 BC_INCREFS_DONE u0000000000000000 node 9 cookie mismatch 0000000000000002 != 0000000000000000 binder: 5569:5573 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 5569:5573 DecRefs 0 refcount change on invalid ref 4 ret -22 binder: 5585:5588 ERROR: BC_REGISTER_LOOPER called without request binder: 5585:5588 transaction failed 29189/-22, size 0-0 line 3007 binder: 5569:5589 BC_INCREFS_DONE u0000000000000000 node 9 cookie mismatch 0000000000000003 != 0000000000000000 binder: 5569:5589 got transaction to invalid handle binder: 5569:5589 transaction failed 29201/-22, size 40-16 line 3007 binder: 5569:5589 ioctl 541c 20011fff returned -22 binder: 5585:5588 BC_ACQUIRE_DONE node 13 has no pending acquire request binder: 5585:5588 got reply transaction with no transaction stack binder: 5585:5588 transaction failed 29201/-71, size 48-40 line 2923 binder_alloc: 5585: binder_alloc_buf, no vma binder: 5585:5594 transaction failed 29189/-3, size 0-0 line 3130 binder: 5585:5588 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 5585:5594 ioctl 40046207 0 returned -16 skbuff: bad partial csum: csum=65534/0 len=32 binder: BINDER_SET_CONTEXT_MGR already set binder: 5569:5599 ioctl 40046207 0 returned -16 binder: 5569:5589 DecRefs 0 refcount change on invalid ref 268435456 ret -22 binder: 5569:5589 BC_INCREFS_DONE u0000000000000000 no match binder: 5585:5588 BC_ACQUIRE_DONE u0000000000000000 no match binder: 5585:5588 got reply transaction with no transaction stack binder: 5585:5588 transaction failed 29201/-71, size 48-40 line 2923 binder: 5569:5599 ERROR: BC_REGISTER_LOOPER called without request binder: 5569:5599 BC_INCREFS_DONE u0000000000000000 no match binder: 5569:5599 BC_CLEAR_DEATH_NOTIFICATION death notification not active binder: 5569:5599 DecRefs 0 refcount change on invalid ref 4 ret -22 binder: 5569:5599 Release 1 refcount change on invalid ref 1 ret -22 binder: 5569:5599 ERROR: BC_REGISTER_LOOPER called without request binder: 5569:5608 BC_INCREFS_DONE u0000000000000000 no match binder: 5569:5608 got transaction to invalid handle binder: 5569:5608 transaction failed 29201/-22, size 40-16 line 3007 binder: 5569:5608 ioctl 541c 20011fff returned -22 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 binder: 5569:5573 ioctl c0306201 2000efd0 returned -14 binder: undelivered TRANSACTION_COMPLETE binder: undelivered transaction 16, process died. binder: 5654:5658 ERROR: BC_REGISTER_LOOPER called without request netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. binder: release 5654:5658 transaction 25 in, still active binder: send failed reply for transaction 25 to 5654:5676 audit: type=1400 audit(1513315764.468:36): avc: denied { getopt } for pid=5653 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 binder: 5654:5658 got reply transaction with no transaction stack binder: 5654:5658 transaction failed 29201/-71, size 24-8 line 2923 binder_alloc: binder_alloc_mmap_handler: 5654 20000000-20002000 already mapped failed -16 binder: BINDER_SET_CONTEXT_MGR already set binder: 5654:5676 ioctl 40046207 0 returned -16 binder: 5654:5658 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 5654: binder_alloc_buf, no vma binder: 5654:5658 transaction failed 29189/-3, size 0-0 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: 5651:5674 unknown command 548052992 binder: 5651:5674 ioctl c0306201 20aaa000 returned -22 netlink: 7 bytes leftover after parsing attributes in process `syz-executor6'. binder: 5651:5674 tried to acquire reference to desc 0, got 1 instead binder: 5651:5711 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: undelivered death notification, 0000000000000000 device lo left promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. binder: 5840:5843 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 5840:5844 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 5840:5846 BC_DEAD_BINDER_DONE 0000000000000000 not found binder: undelivered death notification, 0000000000000000 binder: 6013:6014 ioctl 8918 20ad9000 returned -22 binder: 6013:6014 ioctl 8924 20002000 returned -22 binder: 6013:6014 ERROR: BC_REGISTER_LOOPER called without request device gre0 entered promiscuous mode binder: 6013:6016 ioctl 8918 20ad9000 returned -22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6022 comm=syz-executor3 netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'. binder: 6013:6014 ioctl 8924 20002000 returned -22 binder: BINDER_SET_CONTEXT_MGR already set binder: 6013:6016 ioctl 40046207 0 returned -16 binder: 6013:6014 ERROR: BC_REGISTER_LOOPER called without request binder_alloc: 6013: binder_alloc_buf, no vma binder: 6013:6016 transaction failed 29189/-3, size 0-0 line 3130 binder: undelivered TRANSACTION_ERROR: 29189 binder: release 6013:6014 transaction 33 in, still active binder: send failed reply for transaction 33 to 6013:6016 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. audit_printk_skb: 11 callbacks suppressed audit: type=1400 audit(1513315766.108:40): avc: denied { dyntransition } for pid=6181 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=process permissive=1 netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. binder: 6255:6256 ioctl 40046205 0 returned -22 binder: 6255:6256 ERROR: BC_REGISTER_LOOPER called without request binder: 6255:6256 unknown command 1400526783 binder: 6255:6256 ioctl c0306201 20002fd0 returned -22 binder: 6255:6256 ioctl c0306201 20005fd0 returned -14 binder: 6255:6256 ioctl c018620b 20000000 returned -14 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_COMPLETE binder: 6255:6256 ioctl 40046205 1fc returned -22 binder: undelivered transaction 37, process died. binder: 6255:6256 ioctl 40046205 0 returned -22 binder: 6255:6256 ERROR: BC_REGISTER_LOOPER called without request binder: 6255:6258 unknown command 1400526783 binder: 6255:6258 ioctl c0306201 20002fd0 returned -22 binder: 6255:6261 got reply transaction with no transaction stack binder: 6255:6261 transaction failed 29201/-71, size 24-8 line 2923 binder: 6255:6258 ioctl c018620b 20000000 returned -14 binder: send failed reply for transaction 41 to 6255:6258 binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29201 ƒ: renamed from lo qtaguid: iface_stat: iface_check_stats_reset_and_adjust(lo): iface reset its stats unexpectedly binder: 6466:6468 unknown command 0 binder: 6466:6468 ioctl c0306201 2000a000 returned -22 program syz-executor6 is using a deprecated SCSI ioctl, please convert it to SG_IO binder: 6466:6468 unknown command 0 binder: 6466:6468 ioctl c0306201 2000a000 returned -22 sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 program syz-executor6 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 binder: 6514:6515 ERROR: BC_REGISTER_LOOPER called without request binder: BINDER_SET_CONTEXT_MGR already set binder: 6514:6535 ioctl 40046207 0 returned -16 binder: 6514:6531 ERROR: BC_REGISTER_LOOPER called without request device gre0 entered promiscuous mode audit: type=1400 audit(1513315767.778:41): avc: denied { getattr } for pid=6546 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 binder: BINDER_SET_CONTEXT_MGR already set binder: 6547:6554 ioctl 40046207 0 returned -16 device gre0 entered promiscuous mode FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 6625 Comm: syz-executor1 Tainted: G B 4.9.69-g3f1d77c #108 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d0b8f940 ffffffff81d90a29 ffff8801d0b8fc20 0000000000000000 ffff8801a745fa90 ffff8801d0b8fb10 ffff8801a745f980 ffff8801d0b8fb38 ffffffff8165e557 ffffffff8389b035 ffff8801d0b8fa90 00000001d8a20067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 audit: type=1400 audit(1513315768.158:42): avc: denied { execute } for pid=6641 comm="syz-executor6" path="pipe:[15202]" dev="pipefs" ino=15202 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=fifo_file permissive=1 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 6625 Comm: syz-executor1 Tainted: G B 4.9.69-g3f1d77c #108 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d0b8f940 ffffffff81d90a29 ffff8801d0b8fc20 0000000000000000 ffff8801a745fd90 ffff8801d0b8fb10 ffff8801a745fc80 ffff8801d0b8fb38 ffffffff8165e557 1ffff1003a171f2f ffff8801d0b8fa90 00000001d22e1067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6672 comm=syz-executor3 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device gre0 entered promiscuous mode FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6712 Comm: syz-executor1 Tainted: G B 4.9.69-g3f1d77c #108 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a6a27940 ffffffff81d90a29 ffff8801a6a27c20 0000000000000000 ffff8801a71d5310 ffff8801a6a27b10 ffff8801a71d5200 ffff8801a6a27b38 ffffffff8165e557 ffff8801d5024a80 ffff8801a6a27a90 00000001cd4c7067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 tty_warn_deprecated_flags: 'syz-executor7' is using deprecated serial flags (with no effect): 00008000 tty_warn_deprecated_flags: 'syz-executor7' is using deprecated serial flags (with no effect): 00008000 CPU: 1 PID: 6712 Comm: syz-executor1 Tainted: G B 4.9.69-g3f1d77c #108 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a6a27940 ffffffff81d90a29 ffff8801a6a27c20 0000000000000000 ffff8801a71d5010 ffff8801a6a27b10 ffff8801a71d4f00 ffff8801a6a27b38 ffffffff8165e557 1ffff10034d44f2f ffff8801a6a27a90 00000001cd4c7067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 9pnet_virtio: no channels available for device H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H¨H pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) IPVS: Creating netns size=2536 id=13 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads SELinux: unrecognized netlink message: protocol=4 nlmsg_type=25 sclass=netlink_tcpdiag_socket pig=6799 comm=syz-executor0 device gre0 entered promiscuous mode 9pnet_virtio: no channels available for device ./file0 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=25 sclass=netlink_tcpdiag_socket pig=6799 comm=syz-executor0 9pnet_virtio: no channels available for device ./file0