binder: 7076:7120 ioctl 5402 20f52000 returned -22 binder: 7076:7119 ioctl 4b36 0 returned -22 ================================================================== BUG: KASAN: use-after-free in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801d75af240 BUG: KASAN: use-after-free in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801d75af240 BUG: KASAN: use-after-free in static_key_count include/linux/jump_label.h:174 [inline] at addr ffff8801d75af240 BUG: KASAN: use-after-free in static_key_false include/linux/jump_label.h:184 [inline] at addr ffff8801d75af240 BUG: KASAN: use-after-free in perf_sw_event include/linux/perf_event.h:1039 [inline] at addr ffff8801d75af240 BUG: KASAN: use-after-free in __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 at addr ffff8801d75af240 Read of size 8 by task syz-executor0/7123 CPU: 0 PID: 7123 Comm: syz-executor0 Not tainted 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ce9e7d88 ffffffff81d90429 ffff8801da155140 ffff8801d75af1f0 ffff8801d75af2a8 ffffed003aeb5e48 ffff8801d75af240 ffff8801ce9e7db0 ffffffff8153a3ac ffffed003aeb5e48 ffff8801da155140 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [] print_address_description mm/kasan/report.c:198 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:330 [inline] [] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330 [] __read_once_size include/linux/compiler.h:243 [inline] [] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [] static_key_count include/linux/jump_label.h:174 [inline] [] static_key_false include/linux/jump_label.h:184 [inline] [] perf_sw_event include/linux/perf_event.h:1039 [inline] [] __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 Object at ffff8801d75af1f0, in cache vm_area_struct size: 184 Allocated: PID = 7123 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 kmem_cache_zalloc include/linux/slab.h:626 [inline] mmap_region+0x587/0xfd0 mm/mmap.c:1662 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2018 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 7130 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2958 [inline] kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980 remove_vma+0x11d/0x160 mm/mmap.c:175 remove_vma_list mm/mmap.c:2482 [inline] do_munmap+0x7ff/0xeb0 mm/mmap.c:2705 mmap_region+0x14d/0xfd0 mm/mmap.c:1635 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2018 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff8801d75af100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8801d75af180: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fb fb >ffff8801d75af200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8801d75af280: fb fb fb fb fb fc fc fc fc fc fc fc fc fb fb fb ffff8801d75af300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) IPVS: Creating netns size=2536 id=16 netlink: 104 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 104 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 64 bytes leftover after parsing attributes in process `syz-executor2'. device gre0 entered promiscuous mode tmpfs: No value for mount option '‹¶K"WöËO¢©S£d€Yl®' FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7365 Comm: syz-executor2 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a8daf8e0 ffffffff81d90429 ffff8801a8dafbc0 0000000000000000 ffff8801a97bf790 ffff8801a8dafab0 ffff8801a97bf680 ffff8801a8dafad8 ffffffff8165e3c7 ffff8801d116b000 ffff8801a8dafa30 00000001d8598067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] strndup_user+0x28/0xb0 mm/util.c:160 [] SYSC_request_key security/keys/keyctl.c:186 [inline] [] SyS_request_key+0xd6/0x2d0 security/keys/keyctl.c:158 [] entry_SYSCALL_64_fastpath+0x23/0xc6 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads CPU: 0 PID: 7325 Comm: syz-executor2 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ab76f4e0 ffffffff81d90429 ffff8801ab76f7c0 0000000000000000 ffff8801a97bf790 ffff8801ab76f6b0 ffff8801a97bf680 ffff8801ab76f6d8 ffffffff8165e3c7 ffff880102408040 ffff8801ab76f630 00000001d8598067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] generic_perform_write+0x1dc/0x500 mm/filemap.c:2731 [] __generic_file_write_iter+0x348/0x570 mm/filemap.c:2866 [] generic_file_write_iter+0x2d5/0x600 mm/filemap.c:2894 [] new_sync_write fs/read_write.c:499 [inline] [] __vfs_write+0x4bf/0x680 fs/read_write.c:512 [] vfs_write+0x189/0x530 fs/read_write.c:560 [] SYSC_write fs/read_write.c:607 [inline] [] SyS_write+0xd9/0x1b0 fs/read_write.c:599 [] entry_SYSCALL_64_fastpath+0x23/0xc6 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads program syz-executor3 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 program syz-executor3 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7420 Comm: syz-executor1 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801aa0ef970 ffffffff81d90429 ffff8801aa0efc50 0000000000000000 ffff8801a76f9a90 ffff8801aa0efb40 ffff8801a76f9980 ffff8801aa0efb68 ffffffff8165e3c7 ffffffff84186db4 ffff8801aa0efac0 00000001d858f067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 7419 Comm: syz-executor2 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801aa3574e0 ffffffff81d90429 ffff8801aa3577c0 0000000000000000 ffff8801a97bf610 ffff8801aa3576b0 ffff8801a97bf500 ffff8801aa3576d8 ffffffff8165e3c7 ffff880102408040 ffff8801aa357630 00000001d6390067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] generic_perform_write+0x1dc/0x500 mm/filemap.c:2731 [] __generic_file_write_iter+0x348/0x570 mm/filemap.c:2866 [] generic_file_write_iter+0x2d5/0x600 mm/filemap.c:2894 [] new_sync_write fs/read_write.c:499 [inline] [] __vfs_write+0x4bf/0x680 fs/read_write.c:512 [] vfs_write+0x189/0x530 fs/read_write.c:560 [] SYSC_write fs/read_write.c:607 [inline] [] SyS_write+0xd9/0x1b0 fs/read_write.c:599 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7458 Comm: syz-executor2 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801aa5cf8e0 ffffffff81d90429 ffff8801aa5cfbc0 0000000000000000 ffff8801a97bf610 ffff8801aa5cfab0 ffff8801a97bf500 ffff8801aa5cfad8 ffffffff8165e3c7 ffff8801c9e78000 ffff8801aa5cfa30 00000001d6390067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] strndup_user+0x28/0xb0 mm/util.c:160 [] SYSC_request_key security/keys/keyctl.c:186 [inline] [] SyS_request_key+0xd6/0x2d0 security/keys/keyctl.c:158 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 7447 Comm: syz-executor1 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c9bbf930 ffffffff81d90429 ffff8801c9bbfc10 0000000000000000 ffff8801a76f9a90 ffff8801c9bbfb00 ffff8801a76f9980 ffff8801c9bbfb28 ffffffff8165e3c7 ffff8801c9bbfac8 ffff8801c9bbfa80 00000001d858f067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 keychord: invalid keycode count 0 device gre0 entered promiscuous mode 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 selinux_nlmsg_perm: 252 callbacks suppressed SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7551 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7551 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7551 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7551 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7551 comm=syz-executor5 PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7592 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7592 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7592 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7592 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=7592 comm=syz-executor5 loop_reread_partitions: partition scan of loop0 (2°]€fI¸Òæ¶Ì”B±!S,›ùDÏ') failed (rc=-13) loop: Write error at byte offset 18446744073709547520, length 512. blk_update_request: I/O error, dev loop0, sector 0 Buffer I/O error on dev loop0, logical block 0, lost async page write device gre0 entered promiscuous mode device gre0 entered promiscuous mode VFS: Dirty inode writeback failed for block device loop0 (err=-5). binder: 7682:7686 ioctl 8955 202cafbc returned -22 binder: 7682:7686 ioctl 5411 20000ffc returned -22 loop_reread_partitions: partition scan of loop0 () failed (rc=-13) binder: 7682:7686 ioctl 8955 202cafbc returned -22 binder: 7682:7686 ioctl 5411 20000ffc returned -22 device gre0 left promiscuous mode device gre0 entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode 9pnet_virtio: no channels available for device ./file0 IPv6: Can't replace route, no match found IPv6: Can't replace route, no match found FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 7792 Comm: syz-executor7 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d1cdf8e0 ffffffff81d90429 ffff8801d1cdfbc0 0000000000000000 ffff8801a97be710 ffff8801d1cdfab0 ffff8801a97be600 ffff8801d1cdfad8 ffffffff8165e3c7 ffff8801ca12c800 ffff8801d1cdfa30 00000001cdfc8067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SyS_rt_tgsigqueueinfo+0x2c/0x40 kernel/signal.c:3008 [] entry_SYSCALL_64_fastpath+0x23/0xc6 9pnet_virtio: no channels available for device ./file0 binder: 7845:7846 ioctl 8905 20a31ffc returned -22 nla_parse: 1 callbacks suppressed netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. binder: 7845:7846 ioctl c0086420 20cac000 returned -22 binder: 7845:7846 ioctl 8915 205d7000 returned -22 binder: 7845:7846 ioctl 8905 20a31ffc returned -22 netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'. binder: 7845:7846 ioctl c0086420 20cac000 returned -22 binder: 7845:7846 ioctl 8915 205d7000 returned -22 netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. binder: 8025:8027 ioctl 80045200 20348ffc returned -22 binder: 8025:8027 ioctl 80045200 20348ffc returned -22 netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor7'. device gre0 entered promiscuous mode netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode ALSA: seq fatal error: cannot create timer (-19) device lo entered promiscuous mode device lo left promiscuous mode sd 0:0:1:0: [sg0] tag#371 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#371 CDB: Test Unit Ready sd 0:0:1:0: [sg0] tag#371 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#371 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#371 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#371 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#371 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#806 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK device lo entered promiscuous mode sd 0:0:1:0: [sg0] tag#806 CDB: Test Unit Ready device lo left promiscuous mode sd 0:0:1:0: [sg0] tag#806 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#806 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#806 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#806 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#806 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 binder: binder_mmap: 8508 207fd000-20801000 bad vm_flags failed -1 binder: 8508:8512 ioctl 8917 20227fe0 returned -22 IPVS: Creating netns size=2536 id=17 device lo entered promiscuous mode binder: binder_mmap: 8508 207fd000-20801000 bad vm_flags failed -1 binder: 8508:8523 ioctl 8917 20227fe0 returned -22 device  entered promiscuous mode device  left promiscuous mode device  entered promiscuous mode device  left promiscuous mode pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) IPVS: Creating netns size=2536 id=18 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads selinux_nlmsg_perm: 140 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pig=8717 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pig=8717 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pig=8742 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pig=8742 comm=syz-executor1 keychord: Insufficient bytes present for keycount 42 keychord: Insufficient bytes present for keycount 42 binder: 8810:8815 ioctl 540f 20af2ffc returned -22 binder: 8810:8815 ioctl 540f 20af2ffc returned -22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=8831 comm=syz-executor7 device gre0 entered promiscuous mode Tx-ring is not supported. binder: 8972:8973 ioctl 5609 208daffa returned -22 keychord: keycode 16224 out of range keychord: keycode 16224 out of range binder: 8991:8994 ioctl c058534b 20000000 returned -22 binder: 8991:8994 ioctl c058534b 20000000 returned -22 nla_parse: 18 callbacks suppressed netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. blk_update_request: I/O error, dev loop0, sector 0 binder: 8972:8990 ioctl 5609 208daffa returned -22 netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'. device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9053 comm=syz-executor2 netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'. binder: 9062:9072 ioctl c058534b 20000000 returned -22 netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'. binder: 9062:9072 ioctl c058534b 20000000 returned -22 PF_BRIDGE: RTM_NEWNEIGH with invalid ifindex PF_BRIDGE: RTM_NEWNEIGH with invalid ifindex netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor3'. FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 9175 Comm: syz-executor1 Tainted: G B 4.9.64-gfbb7468 #94 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d1b9f8c0 ffffffff81d90429 ffff8801d1b9fba0 0000000000000000