================================================================== BUG: KASAN: wild-memory-access on address ffe708746f13f000 Read of size 28 by task syz-executor2/4617 CPU: 1 PID: 4617 Comm: syz-executor2 Not tainted 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d693f9e8 ffffffff81d93149 ffe708746f13f000 000000000000001c 0000000000000000 ffff8801d6a91240 ffe708746f13f000 ffff8801d693fa70 ffffffff8153d08f 0000000000000000 0000000000000001 ffffffff826648db Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_report_error mm/kasan/report.c:284 [inline] [] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309 [] kasan_report+0x20/0x30 mm/kasan/report.c:296 [] check_memory_region_inline mm/kasan/kasan.c:308 [inline] [] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315 [] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320 [] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline] [] sg_read_oxfer drivers/scsi/sg.c:1978 [inline] [] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520 [] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714 [] do_loop_readv_writev fs/read_write.c:880 [inline] [] do_readv_writev+0x520/0x750 fs/read_write.c:874 [] vfs_readv+0x84/0xc0 fs/read_write.c:898 [] do_readv+0xe6/0x250 fs/read_write.c:924 [] SYSC_readv fs/read_write.c:1011 [inline] [] SyS_readv+0x27/0x30 fs/read_write.c:1008 [] entry_SYSCALL_64_fastpath+0x23/0xc6 ================================================================== FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 4634 Comm: syz-executor7 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d0e47a10 ffffffff81d93149 ffff8801d0e47cf0 0000000000000000 ffff8801aacb4590 ffff8801d0e47be0 ffff8801aacb4480 ffff8801d0e47c08 ffffffff81660dc8 ffff8801d0e47b60 ffffffff811c9f10 00000001ceb7c067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_sigaltstack kernel/signal.c:3170 [inline] [] SyS_sigaltstack+0x6c/0x90 kernel/signal.c:3168 [] entry_SYSCALL_64_fastpath+0x23/0xc6 pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads IPVS: Creating netns size=2536 id=15 device syz1 entered promiscuous mode device syz1 left promiscuous mode device syz1 entered promiscuous mode device gre0 entered promiscuous mode pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads TCP: tcp_parse_options: Illegal window scaling value 64 >14 received netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. TCP: tcp_parse_options: Illegal window scaling value 64 >14 received device syz0 entered promiscuous mode netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7417 sclass=netlink_route_socket pig=4977 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4976 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4985 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7417 sclass=netlink_route_socket pig=4988 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=770 sclass=netlink_xfrm_socket pig=5002 comm=syz-executor0 device lo entered promiscuous mode 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. IPv6: NLM_F_REPLACE set, but no existing node found! netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'. IPv6: NLM_F_REPLACE set, but no existing node found! netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. SELinux: unrecognized netlink message: protocol=6 nlmsg_type=770 sclass=netlink_xfrm_socket pig=5120 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=770 sclass=netlink_xfrm_socket pig=5120 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=770 sclass=netlink_xfrm_socket pig=5120 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=770 sclass=netlink_xfrm_socket pig=5120 comm=syz-executor3 IPVS: Creating netns size=2536 id=16 binder_alloc: binder_alloc_mmap_handler: 5206 20000000-20400000 already mapped failed -16 device syz2 entered promiscuous mode netlink: 29 bytes leftover after parsing attributes in process `syz-executor3'. device syz2 left promiscuous mode device syz2 entered promiscuous mode netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'. SELinux: unrecognized netlink message: protocol=9 nlmsg_type=21199 sclass=netlink_audit_socket pig=5346 comm=syz-executor6 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 5507 Comm: syz-executor7 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d683f9e0 ffffffff81d93149 ffff8801d683fcc0 0000000000000000 ffff8801aacb4e90 ffff8801d683fbb0 ffff8801aacb4d80 ffff8801d683fbd8 ffffffff81660dc8 ffff8801d683fb30 ffff8801c8951800 00000001d6730067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 device lo entered promiscuous mode binder: 5554:5570 ioctl 541c 20002fff returned -22 binder: 5554:5555 ioctl 40106410 20002ff0 returned -22 binder: 5554:5555 ioctl 541c 20002fff returned -22 CPU: 1 PID: 5528 Comm: syz-executor7 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ad85f920 ffffffff81d93149 ffff8801ad85fc00 0000000000000000 ffff8801aacb4e90 ffff8801ad85faf0 ffff8801aacb4d80 ffff8801ad85fb18 ffffffff81660dc8 ffff8801ad85fa70 dffffc0000000000 00000001d6730067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SyS_mq_getsetattr+0x24/0x30 ipc/mqueue.c:1321 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 5507 Comm: syz-executor7 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d683f9e0 ffffffff81d93149 ffff8801d683fcc0 0000000000000000 ffff8801aa8c5910 ffff8801d683fbb0 ffff8801aa8c5800 ffff8801d683fbd8 ffffffff81660dc8 ffff8801d683fb30 ffff8801c8951800 00000001d6730067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 1 PID: 5528 Comm: syz-executor7 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ad85f920 ffffffff81d93149 ffff8801ad85fc00 0000000000000000 ffff8801aa8c5910 ffff8801ad85faf0 ffff8801aa8c5800 ffff8801ad85fb18 ffffffff81660dc8 ffff8801ad85fa70 dffffc0000000000 00000001d6730067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SyS_mq_getsetattr+0x24/0x30 ipc/mqueue.c:1321 [] entry_SYSCALL_64_fastpath+0x23/0xc6 IPv6: NLM_F_REPLACE set, but no existing node found! IPv6: NLM_F_REPLACE set, but no existing node found! device lo entered promiscuous mode device lo left promiscuous mode capability: warning: `syz-executor6' uses deprecated v2 capabilities in a way that may be insecure FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 5746 Comm: syz-executor1 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a2b0f8a0 ffffffff81d93149 ffff8801a2b0fb80 0000000000000000 ffff8801aa8c5a90 ffff8801a2b0fa70 ffff8801aa8c5980 ffff8801a2b0fa98 ffffffff81660dc8 ffff8801a2b0f9f0 ffff8801db321518 00000001a12df067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] move_addr_to_kernel net/socket.c:1568 [inline] [] SYSC_connect+0x288/0x310 net/socket.c:1553 [] SyS_connect+0x24/0x30 net/socket.c:1543 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 5756 Comm: syz-executor1 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a92979b0 ffffffff81d93149 ffff8801a9297c90 0000000000000000 ffff8801aa8c5a90 ffff8801a9297b80 ffff8801aa8c5980 ffff8801a9297ba8 ffffffff81660dc8 ffff8801a9297b00 ffffffff8418d948 00000001a12df067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 5746 Comm: syz-executor1 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a2b0f8a0 ffffffff81d93149 ffff8801a2b0fb80 0000000000000000 ffff8801aa8c5c10 ffff8801a2b0fa70 ffff8801aa8c5b00 ffff8801a2b0fa98 ffffffff81660dc8 ffff8801a2b0f9f0 ffff8801a2b18000 00000001a12df067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] move_addr_to_kernel net/socket.c:1568 [inline] [] SYSC_connect+0x288/0x310 net/socket.c:1553 [] SyS_connect+0x24/0x30 net/socket.c:1543 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 5756 Comm: syz-executor1 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a92979b0 ffffffff81d93149 ffff8801a9297c90 0000000000000000 ffff8801aa8c5c10 ffff8801a9297b80 ffff8801aa8c5b00 ffff8801a9297ba8 ffffffff81660dc8 ffff8801a2b1e000 0000000000000000 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 IPVS: Creating netns size=2536 id=17 FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 5949 Comm: syz-executor1 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a23bf9e0 ffffffff81d93149 ffff8801a23bfcc0 0000000000000000 ffff8801aa8c5d90 ffff8801a23bfbb0 ffff8801aa8c5c80 ffff8801a23bfbd8 ffffffff81660dc8 ffff8801a23bfb30 ffff8801d675e000 00000001a3dba067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 5932 Comm: syz-executor1 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a8d7f900 ffffffff81d93149 ffff8801a8d7fbe0 0000000000000000 ffff8801aa8c5d90 ffff8801a8d7fad0 ffff8801aa8c5c80 ffff8801a8d7faf8 ffffffff81660dc8 ffff8801a8d7fa50 ffff8801cae387f8 00000001a3dba067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] getname_flags+0x10e/0x580 fs/namei.c:148 [] getname+0x19/0x20 fs/namei.c:208 [] do_sys_open+0x21d/0x4c0 fs/open.c:1066 [] SYSC_openat fs/open.c:1099 [inline] [] SyS_openat+0x30/0x40 fs/open.c:1093 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 5966 Comm: syz-executor1 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a02078e0 ffffffff81d93149 ffff8801a0207bc0 0000000000000000 ffff8801aa8c5d90 ffff8801a0207ab0 ffff8801aa8c5c80 ffff8801a0207ad8 ffffffff81660dc8 ffff8801a0207a30 0000000000000000 00000001a3dba067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_mq_timedsend ipc/mqueue.c:973 [inline] [] SyS_mq_timedsend+0xe6/0xa80 ipc/mqueue.c:956 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6019 Comm: syz-executor5 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a05d7780 ffffffff81d93149 ffff8801a05d7a60 0000000000000000 ffff8801a3fea110 ffff8801a05d7950 ffff8801a3fea000 ffff8801a05d7978 ffffffff81660dc8 ffff8801a05d78d0 0000000000000000 00000001a92cb067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SYSC_select fs/select.c:652 [inline] [] SyS_select+0x158/0x1e0 fs/select.c:634 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6017 Comm: syz-executor5 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff88019e30f960 ffffffff81d93149 ffff88019e30fc40 0000000000000000 ffff8801a3fea110 ffff88019e30fb30 ffff8801a3fea000 ffff88019e30fb58 ffffffff81660dc8 ffff88019e30fab0 0000000000000000 00000001a92cb067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SyS_rt_sigqueueinfo+0x24/0x30 kernel/signal.c:2967 [] entry_SYSCALL_64_fastpath+0x23/0xc6 CPU: 0 PID: 5982 Comm: syz-executor1 Tainted: G B 4.9.52-g9b2b081 #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a021f920 ffffffff81d93149 ffff8801a021fc00 0000000000000000 ffff8801aa8c5d90 ffff8801a021faf0 ffff8801aa8c5c80 ffff8801a021fb18 ffffffff81660dc8 ffff8801a021fa70 dffffc0000000000 00000001a3dba067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] SyS_mq_getsetattr+0x24/0x30 ipc/mqueue.c:1321 [] entry_SYSCALL_64_fastpath+0x23/0xc6 binder: 6057:6059 ioctl 4c07 0 returned -22 binder: 6057:6059 ioctl 4c07 0 returned -22 binder: 6078:6079 ioctl 8904 209beffc returned -22 nla_parse: 10 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. sock: process `syz-executor0' is using obsolete setsockopt SO_BSDCOMPAT netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. binder: 6078:6091 ioctl 8904 209beffc returned -22 netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. binder: 6123:6142 ioctl 89a2 20fe6000 returned -22 binder: 6123:6142 ioctl 80e85411 20fe5000 returned -22 binder: 6123:6164 ioctl 89a2 20fe6000 returned -22 binder: 6123:6157 ioctl 80e85411 20fe5000 returned -22 binder: 6192:6194 ioctl 40304580 203f5fec returned -22 binder: 6192:6201 ioctl 40304580 203f5fec returned -22 netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. device syz6 entered promiscuous mode device syz6 left promiscuous mode device syz6 entered promiscuous mode sock: sock_set_timeout: `syz-executor2' (pid 6274) tries to set negative timeout