================================================================== BUG: KASAN: use-after-free in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801cf5f9908 BUG: KASAN: use-after-free in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801cf5f9908 BUG: KASAN: use-after-free in static_key_count include/linux/jump_label.h:174 [inline] at addr ffff8801cf5f9908 BUG: KASAN: use-after-free in static_key_false include/linux/jump_label.h:184 [inline] at addr ffff8801cf5f9908 BUG: KASAN: use-after-free in perf_sw_event include/linux/perf_event.h:1039 [inline] at addr ffff8801cf5f9908 BUG: KASAN: use-after-free in __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 at addr ffff8801cf5f9908 Read of size 8 by task syz-executor1/4750 device gre0 entered promiscuous mode CPU: 1 PID: 4750 Comm: syz-executor1 Not tainted 4.9.61-gd55e630 #87 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801a91d7d88 ffffffff81d91589 ffff8801da155140 ffff8801cf5f98b8 ffff8801cf5f9970 ffffed0039ebf321 ffff8801cf5f9908 ffff8801a91d7db0 ffffffff8153c1bc ffffed0039ebf321 ffff8801da155140 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [] print_address_description mm/kasan/report.c:198 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:330 [inline] [] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330 [] __read_once_size include/linux/compiler.h:243 [inline] [] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [] static_key_count include/linux/jump_label.h:174 [inline] [] static_key_false include/linux/jump_label.h:184 [inline] [] perf_sw_event include/linux/perf_event.h:1039 [inline] [] __do_page_fault+0xc80/0xd70 arch/x86/mm/fault.c:1438 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 Object at ffff8801cf5f98b8, in cache vm_area_struct size: 184 Allocated: PID = 4750 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 kmem_cache_zalloc include/linux/slab.h:626 [inline] mmap_region+0x587/0xfd0 mm/mmap.c:1662 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2014 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 4756 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2958 [inline] kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980 remove_vma+0x11d/0x160 mm/mmap.c:175 remove_vma_list mm/mmap.c:2482 [inline] do_munmap+0x7ff/0xeb0 mm/mmap.c:2705 mmap_region+0x14d/0xfd0 mm/mmap.c:1635 do_mmap+0x57b/0xbe0 mm/mmap.c:1473 do_mmap_pgoff include/linux/mm.h:2014 [inline] vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:305 SYSC_mmap_pgoff mm/mmap.c:1523 [inline] SyS_mmap_pgoff+0xd0/0x560 mm/mmap.c:1481 SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff8801cf5f9800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc ffff8801cf5f9880: fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb fb >ffff8801cf5f9900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc ^ ffff8801cf5f9980: fc fc fc fc fc fc fb fb fb fb fb fb fb fb fb fb ffff8801cf5f9a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc ================================================================== device gre0 entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device gre0 entered promiscuous mode sock: sock_set_timeout: `syz-executor6' (pid 4980) tries to set negative timeout sg_write: data in/out 476/6 bytes for SCSI command 0x0-- guessing data in; program syz-executor2 not setting count and/or reply_len properly sock: sock_set_timeout: `syz-executor6' (pid 4998) tries to set negative timeout IPVS: Creating netns size=2536 id=12 nla_parse: 9 callbacks suppressed netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'. device gre0 entered promiscuous mode 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 device gre0 entered promiscuous mode pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads device gre0 entered promiscuous mode netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 5250 Comm: syz-executor5 Tainted: G B 4.9.61-gd55e630 #87 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d6bdf4e0 ffffffff81d91589 ffff8801d6bdf7c0 0000000000000000 ffff8801aab41f10 ffff8801d6bdf6b0 ffff8801aab41e00 ffff8801d6bdf6d8 ffffffff8165fe47 ffff880102408040 ffff8801d6bdf630 00000001acccf067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] generic_perform_write+0x1dc/0x500 mm/filemap.c:2731 [] __generic_file_write_iter+0x348/0x570 mm/filemap.c:2866 [] generic_file_write_iter+0x2d5/0x600 mm/filemap.c:2894 [] new_sync_write fs/read_write.c:499 [inline] [] __vfs_write+0x4bf/0x680 fs/read_write.c:512 [] vfs_write+0x170/0x4e0 fs/read_write.c:560 [] SYSC_write fs/read_write.c:607 [inline] [] SyS_write+0xd9/0x1b0 fs/read_write.c:599 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 5250 Comm: syz-executor5 Tainted: G B 4.9.61-gd55e630 #87 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d6bdf4e0 ffffffff81d91589 ffff8801d6bdf7c0 0000000000000000 ffff8801a7bd1c10 ffff8801d6bdf6b0 ffff8801a7bd1b00 ffff8801d6bdf6d8 ffffffff8165fe47 ffff8801db221400 ffff8801d6bdf630 00000001acccf067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] generic_perform_write+0x1dc/0x500 mm/filemap.c:2731 [] __generic_file_write_iter+0x348/0x570 mm/filemap.c:2866 [] generic_file_write_iter+0x2d5/0x600 mm/filemap.c:2894 [] new_sync_write fs/read_write.c:499 [inline] [] __vfs_write+0x4bf/0x680 fs/read_write.c:512 [] vfs_write+0x170/0x4e0 fs/read_write.c:560 [] SYSC_write fs/read_write.c:607 [inline] [] SyS_write+0xd9/0x1b0 fs/read_write.c:599 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'. ALSA: seq fatal error: cannot create timer (-19) ALSA: seq fatal error: cannot create timer (-19) device gre0 entered promiscuous mode sock: sock_set_timeout: `syz-executor0' (pid 5515) tries to set negative timeout sock: sock_set_timeout: `syz-executor0' (pid 5529) tries to set negative timeout netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=34970 sclass=netlink_route_socket pig=5555 comm=syz-executor0 binder: 5557:5561 ioctl c00c642d 208dfff4 returned -22 netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. binder: 5579:5582 ioctl 5402 20e5d000 returned -22 binder: 5579:5584 ioctl 5402 20e5d000 returned -22 binder: 5557:5577 ioctl c00c642d 208dfff4 returned -22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=34970 sclass=netlink_route_socket pig=5606 comm=syz-executor0 netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. program syz-executor6 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 program syz-executor6 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 sock: process `syz-executor2' is using obsolete setsockopt SO_BSDCOMPAT netlink: 44 bytes leftover after parsing attributes in process `syz-executor2'. device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. binder: 5965:5967 ioctl 4b45 20306000 returned -22 binder: 5965:5967 ioctl 4b45 20306000 returned -22 A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. binder: 5990:5993 ioctl 4b6d 0 returned -22 binder: 5990:5993 ioctl 4b6d 0 returned -22 device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode device eql entered promiscuous mode ?: renamed from tunl0 device lo left promiscuous mode device lo entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6142 comm=syz-executor7 device lo left promiscuous mode device gre0 entered promiscuous mode tc_ctl_action: received NO action attribs tc_ctl_action: received NO action attribs SELinux: unrecognized netlink message: protocol=9 nlmsg_type=9 sclass=netlink_audit_socket pig=6281 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=6281 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=6281 comm=syz-executor1 device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=6281 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=6281 comm=syz-executor1 device gre0 left promiscuous mode SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=6281 comm=syz-executor1 device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=6281 comm=syz-executor1 ALSA: seq fatal error: cannot create timer (-22) IPVS: Creating netns size=2536 id=13 ALSA: seq fatal error: cannot create timer (-22) device eql entered promiscuous mode ALSA: seq fatal error: cannot create timer (-22) ALSA: seq fatal error: cannot create timer (-22) pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 sock: process `syz-executor6' is using obsolete getsockopt SO_BSDCOMPAT pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads pktgen: kernel_thread() failed for cpu 0 pktgen: Cannot create thread for cpu 0 (-4) pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) pktgen: Initialization failed for all threads binder: 6489:6494 ioctl 80082407 20400ff8 returned -22 binder: 6489:6494 ioctl 80605414 2011e000 returned -22 binder: 6489:6509 ioctl 80082407 20400ff8 returned -22 binder: 6489:6509 ioctl 80605414 2011e000 returned -22 device gre0 entered promiscuous mode nla_parse: 16 callbacks suppressed netlink: 73 bytes leftover after parsing attributes in process `syz-executor7'. program syz-executor5 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 sock: process `syz-executor0' is using obsolete setsockopt SO_BSDCOMPAT program syz-executor5 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 binder: 6550:6567 ioctl 402c5342 20a53000 returned -22 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6557 Comm: syz-executor3 Tainted: G B 4.9.61-gd55e630 #87 netlink: 73 bytes leftover after parsing attributes in process `syz-executor7'. Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d8a874e0 ffffffff81d91589 ffff8801d8a877c0 0000000000000000 ffff8801d03c0e90 ffff8801d8a876b0 ffff8801d03c0d80 ffff8801d8a876d8 ffffffff8165fe47 ffff880102408040 ffff8801d8a87630 00000001d21a0067 binder: 6550:6567 ioctl 4c03 208bbf68 returned -22 Call Trace: binder: 6550:6567 ioctl 80f86406 20e72000 returned -22 [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 binder: 6550:6630 ioctl 402c5342 20a53000 returned -22 binder: 6550:6567 ioctl 4c03 208bbf68 returned -22 binder: 6550:6567 ioctl 80f86406 20e72000 returned -22 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] generic_perform_write+0x1dc/0x500 mm/filemap.c:2731 [] __generic_file_write_iter+0x348/0x570 mm/filemap.c:2866 [] generic_file_write_iter+0x2d5/0x600 mm/filemap.c:2894 [] new_sync_write fs/read_write.c:499 [inline] [] __vfs_write+0x4bf/0x680 fs/read_write.c:512 [] vfs_write+0x170/0x4e0 fs/read_write.c:560 [] SYSC_write fs/read_write.c:607 [inline] [] SyS_write+0xd9/0x1b0 fs/read_write.c:599 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 6573 Comm: syz-executor3 Tainted: G B 4.9.61-gd55e630 #87 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801cef074e0 ffffffff81d91589 ffff8801cef077c0 0000000000000000 ffff8801d6e10b90 ffff8801cef076b0 ffff8801d6e10a80 ffff8801cef076d8 ffffffff8165fe47 0000000000000000 ffff8801cef07630 00000001a67be067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] generic_perform_write+0x1dc/0x500 mm/filemap.c:2731 [] __generic_file_write_iter+0x348/0x570 mm/filemap.c:2866 [] generic_file_write_iter+0x2d5/0x600 mm/filemap.c:2894 [] new_sync_write fs/read_write.c:499 [inline] [] __vfs_write+0x4bf/0x680 fs/read_write.c:512 [] vfs_write+0x170/0x4e0 fs/read_write.c:560 [] SYSC_write fs/read_write.c:607 [inline] [] SyS_write+0xd9/0x1b0 fs/read_write.c:599 [] entry_SYSCALL_64_fastpath+0x23/0xc6 netlink: 14 bytes leftover after parsing attributes in process `syz-executor1'. sg_write: data in/out 476/6 bytes for SCSI command 0x0-- guessing data in; program syz-executor1 not setting count and/or reply_len properly IPVS: Creating netns size=2536 id=14 netlink: 14 bytes leftover after parsing attributes in process `syz-executor1'. device lo entered promiscuous mode IPVS: Creating netns size=2536 id=15 device lo left promiscuous mode netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. device lo entered promiscuous mode device gre0 entered promiscuous mode netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'. netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'. device gre0 entered promiscuous mode device gre0 left promiscuous mode device gre0 entered promiscuous mode netlink: 4 bytes leftover after parsing attributes in process `syz-executor6'. tc_dump_action: action bad kind netlink: 4 bytes leftover after parsing attributes in process `syz-executor6'. tc_dump_action: action bad kind netlink: 10 bytes leftover after parsing attributes in process `syz-executor7'. FAULT_FLAG_ALLOW_RETRY missing 30 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 6953 Comm: syz-executor2 Tainted: G B 4.9.61-gd55e630 #87 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ab0cf940 ffffffff81d91589 ffff8801ab0cfc20 0000000000000000 ffff8801d6e11610 ffff8801ab0cfb10 ffff8801d6e11500 ffff8801ab0cfb38 ffffffff8165fe47 0000000000000000 ffff8801ab0cfa90 00000001a651e067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 selinux_nlmsg_perm: 13 callbacks suppressed SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pig=6982 comm=syz-executor7 CPU: 0 PID: 6963 Comm: syz-executor2 Tainted: G B 4.9.61-gd55e630 #87 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c9917930 ffffffff81d91589 ffff8801c9917c10 0000000000000000 ffff8801d6e11610 ffff8801c9917b00 ffff8801d6e11500 ffff8801c9917b28 ffffffff8165fe47 ffff8801c904e000 ffff8801c9917a80 00000001a651e067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 [] entry_SYSCALL_64_fastpath+0x23/0xc6 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 6953 Comm: syz-executor2 Tainted: G B 4.9.61-gd55e630 #87 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ab0cf940 ffffffff81d91589 ffff8801ab0cfc20 0000000000000000 ffff8801d03c0290 ffff8801ab0cfb10 ffff8801d03c0180 ffff8801ab0cfb38 ffffffff8165fe47 ffff8801ce074800 ffff8801ab0cfa90 00000001a651e067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2747 [inline] [] handle_pte_fault mm/memory.c:3488 [inline] [] __handle_mm_fault mm/memory.c:3577 [inline] [] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614 [] __do_page_fault+0x5b7/0xd70 arch/x86/mm/fault.c:1396