KASAN: slab-out-of-bounds Read in p9pdu

==================================================================
BUG: KASAN: slab-out-of-bounds in pdu_read net/9p/protocol.c:59 [inline]
BUG: KASAN: slab-out-of-bounds in p9pdu_vreadf net/9p/protocol.c:162 [inline]
BUG: KASAN: slab-out-of-bounds in p9pdu_readf+0x535/0x1d50 net/9p/protocol.c:535
Read of size 65411 at addr ffff8801d8e4c02d by task syz-executor839/4122

CPU: 0 PID: 4122 Comm: syz-executor839 Not tainted 4.9.111-g03c70fe #6
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801b573f5a0 ffffffff81eb2729 ffffea0007639300 ffff8801d8e4c02d
 0000000000000000 ffff8801d8e4e025 fffffffffffffff3 ffff8801b573f5d8
 ffffffff81567b59 ffff8801d8e4c02d 000000000000ff83 0000000000000000
Call Trace:
 [<ffffffff81eb2729>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81eb2729>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81567b59>] print_address_description+0x6c/0x234 mm/kasan/report.c:256
 [<ffffffff81567f63>] kasan_report_error mm/kasan/report.c:355 [inline]
 [<ffffffff81567f63>] kasan_report.cold.6+0x242/0x2fe mm/kasan/report.c:412
 [<ffffffff8153aa1f>] check_memory_region_inline mm/kasan/kasan.c:318 [inline]
 [<ffffffff8153aa1f>] check_memory_region+0x14f/0x1b0 mm/kasan/kasan.c:325
 [<ffffffff8153b063>] memcpy+0x23/0x50 mm/kasan/kasan.c:360
 [<ffffffff839bec95>] pdu_read net/9p/protocol.c:59 [inline]
 [<ffffffff839bec95>] p9pdu_vreadf net/9p/protocol.c:162 [inline]
 [<ffffffff839bec95>] p9pdu_readf+0x535/0x1d50 net/9p/protocol.c:535
 [<ffffffff839b35df>] p9_client_version net/9p/client.c:960 [inline]
 [<ffffffff839b35df>] p9_client_create+0xa3f/0x10a0 net/9p/client.c:1043
 [<ffffffff8195ab03>] v9fs_session_init+0x333/0x13a0 fs/9p/v9fs.c:343
 [<ffffffff8194c3fd>] v9fs_mount+0x7d/0x810 fs/9p/vfs_super.c:130
 [<ffffffff8157e22c>] mount_fs+0x28c/0x370 fs/super.c:1206
 [<ffffffff815dd9f1>] vfs_kern_mount.part.29+0xd1/0x3d0 fs/namespace.c:991
 [<ffffffff815e5319>] vfs_kern_mount fs/namespace.c:973 [inline]
 [<ffffffff815e5319>] do_new_mount fs/namespace.c:2513 [inline]
 [<ffffffff815e5319>] do_mount+0x3c9/0x2740 fs/namespace.c:2835
 [<ffffffff815e806e>] SYSC_mount fs/namespace.c:3051 [inline]
 [<ffffffff815e806e>] SyS_mount+0xfe/0x110 fs/namespace.c:3028
 [<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
 [<ffffffff839f8cd3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb

The buggy address belongs to the page:
page:ffffea0007639300 count:1 mapcount:0 mapping:          (null) index:0x0 compound_mapcount: 0
flags: 0x8000000000004000(head)
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8801d8e4df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801d8e4df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8801d8e4e000: 00 00 00 00 fe fe fe fe fe fe fe fe fe fe fe fe
                               ^
 ffff8801d8e4e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
 ffff8801d8e4e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
==================================================================

Crashes (19):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2018/07/11 02:07	https://android.googlesource.com/kernel/common android-4.9	03c70feafdb2	2e0e3130	.config	console log	report	syz	C	ci-android-49-kasan-gce-root
2018/07/10 12:05	https://android.googlesource.com/kernel/common android-4.9	03c70feafdb2	9fa03fa5	.config	console log	report	syz	C	ci-android-49-kasan-gce
2018/07/10 05:57	https://android.googlesource.com/kernel/common android-4.9	03c70feafdb2	f25e5770	.config	console log	report	syz	C	ci-android-49-kasan-gce
2018/07/10 07:32	https://android.googlesource.com/kernel/common android-4.9	03c70feafdb2	f25e5770	.config	console log	report	syz		ci-android-49-kasan-gce-386
2018/07/10 06:03	https://android.googlesource.com/kernel/common android-4.9	03c70feafdb2	f25e5770	.config	console log	report	syz		ci-android-49-kasan-gce-386
2018/08/24 16:08	https://android.googlesource.com/kernel/common android-4.9	520d10d31ca4	95b5c82b	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/05 01:40	https://android.googlesource.com/kernel/common android-4.9	8b21e85d919c	3476a2df	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/01 14:34	https://android.googlesource.com/kernel/common android-4.9	52be322125e5	1477993e	.config	console log	report			ci-android-49-kasan-gce-root
2018/07/14 10:28	https://android.googlesource.com/kernel/common android-4.9	9e7903954483	92a49505	.config	console log	report			ci-android-49-kasan-gce-root
2018/07/13 01:08	https://android.googlesource.com/kernel/common android-4.9	9e7903954483	06c33b3a	.config	console log	report			ci-android-49-kasan-gce-root
2018/07/11 22:44	https://android.googlesource.com/kernel/common android-4.9	9e7903954483	2e0e3130	.config	console log	report			ci-android-49-kasan-gce
2018/07/11 15:27	https://android.googlesource.com/kernel/common android-4.9	9e7903954483	2e0e3130	.config	console log	report			ci-android-49-kasan-gce
2018/07/10 20:39	https://android.googlesource.com/kernel/common android-4.9	03c70feafdb2	2e0e3130	.config	console log	report			ci-android-49-kasan-gce
2018/07/10 05:36	https://android.googlesource.com/kernel/common android-4.9	03c70feafdb2	f25e5770	.config	console log	report			ci-android-49-kasan-gce
2018/07/11 10:14	https://android.googlesource.com/kernel/common android-4.9	03c70feafdb2	2e0e3130	.config	console log	report			ci-android-49-kasan-gce-386
2018/07/11 00:53	https://android.googlesource.com/kernel/common android-4.9	03c70feafdb2	2e0e3130	.config	console log	report			ci-android-49-kasan-gce-386
2018/07/11 00:25	https://android.googlesource.com/kernel/common android-4.9	03c70feafdb2	2e0e3130	.config	console log	report			ci-android-49-kasan-gce-386
2018/07/10 20:43	https://android.googlesource.com/kernel/common android-4.9	03c70feafdb2	2e0e3130	.config	console log	report			ci-android-49-kasan-gce-386
2018/07/10 05:37	https://android.googlesource.com/kernel/common android-4.9	03c70feafdb2	f25e5770	.config	console log	report			ci-android-49-kasan-gce-386

Crashes (19):

Time

Assets (help?)