syzbot


KASAN: wild-memory-access Read of size 160

Status: closed as invalid on 2017/10/18 09:01
First crash: 2374d, last: 2371d

Sample crash report:
==================================================================
BUG: KASAN: wild-memory-access on address ffe7087451383000
Read of size 160 by task syz-executor5/8623
CPU: 0 PID: 8623 Comm: syz-executor5 Not tainted 4.9.56-g5c73594 #66
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d066f9e8 ffffffff81d93999 ffe7087451383000 00000000000000a0
 0000000000000000 ffff8801da3a4240 ffe7087451383000 ffff8801d066fa70
 ffffffff8153d5cf 0000000000000000 0000000000000001 ffffffff8266527b
Call Trace:
 [<ffffffff81d93999>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93999>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153d5cf>] kasan_report_error mm/kasan/report.c:284 [inline]
 [<ffffffff8153d5cf>] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309
 [<ffffffff8153d9a0>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153c2e7>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153c2e7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153c351>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320
 [<ffffffff8266527b>] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline]
 [<ffffffff8266527b>] sg_read_oxfer drivers/scsi/sg.c:1978 [inline]
 [<ffffffff8266527b>] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520
 [<ffffffff8156bc81>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156fa50>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156fa50>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156fd04>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156fe26>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff815732a7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff815732a7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838ad085>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
==================================================================
BUG: KASAN: wild-memory-access on address ffe7087451383000
Read of size 160 by task syz-executor5/8639
CPU: 1 PID: 8639 Comm: syz-executor5 Tainted: G    B           4.9.56-g5c73594 #66
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c64cf9e8 ffffffff81d93999 ffe7087451383000 00000000000000a0
 0000000000000000 ffff8801ab97d240 ffe7087451383000 ffff8801c64cfa70
 ffffffff8153d5cf 0000000000000000 0000000000000001 ffffffff8266527b
Call Trace:
 [<ffffffff81d93999>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93999>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153d5cf>] kasan_report_error mm/kasan/report.c:284 [inline]
 [<ffffffff8153d5cf>] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309
 [<ffffffff8153d9a0>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153c2e7>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153c2e7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153c351>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320
 [<ffffffff8266527b>] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline]
 [<ffffffff8266527b>] sg_read_oxfer drivers/scsi/sg.c:1978 [inline]
 [<ffffffff8266527b>] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520
 [<ffffffff8156bc81>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156fa50>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156fa50>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156fd04>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156fe26>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff815732a7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff815732a7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838ad085>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
==================================================================
BUG: KASAN: wild-memory-access on address ffe7087451383000
Read of size 160 by task syz-executor5/8639
CPU: 1 PID: 8639 Comm: syz-executor5 Tainted: G    B           4.9.56-g5c73594 #66
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c64cf9e8 ffffffff81d93999 ffe7087451383000 00000000000000a0
 0000000000000000 ffff8801ab97d2a0 ffe7087451383000 ffff8801c64cfa70
 ffffffff8153d5cf 0000000000000000 0000000000000001 ffffffff8266527b
Call Trace:
 [<ffffffff81d93999>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93999>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153d5cf>] kasan_report_error mm/kasan/report.c:284 [inline]
 [<ffffffff8153d5cf>] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309
 [<ffffffff8153d9a0>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153c2e7>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153c2e7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153c351>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320
 [<ffffffff8266527b>] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline]
 [<ffffffff8266527b>] sg_read_oxfer drivers/scsi/sg.c:1978 [inline]
 [<ffffffff8266527b>] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520
 [<ffffffff8156bc81>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156fa50>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156fa50>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156fd04>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156fe26>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff815732a7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff815732a7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838ad085>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
==================================================================
BUG: KASAN: wild-memory-access on address ffe7087451383000
Read of size 160 by task syz-executor5/8669
CPU: 0 PID: 8669 Comm: syz-executor5 Tainted: G    B           4.9.56-g5c73594 #66
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801ce3579e8 ffffffff81d93999 ffe7087451383000 00000000000000a0
 0000000000000000 ffff8801a9f90660 ffe7087451383000 ffff8801ce357a70
 ffffffff8153d5cf 0000000000000000 0000000000000001 ffffffff8266527b
Call Trace:
 [<ffffffff81d93999>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93999>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153d5cf>] kasan_report_error mm/kasan/report.c:284 [inline]
 [<ffffffff8153d5cf>] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309
 [<ffffffff8153d9a0>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153c2e7>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153c2e7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153c351>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320
 [<ffffffff8266527b>] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline]
 [<ffffffff8266527b>] sg_read_oxfer drivers/scsi/sg.c:1978 [inline]
 [<ffffffff8266527b>] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520
 [<ffffffff8156bc81>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156fa50>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156fa50>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156fd04>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156fe26>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff815732a7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff815732a7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838ad085>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
==================================================================
BUG: KASAN: wild-memory-access on address ffe7087451383000
Read of size 160 by task syz-executor5/8726
CPU: 0 PID: 8726 Comm: syz-executor5 Tainted: G    B           4.9.56-g5c73594 #66
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d97079e8 ffffffff81d93999 ffe7087451383000 00000000000000a0
 0000000000000000 ffff8801ce3363c0 ffe7087451383000 ffff8801d9707a70
 ffffffff8153d5cf 0000000000000000 0000000000000001 ffffffff8266527b
Call Trace:
 [<ffffffff81d93999>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93999>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153d5cf>] kasan_report_error mm/kasan/report.c:284 [inline]
 [<ffffffff8153d5cf>] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309
 [<ffffffff8153d9a0>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153c2e7>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153c2e7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153c351>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320
 [<ffffffff8266527b>] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline]
 [<ffffffff8266527b>] sg_read_oxfer drivers/scsi/sg.c:1978 [inline]
 [<ffffffff8266527b>] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520
 [<ffffffff8156bc81>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156fa50>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156fa50>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156fd04>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156fe26>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff815732a7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff815732a7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838ad085>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
==================================================================
BUG: KASAN: wild-memory-access on address ffe7087451383000
Read of size 160 by task syz-executor5/8762
CPU: 1 PID: 8762 Comm: syz-executor5 Tainted: G    B           4.9.56-g5c73594 #66
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket pig=8765 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket pig=8765 comm=syz-executor2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d91479e8 ffffffff81d93999 ffe7087451383000 00000000000000a0
 0000000000000000 ffff8801ca7743c0 ffe7087451383000 ffff8801d9147a70
 ffffffff8153d5cf 0000000000000000 0000000000000001 ffffffff8266527b
Call Trace:
 [<ffffffff81d93999>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93999>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153d5cf>] kasan_report_error mm/kasan/report.c:284 [inline]
 [<ffffffff8153d5cf>] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309
 [<ffffffff8153d9a0>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153c2e7>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153c2e7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153c351>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320
 [<ffffffff8266527b>] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline]
 [<ffffffff8266527b>] sg_read_oxfer drivers/scsi/sg.c:1978 [inline]
 [<ffffffff8266527b>] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520
 [<ffffffff8156bc81>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156fa50>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156fa50>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156fd04>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156fe26>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff815732a7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff815732a7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838ad085>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
binder: 8782:8783 ioctl 4c00 6 returned -22
device syz2 entered promiscuous mode
binder: 8782:8790 ioctl 4c00 19 returned -22
==================================================================
BUG: KASAN: wild-memory-access on address ffe7087451383000
Read of size 160 by task syz-executor5/8789
CPU: 1 PID: 8789 Comm: syz-executor5 Tainted: G    B           4.9.56-g5c73594 #66
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d91479e8 ffffffff81d93999 ffe7087451383000 00000000000000a0
 0000000000000000 ffff8801ca774780 ffe7087451383000 ffff8801d9147a70
 ffffffff8153d5cf 0000000000000000 0000000000000001 ffffffff8266527b
Call Trace:
 [<ffffffff81d93999>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93999>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153d5cf>] kasan_report_error mm/kasan/report.c:284 [inline]
 [<ffffffff8153d5cf>] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309
 [<ffffffff8153d9a0>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153c2e7>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153c2e7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153c351>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320
 [<ffffffff8266527b>] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline]
 [<ffffffff8266527b>] sg_read_oxfer drivers/scsi/sg.c:1978 [inline]
 [<ffffffff8266527b>] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520
 [<ffffffff8156bc81>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156fa50>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156fa50>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156fd04>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156fe26>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff815732a7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff815732a7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838ad085>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
device syz2 left promiscuous mode
==================================================================
device syz2 entered promiscuous mode
BUG: KASAN: wild-memory-access on address ffe7087451383000
Read of size 160 by task syz-executor5/8795
CPU: 1 PID: 8795 Comm: syz-executor5 Tainted: G    B           4.9.56-g5c73594 #66
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801aba6f9e8 ffffffff81d93999 ffe7087451383000 00000000000000a0
 0000000000000000 ffff8801ca774840 ffe7087451383000 ffff8801aba6fa70
 ffffffff8153d5cf 0000000000000000 0000000000000001 ffffffff8266527b
Call Trace:
 [<ffffffff81d93999>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93999>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153d5cf>] kasan_report_error mm/kasan/report.c:284 [inline]
 [<ffffffff8153d5cf>] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309
 [<ffffffff8153d9a0>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153c2e7>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153c2e7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153c351>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320
 [<ffffffff8266527b>] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline]
 [<ffffffff8266527b>] sg_read_oxfer drivers/scsi/sg.c:1978 [inline]
 [<ffffffff8266527b>] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520
 [<ffffffff8156bc81>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156fa50>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156fa50>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156fd04>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156fe26>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff815732a7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff815732a7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838ad085>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
==================================================================
BUG: KASAN: wild-memory-access on address ffe7087451383000
Read of size 160 by task syz-executor5/8828
CPU: 0 PID: 8828 Comm: syz-executor5 Tainted: G    B           4.9.56-g5c73594 #66
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801ac1079e8 ffffffff81d93999 ffe7087451383000 00000000000000a0
 0000000000000000 ffff8801a6b13420 ffe7087451383000 ffff8801ac107a70
 ffffffff8153d5cf 0000000000000000 0000000000000001 ffffffff8266527b
Call Trace:
 [<ffffffff81d93999>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93999>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153d5cf>] kasan_report_error mm/kasan/report.c:284 [inline]
 [<ffffffff8153d5cf>] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309
 [<ffffffff8153d9a0>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153c2e7>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153c2e7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153c351>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320
 [<ffffffff8266527b>] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline]
 [<ffffffff8266527b>] sg_read_oxfer drivers/scsi/sg.c:1978 [inline]
 [<ffffffff8266527b>] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520
 [<ffffffff8156bc81>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156fa50>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156fa50>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156fd04>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156fe26>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff815732a7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff815732a7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838ad085>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
mmap: syz-executor2 (8849): VmData 15810560 exceed data ulimit 4. Update limits or use boot option ignore_rlimit_data.
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 8859 Comm: syz-executor5 Tainted: G    B           4.9.56-g5c73594 #66
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801a51f4800 task.stack: ffff8801a8d60000
RIP: 0010:[<ffffffff8144e4b1>]  [<ffffffff8144e4b1>] __read_once_size include/linux/compiler.h:243 [inline]
RIP: 0010:[<ffffffff8144e4b1>]  [<ffffffff8144e4b1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
RIP: 0010:[<ffffffff8144e4b1>]  [<ffffffff8144e4b1>] page_ref_count include/linux/page_ref.h:66 [inline]
RIP: 0010:[<ffffffff8144e4b1>]  [<ffffffff8144e4b1>] put_page_testzero include/linux/mm.h:445 [inline]
RIP: 0010:[<ffffffff8144e4b1>]  [<ffffffff8144e4b1>] __free_pages+0x21/0x80 mm/page_alloc.c:3901
RSP: 0018:ffff8801a8d679b0  EFLAGS: 00010a07
RAX: dffffc0000000000 RBX: dead4ead00000000 RCX: ffffc90003661000
RDX: 1bd5a9d5a0000003 RSI: 0000000000000001 RDI: dead4ead0000001c
RBP: ffff8801a8d679c0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 1ffff100351acf16 R12: 0000000000000004
R13: 0000000000000020 R14: ffff8801aa79c200 R15: dffffc0000000000
FS:  00007f01615cf700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000000 CR3: 00000001cad00000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 0000000000000001 ffff8801aa79c358 ffff8801a8d67a20 ffffffff82662871
 ffff8801aa79c370 ffffed00354f386b ffffed00354f386e ffff8801aa79c368
 dead4ead00000000 ffff8801aa79c340 0000000000000000 0000000000000000
Call Trace:
 [<ffffffff82662871>] sg_remove_scat.isra.20+0x1c1/0x2d0 drivers/scsi/sg.c:1954
 [<ffffffff82662c35>] sg_finish_rem_req+0x2b5/0x340 drivers/scsi/sg.c:1836
 [<ffffffff82663016>] sg_new_read.isra.21+0x356/0x3e0 drivers/scsi/sg.c:567
 [<ffffffff826648d6>] sg_read+0x8a6/0x1400 drivers/scsi/sg.c:456
 [<ffffffff8156bc81>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156fa50>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156fa50>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156fd04>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156fe26>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff815732a7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff815732a7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838ad085>] entry_SYSCALL_64_fastpath+0x23/0xc6
Code: ff 66 0f 1f 84 00 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 53 48 89 fb 48 83 c7 1c 48 89 fa 48 83 ec 08 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 3d 
RIP  [<ffffffff8144e4b1>] __read_once_size include/linux/compiler.h:243 [inline]
RIP  [<ffffffff8144e4b1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
RIP  [<ffffffff8144e4b1>] page_ref_count include/linux/page_ref.h:66 [inline]
RIP  [<ffffffff8144e4b1>] put_page_testzero include/linux/mm.h:445 [inline]
RIP  [<ffffffff8144e4b1>] __free_pages+0x21/0x80 mm/page_alloc.c:3901
 RSP <ffff8801a8d679b0>
---[ end trace a2277778a772851a ]---

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/10/16 14:41 https://android.googlesource.com/kernel/common android-4.9 5c73594e214f b69d27d1 .config console log report ci-android-49-kasan-gce
2017/10/13 08:52 https://android.googlesource.com/kernel/common android-4.9 05c85a6ddfcf c26ea367 .config console log report ci-android-49-kasan-gce
* Struck through repros no longer work on HEAD.