syzbot


KASAN: wild-memory-access Read of size 162

Status: closed as invalid on 2017/10/18 09:01
First crash: 2609d, last: 2609d

Sample crash report:
sg_write: data in/out 34319/34 bytes for SCSI command 0xfc-- guessing data in;
   program syz-executor0 not setting count and/or reply_len properly
==================================================================
BUG: KASAN: wild-memory-access on address ffe708746d167000
Read of size 162 by task syz-executor0/8782
CPU: 0 PID: 8782 Comm: syz-executor0 Not tainted 4.9.52-g9b2b081 #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801a941fae8 ffffffff81d93149 ffe708746d167000 00000000000000a2
 0000000000000000 ffff8801d25504e0 ffe708746d167000 ffff8801a941fb70
 ffffffff8153d08f 0000000000000000 0000000000000001 ffffffff826648db
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153d08f>] kasan_report_error mm/kasan/report.c:284 [inline]
 [<ffffffff8153d08f>] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309
 [<ffffffff8153d460>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153bda7>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153bda7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153be11>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320
 [<ffffffff826648db>] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline]
 [<ffffffff826648db>] sg_read_oxfer drivers/scsi/sg.c:1978 [inline]
 [<ffffffff826648db>] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520
 [<ffffffff8156d353>] __vfs_read+0x103/0x670 fs/read_write.c:452
 [<ffffffff8156e8e7>] vfs_read+0x107/0x330 fs/read_write.c:475
 [<ffffffff815724c9>] SYSC_read fs/read_write.c:591 [inline]
 [<ffffffff815724c9>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
 [<ffffffff838ac645>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
==================================================================
BUG: KASAN: wild-memory-access on address ffe708746d167000
Read of size 28 by task syz-executor0/8782
CPU: 0 PID: 8782 Comm: syz-executor0 Tainted: G    B           4.9.52-g9b2b081 #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801a941f9e8 ffffffff81d93149 ffe708746d167000 000000000000001c
 0000000000000000 ffff8801d25505a0 ffe708746d167000 ffff8801a941fa70
 ffffffff8153d08f 0000000000000000 0000000000000001 ffffffff826648db
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153d08f>] kasan_report_error mm/kasan/report.c:284 [inline]
 [<ffffffff8153d08f>] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309
 [<ffffffff8153d460>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153bda7>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153bda7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153be11>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320
 [<ffffffff826648db>] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline]
 [<ffffffff826648db>] sg_read_oxfer drivers/scsi/sg.c:1978 [inline]
 [<ffffffff826648db>] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520
 [<ffffffff8156b741>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156f510>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156f510>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156f7c4>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156f8e6>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff81572ca7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff81572ca7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838ac645>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47638 sclass=netlink_route_socket pig=8860 comm=syz-executor4
IPVS: Creating netns size=2536 id=27
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
IPVS: Creating netns size=2536 id=28
device syz3 entered promiscuous mode
device syz3 left promiscuous mode
device syz3 entered promiscuous mode
device gre0 entered promiscuous mode
device gre0 left promiscuous mode
device gre0 entered promiscuous mode
device gre0 left promiscuous mode
device gre0 entered promiscuous mode
skbuff: bad partial csum: csum=98/65532 len=264
skbuff: bad partial csum: csum=98/65532 len=264
binder: 9180:9184 ioctl 8954 2043ffbc returned -22
binder: 9180:9184 ioctl c0206434 20c87fe0 returned -22
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 9175 Comm: syz-executor7 Tainted: G    B           4.9.52-g9b2b081 #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801abf57a10 ffffffff81d93149 ffff8801abf57cf0 0000000000000000
 ffff8801abf59910 ffff8801abf57be0 ffff8801abf59800 ffff8801abf57c08
 ffffffff81660dc8 ffff8801abf57b60 0000000000000000 00000001ac56e067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad818>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838ac645>] entry_SYSCALL_64_fastpath+0x23/0xc6
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 9164 Comm: syz-executor7 Tainted: G    B           4.9.52-g9b2b081 #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801a995f780 ffffffff81d93149 ffff8801a995fa60 0000000000000000
 ffff8801abf59910 ffff8801a995f950 ffff8801abf59800 ffff8801a995f978
 ffffffff81660dc8 ffff8801a995f8d0 0000000000000000 00000001ac56e067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad818>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff815b2228>] SYSC_select fs/select.c:652 [inline]
 [<ffffffff815b2228>] SyS_select+0x158/0x1e0 fs/select.c:634
 [<ffffffff838ac645>] entry_SYSCALL_64_fastpath+0x23/0xc6
binder: 9180:9199 ioctl c0106438 2083b000 returned -22
loop_reread_partitions: partition scan of loop0 (t?`JzP[ p>TK6C="L l!V#F-') failed (rc=-13)
binder: 9180:9203 ioctl 8954 2043ffbc returned -22
binder: 9180:9203 ioctl c0106438 2083b000 returned -22
binder: 9180:9199 ioctl c0206434 20c87fe0 returned -22
selinux_nlmsg_perm: 1 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=45587 sclass=netlink_route_socket pig=9226 comm=syz-executor2
binder: 9223:9234 ioctl 4c00 17 returned -22
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
binder: 9223:9245 ioctl 4c00 1c returned -22
blk_update_request: I/O error, dev loop0, sector 0
Buffer I/O error on dev loop0, logical block 0, lost async page write
blk_update_request: I/O error, dev loop0, sector 0
Buffer I/O error on dev loop0, logical block 0, lost async page write
blk_update_request: I/O error, dev loop0, sector 0
Buffer I/O error on dev loop0, logical block 0, lost async page write
VFS: Dirty inode writeback failed for block device loop0 (err=-5).
device gre0 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=770 sclass=netlink_xfrm_socket pig=9407 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=770 sclass=netlink_xfrm_socket pig=9407 comm=syz-executor6
loop_reread_partitions: partition scan of loop5 () failed (rc=-13)
nla_parse: 18 callbacks suppressed
netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'.
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=770 sclass=netlink_xfrm_socket pig=9473 comm=syz-executor6
netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'.
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=770 sclass=netlink_xfrm_socket pig=9473 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9554 comm=syz-executor7
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9576 comm=syz-executor7
device gre0 entered promiscuous mode
netlink: 2 bytes leftover after parsing attributes in process `syz-executor5'.
devpts: called with bogus options
device syz0 entered promiscuous mode
device syz0 left promiscuous mode
device syz0 entered promiscuous mode
device syz0 left promiscuous mode
FAULT_FLAG_ALLOW_RETRY missing 30
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 9804 Comm: syz-executor7 Tainted: G    B           4.9.52-g9b2b081 #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801a58379a0 ffffffff81d93149 ffff8801a5837c80 0000000000000000
 ffff8801aaca6e90 ffff8801a5837b70 ffff8801aaca6d80 ffff8801a5837b98
 ffffffff81660dc8 ffff8801a5837af0 ffff8801cea337f8 00000001d9767067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad818>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838ac645>] entry_SYSCALL_64_fastpath+0x23/0xc6
CPU: 1 PID: 9814 Comm: syz-executor7 Tainted: G    B           4.9.52-g9b2b081 #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c75e78d0 ffffffff81d93149 ffff8801c75e7bb0 0000000000000000
 ffff8801aaca6e90 ffff8801c75e7aa0 ffff8801aaca6d80 ffff8801c75e7ac8
 ffffffff81660dc8 ffff8801c75e7a20 ffffffff811ba655 00000001d9767067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad818>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff8116a27d>] SyS_rt_sigtimedwait+0x2d/0x40 kernel/signal.c:2819
 [<ffffffff838ac645>] entry_SYSCALL_64_fastpath+0x23/0xc6
sg_write: data in/out 65500/34 bytes for SCSI command 0xfc-- guessing data in;
   program syz-executor5 not setting count and/or reply_len properly
netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'.
device syz6 left promiscuous mode
netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'.
device lo entered promiscuous mode
qtaguid: iface_stat: iface_check_stats_reset_and_adjust(lo): iface reset its stats unexpectedly
netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'.
keychord: Insufficient bytes present for keycount 186
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor5'.
keychord: Insufficient bytes present for keycount 186
netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'.
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
device gre0 entered promiscuous mode
device gre0 left promiscuous mode
device gre0 entered promiscuous mode
device gre0 left promiscuous mode
binder_alloc: binder_alloc_mmap_handler: 10152 20000000-20400000 already mapped failed -16
FAULT_FLAG_ALLOW_RETRY missing 30
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 10161 Comm: syz-executor7 Tainted: G    B           4.9.52-g9b2b081 #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801a5a07a10 ffffffff81d93149 ffff8801a5a07cf0 0000000000000000
 ffff8801aaca6410 ffff8801a5a07be0 ffff8801aaca6300 ffff8801a5a07c08
 ffffffff81660dc8 ffff8801a5a07b60 0000000000000000 00000001c7884067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad818>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838ac645>] entry_SYSCALL_64_fastpath+0x23/0xc6
program syz-executor3 is using a deprecated SCSI ioctl, please convert it to SG_IO
program syz-executor3 is using a deprecated SCSI ioctl, please convert it to SG_IO
CPU: 1 PID: 10156 Comm: syz-executor7 Tainted: G    B           4.9.52-g9b2b081 #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801a3677780 ffffffff81d93149 ffff8801a3677a60 0000000000000000
 ffff8801aaca6410 ffff8801a3677950 ffff8801aaca6300 ffff8801a3677978
 ffffffff81660dc8 ffff8801a36778d0 0000000000000000 00000001c7884067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad818>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff815b2228>] SYSC_select fs/select.c:652 [inline]
 [<ffffffff815b2228>] SyS_select+0x158/0x1e0 fs/select.c:634
 [<ffffffff838ac645>] entry_SYSCALL_64_fastpath+0x23/0xc6
device gre0 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47638 sclass=netlink_route_socket pig=10319 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43490 sclass=netlink_route_socket pig=10340 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47638 sclass=netlink_route_socket pig=10340 comm=syz-executor2
IPVS: Creating netns size=2536 id=29
IPVS: Creating netns size=2536 id=30
device syz5 left promiscuous mode
device syz5 entered promiscuous mode
device gre0 entered promiscuous mode
device syz5 left promiscuous mode
device syz5 entered promiscuous mode
FAULT_FLAG_ALLOW_RETRY missing 30
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 10504 Comm: syz-executor0 Tainted: G    B           4.9.52-g9b2b081 #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801a8057930 ffffffff81d93149 ffff8801a8057c10 0000000000000000
 ffff8801d0ec2290 ffff8801a8057b00 ffff8801d0ec2180 ffff8801a8057b28
 ffffffff81660dc8 ffff8801a8057a80 ffff8801a80579a0 00000001c650c067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad818>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838ac645>] entry_SYSCALL_64_fastpath+0x23/0xc6
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 10564 Comm: syz-executor2 Tainted: G    B           4.9.52-g9b2b081 #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d8f6fa10 ffffffff81d93149 ffff8801d8f6fcf0 0000000000000000
 ffff8801d0ec2410 ffff8801d8f6fbe0 ffff8801d0ec2300 ffff8801d8f6fc08
 ffffffff81660dc8 ffff8801d8f6fb60 0000000000000000 00000001c7afc067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad818>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838ac645>] entry_SYSCALL_64_fastpath+0x23/0xc6
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 10541 Comm: syz-executor2 Tainted: G    B           4.9.52-g9b2b081 #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d8f179d0 ffffffff81d93149 ffff8801d8f17cb0 0000000000000000
 ffff8801d0ec2410 ffff8801d8f17ba0 ffff8801d0ec2300 ffff8801d8f17bc8
 ffffffff81660dc8 ffff8801d8f17b20 ffff8801db300000 00000001c7afc067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad818>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838ac645>] entry_SYSCALL_64_fastpath+0x23/0xc6
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
CPU: 0 PID: 10515 Comm: syz-executor0 Tainted: G    B           4.9.52-g9b2b081 #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d93af9f0 ffffffff81d93149 ffff8801d93afcd0 0000000000000000
 ffff8801d0ec2290 ffff8801d93afbc0 ffff8801d0ec2180 ffff8801d93afbe8
 ffffffff81660dc8 ffff8801d93afb40 0000000000000000 00000001c650c067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad818>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838ac645>] entry_SYSCALL_64_fastpath+0x23/0xc6
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device gre0 entered promiscuous mode
device syz1 entered promiscuous mode
binder: 10763:10787 ioctl 5420 20185ffc returned -22
binder: 10763:10809 ioctl 5420 20185ffc returned -22
selinux_nlmsg_perm: 2 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10828 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10828 comm=syz-executor1
nla_parse: 7 callbacks suppressed
netlink: 11 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 11 bytes leftover after parsing attributes in process `syz-executor6'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=10851 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10851 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=10851 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=10828 comm=syz-executor1
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
netlink: 13 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 13 bytes leftover after parsing attributes in process `syz-executor4'.
device lo left promiscuous mode
binder: 11068:11087 ioctl 5411 20000000 returned -22
device syz1 left promiscuous mode
device syz1 entered promiscuous mode
device syz1 left promiscuous mode
device lo entered promiscuous mode
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19545 sclass=netlink_tcpdiag_socket pig=11261 comm=syz-executor7
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19545 sclass=netlink_tcpdiag_socket pig=11279 comm=syz-executor7
netlink: 6 bytes leftover after parsing attributes in process `syz-executor0'.
device syz4 left promiscuous mode
netlink: 6 bytes leftover after parsing attributes in process `syz-executor0'.
device lo left promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
device syz4 entered promiscuous mode
device syz4 left promiscuous mode

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/09/30 06:14 https://android.googlesource.com/kernel/common android-4.9 9b2b08179641 c26ea367 .config console log report ci-android-49-kasan-gce
* Struck through repros no longer work on HEAD.