syzbot

 sign-in | mailing list | source | docs
🐞 Open [196] 🐞 Fixed [42] 🐞 Invalid [470] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: wild-memory-access Read of size 165

Status: closed as invalid on 2017/10/18 09:01
First crash: 2387d, last: 2387d

Sample crash report:
BUG: KASAN: wild-memory-access on address ffe708746e749000
Read of size 165 by task syz-executor6/9164
CPU: 0 PID: 9164 Comm: syz-executor6 Not tainted 4.9.54-g9add7c4 #63
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c69379e8 ffffffff81d93659 ffe708746e749000 00000000000000a5
 0000000000000000 ffff8801a7c4b240 ffe708746e749000 ffff8801c6937a70
 ffffffff8153d48f 0000000000000000 0000000000000001 ffffffff826651bb
Call Trace:
 [<ffffffff81d93659>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93659>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153d48f>] kasan_report_error mm/kasan/report.c:284 [inline]
 [<ffffffff8153d48f>] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309
 [<ffffffff8153d860>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153c1a7>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153c1a7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153c211>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320
 [<ffffffff826651bb>] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline]
 [<ffffffff826651bb>] sg_read_oxfer drivers/scsi/sg.c:1978 [inline]
 [<ffffffff826651bb>] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520
 [<ffffffff8156bb41>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156f910>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156f910>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156fbc4>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156fce6>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff815730a7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff815730a7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838af185>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
IPVS: Creating netns size=2536 id=24
sg_write: data in/out 93/34 bytes for SCSI command 0xfc-- guessing data in;
   program syz-executor6 not setting count and/or reply_len properly
IPVS: Creating netns size=2536 id=25
device syz4 left promiscuous mode
sock: process `syz-executor3' is using obsolete getsockopt SO_BSDCOMPAT
device gre0 entered promiscuous mode
device syz1 left promiscuous mode
program syz-executor4 is using a deprecated SCSI ioctl, please convert it to SG_IO
sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
program syz-executor4 is using a deprecated SCSI ioctl, please convert it to SG_IO
sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
IPv6: NLM_F_CREATE should be specified when creating new route
program syz-executor4 is using a deprecated SCSI ioctl, please convert it to SG_IO
sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
program syz-executor4 is using a deprecated SCSI ioctl, please convert it to SG_IO
sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9666 comm=syz-executor3
sg_write: data in/out 476/6 bytes for SCSI command 0x0-- guessing data in;
   program syz-executor2 not setting count and/or reply_len properly
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=9897 comm=syz-executor0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pig=9897 comm=syz-executor0
keychord: keycode 46132 out of range
binder: 9982:9983 ioctl 5424 20603ffc returned -22
binder: 9982:9986 ioctl 5424 20603ffc returned -22
device gre0 entered promiscuous mode
IPVS: Creating netns size=2536 id=26
IPVS: Creating netns size=2536 id=27
binder: 10100:10104 ioctl c0106401 20caa000 returned -22
binder: 10100:10104 ioctl c0106401 20caa000 returned -22
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
device gre0 entered promiscuous mode
9pnet_virtio: no channels available for device ./file0
9pnet_virtio: no channels available for device ./file0

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/10/12 18:25 https://android.googlesource.com/kernel/common android-4.9 9add7c47ec55 c26ea367 .config console log report ci-android-49-kasan-gce
* Struck through repros no longer work on HEAD.