syzbot


KASAN: wild-memory-access Read of size 113

Status: closed as invalid on 2017/10/18 09:01
First crash: 2608d, last: 2597d

Sample crash report:
sg_write: data in/out 2127708969/3 bytes for SCSI command 0xe3-- guessing data in;
   program syz-executor6 not setting count and/or reply_len properly
==================================================================
BUG: KASAN: wild-memory-access on address ffe708745053f000
Read of size 113 by task syz-executor6/6368
CPU: 1 PID: 6368 Comm: syz-executor6 Not tainted 4.9.54-g34e23de #62
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801a738fae8 ffffffff81d93659 ffe708745053f000 0000000000000071
 0000000000000000[   59.197807] device gre0 entered promiscuous mode
 ffff8801c99a3000 ffe708745053f000 ffff8801a738fb70
 ffffffff8153d48f 0000000000000000 0000000000000001 ffffffff826651bb
Call Trace:
 [<ffffffff81d93659>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93659>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153d48f>] kasan_report_error mm/kasan/report.c:284 [inline]
 [<ffffffff8153d48f>] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309
 [<ffffffff8153d860>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153c1a7>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153c1a7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153c211>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320
 [<ffffffff826651bb>] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline]
 [<ffffffff826651bb>] sg_read_oxfer drivers/scsi/sg.c:1978 [inline]
 [<ffffffff826651bb>] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520
 [<ffffffff8156d753>] __vfs_read+0x103/0x670 fs/read_write.c:452
 [<ffffffff8156ece7>] vfs_read+0x107/0x330 fs/read_write.c:475
 [<ffffffff815728c9>] SYSC_read fs/read_write.c:591 [inline]
 [<ffffffff815728c9>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
 [<ffffffff838af185>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
IPVS: Creating netns size=2536 id=16
IPVS: Creating netns size=2536 id=17
nla_parse: 3 callbacks suppressed
netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'.
9pnet_virtio: no channels available for device ./file0
netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'.
9pnet_virtio: no channels available for device ./file0
netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'.
IPVS: Creating netns size=2536 id=18
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket pig=6581 comm=syz-executor4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket pig=6581 comm=syz-executor4
netlink: 9 bytes leftover after parsing attributes in process `syz-executor0'.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor0'.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6817 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6817 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=6914 comm=syz-executor5
device syz6 entered promiscuous mode
9pnet_virtio: no channels available for device ./file0
9pnet_virtio: no channels available for device ./file0
device gre0 entered promiscuous mode

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/10/12 03:49 https://android.googlesource.com/kernel/common android-4.9 34e23dee72dd c26ea367 .config console log report ci-android-49-kasan-gce
2017/10/01 05:34 https://android.googlesource.com/kernel/common android-4.9 9b2b08179641 c26ea367 .config console log report ci-android-49-kasan-gce
* Struck through repros no longer work on HEAD.