syzbot


KASAN: wild-memory-access Read of size 124

Status: closed as invalid on 2017/10/18 09:01
First crash: 2389d, last: 2389d

Sample crash report:
==================================================================
BUG: KASAN: wild-memory-access on address ffe708746d1c9000
Read of size 124 by task syz-executor4/10941
CPU: 0 PID: 10941 Comm: syz-executor4 Not tainted 4.9.52-gc30c69c #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801a617f9e8 ffffffff81d93149 ffe708746d1c9000 000000000000007c
 0000000000000000 ffff8801ad6450c0 ffe708746d1c9000 ffff8801a617fa70
 ffffffff8153d08f 0000000000000000 0000000000000001 ffffffff826648db
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153d08f>] kasan_report_error mm/kasan/report.c:284 [inline]
 [<ffffffff8153d08f>] kasan_report.part.1+0x40f/0x500 mm/kasan/report.c:309
 [<ffffffff8153d460>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153bda7>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153bda7>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153be11>] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:320
 [<ffffffff826648db>] __copy_to_user arch/x86/include/asm/uaccess_64.h:182 [inline]
 [<ffffffff826648db>] sg_read_oxfer drivers/scsi/sg.c:1978 [inline]
 [<ffffffff826648db>] sg_read+0x124b/0x1400 drivers/scsi/sg.c:520
 [<ffffffff8156b741>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
 [<ffffffff8156f510>] do_loop_readv_writev fs/read_write.c:880 [inline]
 [<ffffffff8156f510>] do_readv_writev+0x520/0x750 fs/read_write.c:874
 [<ffffffff8156f7c4>] vfs_readv+0x84/0xc0 fs/read_write.c:898
 [<ffffffff8156f8e6>] do_readv+0xe6/0x250 fs/read_write.c:924
 [<ffffffff81572ca7>] SYSC_readv fs/read_write.c:1011 [inline]
 [<ffffffff81572ca7>] SyS_readv+0x27/0x30 fs/read_write.c:1008
 [<ffffffff838ac5c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
FAULT_FLAG_ALLOW_RETRY missing 70
CPU: 1 PID: 10950 Comm: syz-executor7 Tainted: G    B           4.9.52-gc30c69c #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801ad347b50 ffffffff81d93149 ffff8801ad347e30 0000000000000000
 ffff8801ab32c290 ffff8801ad347d20 ffff8801ab32c180 ffff8801ad347d48
 ffffffff81660dc8 ffff8801ad347ca0 0000000020001000 00000001d5c2d067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad798>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
FAULT_FLAG_ALLOW_RETRY missing 70
CPU: 1 PID: 10965 Comm: syz-executor7 Tainted: G    B           4.9.52-gc30c69c #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d232fb50 ffffffff81d93149 ffff8801d232fe30 0000000000000000
 ffff8801d5a22d10 ffff8801d232fd20 ffff8801d5a22c00 ffff8801d232fd48
 ffffffff81660dc8 ffff8801d232fca0 0000000000000246 00000001cf139067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad798>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pig=10992 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=46486 sclass=netlink_route_socket pig=10997 comm=syz-executor1
device lo left promiscuous mode
binder: 11010:11014 ioctl 4b66 20cf5000 returned -22
binder: 11010:11024 ioctl 4b66 20cf5000 returned -22
device lo entered promiscuous mode
device lo left promiscuous mode
IPVS: Creating netns size=2536 id=25
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
nla_parse: 19 callbacks suppressed
netlink: 4 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor7'.
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
FAULT_FLAG_ALLOW_RETRY missing 30
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 11400 Comm: syz-executor0 Tainted: G    B           4.9.52-gc30c69c #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d55775b0 ffffffff81d93149 ffff8801d5577890 0000000000000000
 ffff8801d5a23a90 ffff8801d5577780 ffff8801d5a23980 ffff8801d55777a8
 ffffffff81660dc8 ffff8801d5577700 ffffffff811eb235 00000001d1ef4067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad798>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff8320bc1a>] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1235
 [<ffffffff832b8825>] udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2086
 [<ffffffff82ed6245>] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2705
 [<ffffffff82ed31e0>] SYSC_setsockopt net/socket.c:1771 [inline]
 [<ffffffff82ed31e0>] SyS_setsockopt+0x160/0x250 net/socket.c:1750
 [<ffffffff838ac5c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 11377 Comm: syz-executor0 Tainted: G    B           4.9.52-gc30c69c #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c6aefa00 ffffffff81d93149 ffff8801c6aefce0 0000000000000000
 ffff8801d5a23a90 ffff8801c6aefbd0 ffff8801d5a23980 ffff8801c6aefbf8
 ffffffff81660dc8 ffff8801c6aefb50 0000000041b58ab3 00000001d1ef4067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad798>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838ac5c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
CPU: 1 PID: 11361 Comm: syz-executor0 Tainted: G    B           4.9.52-gc30c69c #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801cb3776d0 ffffffff81d93149 ffff8801cb3779b0 0000000000000000
 ffff8801d5a23a90 ffff8801cb3778a0 ffff8801d5a23980 ffff8801cb3778c8
 ffffffff81660dc8 ffff8801cb377820 ffffffff84649140 00000001d1ef4067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad798>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff832e3689>] inet_ioctl+0x89/0x1c0 net/ipv4/af_inet.c:878
 [<ffffffff82ec9ef5>] sock_do_ioctl+0x65/0xb0 net/socket.c:892
 [<ffffffff82eca940>] sock_ioctl+0x2e0/0x3d0 net/socket.c:978
 [<ffffffff815ace0a>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff815ace0a>] do_vfs_ioctl+0x1aa/0x10c0 fs/ioctl.c:679
 [<ffffffff815addaf>] SYSC_ioctl fs/ioctl.c:694 [inline]
 [<ffffffff815addaf>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
 [<ffffffff838ac5c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'.
binder_alloc: binder_alloc_mmap_handler: 11636 204f0000-204f4000 already mapped failed -16
binder_alloc: binder_alloc_mmap_handler: 11636 204f0000-204f4000 already mapped failed -16
device syz2 entered promiscuous mode
device lo left promiscuous mode
selinux_nlmsg_perm: 146 callbacks suppressed
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=4 sclass=netlink_tcpdiag_socket pig=11711 comm=syz-executor5
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=4 sclass=netlink_tcpdiag_socket pig=11719 comm=syz-executor5
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
keychord: using input dev AT Translated Set 2 keyboard for fevent
sg_write: data in/out 452821891/51 bytes for SCSI command 0x8f-- guessing data in;
   program syz-executor1 not setting count and/or reply_len properly
binder: 11797:11805 ioctl 5402 20f72000 returned -22
binder: 11797:11810 ioctl 5402 20f72000 returned -22
keychord: invalid keycode count 0
netlink: 4 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor6'.
keychord: using input dev AT Translated Set 2 keyboard for fevent
keychord: invalid keycode count 0
sg_write: data in/out 452821891/51 bytes for SCSI command 0x8f-- guessing data in;
   program syz-executor1 not setting count and/or reply_len properly
netlink: 41 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 41 bytes leftover after parsing attributes in process `syz-executor5'.
IPVS: Creating netns size=2536 id=26
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=11890 comm=syz-executor1
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 11887 Comm: syz-executor3 Tainted: G    B           4.9.52-gc30c69c #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d9b379d0 ffffffff81d93149 ffff8801d9b37cb0 0000000000000000
 ffff8801ab32d610 ffff8801d9b37ba0 ffff8801ab32d500 ffff8801d9b37bc8
 ffffffff81660dc8 ffff8801d9b37b20 ffff8801d9b379f8 00000001c661e067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad798>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838ac5c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
FAULT_FLAG_ALLOW_RETRY missing 20
CPU: 0 PID: 11868 Comm: syz-executor3 Tainted: G    B           4.9.52-gc30c69c #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c98ff2a8 ffffffff81d93149 ffff8801c98ff588 0000000000000000
 ffff8801ab32d610 ffff8801c98ff478 ffff8801ab32d500 ffff8801c98ff4a0
 ffffffff81660dc8 ffff8801c98ff3f8 0000000000000000 00000001c661e067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff814bef64>] faultin_page mm/gup.c:386 [inline]
 [<ffffffff814bef64>] __get_user_pages+0x3b4/0x1110 mm/gup.c:585
 [<ffffffff814c0263>] __get_user_pages_locked mm/gup.c:797 [inline]
 [<ffffffff814c0263>] __get_user_pages_unlocked mm/gup.c:872 [inline]
 [<ffffffff814c0263>] get_user_pages_unlocked+0x1d3/0x370 mm/gup.c:900
 [<ffffffff810ef6de>] get_user_pages_fast+0x11e/0x320 arch/x86/mm/gup.c:440
 [<ffffffff812de9b1>] get_futex_key+0x1f1/0x1000 kernel/futex.c:545
 [<ffffffff812e0f65>] futex_requeue+0x215/0x15c0 kernel/futex.c:1743
 [<ffffffff812e3bcf>] do_futex+0x47f/0x1640 kernel/futex.c:3242
 [<ffffffff812e4fb6>] SYSC_futex kernel/futex.c:3280 [inline]
 [<ffffffff812e4fb6>] SyS_futex+0x226/0x2d0 kernel/futex.c:3248
 [<ffffffff838ac5c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 11860 Comm: syz-executor3 Tainted: G    B           4.9.52-gc30c69c #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801ce6df8d0 ffffffff81d93149 ffff8801ce6dfbb0 0000000000000000
 ffff8801ab32d610 ffff8801ce6dfaa0 ffff8801ab32d500 ffff8801ce6dfac8
 ffffffff81660dc8 ffff8801ce6dfa20 ffff8801ab3de000 00000001c661e067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad798>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff8116a27d>] SyS_rt_sigtimedwait+0x2d/0x40 kernel/signal.c:2819
 [<ffffffff838ac5c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
loop_reread_partitions: partition scan of loop5 () failed (rc=-13)
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
keychord: using input dev AT Translated Set 2 keyboard for fevent
binder: 11984:11987 ioctl 4b45 20306000 returned -22
binder: 11984:11987 ioctl c06864a1 204d7f9c returned -22
keychord: invalid keycode count 0
binder: 11984:11987 ioctl 4b45 20306000 returned -22
keychord: using input dev AT Translated Set 2 keyboard for fevent
binder: 11984:12021 ioctl c06864a1 204d7f9c returned -22
FAULT_FLAG_ALLOW_RETRY missing 30
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 12016 Comm: syz-executor2 Tainted: G    B           4.9.52-gc30c69c #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c9f17a30 ffffffff81d93149 ffff8801c9f17d10 0000000000000000
 ffff8801d5a23d90 ffff8801c9f17c00 ffff8801d5a23c80 ffff8801c9f17c28
 ffffffff81660dc8 ffff8801c9f17b80 ffff8801c9f17a88 00000001c80a4067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad798>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff81bbd4cb>] SYSC_keyctl security/keys/keyctl.c:1600 [inline]
 [<ffffffff81bbd4cb>] SyS_keyctl+0x1fb/0x230 security/keys/keyctl.c:1588
 [<ffffffff838ac5c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
keychord: invalid keycode count 0
CPU: 0 PID: 12028 Comm: syz-executor2 Tainted: G    B           4.9.52-gc30c69c #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801a6367770 ffffffff81d93149 ffff8801a6367a50 0000000000000000
 ffff8801d5a23d90 ffff8801a6367940 ffff8801d5a23c80 ffff8801a6367968
 ffffffff81660dc8 ffff8801a63678c0 0000000000000046 00000001c80a4067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad798>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff81dd1338>] import_iovec+0xc8/0x3c0 lib/iov_iter.c:1243
 [<ffffffff81bbc040>] keyctl_instantiate_key_iov+0xd0/0x150 security/keys/keyctl.c:1160
 [<ffffffff81bbd349>] SYSC_keyctl security/keys/keyctl.c:1679 [inline]
 [<ffffffff81bbd349>] SyS_keyctl+0x79/0x230 security/keys/keyctl.c:1588
 [<ffffffff838ac5c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
keychord: unsupported version 65
keychord: invalid keycode count 0
keychord: unsupported version 65
keychord: invalid keycode count 0
loop_reread_partitions: partition scan of loop0 (t?`JzP[ p>TK6C="L l!V#F-') failed (rc=-13)
device lo entered promiscuous mode
FAULT_FLAG_ALLOW_RETRY missing 30
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 12193 Comm: syz-executor7 Tainted: G    B           4.9.52-gc30c69c #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801cb767a30 ffffffff81d93149 ffff8801cb767d10 0000000000000000
 ffff8801d5a23d90 ffff8801cb767c00 ffff8801d5a23c80 ffff8801cb767c28
 ffffffff81660dc8 ffff8801cb767b80 ffff8801cb767a88 00000001cc0bc067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad798>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff81bbd4cb>] SYSC_keyctl security/keys/keyctl.c:1600 [inline]
 [<ffffffff81bbd4cb>] SyS_keyctl+0x1fb/0x230 security/keys/keyctl.c:1588
 [<ffffffff838ac5c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
CPU: 0 PID: 12208 Comm: syz-executor7 Tainted: G    B           4.9.52-gc30c69c #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d95e7770 ffffffff81d93149 ffff8801d95e7a50 0000000000000000
 ffff8801d5a23d90 ffff8801d95e7940 ffff8801d5a23c80 ffff8801d95e7968
 ffffffff81660dc8 ffff8801d95e78c0 0000000000000046 00000001cc0bc067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad798>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff81dd1338>] import_iovec+0xc8/0x3c0 lib/iov_iter.c:1243
 [<ffffffff81bbc040>] keyctl_instantiate_key_iov+0xd0/0x150 security/keys/keyctl.c:1160
 [<ffffffff81bbd349>] SYSC_keyctl security/keys/keyctl.c:1679 [inline]
 [<ffffffff81bbd349>] SyS_keyctl+0x79/0x230 security/keys/keyctl.c:1588
 [<ffffffff838ac5c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
keychord: using input dev AT Translated Set 2 keyboard for fevent
keychord: invalid keycode count 0
keychord: using input dev AT Translated Set 2 keyboard for fevent
keychord: invalid keycode count 0
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=41 sclass=netlink_audit_socket pig=12350 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=41 sclass=netlink_audit_socket pig=12350 comm=syz-executor2
binder: 12453:12456 ioctl 40a85323 20647f50 returned -22
binder: 12453:12466 ioctl 40a85323 20647f50 returned -22
keychord: using input dev AT Translated Set 2 keyboard for fevent
keychord: invalid keycode count 0
keychord: using input dev AT Translated Set 2 keyboard for fevent
keychord: invalid keycode count 0
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
qtaguid: iface_stat: create6(lo): no inet dev
nla_parse: 5 callbacks suppressed
netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'.
binder: 12637:12645 ioctl 4b3b 1 returned -22
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=3973 sclass=netlink_tcpdiag_socket pig=12647 comm=syz-executor5
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=3973 sclass=netlink_tcpdiag_socket pig=12647 comm=syz-executor5
binder: 12637:12662 ioctl 4b3b 1 returned -22
binder: 12804:12809 ioctl 89e5 20000000 returned -22
binder: 12804:12820 ioctl 89e5 20000000 returned -22
netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 5 bytes leftover after parsing attributes in process `syz-executor2'.
keychord: using input dev AT Translated Set 2 keyboard for fevent
keychord: invalid keycode count 0
keychord: Insufficient bytes present for keycount 18
keychord: invalid keycode count 0
keychord: using input dev AT Translated Set 2 keyboard for fevent
keychord: invalid keycode count 0
FAULT_FLAG_ALLOW_RETRY missing 30
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 13002 Comm: syz-executor4 Tainted: G    B           4.9.52-gc30c69c #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c7c1f9b0 ffffffff81d93149 ffff8801c7c1fc90 0000000000000000
 ffff8801d5a22e90 ffff8801c7c1fb80 ffff8801d5a22d80 ffff8801c7c1fba8
 ffffffff81660dc8 ffff8801c7c1fb00 ffffffff8418d948 00000001d667d067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad798>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff838ac5c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 13003 Comm: syz-executor4 Tainted: G    B           4.9.52-gc30c69c #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801ad587780 ffffffff81d93149 ffff8801ad587a60 0000000000000000
 ffff8801d5a22e90 ffff8801ad587950 ffff8801d5a22d80 ffff8801ad587978
 ffffffff81660dc8 ffff8801ad5878d0 0000000000000000 00000001d667d067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad798>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff815b2228>] SYSC_select fs/select.c:652 [inline]
 [<ffffffff815b2228>] SyS_select+0x158/0x1e0 fs/select.c:634
 [<ffffffff838ac5c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
CPU: 0 PID: 12993 Comm: syz-executor4 Tainted: G    B           4.9.52-gc30c69c #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801cf1178c0 ffffffff81d93149 ffff8801cf117ba0 0000000000000000
 ffff8801d5a22e90 ffff8801cf117a90 ffff8801d5a22d80 ffff8801cf117ab8
 ffffffff81660dc8 ffff8801cf117a10 ffff8801d9847a80 00000001d667d067
Call Trace:
 [<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81660dc8>] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323
 [<ffffffff814cfd71>] do_anonymous_page mm/memory.c:2747 [inline]
 [<ffffffff814cfd71>] handle_pte_fault mm/memory.c:3488 [inline]
 [<ffffffff814cfd71>] __handle_mm_fault mm/memory.c:3577 [inline]
 [<ffffffff814cfd71>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
 [<ffffffff810e020b>] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397
 [<ffffffff810e0917>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460
 [<ffffffff838ad798>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
 [<ffffffff815aa9ac>] do_fcntl fs/fcntl.c:284 [inline]
 [<ffffffff815aa9ac>] SYSC_fcntl fs/fcntl.c:372 [inline]
 [<ffffffff815aa9ac>] SyS_fcntl+0x81c/0xc70 fs/fcntl.c:357

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/09/28 07:20 https://android.googlesource.com/kernel/common android-4.9 c30c69c76c1d c26ea367 .config console log report ci-android-49-kasan-gce
* Struck through repros no longer work on HEAD.