syzbot

 sign-in | mailing list | source | docs
🐞 Open [142] 🐞 Fixed [16] 🐞 Invalid [163] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: slab-out-of-bounds Read in native_queued_spin_lock_slowpath

Status: closed as invalid on 2017/12/12 13:35
First crash: 2324d, last: 2324d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-49 KASAN: slab-out-of-bounds Read in native_queued_spin_lock_slowpath 1168 2316d 2378d 0/3 closed as invalid on 2019/01/01 20:10
android-44 KASAN: slab-out-of-bounds Read in native_queued_spin_lock_slowpath (2) 4 2322d 2323d 0/2 auto-closed as invalid on 2019/02/22 15:29

Sample crash report:
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor2/10243
caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
CPU: 0 PID: 10243 Comm: syz-executor2 Not tainted 4.4.105-g36205b7 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 bb605abddf6d6676 ffff8801d2d776b8 ffffffff81cc9b4f
 0000000000000000 ffffffff839fd4a0 ffff8801d2d776f8 ffffffff81d28d58
 ffffffff83d093a0 ffff8800b8a43910 dffffc0000000000 ffffffff83cff4e0
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
 [<ffffffff81d28d58>] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46
 [<ffffffff81d28dc3>] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
 [<ffffffff832a4598>] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832a4598>] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff83206e7e>] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137
 [<ffffffff83282524>] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058
 [<ffffffff83282c1e>] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084
 [<ffffffff8340f088>] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline]
 [<ffffffff8340f088>] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
audit: type=1400 audit(1513033836.296:16): avc:  denied  { create } for  pid=10260 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1
audit: type=1400 audit(1513033836.416:17): avc:  denied  { read } for  pid=10260 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1
netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'.
device gre0 entered promiscuous mode
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor6/10457
caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
CPU: 1 PID: 10457 Comm: syz-executor6 Not tainted 4.4.105-g36205b7 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 74af139444f6515b ffff8801d2cc76b8 ffffffff81cc9b4f
 0000000000000001 ffffffff839fd4a0 ffff8801d2cc76f8 ffffffff81d28d58
 ffffffff83d093a0 ffff8800b8a42450 dffffc0000000000 ffffffff83cff4e0
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
 [<ffffffff81d28d58>] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46
 [<ffffffff81d28dc3>] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
 [<ffffffff832a4598>] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832a4598>] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff83206e7e>] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137
 [<ffffffff83282524>] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058
 [<ffffffff83282c1e>] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084
 [<ffffffff8340f088>] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline]
 [<ffffffff8340f088>] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor6/10457
caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
CPU: 0 PID: 10457 Comm: syz-executor6 Not tainted 4.4.105-g36205b7 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 74af139444f6515b ffff8801d2cc76b8 ffffffff81cc9b4f
 0000000000000000 ffffffff839fd4a0 ffff8801d2cc76f8 ffffffff81d28d58
 ffffffff83d093a0 ffff8800b8a40530 dffffc0000000000 ffffffff83cff4e0
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
 [<ffffffff81d28d58>] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46
 [<ffffffff81d28dc3>] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
 [<ffffffff832a4598>] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832a4598>] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff83206e7e>] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137
 [<ffffffff83282524>] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058
 [<ffffffff83282c1e>] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084
 [<ffffffff8340f088>] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline]
 [<ffffffff8340f088>] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor3/10528
caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
CPU: 0 PID: 10528 Comm: syz-executor3 Not tainted 4.4.105-g36205b7 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 3aec9801a59b0d44 ffff8800b7c576b8 ffffffff81cc9b4f
 0000000000000000 ffffffff839fd4a0 ffff8800b7c576f8 ffffffff81d28d58
 ffffffff83d093a0 ffff8801d2ca5f20 dffffc0000000000 ffffffff83cff4e0
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
 [<ffffffff81d28d58>] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46
 [<ffffffff81d28dc3>] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
 [<ffffffff832a4598>] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832a4598>] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff83206e7e>] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137
 [<ffffffff83282524>] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058
 [<ffffffff83282c1e>] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084
 [<ffffffff8340f088>] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline]
 [<ffffffff8340f088>] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor3/10551
caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
CPU: 0 PID: 10551 Comm: syz-executor3 Not tainted 4.4.105-g36205b7 #4
netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'.
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 25408e62c78b807b ffff8801d32df6b8 ffffffff81cc9b4f
 0000000000000000 ffffffff839fd4a0 ffff8801d32df6f8 ffffffff81d28d58
 ffffffff83d093a0 ffff8800b8a41f20 dffffc0000000000 ffffffff83cff4e0
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
 [<ffffffff81d28d58>] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46
 [<ffffffff81d28dc3>] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
 [<ffffffff832a4598>] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832a4598>] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff83206e7e>] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137
 [<ffffffff83282524>] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058
 [<ffffffff83282c1e>] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084
 [<ffffffff8340f088>] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline]
 [<ffffffff8340f088>] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'.
audit: type=1400 audit(1513033838.136:18): avc:  denied  { create } for  pid=10621 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1
device gre0 entered promiscuous mode
device gre0 entered promiscuous mode
netlink: 2 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 2 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'.
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor7/11156
caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
CPU: 1 PID: 11156 Comm: syz-executor7 Not tainted 4.4.105-g36205b7 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 d7b40097870c5d9d ffff8801d32d76b8 ffffffff81cc9b4f
 0000000000000001 ffffffff839fd4a0 ffff8801d32d76f8 ffffffff81d28d58
 ffffffff83d093a0 ffff8801da7673e0 dffffc0000000000 ffffffff83cff4e0
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
 [<ffffffff81d28d58>] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46
 [<ffffffff81d28dc3>] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
 [<ffffffff832a4598>] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832a4598>] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff83206e7e>] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137
 [<ffffffff83282524>] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058
 [<ffffffff83282c1e>] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084
 [<ffffffff8340f088>] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline]
 [<ffffffff8340f088>] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635
device gre0 entered promiscuous mode
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor7/11220
caller is __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
CPU: 1 PID: 11220 Comm: syz-executor7 Not tainted 4.4.105-g36205b7 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 3c6e8a32709540ff ffff8800b6c2f6b8 ffffffff81cc9b4f
 0000000000000001 ffffffff839fd4a0 ffff8800b6c2f6f8 ffffffff81d28d58
 ffffffff83d093a0 ffff8801d3010530 dffffc0000000000 ffffffff83cff4e0
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
 [<ffffffff81d28d58>] check_preemption_disabled+0x1b8/0x1f0 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:46
 [<ffffffff81d28dc3>] __this_cpu_preempt_check+0x13/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/lib/smp_processor_id.c:62
 [<ffffffff832a4598>] ipcomp_alloc_tfms /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:286 [inline]
 [<ffffffff832a4598>] ipcomp_init_state+0x168/0x8e0 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_ipcomp.c:363
 [<ffffffff83206e7e>] ipcomp4_init_state+0x9e/0x840 /syzkaller/managers/android-44-kasan-gce/kernel/net/ipv4/ipcomp.c:137
 [<ffffffff83282524>] __xfrm_init_state+0x354/0xa40 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2058
 [<ffffffff83282c1e>] xfrm_init_state+0xe/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/net/xfrm/xfrm_state.c:2084
 [<ffffffff8340f088>] pfkey_msg2xfrm_state /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1281 [inline]
 [<ffffffff8340f088>] pfkey_add+0x1e18/0x3d80 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 /syzkaller/managers/android-44-kasan-gce/kernel/net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
netlink: 2 bytes leftover after parsing attributes in process `syz-executor2'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket
netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor3'.
audit: type=1400 audit(1513033841.946:19): avc:  denied  { setopt } for  pid=11804 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
device gre0 entered promiscuous mode
audit: type=1400 audit(1513033842.086:20): avc:  denied  { set_context_mgr } for  pid=11848 comm="syz-executor6" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
binder: 11848:11872 BC_ACQUIRE_DONE u0000000000000000 no match
binder: 11848:11872 got reply transaction with no transaction stack
binder: 11848:11872 transaction failed 29201/-71, size 48-40 line 2924
binder: 11848:11872 ioctl c0306201 20000000 returned -14
binder: BINDER_SET_CONTEXT_MGR already set
binder: 11848:11853 ioctl 40046207 0 returned -16
binder: 11848:11881 BC_ACQUIRE_DONE u0000000000000000 no match
binder: 11848:11881 got reply transaction with no transaction stack
binder: 11848:11881 transaction failed 29201/-71, size 48-40 line 2924
binder: 11962:11969 ERROR: BC_REGISTER_LOOPER called without request
binder: 11959:11966 ERROR: BC_REGISTER_LOOPER called without request
binder: 11959:11966 BC_ACQUIRE_DONE u0000000000000000 no match
binder: 11959:11966 got reply transaction with no transaction stack
binder: 11959:11966 transaction failed 29201/-71, size 48-40 line 2924
binder: 11959:11976 ERROR: BC_REGISTER_LOOPER called without request
binder: 11959:11966 BC_ACQUIRE_DONE u0000000000000000 no match
binder: 11959:11966 got reply transaction with no transaction stack
binder: 11959:11966 transaction failed 29201/-71, size 48-40 line 2924
binder: 11962:11995 ERROR: BC_REGISTER_LOOPER called without request
binder: 11962:11985 BC_ACQUIRE_DONE u0000000000000000 no match
binder: 11962:11985 got reply transaction with no transaction stack
device gre0 entered promiscuous mode
binder: 11962:11985 transaction failed 29201/-71, size 48-40 line 2924
binder: 11962:11984 BC_ACQUIRE_DONE u0000000000000000 no match
binder: 11962:11984 got reply transaction with no transaction stack
binder: 11962:11984 transaction failed 29201/-71, size 48-40 line 2924
device gre0 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket
binder: 12171:12178 ERROR: BC_REGISTER_LOOPER called without request
binder: 12171:12195 transaction failed 29189/-22, size 0-0 line 3008
binder: 12171:12178 BC_ACQUIRE_DONE u0000000000000000 no match
binder: 12171:12178 Acquire 1 refcount change on invalid ref 0 ret -22
==================================================================
 [<ffffffff814f8a21>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
Bytes b4 ffff8800b3d23a80: 01 00 00 00 0e 00 00 00 8b a8 ff ff 00 00 00 00  ................
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=33 cpu=0 pid=3
==================================================================
 [<ffffffff814db589>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
 [<ffffffff814db589>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
 [<ffffffff814db589>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
 [<ffffffff814db589>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
 [<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
 [<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
 [<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
 [<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
	run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
	__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
	rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
	invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
	__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
	rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
 [<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
==================================================================
	smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
	__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
BUG fasync_cache (Tainted: G    B          ): kasan: bad access detected
 0000000000000000 09fb900b7dcb25cc ffff8801d333f9b0 ffffffff81cc9b4f
 ffff8800b3d23b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
	__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Read of size 4 by task syz-executor5/12212
 [<ffffffff814f6d8a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
==================================================================
	slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
	slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
	kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
 ffff8800b3d22010 ffff8800b3d23a90 ffff8801d333f9e0 ffffffff814d3af4
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
BUG fasync_cache (Tainted: G    B          ): kasan: bad access detected
Object ffff8800b3d23a90: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
Call Trace:
	__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
==================================================================
Object ffff8800b3d23ae0: 00 86 c5 b7 00 88 ff ff 30 f5 52 81 ff ff ff ff  ........0.R.....
 [<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
 [<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
 [<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
 [<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
 [<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
BUG fasync_cache (Tainted: G    B          ): kasan: bad access detected
Object ffff8800b3d23a90: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
	ret_from_fork+0x3f/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:468
	smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
                                                             ^
Object ffff8800b3d23ac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 06 00 00 00  .P.......F......
Call Trace:
Read of size 4 by task syz-executor5/12212
 ffff8800b3d23b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 0000000000000000 09fb900b7dcb25cc ffff8801d333f9b0 ffffffff81cc9b4f
Object ffff8800b3d23a90: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
 ffff8801d94aec00 ffffea0002cf4880 ffff8800b3d23a90 0000000000000000
	fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8800b3d23af4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b3d23af4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b3d23af4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8800b3d23af4
Object ffff8800b3d23ae0: 00 86 c5 b7 00 88 ff ff 30 f5 52 81 ff ff ff ff  ........0.R.....
 [<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
 [<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
 [<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
 [<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
	__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
 [<ffffffff82564a50>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
Bytes b4 ffff8800b3d23a80: 01 00 00 00 0e 00 00 00 8b a8 ff ff 00 00 00 00  ................
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
	___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
Object ffff8800b3d23ad0: 00 00 00 00 00 00 00 00 00 21 5a b9 00 88 ff ff  .........!Z.....
Call Trace:
	entry_SYSCALL_64_fastpath+0x16/0x76
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
                                                             ^
 ffff8800b3d22010 ffff8800b3d23a90 ffff8801d333f9e0 ffffffff814d3af4
 ffff8800b3d23a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Object ffff8800b3d23ac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 06 00 00 00  .P.......F......
	fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8800b3d23af4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b3d23af4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b3d23af4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8800b3d23af4
Object ffff8800b3d23a90: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
 ffff8801d94aec00 ffffea0002cf4880 ffff8800b3d23a90 0000000000000000
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=12212
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=12212
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=12212
 [<ffffffff82564ff5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
 ffff8800b3d23b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
	__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
 [<ffffffff814db589>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
 [<ffffffff814db589>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
 [<ffffffff814db589>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
 [<ffffffff814db589>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
 [<ffffffff814db589>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
 [<ffffffff814db589>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
 ffff8800b3d23980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Object ffff8800b3d23ac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 06 00 00 00  .P.......F......
 0000000000000000 09fb900b7dcb25cc ffff8801d333f9b0 ffffffff81cc9b4f
 [<ffffffff814f8a21>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
 ffff8800b3d23b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
CPU: 1 PID: 12212 Comm: syz-executor5 Tainted: G    B           4.4.105-g36205b7 #4
	smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
                                                             ^
 0000000000000000 09fb900b7dcb25cc ffff8801d333f9b0 ffffffff81cc9b4f
>ffff8800b3d23a80: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
Object ffff8800b3d23ac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 06 00 00 00  .P.......F......
 ffff8800b3d22010 ffff8800b3d23a90 ffff8801d333f9e0 ffffffff814d3af4
 [<ffffffff82564ff5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=33 cpu=0 pid=3
	slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
	slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
	kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Object ffff8800b3d23ad0: 00 00 00 00 00 00 00 00 00 21 5a b9 00 88 ff ff  .........!Z.....
 [<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
 0000000000000000 09fb900b7dcb25cc ffff8801d333f9b0 ffffffff81cc9b4f
 ffff8800b3d23b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 [<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
 [<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
 [<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
 [<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
 [<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
Object ffff8800b3d23a90: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
==================================================================
Object ffff8800b3d23ae0: 00 86 c5 b7 00 88 ff ff 30 f5 52 81 ff ff ff ff  ........0.R.....
 ffff8800b3d23b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Object ffff8800b3d23ad0: 00 00 00 00 00 00 00 00 00 21 5a b9 00 88 ff ff  .........!Z.....
CPU: 1 PID: 12212 Comm: syz-executor5 Tainted: G    B           4.4.105-g36205b7 #4
Object ffff8800b3d23a90: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
 [<ffffffff814db589>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
 [<ffffffff814db589>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
>ffff8800b3d23a80: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
	___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8800b3d23ae0: 00 86 c5 b7 00 88 ff ff 30 f5 52 81 ff ff ff ff  ........0.R.....
 [<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
Object ffff8800b3d23aa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff  ..........p.....
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8800b3d23b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8801d94aec00 ffffea0002cf4880 ffff8800b3d23a90 0000000000000000
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=12212
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=12212
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=12212
Object ffff8800b3d23ad0: 00 00 00 00 00 00 00 00 00 21 5a b9 00 88 ff ff  .........!Z.....
 [<ffffffff82566a87>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
 ffff8800b3d22010 ffff8800b3d23a90 ffff8801d333f9e0 ffffffff814d3af4
INFO: Slab 0xffffea0002cf4880 objects=20 used=1 fp=0xffff8800b3d235e0 flags=0x4000000000004080
Read of size 4 by task syz-executor5/12212
 ffff8800b3d23a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b3d22010 ffff8800b3d23a90 ffff8801d333f9e0 ffffffff814d3af4
	run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
Object ffff8800b3d23ae0: 00 86 c5 b7 00 88 ff ff 30 f5 52 81 ff ff ff ff  ........0.R.....
>ffff8800b3d23a80: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
CPU: 1 PID: 12212 Comm: syz-executor5 Tainted: G    B           4.4.105-g36205b7 #4
	__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
 [<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
	__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
 [<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
 [<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
 [<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
 [<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
	entry_SYSCALL_64_fastpath+0x16/0x76
 ffff8800b3d23b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
	smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
 [<ffffffff814fb393>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
 [<ffffffff814fb393>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
>ffff8800b3d23a80: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
 ffff8800b3d23980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b3d23980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Read of size 4 by task syz-executor5/12212
Call Trace:
 ffff8800b3d23b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
	__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
 ffff8800b3d22010 ffff8800b3d23a90 ffff8801d333f9e0 ffffffff814d3af4
 ffff8800b3d23a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 [<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
Object ffff8800b3d23a90: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
Object ffff8800b3d23ad0: 00 00 00 00 00 00 00 00 00 21 5a b9 00 88 ff ff  .........!Z.....
>ffff8800b3d23a80: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
	___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
Object ffff8800b3d23ae0: 00 86 c5 b7 00 88 ff ff 30 f5 52 81 ff ff ff ff  ........0.R.....
	__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
	fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
BUG fasync_cache (Tainted: G    B          ): kasan: bad access detected
Object ffff8800b3d23ab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8800b3d23af4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b3d23af4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b3d23af4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8800b3d23af4
                                                             ^
	fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
	__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
 ffff8800b3d22010 ffff8800b3d23a90 ffff8801d333f9e0 ffffffff814d3af4
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8800b3d23af4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b3d23af4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b3d23af4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8800b3d23af4
Object ffff8800b3d23aa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff  ..........p.....
 [<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
 [<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
 [<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
 [<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
	___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
Object ffff8800b3d23a90: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
 [<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8800b3d23af4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b3d23af4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b3d23af4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8800b3d23af4
 0000000000000000 09fb900b7dcb25cc ffff8801d333f9b0 ffffffff81cc9b4f
>ffff8800b3d23a80: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
Object ffff8800b3d23a90: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
	entry_SYSCALL_64_fastpath+0x16/0x76
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
 0000000000000000 09fb900b7dcb25cc ffff8801d333f9b0 ffffffff81cc9b4f
                                                             ^
Object ffff8800b3d23ac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 06 00 00 00  .P.......F......
	fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
==================================================================
Object ffff8800b3d23a90: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
Object ffff8800b3d23a90: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
 [<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
 [<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
 [<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
 [<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
	__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
	entry_SYSCALL_64_fastpath+0x16/0x76
>ffff8800b3d23a80: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
 ffff8800b3d23b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=12212
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=12212
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=12212
Object ffff8800b3d23a90: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
	ret_from_fork+0x3f/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:468
	smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
 ffff8800b3d23980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
-----------------------------------------------------------------------------

	entry_SYSCALL_64_fastpath+0x16/0x76
 [<ffffffff82564ff5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
 [<ffffffff814db589>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
 [<ffffffff814db589>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
CPU: 1 PID: 12212 Comm: syz-executor5 Tainted: G    B           4.4.105-g36205b7 #4
Object ffff8800b3d23ab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
INFO: Object 0xffff8800b3d23a90 @offset=6800 fp=0xdead4ead00000000

 [<ffffffff814db589>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
 [<ffffffff814db589>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
==================================================================
 0000000000000000 09fb900b7dcb25cc ffff8801d333f9b0 ffffffff81cc9b4f
INFO: Object 0xffff8800b3d23a90 @offset=6800 fp=0xdead4ead00000000

 ffff8800b3d23980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
	ret_from_fork+0x3f/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:468
	__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
	__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
 ffff8800b3d23980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Object ffff8800b3d23ac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 06 00 00 00  .P.......F......
CPU: 1 PID: 12212 Comm: syz-executor5 Tainted: G    B           4.4.105-g36205b7 #4
	__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
 [<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Object ffff8800b3d23aa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff  ..........p.....
Object ffff8800b3d23ae0: 00 86 c5 b7 00 88 ff ff 30 f5 52 81 ff ff ff ff  ........0.R.....
Call Trace:
	slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
	slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
	kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
 0000000000000000 09fb900b7dcb25cc ffff8801d333f9b0 ffffffff81cc9b4f
=============================================================================
>ffff8800b3d23a80: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
CPU: 1 PID: 12212 Comm: syz-executor5 Tainted: G    B           4.4.105-g36205b7 #4
	sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=12212
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=12212
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=12212
 [<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Object ffff8800b3d23ad0: 00 00 00 00 00 00 00 00 00 21 5a b9 00 88 ff ff  .........!Z.....
Object ffff8800b3d23ad0: 00 00 00 00 00 00 00 00 00 21 5a b9 00 88 ff ff  .........!Z.....
 ffff8800b3d22010 ffff8800b3d23a90 ffff8801d333f9e0 ffffffff814d3af4
	fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
	__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
	__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
Object ffff8800b3d23ab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 ffff8800b3d22010 ffff8800b3d23a90 ffff8801d333f9e0 ffffffff814d3af4
 ffff8800b3d23b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Object ffff8800b3d23ab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8800b3d23ab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 [<ffffffff814db589>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
 [<ffffffff814db589>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
INFO: Object 0xffff8800b3d23a90 @offset=6800 fp=0xdead4ead00000000

 ffff8800b3d23b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 [<ffffffff82564ff5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
 ffff8800b3d23b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 [<ffffffff814db589>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
 [<ffffffff814db589>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
Call Trace:
 ffff8800b3d23a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
CPU: 1 PID: 12212 Comm: syz-executor5 Tainted: G    B           4.4.105-g36205b7 #4
Object ffff8800b3d23a90: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
 ffff8801d94aec00 ffffea0002cf4880 ffff8800b3d23a90 0000000000000000
 ffff8800b3d23b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/12/11 23:10 https://android.googlesource.com/kernel/common android-4.4 36205b7fa963 da131727 .config console log report ci-android-44-kasan-gce
* Struck through repros no longer work on HEAD.