KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (11)

KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (11)
Status: closed as invalid on 2017/11/05 07:52
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 1367d, last: 1366d

similar bugs (11):
Kernel	Title	Count	Last	Reported	Patched	Status
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (10)	1	1368d	1368d	0/3	closed as invalid on 2017/11/03 07:08
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (4)	1	1379d	1379d	0/3	closed as invalid on 2017/10/22 18:19
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (7)	1	1377d	1377d	0/3	closed as invalid on 2017/10/25 06:19
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (12)	1	1350d	1350d	0/3	closed as invalid on 2017/11/21 08:19
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (3)	2	1380d	1382d	0/3	closed as invalid on 2017/10/22 12:19
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (6)	1	1377d	1377d	0/3	closed as invalid on 2017/10/24 19:19
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (9)	4	1372d	1375d	0/3	closed as invalid on 2017/10/30 13:35
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (8)	1	1376d	1376d	0/3	closed as invalid on 2017/10/26 15:19
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR	19	1384d	1403d	0/3	closed as invalid on 2017/10/18 09:51
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (2)	1	1382d	1382d	0/3	closed as invalid on 2017/10/19 10:51
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (5)	1	1378d	1378d	0/3	closed as invalid on 2017/10/24 05:19

Sample crash report:

   program syz-executor3 not setting count and/or reply_len properly
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=34067 sclass=netlink_route_socket pig=6802 comm=syz-executor0
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801cf28afc0
BUG: KASAN: slab-out-of-bounds in list_empty include/linux/list.h:189 [inline] at addr ffff8801cf28afc0
BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 drivers/scsi/sg.c:2120 at addr ffff8801cf28afc0

Crashes (2):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-android-49-kasan-gce	2017/11/04 12:02	https://android.googlesource.com/kernel/common android-4.9	dfe0a9bcfc3a	d49979f7	.config	log	report
ci-android-49-kasan-gce	2017/11/03 19:54	https://android.googlesource.com/kernel/common android-4.9	dfe0a9bcfc3a	d49979f7	.config	log	report