BUG fasync_cache (Tainted: G B ): kasan: bad access detected
>ffff8801d2c8fa80: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=57 cpu=0 pid=18338
^
Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9......
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
Read of size 4 by task syz-executor4/18439
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
__raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
==================================================================
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
__raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
[<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
[<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
Bytes b4 ffff8801d2c8fa80: 01 00 00 00 05 47 00 00 82 af ff ff 00 00 00 00 .....G..........
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9......
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
-----------------------------------------------------------------------------
Bytes b4 ffff8801d2c8fa80: 01 00 00 00 05 47 00 00 82 af ff ff 00 00 00 00 .....G..........
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Call Trace:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
^
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
ffff8801d2c8f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
-----------------------------------------------------------------------------
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
-----------------------------------------------------------------------------
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
Read of size 4 by task syz-executor4/18439
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
ffff8801d2c8f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
=============================================================================
d_alloc_pseudo+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1680
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=105 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=105 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=105 cpu=1 pid=18439
__raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N..........
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N..........
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
-----------------------------------------------------------------------------
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
entry_SYSCALL_64_fastpath+0x16/0x76
Call Trace:
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
^
Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N..........
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
ffff8801d2c8fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Bytes b4 ffff8801d2c8fa80: 01 00 00 00 05 47 00 00 82 af ff ff 00 00 00 00 .....G..........
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Bytes b4 ffff8801d2c8fa80: 01 00 00 00 05 47 00 00 82 af ff ff 00 00 00 00 .....G..........
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
==================================================================
__raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23
__raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=166 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=166 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=166 cpu=1 pid=18439
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=171 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=171 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=171 cpu=1 pid=18439
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
Read of size 4 by task syz-executor4/18439
Read of size 4 by task syz-executor4/18439
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
=============================================================================
entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
==================================================================
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9......
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
=============================================================================
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
-----------------------------------------------------------------------------
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=202 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=202 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=202 cpu=1 pid=18439
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
=============================================================================
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
==================================================================
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=219 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=219 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=219 cpu=1 pid=18439
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
Call Trace:
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
entry_SYSCALL_64_fastpath+0x16/0x76
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9......
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
Call Trace:
Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N..........
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
==================================================================
-----------------------------------------------------------------------------
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
[<ffffffff8374aaf6>] entry_SYSCALL_64_fastpath+0x16/0x76
==================================================================
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=320 cpu=0 pid=18338
Call Trace:
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
Call Trace:
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
[<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
[<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
Read of size 4 by task syz-executor4/18439
d_alloc_pseudo+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1680
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
ffff8801d2c8f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
-----------------------------------------------------------------------------
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=334 cpu=0 pid=18338
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
Read of size 4 by task syz-executor4/18439
-----------------------------------------------------------------------------
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=340 cpu=0 pid=18338
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N..........
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
==================================================================
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
Read of size 4 by task syz-executor4/18439
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
ffff8801d2c8fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
=============================================================================
entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
Call Trace:
Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N..........
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
entry_SYSCALL_64_fastpath+0x16/0x76
Call Trace:
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=343 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=343 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=343 cpu=1 pid=18439
entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
Read of size 4 by task syz-executor4/18439
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=349 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=349 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=349 cpu=1 pid=18439
Bytes b4 ffff8801d2c8fa80: 01 00 00 00 05 47 00 00 82 af ff ff 00 00 00 00 .....G..........
Call Trace:
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
==================================================================
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Call Trace:
Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9......
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Call Trace:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
Read of size 4 by task syz-executor4/18439
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
-----------------------------------------------------------------------------
Read of size 4 by task syz-executor4/18439
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
ffff8801d2c8fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=382 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=382 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=382 cpu=1 pid=18439
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
=============================================================================
__raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
Call Trace:
Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9......
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9......
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
SYSC_socketpair /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1313 [inline]
SyS_socketpair+0x264/0x480 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1268
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
entry_SYSCALL_64_fastpath+0x16/0x76
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
INFO: Slab 0xffffea00074b2380 objects=20 used=2 fp=0xffff8801d2c8f5e0 flags=0x8000000000004080
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9......
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N..........
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
Read of size 4 by task syz-executor4/18439
__d_alloc+0x248/0x790 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1622
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=429 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=429 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=429 cpu=1 pid=18439
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=434 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=434 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=434 cpu=1 pid=18439
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
Read of size 4 by task syz-executor4/18439
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
__d_alloc+0x248/0x790 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1622
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
==================================================================
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Call Trace:
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
-----------------------------------------------------------------------------
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
__d_alloc+0x248/0x790 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1622
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
Bytes b4 ffff8801d2c8fa80: 01 00 00 00 05 47 00 00 82 af ff ff 00 00 00 00 .....G..........
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
ffff8801d2c8fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
entry_SYSCALL_64_fastpath+0x16/0x76
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
==================================================================
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
ffff8801d2c8f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
ffff8801d2c8f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
==================================================================
-----------------------------------------------------------------------------
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
Call Trace:
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
-----------------------------------------------------------------------------
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Read of size 4 by task syz-executor4/18439
Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N..........
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
ffff8801d2c8fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
==================================================================
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9......
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
-----------------------------------------------------------------------------
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
-----------------------------------------------------------------------------
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
Read of size 4 by task syz-executor4/18439
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
INFO: Slab 0xffffea00074b2380 objects=20 used=2 fp=0xffff8801d2c8f5e0 flags=0x8000000000004080
Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9......
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=545 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=545 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=545 cpu=1 pid=18439
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
Call Trace:
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
Call Trace:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
entry_SYSCALL_64_fastpath+0x16/0x76
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
Call Trace:
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
=============================================================================
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
ffff8801d2c8f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
__d_alloc+0x248/0x790 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1622
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=568 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=568 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=568 cpu=1 pid=18439
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
=============================================================================
INFO: Slab 0xffffea00074b2380 objects=20 used=2 fp=0xffff8801d2c8f5e0 flags=0x8000000000004080
Call Trace:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
__raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
d_alloc_pseudo+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1680
==================================================================
Read of size 4 by task syz-executor4/18439
Read of size 4 by task syz-executor4/18439
__d_alloc+0x248/0x790 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1622
==================================================================
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
=============================================================================
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
==================================================================
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=609 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=609 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=609 cpu=1 pid=18439
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
==================================================================
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=612 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=612 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=612 cpu=1 pid=18439
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
ffff8801d2c8fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
=============================================================================
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
ffff8801d2c8f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9......
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
entry_SYSCALL_64_fastpath+0x16/0x76
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
==================================================================
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
-----------------------------------------------------------------------------
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=727 cpu=0 pid=18338
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N..........
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
-----------------------------------------------------------------------------
Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N..........
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
-----------------------------------------------------------------------------
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=702 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=702 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=702 cpu=1 pid=18439
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
Call Trace:
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
==================================================================
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
==================================================================
=============================================================================
Bytes b4 ffff8801d2c8fa80: 01 00 00 00 05 47 00 00 82 af ff ff 00 00 00 00 .....G..........
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
__raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
==================================================================
=============================================================================
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
Call Trace:
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
SYSC_socketpair /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1313 [inline]
SyS_socketpair+0x264/0x480 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1268
ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000
Call Trace:
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=739 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=739 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=739 cpu=1 pid=18439
Bytes b4 ffff8801d2c8fa80: 01 00 00 00 05 47 00 00 82 af ff ff 00 00 00 00 .....G..........
ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000
^
ffff8801d2c8fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
-----------------------------------------------------------------------------
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000
Call Trace:
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Read of size 4 by task syz-executor4/18439
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
SYSC_socketpair /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1313 [inline]
SyS_socketpair+0x264/0x480 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1268
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
Read of size 4 by task syz-executor4/18439
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=806 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=806 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=806 cpu=1 pid=18439
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
==================================================================
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=869 cpu=0 pid=18338
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
INFO: Slab 0xffffea00074b2380 objects=20 used=2 fp=0xffff8801d2c8f5e0 flags=0x8000000000004080
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N..........
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9......
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
Call Trace:
Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9......
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=846 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=846 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=846 cpu=1 pid=18439
__d_alloc+0x248/0x790 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1622
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
==================================================================
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
Read of size 4 by task syz-executor4/18439
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
ffff8801d2c8fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
Read of size 4 by task syz-executor4/18439
=============================================================================
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
=============================================================================
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9......
__d_alloc+0x248/0x790 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1622
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=880 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=880 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=880 cpu=1 pid=18439
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9......
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
__raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=895 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=895 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=895 cpu=1 pid=18439
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
[<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
Call Trace:
Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
Memory state around the buggy address:
=============================================================================
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
^
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
-----------------------------------------------------------------------------
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=922 cpu=1 pid=18439
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=922 cpu=1 pid=18439
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=922 cpu=1 pid=18439
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
SYSC_socketpair /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1313 [inline]
SyS_socketpair+0x264/0x480 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1268
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
Read of size 4 by task syz-executor4/18439
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Read of size 4 by task syz-executor4/18439
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
ffff8801d2c8fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
Memory state around the buggy address:
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
Memory state around the buggy address:
^
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
-----------------------------------------------------------------------------
entry_SYSCALL_64_fastpath+0x16/0x76
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
=============================================================================
INFO: Slab 0xffffea00074b2380 objects=20 used=2 fp=0xffff8801d2c8f5e0 flags=0x8000000000004080
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
^
Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9......
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
^
CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
-----------------------------------------------------------------------------
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689