INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
entry_SYSCALL_64_fastpath+0x16/0x76
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
Call Trace:
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
ffff8800b903e010 ffff8800b903e960 ffff8801d45df9e0 ffffffff814d3af4
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
Read of size 4 by task syz-executor5/7148
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
INFO: Slab 0xffffea0002e40f80 objects=20 used=2 fp=0xffff8800b903eaf0 flags=0x4000000000004080
Memory state around the buggy address:
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
==================================================================
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
Read of size 4 by task syz-executor5/7148
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8800b903e9c4
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
ffff8800b903ea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
-----------------------------------------------------------------------------
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
Memory state around the buggy address:
Read of size 4 by task syz-executor5/7148
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
Call Trace:
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
Read of size 4 by task syz-executor5/7148
ffff8800b903e010 ffff8800b903e960 ffff8801d45df9e0 ffffffff814d3af4
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
Read of size 4 by task syz-executor5/7148
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8800b903e9c4
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
-----------------------------------------------------------------------------
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
INFO: Slab 0xffffea0002e40f80 objects=20 used=2 fp=0xffff8800b903eaf0 flags=0x4000000000004080
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
ffff8800b903e010 ffff8800b903e960 ffff8801d45df9e0 ffffffff814d3af4
INFO: Slab 0xffffea0002e40f80 objects=20 used=2 fp=0xffff8800b903eaf0 flags=0x4000000000004080
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
entry_SYSCALL_64_fastpath+0x16/0x76
smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
>ffff8800b903e980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
[<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
ffff8800b903e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Call Trace:
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
-----------------------------------------------------------------------------
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
ffff8801d98ecc00 ffffea0002e40f80 ffff8800b903e960 0000000000000000
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
-----------------------------------------------------------------------------
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
-----------------------------------------------------------------------------
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8800b903e9c4
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
Read of size 4 by task syz-executor5/7148
INFO: Slab 0xffffea0002e40f80 objects=20 used=2 fp=0xffff8800b903eaf0 flags=0x4000000000004080
^
Read of size 4 by task syz-executor5/7148
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
==================================================================
>ffff8800b903e980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
Memory state around the buggy address:
-----------------------------------------------------------------------------
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
Read of size 4 by task syz-executor5/7148
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
==================================================================
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
INFO: Slab 0xffffea0002e40f80 objects=20 used=2 fp=0xffff8800b903eaf0 flags=0x4000000000004080
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
==================================================================
=============================================================================
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
>ffff8800b903e980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
ffff8801d98ecc00 ffffea0002e40f80 ffff8800b903e960 0000000000000000
Read of size 4 by task syz-executor5/7148
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
^
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
==================================================================
Read of size 4 by task syz-executor5/7148
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
^
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
Read of size 4 by task syz-executor5/7148
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
Call Trace:
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
==================================================================
=============================================================================
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
-----------------------------------------------------------------------------
entry_SYSCALL_64_fastpath+0x16/0x76
entry_SYSCALL_64_fastpath+0x16/0x76
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
Read of size 4 by task syz-executor5/7148
Call Trace:
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
Read of size 4 by task syz-executor5/7148
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
INFO: Slab 0xffffea0002e40f80 objects=20 used=2 fp=0xffff8800b903eaf0 flags=0x4000000000004080
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
ffff8800b903e010 ffff8800b903e960 ffff8801d45df9e0 ffffffff814d3af4
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
entry_SYSCALL_64_fastpath+0x16/0x76
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
INFO: Slab 0xffffea0002e40f80 objects=20 used=2 fp=0xffff8800b903eaf0 flags=0x4000000000004080
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
ffff8800b903e010 ffff8800b903e960 ffff8801d45df9e0 ffffffff814d3af4
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
>ffff8800b903e980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
entry_SYSCALL_64_fastpath+0x16/0x76
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
ffff8800b903ea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
Read of size 4 by task syz-executor5/7148
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
ffff8800b903ea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
Read of size 4 by task syz-executor5/7148
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
[<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
[<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
Read of size 4 by task syz-executor5/7148
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8800b903e9c4
Read of size 4 by task syz-executor5/7148
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Read of size 4 by task syz-executor5/7148
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
entry_SYSCALL_64_fastpath+0x16/0x76
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
ffff8800b903e010 ffff8800b903e960 ffff8801d45df9e0 ffffffff814d3af4
Call Trace:
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
=============================================================================
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
^
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8800b903e9c4
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
=============================================================================
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
Read of size 4 by task syz-executor5/7148
smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
Read of size 4 by task syz-executor5/7148
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
Read of size 4 by task syz-executor5/7148
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
=============================================================================
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
INFO: Slab 0xffffea0002e40f80 objects=20 used=2 fp=0xffff8800b903eaf0 flags=0x4000000000004080
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
Memory state around the buggy address:
Read of size 4 by task syz-executor5/7148
Call Trace:
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
^
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
>ffff8800b903e980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
INFO: Slab 0xffffea0002e40f80 objects=20 used=2 fp=0xffff8800b903eaf0 flags=0x4000000000004080
-----------------------------------------------------------------------------
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
ffff8801d98ecc00 ffffea0002e40f80 ffff8800b903e960 0000000000000000
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8800b903e9c4
Read of size 4 by task syz-executor5/7148
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8800b903e9c4
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
ffff8800b903ea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Memory state around the buggy address:
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8800b903e9c4
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
>ffff8800b903e980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
=============================================================================
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
ffff8801d98ecc00 ffffea0002e40f80 ffff8800b903e960 0000000000000000
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
-----------------------------------------------------------------------------
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
==================================================================
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
ret_from_fork+0x3f/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:468
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
>ffff8800b903e980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8800b903e9c4
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
Read of size 4 by task syz-executor5/7148
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
Read of size 4 by task syz-executor5/7148
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
Read of size 4 by task syz-executor5/7148
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
^
-----------------------------------------------------------------------------
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
ffff8801d98ecc00 ffffea0002e40f80 ffff8800b903e960 0000000000000000
ffff8800b903e010 ffff8800b903e960 ffff8801d45df9e0 ffffffff814d3af4
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
Read of size 4 by task syz-executor5/7148
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
Read of size 4 by task syz-executor5/7148
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
ffff8801d98ecc00 ffffea0002e40f80 ffff8800b903e960 0000000000000000
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
-----------------------------------------------------------------------------
ffff8800b903e010 ffff8800b903e960 ffff8801d45df9e0 ffffffff814d3af4
ffff8800b903e010 ffff8800b903e960 ffff8801d45df9e0 ffffffff814d3af4
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
==================================================================
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
-----------------------------------------------------------------------------
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
ffff8800b903e010 ffff8800b903e960 ffff8801d45df9e0 ffffffff814d3af4
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
>ffff8800b903e980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
^
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
Read of size 4 by task syz-executor5/7148
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
^
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8800b903e9c4
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
>ffff8800b903e980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
==================================================================
ffff8800b903ea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
==================================================================
Memory state around the buggy address:
==================================================================
^
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
ffff8801d98ecc00 ffffea0002e40f80 ffff8800b903e960 0000000000000000
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
-----------------------------------------------------------------------------
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
-----------------------------------------------------------------------------
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
-----------------------------------------------------------------------------
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
-----------------------------------------------------------------------------
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
ret_from_fork+0x3f/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:468
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
entry_SYSCALL_64_fastpath+0x16/0x76
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
ffff8801d98ecc00 ffffea0002e40f80 ffff8800b903e960 0000000000000000
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
ffff8800b903e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
-----------------------------------------------------------------------------
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
INFO: Slab 0xffffea0002e40f80 objects=20 used=2 fp=0xffff8800b903eaf0 flags=0x4000000000004080
=============================================================================
smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Read of size 4 by task syz-executor5/7148
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
ffff8800b903e900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
==================================================================
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
ffff8800b903ea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=0 cpu=1 pid=7148
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=0 cpu=1 pid=7148
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
>ffff8800b903e980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
>ffff8800b903e980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
==================================================================
Read of size 4 by task syz-executor5/7148
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
=============================================================================
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b903e9c4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8800b903e9c4
Read of size 4 by task syz-executor5/7148
[<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
[<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
==================================================================
Object ffff8800b903e970: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
-----------------------------------------------------------------------------
Read of size 4 by task syz-executor5/7148
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
>ffff8800b903e980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
Memory state around the buggy address:
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
>ffff8800b903e980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
ffff8801d98ecc00 ffffea0002e40f80 ffff8800b903e960 0000000000000000
Object ffff8800b903e9b0: 00 3c 13 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff .<........R.....
Object ffff8800b903e9a0: 00 00 00 00 00 00 00 00 00 a7 1f b9 00 88 ff ff ................
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
[<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
[<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
smpboot_thread_fn+0x55f/0x920 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/smpboot.c:163
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
ffff8800b903ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fb fb
>ffff8800b903e980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
Read of size 4 by task syz-executor5/7148
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
Object ffff8800b903e960: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
ffff8801d98ecc00 ffffea0002e40f80 ffff8800b903e960 0000000000000000
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
>ffff8800b903e980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
Read of size 4 by task syz-executor5/7148
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Object ffff8800b903e990: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F......
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
INFO: Object 0xffff8800b903e960 @offset=2400 fp=0xdead4ead00000000
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
Bytes b4 ffff8800b903e950: 01 00 00 00 b2 18 00 00 b5 a0 ff ff 00 00 00 00 ................
ret_from_fork+0x3f/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:468
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
^
>ffff8800b903e980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
-----------------------------------------------------------------------------
0000000000000000 582991853f244264 ffff8801d45df9b0 ffffffff81cc9b0f
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
Object ffff8800b903e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=624 cpu=0 pid=3
==================================================================
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
CPU: 1 PID: 7148 Comm: syz-executor5 Tainted: G B 4.4.104-ged884eb #2
Read of size 4 by task syz-executor5/7148
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
BUG fasync_cache (Tainted: G B ): kasan: bad access detected