ffff8801d3701080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
ffff8801d3701280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
^
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
ffff8801d3701280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
entry_SYSCALL_64_fastpath+0x16/0x76
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
Call Trace:
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
>ffff8801d3701180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8801d3701180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8801d3701080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8801d3701100: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
ffff8800bbb98c00 ffffea00074dc000 ffff8801d3701130 0000000000000000
Object ffff8801d3701130: 00 00 00 00 ad 4e ad de ff ff ff ff be 3f fb a0 .....N.......?..
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
Read of size 4 by task syz-executor1/6024
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
INFO: Object 0xffff8801d3701130 @offset=4400 fp=0xdead4ead00000000
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
=============================================================================
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
^
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
Object ffff8801d3701130: 00 00 00 00 ad 4e ad de ff ff ff ff be 3f fb a0 .....N.......?..
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
ffff8801d3701100: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
-----------------------------------------------------------------------------
==================================================================
^
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
Object ffff8801d3701160: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
Object ffff8801d3701130: 00 00 00 00 ad 4e ad de ff ff ff ff be 3f fb a0 .....N.......?..
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
=============================================================================
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
ffff8801d3701280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
=============================================================================
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
Memory state around the buggy address:
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
Call Trace:
ffff8801d3701280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
Memory state around the buggy address:
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
==================================================================
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=52 cpu=0 pid=3
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
^
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
CPU: 1 PID: 6024 Comm: syz-executor1 Tainted: G B 4.4.104-ged884eb #2
ret_from_fork+0x3f/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:468
ffff8801d3701080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Call Trace:
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
Object ffff8801d3701170: 00 00 00 00 00 00 00 00 00 67 b4 b5 00 88 ff ff .........g......
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
Object ffff8801d3701160: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
-----------------------------------------------------------------------------
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
ffff8801d3701200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8801d3701280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Call Trace:
ffff8801d3701100: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
Bytes b4 ffff8801d3701120: 00 00 00 00 6d 13 00 00 74 9d ff ff 00 00 00 00 ....m...t.......
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
Object ffff8801d3701140: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
Bytes b4 ffff8801d3701120: 00 00 00 00 6d 13 00 00 74 9d ff ff 00 00 00 00 ....m...t.......
Object ffff8801d3701150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
Object ffff8801d3701140: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
Bytes b4 ffff8801d3701120: 00 00 00 00 6d 13 00 00 74 9d ff ff 00 00 00 00 ....m...t.......
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
=============================================================================
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8800bbb98c00 ffffea00074dc000 ffff8801d3701130 0000000000000000
Object ffff8801d3701180: 00 de 72 d5 01 88 ff ff f0 f4 52 81 ff ff ff ff ..r.......R.....
ffff8801d3701100: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
INFO: Object 0xffff8801d3701130 @offset=4400 fp=0xdead4ead00000000
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
Bytes b4 ffff8801d3701120: 00 00 00 00 6d 13 00 00 74 9d ff ff 00 00 00 00 ....m...t.......
==================================================================
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
ffff8801d3701080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
=============================================================================
ret_from_fork+0x3f/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:468
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
==================================================================
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
INFO: Object 0xffff8801d3701130 @offset=4400 fp=0xdead4ead00000000
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
CPU: 1 PID: 6024 Comm: syz-executor1 Tainted: G B 4.4.104-ged884eb #2
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
Call Trace:
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
ffff8801d3701100: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
ffff8801d3701200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
ffff8801d3701280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
>ffff8801d3701180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
INFO: Slab 0xffffea00074dc000 objects=20 used=3 fp=0xffff8801d3701900 flags=0x8000000000004080
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
Object ffff8801d3701170: 00 00 00 00 00 00 00 00 00 67 b4 b5 00 88 ff ff .........g......
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
^
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
[<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
[<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
entry_SYSCALL_64_fastpath+0x16/0x76
ffff8800bbb98c00 ffffea00074dc000 ffff8801d3701130 0000000000000000
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
Memory state around the buggy address:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=52 cpu=0 pid=3
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
Memory state around the buggy address:
Object ffff8801d3701170: 00 00 00 00 00 00 00 00 00 67 b4 b5 00 88 ff ff .........g......
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
[<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
^
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
Object ffff8801d3701170: 00 00 00 00 00 00 00 00 00 67 b4 b5 00 88 ff ff .........g......
Read of size 4 by task syz-executor1/6024
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
>ffff8801d3701180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
ffff8801d3701280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
ffff8801d3701080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8801d3701200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
[<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
>ffff8801d3701180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
Read of size 4 by task syz-executor1/6024
entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
[<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
=============================================================================
Object ffff8801d3701160: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
ffff8801d3701080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Memory state around the buggy address:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
ffff8801d3701280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
[<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
entry_SYSCALL_64_fastpath+0x16/0x76
ffff8801d3701080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
ffff8801d3701080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=52 cpu=0 pid=3
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
Call Trace:
-----------------------------------------------------------------------------
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
Object ffff8801d3701160: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
>ffff8801d3701180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=52 cpu=0 pid=3
ffff8801d3701080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
ffff8800bbb98c00 ffffea00074dc000 ffff8801d3701130 0000000000000000
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
=============================================================================
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
Object ffff8801d3701140: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
INFO: Slab 0xffffea00074dc000 objects=20 used=3 fp=0xffff8801d3701900 flags=0x8000000000004080
[<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
[<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
INFO: Object 0xffff8801d3701130 @offset=4400 fp=0xdead4ead00000000
Object ffff8801d3701130: 00 00 00 00 ad 4e ad de ff ff ff ff be 3f fb a0 .....N.......?..
Read of size 4 by task syz-executor1/6024
^
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
>ffff8801d3701180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Memory state around the buggy address:
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
Object ffff8801d3701170: 00 00 00 00 00 00 00 00 00 67 b4 b5 00 88 ff ff .........g......
Object ffff8801d3701130: 00 00 00 00 ad 4e ad de ff ff ff ff be 3f fb a0 .....N.......?..
=============================================================================
CPU: 1 PID: 6024 Comm: syz-executor1 Tainted: G B 4.4.104-ged884eb #2
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
Object ffff8801d3701150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
CPU: 1 PID: 6024 Comm: syz-executor1 Tainted: G B 4.4.104-ged884eb #2
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
Object ffff8801d3701180: 00 de 72 d5 01 88 ff ff f0 f4 52 81 ff ff ff ff ..r.......R.....
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Object ffff8801d3701140: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
==================================================================
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Object ffff8801d3701140: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
Read of size 4 by task syz-executor1/6024
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=52 cpu=0 pid=3
>ffff8801d3701180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
CPU: 1 PID: 6024 Comm: syz-executor1 Tainted: G B 4.4.104-ged884eb #2
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
==================================================================
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
Call Trace:
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
ffff8801d3701280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
Call Trace:
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
Object ffff8801d3701150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
ffff8800bbb98c00 ffffea00074dc000 ffff8801d3701130 0000000000000000
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
^
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
-----------------------------------------------------------------------------
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Bytes b4 ffff8801d3701120: 00 00 00 00 6d 13 00 00 74 9d ff ff 00 00 00 00 ....m...t.......
ffff8801d3701200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Memory state around the buggy address:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
ffff8801d3701100: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00
ffff8800bbb98c00 ffffea00074dc000 ffff8801d3701130 0000000000000000
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
Object ffff8801d3701140: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
ffff8801d3701200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Call Trace:
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
Read of size 4 by task syz-executor1/6024
>ffff8801d3701180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
[<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
[<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
Read of size 4 by task syz-executor1/6024
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
ffff8801d3701080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Memory state around the buggy address:
Object ffff8801d3701180: 00 de 72 d5 01 88 ff ff f0 f4 52 81 ff ff ff ff ..r.......R.....
=============================================================================
Object ffff8801d3701160: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
==================================================================
==================================================================
ffff8801d3701080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Memory state around the buggy address:
Object ffff8801d3701160: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
^
ffff8800bbb98c00 ffffea00074dc000 ffff8801d3701130 0000000000000000
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
^
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
Object ffff8801d3701130: 00 00 00 00 ad 4e ad de ff ff ff ff be 3f fb a0 .....N.......?..
>ffff8801d3701180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
ffff8800bbb98c00 ffffea00074dc000 ffff8801d3701130 0000000000000000
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
Object ffff8801d3701180: 00 de 72 d5 01 88 ff ff f0 f4 52 81 ff ff ff ff ..r.......R.....
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
Object ffff8801d3701160: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
-----------------------------------------------------------------------------
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
CPU: 1 PID: 6024 Comm: syz-executor1 Tainted: G B 4.4.104-ged884eb #2
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=52 cpu=0 pid=3
ffff8801d3701100: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
CPU: 1 PID: 6024 Comm: syz-executor1 Tainted: G B 4.4.104-ged884eb #2
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
Object ffff8801d3701150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
=============================================================================
Object ffff8801d3701170: 00 00 00 00 00 00 00 00 00 67 b4 b5 00 88 ff ff .........g......
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
CPU: 1 PID: 6024 Comm: syz-executor1 Tainted: G B 4.4.104-ged884eb #2
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
ffff8801d3701200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
Read of size 4 by task syz-executor1/6024
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
Object ffff8801d3701160: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
^
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
Read of size 4 by task syz-executor1/6024
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
INFO: Object 0xffff8801d3701130 @offset=4400 fp=0xdead4ead00000000
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
-----------------------------------------------------------------------------
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
-----------------------------------------------------------------------------
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
==================================================================
==================================================================
Read of size 4 by task syz-executor1/6024
Object ffff8801d3701160: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
-----------------------------------------------------------------------------
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
^
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
INFO: Object 0xffff8801d3701130 @offset=4400 fp=0xdead4ead00000000
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
ffff8801d3700010 ffff8801d3701130 ffff8800b43179e0 ffffffff814d3af4
ffff8800bbb98c00 ffffea00074dc000 ffff8801d3701130 0000000000000000
ffff8800bbb98c00 ffffea00074dc000 ffff8801d3701130 0000000000000000
Call Trace:
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
=============================================================================
Call Trace:
ffff8801d3701280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
Call Trace:
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
ffff8801d3701200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Memory state around the buggy address:
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
ffff8801d3700010 ffff8801d3701130 ffff8800b43179e0 ffffffff814d3af4
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=52 cpu=0 pid=3
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=52 cpu=0 pid=3
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
Object ffff8801d3701150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
ffff8800bbb98c00 ffffea00074dc000 ffff8801d3701130 0000000000000000
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
ffff8801d3700010 ffff8801d3701130 ffff8800b43179e0 ffffffff814d3af4
Object ffff8801d3701160: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
ffff8800bbb98c00 ffffea00074dc000 ffff8801d3701130 0000000000000000
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
INFO: Object 0xffff8801d3701130 @offset=4400 fp=0xdead4ead00000000
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
^
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=52 cpu=0 pid=3
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
Call Trace:
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
-----------------------------------------------------------------------------
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
Object ffff8801d3701160: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
Object ffff8801d3701150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
Call Trace:
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
Object ffff8801d3701180: 00 de 72 d5 01 88 ff ff f0 f4 52 81 ff ff ff ff ..r.......R.....
=============================================================================
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
>ffff8801d3701180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
Object ffff8801d3701180: 00 de 72 d5 01 88 ff ff f0 f4 52 81 ff ff ff ff ..r.......R.....
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
>ffff8801d3701180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Memory state around the buggy address:
Object ffff8801d3701170: 00 00 00 00 00 00 00 00 00 67 b4 b5 00 88 ff ff .........g......
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
CPU: 1 PID: 6024 Comm: syz-executor1 Tainted: G B 4.4.104-ged884eb #2
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
Memory state around the buggy address:
ffff8800bbb98c00 ffffea00074dc000 ffff8801d3701130 0000000000000000
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff8374b236>] entry_SYSCALL_64_fastpath+0x16/0x76
-----------------------------------------------------------------------------
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
ffff8801d3701280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
kthread+0x245/0x310 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/kthread.c:211
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
0000000000000000 3fe20028167234bc ffff8800b43179b0 ffffffff81cc9b0f
INFO: Slab 0xffffea00074dc000 objects=20 used=3 fp=0xffff8801d3701900 flags=0x8000000000004080
[<ffffffff82564f65>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
Object ffff8801d3701150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
Call Trace:
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
entry_SYSCALL_64_fastpath+0x16/0x76
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
-----------------------------------------------------------------------------
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
ffff8801d3701100: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d3701194
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d3701194
==================================================================
Read of size 4 by task syz-executor1/6024
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=52 cpu=0 pid=3
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff825669f7>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
Call Trace:
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff825649c0>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
INFO: Object 0xffff8801d3701130 @offset=4400 fp=0xdead4ead00000000
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
Object ffff8801d3701140: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
==================================================================
ffff8801d3701080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=1 cpu=1 pid=6024
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=1 cpu=1 pid=6024
ffff8801d3700010 ffff8801d3701130 ffff8800b43179e0 ffffffff814d3af4
Object ffff8801d3701150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Memory state around the buggy address:
run_ksoftirqd+0x20/0x60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:662
>ffff8801d3701180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
-----------------------------------------------------------------------------
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
-----------------------------------------------------------------------------
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Read of size 4 by task syz-executor1/6024
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
>ffff8801d3701180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
[<ffffffff8374afa6>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374afa6>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
Object ffff8801d3701150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................