KASAN: slab-out-of-bounds in sg_remove

KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (9)
Status: closed as invalid on 2017/10/30 13:35
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 1372d, last: 1370d

similar bugs (11):
Kernel	Title	Count	Last	Reported	Patched	Status
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (10)	1	1366d	1366d	0/3	closed as invalid on 2017/11/03 07:08
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (4)	1	1377d	1377d	0/3	closed as invalid on 2017/10/22 18:19
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (11)	2	1364d	1365d	0/3	closed as invalid on 2017/11/05 07:52
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (7)	1	1375d	1375d	0/3	closed as invalid on 2017/10/25 06:19
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (12)	1	1348d	1348d	0/3	closed as invalid on 2017/11/21 08:19
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (3)	2	1378d	1380d	0/3	closed as invalid on 2017/10/22 12:19
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (6)	1	1375d	1375d	0/3	closed as invalid on 2017/10/24 19:19
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (8)	1	1374d	1374d	0/3	closed as invalid on 2017/10/26 15:19
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR	19	1382d	1401d	0/3	closed as invalid on 2017/10/18 09:51
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (2)	1	1380d	1380d	0/3	closed as invalid on 2017/10/19 10:51
android-49	KASAN: slab-out-of-bounds in sg_remove_request at addr ADDR (5)	1	1376d	1376d	0/3	closed as invalid on 2017/10/24 05:19

Sample crash report:

nla_parse: 7 callbacks suppressed
netlink: 2 bytes leftover after parsing attributes in process `syz-executor3'.
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801a63870c0
BUG: KASAN: slab-out-of-bounds in list_empty include/linux/list.h:189 [inline] at addr ffff8801a63870c0
BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 drivers/scsi/sg.c:2120 at addr ffff8801a63870c0

Crashes (4):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report
ci-android-49-kasan-gce	2017/10/29 18:42	https://android.googlesource.com/kernel/common android-4.9	3861f0b0f12a	80c74880	.config	log	report
ci-android-49-kasan-gce	2017/10/28 15:17	https://android.googlesource.com/kernel/common android-4.9	3861f0b0f12a	80c74880	.config	log	report
ci-android-49-kasan-gce	2017/10/27 05:07	https://android.googlesource.com/kernel/common android-4.9	28b159744f76	4a7de22d	.config	log	report
ci-android-49-kasan-gce	2017/10/27 02:48	https://android.googlesource.com/kernel/common android-4.9	28b159744f76	4a7de22d	.config	log	report