nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
ffff8801d2548d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=10 cpu=0 pid=18486
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
[<ffffffff81cc9b0f>] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline]
[<ffffffff81cc9b0f>] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
=============================================================================
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
==================================================================
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
Object ffff8801d2548e60: 00 a7 01 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
entry_SYSCALL_64_fastpath+0x16/0x76
printk+0x9c/0xc3 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1922
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=37 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=37 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=37 cpu=0 pid=18507
Read of size 4 by task syz-executor6/18507
>ffff8801d2548e00: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
Bytes b4 ffff8801d2548e00: 01 00 00 00 c2 14 00 00 c7 a3 ff ff 00 00 00 00 ................
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=43 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=43 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=43 cpu=0 pid=18507
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=44 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=44 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=44 cpu=0 pid=18507
ffff8801d2548f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
==================================================================
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
ffff8801d2548e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
=============================================================================
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
-----------------------------------------------------------------------------
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
Memory state around the buggy address:
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
nfnetlink_rcv_msg+0x90c/0xaf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nfnetlink.c:215
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
nla_parse+0x1b7/0x230 /syzkaller/managers/android-44-kasan-gce/kernel/lib/nlattr.c:205
Object ffff8801d2548e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=81 cpu=0 pid=18486
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
-----------------------------------------------------------------------------
Object ffff8801d2548e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
==================================================================
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2548e74
Call Trace:
Object ffff8801d2548e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
ffff8801d2548f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Read of size 4 by task syz-executor6/18507
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
Object ffff8801d2548e40: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=108 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=108 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=108 cpu=0 pid=18507
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
=============================================================================
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
Bytes b4 ffff8801d2548e00: 01 00 00 00 c2 14 00 00 c7 a3 ff ff 00 00 00 00 ................
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
ctnetlink_get_conntrack+0x2cf/0x760 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1214
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=132 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=132 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=132 cpu=0 pid=18507
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
entry_SYSCALL_64_fastpath+0x16/0x76
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
>ffff8801d2548e00: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=141 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=141 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=141 cpu=0 pid=18507
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
nla_parse+0x1b7/0x230 /syzkaller/managers/android-44-kasan-gce/kernel/lib/nlattr.c:205
ctnetlink_get_conntrack+0x2cf/0x760 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1214
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=148 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=148 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=148 cpu=0 pid=18507
Bytes b4 ffff8801d2548e00: 01 00 00 00 c2 14 00 00 c7 a3 ff ff 00 00 00 00 ................
=============================================================================
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=151 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=151 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=151 cpu=0 pid=18507
ffff8801d2548010 ffff8801d2548e10 ffff8801c991f9e0 ffffffff814d3af4
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
Read of size 4 by task syz-executor6/18507
ffff8801d2548d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
ctnetlink_get_conntrack+0x2cf/0x760 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1214
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
nfnetlink_rcv_msg+0x90c/0xaf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nfnetlink.c:215
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
nfnetlink_rcv_msg+0x90c/0xaf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nfnetlink.c:215
ffff8801d2548e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
=============================================================================
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=170 cpu=0 pid=18486
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
Object ffff8801d2548e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
Memory state around the buggy address:
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
ffff8801d2548010 ffff8801d2548e10 ffff8801c991f9e0 ffffffff814d3af4
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
ffff8801d2548010 ffff8801d2548e10 ffff8801c991f9e0 ffffffff814d3af4
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=187 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=187 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=187 cpu=0 pid=18507
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
entry_SYSCALL_64_fastpath+0x16/0x76
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
=============================================================================
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=194 cpu=0 pid=18486
Object ffff8801d2548e60: 00 a7 01 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
Read of size 4 by task syz-executor6/18507
CPU: 0 PID: 18507 Comm: syz-executor6 Tainted: G B 4.4.105-g8a53962 #3
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=204 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=204 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=204 cpu=0 pid=18507
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
Read of size 4 by task syz-executor6/18507
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
vprintk_default+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1844
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
[<ffffffff8374aaf6>] entry_SYSCALL_64_fastpath+0x16/0x76
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2548e74
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
ffff8801d2548d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
-----------------------------------------------------------------------------
CPU: 0 PID: 18507 Comm: syz-executor6 Tainted: G B 4.4.105-g8a53962 #3
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
Read of size 4 by task syz-executor6/18507
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=228 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=228 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=228 cpu=0 pid=18507
Bytes b4 ffff8801d2548e00: 01 00 00 00 c2 14 00 00 c7 a3 ff ff 00 00 00 00 ................
Read of size 4 by task syz-executor6/18507
vprintk+0x1a/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1843
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
ffff8801d2548f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=237 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=237 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=237 cpu=0 pid=18507
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
-----------------------------------------------------------------------------
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
Object ffff8801d2548e40: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
nla_parse+0x1b7/0x230 /syzkaller/managers/android-44-kasan-gce/kernel/lib/nlattr.c:205
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
^
Object ffff8801d2548e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
entry_SYSCALL_64_fastpath+0x16/0x76
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
Bytes b4 ffff8801d2548e00: 01 00 00 00 c2 14 00 00 c7 a3 ff ff 00 00 00 00 ................
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
Object ffff8801d2548e60: 00 a7 01 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
==================================================================
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=272 cpu=0 pid=18486
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
CPU: 0 PID: 18507 Comm: syz-executor6 Tainted: G B 4.4.105-g8a53962 #3
Object ffff8801d2548e40: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
nfnetlink_rcv_msg+0x90c/0xaf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nfnetlink.c:215
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
Object ffff8801d2548e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
nfnetlink_rcv_msg+0x90c/0xaf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nfnetlink.c:215
ffff8801d2548d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ctnetlink_get_conntrack+0x2cf/0x760 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1214
CPU: 0 PID: 18507 Comm: syz-executor6 Tainted: G B 4.4.105-g8a53962 #3
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
Bytes b4 ffff8801d2548e00: 01 00 00 00 c2 14 00 00 c7 a3 ff ff 00 00 00 00 ................
>ffff8801d2548e00: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=295 cpu=0 pid=18486
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
printk+0x9c/0xc3 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1922
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
[<ffffffff8374aaf6>] entry_SYSCALL_64_fastpath+0x16/0x76
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
Object ffff8801d2548e60: 00 a7 01 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
vprintk+0x1a/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1843
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
ctnetlink_get_conntrack+0x2cf/0x760 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1214
CPU: 0 PID: 18507 Comm: syz-executor6 Tainted: G B 4.4.105-g8a53962 #3
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
ffff8801d2548d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
Read of size 4 by task syz-executor6/18507
Object ffff8801d2548e60: 00 a7 01 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
entry_SYSCALL_64_fastpath+0x16/0x76
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
-----------------------------------------------------------------------------
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
entry_SYSCALL_64_fastpath+0x16/0x76
vprintk+0x1a/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1843
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
==================================================================
Object ffff8801d2548e40: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=343 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=343 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=343 cpu=0 pid=18507
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
nfnetlink_rcv_msg+0x90c/0xaf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nfnetlink.c:215
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=349 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=349 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=349 cpu=0 pid=18507
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
=============================================================================
printk+0x9c/0xc3 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1922
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=367 cpu=0 pid=18486
Call Trace:
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
ffff8801d2548d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=374 cpu=0 pid=18486
nfnetlink_rcv_msg+0x90c/0xaf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nfnetlink.c:215
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
ffff8801d2548d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
Memory state around the buggy address:
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff8374aaf6>] entry_SYSCALL_64_fastpath+0x16/0x76
Bytes b4 ffff8801d2548e00: 01 00 00 00 c2 14 00 00 c7 a3 ff ff 00 00 00 00 ................
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=394 cpu=0 pid=18486
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
ffff8801d2548f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
-----------------------------------------------------------------------------
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
=============================================================================
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
nla_parse+0x1b7/0x230 /syzkaller/managers/android-44-kasan-gce/kernel/lib/nlattr.c:205
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=419 cpu=0 pid=18486
CPU: 0 PID: 18507 Comm: syz-executor6 Tainted: G B 4.4.105-g8a53962 #3
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
==================================================================
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
=============================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2548e74
printk+0x9c/0xc3 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1922
-----------------------------------------------------------------------------
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
Read of size 4 by task syz-executor6/18507
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
[<ffffffff8374aaf6>] entry_SYSCALL_64_fastpath+0x16/0x76
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=444 cpu=0 pid=18486
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
ctnetlink_get_conntrack+0x2cf/0x760 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1214
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
>ffff8801d2548e00: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=455 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=455 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=455 cpu=0 pid=18507
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
[<ffffffff8374aaf6>] entry_SYSCALL_64_fastpath+0x16/0x76
vprintk+0x1a/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1843
CPU: 0 PID: 18507 Comm: syz-executor6 Tainted: G B 4.4.105-g8a53962 #3
ctnetlink_get_conntrack+0x2cf/0x760 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1214
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
>ffff8801d2548e00: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
Object ffff8801d2548e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Bytes b4 ffff8801d2548e00: 01 00 00 00 c2 14 00 00 c7 a3 ff ff 00 00 00 00 ................
Read of size 4 by task syz-executor6/18507
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
ffff8801d2548010 ffff8801d2548e10 ffff8801c991f9e0 ffffffff814d3af4
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=478 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=478 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=478 cpu=0 pid=18507
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
-----------------------------------------------------------------------------
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
vprintk+0x1a/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1843
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
=============================================================================
nfnetlink_rcv_msg+0x90c/0xaf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nfnetlink.c:215
==================================================================
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=498 cpu=0 pid=18486
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
-----------------------------------------------------------------------------
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
CPU: 0 PID: 18507 Comm: syz-executor6 Tainted: G B 4.4.105-g8a53962 #3
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
vprintk+0x1a/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1843
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
ctnetlink_get_conntrack+0x2cf/0x760 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1214
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
vprintk_default+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1844
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
Object ffff8801d2548e40: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
nla_parse+0x1b7/0x230 /syzkaller/managers/android-44-kasan-gce/kernel/lib/nlattr.c:205
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
>ffff8801d2548e00: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
Read of size 4 by task syz-executor6/18507
Bytes b4 ffff8801d2548e00: 01 00 00 00 c2 14 00 00 c7 a3 ff ff 00 00 00 00 ................
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=549 cpu=0 pid=18486
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
>ffff8801d2548e00: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
Read of size 4 by task syz-executor6/18507
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=562 cpu=0 pid=18486
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
ffff8801d2548f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
printk+0x9c/0xc3 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1922
entry_SYSCALL_64_fastpath+0x16/0x76
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
printk+0x9c/0xc3 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1922
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
entry_SYSCALL_64_fastpath+0x16/0x76
Object ffff8801d2548e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
-----------------------------------------------------------------------------
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
Memory state around the buggy address:
==================================================================
Bytes b4 ffff8801d2548e00: 01 00 00 00 c2 14 00 00 c7 a3 ff ff 00 00 00 00 ................
ffff8801d2548e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
-----------------------------------------------------------------------------
ffff8801d2548010 ffff8801d2548e10 ffff8801c991f9e0 ffffffff814d3af4
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
ffff8801d2548010 ffff8801d2548e10 ffff8801c991f9e0 ffffffff814d3af4
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
ffff8801d2548d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
Memory state around the buggy address:
==================================================================
ctnetlink_get_conntrack+0x2cf/0x760 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1214
Object ffff8801d2548e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
ffff8801d2548d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
nla_parse+0x1b7/0x230 /syzkaller/managers/android-44-kasan-gce/kernel/lib/nlattr.c:205
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2548e74
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
[<ffffffff814db549>] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline]
[<ffffffff814db549>] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282
>ffff8801d2548e00: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
entry_SYSCALL_64_fastpath+0x16/0x76
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
^
Object ffff8801d2548e40: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
nfnetlink_rcv_msg+0x90c/0xaf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nfnetlink.c:215
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
ctnetlink_get_conntrack+0x2cf/0x760 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1214
ffff8801d94bcc00 ffffea0007495200 ffff8801d2548e10 0000000000000000
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=637 cpu=0 pid=18486
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
nla_parse+0x1b7/0x230 /syzkaller/managers/android-44-kasan-gce/kernel/lib/nlattr.c:205
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
Read of size 4 by task syz-executor6/18507
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=645 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=645 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=645 cpu=0 pid=18507
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
Read of size 4 by task syz-executor6/18507
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2548e74
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
Read of size 4 by task syz-executor6/18507
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
nfnetlink_rcv_msg+0x90c/0xaf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nfnetlink.c:215
Read of size 4 by task syz-executor6/18507
Read of size 4 by task syz-executor6/18507
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
ctnetlink_get_conntrack+0x2cf/0x760 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1214
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=673 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=673 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=673 cpu=0 pid=18507
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
ffff8801d94bcc00 ffffea0007495200 ffff8801d2548e10 0000000000000000
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
=============================================================================
nfnetlink_rcv_msg+0x90c/0xaf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nfnetlink.c:215
==================================================================
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
Object ffff8801d2548e40: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2548e74
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
printk+0x9c/0xc3 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1922
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8801d2548e40: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=703 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=703 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=703 cpu=0 pid=18507
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Object ffff8801d2548e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
ffff8801d2548f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
>ffff8801d2548e00: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2548e74
entry_SYSCALL_64_fastpath+0x16/0x76
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=721 cpu=0 pid=18486
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
Read of size 4 by task syz-executor6/18507
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
ctnetlink_get_conntrack+0x2cf/0x760 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1214
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Object ffff8801d2548e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object ffff8801d2548e40: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
nla_parse+0x1b7/0x230 /syzkaller/managers/android-44-kasan-gce/kernel/lib/nlattr.c:205
Object ffff8801d2548e40: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
Bytes b4 ffff8801d2548e00: 01 00 00 00 c2 14 00 00 c7 a3 ff ff 00 00 00 00 ................
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=743 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=743 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=743 cpu=0 pid=18507
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
Bytes b4 ffff8801d2548e00: 01 00 00 00 c2 14 00 00 c7 a3 ff ff 00 00 00 00 ................
=============================================================================
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
__slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
=============================================================================
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
^
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2548e74
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
Read of size 4 by task syz-executor6/18507
ffff8801d2548f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
ffff8801d2548f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Object ffff8801d2548e60: 00 a7 01 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
ffff8801d94bcc00 ffffea0007495200 ffff8801d2548e10 0000000000000000
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
nfnetlink_rcv_msg+0x90c/0xaf0 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nfnetlink.c:215
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=785 cpu=0 pid=18486
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=786 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=786 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=786 cpu=0 pid=18507
ctnetlink_get_conntrack+0x2cf/0x760 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1214
Object ffff8801d2548e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
==================================================================
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
Read of size 4 by task syz-executor6/18507
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
CPU: 0 PID: 18507 Comm: syz-executor6 Tainted: G B 4.4.105-g8a53962 #3
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
nla_parse_nested /syzkaller/managers/android-44-kasan-gce/kernel/include/net/netlink.h:737 [inline]
ctnetlink_parse_tuple+0x106/0x750 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1011
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
vprintk+0x1a/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1843
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
Bytes b4 ffff8801d2548e00: 01 00 00 00 c2 14 00 00 c7 a3 ff ff 00 00 00 00 ................
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
=============================================================================
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=819 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=819 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=819 cpu=0 pid=18507
vprintk+0x1a/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1843
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
Object ffff8801d2548e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
=============================================================================
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
nla_parse+0x1b7/0x230 /syzkaller/managers/android-44-kasan-gce/kernel/lib/nlattr.c:205
Bytes b4 ffff8801d2548e00: 01 00 00 00 c2 14 00 00 c7 a3 ff ff 00 00 00 00 ................
==================================================================
Object ffff8801d2548e40: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
nla_parse+0x1b7/0x230 /syzkaller/managers/android-44-kasan-gce/kernel/lib/nlattr.c:205
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
Object ffff8801d2548e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
Read of size 4 by task syz-executor6/18507
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
Object ffff8801d2548e40: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
-----------------------------------------------------------------------------
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
CPU: 0 PID: 18507 Comm: syz-executor6 Tainted: G B 4.4.105-g8a53962 #3
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=861 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=861 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=861 cpu=0 pid=18507
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2548e74
[<ffffffff82566a47>] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538
Object ffff8801d2548e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=873 cpu=0 pid=18486
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[<ffffffff814f6d4a>] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432
ffff8801d2548d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=879 cpu=0 pid=18486
[<ffffffff814db1b7>] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline]
[<ffffffff814db1b7>] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline]
[<ffffffff814db1b7>] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262
sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
=============================================================================
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=888 cpu=0 pid=18486
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
>ffff8801d2548e00: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562
Read of size 4 by task syz-executor6/18507
Memory state around the buggy address:
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=892 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=892 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=892 cpu=0 pid=18507
ctnetlink_get_conntrack+0x2cf/0x760 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1214
ffff8801d94bcc00 ffffea0007495200 ffff8801d2548e10 0000000000000000
[<ffffffff8374a876>] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff8374a876>] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303
Read of size 4 by task syz-executor6/18507
Object ffff8801d2548e60: 00 a7 01 d6 01 88 ff ff f0 f4 52 81 ff ff ff ff ..........R.....
printk+0x9c/0xc3 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1922
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
Object ffff8801d2548e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=906 cpu=0 pid=18507
INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=906 cpu=0 pid=18507
INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=906 cpu=0 pid=18507
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2548e74
Object ffff8801d2548e40: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
vprintk_default+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1844
[<ffffffff82564a10>] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132
>ffff8801d2548e00: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
vprintk_default+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1844
[<ffffffff814d3af4>] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
printk+0x9c/0xc3 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1922
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
Read of size 4 by task syz-executor6/18507
[<ffffffff814d945f>] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689
CPU: 0 PID: 18507 Comm: syz-executor6 Tainted: G B 4.4.105-g8a53962 #3
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
vprintk_emit+0x47c/0x6f0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/printk/printk.c:1832
[<ffffffff8123b9c6>] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline]
[<ffffffff8123b9c6>] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff8123b9c6>] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline]
[<ffffffff8123b9c6>] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
Read of size 4 by task syz-executor6/18507
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
ctnetlink_get_conntrack+0x2cf/0x760 /syzkaller/managers/android-44-kasan-gce/kernel/net/netfilter/nf_conntrack_netlink.c:1214
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
Read of size 4 by task syz-executor6/18507
[<ffffffff8374aaf6>] entry_SYSCALL_64_fastpath+0x16/0x76
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
Read of size 4 by task syz-executor6/18507
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
[<ffffffff8123648d>] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline]
[<ffffffff8123648d>] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline]
[<ffffffff8123648d>] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff8123648d>] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2548e74
Call Trace:
[<ffffffff8123ab47>] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline]
[<ffffffff8123ab47>] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279
__rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline]
rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline]
invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline]
__rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline]
rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957
ffff8801d2548f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
[<ffffffff814fb353>] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline]
[<ffffffff814fb353>] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562
Bytes b4 ffff8801d2548e00: 01 00 00 00 c2 14 00 00 c7 a3 ff ff 00 00 00 00 ................
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
Read of size 4 by task syz-executor6/18507
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
Object ffff8801d2548e40: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
Object ffff8801d2548e10: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline]
do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline]
SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline]
SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=965 cpu=0 pid=18486
0000000000000000 b9b1865c1360443a ffff8801c991f9b0 ffffffff81cc9b0f
INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=971 cpu=0 pid=18486
[<ffffffff82564fb5>] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848
Object ffff8801d2548e50: 00 00 00 00 00 00 00 00 00 2a 86 d2 01 88 ff ff .........*......
apic_timer_interrupt+0x8c/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/entry/entry_64.S:689
INFO: Slab 0xffffea0007495200 objects=20 used=1 fp=0xffff8801d2549db0 flags=0x8000000000004080
BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2548e74
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2548e74
ffff8801d2548010 ffff8801d2548e10 ffff8801c991f9e0 ffffffff814d3af4
ffff8801d2548e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline]
irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391
INFO: Object 0xffff8801d2548e10 @offset=3600 fp=0xdead4ead00000000
Memory state around the buggy address:
Bytes b4 ffff8801d2548e00: 01 00 00 00 c2 14 00 00 c7 a3 ff ff 00 00 00 00 ................
CPU: 0 PID: 18507 Comm: syz-executor6 Tainted: G B 4.4.105-g8a53962 #3
slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline]
slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline]
kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614
__slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685
fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline]
fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline]
fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690
>ffff8801d2548e00: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
^
exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline]
smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926
ffff8801d2548f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline]
kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849
Object ffff8801d2548e20: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p.....
BUG fasync_cache (Tainted: G B ): kasan: bad access detected
>ffff8801d2548e00: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[<ffffffff814f89e1>] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454
__do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273
Object ffff8801d2548e40: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F......
Read of size 4 by task syz-executor6/18507