syzbot |
sign-in | mailing list | source | docs |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| android-44 | KASAN: slab-out-of-bounds Read in native_queued_spin_lock_slowpath | 1 | 2536d | 2536d | 0/2 | closed as invalid on 2017/12/12 13:35 | |||
| android-44 | KASAN: slab-out-of-bounds Read in native_queued_spin_lock_slowpath (2) | 4 | 2535d | 2536d | 0/2 | auto-closed as invalid on 2019/02/22 15:29 |
ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801cb972064 BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801cb972064 BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801cb972064 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801cb972064 ffffffff8153a45c ffffed003972e40c ffff8801d77ff640 0000000000000000 ^ set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 [<ffffffff8153a45c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff82660475>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 ffff8801cb972060 ffffed003972e40c ffff8801cb972064 ffff8801c0e7f978 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ================================================================== [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 ffffffff8153a45c ffffed003972e40c ffff8801d77ff640 0000000000000000 fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 Read of size 4 by task syz-executor7/3662 BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801cb972064 BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801cb972064 BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801cb972064 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801cb972064 PID = 3662 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ffffffff8153a45c ffffed003972e40c ffff8801d77ff640 0000000000000000 (stack is not available) ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== C_SYSC_fcntl64 fs/compat.c:469 [inline] compat_SyS_fcntl64+0xce/0x4f0 fs/compat.c:403 Read of size 4 by task syz-executor7/3662 ^ save_stack+0x43/0xd0 mm/kasan/kasan.c:495 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 ================================================================== [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 PID = 3662 Memory state around the buggy address: [<ffffffff8153a45c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 Object at ffff8801cb972000, in cache fasync_cache size: 96 ================================================================== do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff82660475>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 PID = 3662 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 ^ [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ^ entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 [<ffffffff8156fdd9>] SYSC_read fs/read_write.c:591 [inline] [<ffffffff8156fdd9>] SyS_read+0xd9/0x1b0 fs/read_write.c:584 [<ffffffff8156fdd9>] SYSC_read fs/read_write.c:591 [inline] [<ffffffff8156fdd9>] SyS_read+0xd9/0x1b0 fs/read_write.c:584 Allocated: sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 [<ffffffff8153a45c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 ffffffff8153a45c ffffed003972e40c ffff8801d77ff640 0000000000000000 ffff8801cb972080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc PID = 0 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff82660475>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 CPU: 1 PID: 3662 Comm: syz-executor7 Tainted: G B 4.9.70-g9542d2a #5 [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 Memory state around the buggy address: Read of size 4 by task syz-executor7/3662 ^ ffff8801cb972060 ffffed003972e40c ffff8801cb972064 ffff8801c0e7f978 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801cb972060 ffffed003972e40c ffff8801cb972064 ffff8801c0e7f978 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc ================================================================== [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 Memory state around the buggy address: [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 Allocated: sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203 [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 ffffffff8153a45c ffffed003972e40c ffff8801d77ff640 0000000000000000 PID = 3662 sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc save_stack+0x43/0xd0 mm/kasan/kasan.c:495 ^ ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801c0e7f950 ffffffff81d90a29 ffff8801d77ff640 ffff8801cb972000 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 Freed: Memory state around the buggy address: [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 ^ [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 ================================================================== [<ffffffff81241ab1>] __read_once_size include/linux/compiler.h:243 [inline] [<ffffffff81241ab1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [<ffffffff81241ab1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [<ffffffff81241ab1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 ^ [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 [<ffffffff8153a45c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ^ Object at ffff8801cb972000, in cache fasync_cache size: 96 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 PID = 0 [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 [<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [<ffffffff8156fdd9>] SYSC_read fs/read_write.c:591 [inline] [<ffffffff8156fdd9>] SyS_read+0xd9/0x1b0 fs/read_write.c:584 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 (stack is not available) [<ffffffff82660475>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 ================================================================== [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51 Memory state around the buggy address: Read of size 4 by task syz-executor7/3662 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff8153a45c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 C_SYSC_fcntl64 fs/compat.c:469 [inline] compat_SyS_fcntl64+0xce/0x4f0 fs/compat.c:403 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203 [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 ffff8801cb972100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [<ffffffff81241ab1>] __read_once_size include/linux/compiler.h:243 [inline] [<ffffffff81241ab1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [<ffffffff81241ab1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [<ffffffff81241ab1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 ================================================================== [<ffffffff82660475>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 Memory state around the buggy address: [<ffffffff8153a45c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 PID = 0 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ffff8801cb972080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c0e7f950 ffffffff81d90a29 ffff8801d77ff640 ffff8801cb972000 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 ================================================================== Object at ffff8801cb972000, in cache fasync_cache size: 96 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff8153a45c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 PID = 0 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 Call Trace: ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 Allocated: ffff8801cb972060 ffffed003972e40c ffff8801cb972064 ffff8801c0e7f978 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc ^ do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 [<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51 ffff8801cb972100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8801cb972100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff8801cb972060 ffffed003972e40c ffff8801cb972064 ffff8801c0e7f978 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 Read of size 4 by task syz-executor7/3662 ================================================================== [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ffff8801cb972100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 ================================================================== [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 Call Trace: Memory state around the buggy address: Call Trace: ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 Call Trace: Object at ffff8801cb972000, in cache fasync_cache size: 96 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801cb972080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 ffff8801c0e7f950 ffffffff81d90a29 ffff8801d77ff640 ffff8801cb972000 ffff8801cb972080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [<ffffffff82660475>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838 fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 Object at ffff8801cb972000, in cache fasync_cache size: 96 CPU: 1 PID: 3662 Comm: syz-executor7 Tainted: G B 4.9.70-g9542d2a #5 Object at ffff8801cb972000, in cache fasync_cache size: 96 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 Call Trace: [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 ^ [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 Memory state around the buggy address: BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801cb972064 BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801cb972064 BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801cb972064 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801cb972064 [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 ffff8801cb972080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc (stack is not available) C_SYSC_fcntl64 fs/compat.c:469 [inline] compat_SyS_fcntl64+0xce/0x4f0 fs/compat.c:403 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 Object at ffff8801cb972000, in cache fasync_cache size: 96 ffff8801cb972060 ffffed003972e40c ffff8801cb972064 ffff8801c0e7f978 Freed: ^ ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== Object at ffff8801cb972000, in cache fasync_cache size: 96 [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 [<ffffffff8153a45c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 Memory state around the buggy address: [<ffffffff8153a45c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 ================================================================== [<ffffffff8153a45c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 Freed: ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff82660475>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 ffff8801cb972060 ffffed003972e40c ffff8801cb972064 ffff8801c0e7f978 ^ [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c0e7f950 ffffffff81d90a29 ffff8801d77ff640 ffff8801cb972000 fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 [<ffffffff81241ab1>] __read_once_size include/linux/compiler.h:243 [inline] [<ffffffff81241ab1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [<ffffffff81241ab1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [<ffffffff81241ab1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 [<ffffffff8156fdd9>] SYSC_read fs/read_write.c:591 [inline] [<ffffffff8156fdd9>] SyS_read+0xd9/0x1b0 fs/read_write.c:584 ^ save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 [<ffffffff82660475>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Allocated: [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 Freed: do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 Read of size 4 by task syz-executor7/3662 [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 Read of size 4 by task syz-executor7/3662 Read of size 4 by task syz-executor7/3662 Freed: >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 C_SYSC_fcntl64 fs/compat.c:469 [inline] compat_SyS_fcntl64+0xce/0x4f0 fs/compat.c:403 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [<ffffffff8156fdd9>] SYSC_read fs/read_write.c:591 [inline] [<ffffffff8156fdd9>] SyS_read+0xd9/0x1b0 fs/read_write.c:584 fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 [<ffffffff81241ab1>] __read_once_size include/linux/compiler.h:243 [inline] [<ffffffff81241ab1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [<ffffffff81241ab1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [<ffffffff81241ab1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 Read of size 4 by task syz-executor7/3662 ffff8801cb972080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801cb972064 BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801cb972064 BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801cb972064 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801cb972064 [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 ^ [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 [<ffffffff82660475>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 Read of size 4 by task syz-executor7/3662 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 Call Trace: fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 ffff8801cb972060 ffffed003972e40c ffff8801cb972064 ffff8801c0e7f978 Freed: ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 ================================================================== [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 CPU: 1 PID: 3662 Comm: syz-executor7 Tainted: G B 4.9.70-g9542d2a #5 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Allocated: C_SYSC_fcntl64 fs/compat.c:469 [inline] compat_SyS_fcntl64+0xce/0x4f0 fs/compat.c:403 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 ================================================================== [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 PID = 3662 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 ================================================================== ^ C_SYSC_fcntl64 fs/compat.c:469 [inline] compat_SyS_fcntl64+0xce/0x4f0 fs/compat.c:403 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 Object at ffff8801cb972000, in cache fasync_cache size: 96 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81241ab1>] __read_once_size include/linux/compiler.h:243 [inline] [<ffffffff81241ab1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [<ffffffff81241ab1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [<ffffffff81241ab1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 ffff8801cb972060 ffffed003972e40c ffff8801cb972064 ffff8801c0e7f978 [<ffffffff81241ab1>] __read_once_size include/linux/compiler.h:243 [inline] [<ffffffff81241ab1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [<ffffffff81241ab1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [<ffffffff81241ab1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 Freed: ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 PID = 0 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203 Object at ffff8801cb972000, in cache fasync_cache size: 96 ================================================================== [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 ffff8801cb972100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc CPU: 1 PID: 3662 Comm: syz-executor7 Tainted: G B 4.9.70-g9542d2a #5 ffffffff8153a45c ffffed003972e40c ffff8801d77ff640 0000000000000000 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff82660475>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 [<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51 ffffffff8153a45c ffffed003972e40c ffff8801d77ff640 0000000000000000 C_SYSC_fcntl64 fs/compat.c:469 [inline] compat_SyS_fcntl64+0xce/0x4f0 fs/compat.c:403 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 ffff8801c0e7f950 ffffffff81d90a29 ffff8801d77ff640 ffff8801cb972000 PID = 0 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 ^ slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 PID = 3662 C_SYSC_fcntl64 fs/compat.c:469 [inline] compat_SyS_fcntl64+0xce/0x4f0 fs/compat.c:403 ffff8801cb972100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc CPU: 1 PID: 3662 Comm: syz-executor7 Tainted: G B 4.9.70-g9542d2a #5 ffff8801c0e7f950 ffffffff81d90a29 ffff8801d77ff640 ffff8801cb972000 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 ffff8801cb972080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 Allocated: slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 (stack is not available) [<ffffffff82660475>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 Freed: ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 ffffffff8153a45c ffffed003972e40c ffff8801d77ff640 0000000000000000 [<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 Object at ffff8801cb972000, in cache fasync_cache size: 96 PID = 0 [<ffffffff8156fdd9>] SYSC_read fs/read_write.c:591 [inline] [<ffffffff8156fdd9>] SyS_read+0xd9/0x1b0 fs/read_write.c:584 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 Object at ffff8801cb972000, in cache fasync_cache size: 96 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [<ffffffff82660475>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 CPU: 1 PID: 3662 Comm: syz-executor7 Tainted: G B 4.9.70-g9542d2a #5 ffffffff8153a45c ffffed003972e40c ffff8801d77ff640 0000000000000000 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 ffff8801c0e7f950 ffffffff81d90a29 ffff8801d77ff640 ffff8801cb972000 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 [<ffffffff8153a45c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 Memory state around the buggy address: Read of size 4 by task syz-executor7/3662 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc Call Trace: [<ffffffff8156fdd9>] SYSC_read fs/read_write.c:591 [inline] [<ffffffff8156fdd9>] SyS_read+0xd9/0x1b0 fs/read_write.c:584 [<ffffffff8156fdd9>] SYSC_read fs/read_write.c:591 [inline] [<ffffffff8156fdd9>] SyS_read+0xd9/0x1b0 fs/read_write.c:584 ================================================================== ffffffff8153a45c ffffed003972e40c ffff8801d77ff640 0000000000000000 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 ffff8801cb972080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 ffff8801cb972060 ffffed003972e40c ffff8801cb972064 ffff8801c0e7f978 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Freed: >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 ffffffff8153a45c ffffed003972e40c ffff8801d77ff640 0000000000000000 ^ ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Memory state around the buggy address: ffff8801cb972100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Freed: >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81241ab1>] __read_once_size include/linux/compiler.h:243 [inline] [<ffffffff81241ab1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [<ffffffff81241ab1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [<ffffffff81241ab1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 ffff8801c0e7f950 ffffffff81d90a29 ffff8801d77ff640 ffff8801cb972000 ^ slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 ffff8801cb972080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Memory state around the buggy address: >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ================================================================== [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 ^ [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 Freed: >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc PID = 3662 Freed: ^ [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ffff8801cb972080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 ffff8801cb972100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [<ffffffff82660475>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 [<ffffffff8153a45c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 PID = 3662 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 ================================================================== >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc ffff8801cb972080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [<ffffffff82660475>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838 C_SYSC_fcntl64 fs/compat.c:469 [inline] compat_SyS_fcntl64+0xce/0x4f0 fs/compat.c:403 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 ffff8801cb972060 ffffed003972e40c ffff8801cb972064 ffff8801c0e7f978 ^ entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ^ save_stack+0x43/0xd0 mm/kasan/kasan.c:495 [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 Memory state around the buggy address: [<ffffffff8153a71c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153a71c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 Freed: ffff8801cb972080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 ^ fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 ffff8801cb972060 ffffed003972e40c ffff8801cb972064 ffff8801c0e7f978 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 ================================================================== entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc Allocated: slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 [<ffffffff81241ab1>] __read_once_size include/linux/compiler.h:243 [inline] [<ffffffff81241ab1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [<ffffffff81241ab1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [<ffffffff81241ab1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 CPU: 1 PID: 3662 Comm: syz-executor7 Tainted: G B 4.9.70-g9542d2a #5 [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc save_stack+0x43/0xd0 mm/kasan/kasan.c:495 PID = 3662 Freed: >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ffff8801cb972060 ffffed003972e40c ffff8801cb972064 ffff8801c0e7f978 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203 fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 Allocated: sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 ffffffff8153a45c ffffed003972e40c ffff8801d77ff640 0000000000000000 ^ [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 Allocated: ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 Read of size 4 by task syz-executor7/3662 ffffffff8153a45c ffffed003972e40c ffff8801d77ff640 0000000000000000 ================================================================== [<ffffffff826622ac>] sg_read+0xa1c/0x1440 drivers/scsi/sg.c:527 [<ffffffff8156fdd9>] SYSC_read fs/read_write.c:591 [inline] [<ffffffff8156fdd9>] SyS_read+0xd9/0x1b0 fs/read_write.c:584 [<ffffffff8156c0ae>] vfs_read+0x11e/0x380 fs/read_write.c:475 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 [<ffffffff81241ab1>] __read_once_size include/linux/compiler.h:243 [inline] [<ffffffff81241ab1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [<ffffffff81241ab1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [<ffffffff81241ab1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 ffff8801cb972060 ffffed003972e40c ffff8801cb972064 ffff8801c0e7f978 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 [<ffffffff8153a45c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 Allocated: slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 ffff8801cb972060 ffffed003972e40c ffff8801cb972064 ffff8801c0e7f978 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== ^ Allocated: set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 [<ffffffff8156fdd9>] SYSC_read fs/read_write.c:591 [inline] [<ffffffff8156fdd9>] SyS_read+0xd9/0x1b0 fs/read_write.c:584 ================================================================== >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 ================================================================== ffff8801cb971f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff81247846>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline] [<ffffffff81247846>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [<ffffffff81247846>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline] [<ffffffff81247846>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 ^ set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 Allocated: sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203 [<ffffffff81241ab1>] __read_once_size include/linux/compiler.h:243 [inline] [<ffffffff81241ab1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [<ffffffff81241ab1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [<ffffffff81241ab1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 ffffffff8153a45c ffffed003972e40c ffff8801d77ff640 0000000000000000 ffff8801cb971f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [<ffffffff8156fdd9>] SYSC_read fs/read_write.c:591 [inline] [<ffffffff8156fdd9>] SyS_read+0xd9/0x1b0 fs/read_write.c:584 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 Allocated: kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff81568313>] __vfs_read+0x103/0x670 fs/read_write.c:452 [<ffffffff8153aa89>] kasan_report mm/kasan/report.c:329 [inline] [<ffffffff8153aa89>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 ================================================================== do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384 [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203 >ffff8801cb972000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [<ffffffff8265fe60>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 [<ffffffff8156fdd9>] SYSC_read fs/read_write.c:591 [inline] [<ffffffff8156fdd9>] SyS_read+0xd9/0x1b0 fs/read_write.c:584 [<ffffffff838aa346>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [<ffffffff838aa346>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303 sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203 [<ffffffff81241ab1>] __read_once_size include/linux/compiler.h:243 [inline] [<ffffffff81241ab1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline] [<ffffffff81241ab1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [<ffffffff81241ab1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 ffffffff8153a45c ffffed003972e40c ffff8801d77ff640 0000000000000000 ^ [<ffffffff838aba61>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124 PID = 3662 Freed: CPU: 1 PID: 3662 Comm: syz-executor7 Tainted: G B 4.9.70-g9542d2a #5 [<ffffffff81246787>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline] [<ffffffff81246787>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2017/12/19 13:11 | https://android.googlesource.com/kernel/common android-4.9 | 9542d2a0126e | af9163c7 | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
| 2017/12/19 05:41 | https://android.googlesource.com/kernel/common android-4.9 | 9542d2a0126e | 1c4160ef | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/18 17:06 | https://android.googlesource.com/kernel/common android-4.9 | 9542d2a0126e | 1c4160ef | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
| 2017/12/18 14:29 | https://android.googlesource.com/kernel/common android-4.9 | 9542d2a0126e | 1c4160ef | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
| 2017/12/18 10:33 | https://android.googlesource.com/kernel/common android-4.9 | 9542d2a0126e | d5beb42a | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
| 2017/12/14 09:33 | https://android.googlesource.com/kernel/common android-4.9 | fb66dc2a6e5e | ac20b98c | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
| 2017/12/14 03:59 | https://android.googlesource.com/kernel/common android-4.9 | fb66dc2a6e5e | 06ea774d | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/13 19:04 | https://android.googlesource.com/kernel/common android-4.9 | fb66dc2a6e5e | 06ea774d | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
| 2017/12/13 02:46 | https://android.googlesource.com/kernel/common android-4.9 | fb66dc2a6e5e | ce7f2399 | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
| 2017/12/12 03:03 | https://android.googlesource.com/kernel/common android-4.9 | fb66dc2a6e5e | da131727 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/11 13:57 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 27f5dfef | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
| 2017/12/11 12:22 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/11 09:22 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/11 05:19 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/10 06:33 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/09 23:02 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/09 16:16 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/09 07:28 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/08 23:56 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
| 2017/12/08 22:48 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/08 14:49 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | b0fa969c | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/06 19:27 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5d643f8e | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/11/27 11:36 | https://android.googlesource.com/kernel/common android-4.9 | ea83e4a902ba | deb5f6ae | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/11/27 03:41 | https://android.googlesource.com/kernel/common android-4.9 | ea83e4a902ba | deb5f6ae | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/11/24 04:52 | https://android.googlesource.com/kernel/common android-4.9 | fbb7468cbc28 | cb27b030 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/11/22 12:43 | https://android.googlesource.com/kernel/common android-4.9 | fbb7468cbc28 | cb27b030 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/10/25 20:23 | https://android.googlesource.com/kernel/common android-4.9 | 36733457a30f | 83d9c302 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/10/23 16:07 | https://android.googlesource.com/kernel/common android-4.9 | f108c7d9b572 | 632b86c9 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/10/22 08:20 | https://android.googlesource.com/kernel/common android-4.9 | 9eaaf14c7829 | ab829b1b | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/10/19 09:00 | https://android.googlesource.com/kernel/common android-4.9 | 9eaaf14c7829 | ab829b1b | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/10/16 11:22 | https://android.googlesource.com/kernel/common android-4.9 | 5c73594e214f | b69d27d1 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/10/13 04:08 | https://android.googlesource.com/kernel/common android-4.9 | 05c85a6ddfcf | c26ea367 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/10/12 17:48 | https://android.googlesource.com/kernel/common android-4.9 | 9add7c47ec55 | c26ea367 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/10/10 08:58 | https://android.googlesource.com/kernel/common android-4.9 | e5eba30388a2 | c26ea367 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/10/08 06:07 | https://android.googlesource.com/kernel/common android-4.9 | 2b3a26c86b93 | c26ea367 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/10/04 16:41 | https://android.googlesource.com/kernel/common android-4.9 | 96a28fcc7c92 | c26ea367 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/10/03 21:01 | https://android.googlesource.com/kernel/common android-4.9 | 96a28fcc7c92 | c26ea367 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/10/02 05:24 | https://android.googlesource.com/kernel/common android-4.9 | 9b2b08179641 | c26ea367 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/09/29 22:09 | https://android.googlesource.com/kernel/common android-4.9 | c30c69c76c1d | c26ea367 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/09/28 19:10 | https://android.googlesource.com/kernel/common android-4.9 | c30c69c76c1d | c26ea367 | .config | console log | report | ci-android-49-kasan-gce |