pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
==================================================================
BUG: KASAN: slab-out-of-bounds in debug_write_lock_before kernel/locking/spinlock_debug.c:178 [inline] at addr ffff8801a6dd2ae8
BUG: KASAN: slab-out-of-bounds in do_raw_write_lock+0x1a3/0x1d0 kernel/locking/spinlock_debug.c:202 at addr ffff8801a6dd2ae8
Read of size 4 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Not tainted 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'.
ffff8801d22b7a28 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55d ffff8801a6dd2ae8 ffff8801d22b7a50
ffffffff8153c27c ffffed0034dba55d ffff8801d804fdc0 0000000000000000
Call Trace:
netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'.
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8a9>] kasan_report mm/kasan/report.c:329 [inline]
[<ffffffff8153c8a9>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329
[<ffffffff81248f93>] debug_write_lock_before kernel/locking/spinlock_debug.c:178 [inline]
[<ffffffff81248f93>] do_raw_write_lock+0x1a3/0x1d0 kernel/locking/spinlock_debug.c:202
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452
[<ffffffff8156dde7>] vfs_read+0x107/0x330 fs/read_write.c:475
[<ffffffff81571a89>] SYSC_read fs/read_write.c:591 [inline]
[<ffffffff81571a89>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
[<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801a6dd2a80, in cache fasync_cache size: 96
Allocated:
PID = 11895
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
fasync_alloc fs/fcntl.c:604 [inline]
fasync_add_entry fs/fcntl.c:662 [inline]
fasync_helper+0x37/0xb0 fs/fcntl.c:691
sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203
setfl fs/fcntl.c:70 [inline]
do_fcntl fs/fcntl.c:267 [inline]
SYSC_fcntl fs/fcntl.c:372 [inline]
SyS_fcntl+0x658/0xc70 fs/fcntl.c:357
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 17
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
fasync_free_rcu+0x1d/0x20 fs/fcntl.c:563
__rcu_reclaim kernel/rcu/rcu.h:118 [inline]
rcu_do_batch kernel/rcu/tree.c:2789 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
__do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
ffff8801a6dd2980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8801a6dd2a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff8801a6dd2a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
^
ffff8801a6dd2b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
ffff8801a6dd2b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in debug_write_lock_before kernel/locking/spinlock_debug.c:179 [inline] at addr ffff8801a6dd2af0
BUG: KASAN: slab-out-of-bounds in do_raw_write_lock+0x1bd/0x1d0 kernel/locking/spinlock_debug.c:202 at addr ffff8801a6dd2af0
Read of size 8 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Tainted: G B 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d22b7a28 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55e ffff8801a6dd2af0 ffff8801d22b7a50
ffffffff8153c27c ffffed0034dba55e ffff8801d804fdc0 0000000000000000
Call Trace:
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8d9>] kasan_report mm/kasan/report.c:330 [inline]
[<ffffffff8153c8d9>] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330
[<ffffffff81248fad>] debug_write_lock_before kernel/locking/spinlock_debug.c:179 [inline]
[<ffffffff81248fad>] do_raw_write_lock+0x1bd/0x1d0 kernel/locking/spinlock_debug.c:202
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452
[<ffffffff8156dde7>] vfs_read+0x107/0x330 fs/read_write.c:475
[<ffffffff81571a89>] SYSC_read fs/read_write.c:591 [inline]
[<ffffffff81571a89>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
[<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801a6dd2a80, in cache fasync_cache size: 96
Allocated:
PID = 11895
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
fasync_alloc fs/fcntl.c:604 [inline]
fasync_add_entry fs/fcntl.c:662 [inline]
fasync_helper+0x37/0xb0 fs/fcntl.c:691
sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203
setfl fs/fcntl.c:70 [inline]
do_fcntl fs/fcntl.c:267 [inline]
SYSC_fcntl fs/fcntl.c:372 [inline]
SyS_fcntl+0x658/0xc70 fs/fcntl.c:357
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 17
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
fasync_free_rcu+0x1d/0x20 fs/fcntl.c:563
__rcu_reclaim kernel/rcu/rcu.h:118 [inline]
rcu_do_batch kernel/rcu/tree.c:2789 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
__do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
ffff8801a6dd2980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8801a6dd2a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff8801a6dd2a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
^
ffff8801a6dd2b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
ffff8801a6dd2b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in debug_write_lock_before kernel/locking/spinlock_debug.c:180 [inline] at addr ffff8801a6dd2aec
BUG: KASAN: slab-out-of-bounds in do_raw_write_lock+0x199/0x1d0 kernel/locking/spinlock_debug.c:202 at addr ffff8801a6dd2aec
Read of size 4 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Tainted: G B 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d22b7a28 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55d ffff8801a6dd2aec ffff8801d22b7a50
ffffffff8153c27c ffffed0034dba55d ffff8801d804fdc0 0000000000000000
Call Trace:
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8a9>] kasan_report mm/kasan/report.c:329 [inline]
[<ffffffff8153c8a9>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329
[<ffffffff81248f89>] debug_write_lock_before kernel/locking/spinlock_debug.c:180 [inline]
[<ffffffff81248f89>] do_raw_write_lock+0x199/0x1d0 kernel/locking/spinlock_debug.c:202
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452
[<ffffffff8156dde7>] vfs_read+0x107/0x330 fs/read_write.c:475
[<ffffffff81571a89>] SYSC_read fs/read_write.c:591 [inline]
[<ffffffff81571a89>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
[<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801a6dd2a80, in cache fasync_cache size: 96
Allocated:
PID = 11895
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
fasync_alloc fs/fcntl.c:604 [inline]
fasync_add_entry fs/fcntl.c:662 [inline]
fasync_helper+0x37/0xb0 fs/fcntl.c:691
sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203
setfl fs/fcntl.c:70 [inline]
do_fcntl fs/fcntl.c:267 [inline]
SYSC_fcntl fs/fcntl.c:372 [inline]
SyS_fcntl+0x658/0xc70 fs/fcntl.c:357
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 17
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
fasync_free_rcu+0x1d/0x20 fs/fcntl.c:563
__rcu_reclaim kernel/rcu/rcu.h:118 [inline]
rcu_do_batch kernel/rcu/tree.c:2789 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
__do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
ffff8801a6dd2980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8801a6dd2a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff8801a6dd2a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
^
ffff8801a6dd2b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
ffff8801a6dd2b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801a6dd2ae4
Read of size 4 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Tainted: G B 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d22b79b0 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55c ffff8801a6dd2ae4 ffff8801d22b79d8
ffffffff8153c27c ffffed0034dba55c ffff8801d804fdc0 0000000000000000
Call Trace:
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8a9>] kasan_report mm/kasan/report.c:329 [inline]
[<ffffffff8153c8a9>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329
[<ffffffff812441e1>] __read_once_size include/linux/compiler.h:243 [inline]
[<ffffffff812441e1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
[<ffffffff812441e1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff812441e1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421
[<ffffffff81249f76>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline]
[<ffffffff81249f76>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff81249f76>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline]
[<ffffffff81249f76>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115
[<ffffffff81248eb7>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline]
[<ffffffff81248eb7>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452
[<ffffffff8156dde7>] vfs_read+0x107/0x330 fs/read_write.c:475
[<ffffffff81571a89>] SYSC_read fs/read_write.c:591 [inline]
[<ffffffff81571a89>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
[<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801a6dd2a80, in cache fasync_cache size: 96
Allocated:
PID = 11895
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
fasync_alloc fs/fcntl.c:604 [inline]
fasync_add_entry fs/fcntl.c:662 [inline]
fasync_helper+0x37/0xb0 fs/fcntl.c:691
sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203
setfl fs/fcntl.c:70 [inline]
do_fcntl fs/fcntl.c:267 [inline]
SYSC_fcntl fs/fcntl.c:372 [inline]
SyS_fcntl+0x658/0xc70 fs/fcntl.c:357
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 17
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
fasync_free_rcu+0x1d/0x20 fs/fcntl.c:563
__rcu_reclaim kernel/rcu/rcu.h:118 [inline]
rcu_do_batch kernel/rcu/tree.c:2789 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
__do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
ffff8801a6dd2980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8801a6dd2a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff8801a6dd2a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
^
ffff8801a6dd2b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
ffff8801a6dd2b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801a6dd2ae4
Read of size 4 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Tainted: G B 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d22b79b0 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55c ffff8801a6dd2ae4 ffff8801d22b79d8
ffffffff8153c27c ffffed0034dba55c ffff8801d804fdc0 0000000000000000
Call Trace:
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8a9>] kasan_report mm/kasan/report.c:329 [inline]
[<ffffffff8153c8a9>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329
[<ffffffff812441e1>] __read_once_size include/linux/compiler.h:243 [inline]
[<ffffffff812441e1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
[<ffffffff812441e1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff812441e1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421
[<ffffffff81249f76>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline]
[<ffffffff81249f76>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff81249f76>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline]
[<ffffffff81249f76>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115
[<ffffffff81248eb7>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline]
[<ffffffff81248eb7>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452
[<ffffffff8156dde7>] vfs_read+0x107/0x330 fs/read_write.c:475
[<ffffffff81571a89>] SYSC_read fs/read_write.c:591 [inline]
[<ffffffff81571a89>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
[<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801a6dd2a80, in cache fasync_cache size: 96
Allocated:
PID = 11895
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
fasync_alloc fs/fcntl.c:604 [inline]
fasync_add_entry fs/fcntl.c:662 [inline]
fasync_helper+0x37/0xb0 fs/fcntl.c:691
sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203
setfl fs/fcntl.c:70 [inline]
do_fcntl fs/fcntl.c:267 [inline]
SYSC_fcntl fs/fcntl.c:372 [inline]
SyS_fcntl+0x658/0xc70 fs/fcntl.c:357
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 17
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
fasync_free_rcu+0x1d/0x20 fs/fcntl.c:563
__rcu_reclaim kernel/rcu/rcu.h:118 [inline]
rcu_do_batch kernel/rcu/tree.c:2789 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
__do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
ffff8801a6dd2980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8801a6dd2a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff8801a6dd2a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
^
ffff8801a6dd2b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
ffff8801a6dd2b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801a6dd2ae4
Read of size 4 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Tainted: G B 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d22b79b0 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55c ffff8801a6dd2ae4 ffff8801d22b79d8
ffffffff8153c27c ffffed0034dba55c ffff8801d804fdc0 0000000000000000
Call Trace:
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8a9>] kasan_report mm/kasan/report.c:329 [inline]
[<ffffffff8153c8a9>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329
[<ffffffff812441e1>] __read_once_size include/linux/compiler.h:243 [inline]
[<ffffffff812441e1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
[<ffffffff812441e1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff812441e1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421
[<ffffffff81249f76>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline]
[<ffffffff81249f76>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff81249f76>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline]
[<ffffffff81249f76>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115
[<ffffffff81248eb7>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline]
[<ffffffff81248eb7>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452
[<ffffffff8156dde7>] vfs_read+0x107/0x330 fs/read_write.c:475
[<ffffffff81571a89>] SYSC_read fs/read_write.c:591 [inline]
[<ffffffff81571a89>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
[<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801a6dd2a80, in cache fasync_cache size: 96
Allocated:
PID = 11895
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
fasync_alloc fs/fcntl.c:604 [inline]
fasync_add_entry fs/fcntl.c:662 [inline]
fasync_helper+0x37/0xb0 fs/fcntl.c:691
sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203
setfl fs/fcntl.c:70 [inline]
do_fcntl fs/fcntl.c:267 [inline]
SYSC_fcntl fs/fcntl.c:372 [inline]
SyS_fcntl+0x658/0xc70 fs/fcntl.c:357
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 17
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
fasync_free_rcu+0x1d/0x20 fs/fcntl.c:563
__rcu_reclaim kernel/rcu/rcu.h:118 [inline]
rcu_do_batch kernel/rcu/tree.c:2789 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
__do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
ffff8801a6dd2980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8801a6dd2a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff8801a6dd2a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
^
ffff8801a6dd2b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
ffff8801a6dd2b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801a6dd2ae4
Read of size 4 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Tainted: G B 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d22b79b0 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55c ffff8801a6dd2ae4 ffff8801d22b79d8
ffffffff8153c27c ffffed0034dba55c ffff8801d804fdc0 0000000000000000
Call Trace:
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8a9>] kasan_report mm/kasan/report.c:329 [inline]
[<ffffffff8153c8a9>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329
[<ffffffff812441e1>] __read_once_size include/linux/compiler.h:243 [inline]
[<ffffffff812441e1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
[<ffffffff812441e1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff812441e1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421
[<ffffffff81249f76>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline]
[<ffffffff81249f76>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff81249f76>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline]
[<ffffffff81249f76>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115
[<ffffffff81248eb7>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline]
[<ffffffff81248eb7>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452
[<ffffffff8156dde7>] vfs_read+0x107/0x330 fs/read_write.c:475
[<ffffffff81571a89>] SYSC_read fs/read_write.c:591 [inline]
[<ffffffff81571a89>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
[<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801a6dd2a80, in cache fasync_cache size: 96
Allocated:
PID = 11895
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
fasync_alloc fs/fcntl.c:604 [inline]
fasync_add_entry fs/fcntl.c:662 [inline]
fasync_helper+0x37/0xb0 fs/fcntl.c:691
sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203
setfl fs/fcntl.c:70 [inline]
do_fcntl fs/fcntl.c:267 [inline]
SYSC_fcntl fs/fcntl.c:372 [inline]
SyS_fcntl+0x658/0xc70 fs/fcntl.c:357
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 17
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
fasync_free_rcu+0x1d/0x20 fs/fcntl.c:563
__rcu_reclaim kernel/rcu/rcu.h:118 [inline]
rcu_do_batch kernel/rcu/tree.c:2789 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
__do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
ffff8801a6dd2980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8801a6dd2a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff8801a6dd2a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
^
ffff8801a6dd2b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
ffff8801a6dd2b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801a6dd2ae4
Read of size 4 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Tainted: G B 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d22b79b0 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55c ffff8801a6dd2ae4 ffff8801d22b79d8
ffffffff8153c27c ffffed0034dba55c ffff8801d804fdc0 0000000000000000
Call Trace:
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8a9>] kasan_report mm/kasan/report.c:329 [inline]
[<ffffffff8153c8a9>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329
[<ffffffff812441e1>] __read_once_size include/linux/compiler.h:243 [inline]
[<ffffffff812441e1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
[<ffffffff812441e1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff812441e1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421
[<ffffffff81249f76>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline]
[<ffffffff81249f76>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff81249f76>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline]
[<ffffffff81249f76>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115
[<ffffffff81248eb7>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline]
[<ffffffff81248eb7>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452
[<ffffffff8156dde7>] vfs_read+0x107/0x330 fs/read_write.c:475
[<ffffffff81571a89>] SYSC_read fs/read_write.c:591 [inline]
[<ffffffff81571a89>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
[<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801a6dd2a80, in cache fasync_cache size: 96
Allocated:
PID = 11895
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
fasync_alloc fs/fcntl.c:604 [inline]
fasync_add_entry fs/fcntl.c:662 [inline]
fasync_helper+0x37/0xb0 fs/fcntl.c:691
sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203
setfl fs/fcntl.c:70 [inline]
do_fcntl fs/fcntl.c:267 [inline]
SYSC_fcntl fs/fcntl.c:372 [inline]
SyS_fcntl+0x658/0xc70 fs/fcntl.c:357
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 17
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
fasync_free_rcu+0x1d/0x20 fs/fcntl.c:563
__rcu_reclaim kernel/rcu/rcu.h:118 [inline]
rcu_do_batch kernel/rcu/tree.c:2789 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
__do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
ffff8801a6dd2980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8801a6dd2a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff8801a6dd2a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
^
ffff8801a6dd2b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
ffff8801a6dd2b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801a6dd2ae4
Read of size 4 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Tainted: G B 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d22b79b0 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55c ffff8801a6dd2ae4 ffff8801d22b79d8
ffffffff8153c27c ffffed0034dba55c ffff8801d804fdc0 0000000000000000
Call Trace:
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8a9>] kasan_report mm/kasan/report.c:329 [inline]
[<ffffffff8153c8a9>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329
[<ffffffff812441e1>] __read_once_size include/linux/compiler.h:243 [inline]
[<ffffffff812441e1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
[<ffffffff812441e1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff812441e1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421
[<ffffffff81249f76>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline]
[<ffffffff81249f76>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff81249f76>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline]
[<ffffffff81249f76>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115
[<ffffffff81248eb7>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline]
[<ffffffff81248eb7>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452
[<ffffffff8156dde7>] vfs_read+0x107/0x330 fs/read_write.c:475
[<ffffffff81571a89>] SYSC_read fs/read_write.c:591 [inline]
[<ffffffff81571a89>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
[<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801a6dd2a80, in cache fasync_cache size: 96
Allocated:
PID = 11895
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
fasync_alloc fs/fcntl.c:604 [inline]
fasync_add_entry fs/fcntl.c:662 [inline]
fasync_helper+0x37/0xb0 fs/fcntl.c:691
sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203
setfl fs/fcntl.c:70 [inline]
do_fcntl fs/fcntl.c:267 [inline]
SYSC_fcntl fs/fcntl.c:372 [inline]
SyS_fcntl+0x658/0xc70 fs/fcntl.c:357
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 17
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
fasync_free_rcu+0x1d/0x20 fs/fcntl.c:563
__rcu_reclaim kernel/rcu/rcu.h:118 [inline]
rcu_do_batch kernel/rcu/tree.c:2789 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
__do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
ffff8801a6dd2980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8801a6dd2a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff8801a6dd2a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
^
ffff8801a6dd2b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
ffff8801a6dd2b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801a6dd2ae4
Read of size 4 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Tainted: G B 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d22b79b0 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55c ffff8801a6dd2ae4 ffff8801d22b79d8
ffffffff8153c27c ffffed0034dba55c ffff8801d804fdc0 0000000000000000
Call Trace:
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8a9>] kasan_report mm/kasan/report.c:329 [inline]
[<ffffffff8153c8a9>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329
[<ffffffff812441e1>] __read_once_size include/linux/compiler.h:243 [inline]
[<ffffffff812441e1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
[<ffffffff812441e1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff812441e1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421
[<ffffffff81249f76>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline]
[<ffffffff81249f76>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff81249f76>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline]
[<ffffffff81249f76>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115
[<ffffffff81248eb7>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline]
[<ffffffff81248eb7>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452
[<ffffffff8156dde7>] vfs_read+0x107/0x330 fs/read_write.c:475
[<ffffffff81571a89>] SYSC_read fs/read_write.c:591 [inline]
[<ffffffff81571a89>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
[<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801a6dd2a80, in cache fasync_cache size: 96
Allocated:
PID = 11895
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
fasync_alloc fs/fcntl.c:604 [inline]
fasync_add_entry fs/fcntl.c:662 [inline]
fasync_helper+0x37/0xb0 fs/fcntl.c:691
sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203
setfl fs/fcntl.c:70 [inline]
do_fcntl fs/fcntl.c:267 [inline]
SYSC_fcntl fs/fcntl.c:372 [inline]
SyS_fcntl+0x658/0xc70 fs/fcntl.c:357
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 17
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
fasync_free_rcu+0x1d/0x20 fs/fcntl.c:563
__rcu_reclaim kernel/rcu/rcu.h:118 [inline]
rcu_do_batch kernel/rcu/tree.c:2789 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
__do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
ffff8801a6dd2980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8801a6dd2a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff8801a6dd2a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
^
ffff8801a6dd2b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
ffff8801a6dd2b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801a6dd2ae4
Read of size 4 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Tainted: G B 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d22b79b0 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55c ffff8801a6dd2ae4 ffff8801d22b79d8
ffffffff8153c27c ffffed0034dba55c ffff8801d804fdc0 0000000000000000
Call Trace:
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8a9>] kasan_report mm/kasan/report.c:329 [inline]
[<ffffffff8153c8a9>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329
[<ffffffff812441e1>] __read_once_size include/linux/compiler.h:243 [inline]
[<ffffffff812441e1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
[<ffffffff812441e1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff812441e1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421
[<ffffffff81249f76>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline]
[<ffffffff81249f76>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff81249f76>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline]
[<ffffffff81249f76>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115
[<ffffffff81248eb7>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline]
[<ffffffff81248eb7>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452
[<ffffffff8156dde7>] vfs_read+0x107/0x330 fs/read_write.c:475
[<ffffffff81571a89>] SYSC_read fs/read_write.c:591 [inline]
[<ffffffff81571a89>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
[<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801a6dd2a80, in cache fasync_cache size: 96
Allocated:
PID = 11895
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
fasync_alloc fs/fcntl.c:604 [inline]
fasync_add_entry fs/fcntl.c:662 [inline]
fasync_helper+0x37/0xb0 fs/fcntl.c:691
sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203
setfl fs/fcntl.c:70 [inline]
do_fcntl fs/fcntl.c:267 [inline]
SYSC_fcntl fs/fcntl.c:372 [inline]
SyS_fcntl+0x658/0xc70 fs/fcntl.c:357
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 17
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
fasync_free_rcu+0x1d/0x20 fs/fcntl.c:563
__rcu_reclaim kernel/rcu/rcu.h:118 [inline]
rcu_do_batch kernel/rcu/tree.c:2789 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
__do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
ffff8801a6dd2980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8801a6dd2a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff8801a6dd2a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
^
ffff8801a6dd2b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
ffff8801a6dd2b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801a6dd2ae4
Read of size 4 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Tainted: G B 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d22b79b0 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55c ffff8801a6dd2ae4 ffff8801d22b79d8
ffffffff8153c27c ffffed0034dba55c ffff8801d804fdc0 0000000000000000
Call Trace:
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8a9>] kasan_report mm/kasan/report.c:329 [inline]
[<ffffffff8153c8a9>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329
[<ffffffff812441e1>] __read_once_size include/linux/compiler.h:243 [inline]
[<ffffffff812441e1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
[<ffffffff812441e1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff812441e1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421
[<ffffffff81249f76>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline]
[<ffffffff81249f76>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff81249f76>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline]
[<ffffffff81249f76>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115
[<ffffffff81248eb7>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline]
[<ffffffff81248eb7>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452
[<ffffffff8156dde7>] vfs_read+0x107/0x330 fs/read_write.c:475
[<ffffffff81571a89>] SYSC_read fs/read_write.c:591 [inline]
[<ffffffff81571a89>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
[<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801a6dd2a80, in cache fasync_cache size: 96
Allocated:
PID = 11895
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
fasync_alloc fs/fcntl.c:604 [inline]
fasync_add_entry fs/fcntl.c:662 [inline]
fasync_helper+0x37/0xb0 fs/fcntl.c:691
sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203
setfl fs/fcntl.c:70 [inline]
do_fcntl fs/fcntl.c:267 [inline]
SYSC_fcntl fs/fcntl.c:372 [inline]
SyS_fcntl+0x658/0xc70 fs/fcntl.c:357
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 17
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
fasync_free_rcu+0x1d/0x20 fs/fcntl.c:563
__rcu_reclaim kernel/rcu/rcu.h:118 [inline]
rcu_do_batch kernel/rcu/tree.c:2789 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
__do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
ffff8801a6dd2980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8801a6dd2a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff8801a6dd2a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
^
ffff8801a6dd2b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
ffff8801a6dd2b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801a6dd2ae4
Read of size 4 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Tainted: G B 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d22b79b0 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55c ffff8801a6dd2ae4 ffff8801d22b79d8
ffffffff8153c27c ffffed0034dba55c ffff8801d804fdc0 0000000000000000
Call Trace:
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8a9>] kasan_report mm/kasan/report.c:329 [inline]
[<ffffffff8153c8a9>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329
[<ffffffff812441e1>] __read_once_size include/linux/compiler.h:243 [inline]
[<ffffffff812441e1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
[<ffffffff812441e1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff812441e1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421
[<ffffffff81249f76>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline]
[<ffffffff81249f76>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff81249f76>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline]
[<ffffffff81249f76>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115
[<ffffffff81248eb7>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline]
[<ffffffff81248eb7>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452
[<ffffffff8156dde7>] vfs_read+0x107/0x330 fs/read_write.c:475
[<ffffffff81571a89>] SYSC_read fs/read_write.c:591 [inline]
[<ffffffff81571a89>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
[<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801a6dd2a80, in cache fasync_cache size: 96
Allocated:
PID = 11895
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
fasync_alloc fs/fcntl.c:604 [inline]
fasync_add_entry fs/fcntl.c:662 [inline]
fasync_helper+0x37/0xb0 fs/fcntl.c:691
sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203
setfl fs/fcntl.c:70 [inline]
do_fcntl fs/fcntl.c:267 [inline]
SYSC_fcntl fs/fcntl.c:372 [inline]
SyS_fcntl+0x658/0xc70 fs/fcntl.c:357
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 17
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
fasync_free_rcu+0x1d/0x20 fs/fcntl.c:563
__rcu_reclaim kernel/rcu/rcu.h:118 [inline]
rcu_do_batch kernel/rcu/tree.c:2789 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
__do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
ffff8801a6dd2980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8801a6dd2a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff8801a6dd2a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
^
ffff8801a6dd2b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
ffff8801a6dd2b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801a6dd2ae4
Read of size 4 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Tainted: G B 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d22b79b0 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55c ffff8801a6dd2ae4 ffff8801d22b79d8
ffffffff8153c27c ffffed0034dba55c ffff8801d804fdc0 0000000000000000
Call Trace:
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8a9>] kasan_report mm/kasan/report.c:329 [inline]
[<ffffffff8153c8a9>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329
[<ffffffff812441e1>] __read_once_size include/linux/compiler.h:243 [inline]
[<ffffffff812441e1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
[<ffffffff812441e1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff812441e1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421
[<ffffffff81249f76>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline]
[<ffffffff81249f76>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff81249f76>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline]
[<ffffffff81249f76>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115
[<ffffffff81248eb7>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline]
[<ffffffff81248eb7>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452
[<ffffffff8156dde7>] vfs_read+0x107/0x330 fs/read_write.c:475
[<ffffffff81571a89>] SYSC_read fs/read_write.c:591 [inline]
[<ffffffff81571a89>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
[<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801a6dd2a80, in cache fasync_cache size: 96
Allocated:
PID = 11895
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
fasync_alloc fs/fcntl.c:604 [inline]
fasync_add_entry fs/fcntl.c:662 [inline]
fasync_helper+0x37/0xb0 fs/fcntl.c:691
sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203
setfl fs/fcntl.c:70 [inline]
do_fcntl fs/fcntl.c:267 [inline]
SYSC_fcntl fs/fcntl.c:372 [inline]
SyS_fcntl+0x658/0xc70 fs/fcntl.c:357
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 17
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
fasync_free_rcu+0x1d/0x20 fs/fcntl.c:563
__rcu_reclaim kernel/rcu/rcu.h:118 [inline]
rcu_do_batch kernel/rcu/tree.c:2789 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
__do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
ffff8801a6dd2980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8801a6dd2a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff8801a6dd2a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
^
ffff8801a6dd2b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
ffff8801a6dd2b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801a6dd2ae4
Read of size 4 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Tainted: G B 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d22b79b0 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55c ffff8801a6dd2ae4 ffff8801d22b79d8
ffffffff8153c27c ffffed0034dba55c ffff8801d804fdc0 0000000000000000
Call Trace:
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8a9>] kasan_report mm/kasan/report.c:329 [inline]
[<ffffffff8153c8a9>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329
[<ffffffff812441e1>] __read_once_size include/linux/compiler.h:243 [inline]
[<ffffffff812441e1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
[<ffffffff812441e1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff812441e1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421
[<ffffffff81249f76>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline]
[<ffffffff81249f76>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff81249f76>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline]
[<ffffffff81249f76>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115
[<ffffffff81248eb7>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline]
[<ffffffff81248eb7>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452
[<ffffffff8156dde7>] vfs_read+0x107/0x330 fs/read_write.c:475
[<ffffffff81571a89>] SYSC_read fs/read_write.c:591 [inline]
[<ffffffff81571a89>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
[<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801a6dd2a80, in cache fasync_cache size: 96
Allocated:
PID = 11895
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
fasync_alloc fs/fcntl.c:604 [inline]
fasync_add_entry fs/fcntl.c:662 [inline]
fasync_helper+0x37/0xb0 fs/fcntl.c:691
sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203
setfl fs/fcntl.c:70 [inline]
do_fcntl fs/fcntl.c:267 [inline]
SYSC_fcntl fs/fcntl.c:372 [inline]
SyS_fcntl+0x658/0xc70 fs/fcntl.c:357
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 17
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
fasync_free_rcu+0x1d/0x20 fs/fcntl.c:563
__rcu_reclaim kernel/rcu/rcu.h:118 [inline]
rcu_do_batch kernel/rcu/tree.c:2789 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
__do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
ffff8801a6dd2980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8801a6dd2a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff8801a6dd2a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
^
ffff8801a6dd2b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
ffff8801a6dd2b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801a6dd2ae4
Read of size 4 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Tainted: G B 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d22b79b0 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55c ffff8801a6dd2ae4 ffff8801d22b79d8
ffffffff8153c27c ffffed0034dba55c ffff8801d804fdc0 0000000000000000
Call Trace:
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8a9>] kasan_report mm/kasan/report.c:329 [inline]
[<ffffffff8153c8a9>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329
[<ffffffff812441e1>] __read_once_size include/linux/compiler.h:243 [inline]
[<ffffffff812441e1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
[<ffffffff812441e1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff812441e1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421
[<ffffffff81249f76>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline]
[<ffffffff81249f76>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff81249f76>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline]
[<ffffffff81249f76>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115
[<ffffffff81248eb7>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline]
[<ffffffff81248eb7>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452
[<ffffffff8156dde7>] vfs_read+0x107/0x330 fs/read_write.c:475
[<ffffffff81571a89>] SYSC_read fs/read_write.c:591 [inline]
[<ffffffff81571a89>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
[<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801a6dd2a80, in cache fasync_cache size: 96
Allocated:
PID = 11895
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
slab_post_alloc_hook mm/slab.h:417 [inline]
slab_alloc_node mm/slub.c:2715 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0xba/0x290 mm/slub.c:2728
fasync_alloc fs/fcntl.c:604 [inline]
fasync_add_entry fs/fcntl.c:662 [inline]
fasync_helper+0x37/0xb0 fs/fcntl.c:691
sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203
setfl fs/fcntl.c:70 [inline]
do_fcntl fs/fcntl.c:267 [inline]
SYSC_fcntl fs/fcntl.c:372 [inline]
SyS_fcntl+0x658/0xc70 fs/fcntl.c:357
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 17
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
save_stack+0x43/0xd0 mm/kasan/kasan.c:495
set_track mm/kasan/kasan.c:507 [inline]
kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
slab_free_hook mm/slub.c:1355 [inline]
slab_free_freelist_hook mm/slub.c:1377 [inline]
slab_free mm/slub.c:2958 [inline]
kmem_cache_free+0xb2/0x2e0 mm/slub.c:2980
fasync_free_rcu+0x1d/0x20 fs/fcntl.c:563
__rcu_reclaim kernel/rcu/rcu.h:118 [inline]
rcu_do_batch kernel/rcu/tree.c:2789 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
__do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
ffff8801a6dd2980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff8801a6dd2a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff8801a6dd2a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
^
ffff8801a6dd2b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
ffff8801a6dd2b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:243 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801a6dd2ae4
BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421 at addr ffff8801a6dd2ae4
Read of size 4 by task syz-executor1/11895
CPU: 0 PID: 11895 Comm: syz-executor1 Tainted: G B 4.9.60-gb4ace31 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d22b79b0 ffffffff81d91449 ffff8801d804fdc0 ffff8801a6dd2a80
ffff8801a6dd2ae0 ffffed0034dba55c ffff8801a6dd2ae4 ffff8801d22b79d8
ffffffff8153c27c ffffed0034dba55c ffff8801d804fdc0 0000000000000000
Call Trace:
[<ffffffff81d91449>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91449>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8153c27c>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
[<ffffffff8153c53c>] print_address_description mm/kasan/report.c:198 [inline]
[<ffffffff8153c53c>] kasan_report_error mm/kasan/report.c:287 [inline]
[<ffffffff8153c53c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
[<ffffffff8153c8a9>] kasan_report mm/kasan/report.c:329 [inline]
[<ffffffff8153c8a9>] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:329
[<ffffffff812441e1>] __read_once_size include/linux/compiler.h:243 [inline]
[<ffffffff812441e1>] atomic_read arch/x86/include/asm/atomic.h:26 [inline]
[<ffffffff812441e1>] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline]
[<ffffffff812441e1>] native_queued_spin_lock_slowpath+0x6a1/0x6c0 kernel/locking/qspinlock.c:421
[<ffffffff81249f76>] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:663 [inline]
[<ffffffff81249f76>] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline]
[<ffffffff81249f76>] queued_spin_lock include/asm-generic/qspinlock.h:103 [inline]
[<ffffffff81249f76>] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115
[<ffffffff81248eb7>] queued_write_lock include/asm-generic/qrwlock.h:134 [inline]
[<ffffffff81248eb7>] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:203
[<ffffffff838aa266>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline]
[<ffffffff838aa266>] _raw_write_lock_irqsave+0x56/0x62 kernel/locking/spinlock.c:303
[<ffffffff8265f900>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122
[<ffffffff8265ff15>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838
[<ffffffff82661c4c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527
[<ffffffff8156c853>] __vfs_read+0x103/0x670 fs/read_write.c:452