Warning: Permanently added '10.128.15.206' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 30.210939] ================================================================== [ 30.218339] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 30.225417] Read of size 8 at addr ffff8801c196a1c0 by task syzkaller039709/3332 [ 30.233009] [ 30.234609] CPU: 0 PID: 3332 Comm: syzkaller039709 Not tainted 4.9.76-g8dec074 #23 [ 30.242295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.251631] ffff8801c759fa50 ffffffff81d93169 ffffea0007065a80 ffff8801c196a1c0 [ 30.259624] 0000000000000000 ffff8801c196a1c0 ffff8801c7558238 ffff8801c759fa88 [ 30.267871] ffffffff8153cb43 ffff8801c196a1c0 0000000000000008 0000000000000000 [ 30.275841] Call Trace: [ 30.278399] [] dump_stack+0xc1/0x128 [ 30.283737] [] print_address_description+0x73/0x280 [ 30.290636] [] kasan_report+0x275/0x360 [ 30.296231] [] ? sg_remove_request+0x103/0x120 [ 30.302434] [] __asan_report_load8_noabort+0x14/0x20 [ 30.309155] [] sg_remove_request+0x103/0x120 [ 30.315189] [] sg_finish_rem_req+0x295/0x340 [ 30.321219] [] sg_read+0xa1c/0x1440 [ 30.326478] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 30.333121] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 30.340106] [] ? vma_set_page_prot+0x10f/0x180 [ 30.346308] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 30.352947] [] __vfs_read+0x103/0x670 [ 30.358367] [] ? default_llseek+0x290/0x290 [ 30.364315] [] ? fsnotify+0x86/0xf30 [ 30.369658] [] ? fsnotify+0xf30/0xf30 [ 30.375085] [] ? avc_policy_seqno+0x9/0x20 [ 30.380941] [] ? selinux_file_permission+0x82/0x460 [ 30.387589] [] ? security_file_permission+0x89/0x1e0 [ 30.394317] [] ? rw_verify_area+0xe5/0x2b0 [ 30.400171] [] vfs_read+0x11e/0x380 [ 30.405426] [] SyS_read+0xd9/0x1b0 [ 30.410588] [] ? vfs_copy_file_range+0x740/0x740 [ 30.416974] [] ? do_fast_syscall_32+0xcf/0x890 [ 30.423353] [] ? vfs_copy_file_range+0x740/0x740 [ 30.429731] [] do_fast_syscall_32+0x2f7/0x890 [ 30.435854] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.442491] [] entry_SYSENTER_compat+0x74/0x83 [ 30.448700] [ 30.450915] Allocated by task 0: [ 30.454856] (stack is not available) [ 30.458535] [ 30.460132] Freed by task 0: [ 30.463116] (stack is not available) [ 30.466794] [ 30.468389] The buggy address belongs to the object at ffff8801c196a180 [ 30.468389] which belongs to the cache fasync_cache of size 96 [ 30.481102] The buggy address is located 64 bytes inside of [ 30.481102] 96-byte region [ffff8801c196a180, ffff8801c196a1e0) [ 30.492769] The buggy address belongs to the page: [ 30.497669] page:ffffea0007065a80 count:1 mapcount:0 mapping: (null) index:0x0 [ 30.505902] flags: 0x8000000000000080(slab) [ 30.510188] page dumped because: kasan: bad access detected [ 30.516878] [ 30.518475] Memory state around the buggy address: [ 30.523500] ffff8801c196a080: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 30.530830] ffff8801c196a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.538161] >ffff8801c196a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.545503] ^ [ 30.550933] ffff8801c196a200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc executing program [ 30.558697] ffff8801c196a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.566027] ================================================================== [ 30.573360] Disabling lock debugging due to kernel taint [ 30.579477] Kernel panic - not syncing: panic_on_warn set ... [ 30.579477] [ 30.586851] CPU: 0 PID: 3332 Comm: syzkaller039709 Tainted: G B 4.9.76-g8dec074 #23 [ 30.595759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.605893] ffff8801c759f9a8 ffffffff81d93169 ffffffff84195c2f ffff8801c759fa80 [ 30.613877] 0000000000000000 ffff8801c196a1c0 ffff8801c7558238 ffff8801c759fa70 [ 30.621869] ffffffff8142e371 0000000041b58ab3 ffffffff84189690 ffffffff8142e1b5 [ 30.629853] Call Trace: [ 30.632417] [] dump_stack+0xc1/0x128 [ 30.637768] [] panic+0x1bc/0x3a8 [ 30.642762] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 30.651398] [] ? preempt_schedule+0x25/0x30 [ 30.657342] [] ? ___preempt_schedule+0x16/0x18 [ 30.663543] [] kasan_end_report+0x50/0x50 [ 30.669313] [] kasan_report+0x167/0x360 [ 30.674907] [] ? sg_remove_request+0x103/0x120 [ 30.681111] [] __asan_report_load8_noabort+0x14/0x20 [ 30.687836] [] sg_remove_request+0x103/0x120 [ 30.693871] [] sg_finish_rem_req+0x295/0x340 [ 30.699899] [] sg_read+0xa1c/0x1440 [ 30.705150] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 30.711790] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 30.718778] [] ? vma_set_page_prot+0x10f/0x180 [ 30.724983] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 30.731624] [] __vfs_read+0x103/0x670 [ 30.737047] [] ? default_llseek+0x290/0x290 [ 30.743003] [] ? fsnotify+0x86/0xf30 [ 30.748346] [] ? fsnotify+0xf30/0xf30 [ 30.753769] [] ? avc_policy_seqno+0x9/0x20 [ 30.759628] [] ? selinux_file_permission+0x82/0x460 [ 30.766266] [] ? security_file_permission+0x89/0x1e0 [ 30.772992] [] ? rw_verify_area+0xe5/0x2b0 [ 30.778847] [] vfs_read+0x11e/0x380 [ 30.784095] [] SyS_read+0xd9/0x1b0 [ 30.789266] [] ? vfs_copy_file_range+0x740/0x740 [ 30.795644] [] ? do_fast_syscall_32+0xcf/0x890 [ 30.801855] [] ? vfs_copy_file_range+0x740/0x740 [ 30.808230] [] do_fast_syscall_32+0x2f7/0x890 [ 30.814354] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.820995] [] entry_SYSENTER_compat+0x74/0x83 [ 30.827868] Dumping ftrace buffer: [ 30.831394] (ftrace buffer empty) [ 30.835078] Kernel Offset: disabled [ 30.838684] Rebooting in 86400 seconds..