ISOFS: Unable to identify CD-ROM format.
binder: 15441:15450 transaction failed 29189/-22, size 0-0 line 2852
==================================================================
BUG: KASAN: slab-out-of-bounds in atomic_read include/asm-generic/atomic-instrumented.h:21 [inline]
BUG: KASAN: slab-out-of-bounds in refcount_read include/linux/refcount.h:42 [inline]
BUG: KASAN: slab-out-of-bounds in check_net include/net/net_namespace.h:236 [inline]
BUG: KASAN: slab-out-of-bounds in rds_destroy_pending net/rds/rds.h:902 [inline]
BUG: KASAN: slab-out-of-bounds in rds_cong_queue_updates+0x25d/0x5b0 net/rds/cong.c:226
Read of size 4 at addr ffff8801cb2e8084 by task kworker/u4:4/7180

CPU: 0 PID: 7180 Comm: kworker/u4:4 Not tainted 4.18.0-rc3+ #127
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: krdsd rds_send_worker
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
 print_address_description+0x6c/0x20b mm/kasan/report.c:256
 kasan_report_error mm/kasan/report.c:354 [inline]
 kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412
 check_memory_region_inline mm/kasan/kasan.c:260 [inline]
 check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267
 kasan_check_read+0x11/0x20 mm/kasan/kasan.c:272
 atomic_read include/asm-generic/atomic-instrumented.h:21 [inline]
 refcount_read include/linux/refcount.h:42 [inline]
 check_net include/net/net_namespace.h:236 [inline]
 rds_destroy_pending net/rds/rds.h:902 [inline]
 rds_cong_queue_updates+0x25d/0x5b0 net/rds/cong.c:226
 rds_recv_rcvbuf_delta.part.3+0x332/0x3e0 net/rds/recv.c:123
 rds_recv_rcvbuf_delta net/rds/recv.c:382 [inline]
 rds_recv_incoming+0x85a/0x1320 net/rds/recv.c:382
 rds_loop_xmit+0x16a/0x340 net/rds/loop.c:82
 rds_send_xmit+0x1343/0x29c0 net/rds/send.c:355
 rds_send_worker+0x153/0x300 net/rds/threads.c:199
 process_one_work+0xc73/0x1ba0 kernel/workqueue.c:2153
 worker_thread+0x189/0x13c0 kernel/workqueue.c:2296
 kthread+0x345/0x410 kernel/kthread.c:240
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412

Allocated by task 0:
(stack is not available)

Freed by task 0:
(stack is not available)

The buggy address belongs to the object at ffff8801cb2e8300
 which belongs to the cache sighand_cache(34:syz6) of size 2184
The buggy address is located 636 bytes to the left of
 2184-byte region [ffff8801cb2e8300, ffff8801cb2e8b88)
The buggy address belongs to the page:
page:ffffea00072cba00 count:1 mapcount:0 mapping:ffff8801b245c240 index:0xffff8801cb2e9ffd compound_mapcount: 0
flags: 0x2fffc0000008100(slab|head)
raw: 02fffc0000008100 ffffea00063c8b88 ffff8801af715f48 ffff8801b245c240
raw: ffff8801cb2e9ffd ffff8801cb2e8300 0000000100000003 ffff8801adff08c0
page dumped because: kasan: bad access detected
page->mem_cgroup:ffff8801adff08c0

Memory state around the buggy address:
 ffff8801cb2e7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8801cb2e8000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8801cb2e8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                   ^
 ffff8801cb2e8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8801cb2e8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================