[] __vfs_read+0xda/0x3e0 fs/read_write.c:432 BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:218 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 at addr ffff8800b7d06064 [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 [] vfs_read+0xe1/0x340 fs/read_write.c:454 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 BUG fasync_cache (Tainted: G B ): kasan: bad access detected BUG fasync_cache (Tainted: G B ): kasan: bad access detected ================================================================== INFO: Object 0xffff8800b7d06000 @offset=0 fp=0xdead4ead00000000 [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 Read of size 4 by task syz-executor0/5471 setfl fs/fcntl.c:69 [inline] do_fcntl fs/fcntl.c:266 [inline] SYSC_fcntl fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 fs/fcntl.c:356 [] print_trailer+0x114/0x1a0 mm/slub.c:682 [] object_err+0x2f/0x40 mm/slub.c:689 __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=0 cpu=1 pid=5471 [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 [] entry_SYSCALL_64_fastpath+0x16/0x76 setfl fs/fcntl.c:69 [inline] do_fcntl fs/fcntl.c:266 [inline] SYSC_fcntl fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 fs/fcntl.c:356 Call Trace: Object ffff8800b7d06030: 00 50 8b 83 ff ff ff ff 01 46 00 00 04 00 00 00 .P.......F...... 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f ----------------------------------------------------------------------------- 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f BUG fasync_cache (Tainted: G B ): kasan: bad access detected ffff8800b7d06100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 Read of size 4 by task syz-executor0/5471 fasync_alloc fs/fcntl.c:603 [inline] fasync_add_entry fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 fs/fcntl.c:690 [] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 [] object_err+0x2f/0x40 mm/slub.c:689 ----------------------------------------------------------------------------- Object ffff8800b7d06020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 Read of size 4 by task syz-executor0/5471 fasync_alloc fs/fcntl.c:603 [inline] fasync_add_entry fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 fs/fcntl.c:690 [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] vfs_read+0xe1/0x340 fs/read_write.c:454 [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 [] entry_SYSCALL_64_fastpath+0x16/0x76 ----------------------------------------------------------------------------- [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 [] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=0 cpu=1 pid=5471 ================================================================== [] print_trailer+0x114/0x1a0 mm/slub.c:682 BUG fasync_cache (Tainted: G B ): kasan: bad access detected ============================================================================= Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] print_trailer+0x114/0x1a0 mm/slub.c:682 BUG fasync_cache (Tainted: G B ): kasan: bad access detected ffff8800b7d06100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Call Trace: Call Trace: Object ffff8800b7d06030: 00 50 8b 83 ff ff ff ff 01 46 00 00 04 00 00 00 .P.......F...... Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 ffff8800b7d05f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Call Trace: 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f Call Trace: ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 [] object_err+0x2f/0x40 mm/slub.c:689 Read of size 4 by task syz-executor0/5471 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=0 cpu=1 pid=5471 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 Memory state around the buggy address: Object ffff8800b7d06030: 00 50 8b 83 ff ff ff ff 01 46 00 00 04 00 00 00 .P.......F...... Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=0 cpu=1 pid=5471 ----------------------------------------------------------------------------- Read of size 4 by task syz-executor0/5471 [] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 Read of size 4 by task syz-executor0/5471 Object ffff8800b7d06020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ BUG fasync_cache (Tainted: G B ): kasan: bad access detected ================================================================== [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 fasync_alloc fs/fcntl.c:603 [inline] fasync_add_entry fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 fs/fcntl.c:690 [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 ================================================================== Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 [] entry_SYSCALL_64_fastpath+0x16/0x76 sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] object_err+0x2f/0x40 mm/slub.c:689 Object ffff8800b7d06030: 00 50 8b 83 ff ff ff ff 01 46 00 00 04 00 00 00 .P.......F...... [] object_err+0x2f/0x40 mm/slub.c:689 Read of size 4 by task syz-executor0/5471 ___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475 BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 Call Trace: Call Trace: Call Trace: Call Trace: ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 ffff8800b7d05f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8800b7d06100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 ----------------------------------------------------------------------------- [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 Call Trace: Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=0 cpu=1 pid=5471 ffff8800b7d05f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 Object ffff8800b7d06000: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Read of size 4 by task syz-executor0/5471 BUG fasync_cache (Tainted: G B ): kasan: bad access detected ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Memory state around the buggy address: Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 [] object_err+0x2f/0x40 mm/slub.c:689 fasync_alloc fs/fcntl.c:603 [inline] fasync_add_entry fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 fs/fcntl.c:690 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=0 cpu=1 pid=5471 [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 CPU: 1 PID: 5471 Comm: syz-executor0 Tainted: G B 4.4.105-ge303a83 #5 ----------------------------------------------------------------------------- 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f Memory state around the buggy address: Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 >ffff8800b7d06000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 Read of size 4 by task syz-executor0/5471 ----------------------------------------------------------------------------- [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 ----------------------------------------------------------------------------- 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 ================================================================== 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 [] print_trailer+0x114/0x1a0 mm/slub.c:682 [] entry_SYSCALL_64_fastpath+0x16/0x76 ----------------------------------------------------------------------------- Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] __vfs_read+0xda/0x3e0 fs/read_write.c:432 [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ================================================================== [] object_err+0x2f/0x40 mm/slub.c:689 Object ffff8800b7d06010: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... Call Trace: ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 ffff8800b7d05f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 ================================================================== [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 Call Trace: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Read of size 4 by task syz-executor0/5471 setfl fs/fcntl.c:69 [inline] do_fcntl fs/fcntl.c:266 [inline] SYSC_fcntl fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 fs/fcntl.c:356 Object ffff8800b7d06030: 00 50 8b 83 ff ff ff ff 01 46 00 00 04 00 00 00 .P.......F...... 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f Read of size 4 by task syz-executor0/5471 ----------------------------------------------------------------------------- INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=0 cpu=1 pid=5471 [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 [] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 [] print_trailer+0x114/0x1a0 mm/slub.c:682 ffff8800b7d06100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 ============================================================================= ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f [] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 ----------------------------------------------------------------------------- ================================================================== setfl fs/fcntl.c:69 [inline] do_fcntl fs/fcntl.c:266 [inline] SYSC_fcntl fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 fs/fcntl.c:356 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 ============================================================================= [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 [] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 BUG fasync_cache (Tainted: G B ): kasan: bad access detected ============================================================================= [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 ___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475 Object ffff8800b7d06000: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... setfl fs/fcntl.c:69 [inline] do_fcntl fs/fcntl.c:266 [inline] SYSC_fcntl fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 fs/fcntl.c:356 ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 [] entry_SYSCALL_64_fastpath+0x16/0x76 ffff8800b7d05f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] __vfs_read+0xda/0x3e0 fs/read_write.c:432 ============================================================================= [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 INFO: Object 0xffff8800b7d06000 @offset=0 fp=0xdead4ead00000000 ___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475 [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 [] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 CPU: 1 PID: 5471 Comm: syz-executor0 Tainted: G B 4.4.105-ge303a83 #5 [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] vfs_read+0xe1/0x340 fs/read_write.c:454 ================================================================== [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 Read of size 4 by task syz-executor0/5471 Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff8800b7d06030: 00 50 8b 83 ff ff ff ff 01 46 00 00 04 00 00 00 .P.......F...... [] print_trailer+0x114/0x1a0 mm/slub.c:682 ================================================================== ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 ----------------------------------------------------------------------------- [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 entry_SYSCALL_64_fastpath+0x16/0x76 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 Read of size 4 by task syz-executor0/5471 BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 BUG fasync_cache (Tainted: G B ): kasan: bad access detected Read of size 4 by task syz-executor0/5471 Object ffff8800b7d06010: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... ___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475 ============================================================================= ___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475 [] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:218 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 at addr ffff8800b7d06064 ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 INFO: Slab 0xffffea0002df4180 objects=20 used=1 fp=0xffff8800b7d07db0 flags=0x4000000000004080 ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=0 cpu=1 pid=5471 [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 [] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 ============================================================================= [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Object ffff8800b7d06030: 00 50 8b 83 ff ff ff ff 01 46 00 00 04 00 00 00 .P.......F...... ffff8800b7d06100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 Read of size 4 by task syz-executor0/5471 >ffff8800b7d06000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 Read of size 4 by task syz-executor0/5471 Memory state around the buggy address: [] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] print_trailer+0x114/0x1a0 mm/slub.c:682 ffff8800b7d05f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] vfs_read+0xe1/0x340 fs/read_write.c:454 ============================================================================= INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=0 cpu=1 pid=5471 [] vfs_read+0xe1/0x340 fs/read_write.c:454 ----------------------------------------------------------------------------- [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 BUG fasync_cache (Tainted: G B ): kasan: bad access detected Memory state around the buggy address: Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 Read of size 4 by task syz-executor0/5471 Object ffff8800b7d06030: 00 50 8b 83 ff ff ff ff 01 46 00 00 04 00 00 00 .P.......F...... 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:218 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 at addr ffff8800b7d06064 [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 fasync_alloc fs/fcntl.c:603 [inline] fasync_add_entry fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 fs/fcntl.c:690 [] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 Object ffff8800b7d06000: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... Object ffff8800b7d06010: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f ^ [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 Read of size 4 by task syz-executor0/5471 ----------------------------------------------------------------------------- [] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f [] entry_SYSCALL_64_fastpath+0x16/0x76 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 Memory state around the buggy address: Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 [] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 Read of size 4 by task syz-executor0/5471 [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 [] print_trailer+0x114/0x1a0 mm/slub.c:682 Read of size 4 by task syz-executor0/5471 BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:218 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 at addr ffff8800b7d06064 [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [] entry_SYSCALL_64_fastpath+0x16/0x76 Read of size 4 by task syz-executor0/5471 Read of size 4 by task syz-executor0/5471 ================================================================== 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 [] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] __vfs_read+0xda/0x3e0 fs/read_write.c:432 >ffff8800b7d06000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 Memory state around the buggy address: [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 INFO: Object 0xffff8800b7d06000 @offset=0 fp=0xdead4ead00000000 Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] object_err+0x2f/0x40 mm/slub.c:689 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] print_trailer+0x114/0x1a0 mm/slub.c:682 ----------------------------------------------------------------------------- [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [] print_trailer+0x114/0x1a0 mm/slub.c:682 ============================================================================= INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=0 cpu=1 pid=5471 [] entry_SYSCALL_64_fastpath+0x16/0x76 BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 Read of size 4 by task syz-executor0/5471 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f [] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 ___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475 ================================================================== ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 >ffff8800b7d06000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] __vfs_read+0xda/0x3e0 fs/read_write.c:432 [] entry_SYSCALL_64_fastpath+0x16/0x76 INFO: Slab 0xffffea0002df4180 objects=20 used=1 fp=0xffff8800b7d07db0 flags=0x4000000000004080 [] vfs_read+0xe1/0x340 fs/read_write.c:454 ___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475 BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 ================================================================== CPU: 1 PID: 5471 Comm: syz-executor0 Tainted: G B 4.4.105-ge303a83 #5 Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff8800b7d06030: 00 50 8b 83 ff ff ff ff 01 46 00 00 04 00 00 00 .P.......F...... ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 BUG fasync_cache (Tainted: G B ): kasan: bad access detected >ffff8800b7d06000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 ----------------------------------------------------------------------------- [] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 CPU: 1 PID: 5471 Comm: syz-executor0 Tainted: G B 4.4.105-ge303a83 #5 ============================================================================= ----------------------------------------------------------------------------- INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=0 cpu=1 pid=5471 INFO: Slab 0xffffea0002df4180 objects=20 used=1 fp=0xffff8800b7d07db0 flags=0x4000000000004080 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Read of size 4 by task syz-executor0/5471 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 INFO: Object 0xffff8800b7d06000 @offset=0 fp=0xdead4ead00000000 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 ================================================================== INFO: Object 0xffff8800b7d06000 @offset=0 fp=0xdead4ead00000000 ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 BUG fasync_cache (Tainted: G B ): kasan: bad access detected ============================================================================= Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:218 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 at addr ffff8800b7d06064 [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 Call Trace: Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 ============================================================================= [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 ffff8800b7d06100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 ================================================================== [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 [] print_trailer+0x114/0x1a0 mm/slub.c:682 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=0 cpu=1 pid=5471 [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 >ffff8800b7d06000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc entry_SYSCALL_64_fastpath+0x16/0x76 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f Memory state around the buggy address: ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] print_trailer+0x114/0x1a0 mm/slub.c:682 ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- [] print_trailer+0x114/0x1a0 mm/slub.c:682 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Read of size 4 by task syz-executor0/5471 ----------------------------------------------------------------------------- ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 ffff8800b7d06100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [] object_err+0x2f/0x40 mm/slub.c:689 Object ffff8800b7d06010: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 Memory state around the buggy address: 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Call Trace: [] print_trailer+0x114/0x1a0 mm/slub.c:682 ================================================================== [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 Call Trace: ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 Read of size 4 by task syz-executor0/5471 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 Call Trace: Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] object_err+0x2f/0x40 mm/slub.c:689 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Object ffff8800b7d06030: 00 50 8b 83 ff ff ff ff 01 46 00 00 04 00 00 00 .P.......F...... Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ CPU: 1 PID: 5471 Comm: syz-executor0 Tainted: G B 4.4.105-ge303a83 #5 BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 BUG fasync_cache (Tainted: G B ): kasan: bad access detected Read of size 4 by task syz-executor0/5471 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] __vfs_read+0xda/0x3e0 fs/read_write.c:432 ffff8800b7d06100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f ============================================================================= [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 ================================================================== CPU: 1 PID: 5471 Comm: syz-executor0 Tainted: G B 4.4.105-ge303a83 #5 [] entry_SYSCALL_64_fastpath+0x16/0x76 Object ffff8800b7d06020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff8800b7d06010: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 ----------------------------------------------------------------------------- ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 ================================================================== ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 ============================================================================= INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=0 cpu=1 pid=5471 Read of size 4 by task syz-executor0/5471 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 CPU: 1 PID: 5471 Comm: syz-executor0 Tainted: G B 4.4.105-ge303a83 #5 INFO: Object 0xffff8800b7d06000 @offset=0 fp=0xdead4ead00000000 CPU: 1 PID: 5471 Comm: syz-executor0 Tainted: G B 4.4.105-ge303a83 #5 ffff8800b7d05f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 ffff8800b7d05f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 ================================================================== Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] entry_SYSCALL_64_fastpath+0x16/0x76 entry_SYSCALL_64_fastpath+0x16/0x76 [] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 Read of size 4 by task syz-executor0/5471 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 Read of size 4 by task syz-executor0/5471 fasync_alloc fs/fcntl.c:603 [inline] fasync_add_entry fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 fs/fcntl.c:690 Object ffff8800b7d06020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff8800b7d06030: 00 50 8b 83 ff ff ff ff 01 46 00 00 04 00 00 00 .P.......F...... INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=0 cpu=1 pid=5471 ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] entry_SYSCALL_64_fastpath+0x16/0x76 Object ffff8800b7d06010: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 [] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 Memory state around the buggy address: Object ffff8800b7d06030: 00 50 8b 83 ff ff ff ff 01 46 00 00 04 00 00 00 .P.......F...... Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 BUG fasync_cache (Tainted: G B ): kasan: bad access detected INFO: Slab 0xffffea0002df4180 objects=20 used=1 fp=0xffff8800b7d07db0 flags=0x4000000000004080 [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=0 cpu=1 pid=5471 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=0 cpu=1 pid=5471 [] entry_SYSCALL_64_fastpath+0x16/0x76 Object ffff8800b7d06030: 00 50 8b 83 ff ff ff ff 01 46 00 00 04 00 00 00 .P.......F...... [] print_trailer+0x114/0x1a0 mm/slub.c:682 ================================================================== [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 [] object_err+0x2f/0x40 mm/slub.c:689 ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 ffff8801d9feac00 ffffea0002df4180 ffff8800b7d06000 0000000000000000 Read of size 4 by task syz-executor0/5471 ----------------------------------------------------------------------------- [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 ffff8800b7d05f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Call Trace: Call Trace: ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 Read of size 4 by task syz-executor0/5471 BUG fasync_cache (Tainted: G B ): kasan: bad access detected >ffff8800b7d06000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 [] entry_SYSCALL_64_fastpath+0x16/0x76 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] print_trailer+0x114/0x1a0 mm/slub.c:682 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] print_trailer+0x114/0x1a0 mm/slub.c:682 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 ----------------------------------------------------------------------------- ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 ffff8800b7d06010 ffff8800b7d06000 ffff8800b6b9f9e0 ffffffff814d3af4 [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:218 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b7d06064 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 at addr ffff8800b7d06064 0000000000000000 c774000192693dbe ffff8800b6b9f9b0 ffffffff81cc9b4f [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 Call Trace: Object ffff8800b7d06030: 00 50 8b 83 ff ff ff ff 01 46 00 00 04 00 00 00 .P.......F...... Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 ffff8800b7d06080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [] object_err+0x2f/0x40 mm/slub.c:689 Object ffff8800b7d06050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] object_err+0x2f/0x40 mm/slub.c:689 [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 Read of size 4 by task syz-executor0/5471 Object ffff8800b7d06040: 00 00 00 00 00 00 00 00 00 3c 52 d5 01 88 ff ff .........