BUG fasync_cache (Tainted: G B ): kasan: bad access detected >ffff8801d2c8fa80: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 fc fc INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=57 cpu=0 pid=18338 ^ Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9...... 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline] do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline] SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356 slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 Read of size 4 by task syz-executor4/18439 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline] do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline] SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356 [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 __raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23 BUG fasync_cache (Tainted: G B ): kasan: bad access detected ================================================================== ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 [] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline] [] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262 [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 __raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23 invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline] irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391 [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... __slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685 [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 [] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline] [] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262 Bytes b4 ffff8801d2c8fa80: 01 00 00 00 05 47 00 00 82 af ff ff 00 00 00 00 .....G.......... Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9...... [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 BUG fasync_cache (Tainted: G B ): kasan: bad access detected ----------------------------------------------------------------------------- Bytes b4 ffff8801d2c8fa80: 01 00 00 00 05 47 00 00 82 af ff ff 00 00 00 00 .....G.......... CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 [] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454 [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Call Trace: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline] kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849 __slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504 ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 [] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689 fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 ^ slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline] kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849 ffff8801d2c8f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ----------------------------------------------------------------------------- __rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline] rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline] invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline] __rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline] rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957 slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 ----------------------------------------------------------------------------- INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 Read of size 4 by task syz-executor4/18439 ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 ffff8801d2c8f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc __slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504 invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline] irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391 [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ============================================================================= d_alloc_pseudo+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1680 INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=105 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=105 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=105 cpu=1 pid=18439 __raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23 [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 [] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689 [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N.......... [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 [] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454 ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000 [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 __slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504 Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N.......... [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 ----------------------------------------------------------------------------- INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 entry_SYSCALL_64_fastpath+0x16/0x76 Call Trace: Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 [] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432 entry_SYSCALL_64_fastpath+0x16/0x76 [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc __slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504 ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 ^ Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N.......... [] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline] [] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262 ffff8801d2c8fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Bytes b4 ffff8801d2c8fa80: 01 00 00 00 05 47 00 00 82 af ff ff 00 00 00 00 .....G.......... CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 [] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432 BUG fasync_cache (Tainted: G B ): kasan: bad access detected BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 Bytes b4 ffff8801d2c8fa80: 01 00 00 00 05 47 00 00 82 af ff ff 00 00 00 00 .....G.......... CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 ================================================================== __raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23 __raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23 [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 [] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689 [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=166 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=166 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=166 cpu=1 pid=18439 [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=171 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=171 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=171 cpu=1 pid=18439 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline] kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849 setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline] do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline] SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356 BUG fasync_cache (Tainted: G B ): kasan: bad access detected BUG fasync_cache (Tainted: G B ): kasan: bad access detected Read of size 4 by task syz-executor4/18439 Read of size 4 by task syz-executor4/18439 slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline] smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926 ============================================================================= entry_SYSCALL_64_fastpath+0x16/0x76 [] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689 [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 ================================================================== sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213 __rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline] rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline] invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline] __rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline] rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9...... [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 ============================================================================= INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 __rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline] rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline] invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline] __rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline] rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957 ----------------------------------------------------------------------------- INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=202 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=202 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=202 cpu=1 pid=18439 Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline] do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline] SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356 setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline] do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline] SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356 ============================================================================= Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213 slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... [] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 ================================================================== INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=219 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=219 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=219 cpu=1 pid=18439 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 Call Trace: Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... entry_SYSCALL_64_fastpath+0x16/0x76 invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline] irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391 [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9...... [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000 [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 Call Trace: Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N.......... CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000 [] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689 [] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689 [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 __slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504 __slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504 entry_SYSCALL_64_fastpath+0x16/0x76 [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... [] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline] [] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262 ================================================================== ----------------------------------------------------------------------------- Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 [] entry_SYSCALL_64_fastpath+0x16/0x76 ================================================================== INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=320 cpu=0 pid=18338 Call Trace: Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... Call Trace: Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline] [] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262 slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline] kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849 Read of size 4 by task syz-executor4/18439 d_alloc_pseudo+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1680 ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 ffff8801d2c8f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ----------------------------------------------------------------------------- INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=334 cpu=0 pid=18338 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 BUG fasync_cache (Tainted: G B ): kasan: bad access detected Read of size 4 by task syz-executor4/18439 ----------------------------------------------------------------------------- slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=340 cpu=0 pid=18338 Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N.......... [] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689 [] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline] [] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262 [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 [] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline] do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline] SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356 slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 ================================================================== fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 Read of size 4 by task syz-executor4/18439 BUG fasync_cache (Tainted: G B ): kasan: bad access detected ffff8801d2c8fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ============================================================================= entry_SYSCALL_64_fastpath+0x16/0x76 [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 Call Trace: Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N.......... [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 [] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 entry_SYSCALL_64_fastpath+0x16/0x76 Call Trace: [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline] smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926 INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=343 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=343 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=343 cpu=1 pid=18439 entry_SYSCALL_64_fastpath+0x16/0x76 [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 BUG fasync_cache (Tainted: G B ): kasan: bad access detected Read of size 4 by task syz-executor4/18439 INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=349 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=349 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=349 cpu=1 pid=18439 Bytes b4 ffff8801d2c8fa80: 01 00 00 00 05 47 00 00 82 af ff ff 00 00 00 00 .....G.......... Call Trace: Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 ================================================================== exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline] smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926 BUG fasync_cache (Tainted: G B ): kasan: bad access detected BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline] irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391 [] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689 Call Trace: Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9...... [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Call Trace: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 Read of size 4 by task syz-executor4/18439 INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline] smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926 ----------------------------------------------------------------------------- Read of size 4 by task syz-executor4/18439 slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline] kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849 ffff8801d2c8fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=382 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=382 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=382 cpu=1 pid=18439 Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 ============================================================================= __raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23 [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 Call Trace: Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9...... ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 __rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline] rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline] invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline] __rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline] rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957 Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9...... Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 SYSC_socketpair /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1313 [inline] SyS_socketpair+0x264/0x480 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1268 [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 entry_SYSCALL_64_fastpath+0x16/0x76 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 INFO: Slab 0xffffea00074b2380 objects=20 used=2 fp=0xffff8801d2c8f5e0 flags=0x8000000000004080 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9...... [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N.......... [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 BUG fasync_cache (Tainted: G B ): kasan: bad access detected __slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504 fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 Read of size 4 by task syz-executor4/18439 __d_alloc+0x248/0x790 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1622 INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=429 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=429 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=429 cpu=1 pid=18439 [] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432 Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=434 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=434 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=434 cpu=1 pid=18439 INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline] irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391 [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 Read of size 4 by task syz-executor4/18439 __slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504 __d_alloc+0x248/0x790 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1622 __slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685 ================================================================== INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Call Trace: Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 ----------------------------------------------------------------------------- sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213 ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 __d_alloc+0x248/0x790 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1622 ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 Bytes b4 ffff8801d2c8fa80: 01 00 00 00 05 47 00 00 82 af ff ff 00 00 00 00 .....G.......... Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... ffff8801d2c8fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline] do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline] SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356 slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 entry_SYSCALL_64_fastpath+0x16/0x76 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f [] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline] [] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262 [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 ================================================================== __do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273 [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f ffff8801d2c8f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 ffff8801d2c8f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc BUG fasync_cache (Tainted: G B ): kasan: bad access detected ================================================================== ----------------------------------------------------------------------------- Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 __slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504 __do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273 [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000 [] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454 Call Trace: Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 BUG fasync_cache (Tainted: G B ): kasan: bad access detected ----------------------------------------------------------------------------- invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline] irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391 [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 __slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685 Read of size 4 by task syz-executor4/18439 Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N.......... Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... [] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 ffff8801d2c8fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline] smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926 ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 ================================================================== Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline] do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline] SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356 entry_SYSCALL_64_fastpath+0x16/0x76 [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 [] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454 [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9...... Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 __slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685 ----------------------------------------------------------------------------- fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 ----------------------------------------------------------------------------- ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 Read of size 4 by task syz-executor4/18439 slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 INFO: Slab 0xffffea00074b2380 objects=20 used=2 fp=0xffff8801d2c8f5e0 flags=0x8000000000004080 Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9...... [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 [] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline] [] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262 [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213 INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=545 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=545 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=545 cpu=1 pid=18439 Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 Call Trace: CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 Call Trace: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 entry_SYSCALL_64_fastpath+0x16/0x76 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... Call Trace: Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... __slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504 fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 ============================================================================= Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline] kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849 ffff8801d2c8f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc __d_alloc+0x248/0x790 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1622 sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213 INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=568 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=568 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=568 cpu=1 pid=18439 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline] [] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262 [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... entry_SYSCALL_64_fastpath+0x16/0x76 [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 ============================================================================= INFO: Slab 0xffffea00074b2380 objects=20 used=2 fp=0xffff8801d2c8f5e0 flags=0x8000000000004080 Call Trace: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 __raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23 [] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454 d_alloc_pseudo+0x9/0x10 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1680 ================================================================== Read of size 4 by task syz-executor4/18439 Read of size 4 by task syz-executor4/18439 __d_alloc+0x248/0x790 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1622 ================================================================== __slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685 BUG fasync_cache (Tainted: G B ): kasan: bad access detected ============================================================================= exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline] smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926 BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432 slab_free /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2840 [inline] kmem_cache_free+0x1f1/0x300 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2849 Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f __do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ ================================================================== [] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432 INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=609 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=609 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=609 cpu=1 pid=18439 fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 ================================================================== INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=612 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=612 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=612 cpu=1 pid=18439 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 ffff8801d2c8fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ============================================================================= fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 ffff8801d2c8f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== BUG fasync_cache (Tainted: G B ): kasan: bad access detected Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9...... ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 [] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689 Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 entry_SYSCALL_64_fastpath+0x16/0x76 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline] [] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262 [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline] smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926 BUG fasync_cache (Tainted: G B ): kasan: bad access detected ================================================================== __slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504 setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline] do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline] SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356 BUG fasync_cache (Tainted: G B ): kasan: bad access detected slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 ----------------------------------------------------------------------------- INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=727 cpu=0 pid=18338 CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N.......... [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689 [] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689 [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 ----------------------------------------------------------------------------- Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N.......... [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 [] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454 [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 ----------------------------------------------------------------------------- fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 BUG fasync_cache (Tainted: G B ): kasan: bad access detected INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=702 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=702 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=702 cpu=1 pid=18439 Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 Call Trace: Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 ================================================================== fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 ================================================================== ============================================================================= Bytes b4 ffff8801d2c8fa80: 01 00 00 00 05 47 00 00 82 af ff ff 00 00 00 00 .....G.......... Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 __raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23 [] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 BUG fasync_cache (Tainted: G B ): kasan: bad access detected ================================================================== ============================================================================= 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 Call Trace: Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 SYSC_socketpair /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1313 [inline] SyS_socketpair+0x264/0x480 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1268 ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000 Call Trace: Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000 [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline] smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926 INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=739 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=739 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=739 cpu=1 pid=18439 Bytes b4 ffff8801d2c8fa80: 01 00 00 00 05 47 00 00 82 af ff ff 00 00 00 00 .....G.......... ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000 ^ ffff8801d2c8fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ----------------------------------------------------------------------------- Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000 Call Trace: Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 __do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f [] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689 [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... __slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685 Read of size 4 by task syz-executor4/18439 setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline] do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline] SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356 slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 __slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504 [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 BUG fasync_cache (Tainted: G B ): kasan: bad access detected slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 SYSC_socketpair /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1313 [inline] SyS_socketpair+0x264/0x480 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1268 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline] do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline] SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356 [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 Read of size 4 by task syz-executor4/18439 slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 Object ffff8801d2c8fae0: 00 92 ae b8 00 88 ff ff f0 f4 52 81 ff ff ff ff ..........R..... __slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685 INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=806 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=806 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=806 cpu=1 pid=18439 Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 BUG fasync_cache (Tainted: G B ): kasan: bad access detected BUG fasync_cache (Tainted: G B ): kasan: bad access detected BUG fasync_cache (Tainted: G B ): kasan: bad access detected ================================================================== BUG fasync_cache (Tainted: G B ): kasan: bad access detected INFO: Freed in fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 age=869 cpu=0 pid=18338 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 INFO: Slab 0xffffea00074b2380 objects=20 used=2 fp=0xffff8801d2c8f5e0 flags=0x8000000000004080 [] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline] [] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262 Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 [] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689 Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... Object ffff8801d2c8fa90: 00 00 00 00 ad 4e ad de ff ff ff ff 01 88 ff ff .....N.......... CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000 [] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689 [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 BUG fasync_cache (Tainted: G B ): kasan: bad access detected Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9...... Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... Call Trace: Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9...... [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000 [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=846 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=846 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=846 cpu=1 pid=18439 __d_alloc+0x248/0x790 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1622 ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 ================================================================== INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 [] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline] [] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262 [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 Read of size 4 by task syz-executor4/18439 ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 ffff8801d2c8fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ __rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline] rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline] invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline] __rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline] rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957 fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 Read of size 4 by task syz-executor4/18439 ============================================================================= Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 fasync_free_rcu+0x14/0x20 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:562 ============================================================================= ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9...... __d_alloc+0x248/0x790 /syzkaller/managers/android-44-kasan-gce/kernel/fs/dcache.c:1622 BUG fasync_cache (Tainted: G B ): kasan: bad access detected INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=880 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=880 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=880 cpu=1 pid=18439 Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline] [] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262 [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9...... [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc exiting_irq /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/apic.h:653 [inline] smp_apic_timer_interrupt+0x7b/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/arch/x86/kernel/apic/apic.c:926 __raw_spin_lock_init+0x1c/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:23 [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=895 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=895 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=895 cpu=1 pid=18439 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 Call Trace: Object ffff8801d2c8fab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ __slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685 ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 Memory state around the buggy address: ============================================================================= Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... 0000000000000000 f7cef474b7404a57 ffff8800b7ef79b0 ffffffff81cc9b0f BUG fasync_cache (Tainted: G B ): kasan: bad access detected ^ [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 [] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454 ffff8801d9f16c00 ffffea00074b2380 ffff8801d2c8fa90 0000000000000000 [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline] irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391 [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 ----------------------------------------------------------------------------- INFO: Allocated in fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] age=922 cpu=1 pid=18439 INFO: Allocated in fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] age=922 cpu=1 pid=18439 INFO: Allocated in fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 age=922 cpu=1 pid=18439 Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 ffff8801d2c8fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc SYSC_socketpair /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1313 [inline] SyS_socketpair+0x264/0x480 /syzkaller/managers/android-44-kasan-gce/kernel/net/socket.c:1268 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 [] kasan_report /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:282 [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 [] print_trailer+0x114/0x1a0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:682 BUG fasync_cache (Tainted: G B ): kasan: bad access detected __rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline] rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline] invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline] __rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline] rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957 setfl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:69 [inline] do_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:266 [inline] SYSC_fcntl /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:356 Read of size 4 by task syz-executor4/18439 fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 BUG fasync_cache (Tainted: G B ): kasan: bad access detected __slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685 Read of size 4 by task syz-executor4/18439 ___slab_alloc.constprop.78+0x4c6/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2475 [] queued_write_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:279 [] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689 [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 [] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454 [] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline] [] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262 [] sg_finish_rem_req+0x255/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1848 BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 fasync_alloc /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:603 [inline] fasync_add_entry /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/fs/fcntl.c:690 ffff8801d2c8fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc BUG fasync_cache (Tainted: G B ): kasan: bad access detected Memory state around the buggy address: BUG fasync_cache (Tainted: G B ): kasan: bad access detected BUG: KASAN: slab-out-of-bounds in __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8801d2c8faf4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 at addr ffff8801d2c8faf4 __rcu_reclaim /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/rcu.h:118 [inline] rcu_do_batch /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2705 [inline] invoke_rcu_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2973 [inline] __rcu_process_callbacks /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2940 [inline] rcu_process_callbacks+0x7ff/0x1490 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/rcu/tree.c:2957 Memory state around the buggy address: ^ sg_fasync+0x66/0xb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1213 ----------------------------------------------------------------------------- entry_SYSCALL_64_fastpath+0x16/0x76 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 ffff8801d2c8e010 ffff8801d2c8fa90 ffff8800b7ef79e0 ffffffff814d3af4 [] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline] [] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262 Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... __slab_alloc.isra.74.constprop.77+0x50/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2504 ============================================================================= INFO: Slab 0xffffea00074b2380 objects=20 used=2 fp=0xffff8801d2c8f5e0 flags=0x8000000000004080 CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 __do_softirq+0x24d/0xa60 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:273 [] print_address_description /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:139 [inline] [] kasan_report_error /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 /syzkaller/managers/android-44-kasan-gce/kernel/mm/kasan/report.c:262 [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 [] sg_read+0x767/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:538 ^ Object ffff8801d2c8faa0: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... Object ffff8801d2c8fad0: 00 00 00 00 00 00 00 00 00 39 fb b7 00 88 ff ff .........9...... [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qspinlock.c:352 [] sg_remove_request+0x60/0x100 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:2132 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 __slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685 Object ffff8801d2c8fac0: 00 50 8b 83 ff ff ff ff 01 46 00 00 03 00 00 00 .P.......F...... [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 ^ CPU: 1 PID: 18439 Comm: syz-executor4 Tainted: G B 4.4.105-g8a53962 #3 [] pv_queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock /syzkaller/managers/android-44-kasan-gce/kernel/include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/qrwlock.c:115 slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 INFO: Object 0xffff8801d2c8fa90 @offset=6800 fp=0xdead4ead00000000 __slab_free+0x18c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2685 ----------------------------------------------------------------------------- slab_alloc_node /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2567 [inline] slab_alloc /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:2614 invoke_softirq /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:350 [inline] irq_exit+0x119/0x140 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/softirq.c:391 [] __raw_write_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:303 [] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562 [] object_err+0x2f/0x40 /syzkaller/managers/android-44-kasan-gce/kernel/mm/slub.c:689