SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1025 sclass=netlink_route_socket ================================================================== BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:218 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 at addr ffff8800b7eb57d4 ___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475 CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=6 cpu=0 pid=6756 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=6 cpu=0 pid=6756 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=6 cpu=0 pid=6756 run_ksoftirqd+0x20/0x60 kernel/softirq.c:662 INFO: Freed in fasync_free_rcu+0x14/0x20 fs/fcntl.c:562 age=7 cpu=0 pid=3 BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:218 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 at addr ffff8800b7eb57d4 __slab_free+0x18c/0x2b0 mm/slub.c:2685 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 [] entry_SYSCALL_64_fastpath+0x16/0x76 entry_SYSCALL_64_fastpath+0x16/0x76 fasync_free_rcu+0x14/0x20 fs/fcntl.c:562 ___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 slab_free mm/slub.c:2840 [inline] kmem_cache_free+0x1f1/0x300 mm/slub.c:2849 CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 ----------------------------------------------------------------------------- [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... BUG fasync_cache (Tainted: G B ): kasan: bad access detected Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 __slab_free+0x18c/0x2b0 mm/slub.c:2685 INFO: Slab 0xffffea0002dfad00 objects=20 used=3 fp=0xffff8800b7eb5a90 flags=0x4000000000004080 sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 entry_SYSCALL_64_fastpath+0x16/0x76 entry_SYSCALL_64_fastpath+0x16/0x76 BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:218 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 at addr ffff8800b7eb57d4 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ [] entry_SYSCALL_64_fastpath+0x16/0x76 Bytes b4 ffff8800b7eb5760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 entry_SYSCALL_64_fastpath+0x16/0x76 __slab_free+0x18c/0x2b0 mm/slub.c:2685 fasync_free_rcu+0x14/0x20 fs/fcntl.c:562 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... [] vfs_read+0xe1/0x340 fs/read_write.c:454 [] entry_SYSCALL_64_fastpath+0x16/0x76 Object ffff8800b7eb5790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 ffff8800b7eb5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ __do_softirq+0x24d/0xa60 kernel/softirq.c:273 [] print_trailer+0x114/0x1a0 mm/slub.c:682 Call Trace: Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... [] entry_SYSCALL_64_fastpath+0x16/0x76 BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... __rcu_reclaim kernel/rcu/rcu.h:118 [inline] rcu_do_batch kernel/rcu/tree.c:2705 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2973 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2940 [inline] rcu_process_callbacks+0x7ff/0x1490 kernel/rcu/tree.c:2957 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... Bytes b4 ffff8800b7eb5760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Read of size 4 by task syz-executor1/6756 Object ffff8800b7eb5790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] object_err+0x2f/0x40 mm/slub.c:689 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 fasync_alloc fs/fcntl.c:603 [inline] fasync_add_entry fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 fs/fcntl.c:690 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... Call Trace: ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ffff8800b7eb5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=117 cpu=0 pid=6756 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=117 cpu=0 pid=6756 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=117 cpu=0 pid=6756 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 Object ffff8800b7eb5790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Call Trace: __do_softirq+0x24d/0xa60 kernel/softirq.c:273 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 Call Trace: [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 ffff8800b7eb5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 ^ ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 setfl fs/fcntl.c:69 [inline] do_fcntl fs/fcntl.c:266 [inline] SYSC_fcntl fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 fs/fcntl.c:356 [] vfs_read+0xe1/0x340 fs/read_write.c:454 ffff8800b7eb5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ ^ [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 Read of size 4 by task syz-executor1/6756 run_ksoftirqd+0x20/0x60 kernel/softirq.c:662 Read of size 4 by task syz-executor1/6756 ================================================================== Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 fasync_free_rcu+0x14/0x20 fs/fcntl.c:562 __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 smpboot_thread_fn+0x55f/0x920 kernel/smpboot.c:163 ffff8800b7eb5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc __do_softirq+0x24d/0xa60 kernel/softirq.c:273 ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 ============================================================================= [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 ================================================================== Read of size 4 by task syz-executor1/6756 [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 Read of size 4 by task syz-executor1/6756 slab_free mm/slub.c:2840 [inline] kmem_cache_free+0x1f1/0x300 mm/slub.c:2849 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... Call Trace: __do_softirq+0x24d/0xa60 kernel/softirq.c:273 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... Memory state around the buggy address: Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... >ffff8800b7eb5780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... smpboot_thread_fn+0x55f/0x920 kernel/smpboot.c:163 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 kthread+0x245/0x310 kernel/kthread.c:211 Bytes b4 ffff8800b7eb5760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 Bytes b4 ffff8800b7eb5760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 ----------------------------------------------------------------------------- CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 [] object_err+0x2f/0x40 mm/slub.c:689 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... [] entry_SYSCALL_64_fastpath+0x16/0x76 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... [] entry_SYSCALL_64_fastpath+0x16/0x76 BUG fasync_cache (Tainted: G B ): kasan: bad access detected 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 [] vfs_read+0xe1/0x340 fs/read_write.c:454 run_ksoftirqd+0x20/0x60 kernel/softirq.c:662 __slab_free+0x18c/0x2b0 mm/slub.c:2685 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=236 cpu=0 pid=6756 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=236 cpu=0 pid=6756 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=236 cpu=0 pid=6756 run_ksoftirqd+0x20/0x60 kernel/softirq.c:662 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f entry_SYSCALL_64_fastpath+0x16/0x76 fasync_free_rcu+0x14/0x20 fs/fcntl.c:562 fasync_alloc fs/fcntl.c:603 [inline] fasync_add_entry fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 fs/fcntl.c:690 sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 [] vfs_read+0xe1/0x340 fs/read_write.c:454 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 ffff8800b7eb5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 ffff8800b7eb5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... INFO: Freed in fasync_free_rcu+0x14/0x20 fs/fcntl.c:562 age=261 cpu=0 pid=3 __slab_free+0x18c/0x2b0 mm/slub.c:2685 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... Call Trace: Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... Memory state around the buggy address: Memory state around the buggy address: [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 Call Trace: INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 __rcu_reclaim kernel/rcu/rcu.h:118 [inline] rcu_do_batch kernel/rcu/tree.c:2705 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2973 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2940 [inline] rcu_process_callbacks+0x7ff/0x1490 kernel/rcu/tree.c:2957 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 Memory state around the buggy address: Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... kthread+0x245/0x310 kernel/kthread.c:211 Bytes b4 ffff8800b7eb5760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 ================================================================== __do_softirq+0x24d/0xa60 kernel/softirq.c:273 [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 ^ ----------------------------------------------------------------------------- Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 Memory state around the buggy address: CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 INFO: Freed in fasync_free_rcu+0x14/0x20 fs/fcntl.c:562 age=297 cpu=0 pid=3 [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ Memory state around the buggy address: [] vfs_read+0xe1/0x340 fs/read_write.c:454 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ffff8800b7eb5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f ----------------------------------------------------------------------------- setfl fs/fcntl.c:69 [inline] do_fcntl fs/fcntl.c:266 [inline] SYSC_fcntl fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 fs/fcntl.c:356 kthread+0x245/0x310 kernel/kthread.c:211 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 ============================================================================= __do_softirq+0x24d/0xa60 kernel/softirq.c:273 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 __slab_free+0x18c/0x2b0 mm/slub.c:2685 ============================================================================= INFO: Slab 0xffffea0002dfad00 objects=20 used=3 fp=0xffff8800b7eb5a90 flags=0x4000000000004080 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 kthread+0x245/0x310 kernel/kthread.c:211 sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 run_ksoftirqd+0x20/0x60 kernel/softirq.c:662 [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Memory state around the buggy address: [] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 ================================================================== INFO: Freed in fasync_free_rcu+0x14/0x20 fs/fcntl.c:562 age=348 cpu=0 pid=3 ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 kthread+0x245/0x310 kernel/kthread.c:211 ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 [] entry_SYSCALL_64_fastpath+0x16/0x76 CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 [] print_trailer+0x114/0x1a0 mm/slub.c:682 ffff8800b7eb5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... ============================================================================= ffff8800b7eb5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 Object ffff8800b7eb5790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 Bytes b4 ffff8800b7eb5760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Bytes b4 ffff8800b7eb5760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ smpboot_thread_fn+0x55f/0x920 kernel/smpboot.c:163 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 __slab_free+0x18c/0x2b0 mm/slub.c:2685 ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=381 cpu=0 pid=6756 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=381 cpu=0 pid=6756 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=381 cpu=0 pid=6756 CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 ffff8800b7eb5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 ffff8800b7eb5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 __rcu_reclaim kernel/rcu/rcu.h:118 [inline] rcu_do_batch kernel/rcu/tree.c:2705 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2973 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2940 [inline] rcu_process_callbacks+0x7ff/0x1490 kernel/rcu/tree.c:2957 Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ >ffff8800b7eb5780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... Call Trace: Bytes b4 ffff8800b7eb5760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] print_trailer+0x114/0x1a0 mm/slub.c:682 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 Call Trace: [] vfs_read+0xe1/0x340 fs/read_write.c:454 fasync_alloc fs/fcntl.c:603 [inline] fasync_add_entry fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 fs/fcntl.c:690 ----------------------------------------------------------------------------- sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 [] entry_SYSCALL_64_fastpath+0x16/0x76 >ffff8800b7eb5780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc INFO: Slab 0xffffea0002dfad00 objects=20 used=3 fp=0xffff8800b7eb5a90 flags=0x4000000000004080 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... ^ [] object_err+0x2f/0x40 mm/slub.c:689 ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... [] vfs_read+0xe1/0x340 fs/read_write.c:454 run_ksoftirqd+0x20/0x60 kernel/softirq.c:662 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f INFO: Slab 0xffffea0002dfad00 objects=20 used=3 fp=0xffff8800b7eb5a90 flags=0x4000000000004080 [] entry_SYSCALL_64_fastpath+0x16/0x76 __rcu_reclaim kernel/rcu/rcu.h:118 [inline] rcu_do_batch kernel/rcu/tree.c:2705 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2973 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2940 [inline] rcu_process_callbacks+0x7ff/0x1490 kernel/rcu/tree.c:2957 [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 [] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 [] print_trailer+0x114/0x1a0 mm/slub.c:682 ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 __rcu_reclaim kernel/rcu/rcu.h:118 [inline] rcu_do_batch kernel/rcu/tree.c:2705 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2973 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2940 [inline] rcu_process_callbacks+0x7ff/0x1490 kernel/rcu/tree.c:2957 ffff8800b7eb5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475 __rcu_reclaim kernel/rcu/rcu.h:118 [inline] rcu_do_batch kernel/rcu/tree.c:2705 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2973 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2940 [inline] rcu_process_callbacks+0x7ff/0x1490 kernel/rcu/tree.c:2957 __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 fasync_alloc fs/fcntl.c:603 [inline] fasync_add_entry fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 fs/fcntl.c:690 ffff8800b7eb5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... Object ffff8800b7eb5790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ [] object_err+0x2f/0x40 mm/slub.c:689 ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=457 cpu=0 pid=6756 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=457 cpu=0 pid=6756 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=457 cpu=0 pid=6756 ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 Object ffff8800b7eb5790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ ================================================================== Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... Read of size 4 by task syz-executor1/6756 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... ffff8800b7eb5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... [] vfs_read+0xe1/0x340 fs/read_write.c:454 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 ^ >ffff8800b7eb5780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 fasync_free_rcu+0x14/0x20 fs/fcntl.c:562 INFO: Slab 0xffffea0002dfad00 objects=20 used=3 fp=0xffff8800b7eb5a90 flags=0x4000000000004080 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... Memory state around the buggy address: [] print_trailer+0x114/0x1a0 mm/slub.c:682 ffff8800b7eb5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 ffff8800b7eb5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 Call Trace: ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 INFO: Slab 0xffffea0002dfad00 objects=20 used=3 fp=0xffff8800b7eb5a90 flags=0x4000000000004080 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 Memory state around the buggy address: INFO: Freed in fasync_free_rcu+0x14/0x20 fs/fcntl.c:562 age=524 cpu=0 pid=3 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 >ffff8800b7eb5780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f ffff8800b7eb5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Call Trace: INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 BUG fasync_cache (Tainted: G B ): kasan: bad access detected INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 ----------------------------------------------------------------------------- Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... >ffff8800b7eb5780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f BUG fasync_cache (Tainted: G B ): kasan: bad access detected [] vfs_read+0xe1/0x340 fs/read_write.c:454 smpboot_thread_fn+0x55f/0x920 kernel/smpboot.c:163 slab_free mm/slub.c:2840 [inline] kmem_cache_free+0x1f1/0x300 mm/slub.c:2849 smpboot_thread_fn+0x55f/0x920 kernel/smpboot.c:163 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 [] object_err+0x2f/0x40 mm/slub.c:689 ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 ffff8800b7eb5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Bytes b4 ffff8800b7eb5760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] object_err+0x2f/0x40 mm/slub.c:689 Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 ffff8800b7eb5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f >ffff8800b7eb5780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f ffff8800b7eb5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 fasync_alloc fs/fcntl.c:603 [inline] fasync_add_entry fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 fs/fcntl.c:690 __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 ffff8800b7eb5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 ================================================================== [] print_trailer+0x114/0x1a0 mm/slub.c:682 [] vfs_read+0xe1/0x340 fs/read_write.c:454 __slab_free+0x18c/0x2b0 mm/slub.c:2685 smpboot_thread_fn+0x55f/0x920 kernel/smpboot.c:163 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... Object ffff8800b7eb5790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ >ffff8800b7eb5780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 entry_SYSCALL_64_fastpath+0x16/0x76 __slab_free+0x18c/0x2b0 mm/slub.c:2685 ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 __slab_free+0x18c/0x2b0 mm/slub.c:2685 [] entry_SYSCALL_64_fastpath+0x16/0x76 [] entry_SYSCALL_64_fastpath+0x16/0x76 Object ffff8800b7eb5790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 __slab_free+0x18c/0x2b0 mm/slub.c:2685 ================================================================== [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 ^ __do_softirq+0x24d/0xa60 kernel/softirq.c:273 [] object_err+0x2f/0x40 mm/slub.c:689 CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f __rcu_reclaim kernel/rcu/rcu.h:118 [inline] rcu_do_batch kernel/rcu/tree.c:2705 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2973 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2940 [inline] rcu_process_callbacks+0x7ff/0x1490 kernel/rcu/tree.c:2957 run_ksoftirqd+0x20/0x60 kernel/softirq.c:662 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 smpboot_thread_fn+0x55f/0x920 kernel/smpboot.c:163 __rcu_reclaim kernel/rcu/rcu.h:118 [inline] rcu_do_batch kernel/rcu/tree.c:2705 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2973 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2940 [inline] rcu_process_callbacks+0x7ff/0x1490 kernel/rcu/tree.c:2957 Call Trace: >ffff8800b7eb5780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... slab_free mm/slub.c:2840 [inline] kmem_cache_free+0x1f1/0x300 mm/slub.c:2849 [] entry_SYSCALL_64_fastpath+0x16/0x76 Memory state around the buggy address: [] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... [] vfs_read+0xe1/0x340 fs/read_write.c:454 fasync_free_rcu+0x14/0x20 fs/fcntl.c:562 ================================================================== [] __read_once_size include/linux/compiler.h:218 [inline] [] atomic_read arch/x86/include/asm/atomic.h:27 [inline] [] virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] [] native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... [] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... [] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... [] vfs_read+0xe1/0x340 fs/read_write.c:454 [] entry_SYSCALL_64_fastpath+0x16/0x76 >ffff8800b7eb5780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 [] entry_SYSCALL_64_fastpath+0x16/0x76 Object ffff8800b7eb5790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 [] vfs_read+0xe1/0x340 fs/read_write.c:454 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 fasync_free_rcu+0x14/0x20 fs/fcntl.c:562 sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:218 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 at addr ffff8800b7eb57d4 Call Trace: ^ Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ [] print_trailer+0x114/0x1a0 mm/slub.c:682 ___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f ffff8800b7eb5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc smpboot_thread_fn+0x55f/0x920 kernel/smpboot.c:163 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f Memory state around the buggy address: ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 ============================================================================= >ffff8800b7eb5780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fasync_free_rcu+0x14/0x20 fs/fcntl.c:562 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f >ffff8800b7eb5780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f kthread+0x245/0x310 kernel/kthread.c:211 Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ [] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 Memory state around the buggy address: [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 Call Trace: INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 __slab_free+0x18c/0x2b0 mm/slub.c:2685 [] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f slab_free mm/slub.c:2840 [inline] kmem_cache_free+0x1f1/0x300 mm/slub.c:2849 slab_free mm/slub.c:2840 [inline] kmem_cache_free+0x1f1/0x300 mm/slub.c:2849 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... smpboot_thread_fn+0x55f/0x920 kernel/smpboot.c:163 [] print_trailer+0x114/0x1a0 mm/slub.c:682 ================================================================== [] print_trailer+0x114/0x1a0 mm/slub.c:682 ================================================================== Object ffff8800b7eb5790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 entry_SYSCALL_64_fastpath+0x16/0x76 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... Call Trace: ================================================================== Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475 __slab_free+0x18c/0x2b0 mm/slub.c:2685 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... smpboot_thread_fn+0x55f/0x920 kernel/smpboot.c:163 slab_free mm/slub.c:2840 [inline] kmem_cache_free+0x1f1/0x300 mm/slub.c:2849 smpboot_thread_fn+0x55f/0x920 kernel/smpboot.c:163 __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 ^ Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 __slab_free+0x18c/0x2b0 mm/slub.c:2685 ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 __slab_free+0x18c/0x2b0 mm/slub.c:2685 ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 __slab_free+0x18c/0x2b0 mm/slub.c:2685 kthread+0x245/0x310 kernel/kthread.c:211 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 [] entry_SYSCALL_64_fastpath+0x16/0x76 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 Memory state around the buggy address: ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 Call Trace: __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 [] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:187 [inline] [] _raw_write_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:303 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 fasync_alloc fs/fcntl.c:603 [inline] fasync_add_entry fs/fcntl.c:661 [inline] fasync_helper+0x29/0x90 fs/fcntl.c:690 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=756 cpu=0 pid=6756 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=756 cpu=0 pid=6756 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=756 cpu=0 pid=6756 run_ksoftirqd+0x20/0x60 kernel/softirq.c:662 Object ffff8800b7eb5790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Call Trace: [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 Bytes b4 ffff8800b7eb5760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8800b7eb5790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] vfs_read+0xe1/0x340 fs/read_write.c:454 ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 Read of size 4 by task syz-executor1/6756 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 fasync_free_rcu+0x14/0x20 fs/fcntl.c:562 ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 __slab_free+0x18c/0x2b0 mm/slub.c:2685 [] entry_SYSCALL_64_fastpath+0x16/0x76 BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:218 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 at addr ffff8800b7eb57d4 [] vfs_read+0xe1/0x340 fs/read_write.c:454 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=778 cpu=0 pid=6756 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=778 cpu=0 pid=6756 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=778 cpu=0 pid=6756 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 ^ __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... [] vfs_read+0xe1/0x340 fs/read_write.c:454 __slab_free+0x18c/0x2b0 mm/slub.c:2685 [] object_err+0x2f/0x40 mm/slub.c:689 [] entry_SYSCALL_64_fastpath+0x16/0x76 ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 Object ffff8800b7eb5790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... ffff8800b7eb5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf lib/dump_stack.c:51 smpboot_thread_fn+0x55f/0x920 kernel/smpboot.c:163 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... ^ ================================================================== [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 INFO: Slab 0xffffea0002dfad00 objects=20 used=3 fp=0xffff8800b7eb5a90 flags=0x4000000000004080 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... smpboot_thread_fn+0x55f/0x920 kernel/smpboot.c:163 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=805 cpu=0 pid=6756 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=805 cpu=0 pid=6756 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=805 cpu=0 pid=6756 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... [] vfs_read+0xe1/0x340 fs/read_write.c:454 ----------------------------------------------------------------------------- ^ 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=812 cpu=0 pid=6756 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=812 cpu=0 pid=6756 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=812 cpu=0 pid=6756 __rcu_reclaim kernel/rcu/rcu.h:118 [inline] rcu_do_batch kernel/rcu/tree.c:2705 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2973 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2940 [inline] rcu_process_callbacks+0x7ff/0x1490 kernel/rcu/tree.c:2957 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 __slab_free+0x18c/0x2b0 mm/slub.c:2685 ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 Memory state around the buggy address: ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 Memory state around the buggy address: __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 [] vfs_read+0xe1/0x340 fs/read_write.c:454 >ffff8800b7eb5780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 ^ ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 ffff8800b7eb5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc BUG fasync_cache (Tainted: G B ): kasan: bad access detected __do_softirq+0x24d/0xa60 kernel/softirq.c:273 slab_free mm/slub.c:2840 [inline] kmem_cache_free+0x1f1/0x300 mm/slub.c:2849 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... [] kasan_report mm/kasan/report.c:282 [inline] [] __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:282 ^ [] vfs_read+0xe1/0x340 fs/read_write.c:454 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f __slab_free+0x18c/0x2b0 mm/slub.c:2685 Bytes b4 ffff8800b7eb5760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 INFO: Slab 0xffffea0002dfad00 objects=20 used=3 fp=0xffff8800b7eb5a90 flags=0x4000000000004080 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 fasync_free_rcu+0x14/0x20 fs/fcntl.c:562 sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 INFO: Slab 0xffffea0002dfad00 objects=20 used=3 fp=0xffff8800b7eb5a90 flags=0x4000000000004080 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 ================================================================== ^ ============================================================================= [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 Read of size 4 by task syz-executor1/6756 [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 smpboot_thread_fn+0x55f/0x920 kernel/smpboot.c:163 ffff8800b7eb5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 __slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504 BUG fasync_cache (Tainted: G B ): kasan: bad access detected Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ __slab_free+0x18c/0x2b0 mm/slub.c:2685 sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 Read of size 4 by task syz-executor1/6756 Object ffff8800b7eb5790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 Bytes b4 ffff8800b7eb5760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=900 cpu=0 pid=6756 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=900 cpu=0 pid=6756 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=900 cpu=0 pid=6756 Object ffff8800b7eb5780: ff ff ff ff ff ff ff ff 80 e3 70 85 ff ff ff ff ..........p..... Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 Call Trace: INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 ================================================================== [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=909 cpu=0 pid=6756 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=909 cpu=0 pid=6756 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=909 cpu=0 pid=6756 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=911 cpu=0 pid=6756 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=911 cpu=0 pid=6756 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=911 cpu=0 pid=6756 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... Bytes b4 ffff8800b7eb5760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ INFO: Slab 0xffffea0002dfad00 objects=20 used=3 fp=0xffff8800b7eb5a90 flags=0x4000000000004080 __slab_free+0x18c/0x2b0 mm/slub.c:2685 Object ffff8800b7eb57a0: 00 50 8b 83 ff ff ff ff 01 46 00 00 07 00 00 00 .P.......F...... sg_fasync+0x66/0xb0 drivers/scsi/sg.c:1213 INFO: Allocated in fasync_alloc fs/fcntl.c:603 [inline] age=920 cpu=0 pid=6756 INFO: Allocated in fasync_add_entry fs/fcntl.c:661 [inline] age=920 cpu=0 pid=6756 INFO: Allocated in fasync_helper+0x29/0x90 fs/fcntl.c:690 age=920 cpu=0 pid=6756 setfl fs/fcntl.c:69 [inline] do_fcntl fs/fcntl.c:266 [inline] SYSC_fcntl fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 fs/fcntl.c:356 [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f Memory state around the buggy address: __slab_free+0x18c/0x2b0 mm/slub.c:2685 smpboot_thread_fn+0x55f/0x920 kernel/smpboot.c:163 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:218 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in atomic_read arch/x86/include/asm/atomic.h:27 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in virt_spin_lock arch/x86/include/asm/qspinlock.h:56 [inline] at addr ffff8800b7eb57d4 BUG: KASAN: slab-out-of-bounds in native_queued_spin_lock_slowpath+0x5ad/0x660 kernel/locking/qspinlock.c:352 at addr ffff8800b7eb57d4 ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... Object ffff8800b7eb5790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 Bytes b4 ffff8800b7eb5760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [] vfs_read+0xe1/0x340 fs/read_write.c:454 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 [] print_address_description mm/kasan/report.c:139 [inline] [] kasan_report_error mm/kasan/report.c:237 [inline] [] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262 [] __vfs_read+0xda/0x3e0 fs/read_write.c:432 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 ----------------------------------------------------------------------------- [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 [] vfs_read+0xe1/0x340 fs/read_write.c:454 slab_alloc_node mm/slub.c:2567 [inline] slab_alloc mm/slub.c:2609 [inline] kmem_cache_alloc+0x155/0x290 mm/slub.c:2614 [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 [] pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:696 [inline] [] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:28 [inline] [] queued_spin_lock include/asm-generic/qspinlock.h:102 [inline] [] queued_write_lock_slowpath+0x116/0x150 kernel/locking/qrwlock.c:115 ffff8800b7eb5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [] vfs_read+0xe1/0x340 fs/read_write.c:454 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... >ffff8800b7eb5780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc ffff8800b7eb5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 [] sg_remove_request+0x60/0x100 drivers/scsi/sg.c:2132 Call Trace: run_ksoftirqd+0x20/0x60 kernel/softirq.c:662 >ffff8800b7eb5780: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [] print_trailer+0x114/0x1a0 mm/slub.c:682 Read of size 4 by task syz-executor1/6756 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 [] entry_SYSCALL_64_fastpath+0x16/0x76 ffff8800b7eb4010 ffff8800b7eb5770 ffff8801d2e979e0 ffffffff814d3af4 Object ffff8800b7eb5770: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... Object ffff8800b7eb57b0: 00 00 00 00 00 00 00 00 00 cc 1c b7 00 88 ff ff ................ [] sg_finish_rem_req+0x255/0x2f0 drivers/scsi/sg.c:1848 [] queued_write_lock include/asm-generic/qrwlock.h:121 [inline] [] do_raw_write_lock+0xc7/0x1d0 kernel/locking/spinlock_debug.c:279 INFO: Freed in fasync_free_rcu+0x14/0x20 fs/fcntl.c:562 age=983 cpu=0 pid=3 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 CPU: 0 PID: 6756 Comm: syz-executor1 Tainted: G B 4.4.105-ge303a83 #5 Object ffff8800b7eb57c0: 00 c3 82 d2 01 88 ff ff 30 f5 52 81 ff ff ff ff ........0.R..... __slab_free+0x18c/0x2b0 mm/slub.c:2685 [] sg_read+0x767/0x1260 drivers/scsi/sg.c:538 __do_softirq+0x24d/0xa60 kernel/softirq.c:273 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f [] SYSC_read fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 fs/read_write.c:562 ffff8800b7eb5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8801d9402c00 ffffea0002dfad00 ffff8800b7eb5770 0000000000000000 INFO: Object 0xffff8800b7eb5770 @offset=6000 fp=0xdead4ead00000000 ================================================================== 0000000000000000 263dc65b38caca23 ffff8801d2e979b0 ffffffff81cc9b4f setfl fs/fcntl.c:69 [inline] do_fcntl fs/fcntl.c:266 [inline] SYSC_fcntl fs/fcntl.c:371 [inline] SyS_fcntl+0x5be/0xc70 fs/fcntl.c:356