kasan: CONFIG_KASAN_INLINE enabled[ 125.675807] BUG: spinlock bad magic on CPU#1, syz-executor0/2002 lock: 0xffff8801d4d80018, .magic: dead4eac, .owner: /-1, .owner_cpu: -1 CPU: 1 PID: 2002 Comm: syz-executor0 Not tainted 4.4.105-g36205b7 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 815e6150527167ab ffff8800b5b67198 ffffffff81cc9b4f ffff8801d4d80018 ffff8800ba812f80 ffff8800b5b671d8 ffffffff8123a1dd 0000000000000000 0000000000000000 0000000000000001 ffff8801d4d80018 Call Trace: [] __dump_stack /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:15 [inline] [] dump_stack+0x8e/0xcf /syzkaller/managers/android-44-kasan-gce/kernel/lib/dump_stack.c:51 [] spin_dump+0x14d/0x280 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:67 [] spin_bug /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:75 [inline] [] debug_spin_lock_before /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:83 [inline] [] do_raw_spin_lock+0x228/0x2c0 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock_debug.c:135 [] __raw_spin_lock_irqsave /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/spinlock_api_smp.h:119 [inline] [] _raw_spin_lock_irqsave+0x56/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/locking/spinlock.c:159 [] __wake_up+0x1e/0x50 /syzkaller/managers/android-44-kasan-gce/kernel/kernel/sched/wait.c:94 [] sg_rq_end_io+0x555/0xd20 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1396 [] __blk_mq_end_request+0x44/0xa0 /syzkaller/managers/android-44-kasan-gce/kernel/block/blk-mq.c:311 [] scsi_end_request+0x116/0x5a0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/scsi_lib.c:716 [] scsi_io_completion+0x1b01/0x1df0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/scsi_lib.c:918 [] scsi_finish_command+0x373/0x4e0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/scsi.c:607 [] scsi_softirq_done+0x21c/0x330 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/scsi_lib.c:1654 [] blk_mq_ipi_complete_request /syzkaller/managers/android-44-kasan-gce/kernel/block/blk-mq.c:356 [inline] [] __blk_mq_complete_request+0x1e5/0x4b0 /syzkaller/managers/android-44-kasan-gce/kernel/block/blk-mq.c:368 [] blk_mq_complete_request+0x4f/0x70 /syzkaller/managers/android-44-kasan-gce/kernel/block/blk-mq.c:387 [] scsi_mq_done+0xec/0x350 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/scsi_lib.c:1964 [] scsi_dispatch_cmd+0x286/0xa00 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/scsi_lib.c:1735 [] scsi_queue_rq+0x105f/0x1950 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/scsi_lib.c:2011 [] __blk_mq_run_hw_queue+0x68c/0xc30 /syzkaller/managers/android-44-kasan-gce/kernel/block/blk-mq.c:779 [] blk_mq_run_hw_queue+0xcd/0x160 /syzkaller/managers/android-44-kasan-gce/kernel/block/blk-mq.c:867 [] blk_mq_insert_request+0x222/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/block/blk-mq.c:1015 [] blk_execute_rq_nowait+0xfb/0x320 /syzkaller/managers/android-44-kasan-gce/kernel/block/blk-exec.c:68 [] sg_common_write.isra.22+0xaf8/0x1830 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:817 [] sg_new_write.isra.25+0x53b/0x870 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:760 [] sg_ioctl+0x162b/0x2fb0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:901 [] vfs_ioctl /syzkaller/managers/android-44-kasan-gce/kernel/fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x681/0xe10 /syzkaller/managers/android-44-kasan-gce/kernel/fs/ioctl.c:607 [] SYSC_ioctl /syzkaller/managers/android-44-kasan-gce/kernel/fs/ioctl.c:622 [inline] [] SyS_ioctl+0x74/0x80 /syzkaller/managers/android-44-kasan-gce/kernel/fs/ioctl.c:613 [] entry_SYSCALL_64_fastpath+0x16/0x76 kasan: CONFIG_KASAN_INLINE enabledkasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 2035 Comm: syz-executor4 Not tainted 4.4.105-g36205b7 #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801d6174740 task.stack: ffff8801d0e98000 RIP: 0010:[] [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] RIP: 0010:[] [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] RIP: 0010:[] [] put_page_testzero /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/mm.h:357 [inline] RIP: 0010:[] [] __free_pages+0x21/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/mm/page_alloc.c:3365 RSP: 0018:ffff8801d0e9faf0 EFLAGS: 00010a07 RAX: dffffc0000000000 RBX: dead4ead00000000 RCX: 0000000000000020 RDX: 1bd5a9d5a0000003 RSI: 0000000000000001 RDI: dead4ead0000001c RBP: ffff8801d0e9fb00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 1ffff1003a1d3f3a R12: ffff8801d5442130 R13: dffffc0000000000 R14: 0000000000000004 R15: ffff8801d5442298 FS: 00007fb9bfe7d700(0000) GS:ffff8801db500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002097a000 CR3: 00000000b59d7000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffffffff8374b6b9 ffff8801d5442288 ffff8801d0e9fb60 ffffffff82564c8c 0000000000000058 ffff8801d54422a0 ffffed003aa88451 ffffed003aa88454 0000000000000020 ffff8801d5442270 0000000000000000 0000000000000000 Call Trace: [] sg_remove_scat.isra.18+0x19c/0x2b0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1964 [] sg_finish_rem_req+0x268/0x2f0 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:1846 [] sg_new_read.isra.19+0x2f8/0x390 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:578 [] sg_read+0x709/0x1260 /syzkaller/managers/android-44-kasan-gce/kernel/drivers/scsi/sg.c:467 [] __vfs_read+0xda/0x3e0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:432 [] vfs_read+0xe1/0x340 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:454 [] SYSC_read /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:569 [inline] [] SyS_read+0xd3/0x1c0 /syzkaller/managers/android-44-kasan-gce/kernel/fs/read_write.c:562 [] entry_SYSCALL_64_fastpath+0x16/0x76 Code: 36 64 0c 00 e9 78 fd ff ff 90 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 53 48 89 fb 48 83 c7 1c 48 89 fa 48 83 ec 08 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 49 RIP [] __read_once_size /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/compiler.h:218 [inline] RIP [] atomic_read /syzkaller/managers/android-44-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:27 [inline] RIP [] put_page_testzero /syzkaller/managers/android-44-kasan-gce/kernel/include/linux/mm.h:357 [inline] RIP [] __free_pages+0x21/0x90 /syzkaller/managers/android-44-kasan-gce/kernel/mm/page_alloc.c:3365 RSP ---[ end trace 975f7a6ccad9214a ]---