Google Git
Sign in
android / platform / external / syzkaller / b8999400a2d3289189faccdc370ebcec63046235 / . / pkg / report / testdata / linux / report / 110
blob: 65055e371823d2b46e5457731f56642e9ec5bddd [file] [log] [blame]
TITLE: KASAN: slab-out-of-bounds Read in sg_remove_request
[ 190.154802] ==================================================================
[ 190.154802] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x2eff/0x3640 at addr ffff8801a751e6f8
[ 190.154802] Read of size 8 by task syz-executor7/18786
[ 190.154802] CPU: 1 PID: 18786 Comm: syz-executor7 Not tainted 4.9.60-g4ca16e6 #83
[ 190.154802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 190.154802] ffff8801cd20f810 ffffffff81d91389 ffff8801d74358c0 ffff8801a751e680
[ 190.154802] ffff8801a751e6e0 ffffed0034ea3cdf ffff8801a751e6f8 ffff8801cd20f838
[ 190.154802] ffffffff8153c1bc ffffed0034ea3cdf ffff8801d74358c0 0000000000000000
[ 190.154802] Call Trace:
[ 190.154802] [<ffffffff81d91389>] dump_stack+0xc1/0x128
[ 190.154802] [<ffffffff8153c1bc>] kasan_object_err+0x1c/0x70
[ 190.154802] [<ffffffff8153c47c>] kasan_report.part.1+0x21c/0x500
[ 190.154802] [<ffffffff8153c819>] __asan_report_load8_noabort+0x29/0x30
[ 190.154802] [<ffffffff8123e9cf>] __lock_acquire+0x2eff/0x3640
[ 190.154802] [<ffffffff8123fb4e>] lock_acquire+0x12e/0x410
[ 190.154802] [<ffffffff838aa25e>] _raw_write_lock_irqsave+0x4e/0x62
[ 190.154802] [<ffffffff8265f840>] sg_remove_request+0x70/0x120
[ 190.154802] [<ffffffff8265fe55>] sg_finish_rem_req+0x295/0x340
[ 190.154802] [<ffffffff82661b8c>] sg_read+0x91c/0x1400
[ 190.154802] [<ffffffff8156c793>] __vfs_read+0x103/0x670
[ 190.154802] [<ffffffff8156dd27>] vfs_read+0x107/0x330
[ 190.154802] [<ffffffff815719c9>] SyS_read+0xd9/0x1b0
[ 190.154802] [<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 190.154802] Object at ffff8801a751e680, in cache fasync_cache size: 96
[ 190.154802] Allocated:
[ 190.154802] PID = 18786
[ 190.154802] save_stack_trace+0x16/0x20
[ 190.154802] save_stack+0x43/0xd0
[ 190.154802] kasan_kmalloc+0xad/0xe0
[ 190.154802] kasan_slab_alloc+0x12/0x20
[ 190.154802] kmem_cache_alloc+0xba/0x290
[ 190.154802] fasync_helper+0x37/0xb0
[ 190.154802] sg_fasync+0x86/0xb0
[ 190.154802] do_vfs_ioctl+0x2d8/0x10c0
[ 190.154802] SyS_ioctl+0x8f/0xc0
[ 190.154802] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 190.154802] Freed:
[ 190.154802] PID = 16494
[ 190.154802] save_stack_trace+0x16/0x20
[ 190.154802] save_stack+0x43/0xd0
[ 190.154802] kasan_slab_free+0x73/0xc0
[ 190.154802] kmem_cache_free+0xb2/0x2e0
[ 190.154802] fasync_free_rcu+0x1d/0x20
[ 190.154802] rcu_process_callbacks+0x871/0x12c0
[ 190.154802] __do_softirq+0x206/0x951
[ 190.154802] Memory state around the buggy address:
[ 190.154802] ffff8801a751e580: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 190.154802] ffff8801a751e600: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 190.154802] >ffff8801a751e680: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 190.154802] ^
[ 190.154802] ffff8801a751e700: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 190.154802] ffff8801a751e780: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 190.154802] ==================================================================