228

TITLE: KASAN: slab-out-of-bounds in diag_switch_logging
CORRUPTED: Y

BUG: KASAN: slab-out-of-bounds in diag_switch_logging+0x3fc/0xb28 drivers/char/diag/diagchar_core.c:1685
Read of size 8 at addr ffffffe18884a2f0 by task syz-executor/26979

CPU: 0 PID: 26979 Comm: syz-executor Tainted: G        W  O    4.9.80+ #1
Hardware name: Qualcomm Technologies, Inc. SDM670 PM660 + PM660L MTP (DT)
Call trace:
[<ffffff9cba28d4e8>] dump_backtrace+0x0/0x428 arch/arm64/kernel/traps.c:77
[<ffffff9cba28d938>] show_stack+0x28/0x38 arch/arm64/kernel/traps.c:227
[<ffffff9cba82d7b8>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffff9cba82d7b8>] dump_stack+0xd4/0x124 lib/dump_stack.c:51
[<ffffff9cba518728>] print_address_description+0x68/0x258 mm/kasan/report.c:248
[<ffffff9cba518b40>] kasan_report_error mm/kasan/report.c:347 [inline]
[<ffffff9cba518b40>] kasan_report.part.2+0x228/0x2f0 mm/kasan/report.c:371
[<ffffff9cba5191bc>] kasan_report+0x5c/0x70 mm/kasan/report.c:372
[<ffffff9cba5173a4>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
[<ffffff9cba5173a4>] __asan_load8+0x84/0x98 mm/kasan/kasan.c:741
[<ffffff9cbaacec0c>] diag_switch_logging+0x3fc/0xb28 drivers/char/diag/diagchar_core.c:1685
[<ffffff9cbaacff3c>] diagchar_ioctl+0x564/0x710 drivers/char/diag/diagchar_core.c:2579
[<ffffff9cba552d5c>] vfs_ioctl fs/ioctl.c:43 [inline]
[<ffffff9cba552d5c>] do_vfs_ioctl+0x164/0xbc0 fs/ioctl.c:679
[<ffffff9cba553868>] SYSC_ioctl fs/ioctl.c:694 [inline]
[<ffffff9cba553868>] SyS_ioctl+0xb0/0xc0 fs/ioctl.c:685
[<ffffff9cba283f70>] el0_svc_naked+0x24/0x28