[info] Using makefile-style concurrent boot in runlevel 2. [ 26.396262] audit: type=1800 audit(1543940401.963:21): pid=5851 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [ 26.419050] audit: type=1800 audit(1543940401.963:22): pid=5851 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.266546] sshd (5990) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts. 2018/12/04 16:22:41 parsed 1 programs 2018/12/04 16:22:43 executed programs: 0 [ 188.086433] IPVS: ftp: loaded support on port[0] = 21 [ 188.090050] IPVS: ftp: loaded support on port[0] = 21 [ 188.108223] IPVS: ftp: loaded support on port[0] = 21 [ 188.134341] IPVS: ftp: loaded support on port[0] = 21 [ 188.137574] IPVS: ftp: loaded support on port[0] = 21 [ 188.150926] IPVS: ftp: loaded support on port[0] = 21 [ 189.212605] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.219763] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.229320] device bridge_slave_0 entered promiscuous mode [ 189.239304] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.246296] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.253464] device bridge_slave_0 entered promiscuous mode [ 189.289483] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.302707] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.316954] device bridge_slave_1 entered promiscuous mode [ 189.325231] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.331666] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.339026] device bridge_slave_0 entered promiscuous mode [ 189.348563] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.355693] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.363352] device bridge_slave_0 entered promiscuous mode [ 189.372000] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.378369] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.386116] device bridge_slave_0 entered promiscuous mode [ 189.393637] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.403861] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.411671] device bridge_slave_1 entered promiscuous mode [ 189.418199] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.425785] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.433637] device bridge_slave_0 entered promiscuous mode [ 189.443103] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.449557] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.458081] device bridge_slave_1 entered promiscuous mode [ 189.469272] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.475895] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.483666] device bridge_slave_1 entered promiscuous mode [ 189.492150] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.498797] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.506620] device bridge_slave_1 entered promiscuous mode [ 189.515382] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.523601] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.534425] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.548227] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.558471] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.571685] device bridge_slave_1 entered promiscuous mode [ 189.578414] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.590368] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.603869] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.614291] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.634201] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.643645] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.681613] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.690386] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.710344] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.851797] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.886331] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.896610] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.907541] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.923238] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.937829] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.951496] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.960424] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.973735] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.994988] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.013957] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.032272] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 190.039280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.056265] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.069589] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 190.082649] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 190.090929] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.104713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.117837] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 190.127992] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 190.138718] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 190.150185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.164711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.178186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.188788] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 190.197560] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 190.207998] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 190.215380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.232985] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.241604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.251549] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 190.261423] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 190.270123] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.281545] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.332061] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 190.339823] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.445493] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.453574] team0: Port device team_slave_0 added [ 190.461244] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.469520] team0: Port device team_slave_0 added [ 190.488369] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.500469] team0: Port device team_slave_0 added [ 190.515747] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.535491] team0: Port device team_slave_1 added [ 190.541943] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.549081] team0: Port device team_slave_0 added [ 190.559574] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.572572] team0: Port device team_slave_1 added [ 190.579963] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.587096] team0: Port device team_slave_0 added [ 190.602643] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.611959] team0: Port device team_slave_1 added [ 190.620138] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.627465] team0: Port device team_slave_1 added [ 190.637704] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.670076] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.677373] team0: Port device team_slave_0 added [ 190.688155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.706047] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.719091] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.730426] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.737591] team0: Port device team_slave_1 added [ 190.753549] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.765205] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.782713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.790882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.803978] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.811614] team0: Port device team_slave_1 added [ 190.821665] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 190.836156] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.850732] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.858347] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.866219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.878470] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.886755] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 190.896128] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.907892] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 190.919494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.930896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.938615] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.948239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.956500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.965175] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.975642] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.983244] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 190.992581] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.001963] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.009152] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.024630] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 191.035533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.047520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.066769] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.081542] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.089237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.097529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.105426] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.113233] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.121147] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.128849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.136692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.144334] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.155730] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.169648] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.184353] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.195451] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.206435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.220793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.228810] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.238067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.246755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.273243] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.286385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.297863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.315925] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.328708] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.341418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.728893] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.735442] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.742678] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.749048] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.758297] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 191.880953] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.892871] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.899247] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.905878] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.912276] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.920040] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 191.939703] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.946218] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.952928] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.959299] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.989673] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.059233] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.065652] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.072317] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.078691] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.087009] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.096737] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.103332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.110011] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.116378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.125103] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.133415] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.139780] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.146441] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.152826] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.160331] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.890848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.912358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.921463] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.928705] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.936428] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.335011] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.558081] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 194.589625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.649622] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.667177] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.684808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.754220] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.851276] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 194.857487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.868018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.884108] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 194.896565] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 194.916986] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 194.948351] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 195.015866] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 195.119230] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.141606] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 195.147976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.155511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.169387] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 195.185064] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 195.200193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.211961] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.219267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.226813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.254873] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 195.276457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.287747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.327729] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 195.339997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.346988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.435383] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.445709] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.465310] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.540148] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.592313] 8021q: adding VLAN 0 to HW filter on device team0 2018/12/04 16:22:52 executed programs: 6 2018/12/04 16:22:57 executed programs: 78 2018/12/04 16:23:02 executed programs: 152 2018/12/04 16:23:07 executed programs: 237 [ 214.057588] cgroup: fork rejected by pids controller in /syz4 [ 214.071418] ================================================================== [ 214.078985] BUG: KASAN: use-after-free in get_mem_cgroup_from_mm.part.62+0x6d7/0x880 [ 214.086853] Read of size 8 at addr ffff8881bdfa3210 by task syz-executor4/9420 [ 214.094192] [ 214.095813] CPU: 0 PID: 9420 Comm: syz-executor4 Not tainted 4.20.0-rc5+ #362 [ 214.103074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.112421] Call Trace: [ 214.115005] dump_stack+0x244/0x39d [ 214.118628] ? dump_stack_print_info.cold.1+0x20/0x20 [ 214.123814] ? printk+0xa7/0xcf [ 214.127088] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 214.131844] print_address_description.cold.7+0x9/0x1ff [ 214.137197] kasan_report.cold.8+0x242/0x309 [ 214.141591] ? get_mem_cgroup_from_mm.part.62+0x6d7/0x880 [ 214.147242] __asan_report_load8_noabort+0x14/0x20 [ 214.152172] get_mem_cgroup_from_mm.part.62+0x6d7/0x880 [ 214.157532] ? lock_page_memcg+0x350/0x350 [ 214.162788] ? kasan_check_write+0x14/0x20 [ 214.167020] ? lock_acquire+0x1ed/0x520 [ 214.170989] ? mem_cgroup_oom_control_write+0x100/0x100 [ 214.176362] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.181902] ? check_preemption_disabled+0x48/0x280 [ 214.186944] ? kasan_check_read+0x11/0x20 [ 214.191098] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 214.196370] ? rcu_softirq_qs+0x20/0x20 [ 214.200346] mem_cgroup_try_charge+0x608/0xe20 [ 214.204920] ? retint_kernel+0x2d/0x2d [ 214.208806] ? find_held_lock+0x36/0x1c0 [ 214.212864] ? mem_cgroup_protected+0xa60/0xa60 [ 214.217563] ? lock_acquire+0x1ed/0x520 [ 214.221537] ? mcopy_atomic+0x293/0x2c70 [ 214.225597] ? lock_release+0xa00/0xa00 [ 214.229570] ? perf_trace_sched_process_exec+0x860/0x860 [ 214.235011] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.239762] ? __do_page_fault+0x64e/0xe60 [ 214.243993] ? down_read+0x8d/0x120 [ 214.247609] ? vmacache_find+0x61/0x310 [ 214.251588] ? vmacache_update+0x74/0x140 [ 214.255735] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 214.261262] mcopy_atomic+0xb08/0x2c70 [ 214.265156] ? mm_alloc_pmd+0x2f0/0x2f0 [ 214.269118] ? account_entity_enqueue+0x3a3/0x660 [ 214.273956] ? zap_class+0x640/0x640 [ 214.277665] ? finish_task_switch+0x1f4/0x910 [ 214.282152] ? _raw_write_unlock_irq+0x50/0x80 [ 214.286725] ? find_held_lock+0x36/0x1c0 [ 214.290786] ? __might_fault+0x12b/0x1e0 [ 214.294943] ? lock_downgrade+0x900/0x900 [ 214.299090] ? lock_release+0xa00/0xa00 [ 214.303053] ? perf_trace_sched_process_exec+0x860/0x860 [ 214.308495] ? finish_task_switch+0x1f4/0x910 [ 214.313002] ? finish_task_switch+0x1b4/0x910 [ 214.317489] ? __switch_to_asm+0x34/0x70 [ 214.321557] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 214.327276] ? _copy_from_user+0xdf/0x150 [ 214.331515] userfaultfd_ioctl+0x29fb/0x5610 [ 214.335938] ? __sched_text_start+0x8/0x8 [ 214.340139] ? check_preemption_disabled+0x48/0x280 [ 214.345158] ? userfaultfd_read+0x2c0/0x2c0 [ 214.349479] ? find_held_lock+0x36/0x1c0 [ 214.353545] ? try_to_wake_up+0x11c/0x1440 [ 214.357776] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 214.362869] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 214.367964] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 214.372545] ? preempt_schedule+0x4d/0x60 [ 214.376703] ? preempt_schedule_common+0x1f/0xe0 [ 214.381453] ? preempt_schedule+0x4d/0x60 [ 214.385607] ? ___preempt_schedule+0x16/0x18 [ 214.390013] ? _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 214.395111] ? try_to_wake_up+0x11c/0x1440 [ 214.399337] ? zap_class+0x640/0x640 [ 214.403044] ? trace_hardirqs_off_caller+0x310/0x310 [ 214.408402] ? print_usage_bug+0xc0/0xc0 [ 214.412460] ? migrate_swap_stop+0x8a0/0x8a0 [ 214.416874] ? find_held_lock+0x36/0x1c0 [ 214.420932] ? __lock_acquire+0x62f/0x4c20 [ 214.425157] ? lock_downgrade+0x900/0x900 [ 214.429305] ? mark_held_locks+0x130/0x130 [ 214.433538] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 214.438626] ? futex_wake+0x304/0x760 [ 214.442438] ? __lock_acquire+0x62f/0x4c20 [ 214.446662] ? __lock_acquire+0x62f/0x4c20 [ 214.450895] ? mark_held_locks+0x130/0x130 [ 214.455116] ? zap_class+0x640/0x640 [ 214.458818] ? do_futex+0x249/0x26d0 [ 214.462525] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 214.468150] ? find_held_lock+0x36/0x1c0 [ 214.472203] ? __fget+0x4aa/0x740 [ 214.475642] ? lock_downgrade+0x900/0x900 [ 214.479783] ? check_preemption_disabled+0x48/0x280 [ 214.484789] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 214.489709] ? kasan_check_read+0x11/0x20 [ 214.493843] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 214.499108] ? rcu_softirq_qs+0x20/0x20 [ 214.503074] ? __fget+0x4d1/0x740 [ 214.506540] ? ksys_dup3+0x680/0x680 [ 214.510242] ? __might_fault+0x12b/0x1e0 [ 214.514296] ? lock_downgrade+0x900/0x900 [ 214.518539] ? lock_release+0xa00/0xa00 [ 214.522503] ? userfaultfd_read+0x2c0/0x2c0 [ 214.526816] do_vfs_ioctl+0x1de/0x1790 [ 214.530690] ? do_vfs_ioctl+0x1de/0x1790 [ 214.534740] ? ioctl_preallocate+0x300/0x300 [ 214.539225] ? __fget_light+0x2e9/0x430 [ 214.543185] ? fget_raw+0x20/0x20 [ 214.546625] ? _copy_to_user+0xc8/0x110 [ 214.550633] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 214.556157] ? put_timespec64+0x10f/0x1b0 [ 214.560306] ? nsecs_to_jiffies+0x30/0x30 [ 214.564449] ? do_syscall_64+0x9a/0x820 [ 214.568411] ? do_syscall_64+0x9a/0x820 [ 214.572377] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 214.576953] ? security_file_ioctl+0x94/0xc0 [ 214.581360] ksys_ioctl+0xa9/0xd0 [ 214.584807] __x64_sys_ioctl+0x73/0xb0 [ 214.588683] do_syscall_64+0x1b9/0x820 [ 214.592577] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 214.598081] ? syscall_return_slowpath+0x5e0/0x5e0 [ 214.603026] ? trace_hardirqs_on_caller+0x310/0x310 [ 214.608034] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 214.613041] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 214.619702] ? __switch_to_asm+0x40/0x70 [ 214.623747] ? __switch_to_asm+0x34/0x70 [ 214.627803] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 214.632637] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.637811] RIP: 0033:0x457569 [ 214.640992] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 214.659885] RSP: 002b:00007fcf57546c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 214.667586] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 214.674842] RDX: 0000000020000100 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 214.682097] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 214.689352] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcf575476d4 [ 214.696605] R13: 00000000004c14eb R14: 00000000004d2870 R15: 00000000ffffffff [ 214.703956] [ 214.705568] Allocated by task 9418: [ 214.709195] save_stack+0x43/0xd0 [ 214.712635] kasan_kmalloc+0xc7/0xe0 [ 214.716335] kasan_slab_alloc+0x12/0x20 [ 214.720295] kmem_cache_alloc_node+0x144/0x730 [ 214.724862] copy_process+0x2026/0x87a0 [ 214.728822] _do_fork+0x1cb/0x11d0 [ 214.732345] __x64_sys_clone+0xbf/0x150 [ 214.736308] do_syscall_64+0x1b9/0x820 [ 214.740182] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.745350] [ 214.746964] Freed by task 9418: [ 214.750227] save_stack+0x43/0xd0 [ 214.753669] __kasan_slab_free+0x102/0x150 [ 214.757906] kasan_slab_free+0xe/0x10 [ 214.761696] kmem_cache_free+0x83/0x290 [ 214.765655] free_task+0x16e/0x1f0 [ 214.769181] copy_process+0x1dcc/0x87a0 [ 214.773141] _do_fork+0x1cb/0x11d0 [ 214.776663] __x64_sys_clone+0xbf/0x150 [ 214.780626] do_syscall_64+0x1b9/0x820 [ 214.784500] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.789668] [ 214.791316] The buggy address belongs to the object at ffff8881bdfa2140 [ 214.791316] which belongs to the cache task_struct(87:syz4) of size 6080 [ 214.804936] The buggy address is located 4304 bytes inside of [ 214.804936] 6080-byte region [ffff8881bdfa2140, ffff8881bdfa3900) [ 214.816965] The buggy address belongs to the page: [ 214.821880] page:ffffea0006f7e880 count:1 mapcount:0 mapping:ffff8881bfc45c80 index:0x0 compound_mapcount: 0 [ 214.831830] flags: 0x2fffc0000010200(slab|head) [ 214.836488] raw: 02fffc0000010200 ffffea0006f93888 ffffea000760e988 ffff8881bfc45c80 [ 214.844357] raw: 0000000000000000 ffff8881bdfa2140 0000000100000001 ffff8881c4ab4b40 [ 214.852217] page dumped because: kasan: bad access detected [ 214.857907] page->mem_cgroup:ffff8881c4ab4b40 [ 214.862379] [ 214.863990] Memory state around the buggy address: [ 214.868905] ffff8881bdfa3100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 214.876248] ffff8881bdfa3180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 214.883590] >ffff8881bdfa3200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 214.890930] ^ [ 214.894799] ffff8881bdfa3280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 214.902254] ffff8881bdfa3300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 214.909593] ================================================================== [ 214.916931] Disabling lock debugging due to kernel taint [ 214.925352] Kernel panic - not syncing: panic_on_warn set ... [ 214.931346] CPU: 0 PID: 9420 Comm: syz-executor4 Tainted: G B 4.20.0-rc5+ #362 [ 214.939990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.949325] Call Trace: [ 214.951902] dump_stack+0x244/0x39d [ 214.955517] ? dump_stack_print_info.cold.1+0x20/0x20 [ 214.960693] panic+0x2ad/0x55c [ 214.963874] ? add_taint.cold.5+0x16/0x16 [ 214.968012] ? preempt_schedule+0x4d/0x60 [ 214.972168] ? ___preempt_schedule+0x16/0x18 [ 214.976566] ? trace_hardirqs_on+0xb4/0x310 [ 214.980913] kasan_end_report+0x47/0x4f [ 214.985482] kasan_report.cold.8+0x76/0x309 [ 214.989902] ? get_mem_cgroup_from_mm.part.62+0x6d7/0x880 [ 214.995438] __asan_report_load8_noabort+0x14/0x20 [ 215.000357] get_mem_cgroup_from_mm.part.62+0x6d7/0x880 [ 215.005706] ? lock_page_memcg+0x350/0x350 [ 215.009928] ? kasan_check_write+0x14/0x20 [ 215.014152] ? lock_acquire+0x1ed/0x520 [ 215.018111] ? mem_cgroup_oom_control_write+0x100/0x100 [ 215.023461] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 215.028993] ? check_preemption_disabled+0x48/0x280 [ 215.033999] ? kasan_check_read+0x11/0x20 [ 215.038131] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 215.043391] ? rcu_softirq_qs+0x20/0x20 [ 215.047351] mem_cgroup_try_charge+0x608/0xe20 [ 215.051917] ? retint_kernel+0x2d/0x2d [ 215.055787] ? find_held_lock+0x36/0x1c0 [ 215.059836] ? mem_cgroup_protected+0xa60/0xa60 [ 215.064495] ? lock_acquire+0x1ed/0x520 [ 215.068453] ? mcopy_atomic+0x293/0x2c70 [ 215.072500] ? lock_release+0xa00/0xa00 [ 215.076457] ? perf_trace_sched_process_exec+0x860/0x860 [ 215.081892] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 215.086635] ? __do_page_fault+0x64e/0xe60 [ 215.090862] ? down_read+0x8d/0x120 [ 215.094475] ? vmacache_find+0x61/0x310 [ 215.098436] ? vmacache_update+0x74/0x140 [ 215.102580] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 215.108102] mcopy_atomic+0xb08/0x2c70 [ 215.111978] ? mm_alloc_pmd+0x2f0/0x2f0 [ 215.115933] ? account_entity_enqueue+0x3a3/0x660 [ 215.120759] ? zap_class+0x640/0x640 [ 215.124459] ? finish_task_switch+0x1f4/0x910 [ 215.128941] ? _raw_write_unlock_irq+0x50/0x80 [ 215.133511] ? find_held_lock+0x36/0x1c0 [ 215.137568] ? __might_fault+0x12b/0x1e0 [ 215.141611] ? lock_downgrade+0x900/0x900 [ 215.145740] ? lock_release+0xa00/0xa00 [ 215.149695] ? perf_trace_sched_process_exec+0x860/0x860 [ 215.155131] ? finish_task_switch+0x1f4/0x910 [ 215.159614] ? finish_task_switch+0x1b4/0x910 [ 215.164091] ? __switch_to_asm+0x34/0x70 [ 215.168156] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 215.173684] ? _copy_from_user+0xdf/0x150 [ 215.177826] userfaultfd_ioctl+0x29fb/0x5610 [ 215.182357] ? __sched_text_start+0x8/0x8 [ 215.186488] ? check_preemption_disabled+0x48/0x280 [ 215.191525] ? userfaultfd_read+0x2c0/0x2c0 [ 215.195839] ? find_held_lock+0x36/0x1c0 [ 215.199899] ? try_to_wake_up+0x11c/0x1440 [ 215.204124] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 215.209211] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 215.214301] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 215.218867] ? preempt_schedule+0x4d/0x60 [ 215.223001] ? preempt_schedule_common+0x1f/0xe0 [ 215.227772] ? preempt_schedule+0x4d/0x60 [ 215.231905] ? ___preempt_schedule+0x16/0x18 [ 215.236296] ? _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 215.241381] ? try_to_wake_up+0x11c/0x1440 [ 215.245602] ? zap_class+0x640/0x640 [ 215.249299] ? trace_hardirqs_off_caller+0x310/0x310 [ 215.254390] ? print_usage_bug+0xc0/0xc0 [ 215.258547] ? migrate_swap_stop+0x8a0/0x8a0 [ 215.262951] ? find_held_lock+0x36/0x1c0 [ 215.266996] ? __lock_acquire+0x62f/0x4c20 [ 215.271216] ? lock_downgrade+0x900/0x900 [ 215.275368] ? mark_held_locks+0x130/0x130 [ 215.279599] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 215.284695] ? futex_wake+0x304/0x760 [ 215.288490] ? __lock_acquire+0x62f/0x4c20 [ 215.292712] ? __lock_acquire+0x62f/0x4c20 [ 215.296935] ? mark_held_locks+0x130/0x130 [ 215.301152] ? zap_class+0x640/0x640 [ 215.304849] ? do_futex+0x249/0x26d0 [ 215.308549] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 215.313987] ? find_held_lock+0x36/0x1c0 [ 215.318032] ? __fget+0x4aa/0x740 [ 215.321468] ? lock_downgrade+0x900/0x900 [ 215.325601] ? check_preemption_disabled+0x48/0x280 [ 215.330616] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 215.335542] ? kasan_check_read+0x11/0x20 [ 215.339695] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 215.344956] ? rcu_softirq_qs+0x20/0x20 [ 215.349026] ? __fget+0x4d1/0x740 [ 215.352468] ? ksys_dup3+0x680/0x680 [ 215.356163] ? __might_fault+0x12b/0x1e0 [ 215.360210] ? lock_downgrade+0x900/0x900 [ 215.364344] ? lock_release+0xa00/0xa00 [ 215.368304] ? userfaultfd_read+0x2c0/0x2c0 [ 215.372608] do_vfs_ioctl+0x1de/0x1790 [ 215.376479] ? do_vfs_ioctl+0x1de/0x1790 [ 215.380618] ? ioctl_preallocate+0x300/0x300 [ 215.385018] ? __fget_light+0x2e9/0x430 [ 215.388977] ? fget_raw+0x20/0x20 [ 215.392414] ? _copy_to_user+0xc8/0x110 [ 215.396372] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 215.401898] ? put_timespec64+0x10f/0x1b0 [ 215.406031] ? nsecs_to_jiffies+0x30/0x30 [ 215.410163] ? do_syscall_64+0x9a/0x820 [ 215.414123] ? do_syscall_64+0x9a/0x820 [ 215.418086] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 215.422656] ? security_file_ioctl+0x94/0xc0 [ 215.427051] ksys_ioctl+0xa9/0xd0 [ 215.430488] __x64_sys_ioctl+0x73/0xb0 [ 215.434372] do_syscall_64+0x1b9/0x820 [ 215.438264] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 215.443627] ? syscall_return_slowpath+0x5e0/0x5e0 [ 215.448547] ? trace_hardirqs_on_caller+0x310/0x310 [ 215.453555] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 215.458558] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 215.465213] ? __switch_to_asm+0x40/0x70 [ 215.469258] ? __switch_to_asm+0x34/0x70 [ 215.473305] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 215.478135] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.483307] RIP: 0033:0x457569 [ 215.486486] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 215.505378] RSP: 002b:00007fcf57546c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 215.513073] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 215.520331] RDX: 0000000020000100 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 215.527628] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 215.534881] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcf575476d4 [ 215.542148] R13: 00000000004c14eb R14: 00000000004d2870 R15: 00000000ffffffff [ 215.550667] Kernel Offset: disabled [ 215.554293] Rebooting in 86400 seconds..