[ 21.985879] audit: type=1800 audit(1544034874.867:21): pid=5714 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [ 22.012114] audit: type=1800 audit(1544034874.867:22): pid=5714 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [ 22.052878] audit: type=1800 audit(1544034874.867:23): pid=5714 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rsyslog" dev="sda1" ino=2442 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts. 2018/12/05 18:35:03 parsed 1 programs syzkaller login: [ 51.696365] ld (5882) used greatest stack depth: 15328 bytes left 2018/12/05 18:35:05 executed programs: 0 [ 52.316398] IPVS: ftp: loaded support on port[0] = 21 [ 52.317348] IPVS: ftp: loaded support on port[0] = 21 [ 52.336694] IPVS: ftp: loaded support on port[0] = 21 [ 52.345664] IPVS: ftp: loaded support on port[0] = 21 [ 52.357924] IPVS: ftp: loaded support on port[0] = 21 [ 52.371955] IPVS: ftp: loaded support on port[0] = 21 [ 52.900317] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.909196] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.916327] device bridge_slave_0 entered promiscuous mode [ 52.951437] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.961360] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.968338] device bridge_slave_1 entered promiscuous mode [ 53.007825] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.027476] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.040065] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.047116] device bridge_slave_0 entered promiscuous mode [ 53.071809] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.084053] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.091123] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.101968] device bridge_slave_0 entered promiscuous mode [ 53.112165] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.118885] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.125915] device bridge_slave_1 entered promiscuous mode [ 53.133324] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.139768] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.146782] device bridge_slave_0 entered promiscuous mode [ 53.160095] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.168523] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.175789] device bridge_slave_1 entered promiscuous mode [ 53.181690] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.189640] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.196641] device bridge_slave_0 entered promiscuous mode [ 53.203696] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.214598] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.221113] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.228184] device bridge_slave_1 entered promiscuous mode [ 53.243849] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.251530] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.274336] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.280652] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.291129] device bridge_slave_1 entered promiscuous mode [ 53.299742] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.307576] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.317420] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.326116] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.337703] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.345201] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.351940] device bridge_slave_0 entered promiscuous mode [ 53.364315] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.381782] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.408130] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.432561] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.441489] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.449112] device bridge_slave_1 entered promiscuous mode [ 53.465714] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.486436] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.507322] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.520225] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.531538] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.542144] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.552275] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.569188] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.584554] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.594775] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.601869] team0: Port device team_slave_0 added [ 53.631932] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.643741] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.650685] team0: Port device team_slave_1 added [ 53.700440] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.724663] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.743911] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 53.755444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.768707] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.780328] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.789937] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.797508] team0: Port device team_slave_0 added [ 53.805722] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.817195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.826463] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.833794] team0: Port device team_slave_0 added [ 53.839945] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.855847] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.864296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.872192] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.884472] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.891679] team0: Port device team_slave_1 added [ 53.898647] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.909408] team0: Port device team_slave_0 added [ 53.915803] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.926402] team0: Port device team_slave_0 added [ 53.932357] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.939910] team0: Port device team_slave_1 added [ 53.947833] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.964410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.974505] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.982743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.990524] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.009446] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 54.025063] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.032129] team0: Port device team_slave_1 added [ 54.043750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.054558] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.064639] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 54.071571] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.079371] team0: Port device team_slave_1 added [ 54.098789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.108415] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.122704] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.130465] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 54.153472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.161974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.170144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.177993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.188512] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.208576] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.221877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.229815] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.247953] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.255464] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.263212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.270870] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.282383] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.289817] team0: Port device team_slave_0 added [ 54.297160] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.311432] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.320407] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.333639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.341841] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.359357] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.376265] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.383880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.391506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.407040] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.415177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.423197] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.430780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.439246] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.446502] team0: Port device team_slave_1 added [ 54.453997] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.468387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.479126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.493024] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.503131] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.510791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.538676] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.594356] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.634230] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.641357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.653088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.728408] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.742157] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.752976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.775340] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.781769] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.788710] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.795069] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.816660] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.999297] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.005760] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.012317] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.018670] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.030544] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.087596] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.093992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.100559] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.106945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.114553] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.130066] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.136444] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.143116] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.149460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.157237] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.203646] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.209986] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.216622] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.222991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.230707] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.464432] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.470877] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.477492] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.483880] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.493073] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.756045] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.765973] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.788170] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.799349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.806569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.813762] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.119009] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.287743] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.304172] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.332235] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.350414] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.365033] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.475102] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.487267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.496811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.507326] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.558350] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.569142] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.590885] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.609123] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.716576] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.734234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.741160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.755576] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.764761] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.776002] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.782354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.793706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.813216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.825122] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.835298] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.847412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.858051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.871268] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.922273] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.976684] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.031200] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.041302] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.096547] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.111438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.118776] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.297125] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.235509] hrtimer: interrupt took 26108 ns 2018/12/05 18:35:12 executed programs: 6 [ 59.450907] ================================================================== [ 59.458392] BUG: KASAN: use-after-free in __lock_acquire+0x36d9/0x4c20 [ 59.465045] Read of size 8 at addr ffff8801c33918e0 by task syz-executor0/7462 [ 59.472387] [ 59.474019] CPU: 1 PID: 7462 Comm: syz-executor0 Not tainted 4.20.0-rc1-next-20181109+ #110 [ 59.482492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.491830] Call Trace: [ 59.494396] dump_stack+0x244/0x39d [ 59.497998] ? dump_stack_print_info.cold.1+0x20/0x20 [ 59.503161] ? printk+0xa7/0xcf [ 59.506415] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 59.511146] print_address_description.cold.7+0x9/0x1ff [ 59.516482] kasan_report.cold.8+0x242/0x309 [ 59.520870] ? __lock_acquire+0x36d9/0x4c20 [ 59.525174] __asan_report_load8_noabort+0x14/0x20 [ 59.530078] __lock_acquire+0x36d9/0x4c20 [ 59.534204] ? trace_hardirqs_on+0xbd/0x310 [ 59.538505] ? remove_entity_load_avg+0x228/0x2e0 [ 59.543320] ? __free_pages+0x149/0x190 [ 59.547268] ? mark_held_locks+0x130/0x130 [ 59.551490] ? kasan_check_write+0x14/0x20 [ 59.555713] ? finish_task_switch+0x658/0x920 [ 59.560199] ? __switch_to_asm+0x40/0x70 [ 59.564247] ? preempt_notifier_register+0x200/0x200 [ 59.569322] ? __switch_to_asm+0x34/0x70 [ 59.573366] ? __switch_to_asm+0x34/0x70 [ 59.577406] ? __switch_to_asm+0x40/0x70 [ 59.581442] ? __switch_to_asm+0x34/0x70 [ 59.585488] ? __switch_to_asm+0x40/0x70 [ 59.589531] ? __switch_to_asm+0x34/0x70 [ 59.593564] ? __switch_to_asm+0x40/0x70 [ 59.597597] ? __switch_to_asm+0x34/0x70 [ 59.601632] ? __switch_to_asm+0x34/0x70 [ 59.605666] ? __switch_to_asm+0x40/0x70 [ 59.609702] ? __switch_to_asm+0x34/0x70 [ 59.613737] ? __switch_to_asm+0x40/0x70 [ 59.617786] ? __switch_to_asm+0x34/0x70 [ 59.621824] ? __switch_to_asm+0x40/0x70 [ 59.625859] ? __schedule+0x8d7/0x21d0 [ 59.629721] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 59.634288] ? __sched_text_start+0x8/0x8 [ 59.638416] ? print_usage_bug+0xc0/0xc0 [ 59.642463] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 59.647202] ? retint_kernel+0x2d/0x2d [ 59.651195] lock_acquire+0x1ed/0x520 [ 59.654973] ? __lock_sock+0x203/0x350 [ 59.658855] ? lock_release+0xa10/0xa10 [ 59.662806] ? _raw_spin_unlock_bh+0x30/0x40 [ 59.667189] ? __schedule+0x21d0/0x21d0 [ 59.671140] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.676656] ? check_preemption_disabled+0x48/0x280 [ 59.681738] ? __lock_sock+0x1f6/0x350 [ 59.685601] _raw_spin_lock_bh+0x31/0x40 [ 59.689645] ? __lock_sock+0x203/0x350 [ 59.693512] __lock_sock+0x203/0x350 [ 59.697207] ? sk_setup_caps+0x690/0x690 [ 59.701247] ? finish_wait+0x430/0x430 [ 59.705121] lock_sock_nested+0xfe/0x120 [ 59.709159] sctp_sock_dump+0x122/0xb20 [ 59.713105] ? retint_kernel+0x2d/0x2d [ 59.716966] ? sctp_tsp_dump_one+0x850/0x850 [ 59.721353] sctp_for_each_transport+0x2b5/0x370 [ 59.726088] ? sctp_tsp_dump_one+0x850/0x850 [ 59.730469] ? sctp_v6_copy_ip_options.cold.16+0x28/0x28 [ 59.736017] ? sctp_transport_get_next+0x170/0x170 [ 59.740925] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 59.745915] ? sctp_for_each_endpoint+0x165/0x1c0 [ 59.750734] sctp_diag_dump+0x3ac/0x660 [ 59.754687] ? inet_diag_msg_sctpladdrs_fill+0x360/0x360 [ 59.760119] ? netdev_alloc_frag+0x1f0/0x1f0 [ 59.764523] ? mutex_lock_nested+0x16/0x20 [ 59.768744] __inet_diag_dump+0xa8/0x140 [ 59.772827] inet_diag_dump+0x9b/0x110 [ 59.776689] netlink_dump+0x606/0x1080 [ 59.780551] ? check_preemption_disabled+0x48/0x280 [ 59.785542] ? netlink_broadcast+0x50/0x50 [ 59.789758] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 59.795015] ? rcu_read_unlock_special+0x370/0x370 [ 59.799920] __netlink_dump_start+0x59a/0x7c0 [ 59.804391] inet_diag_handler_cmd+0x2ce/0x3f0 [ 59.808948] ? inet_diag_rcv_msg_compat+0x400/0x400 [ 59.813943] ? inet_diag_dump_compat+0x490/0x490 [ 59.818682] sock_diag_rcv_msg+0x31d/0x410 [ 59.822894] netlink_rcv_skb+0x172/0x440 [ 59.826946] ? sock_diag_bind+0x80/0x80 [ 59.830899] ? netlink_ack+0xb80/0xb80 [ 59.834761] ? rcu_read_unlock_special+0x370/0x370 [ 59.839671] sock_diag_rcv+0x2a/0x40 [ 59.843356] netlink_unicast+0x5a5/0x760 [ 59.847392] ? netlink_attachskb+0x9a0/0x9a0 [ 59.851774] netlink_sendmsg+0xa18/0xfc0 [ 59.855815] ? aa_path_link+0x5e0/0x5e0 [ 59.859776] ? netlink_unicast+0x760/0x760 [ 59.863983] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 59.868888] ? apparmor_socket_sendmsg+0x29/0x30 [ 59.873615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.879125] ? security_socket_sendmsg+0x94/0xc0 [ 59.883852] ? netlink_unicast+0x760/0x760 [ 59.888062] sock_sendmsg+0xd5/0x120 [ 59.891751] sock_write_iter+0x35e/0x5c0 [ 59.895785] ? sock_sendmsg+0x120/0x120 [ 59.899738] do_iter_readv_writev+0x8b0/0xa80 [ 59.904209] ? vfs_dedupe_file_range+0x680/0x680 [ 59.908939] ? security_file_permission+0xee/0x220 [ 59.913846] ? rw_verify_area+0x118/0x360 [ 59.917971] do_iter_write+0x185/0x5f0 [ 59.921834] ? dup_iter+0x260/0x260 [ 59.925448] vfs_writev+0x1f1/0x360 [ 59.929056] ? vfs_iter_write+0xb0/0xb0 [ 59.933003] ? lock_release+0xa10/0xa10 [ 59.936952] ? perf_trace_sched_process_exec+0x860/0x860 [ 59.942380] ? posix_ktime_get_ts+0x15/0x20 [ 59.946673] ? trace_hardirqs_off_caller+0x300/0x300 [ 59.951755] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.957275] ? __fdget_pos+0xde/0x200 [ 59.961046] ? __fdget_raw+0x20/0x20 [ 59.964733] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 59.970242] ? put_timespec64+0x10f/0x1b0 [ 59.974372] do_writev+0x11a/0x310 [ 59.977886] ? vfs_writev+0x360/0x360 [ 59.981662] ? trace_hardirqs_off_caller+0x300/0x300 [ 59.986751] __x64_sys_writev+0x75/0xb0 [ 59.990712] do_syscall_64+0x1b9/0x820 [ 59.994581] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 59.999917] ? syscall_return_slowpath+0x5e0/0x5e0 [ 60.004823] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 60.009645] ? trace_hardirqs_on_caller+0x310/0x310 [ 60.014651] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 60.019648] ? prepare_exit_to_usermode+0x291/0x3b0 [ 60.024641] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 60.029459] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.034621] RIP: 0033:0x457569 [ 60.037807] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.056682] RSP: 002b:00007f0923602c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 60.064375] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 60.071629] RDX: 0000000000000001 RSI: 000000002051c000 RDI: 000000000000000a [ 60.078872] RBP: 000000000072c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 60.086115] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f09236036d4 [ 60.093364] R13: 00000000004c3807 R14: 00000000004d9f50 R15: 00000000ffffffff [ 60.100614] [ 60.102223] Allocated by task 7444: [ 60.105846] save_stack+0x43/0xd0 [ 60.109270] kasan_kmalloc+0xc7/0xe0 [ 60.112953] kasan_slab_alloc+0x12/0x20 [ 60.116912] kmem_cache_alloc+0x12e/0x730 [ 60.121029] sk_prot_alloc+0x69/0x2e0 [ 60.124810] sk_alloc+0x10d/0x1690 [ 60.128331] inet_create+0x509/0x1070 [ 60.132102] __sock_create+0x536/0x930 [ 60.135960] __sys_socket+0x106/0x260 [ 60.139733] __x64_sys_socket+0x73/0xb0 [ 60.143683] do_syscall_64+0x1b9/0x820 [ 60.147547] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.152705] [ 60.154305] Freed by task 7461: [ 60.157556] save_stack+0x43/0xd0 [ 60.160981] __kasan_slab_free+0x102/0x150 [ 60.165187] kasan_slab_free+0xe/0x10 [ 60.168964] kmem_cache_free+0x83/0x290 [ 60.172920] __sk_destruct+0x728/0xa80 [ 60.176786] sk_destruct+0x78/0x90 [ 60.180306] __sk_free+0xcf/0x300 [ 60.183732] sk_free+0x42/0x50 [ 60.186899] sctp_close+0x8d4/0xad0 [ 60.190500] inet_release+0x104/0x1f0 [ 60.194283] __sock_release+0xd7/0x250 [ 60.198169] sock_close+0x19/0x20 [ 60.201610] __fput+0x3bc/0xa70 [ 60.204862] ____fput+0x15/0x20 [ 60.208114] task_work_run+0x1e8/0x2a0 [ 60.211984] get_signal+0x1550/0x1970 [ 60.215766] do_signal+0x9c/0x21c0 [ 60.219286] exit_to_usermode_loop+0x2e5/0x380 [ 60.223856] do_syscall_64+0x6be/0x820 [ 60.227733] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.232898] [ 60.234511] The buggy address belongs to the object at ffff8801c3391840 [ 60.234511] which belongs to the cache SCTP(49:syz0) of size 1776 [ 60.247408] The buggy address is located 160 bytes inside of [ 60.247408] 1776-byte region [ffff8801c3391840, ffff8801c3391f30) [ 60.259344] The buggy address belongs to the page: [ 60.264246] page:ffffea00070ce440 count:1 mapcount:0 mapping:ffff8801c2fbed80 index:0x0 [ 60.272356] flags: 0x2fffc0000000200(slab) [ 60.276566] raw: 02fffc0000000200 ffffea0006f24b08 ffffea0006f84c08 ffff8801c2fbed80 [ 60.284421] raw: 0000000000000000 ffff8801c33910c0 0000000100000002 ffff8801b9968a80 [ 60.292267] page dumped because: kasan: bad access detected [ 60.297944] page->mem_cgroup:ffff8801b9968a80 [ 60.302409] [ 60.304005] Memory state around the buggy address: [ 60.308904] ffff8801c3391780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.316232] ffff8801c3391800: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 60.323569] >ffff8801c3391880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.330903] ^ [ 60.337365] ffff8801c3391900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.344698] ffff8801c3391980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.352024] ================================================================== [ 60.359353] Disabling lock debugging due to kernel taint [ 60.364771] Kernel panic - not syncing: panic_on_warn set ... [ 60.370629] CPU: 1 PID: 7462 Comm: syz-executor0 Tainted: G B 4.20.0-rc1-next-20181109+ #110 [ 60.380476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.389798] Call Trace: [ 60.392360] dump_stack+0x244/0x39d [ 60.395961] ? dump_stack_print_info.cold.1+0x20/0x20 [ 60.401124] panic+0x2ad/0x55c [ 60.404293] ? add_taint.cold.5+0x16/0x16 [ 60.408416] ? add_taint.cold.5+0x5/0x16 [ 60.412461] ? trace_hardirqs_off+0xaf/0x310 [ 60.416844] kasan_end_report+0x47/0x4f [ 60.420792] kasan_report.cold.8+0x76/0x309 [ 60.425101] ? __lock_acquire+0x36d9/0x4c20 [ 60.429398] __asan_report_load8_noabort+0x14/0x20 [ 60.434302] __lock_acquire+0x36d9/0x4c20 [ 60.438421] ? trace_hardirqs_on+0xbd/0x310 [ 60.442714] ? remove_entity_load_avg+0x228/0x2e0 [ 60.447533] ? __free_pages+0x149/0x190 [ 60.451481] ? mark_held_locks+0x130/0x130 [ 60.455692] ? kasan_check_write+0x14/0x20 [ 60.459900] ? finish_task_switch+0x658/0x920 [ 60.464366] ? __switch_to_asm+0x40/0x70 [ 60.468419] ? preempt_notifier_register+0x200/0x200 [ 60.473502] ? __switch_to_asm+0x34/0x70 [ 60.477543] ? __switch_to_asm+0x34/0x70 [ 60.481574] ? __switch_to_asm+0x40/0x70 [ 60.485607] ? __switch_to_asm+0x34/0x70 [ 60.489645] ? __switch_to_asm+0x40/0x70 [ 60.493679] ? __switch_to_asm+0x34/0x70 [ 60.497711] ? __switch_to_asm+0x40/0x70 [ 60.501746] ? __switch_to_asm+0x34/0x70 [ 60.505779] ? __switch_to_asm+0x34/0x70 [ 60.509815] ? __switch_to_asm+0x40/0x70 [ 60.513853] ? __switch_to_asm+0x34/0x70 [ 60.517895] ? __switch_to_asm+0x40/0x70 [ 60.521927] ? __switch_to_asm+0x34/0x70 [ 60.525960] ? __switch_to_asm+0x40/0x70 [ 60.529993] ? __schedule+0x8d7/0x21d0 [ 60.533853] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 60.538407] ? __sched_text_start+0x8/0x8 [ 60.542530] ? print_usage_bug+0xc0/0xc0 [ 60.546573] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 60.551308] ? retint_kernel+0x2d/0x2d [ 60.555169] lock_acquire+0x1ed/0x520 [ 60.558943] ? __lock_sock+0x203/0x350 [ 60.562802] ? lock_release+0xa10/0xa10 [ 60.566747] ? _raw_spin_unlock_bh+0x30/0x40 [ 60.571124] ? __schedule+0x21d0/0x21d0 [ 60.575075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.580583] ? check_preemption_disabled+0x48/0x280 [ 60.585571] ? __lock_sock+0x1f6/0x350 [ 60.589434] _raw_spin_lock_bh+0x31/0x40 [ 60.593474] ? __lock_sock+0x203/0x350 [ 60.597335] __lock_sock+0x203/0x350 [ 60.601025] ? sk_setup_caps+0x690/0x690 [ 60.605069] ? finish_wait+0x430/0x430 [ 60.608930] lock_sock_nested+0xfe/0x120 [ 60.612965] sctp_sock_dump+0x122/0xb20 [ 60.616913] ? retint_kernel+0x2d/0x2d [ 60.620780] ? sctp_tsp_dump_one+0x850/0x850 [ 60.625173] sctp_for_each_transport+0x2b5/0x370 [ 60.629902] ? sctp_tsp_dump_one+0x850/0x850 [ 60.634282] ? sctp_v6_copy_ip_options.cold.16+0x28/0x28 [ 60.639707] ? sctp_transport_get_next+0x170/0x170 [ 60.644611] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 60.649602] ? sctp_for_each_endpoint+0x165/0x1c0 [ 60.654426] sctp_diag_dump+0x3ac/0x660 [ 60.658381] ? inet_diag_msg_sctpladdrs_fill+0x360/0x360 [ 60.663802] ? netdev_alloc_frag+0x1f0/0x1f0 [ 60.668185] ? mutex_lock_nested+0x16/0x20 [ 60.672393] __inet_diag_dump+0xa8/0x140 [ 60.676426] inet_diag_dump+0x9b/0x110 [ 60.680285] netlink_dump+0x606/0x1080 [ 60.684166] ? check_preemption_disabled+0x48/0x280 [ 60.689156] ? netlink_broadcast+0x50/0x50 [ 60.693368] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 60.698640] ? rcu_read_unlock_special+0x370/0x370 [ 60.703553] __netlink_dump_start+0x59a/0x7c0 [ 60.708028] inet_diag_handler_cmd+0x2ce/0x3f0 [ 60.712588] ? inet_diag_rcv_msg_compat+0x400/0x400 [ 60.717579] ? inet_diag_dump_compat+0x490/0x490 [ 60.722308] sock_diag_rcv_msg+0x31d/0x410 [ 60.726526] netlink_rcv_skb+0x172/0x440 [ 60.730566] ? sock_diag_bind+0x80/0x80 [ 60.734514] ? netlink_ack+0xb80/0xb80 [ 60.738377] ? rcu_read_unlock_special+0x370/0x370 [ 60.743282] sock_diag_rcv+0x2a/0x40 [ 60.746970] netlink_unicast+0x5a5/0x760 [ 60.751005] ? netlink_attachskb+0x9a0/0x9a0 [ 60.755398] netlink_sendmsg+0xa18/0xfc0 [ 60.759436] ? aa_path_link+0x5e0/0x5e0 [ 60.763383] ? netlink_unicast+0x760/0x760 [ 60.767595] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 60.772500] ? apparmor_socket_sendmsg+0x29/0x30 [ 60.777228] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.782743] ? security_socket_sendmsg+0x94/0xc0 [ 60.787477] ? netlink_unicast+0x760/0x760 [ 60.791688] sock_sendmsg+0xd5/0x120 [ 60.795381] sock_write_iter+0x35e/0x5c0 [ 60.799415] ? sock_sendmsg+0x120/0x120 [ 60.803371] do_iter_readv_writev+0x8b0/0xa80 [ 60.807846] ? vfs_dedupe_file_range+0x680/0x680 [ 60.812582] ? security_file_permission+0xee/0x220 [ 60.817488] ? rw_verify_area+0x118/0x360 [ 60.821611] do_iter_write+0x185/0x5f0 [ 60.825469] ? dup_iter+0x260/0x260 [ 60.829072] vfs_writev+0x1f1/0x360 [ 60.832674] ? vfs_iter_write+0xb0/0xb0 [ 60.836623] ? lock_release+0xa10/0xa10 [ 60.840576] ? perf_trace_sched_process_exec+0x860/0x860 [ 60.846000] ? posix_ktime_get_ts+0x15/0x20 [ 60.850303] ? trace_hardirqs_off_caller+0x300/0x300 [ 60.855422] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.860931] ? __fdget_pos+0xde/0x200 [ 60.864707] ? __fdget_raw+0x20/0x20 [ 60.868397] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 60.873904] ? put_timespec64+0x10f/0x1b0 [ 60.878028] do_writev+0x11a/0x310 [ 60.881552] ? vfs_writev+0x360/0x360 [ 60.885325] ? trace_hardirqs_off_caller+0x300/0x300 [ 60.890408] __x64_sys_writev+0x75/0xb0 [ 60.894362] do_syscall_64+0x1b9/0x820 [ 60.898224] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 60.903558] ? syscall_return_slowpath+0x5e0/0x5e0 [ 60.908459] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 60.913273] ? trace_hardirqs_on_caller+0x310/0x310 [ 60.918272] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 60.923263] ? prepare_exit_to_usermode+0x291/0x3b0 [ 60.928255] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 60.933074] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.938236] RIP: 0033:0x457569 [ 60.941407] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.960285] RSP: 002b:00007f0923602c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 60.967963] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 60.975208] RDX: 0000000000000001 RSI: 000000002051c000 RDI: 000000000000000a [ 60.982450] RBP: 000000000072c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 60.989699] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f09236036d4 [ 60.996939] R13: 00000000004c3807 R14: 00000000004d9f50 R15: 00000000ffffffff [ 61.005342] Kernel Offset: disabled [ 61.008958] Rebooting in 86400 seconds..