Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 34.022116] audit: type=1800 audit(1543395192.576:33): pid=6038 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 34.046487] audit: type=1800 audit(1543395192.586:34): pid=6038 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.498008] audit: type=1400 audit(1543395194.056:35): avc: denied { map } for pid=6212 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. [ 175.096623] audit: type=1400 audit(1543395333.656:36): avc: denied { map } for pid=6226 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/11/28 08:55:34 parsed 1 programs [ 175.644657] audit: type=1400 audit(1543395334.206:37): avc: denied { map } for pid=6226 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14710 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2018/11/28 08:55:36 executed programs: 0 [ 177.590742] IPVS: ftp: loaded support on port[0] = 21 [ 177.593132] IPVS: ftp: loaded support on port[0] = 21 [ 177.604304] IPVS: ftp: loaded support on port[0] = 21 [ 177.608845] IPVS: ftp: loaded support on port[0] = 21 [ 177.630787] IPVS: ftp: loaded support on port[0] = 21 [ 177.631866] IPVS: ftp: loaded support on port[0] = 21 [ 178.425957] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.432530] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.440656] device bridge_slave_0 entered promiscuous mode [ 178.466552] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.472880] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.485840] device bridge_slave_0 entered promiscuous mode [ 178.494317] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.500679] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.510808] device bridge_slave_1 entered promiscuous mode [ 178.523747] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.530128] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.538501] device bridge_slave_0 entered promiscuous mode [ 178.557275] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.563602] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.573941] device bridge_slave_1 entered promiscuous mode [ 178.580248] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.588257] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.595521] device bridge_slave_0 entered promiscuous mode [ 178.603055] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.611993] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.621074] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.629457] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.637122] device bridge_slave_0 entered promiscuous mode [ 178.644081] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.650402] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.659534] device bridge_slave_1 entered promiscuous mode [ 178.667526] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.677715] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.685394] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.691715] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.699786] device bridge_slave_0 entered promiscuous mode [ 178.706706] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.713057] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.720357] device bridge_slave_1 entered promiscuous mode [ 178.733427] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.740651] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.754765] device bridge_slave_1 entered promiscuous mode [ 178.763313] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.775751] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.782107] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.792796] device bridge_slave_1 entered promiscuous mode [ 178.802325] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.828494] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.846725] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.873694] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.899032] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.929099] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.956415] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.982629] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.007859] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.052200] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.084567] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.140381] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.163423] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.214561] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.223743] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.249412] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.288110] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.305771] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 179.312708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.327611] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.345447] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 179.361524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.384894] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 179.394665] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 179.402970] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.423597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.455089] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.472097] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 179.483206] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 179.494202] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 179.504449] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.515598] team0: Port device team_slave_0 added [ 179.521220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.532795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.541256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.557929] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 179.585588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.612047] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.626187] team0: Port device team_slave_1 added [ 179.635992] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 179.663904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.672323] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.687614] team0: Port device team_slave_0 added [ 179.708604] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.725614] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.732981] team0: Port device team_slave_0 added [ 179.776495] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.785935] team0: Port device team_slave_1 added [ 179.795083] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.802505] team0: Port device team_slave_0 added [ 179.813351] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.839240] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.857736] team0: Port device team_slave_0 added [ 179.864556] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.871908] team0: Port device team_slave_1 added [ 179.880516] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 179.903659] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.911266] team0: Port device team_slave_1 added [ 179.919805] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.927938] team0: Port device team_slave_0 added [ 179.934735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.942775] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.960436] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.971620] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 179.985875] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.993155] team0: Port device team_slave_1 added [ 180.018959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.037101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.045807] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.053411] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.063235] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 180.070971] team0: Port device team_slave_1 added [ 180.091333] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.104679] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.135455] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.156351] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.177555] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.198582] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.208547] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.223196] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.245014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.253052] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.261413] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.272945] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.288029] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.304794] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.317421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.332091] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.343616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.352060] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.360246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.368125] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.375939] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.387485] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 180.397640] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.409853] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.417412] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.428371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.445339] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.452994] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.461577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.469577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.477539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.485418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.493094] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.508268] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.530593] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.541322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.569106] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.584437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.595323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.990414] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.996982] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.004003] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.010372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.026625] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 181.242598] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.249030] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.255746] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.262112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.286154] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 181.297763] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.304159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.310838] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.317263] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.326095] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 181.351962] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.359824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.385369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.409049] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.415446] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.422132] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.428558] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.438927] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 181.454270] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.460638] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.467343] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.473705] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.485954] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 181.497329] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.503703] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.510430] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.516839] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.533178] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 182.384052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.394382] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.418024] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.056676] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.269335] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.317882] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 184.360594] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.374791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.511443] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.538798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.564593] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 184.593311] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 184.604009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.611057] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.638102] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 184.664597] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 184.849006] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 184.862181] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 184.872332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.884144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.903388] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 184.917009] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.928596] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 184.945713] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 184.951845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.994303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.002352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.010294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.157025] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 185.163211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.170814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.189235] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 185.199178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.210906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.229294] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.252410] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.268426] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.419248] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.539611] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.609517] audit: type=1400 audit(1543395345.166:38): avc: denied { associate } for pid=6244 comm="syz-executor3" name="syz3" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2018/11/28 08:55:45 executed programs: 6 2018/11/28 08:55:50 executed programs: 233 2018/11/28 08:55:55 executed programs: 474 [ 199.622610] ================================================================== [ 199.630164] BUG: KASAN: use-after-free in link_path_walk.part.40+0x12e6/0x1530 [ 199.637530] Read of size 1 at addr ffff8881cca65d40 by task syz-executor2/10223 [ 199.644971] [ 199.646627] CPU: 1 PID: 10223 Comm: syz-executor2 Not tainted 4.20.0-rc4+ #132 [ 199.653990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.663371] Call Trace: [ 199.665975] dump_stack+0x244/0x39d [ 199.669622] ? dump_stack_print_info.cold.1+0x20/0x20 [ 199.674818] ? printk+0xa7/0xcf [ 199.678111] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 199.682946] print_address_description.cold.7+0x9/0x1ff [ 199.688319] kasan_report.cold.8+0x242/0x309 [ 199.692740] ? link_path_walk.part.40+0x12e6/0x1530 [ 199.697775] __asan_report_load1_noabort+0x14/0x20 [ 199.702716] link_path_walk.part.40+0x12e6/0x1530 [ 199.707571] ? pick_link+0xaf0/0xaf0 [ 199.711287] ? walk_component+0x2590/0x2590 [ 199.715614] ? selinux_inode_free_security+0x460/0x460 [ 199.720882] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 199.725883] ? atime_needs_update+0x507/0x710 [ 199.730360] ? new_inode+0x40/0x40 [ 199.733903] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.739444] ? security_inode_follow_link+0xe8/0x120 [ 199.744558] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 199.750086] ? trailing_symlink+0x2ac/0x970 [ 199.754398] path_lookupat.isra.43+0xf7/0xc00 [ 199.758877] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 199.764087] ? path_parentat.isra.41+0x160/0x160 [ 199.768831] ? usercopy_warn+0x110/0x110 [ 199.772884] ? check_preemption_disabled+0x48/0x280 [ 199.777891] filename_lookup+0x26a/0x520 [ 199.781941] ? filename_parentat.isra.56+0x570/0x570 [ 199.787031] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.792588] ? kmem_cache_alloc+0x33a/0x730 [ 199.796908] ? __sched_text_start+0x8/0x8 [ 199.801047] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.806570] ? getname_flags+0x26e/0x590 [ 199.810635] user_path_at_empty+0x40/0x50 [ 199.814785] do_mount+0x177/0x31f0 [ 199.818315] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 199.823759] ? retint_kernel+0x1b/0x2d [ 199.827659] ? trace_hardirqs_on+0x310/0x310 [ 199.832052] ? copy_mount_string+0x40/0x40 [ 199.836276] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 199.841019] ? retint_kernel+0x2d/0x2d [ 199.844897] ? copy_mount_options+0x228/0x430 [ 199.849376] ? copy_mount_options+0x239/0x430 [ 199.853894] ? copy_mount_options+0x247/0x430 [ 199.858379] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.863902] ? copy_mount_options+0x315/0x430 [ 199.868382] ksys_mount+0x12d/0x140 [ 199.871993] __x64_sys_mount+0xbe/0x150 [ 199.875972] do_syscall_64+0x1b9/0x820 [ 199.879843] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 199.885193] ? syscall_return_slowpath+0x5e0/0x5e0 [ 199.890108] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 199.894952] ? trace_hardirqs_on_caller+0x310/0x310 [ 199.899957] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 199.904959] ? prepare_exit_to_usermode+0x291/0x3b0 [ 199.909966] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 199.914801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.919973] RIP: 0033:0x457569 [ 199.923154] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.942055] RSP: 002b:00007fb6416b0c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 199.949754] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457569 [ 199.957017] RDX: 0000000020000040 RSI: 0000000020000000 RDI: 0000000000000000 [ 199.964275] RBP: 000000000072bf00 R08: 0000000020000340 R09: 0000000000000000 [ 199.971537] R10: 0000000000200000 R11: 0000000000000246 R12: 00007fb6416b16d4 [ 199.978830] R13: 00000000004c2c24 R14: 00000000004d4990 R15: 00000000ffffffff [ 199.986104] [ 199.987719] Allocated by task 10228: [ 199.991422] save_stack+0x43/0xd0 [ 199.994873] kasan_kmalloc+0xc7/0xe0 [ 199.998588] __kmalloc_track_caller+0x157/0x760 [ 200.003247] kstrdup+0x39/0x70 [ 200.006427] bpf_symlink+0x26/0x140 [ 200.010041] vfs_symlink+0x37a/0x5d0 [ 200.013749] do_symlinkat+0x242/0x2d0 [ 200.017563] __x64_sys_symlink+0x59/0x80 [ 200.021614] do_syscall_64+0x1b9/0x820 [ 200.025507] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.030690] [ 200.032300] Freed by task 10235: [ 200.035648] save_stack+0x43/0xd0 [ 200.039103] __kasan_slab_free+0x102/0x150 [ 200.043320] kasan_slab_free+0xe/0x10 [ 200.047111] kfree+0xcf/0x230 [ 200.050215] bpf_evict_inode+0x11f/0x150 [ 200.054261] evict+0x4b9/0x980 [ 200.057439] iput+0x679/0xa90 [ 200.060530] do_unlinkat+0x733/0xa30 [ 200.064224] __x64_sys_unlink+0x42/0x50 [ 200.068189] do_syscall_64+0x1b9/0x820 [ 200.072059] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.077227] [ 200.078849] The buggy address belongs to the object at ffff8881cca65d40 [ 200.078849] which belongs to the cache kmalloc-32 of size 32 [ 200.091316] The buggy address is located 0 bytes inside of [ 200.091316] 32-byte region [ffff8881cca65d40, ffff8881cca65d60) [ 200.102909] The buggy address belongs to the page: [ 200.107825] page:ffffea0007329940 count:1 mapcount:0 mapping:ffff8881da8001c0 index:0xffff8881cca65fc1 [ 200.117254] flags: 0x2fffc0000000200(slab) [ 200.121518] raw: 02fffc0000000200 ffffea000730d6c8 ffffea00075efa48 ffff8881da8001c0 [ 200.129383] raw: ffff8881cca65fc1 ffff8881cca65000 000000010000003f 0000000000000000 [ 200.137249] page dumped because: kasan: bad access detected [ 200.142939] [ 200.144549] Memory state around the buggy address: [ 200.149488] ffff8881cca65c00: fb fb fb fb fc fc fc fc 05 fc fc fc fc fc fc fc [ 200.156847] ffff8881cca65c80: fb fb fb fb fc fc fc fc 05 fc fc fc fc fc fc fc [ 200.164191] >ffff8881cca65d00: 00 00 01 fc fc fc fc fc fb fb fb fb fc fc fc fc [ 200.171535] ^ [ 200.176971] ffff8881cca65d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 200.184314] ffff8881cca65e00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 200.191657] ================================================================== [ 200.199006] Disabling lock debugging due to kernel taint [ 200.206074] Kernel panic - not syncing: panic_on_warn set ... [ 200.212243] CPU: 0 PID: 10223 Comm: syz-executor2 Tainted: G B 4.20.0-rc4+ #132 [ 200.220983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.230316] Call Trace: [ 200.232891] dump_stack+0x244/0x39d [ 200.236501] ? dump_stack_print_info.cold.1+0x20/0x20 [ 200.241677] panic+0x2ad/0x55c [ 200.244850] ? add_taint.cold.5+0x16/0x16 [ 200.248978] ? preempt_schedule+0x4d/0x60 [ 200.253106] ? ___preempt_schedule+0x16/0x18 [ 200.257501] ? trace_hardirqs_on+0xb4/0x310 [ 200.261807] kasan_end_report+0x47/0x4f [ 200.265793] kasan_report.cold.8+0x76/0x309 [ 200.270096] ? link_path_walk.part.40+0x12e6/0x1530 [ 200.275092] __asan_report_load1_noabort+0x14/0x20 [ 200.280007] link_path_walk.part.40+0x12e6/0x1530 [ 200.284831] ? pick_link+0xaf0/0xaf0 [ 200.288541] ? walk_component+0x2590/0x2590 [ 200.292845] ? selinux_inode_free_security+0x460/0x460 [ 200.298107] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 200.303104] ? atime_needs_update+0x507/0x710 [ 200.307581] ? new_inode+0x40/0x40 [ 200.311106] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.316625] ? security_inode_follow_link+0xe8/0x120 [ 200.321709] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 200.327263] ? trailing_symlink+0x2ac/0x970 [ 200.331568] path_lookupat.isra.43+0xf7/0xc00 [ 200.336047] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 200.341235] ? path_parentat.isra.41+0x160/0x160 [ 200.345975] ? usercopy_warn+0x110/0x110 [ 200.350020] ? check_preemption_disabled+0x48/0x280 [ 200.355028] filename_lookup+0x26a/0x520 [ 200.359072] ? filename_parentat.isra.56+0x570/0x570 [ 200.364174] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.369696] ? kmem_cache_alloc+0x33a/0x730 [ 200.374003] ? __sched_text_start+0x8/0x8 [ 200.378133] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.383668] ? getname_flags+0x26e/0x590 [ 200.387716] user_path_at_empty+0x40/0x50 [ 200.391850] do_mount+0x177/0x31f0 [ 200.395377] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 200.400810] ? retint_kernel+0x1b/0x2d [ 200.404679] ? trace_hardirqs_on+0x310/0x310 [ 200.409068] ? copy_mount_string+0x40/0x40 [ 200.413285] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 200.418023] ? retint_kernel+0x2d/0x2d [ 200.421894] ? copy_mount_options+0x228/0x430 [ 200.426370] ? copy_mount_options+0x239/0x430 [ 200.430845] ? copy_mount_options+0x247/0x430 [ 200.435326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.440843] ? copy_mount_options+0x315/0x430 [ 200.445338] ksys_mount+0x12d/0x140 [ 200.448964] __x64_sys_mount+0xbe/0x150 [ 200.452939] do_syscall_64+0x1b9/0x820 [ 200.456810] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 200.462155] ? syscall_return_slowpath+0x5e0/0x5e0 [ 200.467066] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 200.471907] ? trace_hardirqs_on_caller+0x310/0x310 [ 200.476907] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 200.481907] ? prepare_exit_to_usermode+0x291/0x3b0 [ 200.486910] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 200.491780] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.496949] RIP: 0033:0x457569 [ 200.500144] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.519030] RSP: 002b:00007fb6416b0c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 200.526721] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457569 [ 200.533973] RDX: 0000000020000040 RSI: 0000000020000000 RDI: 0000000000000000 [ 200.541241] RBP: 000000000072bf00 R08: 0000000020000340 R09: 0000000000000000 [ 200.548507] R10: 0000000000200000 R11: 0000000000000246 R12: 00007fb6416b16d4 [ 200.555759] R13: 00000000004c2c24 R14: 00000000004d4990 R15: 00000000ffffffff [ 200.563996] Kernel Offset: disabled [ 200.567637] Rebooting in 86400 seconds..