[  OK  ] Started Network Time Synchronization.
[  OK  ] Started Raise network interfaces.
[  OK  ] Reached target Network.
         Starting Permit User Sessions...
         Starting OpenBSD Secure Shell server...
[  OK  ] Started Permit User Sessions.
[  OK  ] Started OpenBSD Secure Shell server.
[   13.473234][    C1] random: crng init done
[   13.474169][    C1] random: 7 urandom warning(s) missed due to ratelimiting
Warning: Permanently added '10.128.1.20' (ECDSA) to the list of known hosts.
executing program
[*     ] A start job is running for dev-ttyS0.device (8s / 1min 30s)
[**    ] A start job is running for dev-ttyS0.device (9s / 1min 30s)
[***   ] A start job is running for dev-ttyS0.device (10s / 1min 30s)
[ ***  ] A start job is running for dev-ttyS0.device (10s / 1min 30s)
[  *** ] A start job is running for dev-ttyS0.device (11s / 1min 30s)
[   ***] A start job is running for dev-ttyS0.device (12s / 1min 30s)
[    **] A start job is running for dev-ttyS0.device (12s / 1min 30s)
[     *] A start job is running for dev-ttyS0.device (13s / 1min 30s)
[    **] A start job is running for dev-ttyS0.device (13s / 1min 30s)
[   ***] A start job is running for dev-ttyS0.device (14s / 1min 30s)[   20.551368][   T22] audit: type=1400 audit(1598845024.273:8): avc:  denied  { execmem } for  pid=329 comm="syz-executor533" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   20.555989][  T158] ==================================================================
[   20.579938][  T158] BUG: KASAN: use-after-free in __list_del_entry_valid+0x98/0x100
[   20.587739][  T158] Read of size 8 at addr ffff8881ce189780 by task kworker/u4:2/158
[   20.595586][  T158] 
[   20.597884][  T158] CPU: 1 PID: 158 Comm: kworker/u4:2 Not tainted 5.4.61-syzkaller-00873-ge15cc541b749 #0
[   20.607640][  T158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   20.617670][  T158] Workqueue: io_ring-wq io_sq_wq_submit_work
[   20.623623][  T158] Call Trace:
[   20.626906][  T158]  dump_stack+0x14a/0x1ce
[   20.631199][  T158]  ? show_regs_print_info+0x12/0x12
[   20.636394][  T158]  ? printk+0xd2/0x114
[   20.640431][  T158]  print_address_description+0x93/0x620
[   20.645938][  T158]  __kasan_report+0x16d/0x1e0
[   20.650581][  T158]  ? __list_del_entry_valid+0x98/0x100
[   20.656008][  T158]  kasan_report+0x36/0x60
[   20.660332][  T158]  __list_del_entry_valid+0x98/0x100
[   20.665581][  T158]  io_sq_wq_submit_work+0x7f5/0x14a0
[   20.670828][  T158]  ? io_free_req+0xab2/0xbf0
[   20.675390][  T158]  ? __io_queue_sqe+0xa00/0xa00
[   20.680202][  T158]  ? _raw_spin_lock_irq+0xa2/0x180
[   20.685277][  T158]  ? read_word_at_a_time+0xe/0x20
[   20.690264][  T158]  ? strscpy+0xa6/0x260
[   20.694396][  T158]  process_one_work+0x777/0xf90
[   20.699211][  T158]  worker_thread+0xa8f/0x1430
[   20.703852][  T158]  kthread+0x317/0x340
[   20.707883][  T158]  ? process_one_work+0xf90/0xf90
[   20.712881][  T158]  ? kthread_destroy_worker+0x280/0x280
[   20.718387][  T158]  ret_from_fork+0x1f/0x30
[   20.722764][  T158] 
[   20.725057][  T158] Allocated by task 329:
[   20.729264][  T158]  __kasan_kmalloc+0x12c/0x1c0
[   20.734004][  T158]  kmem_cache_alloc_bulk+0x1cf/0x250
[   20.739252][  T158]  io_get_req+0x27f/0x850
[   20.743544][  T158]  io_submit_sqe+0x83/0xe90
[   20.748008][  T158]  __se_sys_io_uring_enter+0x922/0x1ff0
[   20.753514][  T158]  do_syscall_64+0xcb/0x150
[   20.757980][  T158]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   20.763830][  T158] 
[   20.766122][  T158] Freed by task 158:
[   20.769991][  T158]  __kasan_slab_free+0x181/0x230
[   20.774889][  T158]  slab_free_freelist_hook+0xd0/0x150
[   20.780227][  T158]  kmem_cache_free+0xac/0x600
[   20.784863][  T158]  io_poll_complete_work+0x737/0x940
[   20.790109][  T158]  process_one_work+0x777/0xf90
[   20.794931][  T158]  worker_thread+0xa8f/0x1430
[   20.799570][  T158]  kthread+0x317/0x340
[   20.803601][  T158]  ret_from_fork+0x1f/0x30
[   20.807985][  T158] 
[   20.810333][  T158] The buggy address belongs to the object at ffff8881ce189680
[   20.810333][  T158]  which belongs to the cache io_kiocb of size 264
[   20.824096][  T158] The buggy address is located 256 bytes inside of
[   20.824096][  T158]  264-byte region [ffff8881ce189680, ffff8881ce189788)
[   20.837324][  T158] The buggy address belongs to the page:
[   20.842920][  T158] page:ffffea0007386200 refcount:1 mapcount:0 mapping:ffff8881d99ba500 index:0x0 compound_mapcount: 0
[   20.853807][  T158] flags: 0x8000000000010200(slab|head)
[   20.859246][  T158] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881d99ba500
[   20.867794][  T158] raw: 0000000000000000 0000000080150015 00000001ffffffff 0000000000000000
[   20.876349][  T158] page dumped because: kasan: bad access detected
[   20.882732][  T158] 
[   20.885023][  T158] Memory state around the buggy address:
[   20.890628][  T158]  ffff8881ce189680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.898653][  T158]  ffff8881ce189700: fb fb f