[ 33.532411] audit: type=1800 audit(1556659890.903:33): pid=6889 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 33.555139] audit: type=1800 audit(1556659890.903:34): pid=6889 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.071841] random: sshd: uninitialized urandom read (32 bytes read) [ 37.438880] audit: type=1400 audit(1556659894.803:35): avc: denied { map } for pid=7063 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 37.515589] random: sshd: uninitialized urandom read (32 bytes read) [ 38.148162] random: sshd: uninitialized urandom read (32 bytes read) [ 1219.369332] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. [ 1224.915569] random: sshd: uninitialized urandom read (32 bytes read) [ 1225.122808] audit: type=1400 audit(1556661082.493:36): avc: denied { map } for pid=7076 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/04/30 21:51:23 parsed 1 programs [ 1226.023242] audit: type=1400 audit(1556661083.393:37): avc: denied { map } for pid=7076 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13808 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 1226.869007] random: cc1: uninitialized urandom read (8 bytes read) 2019/04/30 21:51:25 executed programs: 0 [ 1227.933277] audit: type=1400 audit(1556661085.293:38): avc: denied { map } for pid=7076 comm="syz-execprog" path="/root/syzkaller-shm031940234" dev="sda1" ino=2233 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 1228.710270] IPVS: ftp: loaded support on port[0] = 21 [ 1229.039056] chnl_net:caif_netlink_parms(): no params data found [ 1229.046799] IPVS: ftp: loaded support on port[0] = 21 [ 1229.105308] bridge0: port 1(bridge_slave_0) entered blocking state [ 1229.112243] bridge0: port 1(bridge_slave_0) entered disabled state [ 1229.119448] device bridge_slave_0 entered promiscuous mode [ 1229.129175] bridge0: port 2(bridge_slave_1) entered blocking state [ 1229.135668] bridge0: port 2(bridge_slave_1) entered disabled state [ 1229.142787] device bridge_slave_1 entered promiscuous mode [ 1229.167979] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1229.177227] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1229.199414] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1229.206937] team0: Port device team_slave_0 added [ 1229.212700] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1229.220100] team0: Port device team_slave_1 added [ 1229.225703] IPVS: ftp: loaded support on port[0] = 21 [ 1229.235969] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1229.243485] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1229.352132] device hsr_slave_0 entered promiscuous mode [ 1229.390335] device hsr_slave_1 entered promiscuous mode [ 1229.430807] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1229.448041] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1229.464378] chnl_net:caif_netlink_parms(): no params data found [ 1229.495251] bridge0: port 2(bridge_slave_1) entered blocking state [ 1229.501876] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1229.508907] bridge0: port 1(bridge_slave_0) entered blocking state [ 1229.515998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1229.558611] bridge0: port 1(bridge_slave_0) entered blocking state [ 1229.565539] bridge0: port 1(bridge_slave_0) entered disabled state [ 1229.573009] device bridge_slave_0 entered promiscuous mode [ 1229.579811] bridge0: port 2(bridge_slave_1) entered blocking state [ 1229.586511] bridge0: port 2(bridge_slave_1) entered disabled state [ 1229.594287] device bridge_slave_1 entered promiscuous mode [ 1229.604266] IPVS: ftp: loaded support on port[0] = 21 [ 1229.632735] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1229.642169] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1229.689505] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1229.697046] team0: Port device team_slave_0 added [ 1229.724453] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1229.731902] team0: Port device team_slave_1 added [ 1229.751067] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1229.762064] chnl_net:caif_netlink_parms(): no params data found [ 1229.778489] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1229.793719] IPVS: ftp: loaded support on port[0] = 21 [ 1229.893042] device hsr_slave_0 entered promiscuous mode [ 1229.940381] device hsr_slave_1 entered promiscuous mode [ 1230.004363] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1230.026812] bridge0: port 1(bridge_slave_0) entered blocking state [ 1230.033495] bridge0: port 1(bridge_slave_0) entered disabled state [ 1230.040918] device bridge_slave_0 entered promiscuous mode [ 1230.047465] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1230.066652] bridge0: port 2(bridge_slave_1) entered blocking state [ 1230.074315] bridge0: port 2(bridge_slave_1) entered disabled state [ 1230.081826] device bridge_slave_1 entered promiscuous mode [ 1230.134254] bridge0: port 1(bridge_slave_0) entered disabled state [ 1230.141610] bridge0: port 2(bridge_slave_1) entered disabled state [ 1230.152898] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1230.163915] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1230.193169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1230.199568] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1230.207057] team0: Port device team_slave_0 added [ 1230.219192] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1230.227522] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1230.234926] team0: Port device team_slave_1 added [ 1230.241128] chnl_net:caif_netlink_parms(): no params data found [ 1230.262202] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1230.271575] IPVS: ftp: loaded support on port[0] = 21 [ 1230.282407] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1230.302689] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1230.398160] bridge0: port 1(bridge_slave_0) entered blocking state [ 1230.405151] bridge0: port 1(bridge_slave_0) entered disabled state [ 1230.412364] device bridge_slave_0 entered promiscuous mode [ 1230.426766] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1230.443007] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1230.449185] 8021q: adding VLAN 0 to HW filter on device team0 [ 1230.455696] bridge0: port 2(bridge_slave_1) entered blocking state [ 1230.464639] bridge0: port 2(bridge_slave_1) entered disabled state [ 1230.471801] device bridge_slave_1 entered promiscuous mode [ 1230.478063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1230.486262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1230.542335] device hsr_slave_0 entered promiscuous mode [ 1230.580341] device hsr_slave_1 entered promiscuous mode [ 1230.624488] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1230.631359] chnl_net:caif_netlink_parms(): no params data found [ 1230.669143] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1230.677811] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1230.690768] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1230.716377] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1230.723759] team0: Port device team_slave_0 added [ 1230.741276] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1230.749591] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1230.763704] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1230.771638] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1230.778816] team0: Port device team_slave_1 added [ 1230.796324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1230.804192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1230.812123] bridge0: port 1(bridge_slave_0) entered blocking state [ 1230.818478] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1230.825536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1230.833594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1230.841400] bridge0: port 2(bridge_slave_1) entered blocking state [ 1230.847756] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1230.859675] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1230.868619] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1230.898555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1230.908823] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1230.916237] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1230.945536] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1230.952618] bridge0: port 1(bridge_slave_0) entered blocking state [ 1230.958994] bridge0: port 1(bridge_slave_0) entered disabled state [ 1230.966279] device bridge_slave_0 entered promiscuous mode [ 1230.973716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1230.982261] bridge0: port 2(bridge_slave_1) entered blocking state [ 1230.988621] bridge0: port 2(bridge_slave_1) entered disabled state [ 1230.996843] device bridge_slave_1 entered promiscuous mode [ 1231.005962] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1231.053457] device hsr_slave_0 entered promiscuous mode [ 1231.111067] device hsr_slave_1 entered promiscuous mode [ 1231.151283] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1231.160559] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1231.166985] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1231.184167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1231.199226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1231.209655] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1231.224744] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1231.239963] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1231.247154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1231.255058] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1231.263189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1231.270424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1231.290553] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1231.296745] 8021q: adding VLAN 0 to HW filter on device team0 [ 1231.304505] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1231.323269] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1231.330199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1231.337844] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1231.352714] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1231.362103] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1231.370388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1231.378291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1231.388143] bridge0: port 1(bridge_slave_0) entered blocking state [ 1231.394529] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1231.443404] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1231.465613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1231.473843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1231.481809] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1231.489436] bridge0: port 2(bridge_slave_1) entered blocking state [ 1231.495909] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1231.504613] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1231.519879] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1231.527862] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1231.535276] team0: Port device team_slave_0 added [ 1231.543443] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1231.551537] team0: Port device team_slave_1 added [ 1231.557943] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1231.565151] chnl_net:caif_netlink_parms(): no params data found [ 1231.585995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1231.595062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1231.602962] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1231.613583] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1231.622544] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1231.631245] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1231.640966] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1231.661423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1231.669170] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1231.677064] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1231.684790] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1231.692468] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1231.701270] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1231.711721] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1231.719925] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1231.726122] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1231.764056] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1231.777281] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1231.784339] bridge0: port 1(bridge_slave_0) entered blocking state [ 1231.793356] bridge0: port 1(bridge_slave_0) entered disabled state [ 1231.800660] device bridge_slave_0 entered promiscuous mode [ 1231.862248] device hsr_slave_0 entered promiscuous mode [ 1231.900484] device hsr_slave_1 entered promiscuous mode [ 1231.940402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1231.947999] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1231.962483] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1231.971874] bridge0: port 2(bridge_slave_1) entered blocking state [ 1231.978247] bridge0: port 2(bridge_slave_1) entered disabled state [ 1231.987594] device bridge_slave_1 entered promiscuous mode [ 1231.994413] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1232.005001] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1232.011737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1232.019211] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1232.028253] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1232.034632] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1232.054663] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1232.065113] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1232.077415] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1232.095322] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1232.113231] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1232.123896] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1232.133627] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1232.141211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1232.148245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1232.163037] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1232.169135] 8021q: adding VLAN 0 to HW filter on device team0 [ 1232.188921] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1232.200341] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1232.210838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1232.218640] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1232.232178] bridge0: port 1(bridge_slave_0) entered blocking state [ 1232.238557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1232.254307] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1232.262527] team0: Port device team_slave_0 added [ 1232.268250] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1232.276148] team0: Port device team_slave_1 added [ 1232.282399] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1232.292417] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1232.306312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1232.314196] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1232.321986] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1232.337458] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1232.347263] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1232.354252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1232.366149] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1232.374921] bridge0: port 2(bridge_slave_1) entered blocking state [ 1232.381337] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1232.392970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1232.469804] device hsr_slave_0 entered promiscuous mode [ 1232.510433] device hsr_slave_1 entered promiscuous mode [ 1232.532338] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1232.545725] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1232.553507] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1232.564583] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1232.574563] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1232.589488] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1232.596077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1232.603944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1232.610983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1232.621143] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1232.636325] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1232.644769] 8021q: adding VLAN 0 to HW filter on device team0 [ 1232.653930] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1232.663776] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1232.671751] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1232.679261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1232.687380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1232.695478] bridge0: port 1(bridge_slave_0) entered blocking state [ 1232.701884] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1232.709003] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1232.716095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1232.726017] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1232.736742] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1232.752413] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1232.764112] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1232.770806] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1232.778986] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1232.786801] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1232.802739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1232.811113] bridge0: port 2(bridge_slave_1) entered blocking state [ 1232.817505] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1232.832555] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1232.842316] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1232.863969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1232.879797] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1232.894328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1232.903487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1232.928167] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1232.939721] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1232.946512] 8021q: adding VLAN 0 to HW filter on device team0 [ 1232.955803] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1232.964016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1232.971982] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1232.979653] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1232.987513] bridge0: port 1(bridge_slave_0) entered blocking state [ 1232.993885] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1233.002488] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1233.012757] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1233.022116] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1233.030731] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1233.037718] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1233.046951] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1233.054609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1233.062712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1233.070452] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1233.080693] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1233.092085] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1233.101630] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1233.108915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1233.116817] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1233.124599] bridge0: port 2(bridge_slave_1) entered blocking state [ 1233.131012] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1233.138155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1233.145996] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1233.154696] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1233.162147] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1233.174672] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1233.192214] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1233.199616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1233.207565] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1233.216236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1233.228291] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1233.239906] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1233.248408] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1233.258077] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1233.271890] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1233.286002] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready 2019/04/30 21:51:30 executed programs: 13 [ 1233.292686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1233.301389] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1233.308868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1233.316024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1233.324700] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1233.343479] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1233.373364] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1233.379478] 8021q: adding VLAN 0 to HW filter on device team0 [ 1233.387867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1233.399709] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1233.415099] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1233.424154] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1233.437285] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1233.445694] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1233.454097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1233.461970] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1233.469485] bridge0: port 1(bridge_slave_0) entered blocking state [ 1233.475881] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1233.482939] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1233.489945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1233.502592] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1233.518179] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1233.529475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1233.537635] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1233.545366] bridge0: port 2(bridge_slave_1) entered blocking state [ 1233.551796] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1233.559189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1233.567069] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1233.581989] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1233.595458] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1233.616959] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1233.625362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1233.633767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1233.641776] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1233.649911] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1233.664067] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1233.681825] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1233.691314] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1233.699511] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1233.714449] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1233.721357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1233.728351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1233.736116] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1233.744222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1233.752379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1233.760734] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1233.769257] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1233.787490] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1233.794397] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1233.804654] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1233.817305] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1233.830463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1233.838119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1233.846782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1233.856754] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1233.866286] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1233.874314] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1233.884364] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1233.891026] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1233.907193] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1233.917750] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/04/30 21:51:35 executed programs: 111 2019/04/30 21:51:40 executed programs: 305 2019/04/30 21:51:45 executed programs: 488 2019/04/30 21:51:51 executed programs: 682 2019/04/30 21:51:56 executed programs: 870 2019/04/30 21:52:01 executed programs: 1157 2019/04/30 21:52:06 executed programs: 1367 2019/04/30 21:52:11 executed programs: 1537 2019/04/30 21:52:16 executed programs: 1803 2019/04/30 21:52:21 executed programs: 2060 2019/04/30 21:52:26 executed programs: 2229 2019/04/30 21:52:31 executed programs: 2461 2019/04/30 21:52:36 executed programs: 2684 2019/04/30 21:52:41 executed programs: 2905 2019/04/30 21:52:46 executed programs: 3137 2019/04/30 21:52:51 executed programs: 3280 2019/04/30 21:52:56 executed programs: 3465 2019/04/30 21:53:01 executed programs: 3647 2019/04/30 21:53:06 executed programs: 3859 2019/04/30 21:53:12 executed programs: 4065 2019/04/30 21:53:17 executed programs: 4274 2019/04/30 21:53:22 executed programs: 4444 2019/04/30 21:53:27 executed programs: 4699 2019/04/30 21:53:32 executed programs: 4902 2019/04/30 21:53:37 executed programs: 5063 2019/04/30 21:53:42 executed programs: 5223 2019/04/30 21:53:47 executed programs: 5439 2019/04/30 21:53:52 executed programs: 5633 2019/04/30 21:53:57 executed programs: 5773 2019/04/30 21:54:02 executed programs: 5980 2019/04/30 21:54:08 executed programs: 6150 2019/04/30 21:54:13 executed programs: 6351 2019/04/30 21:54:18 executed programs: 6536 2019/04/30 21:54:23 executed programs: 6653 [ 1406.505857] random: crng init done [ 1410.864896] libceph: mon0 [::1]:6789 socket error on write [ 1410.934955] libceph: mon0 [::1]:6789 socket error on write [ 1411.003594] libceph: mon0 [::1]:6789 socket error on write [ 1411.040359] libceph: mon0 [::1]:6789 socket error on write [ 1411.140895] libceph: mon0 [::1]:6789 socket error on write [ 1411.181885] libceph: mon0 [::1]:6789 socket error on write [ 1411.245012] libceph: mon0 [::1]:6789 socket error on write 2019/04/30 21:54:28 executed programs: 6662 [ 1412.085536] libceph: mon0 [::1]:6789 socket error on write [ 1412.094265] libceph: mon0 [::1]:6789 socket error on write [ 1412.099333] libceph: mon0 [::1]:6789 socket error on write [ 1412.145879] libceph: mon0 [::1]:6789 socket error on write [ 1412.199561] libceph: mon0 [::1]:6789 socket error on write [ 1412.283522] libceph: mon0 [::1]:6789 socket error on write [ 1412.417203] syz-executor.5: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 1412.417243] syz-executor.3: [ 1412.448178] syz-executor.5: [ 1412.448180] syz-executor.0: page allocation failure: order:5 [ 1412.465124] syz-executor.3: [ 1412.490113] syz-executor.3: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 1412.546395] syz-executor.3: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 1412.557229] syz-executor.3: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 1412.616213] syz-executor.4: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 1412.654918] page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 1412.699626] syz-executor.4: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 1412.751855] ================================================================== [ 1412.759501] BUG: KASAN: use-after-free in ceph_destroy_options+0xe9/0x110 [ 1412.766447] Read of size 8 at addr ffff888087aaf290 by task syz-executor.1/10204 [ 1412.773985] [ 1412.775623] CPU: 1 PID: 10204 Comm: syz-executor.1 Not tainted 4.14.114 #4 [ 1412.782636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1412.792036] Call Trace: [ 1412.794693] dump_stack+0x138/0x19c [ 1412.798337] ? ceph_destroy_options+0xe9/0x110 [ 1412.802965] print_address_description.cold+0x7c/0x1dc [ 1412.808254] ? ceph_destroy_options+0xe9/0x110 [ 1412.812849] kasan_report.cold+0xaf/0x2b5 [ 1412.817008] __asan_report_load8_noabort+0x14/0x20 [ 1412.821952] ceph_destroy_options+0xe9/0x110 [ 1412.826369] ceph_mount+0xb6d/0x1709 [ 1412.830093] ? __lockdep_init_map+0x10c/0x570 [ 1412.834607] mount_fs+0x9d/0x2a7 [ 1412.837987] vfs_kern_mount.part.0+0x5e/0x3d0 [ 1412.842494] do_mount+0x417/0x27d0 [ 1412.846049] ? copy_mount_string+0x40/0x40 [ 1412.850296] ? memdup_user+0x58/0xa0 [ 1412.854017] ? copy_mount_options+0x1fe/0x2f0 [ 1412.858525] SyS_mount+0xab/0x120 [ 1412.861974] ? copy_mnt_ns+0x8c0/0x8c0 [ 1412.865863] do_syscall_64+0x1eb/0x630 [ 1412.869749] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1412.874654] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1412.879846] RIP: 0033:0x458da9 [ 1412.883031] RSP: 002b:00007f6977eedc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1412.890746] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458da9 [ 1412.898015] RDX: 0000000020000100 RSI: 0000000020000200 RDI: 0000000020000040 [ 1412.905285] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1412.912552] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6977eee6d4 [ 1412.919829] R13: 00000000004c4da1 R14: 00000000004d8a08 R15: 00000000ffffffff [ 1412.927112] [ 1412.928734] Allocated by task 10204: [ 1412.932451] save_stack_trace+0x16/0x20 [ 1412.936420] save_stack+0x45/0xd0 [ 1412.939866] kasan_kmalloc+0xce/0xf0 [ 1412.943580] kmem_cache_alloc_trace+0x152/0x790 [ 1412.948331] ceph_parse_options+0xb8/0xe90 [ 1412.952564] ceph_mount+0x3c1/0x1709 [ 1412.956274] mount_fs+0x9d/0x2a7 [ 1412.959637] vfs_kern_mount.part.0+0x5e/0x3d0 [ 1412.964994] do_mount+0x417/0x27d0 [ 1412.968556] SyS_mount+0xab/0x120 [ 1412.972008] do_syscall_64+0x1eb/0x630 [ 1412.975899] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1412.981079] [ 1412.982706] Freed by task 10204: [ 1412.986070] save_stack_trace+0x16/0x20 [ 1412.990044] save_stack+0x45/0xd0 [ 1412.993499] kasan_slab_free+0x75/0xc0 [ 1412.997385] kfree+0xcc/0x270 [ 1413.000490] ceph_destroy_options+0xdc/0x110 [ 1413.005078] ceph_destroy_client+0x9d/0xc0 [ 1413.009312] ceph_mount+0xb46/0x1709 [ 1413.013026] mount_fs+0x9d/0x2a7 [ 1413.016388] vfs_kern_mount.part.0+0x5e/0x3d0 [ 1413.020885] do_mount+0x417/0x27d0 [ 1413.024419] SyS_mount+0xab/0x120 [ 1413.027873] do_syscall_64+0x1eb/0x630 [ 1413.031760] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1413.036937] [ 1413.038559] The buggy address belongs to the object at ffff888087aaf1c0 [ 1413.038559] which belongs to the cache kmalloc-256 of size 256 [ 1413.051221] The buggy address is located 208 bytes inside of [ 1413.051221] 256-byte region [ffff888087aaf1c0, ffff888087aaf2c0) [ 1413.063098] The buggy address belongs to the page: [ 1413.068029] page:ffffea00021eabc0 count:1 mapcount:0 mapping:ffff888087aaf080 index:0x0 [ 1413.076265] flags: 0x1fffc0000000100(slab) [ 1413.080503] raw: 01fffc0000000100 ffff888087aaf080 0000000000000000 000000010000000c [ 1413.088393] raw: ffffea00024c4260 ffffea0001488460 ffff8880aa8007c0 0000000000000000 [ 1413.096267] page dumped because: kasan: bad access detected [ 1413.101973] [ 1413.103593] Memory state around the buggy address: [ 1413.108523] ffff888087aaf180: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 1413.115877] ffff888087aaf200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1413.123232] >ffff888087aaf280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 1413.130584] ^ [ 1413.134470] ffff888087aaf300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1413.141829] ffff888087aaf380: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 1413.149200] ================================================================== [ 1413.156552] Disabling lock debugging due to kernel taint [ 1413.162001] ================================================================== [ 1413.169399] BUG: KASAN: double-free or invalid-free in ceph_destroy_options+0xd4/0x110 [ 1413.177458] [ 1413.179100] CPU: 0 PID: 9986 Comm: syz-executor.0 Tainted: G B 4.14.114 #4 [ 1413.187331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1413.196682] Call Trace: [ 1413.199280] dump_stack+0x138/0x19c [ 1413.202913] ? ceph_destroy_options+0xd4/0x110 [ 1413.207498] print_address_description.cold+0x7c/0x1dc [ 1413.212778] ? ceph_destroy_options+0xd4/0x110 [ 1413.217363] ? ceph_destroy_options+0xd4/0x110 [ 1413.221940] kasan_report_double_free+0x56/0x80 [ 1413.226628] kasan_slab_free+0xa7/0xc0 [ 1413.230509] kfree+0xcc/0x270 [ 1413.233618] ceph_destroy_options+0xd4/0x110 [ 1413.238025] ceph_mount+0xb6d/0x1709 [ 1413.241747] ? __lockdep_init_map+0x10c/0x570 [ 1413.246242] mount_fs+0x9d/0x2a7 [ 1413.249606] vfs_kern_mount.part.0+0x5e/0x3d0 [ 1413.254097] do_mount+0x417/0x27d0 [ 1413.257633] ? copy_mount_string+0x40/0x40 [ 1413.261874] ? memdup_user+0x58/0xa0 [ 1413.265586] ? copy_mount_options+0x1fe/0x2f0 [ 1413.270080] SyS_mount+0xab/0x120 [ 1413.273527] ? copy_mnt_ns+0x8c0/0x8c0 [ 1413.277410] do_syscall_64+0x1eb/0x630 [ 1413.281291] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1413.286158] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1413.291342] RIP: 0033:0x458da9 [ 1413.294524] RSP: 002b:00007f3ae1dcfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1413.302229] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458da9 [ 1413.309493] RDX: 0000000020000100 RSI: 0000000020000200 RDI: 0000000020000040 [ 1413.316757] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1413.324020] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3ae1dd06d4 [ 1413.331282] R13: 00000000004c4da1 R14: 00000000004d8a08 R15: 00000000ffffffff [ 1413.338557] [ 1413.340181] Allocated by task 9986: [ 1413.343809] save_stack_trace+0x16/0x20 [ 1413.347787] save_stack+0x45/0xd0 [ 1413.351233] kasan_kmalloc+0xce/0xf0 [ 1413.354939] kmem_cache_alloc_trace+0x152/0x790 [ 1413.359604] ceph_parse_options+0xfe/0xe90 [ 1413.363841] ceph_mount+0x3c1/0x1709 [ 1413.367549] mount_fs+0x9d/0x2a7 [ 1413.370906] vfs_kern_mount.part.0+0x5e/0x3d0 [ 1413.375398] do_mount+0x417/0x27d0 [ 1413.378935] SyS_mount+0xab/0x120 [ 1413.382379] do_syscall_64+0x1eb/0x630 [ 1413.386259] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1413.391451] [ 1413.393068] Freed by task 9986: [ 1413.396347] save_stack_trace+0x16/0x20 [ 1413.400344] save_stack+0x45/0xd0 [ 1413.403787] kasan_slab_free+0x75/0xc0 [ 1413.407667] kfree+0xcc/0x270 [ 1413.410775] ceph_destroy_options+0xd4/0x110 [ 1413.415176] ceph_destroy_client+0x9d/0xc0 [ 1413.419410] ceph_mount+0xb46/0x1709 [ 1413.423125] mount_fs+0x9d/0x2a7 [ 1413.426486] vfs_kern_mount.part.0+0x5e/0x3d0 [ 1413.430969] do_mount+0x417/0x27d0 [ 1413.434504] SyS_mount+0xab/0x120 [ 1413.437957] do_syscall_64+0x1eb/0x630 [ 1413.441840] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1413.447034] [ 1413.448659] The buggy address belongs to the object at ffff8881cdf40e00 [ 1413.448659] which belongs to the cache kmalloc-8192 of size 8192 [ 1413.461483] The buggy address is located 0 bytes inside of [ 1413.461483] 8192-byte region [ffff8881cdf40e00, ffff8881cdf42e00) [ 1413.473272] The buggy address belongs to the page: [ 1413.478205] page:ffffea000737d000 count:1 mapcount:0 mapping:ffff8881cdf40e00 index:0x0 compound_mapcount: 0 [ 1413.488347] flags: 0x6fffc0000008100(slab|head) [ 1413.493011] raw: 06fffc0000008100 ffff8881cdf40e00 0000000000000000 0000000100000001 [ 1413.500977] raw: ffffea0007669120 ffffea00071f5220 ffff8880aa802080 0000000000000000 [ 1413.508883] page dumped because: kasan: bad access detected [ 1413.514582] [ 1413.516199] Memory state around the buggy address: [ 1413.521124] ffff8881cdf40d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1413.528483] ffff8881cdf40d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1413.536709] >ffff8881cdf40e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1413.544056] ^ [ 1413.547423] ffff8881cdf40e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1413.554776] ffff8881cdf40f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1413.562126] ================================================================== [ 1413.569480] Kernel panic - not syncing: panic_on_warn set ... [ 1413.569480] [ 1413.569484] ================================================================== [ 1413.569507] BUG: KASAN: double-free or invalid-free in ceph_destroy_options+0xd4/0x110 [ 1413.576843] CPU: 0 PID: 9986 Comm: syz-executor.0 Tainted: G B 4.14.114 #4 [ 1413.584206] [ 1413.592253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1413.611342] Call Trace: [ 1413.613934] dump_stack+0x138/0x19c [ 1413.617557] panic+0x1f2/0x438 [ 1413.620745] ? add_taint.cold+0x16/0x16 [ 1413.624729] ? lock_downgrade+0x6e0/0x6e0 [ 1413.628880] ? print_shadow_for_address+0xa7/0xf4 [ 1413.633724] ? ceph_destroy_options+0xd4/0x110 [ 1413.638298] ? ceph_destroy_options+0xd4/0x110 [ 1413.642881] kasan_end_report+0x47/0x4f [ 1413.646867] kasan_report_double_free+0x73/0x80 [ 1413.651534] kasan_slab_free+0xa7/0xc0 [ 1413.655413] kfree+0xcc/0x270 [ 1413.658520] ceph_destroy_options+0xd4/0x110 [ 1413.662923] ceph_mount+0xb6d/0x1709 [ 1413.666631] ? __lockdep_init_map+0x10c/0x570 [ 1413.671138] mount_fs+0x9d/0x2a7 [ 1413.674500] vfs_kern_mount.part.0+0x5e/0x3d0 [ 1413.679000] do_mount+0x417/0x27d0 [ 1413.682537] ? copy_mount_string+0x40/0x40 [ 1413.686767] ? memdup_user+0x58/0xa0 [ 1413.690471] ? copy_mount_options+0x1fe/0x2f0 [ 1413.694961] SyS_mount+0xab/0x120 [ 1413.698407] ? copy_mnt_ns+0x8c0/0x8c0 [ 1413.702292] do_syscall_64+0x1eb/0x630 [ 1413.706190] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1413.711037] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1413.716224] RIP: 0033:0x458da9 [ 1413.719409] RSP: 002b:00007f3ae1dcfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1413.727109] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458da9 [ 1413.734369] RDX: 0000000020000100 RSI: 0000000020000200 RDI: 0000000020000040 [ 1413.741634] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1413.748920] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3ae1dd06d4 [ 1413.756185] R13: 00000000004c4da1 R14: 00000000004d8a08 R15: 00000000ffffffff [ 1413.763467] CPU: 1 PID: 9298 Comm: syz-executor.3 Tainted: G B 4.14.114 #4 [ 1413.771613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1413.780956] Call Trace: [ 1413.783546] dump_stack+0x138/0x19c [ 1413.787171] ? ceph_destroy_options+0xd4/0x110 [ 1413.791749] print_address_description.cold+0x7c/0x1dc [ 1413.797018] ? ceph_destroy_options+0xd4/0x110 [ 1413.801591] ? ceph_destroy_options+0xd4/0x110 [ 1413.806167] kasan_report_double_free+0x56/0x80 [ 1413.810837] kasan_slab_free+0xa7/0xc0 [ 1413.814728] kfree+0xcc/0x270 [ 1413.817841] ceph_destroy_options+0xd4/0x110 [ 1413.822246] ceph_mount+0xb6d/0x1709 [ 1413.826002] ? __lockdep_init_map+0x10c/0x570 [ 1413.830497] mount_fs+0x9d/0x2a7 [ 1413.833858] vfs_kern_mount.part.0+0x5e/0x3d0 [ 1413.838353] do_mount+0x417/0x27d0 [ 1413.841887] ? copy_mount_string+0x40/0x40 [ 1413.846117] ? memdup_user+0x58/0xa0 [ 1413.849840] ? copy_mount_options+0x1fe/0x2f0 [ 1413.854332] SyS_mount+0xab/0x120 [ 1413.857776] ? copy_mnt_ns+0x8c0/0x8c0 [ 1413.861658] do_syscall_64+0x1eb/0x630 [ 1413.865554] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1413.870393] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1413.875573] RIP: 0033:0x458da9 [ 1413.878755] RSP: 002b:00007f51762dbc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1413.886455] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458da9 [ 1413.893735] RDX: 0000000020000100 RSI: 0000000020000200 RDI: 0000000020000040 [ 1413.900999] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1413.908258] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51762dc6d4 [ 1413.915520] R13: 00000000004c4da1 R14: 00000000004d8a08 R15: 00000000ffffffff [ 1413.922789] [ 1413.924412] Allocated by task 9298: [ 1413.928037] save_stack_trace+0x16/0x20 [ 1413.932007] save_stack+0x45/0xd0 [ 1413.935449] kasan_kmalloc+0xce/0xf0 [ 1413.939156] kmem_cache_alloc_trace+0x152/0x790 [ 1413.943835] ceph_parse_options+0xfe/0xe90 [ 1413.948062] ceph_mount+0x3c1/0x1709 [ 1413.951765] mount_fs+0x9d/0x2a7 [ 1413.955129] vfs_kern_mount.part.0+0x5e/0x3d0 [ 1413.959612] do_mount+0x417/0x27d0 [ 1413.963141] SyS_mount+0xab/0x120 [ 1413.966585] do_syscall_64+0x1eb/0x630 [ 1413.970464] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1413.975642] [ 1413.977281] Freed by task 9298: [ 1413.980553] save_stack_trace+0x16/0x20 [ 1413.984518] save_stack+0x45/0xd0 [ 1413.987960] kasan_slab_free+0x75/0xc0 [ 1413.991862] kfree+0xcc/0x270 [ 1413.994961] ceph_destroy_options+0xd4/0x110 [ 1413.999360] ceph_destroy_client+0x9d/0xc0 [ 1414.003589] ceph_mount+0xb46/0x1709 [ 1414.007311] mount_fs+0x9d/0x2a7 [ 1414.010686] vfs_kern_mount.part.0+0x5e/0x3d0 [ 1414.015174] do_mount+0x417/0x27d0 [ 1414.018703] SyS_mount+0xab/0x120 [ 1414.022147] do_syscall_64+0x1eb/0x630 [ 1414.026025] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1414.031202] [ 1414.032827] The buggy address belongs to the object at ffff8881cf3c1b40 [ 1414.032827] which belongs to the cache kmalloc-8192 of size 8192 [ 1414.045649] The buggy address is located 0 bytes inside of [ 1414.045649] 8192-byte region [ffff8881cf3c1b40, ffff8881cf3c3b40) [ 1414.057423] The buggy address belongs to the page: [ 1414.062343] page:ffffea00073cf000 count:1 mapcount:0 mapping:ffff8881cf3c1b40 index:0x0 compound_mapcount: 0 [ 1414.072306] flags: 0x6fffc0000008100(slab|head) [ 1414.076966] raw: 06fffc0000008100 ffff8881cf3c1b40 0000000000000000 0000000100000001 [ 1414.084844] raw: ffffea000725c120 ffffea00073cf620 ffff8880aa802080 0000000000000000 [ 1414.092710] page dumped because: kasan: bad access detected [ 1414.098405] [ 1414.100019] Memory state around the buggy address: [ 1414.104936] ffff8881cf3c1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1414.112285] ffff8881cf3c1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1414.119633] >ffff8881cf3c1b00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 1414.126979] ^ [ 1414.132421] ffff8881cf3c1b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1414.139769] ffff8881cf3c1c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1414.147119] ================================================================== [ 1414.913618] Shutting down cpus with NMI [ 1414.918719] Kernel Offset: disabled [ 1414.922347] Rebooting in 86400 seconds..