[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 27.524184] kauditd_printk_skb: 8 callbacks suppressed [ 27.524196] audit: type=1800 audit(1538094425.025:29): pid=5240 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 27.548936] audit: type=1800 audit(1538094425.025:30): pid=5240 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. 2018/09/28 00:28:23 parsed 1 programs 2018/09/28 00:28:26 executed programs: 0 syzkaller login: [ 108.615958] IPVS: ftp: loaded support on port[0] = 21 [ 108.616436] IPVS: ftp: loaded support on port[0] = 21 [ 108.622984] IPVS: ftp: loaded support on port[0] = 21 [ 108.628085] IPVS: ftp: loaded support on port[0] = 21 [ 108.638028] IPVS: ftp: loaded support on port[0] = 21 [ 108.640004] IPVS: ftp: loaded support on port[0] = 21 [ 109.454187] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.467611] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.475450] device bridge_slave_0 entered promiscuous mode [ 109.495476] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.504600] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.512432] device bridge_slave_1 entered promiscuous mode [ 109.525338] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.534791] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.542065] device bridge_slave_0 entered promiscuous mode [ 109.556404] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 109.577222] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.583681] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.596200] device bridge_slave_0 entered promiscuous mode [ 109.604653] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.615245] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.623351] device bridge_slave_0 entered promiscuous mode [ 109.635372] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.642849] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.650890] device bridge_slave_1 entered promiscuous mode [ 109.658595] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.664996] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.675402] device bridge_slave_0 entered promiscuous mode [ 109.682729] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 109.690230] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.697780] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.704799] device bridge_slave_1 entered promiscuous mode [ 109.712899] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 109.722810] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.730688] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.738203] device bridge_slave_0 entered promiscuous mode [ 109.744925] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.751941] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.759351] device bridge_slave_1 entered promiscuous mode [ 109.772803] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 109.781889] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 109.789989] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.796425] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.804919] device bridge_slave_1 entered promiscuous mode [ 109.814037] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.824396] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.836036] device bridge_slave_1 entered promiscuous mode [ 109.857431] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 109.865713] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 109.880473] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 109.892772] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 109.923671] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 109.933116] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 109.947028] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 109.961872] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 109.975223] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 110.015043] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 110.031027] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 110.057446] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 110.069615] ip (5699) used greatest stack depth: 14904 bytes left [ 110.081327] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 110.126633] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 110.141479] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 110.154921] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 110.181465] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 110.190425] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 110.199237] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 110.211573] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 110.226695] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 110.236171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 110.245228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 110.253610] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 110.262769] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 110.290867] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 110.302192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 110.311836] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 110.325306] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 110.339292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 110.348605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 110.357611] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 110.366793] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 110.387966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 110.401360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 110.418686] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 110.425925] team0: Port device team_slave_0 added [ 110.435063] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 110.446390] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 110.456400] team0: Port device team_slave_0 added [ 110.462633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 110.474674] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 110.484166] team0: Port device team_slave_0 added [ 110.492200] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 110.501751] team0: Port device team_slave_1 added [ 110.515095] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 110.524175] team0: Port device team_slave_1 added [ 110.566431] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 110.583988] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 110.592819] team0: Port device team_slave_1 added [ 110.632206] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 110.654040] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 110.662123] team0: Port device team_slave_0 added [ 110.681759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 110.696084] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 110.710538] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 110.718659] team0: Port device team_slave_0 added [ 110.727920] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 110.735346] team0: Port device team_slave_0 added [ 110.745070] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 110.755044] team0: Port device team_slave_1 added [ 110.768113] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 110.784918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 110.813632] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 110.822503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 110.832288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 110.842913] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 110.851784] team0: Port device team_slave_1 added [ 110.860195] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 110.870210] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 110.878863] team0: Port device team_slave_1 added [ 110.893043] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 110.909241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 110.921787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 110.939179] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 110.953021] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 110.960595] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 110.968642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 110.977098] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 110.986573] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 110.994475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.005951] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 111.018272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.032909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.042167] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 111.060809] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 111.080941] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 111.090795] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.099957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.114240] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 111.126770] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 111.137471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.151102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.172727] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 111.196178] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 111.217422] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 111.225125] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.243981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.252950] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.261070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.277868] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 111.287705] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 111.305676] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.317608] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.345226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.354307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.370069] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 111.391519] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.402831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.823557] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.830101] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.837100] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.843474] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.857492] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 111.926403] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.932885] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.939683] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.946079] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.955075] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 112.014913] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.021363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.028101] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.034480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.047832] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 112.207802] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.214214] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.220929] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.227333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.235867] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 112.245582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 112.258852] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 112.266089] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 112.282551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 112.322419] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.328887] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.335602] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.342062] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.357802] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 112.366346] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.372755] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.379488] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.385905] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.393581] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 113.315265] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 113.337564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 114.922760] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.952428] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.014858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.132143] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.161353] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.209088] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 115.226224] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 115.314566] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 115.391803] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 115.443921] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.460282] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 115.486328] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 115.497036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 115.504113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 115.531240] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 115.549203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 115.556306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 115.626173] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 115.646289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 115.662239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 115.674947] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 115.689919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 115.698960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 115.783993] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 115.794076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 115.803659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 115.820034] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 115.849373] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.885871] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.901990] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.994845] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.024520] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.098827] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 116.108698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 116.117654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 116.357571] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.508227] hrtimer: interrupt took 32448 ns 2018/09/28 00:28:35 executed programs: 6 2018/09/28 00:28:40 executed programs: 43 2018/09/28 00:28:45 executed programs: 81 2018/09/28 00:28:50 executed programs: 119 2018/09/28 00:28:56 executed programs: 156 2018/09/28 00:29:01 executed programs: 193 2018/09/28 00:29:06 executed programs: 231 2018/09/28 00:29:11 executed programs: 269 2018/09/28 00:29:16 executed programs: 306 2018/09/28 00:29:21 executed programs: 344 2018/09/28 00:29:26 executed programs: 382 [ 171.871325] ================================================================== [ 171.878884] BUG: KASAN: use-after-free in native_queued_spin_lock_slowpath+0x183/0x1120 [ 171.887051] Read of size 4 at addr ffff8801a8fac8b8 by task syz-executor1/9135 [ 171.894406] [ 171.896054] CPU: 0 PID: 9135 Comm: syz-executor1 Not tainted 4.19.0-rc5+ #34 [ 171.903244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.912597] Call Trace: [ 171.915191] dump_stack+0x1c4/0x2b4 [ 171.918832] ? dump_stack_print_info.cold.2+0x52/0x52 [ 171.924012] ? printk+0xa7/0xcf [ 171.927299] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 171.932061] print_address_description.cold.8+0x9/0x1ff [ 171.937430] kasan_report.cold.9+0x242/0x309 [ 171.941870] ? native_queued_spin_lock_slowpath+0x183/0x1120 [ 171.947683] check_memory_region+0x13e/0x1b0 [ 171.952134] kasan_check_read+0x11/0x20 [ 171.956119] native_queued_spin_lock_slowpath+0x183/0x1120 [ 171.961756] ? __pv_queued_spin_lock_slowpath+0x15d0/0x15d0 [ 171.967478] ? mark_held_locks+0x130/0x130 [ 171.971718] ? unwind_get_return_address+0x61/0xa0 [ 171.976666] ? __save_stack_trace+0x8d/0xf0 [ 171.981002] ? print_usage_bug+0xc0/0xc0 [ 171.985078] ? mark_held_locks+0xc7/0x130 [ 171.989239] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 171.994001] ? lockdep_hardirqs_on+0x19e/0x5c0 [ 171.998591] ? retint_kernel+0x2d/0x2d [ 172.002481] ? trace_hardirqs_on_caller+0xc0/0x310 [ 172.007415] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 172.012177] ? trace_hardirqs_off+0x310/0x310 [ 172.016690] ? print_usage_bug+0xc0/0xc0 [ 172.020757] ? graph_lock+0x170/0x170 [ 172.024566] ? lockdep_hardirqs_on+0x19e/0x5c0 [ 172.029162] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 172.033938] ? retint_kernel+0x2d/0x2d [ 172.037846] ? lock_acquire+0x268/0x520 [ 172.041835] ? lock_release+0x970/0x970 [ 172.045814] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 172.051359] ? check_preemption_disabled+0x48/0x200 [ 172.056382] ? vhost_vsock_get+0xde/0x100 [ 172.060536] ? vhost_vsock_get+0xde/0x100 [ 172.064784] do_raw_spin_lock+0x1a7/0x200 [ 172.068950] _raw_spin_lock_bh+0x39/0x40 [ 172.073018] ? vhost_transport_send_pkt+0x12e/0x380 [ 172.078041] vhost_transport_send_pkt+0x12e/0x380 [ 172.082889] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 172.088442] ? vhost_vsock_dev_open+0x5a0/0x5a0 [ 172.093119] ? virtio_transport_send_pkt_info+0x2e7/0x460 [ 172.098674] ? __local_bh_enable_ip+0x160/0x260 [ 172.103355] virtio_transport_send_pkt_info+0x31d/0x460 [ 172.108731] virtio_transport_connect+0x17c/0x220 [ 172.113580] ? virtio_transport_send_pkt_info+0x460/0x460 [ 172.119117] ? vsock_auto_bind+0xa9/0xe0 [ 172.123215] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 172.128781] vsock_stream_connect+0x4ed/0xe40 [ 172.133289] ? vsock_dgram_connect+0x500/0x500 [ 172.137874] ? lock_downgrade+0x900/0x900 [ 172.142033] ? lock_release+0x970/0x970 [ 172.146015] ? arch_local_save_flags+0x40/0x40 [ 172.150603] ? finish_wait+0x430/0x430 [ 172.154514] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 172.159714] ? smack_socket_connect+0x13f/0x1c0 [ 172.164394] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 172.169942] ? security_socket_connect+0x94/0xc0 [ 172.174713] __sys_connect+0x37d/0x4c0 [ 172.178612] ? __ia32_sys_accept+0xb0/0xb0 [ 172.182857] ? kasan_check_read+0x11/0x20 [ 172.187015] ? _copy_to_user+0xc8/0x110 [ 172.190999] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 172.196540] ? put_timespec64+0x10f/0x1b0 [ 172.200706] ? do_syscall_64+0x9a/0x820 [ 172.204692] ? do_syscall_64+0x9a/0x820 [ 172.208680] ? lockdep_hardirqs_on+0x421/0x5c0 [ 172.213270] ? trace_hardirqs_on+0xbd/0x310 [ 172.217594] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 172.223155] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.228525] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 172.233990] __x64_sys_connect+0x73/0xb0 [ 172.238062] do_syscall_64+0x1b9/0x820 [ 172.241961] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 172.247335] ? syscall_return_slowpath+0x5e0/0x5e0 [ 172.252270] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 172.257120] ? trace_hardirqs_on_caller+0x310/0x310 [ 172.262144] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 172.267171] ? prepare_exit_to_usermode+0x291/0x3b0 [ 172.272198] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 172.277054] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.282244] RIP: 0033:0x457579 [ 172.285444] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 172.304350] RSP: 002b:00007f6b59decc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 172.312064] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 172.319357] RDX: 0000000000000010 RSI: 0000000020000200 RDI: 0000000000000008 [ 172.326626] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 172.333930] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6b59ded6d4 [ 172.341204] R13: 00000000004bdb1a R14: 00000000004cc658 R15: 00000000ffffffff [ 172.348490] [ 172.350121] Allocated by task 9106: [ 172.353754] save_stack+0x43/0xd0 [ 172.357207] kasan_kmalloc+0xc7/0xe0 [ 172.360929] __kmalloc_node+0x47/0x70 [ 172.364733] kvmalloc_node+0xb9/0xf0 [ 172.368453] vhost_vsock_dev_open+0xa2/0x5a0 [ 172.372863] misc_open+0x3ca/0x560 [ 172.376409] chrdev_open+0x25a/0x710 [ 172.380125] do_dentry_open+0x499/0x1250 [ 172.384196] vfs_open+0xa0/0xd0 [ 172.387480] path_openat+0x12bf/0x5160 [ 172.391367] do_filp_open+0x255/0x380 [ 172.395171] do_sys_open+0x568/0x700 [ 172.398886] __x64_sys_openat+0x9d/0x100 [ 172.402959] do_syscall_64+0x1b9/0x820 [ 172.406852] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.412033] [ 172.413667] Freed by task 9105: [ 172.417831] save_stack+0x43/0xd0 [ 172.421283] __kasan_slab_free+0x102/0x150 [ 172.425519] kasan_slab_free+0xe/0x10 [ 172.429323] kfree+0xcf/0x230 [ 172.432432] kvfree+0x61/0x70 [ 172.435542] vhost_vsock_dev_release+0x4f4/0x720 [ 172.440296] __fput+0x385/0xa30 [ 172.443575] ____fput+0x15/0x20 [ 172.446861] task_work_run+0x1e8/0x2a0 [ 172.450752] exit_to_usermode_loop+0x318/0x380 [ 172.455335] do_syscall_64+0x6be/0x820 [ 172.459228] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.464411] [ 172.466041] The buggy address belongs to the object at ffff8801a8fa3bc0 [ 172.466041] which belongs to the cache kmalloc-65536 of size 65536 [ 172.479048] The buggy address is located 36088 bytes inside of [ 172.479048] 65536-byte region [ffff8801a8fa3bc0, ffff8801a8fb3bc0) [ 172.491271] The buggy address belongs to the page: [ 172.496204] page:ffffea0006a3e800 count:1 mapcount:0 mapping:ffff8801da802500 index:0x0 compound_mapcount: 0 [ 172.506179] flags: 0x2fffc0000008100(slab|head) [ 172.510856] raw: 02fffc0000008100 ffffea0006a39808 ffffea0006a36808 ffff8801da802500 [ 172.518745] raw: 0000000000000000 ffff8801a8fa3bc0 0000000100000001 0000000000000000 [ 172.526618] page dumped because: kasan: bad access detected [ 172.532580] [ 172.534225] Memory state around the buggy address: [ 172.539165] ffff8801a8fac780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 172.546526] ffff8801a8fac800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 172.553896] >ffff8801a8fac880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 172.561265] ^ [ 172.566452] ffff8801a8fac900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 172.574455] ffff8801a8fac980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 172.581823] ================================================================== [ 172.589181] Disabling lock debugging due to kernel taint [ 172.594733] Kernel panic - not syncing: panic_on_warn set ... [ 172.594733] [ 172.602100] CPU: 0 PID: 9135 Comm: syz-executor1 Tainted: G B 4.19.0-rc5+ #34 [ 172.610683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 172.620054] Call Trace: [ 172.622641] dump_stack+0x1c4/0x2b4 [ 172.626277] ? dump_stack_print_info.cold.2+0x52/0x52 [ 172.631466] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 172.636240] panic+0x238/0x4e7 [ 172.639431] ? add_taint.cold.5+0x16/0x16 [ 172.643581] ? trace_hardirqs_on+0x9a/0x310 [ 172.647905] ? trace_hardirqs_on+0xb4/0x310 [ 172.652232] ? trace_hardirqs_on+0xb4/0x310 [ 172.656554] kasan_end_report+0x47/0x4f [ 172.660550] kasan_report.cold.9+0x76/0x309 [ 172.664886] ? native_queued_spin_lock_slowpath+0x183/0x1120 [ 172.670693] check_memory_region+0x13e/0x1b0 [ 172.675098] kasan_check_read+0x11/0x20 [ 172.679076] native_queued_spin_lock_slowpath+0x183/0x1120 [ 172.684704] ? __pv_queued_spin_lock_slowpath+0x15d0/0x15d0 [ 172.690411] ? mark_held_locks+0x130/0x130 [ 172.694644] ? unwind_get_return_address+0x61/0xa0 [ 172.699582] ? __save_stack_trace+0x8d/0xf0 [ 172.703905] ? print_usage_bug+0xc0/0xc0 [ 172.707979] ? mark_held_locks+0xc7/0x130 [ 172.712128] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 172.716883] ? lockdep_hardirqs_on+0x19e/0x5c0 [ 172.721465] ? retint_kernel+0x2d/0x2d [ 172.725364] ? trace_hardirqs_on_caller+0xc0/0x310 [ 172.730292] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 172.735070] ? trace_hardirqs_off+0x310/0x310 [ 172.739577] ? print_usage_bug+0xc0/0xc0 [ 172.743647] ? graph_lock+0x170/0x170 [ 172.747464] ? lockdep_hardirqs_on+0x19e/0x5c0 [ 172.752044] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 172.756807] ? retint_kernel+0x2d/0x2d [ 172.760701] ? lock_acquire+0x268/0x520 [ 172.764686] ? lock_release+0x970/0x970 [ 172.768667] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 172.774201] ? check_preemption_disabled+0x48/0x200 [ 172.779233] ? vhost_vsock_get+0xde/0x100 [ 172.783393] ? vhost_vsock_get+0xde/0x100 [ 172.787561] do_raw_spin_lock+0x1a7/0x200 [ 172.791713] _raw_spin_lock_bh+0x39/0x40 [ 172.795786] ? vhost_transport_send_pkt+0x12e/0x380 [ 172.800802] vhost_transport_send_pkt+0x12e/0x380 [ 172.805644] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 172.811189] ? vhost_vsock_dev_open+0x5a0/0x5a0 [ 172.815861] ? virtio_transport_send_pkt_info+0x2e7/0x460 [ 172.821402] ? __local_bh_enable_ip+0x160/0x260 [ 172.826073] virtio_transport_send_pkt_info+0x31d/0x460 [ 172.831441] virtio_transport_connect+0x17c/0x220 [ 172.836286] ? virtio_transport_send_pkt_info+0x460/0x460 [ 172.841835] ? vsock_auto_bind+0xa9/0xe0 [ 172.845900] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 172.851446] vsock_stream_connect+0x4ed/0xe40 [ 172.855945] ? vsock_dgram_connect+0x500/0x500 [ 172.860539] ? lock_downgrade+0x900/0x900 [ 172.864707] ? lock_release+0x970/0x970 [ 172.868709] ? arch_local_save_flags+0x40/0x40 [ 172.873313] ? finish_wait+0x430/0x430 [ 172.877208] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 172.882400] ? smack_socket_connect+0x13f/0x1c0 [ 172.887082] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 172.892620] ? security_socket_connect+0x94/0xc0 [ 172.897382] __sys_connect+0x37d/0x4c0 [ 172.901272] ? __ia32_sys_accept+0xb0/0xb0 [ 172.905532] ? kasan_check_read+0x11/0x20 [ 172.909681] ? _copy_to_user+0xc8/0x110 [ 172.913667] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 172.919206] ? put_timespec64+0x10f/0x1b0 [ 172.923360] ? do_syscall_64+0x9a/0x820 [ 172.927336] ? do_syscall_64+0x9a/0x820 [ 172.931325] ? lockdep_hardirqs_on+0x421/0x5c0 [ 172.935904] ? trace_hardirqs_on+0xbd/0x310 [ 172.940231] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 172.945768] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.951132] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 172.956586] __x64_sys_connect+0x73/0xb0 [ 172.960648] do_syscall_64+0x1b9/0x820 [ 172.964564] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 172.969936] ? syscall_return_slowpath+0x5e0/0x5e0 [ 172.974863] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 172.979707] ? trace_hardirqs_on_caller+0x310/0x310 [ 172.984724] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 172.989745] ? prepare_exit_to_usermode+0x291/0x3b0 [ 172.994766] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 172.999612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 173.004800] RIP: 0033:0x457579 [ 173.007995] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 173.026891] RSP: 002b:00007f6b59decc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 173.034602] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 173.041867] RDX: 0000000000000010 RSI: 0000000020000200 RDI: 0000000000000008 [ 173.049134] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 173.056397] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6b59ded6d4 [ 173.063673] R13: 00000000004bdb1a R14: 00000000004cc658 R15: 00000000ffffffff [ 173.071902] Kernel Offset: disabled [ 173.075540] Rebooting in 86400 seconds..