[info] Using makefile-style concurrent boot in runlevel 2. [ 28.297543] audit: type=1800 audit(1542560774.016:21): pid=5906 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.743358] sshd (6046) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. 2018/11/18 17:06:32 parsed 1 programs 2018/11/18 17:06:34 executed programs: 0 [ 49.181080] IPVS: ftp: loaded support on port[0] = 21 [ 49.190202] IPVS: ftp: loaded support on port[0] = 21 [ 49.201476] IPVS: ftp: loaded support on port[0] = 21 [ 49.204877] IPVS: ftp: loaded support on port[0] = 21 [ 49.221570] IPVS: ftp: loaded support on port[0] = 21 [ 49.240910] IPVS: ftp: loaded support on port[0] = 21 [ 50.347860] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.354369] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.365404] device bridge_slave_0 entered promiscuous mode [ 50.385046] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.396181] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.416224] device bridge_slave_0 entered promiscuous mode [ 50.446117] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.454336] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.462458] device bridge_slave_1 entered promiscuous mode [ 50.473333] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.487871] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.495313] device bridge_slave_0 entered promiscuous mode [ 50.502436] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.509806] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.516848] device bridge_slave_0 entered promiscuous mode [ 50.528574] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.535399] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.543597] device bridge_slave_1 entered promiscuous mode [ 50.552481] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.563565] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.571451] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.578600] device bridge_slave_1 entered promiscuous mode [ 50.586510] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.596801] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.608326] device bridge_slave_0 entered promiscuous mode [ 50.618790] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.625135] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.632629] device bridge_slave_1 entered promiscuous mode [ 50.639886] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.646729] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.655615] device bridge_slave_0 entered promiscuous mode [ 50.668249] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.677306] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.696249] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.716035] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.726376] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.734023] device bridge_slave_1 entered promiscuous mode [ 50.740969] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.752371] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.763419] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.772930] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.786390] device bridge_slave_1 entered promiscuous mode [ 50.793566] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.803579] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.827244] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.883205] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.893008] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.960767] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.022783] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.033944] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.053964] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.105241] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.124567] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.149188] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.159910] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.175549] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.190849] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.209254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.232110] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.246873] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.258718] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.269299] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.288521] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.300009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.306989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.318270] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.326936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.350976] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.361766] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.382938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.392371] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.406322] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.417489] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.425267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.456852] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.475801] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.566038] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.585580] team0: Port device team_slave_0 added [ 51.654456] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.665181] team0: Port device team_slave_1 added [ 51.682138] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.696572] team0: Port device team_slave_0 added [ 51.707313] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.714697] team0: Port device team_slave_0 added [ 51.724750] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.733002] team0: Port device team_slave_0 added [ 51.759504] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.766917] team0: Port device team_slave_1 added [ 51.787803] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.816624] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.824148] team0: Port device team_slave_0 added [ 51.833062] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.841129] team0: Port device team_slave_1 added [ 51.852154] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.861111] team0: Port device team_slave_0 added [ 51.866448] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.877525] team0: Port device team_slave_1 added [ 51.884251] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.904289] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.918141] team0: Port device team_slave_1 added [ 51.924307] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.939148] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.947561] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.955127] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.989258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.000410] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.011983] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.028094] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.034975] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.048477] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.056001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.063925] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.076800] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.084916] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.092846] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.100099] team0: Port device team_slave_1 added [ 52.106309] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.115845] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.128414] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.146045] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.162921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.171820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.180500] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.191862] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.199932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.209243] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.217366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.225276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.233969] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.246883] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.262918] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.273946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.285564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.300690] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.319413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.327271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.334921] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.343420] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.353365] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.366874] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.381846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.392800] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.406726] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.415058] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.422911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.430829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.439004] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.449788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.458257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.469256] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.491049] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.509277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.522727] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.531899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.540754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.560115] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.574158] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.590788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.599779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.615800] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.624545] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.671932] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.698117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.705889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.203304] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.209854] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.216833] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.223269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.239121] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.250120] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.256478] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.263151] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.269541] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.282173] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.349071] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.355471] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.362206] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.368613] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.378063] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.395791] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.402192] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.408911] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.415285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.448084] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.474030] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.480466] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.487219] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.493591] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.509221] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.659706] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.666092] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.672820] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.679222] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.692369] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.087375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.095007] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.103157] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.111100] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.119303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.126485] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.184381] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.283778] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.302027] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.326683] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.468341] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.479198] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.564886] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.585375] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.604240] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.621253] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.719109] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.778260] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.784532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.792598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.865279] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.883250] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.900904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.910862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.919622] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.927230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.938292] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.944568] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.952323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.962909] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.100510] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.106696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.115178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.135608] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.165010] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.182292] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.192578] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.298226] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.304392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.312505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.424917] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.552937] 8021q: adding VLAN 0 to HW filter on device team0 2018/11/18 17:06:44 executed programs: 6 2018/11/18 17:06:49 executed programs: 224 2018/11/18 17:06:54 executed programs: 454 2018/11/18 17:06:59 executed programs: 689 2018/11/18 17:07:04 executed programs: 922 2018/11/18 17:07:09 executed programs: 1146 [ 86.391631] ================================================================== [ 86.399178] BUG: KASAN: use-after-free in __list_add_valid+0x8f/0xac [ 86.405675] Read of size 8 at addr ffff8881b97b8560 by task syz-executor3/12896 [ 86.413115] [ 86.414752] CPU: 1 PID: 12896 Comm: syz-executor3 Not tainted 4.20.0-rc2+ #117 [ 86.422107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.431456] Call Trace: [ 86.434055] dump_stack+0x244/0x39d [ 86.437694] ? dump_stack_print_info.cold.1+0x20/0x20 [ 86.442889] ? printk+0xa7/0xcf [ 86.446177] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 86.450945] print_address_description.cold.7+0x9/0x1ff [ 86.456312] kasan_report.cold.8+0x242/0x309 [ 86.460725] ? __list_add_valid+0x8f/0xac [ 86.464879] __asan_report_load8_noabort+0x14/0x20 [ 86.469811] __list_add_valid+0x8f/0xac [ 86.473793] bpf_prog_kallsyms_add+0x200/0x9b0 [ 86.478387] ? bpf_patch_insn_single+0x2c0/0x2c0 [ 86.483165] ? set_memory_ro+0x7b/0xa0 [ 86.487066] ? _set_memory_wb+0xa0/0xa0 [ 86.491054] bpf_check+0x4fcb/0x6310 [ 86.494787] ? fixup_bpf_calls+0x1ca0/0x1ca0 [ 86.499210] ? ktime_get+0x400/0x400 [ 86.502938] ? memset+0x31/0x40 [ 86.506225] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 86.511766] ? bpf_obj_name_cpy+0x17c/0x1c0 [ 86.516276] bpf_prog_load+0x113d/0x1cc0 [ 86.520350] ? bpf_prog_new_fd+0x60/0x60 [ 86.524420] ? __might_fault+0x12b/0x1e0 [ 86.528493] ? lock_downgrade+0x900/0x900 [ 86.532660] ? perf_trace_sched_process_exec+0x860/0x860 [ 86.538118] ? usercopy_warn+0x110/0x110 [ 86.542208] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 86.547756] __x64_sys_bpf+0x36c/0x520 [ 86.551664] ? bpf_prog_get+0x20/0x20 [ 86.555491] do_syscall_64+0x1b9/0x820 [ 86.559379] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 86.564746] ? syscall_return_slowpath+0x5e0/0x5e0 [ 86.569683] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 86.574534] ? trace_hardirqs_on_caller+0x310/0x310 [ 86.579554] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 86.584576] ? prepare_exit_to_usermode+0x291/0x3b0 [ 86.589601] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 86.594461] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.599663] RIP: 0033:0x457569 [ 86.602863] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 86.621769] RSP: 002b:00007f6de3718c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 86.629480] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 86.636760] RDX: 0000000000000048 RSI: 0000000020000000 RDI: 0000000000000005 [ 86.644029] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 86.651390] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6de37196d4 [ 86.658665] R13: 00000000004bd97c R14: 00000000004cc688 R15: 00000000ffffffff [ 86.665955] [ 86.667579] Allocated by task 12883: [ 86.671298] save_stack+0x43/0xd0 [ 86.674751] kasan_kmalloc+0xc7/0xe0 [ 86.678463] kmem_cache_alloc_trace+0x152/0x750 [ 86.683137] bpf_prog_alloc+0x16b/0x3e0 [ 86.687112] bpf_prog_load+0x435/0x1cc0 [ 86.691083] __x64_sys_bpf+0x36c/0x520 [ 86.694970] do_syscall_64+0x1b9/0x820 [ 86.698860] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.704043] [ 86.705675] Freed by task 17: [ 86.708783] save_stack+0x43/0xd0 [ 86.712236] __kasan_slab_free+0x102/0x150 [ 86.716470] kasan_slab_free+0xe/0x10 [ 86.720272] kfree+0xcf/0x230 [ 86.723380] bpf_prog_free_deferred+0x2a4/0x420 [ 86.728048] process_one_work+0xc90/0x1c40 [ 86.732284] worker_thread+0x17f/0x1390 [ 86.736262] kthread+0x35a/0x440 [ 86.739632] ret_from_fork+0x3a/0x50 [ 86.743342] [ 86.744975] The buggy address belongs to the object at ffff8881b97b8500 [ 86.744975] which belongs to the cache kmalloc-512 of size 512 [ 86.757634] The buggy address is located 96 bytes inside of [ 86.757634] 512-byte region [ffff8881b97b8500, ffff8881b97b8700) [ 86.769431] The buggy address belongs to the page: [ 86.774360] page:ffffea0006e5ee00 count:1 mapcount:0 mapping:ffff8881da800940 index:0xffff8881b97b8a00 [ 86.783806] flags: 0x2fffc0000000200(slab) [ 86.788045] raw: 02fffc0000000200 ffffea0006ede848 ffffea0006e6b508 ffff8881da800940 [ 86.795931] raw: ffff8881b97b8a00 ffff8881b97b8000 0000000100000005 0000000000000000 [ 86.803802] page dumped because: kasan: bad access detected [ 86.809502] [ 86.811124] Memory state around the buggy address: [ 86.816053] ffff8881b97b8400: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 86.823413] ffff8881b97b8480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 86.830770] >ffff8881b97b8500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.838125] ^ [ 86.844620] ffff8881b97b8580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.851985] ffff8881b97b8600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.859334] ================================================================== [ 86.866684] Disabling lock debugging due to kernel taint [ 86.872209] Kernel panic - not syncing: panic_on_warn set ... [ 86.878103] CPU: 1 PID: 12896 Comm: syz-executor3 Tainted: G B 4.20.0-rc2+ #117 [ 86.886843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.896195] Call Trace: [ 86.898791] dump_stack+0x244/0x39d [ 86.902423] ? dump_stack_print_info.cold.1+0x20/0x20 [ 86.907622] panic+0x2ad/0x55c [ 86.910822] ? add_taint.cold.5+0x16/0x16 [ 86.914975] ? trace_hardirqs_on+0x9a/0x310 [ 86.919295] ? trace_hardirqs_on+0xb4/0x310 [ 86.923613] ? trace_hardirqs_on+0xb4/0x310 [ 86.927952] kasan_end_report+0x47/0x4f [ 86.931923] kasan_report.cold.8+0x76/0x309 [ 86.936243] ? __list_add_valid+0x8f/0xac [ 86.940393] __asan_report_load8_noabort+0x14/0x20 [ 86.945320] __list_add_valid+0x8f/0xac [ 86.949301] bpf_prog_kallsyms_add+0x200/0x9b0 [ 86.954065] ? bpf_patch_insn_single+0x2c0/0x2c0 [ 86.958833] ? set_memory_ro+0x7b/0xa0 [ 86.962726] ? _set_memory_wb+0xa0/0xa0 [ 86.966704] bpf_check+0x4fcb/0x6310 [ 86.970428] ? fixup_bpf_calls+0x1ca0/0x1ca0 [ 86.974839] ? ktime_get+0x400/0x400 [ 86.978558] ? memset+0x31/0x40 [ 86.981840] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 86.987375] ? bpf_obj_name_cpy+0x17c/0x1c0 [ 86.991698] bpf_prog_load+0x113d/0x1cc0 [ 86.995760] ? bpf_prog_new_fd+0x60/0x60 [ 86.999821] ? __might_fault+0x12b/0x1e0 [ 87.003897] ? lock_downgrade+0x900/0x900 [ 87.008049] ? perf_trace_sched_process_exec+0x860/0x860 [ 87.013502] ? usercopy_warn+0x110/0x110 [ 87.017580] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 87.023123] __x64_sys_bpf+0x36c/0x520 [ 87.027014] ? bpf_prog_get+0x20/0x20 [ 87.030827] do_syscall_64+0x1b9/0x820 [ 87.034718] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 87.040092] ? syscall_return_slowpath+0x5e0/0x5e0 [ 87.045023] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 87.049868] ? trace_hardirqs_on_caller+0x310/0x310 [ 87.054884] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 87.059904] ? prepare_exit_to_usermode+0x291/0x3b0 [ 87.064945] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 87.069794] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.074987] RIP: 0033:0x457569 [ 87.078186] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 87.097086] RSP: 002b:00007f6de3718c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 87.104789] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 87.112055] RDX: 0000000000000048 RSI: 0000000020000000 RDI: 0000000000000005 [ 87.119317] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 87.126584] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6de37196d4 [ 87.133852] R13: 00000000004bd97c R14: 00000000004cc688 R15: 00000000ffffffff [ 87.150654] Kernel Offset: disabled [ 87.154277] Rebooting in 86400 seconds..