Warning: Permanently added '10.128.0.214' (ECDSA) to the list of known hosts. 2019/02/15 05:21:03 parsed 1 programs 2019/02/15 05:21:04 executed programs: 0 syzkaller login: [ 49.364316] IPVS: ftp: loaded support on port[0] = 21 [ 49.374704] IPVS: ftp: loaded support on port[0] = 21 [ 49.395095] IPVS: ftp: loaded support on port[0] = 21 [ 49.395669] IPVS: ftp: loaded support on port[0] = 21 [ 49.443381] IPVS: ftp: loaded support on port[0] = 21 [ 49.473562] IPVS: ftp: loaded support on port[0] = 21 [ 49.616247] chnl_net:caif_netlink_parms(): no params data found [ 49.665364] chnl_net:caif_netlink_parms(): no params data found [ 49.714295] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.721014] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.728460] device bridge_slave_0 entered promiscuous mode [ 49.736088] chnl_net:caif_netlink_parms(): no params data found [ 49.769496] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.777083] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.784969] device bridge_slave_1 entered promiscuous mode [ 49.825404] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.831866] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.838851] device bridge_slave_0 entered promiscuous mode [ 49.847385] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.854039] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.860985] device bridge_slave_1 entered promiscuous mode [ 49.890339] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.934421] chnl_net:caif_netlink_parms(): no params data found [ 49.949437] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.969054] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.990425] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.997053] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.004234] device bridge_slave_0 entered promiscuous mode [ 50.035033] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.049896] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.056724] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.063893] device bridge_slave_1 entered promiscuous mode [ 50.087568] team0: Port device team_slave_0 added [ 50.100184] team0: Port device team_slave_1 added [ 50.119166] chnl_net:caif_netlink_parms(): no params data found [ 50.146157] team0: Port device team_slave_0 added [ 50.154004] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.184601] chnl_net:caif_netlink_parms(): no params data found [ 50.196003] team0: Port device team_slave_1 added [ 50.205770] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.226947] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.234010] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.240994] device bridge_slave_0 entered promiscuous mode [ 50.293596] device hsr_slave_0 entered promiscuous mode [ 50.351612] device hsr_slave_1 entered promiscuous mode [ 50.422088] team0: Port device team_slave_0 added [ 50.427297] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.434333] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.441325] device bridge_slave_1 entered promiscuous mode [ 50.514720] device hsr_slave_0 entered promiscuous mode [ 50.551794] device hsr_slave_1 entered promiscuous mode [ 50.604448] team0: Port device team_slave_1 added [ 50.609496] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.617238] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.624420] device bridge_slave_0 entered promiscuous mode [ 50.650242] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.660346] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.673640] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.680024] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.690436] device bridge_slave_1 entered promiscuous mode [ 50.730396] team0: Port device team_slave_0 added [ 50.737333] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.744250] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.751326] device bridge_slave_0 entered promiscuous mode [ 50.758935] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.779725] team0: Port device team_slave_1 added [ 50.788939] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.796275] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.803540] device bridge_slave_1 entered promiscuous mode [ 50.810862] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.863202] device hsr_slave_0 entered promiscuous mode [ 50.901512] device hsr_slave_1 entered promiscuous mode [ 50.968565] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.993260] team0: Port device team_slave_0 added [ 51.006333] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.026509] team0: Port device team_slave_1 added [ 51.086149] device hsr_slave_0 entered promiscuous mode [ 51.121759] device hsr_slave_1 entered promiscuous mode [ 51.189311] team0: Port device team_slave_0 added [ 51.195689] team0: Port device team_slave_1 added [ 51.219592] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.256171] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.324218] device hsr_slave_0 entered promiscuous mode [ 51.381742] device hsr_slave_1 entered promiscuous mode [ 51.434998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.442649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.503086] device hsr_slave_0 entered promiscuous mode [ 51.542548] device hsr_slave_1 entered promiscuous mode [ 51.597883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.605725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.614300] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.620756] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.628807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.666658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.675470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.683780] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.690102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.715814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.738688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.746819] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.765149] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.784499] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.807470] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.814438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.823273] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.830851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.838769] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.846498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.854131] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.865242] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 51.876116] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.888820] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.901156] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.907529] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.914783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.922488] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.929845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.936939] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.943983] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.950808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.960565] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.991289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.998148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.006059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.017318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.026437] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.032820] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.040137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.047967] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.055663] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.062064] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.068833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.076726] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.084797] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.091124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.098396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.106455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.114390] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.122240] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.128572] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.135557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.143658] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.151189] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.157989] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.165315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.173214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.180930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.188692] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.197276] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.204490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.212126] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.219293] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.226411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.234659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.270647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.279307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.287435] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.296276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.304352] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.313011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.320800] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.328696] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.335120] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.342043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.349706] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.357800] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.365696] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.373935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.381788] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.389278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.396861] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.404300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.411961] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.424018] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.437175] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.444893] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.452136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.459198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.467013] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.474972] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.482705] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.490061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.498038] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.512601] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.520843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.534433] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.549380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.559601] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.584250] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.600230] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.625886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.652552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.659801] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.668405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.676169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.683990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.692516] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.700389] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.706776] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.713778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.721712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.729282] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.735661] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.743916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.754101] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.783414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.791657] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.799500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.809210] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.829116] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.836738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.845607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.854636] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.860992] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.869588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.877595] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.886966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.895332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.903267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.910752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.918820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.931361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.947385] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.954921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.964706] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.973132] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.979471] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.991674] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.022139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.029922] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.040491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.048897] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.056982] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.065560] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.073666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.081166] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.089189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.096986] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.111656] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.145688] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.159715] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.213985] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/02/15 05:21:11 executed programs: 8 [ 56.270592] ================================================================== [ 56.278083] BUG: KASAN: use-after-free in refcount_inc_not_zero_checked+0x7b/0x200 [ 56.285795] Read of size 4 at addr ffff8880982ff540 by task syz-executor.5/7576 [ 56.293236] [ 56.294858] CPU: 0 PID: 7576 Comm: syz-executor.5 Not tainted 5.0.0-rc5+ #63 [ 56.302031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.311363] Call Trace: [ 56.313938] dump_stack+0x172/0x1f0 [ 56.317553] ? refcount_inc_not_zero_checked+0x7b/0x200 [ 56.322919] print_address_description.cold+0x7c/0x20d [ 56.328186] ? refcount_inc_not_zero_checked+0x7b/0x200 [ 56.333540] ? refcount_inc_not_zero_checked+0x7b/0x200 [ 56.338886] kasan_report.cold+0x1b/0x40 [ 56.342933] ? trace_hardirqs_off_caller+0x210/0x220 [ 56.348034] ? refcount_inc_not_zero_checked+0x7b/0x200 [ 56.353380] check_memory_region+0x123/0x190 [ 56.357774] kasan_check_read+0x11/0x20 [ 56.361852] refcount_inc_not_zero_checked+0x7b/0x200 [ 56.367035] ? refcount_add_not_zero_checked+0x240/0x240 [ 56.372473] ? lock_acquire+0x16f/0x3f0 [ 56.376450] refcount_inc_checked+0x17/0x70 [ 56.380843] nr_release+0x62/0x3c0 [ 56.384384] __sock_release+0xd3/0x250 [ 56.388269] ? __sock_release+0x250/0x250 [ 56.392399] sock_close+0x1b/0x30 [ 56.395841] __fput+0x2df/0x8d0 [ 56.399110] ____fput+0x16/0x20 [ 56.402383] task_work_run+0x14a/0x1c0 [ 56.406263] do_exit+0x92c/0x2fd0 [ 56.409697] ? find_held_lock+0x35/0x130 [ 56.413743] ? get_signal+0x7fd/0x1750 [ 56.417617] ? mm_update_next_owner+0x660/0x660 [ 56.422276] ? recalc_sigpending+0x31/0xe0 [ 56.426500] ? _raw_spin_unlock_irq+0x28/0x90 [ 56.430975] ? get_signal+0x7fd/0x1750 [ 56.434855] ? _raw_spin_unlock_irq+0x28/0x90 [ 56.439336] do_group_exit+0x135/0x370 [ 56.443209] get_signal+0x766/0x1750 [ 56.446912] do_signal+0x87/0x1940 [ 56.450435] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.455972] ? __sys_accept4+0x48a/0x6a0 [ 56.460029] ? setup_sigcontext+0x7d0/0x7d0 [ 56.464334] ? put_timespec64+0xda/0x140 [ 56.468379] ? nsecs_to_jiffies+0x30/0x30 [ 56.472513] ? do_syscall_64+0x52d/0x610 [ 56.476573] ? exit_to_usermode_loop+0x43/0x2c0 [ 56.481235] ? lockdep_hardirqs_on+0x415/0x5d0 [ 56.485814] ? trace_hardirqs_on+0x67/0x230 [ 56.490120] exit_to_usermode_loop+0x244/0x2c0 [ 56.494690] do_syscall_64+0x52d/0x610 [ 56.498568] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.503739] RIP: 0033:0x457e29 [ 56.506921] Code: Bad RIP value. [ 56.510271] RSP: 002b:00007ffebca73688 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 56.517960] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 0000000000457e29 [ 56.525220] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 56.532501] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 56.539754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001117914 [ 56.547009] R13: 00000000004bdbf0 R14: 00000000004cde80 R15: 00000000ffffffff [ 56.554283] [ 56.555894] Allocated by task 7576: [ 56.559513] save_stack+0x45/0xd0 [ 56.562957] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 56.567880] kasan_kmalloc+0x9/0x10 [ 56.571485] __kmalloc+0x15c/0x740 [ 56.575009] sk_prot_alloc+0x19c/0x2e0 [ 56.578877] sk_alloc+0x39/0xf70 [ 56.582230] nr_create+0xb9/0x5e0 [ 56.585688] __sock_create+0x3e6/0x750 [ 56.589580] __sys_socket+0x103/0x220 [ 56.593387] __x64_sys_socket+0x73/0xb0 [ 56.597363] do_syscall_64+0x103/0x610 [ 56.601260] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.606438] [ 56.608052] Freed by task 7576: [ 56.611334] save_stack+0x45/0xd0 [ 56.614778] __kasan_slab_free+0x102/0x150 [ 56.614794] kasan_slab_free+0xe/0x10 [ 56.614805] kfree+0xcf/0x230 [ 56.614815] __sk_destruct+0x4f1/0x6d0 [ 56.614824] sk_destruct+0x7b/0x90 [ 56.614832] __sk_free+0xce/0x300 [ 56.614840] sk_free+0x42/0x50 [ 56.614850] nr_release+0x337/0x3c0 [ 56.614860] __sock_release+0xd3/0x250 [ 56.622940] sock_close+0x1b/0x30 [ 56.622953] __fput+0x2df/0x8d0 [ 56.622965] ____fput+0x16/0x20 [ 56.622976] task_work_run+0x14a/0x1c0 [ 56.622995] do_exit+0x92c/0x2fd0 [ 56.623004] do_group_exit+0x135/0x370 [ 56.623016] get_signal+0x766/0x1750 [ 56.623027] do_signal+0x87/0x1940 [ 56.623040] exit_to_usermode_loop+0x244/0x2c0 [ 56.623052] do_syscall_64+0x52d/0x610 [ 56.623065] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.623070] [ 56.630029] The buggy address belongs to the object at ffff8880982ff4c0 [ 56.630029] which belongs to the cache kmalloc-2k of size 2048 [ 56.630041] The buggy address is located 128 bytes inside of [ 56.630041] 2048-byte region [ffff8880982ff4c0, ffff8880982ffcc0) [ 56.630046] The buggy address belongs to the page: [ 56.630059] page:ffffea000260bf80 count:1 mapcount:0 mapping:ffff88812c3f0c40 index:0x0 compound_mapcount: 0 [ 56.630074] flags: 0x1fffc0000010200(slab|head) [ 56.630091] raw: 01fffc0000010200 ffffea0002336f88 ffffea00022d7388 ffff88812c3f0c40 [ 56.630106] raw: 0000000000000000 ffff8880982fe3c0 0000000100000003 0000000000000000 [ 56.630114] page dumped because: kasan: bad access detected [ 56.637064] [ 56.637069] Memory state around the buggy address: [ 56.637081] ffff8880982ff400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 56.637091] ffff8880982ff480: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 56.637101] >ffff8880982ff500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.637107] ^ [ 56.637118] ffff8880982ff580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.637128] ffff8880982ff600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.637133] ================================================================== [ 56.637140] Disabling lock debugging due to kernel taint [ 56.819325] Kernel panic - not syncing: panic_on_warn set ... [ 56.825217] CPU: 0 PID: 7576 Comm: syz-executor.5 Tainted: G B 5.0.0-rc5+ #63 [ 56.833791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.843138] Call Trace: [ 56.845718] dump_stack+0x172/0x1f0 [ 56.849329] panic+0x2cb/0x65c [ 56.852517] ? __warn_printk+0xf3/0xf3 [ 56.856397] ? refcount_inc_not_zero_checked+0x7b/0x200 [ 56.861742] ? preempt_schedule+0x4b/0x60 [ 56.865978] ? ___preempt_schedule+0x16/0x18 [ 56.870369] ? trace_hardirqs_on+0x5e/0x230 [ 56.874690] ? refcount_inc_not_zero_checked+0x7b/0x200 [ 56.880036] end_report+0x47/0x4f [ 56.883474] ? refcount_inc_not_zero_checked+0x7b/0x200 [ 56.888830] kasan_report.cold+0xe/0x40 [ 56.892794] ? trace_hardirqs_off_caller+0x210/0x220 [ 56.897886] ? refcount_inc_not_zero_checked+0x7b/0x200 [ 56.903255] check_memory_region+0x123/0x190 [ 56.907671] kasan_check_read+0x11/0x20 [ 56.911648] refcount_inc_not_zero_checked+0x7b/0x200 [ 56.916830] ? refcount_add_not_zero_checked+0x240/0x240 [ 56.922264] ? lock_acquire+0x16f/0x3f0 [ 56.926228] refcount_inc_checked+0x17/0x70 [ 56.930546] nr_release+0x62/0x3c0 [ 56.934082] __sock_release+0xd3/0x250 [ 56.937964] ? __sock_release+0x250/0x250 [ 56.942096] sock_close+0x1b/0x30 [ 56.945533] __fput+0x2df/0x8d0 [ 56.948798] ____fput+0x16/0x20 [ 56.952066] task_work_run+0x14a/0x1c0 [ 56.955942] do_exit+0x92c/0x2fd0 [ 56.959385] ? find_held_lock+0x35/0x130 [ 56.963439] ? get_signal+0x7fd/0x1750 [ 56.967310] ? mm_update_next_owner+0x660/0x660 [ 56.971975] ? recalc_sigpending+0x31/0xe0 [ 56.976200] ? _raw_spin_unlock_irq+0x28/0x90 [ 56.980677] ? get_signal+0x7fd/0x1750 [ 56.984550] ? _raw_spin_unlock_irq+0x28/0x90 [ 56.989030] do_group_exit+0x135/0x370 [ 56.992909] get_signal+0x766/0x1750 [ 56.996618] do_signal+0x87/0x1940 [ 57.000140] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.005658] ? __sys_accept4+0x48a/0x6a0 [ 57.009702] ? setup_sigcontext+0x7d0/0x7d0 [ 57.014012] ? put_timespec64+0xda/0x140 [ 57.018057] ? nsecs_to_jiffies+0x30/0x30 [ 57.022189] ? do_syscall_64+0x52d/0x610 [ 57.026232] ? exit_to_usermode_loop+0x43/0x2c0 [ 57.030880] ? lockdep_hardirqs_on+0x415/0x5d0 [ 57.034944] kobject: 'loop1' (00000000e09e5f87): kobject_uevent_env [ 57.035452] ? trace_hardirqs_on+0x67/0x230 [ 57.046149] exit_to_usermode_loop+0x244/0x2c0 [ 57.048030] kobject: 'loop1' (00000000e09e5f87): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 57.050744] do_syscall_64+0x52d/0x610 [ 57.050762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.050774] RIP: 0033:0x457e29 [ 57.072409] Code: 48 83 e3 1f 48 c7 c1 20 00 00 00 48 29 d9 41 ba ff ff ff ff 49 d3 fa 49 d3 e2 4c 21 d2 f3 0f b8 d2 49 01 d4 4d 89 20 c3 c5 f8 <77> 4d 89 20 c3 cc cc 31 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc [ 57.091301] RSP: 002b:00007ffebca73688 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 57.099006] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 0000000000457e29 [ 57.106260] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 57.113511] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 57.120763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001117914 [ 57.128013] R13: 00000000004bdbf0 R14: 00000000004cde80 R15: 00000000ffffffff [ 57.136381] Kernel Offset: disabled [ 57.140004] Rebooting in 86400 seconds..