[info] Using makefile-style concurrent boot in runlevel 2. [ 26.574138] audit: type=1800 audit(1543417538.298:21): pid=5853 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.207' (ECDSA) to the list of known hosts. 2018/11/28 15:05:53 parsed 1 programs 2018/11/28 15:05:55 executed programs: 0 syzkaller login: [ 43.579143] IPVS: ftp: loaded support on port[0] = 21 [ 43.579151] IPVS: ftp: loaded support on port[0] = 21 [ 43.602828] IPVS: ftp: loaded support on port[0] = 21 [ 43.617033] IPVS: ftp: loaded support on port[0] = 21 [ 43.618430] IPVS: ftp: loaded support on port[0] = 21 [ 43.662242] IPVS: ftp: loaded support on port[0] = 21 [ 45.000145] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.010749] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.019340] device bridge_slave_0 entered promiscuous mode [ 45.029659] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.038000] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.045834] device bridge_slave_0 entered promiscuous mode [ 45.055142] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.062023] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.069978] device bridge_slave_0 entered promiscuous mode [ 45.087223] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.093615] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.101646] device bridge_slave_0 entered promiscuous mode [ 45.110874] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.119494] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.133260] device bridge_slave_1 entered promiscuous mode [ 45.142019] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.149840] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.157660] device bridge_slave_1 entered promiscuous mode [ 45.165064] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.171435] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.180328] device bridge_slave_0 entered promiscuous mode [ 45.190437] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.197820] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.205704] device bridge_slave_1 entered promiscuous mode [ 45.213662] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.222380] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.230241] device bridge_slave_1 entered promiscuous mode [ 45.239385] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.250356] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.257587] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.265504] device bridge_slave_0 entered promiscuous mode [ 45.273040] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.285312] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.301134] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.313956] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.328877] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.337965] device bridge_slave_1 entered promiscuous mode [ 45.346896] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.355435] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.364914] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.371285] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.394025] device bridge_slave_1 entered promiscuous mode [ 45.401956] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.413947] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.430763] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.458820] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.534527] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.561055] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.581712] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.606638] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.678062] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.691878] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.707760] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.736543] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.764069] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.776680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 45.791742] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.799791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 45.826092] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.838168] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.854084] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.868744] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 45.902852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 45.915095] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.925739] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.948683] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.964776] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.021225] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.115735] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.123274] team0: Port device team_slave_0 added [ 46.157058] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.170829] team0: Port device team_slave_0 added [ 46.187945] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.201272] team0: Port device team_slave_1 added [ 46.221336] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.236807] team0: Port device team_slave_1 added [ 46.276017] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.283452] team0: Port device team_slave_0 added [ 46.306053] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.323697] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.333039] team0: Port device team_slave_0 added [ 46.350280] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.373725] team0: Port device team_slave_0 added [ 46.381013] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.393713] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.402375] team0: Port device team_slave_1 added [ 46.419714] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.428382] team0: Port device team_slave_1 added [ 46.442787] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.453641] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.473083] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.489732] team0: Port device team_slave_1 added [ 46.498637] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.515355] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.535439] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.543484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.555897] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.563960] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.572408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.581143] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.592246] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 46.606249] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.616035] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.626008] team0: Port device team_slave_0 added [ 46.631107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.641504] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.653379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.661615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.670092] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.678769] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 46.691429] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 46.704621] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 46.717039] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.733649] team0: Port device team_slave_1 added [ 46.738998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.749051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.758217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.766507] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.774989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.782763] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.790417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.798210] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.814281] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.826558] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.836824] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 46.845104] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.853305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.869012] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.885384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.893910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.902231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.911740] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.921447] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 46.932198] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.946175] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.958493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.987212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.995159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.002608] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.010480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.027998] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.049339] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.060654] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.075448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.083339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.096133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.105049] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.113953] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.121965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.135359] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.167443] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.196080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.663335] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.669859] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.676914] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.683280] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.696865] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.710437] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.716880] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.723567] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.730001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.738999] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.816712] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.823107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.829872] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.836285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.858900] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.919209] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.925662] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.932336] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.938776] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.950389] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.006624] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.013019] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.019766] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.026179] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.035924] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.054939] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.061324] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.068063] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.074471] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.082164] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.566307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.573884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.588113] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.596266] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.603282] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.610473] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.576140] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.603985] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.760281] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.789103] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.823771] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.888198] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.901666] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.055048] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.061227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.069770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.091162] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.101254] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.124055] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.178094] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.223474] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.234842] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.243808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.340116] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.367024] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.373219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.385069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.406864] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.413024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.430805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.451277] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.461901] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.475406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.483873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.537645] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.692925] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.709493] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.724943] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.732862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.750116] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.786354] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.995162] 8021q: adding VLAN 0 to HW filter on device team0 2018/11/28 15:06:04 executed programs: 6 2018/11/28 15:06:09 executed programs: 263 [ 62.778397] ================================================================== [ 62.785931] BUG: KASAN: use-after-free in trailing_symlink+0x8ba/0x970 [ 62.792600] Read of size 1 at addr ffff8881d8e4c180 by task syz-executor5/9576 [ 62.800112] [ 62.801728] CPU: 1 PID: 9576 Comm: syz-executor5 Not tainted 4.20.0-rc4+ #352 [ 62.808981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.818321] Call Trace: [ 62.820899] dump_stack+0x244/0x39d [ 62.824515] ? dump_stack_print_info.cold.1+0x20/0x20 [ 62.829696] ? printk+0xa7/0xcf [ 62.832957] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 62.837701] print_address_description.cold.7+0x9/0x1ff [ 62.843049] kasan_report.cold.8+0x242/0x309 [ 62.847444] ? trailing_symlink+0x8ba/0x970 [ 62.851753] __asan_report_load1_noabort+0x14/0x20 [ 62.856667] trailing_symlink+0x8ba/0x970 [ 62.860802] path_lookupat.isra.43+0x22e/0xc00 [ 62.865371] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 62.870554] ? path_parentat.isra.41+0x160/0x160 [ 62.875306] ? usercopy_warn+0x110/0x110 [ 62.879360] ? check_preemption_disabled+0x48/0x280 [ 62.884376] filename_lookup+0x26a/0x520 [ 62.888439] ? filename_parentat.isra.56+0x570/0x570 [ 62.893528] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 62.899060] ? kmem_cache_alloc+0x33a/0x730 [ 62.903371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 62.908894] ? getname_flags+0x26e/0x590 [ 62.912939] user_path_at_empty+0x40/0x50 [ 62.917106] do_mount+0x177/0x31f0 [ 62.920632] ? check_preemption_disabled+0x48/0x280 [ 62.925637] ? copy_mount_string+0x40/0x40 [ 62.929860] ? rcu_pm_notify+0xc0/0xc0 [ 62.933735] ? copy_mount_options+0x5f/0x430 [ 62.938131] ? rcu_read_lock_sched_held+0x14f/0x180 [ 62.943132] ? kmem_cache_alloc_trace+0x353/0x750 [ 62.947964] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 62.953492] ? _copy_from_user+0xdf/0x150 [ 62.957631] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 62.963155] ? copy_mount_options+0x315/0x430 [ 62.967659] ksys_mount+0x12d/0x140 [ 62.971274] __x64_sys_mount+0xbe/0x150 [ 62.975241] do_syscall_64+0x1b9/0x820 [ 62.979111] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 62.984464] ? syscall_return_slowpath+0x5e0/0x5e0 [ 62.989378] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 62.994205] ? trace_hardirqs_on_caller+0x310/0x310 [ 62.999205] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 63.004207] ? prepare_exit_to_usermode+0x291/0x3b0 [ 63.009211] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 63.014043] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.019218] RIP: 0033:0x457569 [ 63.022398] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.041292] RSP: 002b:00007ff3eff6bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 63.048989] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457569 [ 63.056243] RDX: 0000000020000040 RSI: 0000000020000000 RDI: 0000000000000000 [ 63.063495] RBP: 000000000072bf00 R08: 0000000020000340 R09: 0000000000000000 [ 63.070747] R10: 0000000000200000 R11: 0000000000000246 R12: 00007ff3eff6c6d4 [ 63.078000] R13: 00000000004c2c24 R14: 00000000004d4990 R15: 00000000ffffffff [ 63.085269] [ 63.086888] Allocated by task 9578: [ 63.090517] save_stack+0x43/0xd0 [ 63.093958] kasan_kmalloc+0xc7/0xe0 [ 63.097657] __kmalloc_track_caller+0x157/0x760 [ 63.102311] kstrdup+0x39/0x70 [ 63.105488] bpf_symlink+0x26/0x140 [ 63.109098] vfs_symlink+0x37a/0x5d0 [ 63.112806] do_symlinkat+0x242/0x2d0 [ 63.116589] __x64_sys_symlink+0x59/0x80 [ 63.120633] do_syscall_64+0x1b9/0x820 [ 63.124505] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.129672] [ 63.131278] Freed by task 9579: [ 63.134558] save_stack+0x43/0xd0 [ 63.137993] __kasan_slab_free+0x102/0x150 [ 63.142208] kasan_slab_free+0xe/0x10 [ 63.145990] kfree+0xcf/0x230 [ 63.149078] bpf_evict_inode+0x11f/0x150 [ 63.153121] evict+0x4b9/0x980 [ 63.156299] iput+0x679/0xa90 [ 63.159385] do_unlinkat+0x733/0xa30 [ 63.163078] __x64_sys_unlink+0x42/0x50 [ 63.167037] do_syscall_64+0x1b9/0x820 [ 63.170907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.176076] [ 63.177688] The buggy address belongs to the object at ffff8881d8e4c180 [ 63.177688] which belongs to the cache kmalloc-32 of size 32 [ 63.190152] The buggy address is located 0 bytes inside of [ 63.190152] 32-byte region [ffff8881d8e4c180, ffff8881d8e4c1a0) [ 63.201747] The buggy address belongs to the page: [ 63.206662] page:ffffea0007639300 count:1 mapcount:0 mapping:ffff8881da8001c0 index:0xffff8881d8e4cfc1 [ 63.216090] flags: 0x2fffc0000000200(slab) [ 63.220313] raw: 02fffc0000000200 ffffea0006e27188 ffffea0006d85688 ffff8881da8001c0 [ 63.228176] raw: ffff8881d8e4cfc1 ffff8881d8e4c000 000000010000003f 0000000000000000 [ 63.236037] page dumped because: kasan: bad access detected [ 63.241724] [ 63.243327] Memory state around the buggy address: [ 63.248235] ffff8881d8e4c080: 05 fc fc fc fc fc fc fc 00 00 00 00 fc fc fc fc [ 63.255575] ffff8881d8e4c100: 00 00 00 00 fc fc fc fc 04 fc fc fc fc fc fc fc [ 63.262913] >ffff8881d8e4c180: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 63.270247] ^ [ 63.273593] ffff8881d8e4c200: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 63.280936] ffff8881d8e4c280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 63.288271] ================================================================== [ 63.295609] Disabling lock debugging due to kernel taint [ 63.301922] Kernel panic - not syncing: panic_on_warn set ... [ 63.307829] CPU: 1 PID: 9576 Comm: syz-executor5 Tainted: G B 4.20.0-rc4+ #352 [ 63.316479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.326735] Call Trace: [ 63.329317] dump_stack+0x244/0x39d [ 63.332931] ? dump_stack_print_info.cold.1+0x20/0x20 [ 63.338113] panic+0x2ad/0x55c [ 63.341291] ? add_taint.cold.5+0x16/0x16 [ 63.345450] ? preempt_schedule+0x4d/0x60 [ 63.349599] ? ___preempt_schedule+0x16/0x18 [ 63.354010] ? trace_hardirqs_on+0xb4/0x310 [ 63.358323] kasan_end_report+0x47/0x4f [ 63.362283] kasan_report.cold.8+0x76/0x309 [ 63.366604] ? trailing_symlink+0x8ba/0x970 [ 63.370910] __asan_report_load1_noabort+0x14/0x20 [ 63.375823] trailing_symlink+0x8ba/0x970 [ 63.379959] path_lookupat.isra.43+0x22e/0xc00 [ 63.384528] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 63.389717] ? path_parentat.isra.41+0x160/0x160 [ 63.394457] ? usercopy_warn+0x110/0x110 [ 63.398505] ? check_preemption_disabled+0x48/0x280 [ 63.403510] filename_lookup+0x26a/0x520 [ 63.407588] ? filename_parentat.isra.56+0x570/0x570 [ 63.412679] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 63.418205] ? kmem_cache_alloc+0x33a/0x730 [ 63.422512] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 63.428039] ? getname_flags+0x26e/0x590 [ 63.432089] user_path_at_empty+0x40/0x50 [ 63.436231] do_mount+0x177/0x31f0 [ 63.439761] ? check_preemption_disabled+0x48/0x280 [ 63.444763] ? copy_mount_string+0x40/0x40 [ 63.448985] ? rcu_pm_notify+0xc0/0xc0 [ 63.452861] ? copy_mount_options+0x5f/0x430 [ 63.457254] ? rcu_read_lock_sched_held+0x14f/0x180 [ 63.462255] ? kmem_cache_alloc_trace+0x353/0x750 [ 63.467083] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 63.472607] ? _copy_from_user+0xdf/0x150 [ 63.476742] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 63.482285] ? copy_mount_options+0x315/0x430 [ 63.486779] ksys_mount+0x12d/0x140 [ 63.490397] __x64_sys_mount+0xbe/0x150 [ 63.494362] do_syscall_64+0x1b9/0x820 [ 63.498245] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 63.503602] ? syscall_return_slowpath+0x5e0/0x5e0 [ 63.508517] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 63.513369] ? trace_hardirqs_on_caller+0x310/0x310 [ 63.518371] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 63.523372] ? prepare_exit_to_usermode+0x291/0x3b0 [ 63.528374] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 63.533203] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.538388] RIP: 0033:0x457569 [ 63.541598] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.560483] RSP: 002b:00007ff3eff6bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 63.568169] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457569 [ 63.575435] RDX: 0000000020000040 RSI: 0000000020000000 RDI: 0000000000000000 [ 63.582686] RBP: 000000000072bf00 R08: 0000000020000340 R09: 0000000000000000 [ 63.589940] R10: 0000000000200000 R11: 0000000000000246 R12: 00007ff3eff6c6d4 [ 63.597191] R13: 00000000004c2c24 R14: 00000000004d4990 R15: 00000000ffffffff [ 63.605507] Kernel Offset: disabled [ 63.609164] Rebooting in 86400 seconds..