[ 23.435698] audit: type=1800 audit(1540062281.884:21): pid=5182 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [ 23.472781] audit: type=1800 audit(1540062281.894:22): pid=5182 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [....] Starting enhanced syslogd: rsyslogd[ 23.797092] rsyslogd (5205) used greatest stack depth: 15688 bytes left [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. 2018/10/20 19:18:20 parsed 1 programs 2018/10/20 19:18:22 executed programs: 0 syzkaller login: [ 844.386451] IPVS: ftp: loaded support on port[0] = 21 [ 844.419841] IPVS: ftp: loaded support on port[0] = 21 [ 844.419885] IPVS: ftp: loaded support on port[0] = 21 [ 844.459940] IPVS: ftp: loaded support on port[0] = 21 [ 844.499121] IPVS: ftp: loaded support on port[0] = 21 [ 844.526827] IPVS: ftp: loaded support on port[0] = 21 [ 845.747805] bridge0: port 1(bridge_slave_0) entered blocking state [ 845.755109] bridge0: port 1(bridge_slave_0) entered disabled state [ 845.763103] device bridge_slave_0 entered promiscuous mode [ 845.790932] bridge0: port 1(bridge_slave_0) entered blocking state [ 845.797329] bridge0: port 1(bridge_slave_0) entered disabled state [ 845.817566] device bridge_slave_0 entered promiscuous mode [ 845.825402] bridge0: port 1(bridge_slave_0) entered blocking state [ 845.834609] bridge0: port 1(bridge_slave_0) entered disabled state [ 845.842831] device bridge_slave_0 entered promiscuous mode [ 845.852871] bridge0: port 2(bridge_slave_1) entered blocking state [ 845.863266] bridge0: port 2(bridge_slave_1) entered disabled state [ 845.870964] device bridge_slave_1 entered promiscuous mode [ 845.888469] bridge0: port 2(bridge_slave_1) entered blocking state [ 845.894917] bridge0: port 2(bridge_slave_1) entered disabled state [ 845.904632] device bridge_slave_1 entered promiscuous mode [ 845.913137] bridge0: port 1(bridge_slave_0) entered blocking state [ 845.921943] bridge0: port 1(bridge_slave_0) entered disabled state [ 845.930749] device bridge_slave_0 entered promiscuous mode [ 845.939114] bridge0: port 2(bridge_slave_1) entered blocking state [ 845.945480] bridge0: port 2(bridge_slave_1) entered disabled state [ 845.954136] device bridge_slave_1 entered promiscuous mode [ 845.961274] bridge0: port 1(bridge_slave_0) entered blocking state [ 845.967649] bridge0: port 1(bridge_slave_0) entered disabled state [ 845.975641] device bridge_slave_0 entered promiscuous mode [ 845.984882] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 846.008037] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 846.023512] bridge0: port 2(bridge_slave_1) entered blocking state [ 846.036391] bridge0: port 2(bridge_slave_1) entered disabled state [ 846.046861] device bridge_slave_1 entered promiscuous mode [ 846.055009] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 846.067903] bridge0: port 2(bridge_slave_1) entered blocking state [ 846.078227] bridge0: port 2(bridge_slave_1) entered disabled state [ 846.085597] device bridge_slave_1 entered promiscuous mode [ 846.094152] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 846.105860] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 846.118854] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 846.127607] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 846.150606] bridge0: port 1(bridge_slave_0) entered blocking state [ 846.156994] bridge0: port 1(bridge_slave_0) entered disabled state [ 846.170498] device bridge_slave_0 entered promiscuous mode [ 846.179754] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 846.187359] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 846.210457] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 846.257800] bridge0: port 2(bridge_slave_1) entered blocking state [ 846.266586] bridge0: port 2(bridge_slave_1) entered disabled state [ 846.274887] device bridge_slave_1 entered promiscuous mode [ 846.334185] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 846.356214] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 846.402508] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 846.424098] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 846.450128] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 846.462228] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 846.480058] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 846.499149] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 846.531862] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 846.538892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 846.555442] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 846.569273] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 846.583661] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 846.600829] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 846.630531] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 846.638902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 846.647212] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 846.666988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 846.684950] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 846.694923] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 846.706984] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 846.725759] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 846.740462] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 846.750419] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 846.758367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 846.775350] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 846.783181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 846.797437] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 846.806844] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 846.818616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 846.828667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 846.845239] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 846.855901] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 846.885458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 846.952805] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 846.962628] team0: Port device team_slave_0 added [ 847.061528] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 847.070330] team0: Port device team_slave_0 added [ 847.077633] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 847.086208] team0: Port device team_slave_0 added [ 847.093639] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 847.103327] team0: Port device team_slave_0 added [ 847.120398] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 847.127785] team0: Port device team_slave_1 added [ 847.137634] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 847.148825] team0: Port device team_slave_1 added [ 847.154220] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 847.170937] team0: Port device team_slave_0 added [ 847.180532] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 847.191622] team0: Port device team_slave_1 added [ 847.202201] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 847.220852] team0: Port device team_slave_1 added [ 847.229121] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 847.237070] team0: Port device team_slave_0 added [ 847.263233] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 847.289950] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 847.297777] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 847.316765] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 847.331743] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 847.339738] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 847.347114] team0: Port device team_slave_1 added [ 847.353049] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 847.361663] team0: Port device team_slave_1 added [ 847.369239] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 847.386582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 847.398686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 847.418993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 847.427775] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 847.440569] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 847.450000] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 847.469873] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 847.478415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 847.490463] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 847.497529] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 847.508881] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 847.518707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 847.528853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 847.547897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 847.556634] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 847.564412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 847.572202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 847.583915] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 847.593838] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 847.611710] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 847.621332] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 847.633891] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 847.644881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 847.657116] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 847.666100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 847.673986] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 847.681858] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 847.689857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 847.697470] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 847.705551] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 847.717235] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 847.729646] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 847.757609] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 847.769599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 847.777553] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 847.790022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 847.798467] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 847.806397] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 847.814818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 847.822859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 847.830939] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 847.855903] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 847.874609] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 847.892903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 847.904706] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 847.931073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 847.941042] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 847.971485] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 847.986526] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 847.996384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 848.424336] bridge0: port 2(bridge_slave_1) entered blocking state [ 848.430940] bridge0: port 2(bridge_slave_1) entered forwarding state [ 848.438100] bridge0: port 1(bridge_slave_0) entered blocking state [ 848.444501] bridge0: port 1(bridge_slave_0) entered forwarding state [ 848.452900] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 848.484140] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 848.524861] bridge0: port 2(bridge_slave_1) entered blocking state [ 848.531328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 848.538090] bridge0: port 1(bridge_slave_0) entered blocking state [ 848.544480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 848.552708] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 848.579583] bridge0: port 2(bridge_slave_1) entered blocking state [ 848.585986] bridge0: port 2(bridge_slave_1) entered forwarding state [ 848.592758] bridge0: port 1(bridge_slave_0) entered blocking state [ 848.599187] bridge0: port 1(bridge_slave_0) entered forwarding state [ 848.619477] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 848.630653] bridge0: port 2(bridge_slave_1) entered blocking state [ 848.637051] bridge0: port 2(bridge_slave_1) entered forwarding state [ 848.643808] bridge0: port 1(bridge_slave_0) entered blocking state [ 848.650244] bridge0: port 1(bridge_slave_0) entered forwarding state [ 848.660215] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 848.781895] bridge0: port 2(bridge_slave_1) entered blocking state [ 848.788380] bridge0: port 2(bridge_slave_1) entered forwarding state [ 848.795069] bridge0: port 1(bridge_slave_0) entered blocking state [ 848.801553] bridge0: port 1(bridge_slave_0) entered forwarding state [ 848.813175] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 848.827235] bridge0: port 2(bridge_slave_1) entered blocking state [ 848.833727] bridge0: port 2(bridge_slave_1) entered forwarding state [ 848.840460] bridge0: port 1(bridge_slave_0) entered blocking state [ 848.846843] bridge0: port 1(bridge_slave_0) entered forwarding state [ 848.856325] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 849.518251] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 849.534958] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 849.545010] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 849.553387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 849.560947] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 851.404353] 8021q: adding VLAN 0 to HW filter on device bond0 [ 851.429513] 8021q: adding VLAN 0 to HW filter on device bond0 [ 851.448120] 8021q: adding VLAN 0 to HW filter on device bond0 [ 851.514250] 8021q: adding VLAN 0 to HW filter on device bond0 [ 851.539809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 851.627072] 8021q: adding VLAN 0 to HW filter on device bond0 [ 851.681354] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 851.703624] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 851.735255] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 851.761059] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 851.771550] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 851.915775] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 851.952602] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 851.958974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 851.966149] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 851.997193] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 852.011150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 852.019468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 852.033355] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 852.056017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 852.064720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 852.076612] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 852.086533] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 852.095370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 852.107389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 852.118829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 852.125802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 852.254645] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 852.266651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 852.281590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 852.303152] 8021q: adding VLAN 0 to HW filter on device team0 [ 852.317842] 8021q: adding VLAN 0 to HW filter on device team0 [ 852.346392] 8021q: adding VLAN 0 to HW filter on device team0 [ 852.360135] 8021q: adding VLAN 0 to HW filter on device team0 [ 852.384579] 8021q: adding VLAN 0 to HW filter on device team0 [ 852.541019] 8021q: adding VLAN 0 to HW filter on device team0 2018/10/20 19:18:32 executed programs: 6 2018/10/20 19:18:37 executed programs: 228 2018/10/20 19:18:42 executed programs: 456 2018/10/20 19:18:47 executed programs: 688 2018/10/20 19:18:52 executed programs: 928 2018/10/20 19:18:57 executed programs: 1156 2018/10/20 19:19:02 executed programs: 1384 2018/10/20 19:19:07 executed programs: 1621 2018/10/20 19:19:12 executed programs: 1855 2018/10/20 19:19:17 executed programs: 2088 2018/10/20 19:19:22 executed programs: 2316 2018/10/20 19:19:27 executed programs: 2545 2018/10/20 19:19:32 executed programs: 2777 2018/10/20 19:19:37 executed programs: 3011 2018/10/20 19:19:42 executed programs: 3238 2018/10/20 19:19:47 executed programs: 3467 2018/10/20 19:19:52 executed programs: 3695 2018/10/20 19:19:57 executed programs: 3925 2018/10/20 19:20:02 executed programs: 4160 2018/10/20 19:20:07 executed programs: 4402 2018/10/20 19:20:12 executed programs: 4635 2018/10/20 19:20:17 executed programs: 4870 2018/10/20 19:20:22 executed programs: 5102 2018/10/20 19:20:27 executed programs: 5331 2018/10/20 19:20:32 executed programs: 5561 2018/10/20 19:20:37 executed programs: 5802 2018/10/20 19:20:42 executed programs: 6039 2018/10/20 19:20:47 executed programs: 6264 2018/10/20 19:20:53 executed programs: 6491 2018/10/20 19:20:58 executed programs: 6726 2018/10/20 19:21:03 executed programs: 6958 2018/10/20 19:21:08 executed programs: 7193 2018/10/20 19:21:13 executed programs: 7423 2018/10/20 19:21:18 executed programs: 7651 2018/10/20 19:21:23 executed programs: 7876 2018/10/20 19:21:28 executed programs: 8106 2018/10/20 19:21:33 executed programs: 8342 2018/10/20 19:21:38 executed programs: 8580 2018/10/20 19:21:43 executed programs: 8815 2018/10/20 19:21:48 executed programs: 9045 2018/10/20 19:21:53 executed programs: 9279 2018/10/20 19:21:58 executed programs: 9504 2018/10/20 19:22:03 executed programs: 9734 2018/10/20 19:22:08 executed programs: 9975 2018/10/20 19:22:13 executed programs: 10202 2018/10/20 19:22:18 executed programs: 10441 2018/10/20 19:22:23 executed programs: 10669 2018/10/20 19:22:28 executed programs: 10904 2018/10/20 19:22:33 executed programs: 11129 2018/10/20 19:22:38 executed programs: 11357 2018/10/20 19:22:43 executed programs: 11592 2018/10/20 19:22:48 executed programs: 11819 2018/10/20 19:22:53 executed programs: 12054 2018/10/20 19:22:58 executed programs: 12285 2018/10/20 19:23:03 executed programs: 12512 2018/10/20 19:23:08 executed programs: 12745 2018/10/20 19:23:13 executed programs: 12967 2018/10/20 19:23:18 executed programs: 13202 2018/10/20 19:23:23 executed programs: 13431 2018/10/20 19:23:28 executed programs: 13663 2018/10/20 19:23:33 executed programs: 13893 2018/10/20 19:23:38 executed programs: 14125 2018/10/20 19:23:43 executed programs: 14359 2018/10/20 19:23:48 executed programs: 14588 2018/10/20 19:23:53 executed programs: 14822 2018/10/20 19:23:58 executed programs: 15051 2018/10/20 19:24:03 executed programs: 15285 2018/10/20 19:24:08 executed programs: 15517 2018/10/20 19:24:13 executed programs: 15750 2018/10/20 19:24:18 executed programs: 15985 2018/10/20 19:24:23 executed programs: 16218 2018/10/20 19:24:28 executed programs: 16451 2018/10/20 19:24:33 executed programs: 16690 2018/10/20 19:24:38 executed programs: 16920 2018/10/20 19:24:43 executed programs: 17146 2018/10/20 19:24:48 executed programs: 17380 2018/10/20 19:24:53 executed programs: 17611 2018/10/20 19:24:59 executed programs: 17840 2018/10/20 19:25:04 executed programs: 18074 [ 1246.882311] ================================================================== [ 1246.889953] BUG: KASAN: use-after-free in vhost_work_queue+0xc3/0xe0 [ 1246.896460] Read of size 8 at addr ffff8801abf0d2e8 by task syz-executor3/32321 [ 1246.903908] [ 1246.905551] CPU: 1 PID: 32321 Comm: syz-executor3 Not tainted 4.19.0-rc8+ #196 [ 1246.912931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1246.922357] Call Trace: [ 1246.925029] dump_stack+0x1c4/0x2b4 [ 1246.928690] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1246.933969] ? printk+0xa7/0xcf [ 1246.937270] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 1246.942361] print_address_description.cold.8+0x9/0x1ff [ 1246.947735] kasan_report.cold.9+0x242/0x309 [ 1246.952139] ? vhost_work_queue+0xc3/0xe0 [ 1246.952177] __asan_report_load8_noabort+0x14/0x20 [ 1246.952191] vhost_work_queue+0xc3/0xe0 [ 1246.961394] vhost_transport_send_pkt+0x28a/0x380 [ 1246.961410] ? vhost_vsock_dev_open+0x5a0/0x5a0 [ 1246.961479] ? virtio_transport_send_pkt_info+0x2e7/0x460 [ 1246.961545] ? __local_bh_enable_ip+0x160/0x260 [ 1246.985151] virtio_transport_send_pkt_info+0x31d/0x460 [ 1246.990557] virtio_transport_connect+0x17c/0x220 [ 1246.995440] ? virtio_transport_send_pkt_info+0x460/0x460 [ 1247.000991] ? vsock_auto_bind+0xa9/0xe0 [ 1247.005142] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1247.010710] vsock_stream_connect+0x4ed/0xe40 [ 1247.015225] ? vsock_dgram_connect+0x500/0x500 [ 1247.019918] ? finish_wait+0x430/0x430 [ 1247.023868] ? aa_af_perm+0x5a0/0x5a0 [ 1247.027737] ? apparmor_socket_connect+0xb6/0x160 [ 1247.032604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1247.032674] ? security_socket_connect+0x94/0xc0 [ 1247.032718] __sys_connect+0x37d/0x4c0 [ 1247.032736] ? __ia32_sys_accept+0xb0/0xb0 [ 1247.051158] ? kasan_check_read+0x11/0x20 [ 1247.055385] ? _copy_to_user+0xc8/0x110 [ 1247.059383] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1247.065022] ? compat_put_timespec64+0x110/0x280 [ 1247.065079] ? do_fast_syscall_32+0x150/0xfb2 [ 1247.065097] ? do_fast_syscall_32+0x150/0xfb2 [ 1247.078836] ? lockdep_hardirqs_on+0x421/0x5c0 [ 1247.083516] ? trace_hardirqs_on+0xbd/0x310 [ 1247.087856] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1247.093479] ? entry_SYSENTER_compat+0x70/0x7f [ 1247.098087] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 1247.103577] __ia32_sys_connect+0x72/0xb0 [ 1247.107749] do_fast_syscall_32+0x34d/0xfb2 [ 1247.112090] ? do_int80_syscall_32+0x890/0x890 [ 1247.116692] ? entry_SYSENTER_compat+0x68/0x7f [ 1247.116711] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1247.116729] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1247.116746] ? trace_hardirqs_on_caller+0x310/0x310 [ 1247.116762] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1247.116843] ? recalc_sigpending_tsk+0x180/0x180 [ 1247.126367] ? kasan_check_write+0x14/0x20 [ 1247.126391] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1247.126416] entry_SYSENTER_compat+0x70/0x7f [ 1247.126430] RIP: 0023:0xf7f8eca9 [ 1247.126446] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1247.126459] RSP: 002b:00000000f7f8a0cc EFLAGS: 00000296 [ 1247.159523] ORIG_RAX: 000000000000016a [ 1247.159534] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000200 [ 1247.159543] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 1247.159552] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1247.159561] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1247.159580] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1247.159605] [ 1247.159676] Allocated by task 32321: [ 1247.159697] save_stack+0x43/0xd0 [ 1247.198546] kasan_kmalloc+0xc7/0xe0 [ 1247.198631] __kmalloc_node+0x47/0x70 [ 1247.198690] kvmalloc_node+0xb9/0xf0 [ 1247.198705] vhost_vsock_dev_open+0xa2/0x5a0 [ 1247.198762] misc_open+0x3ca/0x560 [ 1247.252253] chrdev_open+0x25a/0x710 [ 1247.259398] do_dentry_open+0x499/0x1250 [ 1247.259410] vfs_open+0xa0/0xd0 [ 1247.259421] path_openat+0x12bf/0x5160 [ 1247.259432] do_filp_open+0x255/0x380 [ 1247.259444] do_sys_open+0x568/0x700 [ 1247.259457] __ia32_compat_sys_openat+0x98/0xf0 [ 1247.259472] do_fast_syscall_32+0x34d/0xfb2 [ 1247.259487] entry_SYSENTER_compat+0x70/0x7f [ 1247.259491] [ 1247.259498] Freed by task 32320: [ 1247.259509] save_stack+0x43/0xd0 [ 1247.259525] __kasan_slab_free+0x102/0x150 [ 1247.300038] kasan_slab_free+0xe/0x10 [ 1247.300052] kfree+0xcf/0x230 [ 1247.300066] kvfree+0x61/0x70 [ 1247.300079] vhost_vsock_dev_release+0x4f4/0x720 [ 1247.300090] __fput+0x385/0xa30 [ 1247.300099] ____fput+0x15/0x20 [ 1247.300181] task_work_run+0x1e8/0x2a0 [ 1247.300201] exit_to_usermode_loop+0x318/0x380 [ 1247.308230] do_fast_syscall_32+0xcd5/0xfb2 [ 1247.308245] entry_SYSENTER_compat+0x70/0x7f [ 1247.308249] [ 1247.308260] The buggy address belongs to the object at ffff8801abf0d240 [ 1247.308260] which belongs to the cache kmalloc-65536 of size 65536 [ 1247.308273] The buggy address is located 168 bytes inside of [ 1247.308273] 65536-byte region [ffff8801abf0d240, ffff8801abf1d240) [ 1247.308278] The buggy address belongs to the page: [ 1247.308291] page:ffffea0006afc000 count:1 mapcount:0 mapping:ffff8801da802500 index:0x0 compound_mapcount: 0 [ 1247.308308] flags: 0x2fffc0000008100(slab|head) [ 1247.308331] raw: 02fffc0000008100 ffffea0006aea808 ffffea0006a19808 ffff8801da802500 [ 1247.397043] raw: 0000000000000000 ffff8801abf0d240 0000000100000001 0000000000000000 [ 1247.404909] page dumped because: kasan: bad access detected [ 1247.410621] [ 1247.412232] Memory state around the buggy address: [ 1247.417179] ffff8801abf0d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1247.424529] ffff8801abf0d200: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 1247.431878] >ffff8801abf0d280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1247.439220] ^ [ 1247.445958] ffff8801abf0d300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1247.453306] ffff8801abf0d380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1247.460650] ================================================================== [ 1247.468000] Disabling lock debugging due to kernel taint [ 1247.474109] Kernel panic - not syncing: panic_on_warn set ... [ 1247.474109] [ 1247.481492] CPU: 0 PID: 32321 Comm: syz-executor3 Tainted: G B 4.19.0-rc8+ #196 [ 1247.490231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1247.492586] kobject: 'loop0' (00000000b0509481): kobject_uevent_env [ 1247.499590] Call Trace: [ 1247.499614] dump_stack+0x1c4/0x2b4 [ 1247.499636] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1247.506116] kobject: 'loop0' (00000000b0509481): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1247.508612] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1247.508628] panic+0x238/0x4e7 [ 1247.508641] ? add_taint.cold.5+0x16/0x16 [ 1247.508660] ? preempt_schedule+0x4d/0x60 [ 1247.543028] ? ___preempt_schedule+0x16/0x18 [ 1247.547417] ? trace_hardirqs_on+0xb4/0x310 [ 1247.551728] kasan_end_report+0x47/0x4f [ 1247.555690] kasan_report.cold.9+0x76/0x309 [ 1247.559996] ? vhost_work_queue+0xc3/0xe0 [ 1247.564129] __asan_report_load8_noabort+0x14/0x20 [ 1247.569040] vhost_work_queue+0xc3/0xe0 [ 1247.572996] vhost_transport_send_pkt+0x28a/0x380 [ 1247.577821] ? vhost_vsock_dev_open+0x5a0/0x5a0 [ 1247.582475] ? virtio_transport_send_pkt_info+0x2e7/0x460 [ 1247.588003] ? __local_bh_enable_ip+0x160/0x260 [ 1247.592664] virtio_transport_send_pkt_info+0x31d/0x460 [ 1247.598026] virtio_transport_connect+0x17c/0x220 [ 1247.602854] ? virtio_transport_send_pkt_info+0x460/0x460 [ 1247.608375] ? vsock_auto_bind+0xa9/0xe0 [ 1247.612439] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1247.617973] vsock_stream_connect+0x4ed/0xe40 [ 1247.622462] ? vsock_dgram_connect+0x500/0x500 [ 1247.627031] ? finish_wait+0x430/0x430 [ 1247.630901] ? aa_af_perm+0x5a0/0x5a0 [ 1247.634689] ? apparmor_socket_connect+0xb6/0x160 [ 1247.639516] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1247.645051] ? security_socket_connect+0x94/0xc0 [ 1247.649793] __sys_connect+0x37d/0x4c0 [ 1247.653664] ? __ia32_sys_accept+0xb0/0xb0 [ 1247.657888] ? kasan_check_read+0x11/0x20 [ 1247.662018] ? _copy_to_user+0xc8/0x110 [ 1247.665977] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1247.671499] ? compat_put_timespec64+0x110/0x280 [ 1247.676241] ? do_fast_syscall_32+0x150/0xfb2 [ 1247.680718] ? do_fast_syscall_32+0x150/0xfb2 [ 1247.685425] ? lockdep_hardirqs_on+0x421/0x5c0 [ 1247.689991] ? trace_hardirqs_on+0xbd/0x310 [ 1247.694294] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1247.699819] ? entry_SYSENTER_compat+0x70/0x7f [ 1247.704388] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 1247.709825] __ia32_sys_connect+0x72/0xb0 [ 1247.713956] do_fast_syscall_32+0x34d/0xfb2 [ 1247.718261] ? do_int80_syscall_32+0x890/0x890 [ 1247.722826] ? entry_SYSENTER_compat+0x68/0x7f [ 1247.727389] ? trace_hardirqs_off_caller+0xbb/0x310 [ 1247.732390] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1247.737216] ? trace_hardirqs_on_caller+0x310/0x310 [ 1247.742214] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1247.747211] ? recalc_sigpending_tsk+0x180/0x180 [ 1247.751970] ? kasan_check_write+0x14/0x20 [ 1247.756193] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1247.761021] entry_SYSENTER_compat+0x70/0x7f [ 1247.765412] RIP: 0023:0xf7f8eca9 [ 1247.768764] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1247.787655] RSP: 002b:00000000f7f8a0cc EFLAGS: 00000296 ORIG_RAX: 000000000000016a [ 1247.795357] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000200 [ 1247.802611] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 1247.809868] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1247.817122] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1247.824370] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1247.832550] Kernel Offset: disabled [ 1247.836184] Rebooting in 86400 seconds..