[ 37.131917] audit: type=1800 audit(1538942565.939:24): pid=5679 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="sudo" dev="sda1" ino=2454 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.722100] audit: type=1800 audit(1538942566.599:25): pid=5679 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 37.747393] audit: type=1800 audit(1538942566.599:26): pid=5679 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.125' (ECDSA) to the list of known hosts. 2018/10/07 20:04:19 parsed 1 programs 2018/10/07 20:04:21 executed programs: 0 syzkaller login: [ 132.422037] IPVS: ftp: loaded support on port[0] = 21 [ 132.422200] IPVS: ftp: loaded support on port[0] = 21 [ 132.435429] IPVS: ftp: loaded support on port[0] = 21 [ 132.438809] IPVS: ftp: loaded support on port[0] = 21 [ 132.443876] IPVS: ftp: loaded support on port[0] = 21 [ 132.453869] IPVS: ftp: loaded support on port[0] = 21 [ 133.015086] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.023857] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.030919] device bridge_slave_0 entered promiscuous mode [ 133.047783] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.057412] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.064348] device bridge_slave_1 entered promiscuous mode [ 133.095495] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 133.114134] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.124438] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.131736] device bridge_slave_0 entered promiscuous mode [ 133.144917] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.152111] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.159030] device bridge_slave_0 entered promiscuous mode [ 133.169966] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 133.182297] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.188647] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.197378] device bridge_slave_1 entered promiscuous mode [ 133.204450] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.213396] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.220794] device bridge_slave_1 entered promiscuous mode [ 133.228032] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.234742] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.241761] device bridge_slave_0 entered promiscuous mode [ 133.248483] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.255646] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.262882] device bridge_slave_0 entered promiscuous mode [ 133.270537] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 133.277557] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.285773] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.295162] device bridge_slave_0 entered promiscuous mode [ 133.302334] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 133.314156] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 133.324394] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.331719] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.339792] device bridge_slave_1 entered promiscuous mode [ 133.347130] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.353525] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.360767] device bridge_slave_1 entered promiscuous mode [ 133.368167] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.375637] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.383065] device bridge_slave_1 entered promiscuous mode [ 133.397870] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 133.413660] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 133.428260] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 133.440445] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 133.458115] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 133.479660] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 133.500333] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 133.517834] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 133.530232] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 133.596954] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 133.613892] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 133.635350] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 133.660275] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 133.672815] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 133.696978] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 133.710717] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 133.725639] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 133.754049] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 133.771652] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 133.846222] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 133.865537] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 133.876904] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 133.907600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 133.931906] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 133.939039] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 133.949458] team0: Port device team_slave_0 added [ 133.962152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 133.984714] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 133.996507] team0: Port device team_slave_0 added [ 134.022890] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 134.034654] team0: Port device team_slave_1 added [ 134.042688] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 134.050621] team0: Port device team_slave_1 added [ 134.068614] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 134.084405] team0: Port device team_slave_0 added [ 134.098528] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 134.114330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 134.122815] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 134.137303] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 134.145627] team0: Port device team_slave_0 added [ 134.152919] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 134.160764] team0: Port device team_slave_0 added [ 134.167795] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 134.190871] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 134.198821] team0: Port device team_slave_1 added [ 134.205444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 134.216385] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 134.224310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 134.232474] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 134.239969] team0: Port device team_slave_1 added [ 134.246712] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 134.254453] team0: Port device team_slave_0 added [ 134.267338] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 134.276410] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 134.293396] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 134.300940] team0: Port device team_slave_1 added [ 134.306794] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 134.316052] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 134.331334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 134.341600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 134.350032] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 134.358424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 134.366731] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 134.377573] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 134.385003] team0: Port device team_slave_1 added [ 134.391348] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 134.405505] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 134.419465] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 134.430320] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 134.443163] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 134.458142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 134.472469] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 134.490750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 134.498133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 134.506208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 134.514135] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 134.521748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 134.529583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 134.542438] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 134.550429] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 134.557992] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 134.571467] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 134.578934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 134.596148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 134.607983] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 134.615845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 134.623627] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 134.631299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 134.643998] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 134.654731] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 134.672712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 134.681052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 134.688792] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 134.707010] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 134.718015] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 134.786465] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 134.803987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 134.815354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 134.844539] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 134.857665] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 134.865792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 135.201863] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.208269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.214934] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.221310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.230365] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 135.239405] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.245764] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.252407] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.258757] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.267461] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 135.314912] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.321314] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.328433] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.334819] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.343292] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 135.357429] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.363832] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.370497] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.376857] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.384778] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 135.393763] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.400143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.406767] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.413153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.422484] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 135.474439] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.480856] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.487474] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.493856] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.513265] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 135.883362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 135.900212] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 135.907352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 135.914484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 135.921942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 135.928885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 137.360066] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.384852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.489238] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.514116] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.523986] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.566043] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.584771] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.604307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.684070] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.724900] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.740386] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 137.754251] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.762178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.776953] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.832860] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.841362] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 137.850353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.857292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.895306] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 137.907356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.915985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.934344] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 137.948157] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.957725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.972257] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 137.979533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.987936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.003445] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.067938] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.097149] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.107392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.121785] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.146746] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.166741] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.201084] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.337411] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.243377] hrtimer: interrupt took 18222 ns 2018/10/07 20:04:28 executed programs: 6 2018/10/07 20:04:33 executed programs: 210 [ 149.032066] ================================================================== [ 149.039494] BUG: KASAN: use-after-free in do_raw_spin_lock+0x1c0/0x200 [ 149.046160] Read of size 4 at addr ffff8801ab16c4bc by task syz-executor2/9598 [ 149.053521] [ 149.055158] CPU: 0 PID: 9598 Comm: syz-executor2 Not tainted 4.19.0-rc6+ #49 [ 149.062342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 149.071709] Call Trace: [ 149.071732] dump_stack+0x1c4/0x2b4 [ 149.071751] ? dump_stack_print_info.cold.2+0x52/0x52 [ 149.077945] ? printk+0xa7/0xcf [ 149.086383] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 149.086405] print_address_description.cold.8+0x9/0x1ff [ 149.086420] kasan_report.cold.9+0x242/0x309 [ 149.086439] ? do_raw_spin_lock+0x1c0/0x200 [ 149.096541] ? vhost_vsock_dev_release+0x720/0x720 [ 149.096556] __asan_report_load4_noabort+0x14/0x20 [ 149.096572] do_raw_spin_lock+0x1c0/0x200 [ 149.096588] ? vhost_vsock_dev_release+0x720/0x720 [ 149.124181] _raw_spin_lock_bh+0x39/0x40 [ 149.128281] ? vhost_transport_cancel_pkt+0x15e/0x910 [ 149.133474] vhost_transport_cancel_pkt+0x15e/0x910 [ 149.138498] ? lock_acquire+0x1ed/0x520 [ 149.142477] ? vhost_vsock_dev_release+0x720/0x720 [ 149.147433] ? trace_hardirqs_on+0xbd/0x310 [ 149.151754] ? lock_release+0x970/0x970 [ 149.155723] ? lock_sock_nested+0xe2/0x120 [ 149.159953] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 149.165425] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 149.170949] ? check_preemption_disabled+0x48/0x200 [ 149.175961] ? lock_sock_nested+0x9a/0x120 [ 149.180191] ? lock_sock_nested+0x9a/0x120 [ 149.184426] ? __local_bh_enable_ip+0x160/0x260 [ 149.189104] ? vhost_vsock_dev_release+0x720/0x720 [ 149.194546] vsock_stream_connect+0x903/0xe40 [ 149.194565] ? vsock_dgram_connect+0x500/0x500 [ 149.194579] ? lock_downgrade+0x900/0x900 [ 149.194593] ? lock_release+0x970/0x970 [ 149.194613] ? arch_local_save_flags+0x40/0x40 [ 149.211818] ? finish_wait+0x430/0x430 [ 149.220270] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 149.225470] ? smack_socket_connect+0x13f/0x1c0 [ 149.225486] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 149.225507] ? security_socket_connect+0x94/0xc0 [ 149.235724] __sys_connect+0x37d/0x4c0 [ 149.235741] ? __ia32_sys_accept+0xb0/0xb0 [ 149.235755] ? kasan_check_read+0x11/0x20 [ 149.235772] ? _copy_to_user+0xc8/0x110 [ 149.256723] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 149.262267] ? put_timespec64+0x10f/0x1b0 [ 149.266431] ? trace_hardirqs_on+0xbd/0x310 [ 149.270756] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 149.270772] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 149.270787] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 149.270806] __x64_sys_connect+0x73/0xb0 [ 149.287182] do_syscall_64+0x1b9/0x820 [ 149.287197] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 149.287214] ? syscall_return_slowpath+0x5e0/0x5e0 [ 149.287232] ? trace_hardirqs_on_caller+0x310/0x310 [ 149.310417] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 149.315443] ? recalc_sigpending_tsk+0x180/0x180 [ 149.320207] ? kasan_check_write+0x14/0x20 [ 149.324463] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 149.329359] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 149.334548] RIP: 0033:0x457579 [ 149.337742] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 149.356631] RSP: 002b:00007fb88a365c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 149.364346] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 149.371648] RDX: 0000000000000010 RSI: 0000000020000200 RDI: 0000000000000005 2018/10/07 20:04:38 executed programs: 409 [ 149.378906] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 149.386165] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb88a3666d4 [ 149.393437] R13: 00000000004bdb1a R14: 00000000004cc658 R15: 00000000ffffffff [ 149.400711] [ 149.402322] Allocated by task 9591: [ 149.405933] save_stack+0x43/0xd0 [ 149.409369] kasan_kmalloc+0xc7/0xe0 [ 149.413074] __kmalloc_node+0x47/0x70 [ 149.416892] kvmalloc_node+0xb9/0xf0 [ 149.420599] vhost_vsock_dev_open+0xa2/0x5a0 [ 149.425010] misc_open+0x3ca/0x560 [ 149.428555] chrdev_open+0x25a/0x710 [ 149.432277] do_dentry_open+0x499/0x1250 [ 149.432289] vfs_open+0xa0/0xd0 [ 149.432301] path_openat+0x12bf/0x5160 [ 149.432317] do_filp_open+0x255/0x380 [ 149.439635] do_sys_open+0x568/0x700 [ 149.439647] __x64_sys_openat+0x9d/0x100 [ 149.439660] do_syscall_64+0x1b9/0x820 [ 149.439674] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 149.439692] [ 149.458968] Freed by task 9581: [ 149.458982] save_stack+0x43/0xd0 [ 149.458993] __kasan_slab_free+0x102/0x150 [ 149.459003] kasan_slab_free+0xe/0x10 [ 149.459021] kfree+0xcf/0x230 [ 149.472533] kvfree+0x61/0x70 [ 149.472546] vhost_vsock_dev_release+0x4f4/0x720 [ 149.472556] __fput+0x385/0xa30 [ 149.472570] ____fput+0x15/0x20 [ 149.498069] task_work_run+0x1e8/0x2a0 [ 149.501951] exit_to_usermode_loop+0x318/0x380 [ 149.506515] do_syscall_64+0x6be/0x820 [ 149.510393] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 149.515572] [ 149.517201] The buggy address belongs to the object at ffff8801ab1637c0 [ 149.517201] which belongs to the cache kmalloc-65536 of size 65536 [ 149.517213] The buggy address is located 36092 bytes inside of [ 149.517213] 65536-byte region [ffff8801ab1637c0, ffff8801ab1737c0) [ 149.517217] The buggy address belongs to the page: [ 149.517244] page:ffffea0006ac5800 count:1 mapcount:0 mapping:ffff8801da802500 index:0x0 compound_mapcount: 0 [ 149.542496] flags: 0x2fffc0000008100(slab|head) [ 149.542515] raw: 02fffc0000008100 ffffea0006acc008 ffffea0006afe808 ffff8801da802500 [ 149.542530] raw: 0000000000000000 ffff8801ab1637c0 0000000100000001 0000000000000000 [ 149.542535] page dumped because: kasan: bad access detected [ 149.542539] [ 149.542542] Memory state around the buggy address: [ 149.542553] ffff8801ab16c380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 149.542565] ffff8801ab16c400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 149.604713] >ffff8801ab16c480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 149.612067] ^ [ 149.617251] ffff8801ab16c500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 149.624598] ffff8801ab16c580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 149.631935] ================================================================== [ 149.639414] Kernel panic - not syncing: panic_on_warn set ... [ 149.639414] [ 149.646792] CPU: 0 PID: 9598 Comm: syz-executor2 Tainted: G B 4.19.0-rc6+ #49 [ 149.653090] kobject: 'loop4' (0000000098752251): kobject_uevent_env [ 149.655364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 149.655369] Call Trace: [ 149.655391] dump_stack+0x1c4/0x2b4 [ 149.655411] ? dump_stack_print_info.cold.2+0x52/0x52 [ 149.663588] kobject: 'loop4' (0000000098752251): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 149.671157] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 149.671175] panic+0x238/0x4e7 [ 149.671189] ? add_taint.cold.5+0x16/0x16 [ 149.671206] ? trace_hardirqs_on+0x9a/0x310 [ 149.671223] ? trace_hardirqs_on+0xb4/0x310 [ 149.708728] kobject: 'loop5' (0000000061918a7e): kobject_uevent_env [ 149.712678] ? trace_hardirqs_on+0xb4/0x310 [ 149.712716] kasan_end_report+0x47/0x4f [ 149.712730] kasan_report.cold.9+0x76/0x309 [ 149.712749] ? do_raw_spin_lock+0x1c0/0x200 [ 149.729329] kobject: 'loop5' (0000000061918a7e): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 149.731730] ? vhost_vsock_dev_release+0x720/0x720 [ 149.731746] __asan_report_load4_noabort+0x14/0x20 [ 149.731761] do_raw_spin_lock+0x1c0/0x200 [ 149.731779] ? vhost_vsock_dev_release+0x720/0x720 [ 149.754819] kobject: 'loop1' (00000000309a6b08): kobject_uevent_env [ 149.755365] _raw_spin_lock_bh+0x39/0x40 [ 149.759997] kobject: 'loop1' (00000000309a6b08): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 149.764426] ? vhost_transport_cancel_pkt+0x15e/0x910 [ 149.764441] vhost_transport_cancel_pkt+0x15e/0x910 [ 149.764462] ? lock_acquire+0x1ed/0x520 [ 149.798479] ? vhost_vsock_dev_release+0x720/0x720 [ 149.803416] ? trace_hardirqs_on+0xbd/0x310 [ 149.807744] ? lock_release+0x970/0x970 [ 149.811723] ? lock_sock_nested+0xe2/0x120 [ 149.815949] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 149.821395] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 149.826936] ? check_preemption_disabled+0x48/0x200 [ 149.831958] ? lock_sock_nested+0x9a/0x120 [ 149.836186] ? lock_sock_nested+0x9a/0x120 [ 149.840406] ? __local_bh_enable_ip+0x160/0x260 [ 149.845058] ? vhost_vsock_dev_release+0x720/0x720 [ 149.849975] vsock_stream_connect+0x903/0xe40 [ 149.854469] ? vsock_dgram_connect+0x500/0x500 [ 149.859058] ? lock_downgrade+0x900/0x900 [ 149.863212] ? lock_release+0x970/0x970 [ 149.867184] ? arch_local_save_flags+0x40/0x40 [ 149.871755] ? finish_wait+0x430/0x430 [ 149.875631] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 149.880807] ? smack_socket_connect+0x13f/0x1c0 [ 149.885481] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 149.891011] ? security_socket_connect+0x94/0xc0 [ 149.895755] __sys_connect+0x37d/0x4c0 [ 149.899626] ? __ia32_sys_accept+0xb0/0xb0 [ 149.903845] ? kasan_check_read+0x11/0x20 [ 149.907985] ? _copy_to_user+0xc8/0x110 [ 149.911962] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 149.917494] ? put_timespec64+0x10f/0x1b0 [ 149.922260] ? trace_hardirqs_on+0xbd/0x310 [ 149.922969] kobject: 'loop0' (00000000c98cb862): kobject_uevent_env [ 149.926584] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 149.926600] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 149.926619] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 149.942807] kobject: 'loop0' (00000000c98cb862): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 149.943894] __x64_sys_connect+0x73/0xb0 [ 149.943914] do_syscall_64+0x1b9/0x820 [ 149.957012] kobject: 'loop5' (0000000061918a7e): kobject_uevent_env [ 149.958785] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 149.958803] ? syscall_return_slowpath+0x5e0/0x5e0 [ 149.958821] ? trace_hardirqs_on_caller+0x310/0x310 [ 149.963770] kobject: 'loop5' (0000000061918a7e): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 149.966749] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 149.966764] ? recalc_sigpending_tsk+0x180/0x180 [ 149.966781] ? kasan_check_write+0x14/0x20 [ 150.011786] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 150.016617] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 150.021786] RIP: 0033:0x457579 [ 150.024960] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 150.043844] RSP: 002b:00007fb88a365c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 150.051534] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 150.058786] RDX: 0000000000000010 RSI: 0000000020000200 RDI: 0000000000000005 [ 150.066042] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 150.073299] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb88a3666d4 [ 150.080569] R13: 00000000004bdb1a R14: 00000000004cc658 R15: 00000000ffffffff [ 150.088846] Kernel Offset: disabled [ 150.092468] Rebooting in 86400 seconds..