[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 34.895988] audit: type=1800 audit(1538842167.136:25): pid=5661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 34.937291] audit: type=1800 audit(1538842167.136:26): pid=5661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 34.964523] audit: type=1800 audit(1538842167.136:27): pid=5661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. 2018/10/06 16:11:17 parsed 1 programs 2018/10/06 16:11:19 executed programs: 0 syzkaller login: [ 147.137482] IPVS: ftp: loaded support on port[0] = 21 [ 147.140572] IPVS: ftp: loaded support on port[0] = 21 [ 147.146699] IPVS: ftp: loaded support on port[0] = 21 [ 147.168454] IPVS: ftp: loaded support on port[0] = 21 [ 147.168535] IPVS: ftp: loaded support on port[0] = 21 [ 147.174568] IPVS: ftp: loaded support on port[0] = 21 [ 147.656483] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.663865] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.670756] device bridge_slave_0 entered promiscuous mode [ 147.717903] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.729122] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.736059] device bridge_slave_1 entered promiscuous mode [ 147.773021] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 147.790017] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.796846] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.803871] device bridge_slave_0 entered promiscuous mode [ 147.819122] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.827872] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.835672] device bridge_slave_1 entered promiscuous mode [ 147.849356] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.857590] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.866926] device bridge_slave_0 entered promiscuous mode [ 147.875281] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 147.908763] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.920183] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.934099] device bridge_slave_1 entered promiscuous mode [ 147.940661] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 147.949307] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.958610] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.966083] device bridge_slave_0 entered promiscuous mode [ 147.982515] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.989772] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.997824] device bridge_slave_0 entered promiscuous mode [ 148.005745] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 148.015016] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 148.032187] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.038583] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.047084] device bridge_slave_1 entered promiscuous mode [ 148.067018] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.074068] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.081300] device bridge_slave_1 entered promiscuous mode [ 148.096815] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 148.107655] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 148.119714] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 148.128917] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 148.137939] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.148872] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.158528] device bridge_slave_0 entered promiscuous mode [ 148.174603] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 148.195011] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 148.209526] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 148.223743] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.230162] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.240020] device bridge_slave_1 entered promiscuous mode [ 148.275828] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 148.303128] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 148.310943] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 148.356268] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 148.367856] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 148.378201] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 148.389383] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 148.399931] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 148.474618] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 148.486765] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 148.506431] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 148.517638] team0: Port device team_slave_0 added [ 148.532104] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 148.541215] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 148.561731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 148.574517] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 148.582332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 148.599954] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 148.615879] team0: Port device team_slave_1 added [ 148.623722] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 148.634319] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 148.650071] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 148.674935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 148.685929] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 148.700430] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 148.712450] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 148.720059] team0: Port device team_slave_0 added [ 148.729305] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 148.737121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 148.749790] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 148.757681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 148.767823] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 148.774961] team0: Port device team_slave_0 added [ 148.781739] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 148.796645] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 148.809851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 148.823699] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 148.836806] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 148.847158] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 148.854480] team0: Port device team_slave_1 added [ 148.860490] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 148.868151] team0: Port device team_slave_1 added [ 148.893221] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 148.902734] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 148.911297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 148.930845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 148.946490] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 148.957148] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 148.971366] team0: Port device team_slave_0 added [ 148.977038] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 148.986878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 148.995195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 149.006125] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 149.027509] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 149.036036] team0: Port device team_slave_0 added [ 149.043538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 149.055063] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 149.067165] team0: Port device team_slave_1 added [ 149.074923] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 149.087617] team0: Port device team_slave_0 added [ 149.095144] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 149.105280] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 149.118171] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 149.132857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 149.140770] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 149.148851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 149.158371] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 149.166953] team0: Port device team_slave_1 added [ 149.175622] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 149.187786] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 149.196512] team0: Port device team_slave_1 added [ 149.206933] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 149.219108] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 149.228720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 149.236685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 149.245024] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 149.252946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 149.268924] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 149.282203] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 149.302811] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 149.334848] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 149.346414] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 149.355831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 149.367982] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 149.382126] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 149.389502] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 149.413687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 149.421384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 149.437682] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 149.446982] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 149.457310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 149.467006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 149.475544] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 149.484334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 149.499652] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 149.517293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 149.533086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 149.572390] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 149.583272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 149.591121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 149.768974] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.775400] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.782080] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.788437] bridge0: port 1(bridge_slave_0) entered forwarding state [ 149.801613] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 149.907815] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.914266] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.920919] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.928014] bridge0: port 1(bridge_slave_0) entered forwarding state [ 149.939924] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 149.948744] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.955142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.961794] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.968169] bridge0: port 1(bridge_slave_0) entered forwarding state [ 149.975513] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 150.029145] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.035553] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.042212] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.048572] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.056316] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 150.199120] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.205540] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.212201] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.218554] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.226157] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 150.263495] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.269893] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.276533] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.284040] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.296484] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 150.631913] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 150.645342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 150.652592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 150.659582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 150.666992] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 150.674051] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 151.918519] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.928684] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.016813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.099562] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 152.125491] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.143784] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 152.197409] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 152.238559] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.253112] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.300219] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 152.316335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 152.326245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.359936] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 152.384139] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 152.395985] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 152.403790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.413355] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 152.424870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 152.434543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.450863] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 152.505382] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.523369] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 152.579191] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.595502] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 152.604102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 152.614147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.633018] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.665829] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 152.672825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 152.679801] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.735941] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 152.746246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 152.754162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.856442] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.879532] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.932754] 8021q: adding VLAN 0 to HW filter on device team0 2018/10/06 16:11:26 executed programs: 6 2018/10/06 16:11:31 executed programs: 171 2018/10/06 16:11:36 executed programs: 344 [ 164.786253] ================================================================== [ 164.793661] BUG: KASAN: use-after-free in do_raw_spin_lock+0x1c0/0x200 [ 164.800316] Read of size 4 at addr ffff8801abdcb8bc by task syz-executor1/9603 [ 164.807689] [ 164.809322] CPU: 1 PID: 9603 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #173 [ 164.816590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 164.825937] Call Trace: [ 164.828512] dump_stack+0x1c4/0x2b4 [ 164.832142] ? dump_stack_print_info.cold.2+0x52/0x52 [ 164.837339] ? printk+0xa7/0xcf [ 164.840633] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 164.845404] print_address_description.cold.8+0x9/0x1ff [ 164.850792] kasan_report.cold.9+0x242/0x309 [ 164.855190] ? do_raw_spin_lock+0x1c0/0x200 [ 164.859506] ? vhost_vsock_dev_release+0x720/0x720 [ 164.864439] __asan_report_load4_noabort+0x14/0x20 [ 164.864456] do_raw_spin_lock+0x1c0/0x200 [ 164.864469] ? vhost_vsock_dev_release+0x720/0x720 [ 164.864488] _raw_spin_lock_bh+0x39/0x40 [ 164.873576] ? vhost_transport_cancel_pkt+0x15e/0x910 [ 164.887720] vhost_transport_cancel_pkt+0x15e/0x910 [ 164.892747] ? lock_acquire+0x1ed/0x520 [ 164.896727] ? vhost_vsock_dev_release+0x720/0x720 [ 164.896745] ? trace_hardirqs_on+0xbd/0x310 [ 164.896758] ? lock_release+0x970/0x970 [ 164.896778] ? lock_sock_nested+0xe2/0x120 [ 164.906029] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 164.906046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 164.906067] ? check_preemption_disabled+0x48/0x200 [ 164.930232] ? lock_sock_nested+0x9a/0x120 [ 164.934479] ? lock_sock_nested+0x9a/0x120 [ 164.938717] ? __local_bh_enable_ip+0x160/0x260 [ 164.943372] ? vhost_vsock_dev_release+0x720/0x720 [ 164.948302] vsock_stream_connect+0x903/0xe40 [ 164.952800] ? vsock_dgram_connect+0x500/0x500 [ 164.957371] ? finish_wait+0x430/0x430 [ 164.961245] ? aa_af_perm+0x5a0/0x5a0 [ 164.965036] ? apparmor_socket_connect+0xb6/0x160 [ 164.969881] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 164.975418] ? security_socket_connect+0x94/0xc0 [ 164.980166] __sys_connect+0x37d/0x4c0 [ 164.984042] ? __ia32_sys_accept+0xb0/0xb0 [ 164.988290] ? kasan_check_read+0x11/0x20 [ 164.992432] ? _copy_to_user+0xc8/0x110 [ 164.996394] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 165.001928] ? compat_put_timespec64+0x110/0x280 [ 165.006708] ? entry_SYSENTER_compat+0x70/0x7f [ 165.011300] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 165.011320] __ia32_sys_connect+0x72/0xb0 [ 165.020905] do_fast_syscall_32+0x34d/0xfb2 [ 165.020924] ? do_int80_syscall_32+0x890/0x890 [ 165.020938] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 165.020956] ? entry_SYSENTER_compat+0x68/0x7f [ 165.039955] ? trace_hardirqs_off_caller+0xbb/0x310 [ 165.044999] ? do_syscall_64+0x820/0x820 [ 165.049071] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 165.053926] ? trace_hardirqs_on_caller+0x310/0x310 [ 165.058950] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 165.058967] ? recalc_sigpending_tsk+0x180/0x180 [ 165.058980] ? kasan_check_write+0x14/0x20 [ 165.058998] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 165.059016] entry_SYSENTER_compat+0x70/0x7f [ 165.072991] RIP: 0023:0xf7fa8ca9 [ 165.073007] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 165.073015] RSP: 002b:00000000f7f620cc EFLAGS: 00000296 ORIG_RAX: 000000000000016a [ 165.073029] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000400 [ 165.073037] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 165.073045] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 165.073052] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 165.073059] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 165.073075] [ 165.104591] Allocated by task 9585: [ 165.104619] save_stack+0x43/0xd0 [ 165.104631] kasan_kmalloc+0xc7/0xe0 [ 165.104644] __kmalloc_node+0x47/0x70 [ 165.104658] kvmalloc_node+0xb9/0xf0 [ 165.104671] vhost_vsock_dev_open+0xa2/0x5a0 [ 165.104683] misc_open+0x3ca/0x560 [ 165.104701] chrdev_open+0x25a/0x710 [ 165.134183] do_dentry_open+0x499/0x1250 [ 165.134196] vfs_open+0xa0/0xd0 [ 165.134208] path_openat+0x12bf/0x5160 [ 165.134219] do_filp_open+0x255/0x380 [ 165.134231] do_sys_open+0x568/0x700 [ 165.134242] __ia32_compat_sys_openat+0x98/0xf0 [ 165.134256] do_fast_syscall_32+0x34d/0xfb2 [ 165.134274] entry_SYSENTER_compat+0x70/0x7f [ 165.176563] [ 165.176570] Freed by task 9584: [ 165.176585] save_stack+0x43/0xd0 [ 165.176596] __kasan_slab_free+0x102/0x150 [ 165.176613] kasan_slab_free+0xe/0x10 [ 165.176631] kfree+0xcf/0x230 [ 165.184383] kvfree+0x61/0x70 [ 165.184396] vhost_vsock_dev_release+0x4f4/0x720 [ 165.184406] __fput+0x385/0xa30 [ 165.184415] ____fput+0x15/0x20 [ 165.184428] task_work_run+0x1e8/0x2a0 [ 165.184446] exit_to_usermode_loop+0x318/0x380 [ 165.254798] do_fast_syscall_32+0xcd5/0xfb2 [ 165.259138] entry_SYSENTER_compat+0x70/0x7f [ 165.263530] [ 165.265162] The buggy address belongs to the object at ffff8801abdc2bc0 [ 165.265162] which belongs to the cache kmalloc-65536 of size 65536 [ 165.278162] The buggy address is located 36092 bytes inside of [ 165.278162] 65536-byte region [ffff8801abdc2bc0, ffff8801abdd2bc0) [ 165.278167] The buggy address belongs to the page: [ 165.278179] page:ffffea0006af7000 count:1 mapcount:0 mapping:ffff8801da802500 index:0x0 compound_mapcount: 0 [ 165.305295] flags: 0x2fffc0000008100(slab|head) [ 165.305314] raw: 02fffc0000008100 ffffea0006ae0008 ffffea0006ae6008 ffff8801da802500 [ 165.305330] raw: 0000000000000000 ffff8801abdc2bc0 0000000100000001 0000000000000000 [ 165.305335] page dumped because: kasan: bad access detected [ 165.305339] [ 165.305343] Memory state around the buggy address: [ 165.305353] ffff8801abdcb780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 165.305364] ffff8801abdcb800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 165.305373] >ffff8801abdcb880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 165.305378] ^ [ 165.305393] ffff8801abdcb900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 165.334013] kobject: 'loop4' (000000006c02201b): kobject_uevent_env [ 165.338273] ffff8801abdcb980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 165.338278] ================================================================== [ 165.338348] Kernel panic - not syncing: panic_on_warn set ... [ 165.338348] [ 165.360235] kobject: 'loop4' (000000006c02201b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 165.360499] CPU: 1 PID: 9603 Comm: syz-executor1 Tainted: G B 4.19.0-rc6+ #173 [ 165.410936] kobject: 'loop0' (000000002d4d54e7): kobject_uevent_env [ 165.411204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 165.423436] kobject: 'loop0' (000000002d4d54e7): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 165.426252] Call Trace: [ 165.426275] dump_stack+0x1c4/0x2b4 [ 165.426293] ? dump_stack_print_info.cold.2+0x52/0x52 [ 165.426314] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 165.461201] panic+0x238/0x4e7 [ 165.464383] ? add_taint.cold.5+0x16/0x16 [ 165.468518] ? trace_hardirqs_on+0x9a/0x310 [ 165.472826] ? trace_hardirqs_on+0xb4/0x310 [ 165.477172] ? trace_hardirqs_on+0xb4/0x310 [ 165.481504] kasan_end_report+0x47/0x4f [ 165.485497] kasan_report.cold.9+0x76/0x309 [ 165.489805] ? do_raw_spin_lock+0x1c0/0x200 [ 165.494122] ? vhost_vsock_dev_release+0x720/0x720 [ 165.499054] __asan_report_load4_noabort+0x14/0x20 [ 165.503979] do_raw_spin_lock+0x1c0/0x200 [ 165.508133] ? vhost_vsock_dev_release+0x720/0x720 [ 165.513083] _raw_spin_lock_bh+0x39/0x40 [ 165.517130] ? vhost_transport_cancel_pkt+0x15e/0x910 [ 165.522320] vhost_transport_cancel_pkt+0x15e/0x910 [ 165.525384] kobject: 'loop3' (000000000d6d76ff): kobject_uevent_env [ 165.527345] ? lock_acquire+0x1ed/0x520 [ 165.527362] ? vhost_vsock_dev_release+0x720/0x720 [ 165.541387] kobject: 'loop3' (000000000d6d76ff): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 165.542647] ? trace_hardirqs_on+0xbd/0x310 [ 165.542661] ? lock_release+0x970/0x970 [ 165.542677] ? lock_sock_nested+0xe2/0x120 [ 165.542691] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 165.542711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 165.558730] kobject: 'loop2' (000000009eed6cd1): kobject_uevent_env [ 165.560431] ? check_preemption_disabled+0x48/0x200 [ 165.560454] ? lock_sock_nested+0x9a/0x120 [ 165.565130] kobject: 'loop2' (000000009eed6cd1): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 165.570122] ? lock_sock_nested+0x9a/0x120 [ 165.570140] ? __local_bh_enable_ip+0x160/0x260 [ 165.570158] ? vhost_vsock_dev_release+0x720/0x720 [ 165.614514] vsock_stream_connect+0x903/0xe40 [ 165.619025] ? vsock_dgram_connect+0x500/0x500 [ 165.623600] ? finish_wait+0x430/0x430 [ 165.627481] ? aa_af_perm+0x5a0/0x5a0 [ 165.631271] ? apparmor_socket_connect+0xb6/0x160 [ 165.636125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 165.641651] ? security_socket_connect+0x94/0xc0 [ 165.646392] __sys_connect+0x37d/0x4c0 [ 165.650265] ? __ia32_sys_accept+0xb0/0xb0 [ 165.654486] ? kasan_check_read+0x11/0x20 [ 165.658623] ? _copy_to_user+0xc8/0x110 [ 165.662594] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 165.668144] ? compat_put_timespec64+0x110/0x280 [ 165.672896] ? entry_SYSENTER_compat+0x70/0x7f [ 165.677469] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 165.682907] __ia32_sys_connect+0x72/0xb0 [ 165.687065] do_fast_syscall_32+0x34d/0xfb2 [ 165.691371] ? do_int80_syscall_32+0x890/0x890 [ 165.695940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 165.701473] ? entry_SYSENTER_compat+0x68/0x7f [ 165.706054] ? trace_hardirqs_off_caller+0xbb/0x310 [ 165.711053] ? do_syscall_64+0x820/0x820 [ 165.715100] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 165.719936] ? trace_hardirqs_on_caller+0x310/0x310 [ 165.724943] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 165.729955] ? recalc_sigpending_tsk+0x180/0x180 [ 165.734696] ? kasan_check_write+0x14/0x20 [ 165.738925] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 165.743764] entry_SYSENTER_compat+0x70/0x7f [ 165.748155] RIP: 0023:0xf7fa8ca9 [ 165.751515] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 165.770429] RSP: 002b:00000000f7f620cc EFLAGS: 00000296 ORIG_RAX: 000000000000016a [ 165.778126] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020000400 [ 165.785397] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 165.792667] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 165.799921] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 165.807198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 165.815530] Kernel Offset: disabled [ 165.819157] Rebooting in 86400 seconds..