[ 37.201538] audit: type=1800 audit(1538164851.953:22): pid=5917 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [ 37.244968] audit: type=1800 audit(1538164851.953:23): pid=5917 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rsyslog" dev="sda1" ino=2442 res=0 [ 37.272772] audit: type=1800 audit(1538164851.953:24): pid=5917 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="sudo" dev="sda1" ino=2454 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.112' (ECDSA) to the list of known hosts. 2018/09/28 20:01:44 parsed 1 programs 2018/09/28 20:01:47 executed programs: 0 syzkaller login: [ 92.309555] IPVS: ftp: loaded support on port[0] = 21 [ 92.312864] IPVS: ftp: loaded support on port[0] = 21 [ 92.316119] IPVS: ftp: loaded support on port[0] = 21 [ 92.331756] IPVS: ftp: loaded support on port[0] = 21 [ 92.339247] IPVS: ftp: loaded support on port[0] = 21 [ 92.351482] IPVS: ftp: loaded support on port[0] = 21 [ 92.957233] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.969970] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.976935] device bridge_slave_0 entered promiscuous mode [ 92.984382] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.990724] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.997868] device bridge_slave_0 entered promiscuous mode [ 93.011280] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.018985] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.026009] device bridge_slave_0 entered promiscuous mode [ 93.035996] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.042762] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.051818] device bridge_slave_1 entered promiscuous mode [ 93.059034] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.065809] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.072722] device bridge_slave_0 entered promiscuous mode [ 93.085445] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.091948] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.099152] device bridge_slave_0 entered promiscuous mode [ 93.106697] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.113249] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.120217] device bridge_slave_1 entered promiscuous mode [ 93.127881] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.135185] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.141986] device bridge_slave_1 entered promiscuous mode [ 93.149434] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.155987] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.163190] device bridge_slave_0 entered promiscuous mode [ 93.170452] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 93.180597] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.186998] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.194137] device bridge_slave_1 entered promiscuous mode [ 93.200325] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.206975] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.213828] device bridge_slave_1 entered promiscuous mode [ 93.220114] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 93.229439] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 93.238952] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 93.248289] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.256161] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.266968] device bridge_slave_1 entered promiscuous mode [ 93.274089] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 93.281988] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 93.289711] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 93.298890] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 93.312005] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 93.336173] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 93.346194] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 93.358324] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 93.398168] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 93.430640] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 93.450296] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 93.464388] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 93.476460] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 93.486670] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 93.496696] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 93.506393] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 93.516358] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 93.532579] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 93.542224] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 93.559604] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 93.690592] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 93.701355] team0: Port device team_slave_0 added [ 93.718844] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 93.731702] team0: Port device team_slave_0 added [ 93.739134] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 93.751571] team0: Port device team_slave_0 added [ 93.759636] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 93.767036] team0: Port device team_slave_0 added [ 93.774536] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 93.781721] team0: Port device team_slave_0 added [ 93.792287] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 93.801124] team0: Port device team_slave_1 added [ 93.807227] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 93.814773] team0: Port device team_slave_0 added [ 93.825167] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 93.832377] team0: Port device team_slave_1 added [ 93.846419] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 93.854245] team0: Port device team_slave_1 added [ 93.861565] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 93.869601] team0: Port device team_slave_1 added [ 93.876496] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 93.885460] team0: Port device team_slave_1 added [ 93.892316] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 93.902671] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 93.911036] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 93.933169] team0: Port device team_slave_1 added [ 93.938215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 93.950995] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 93.958812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 93.966585] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 93.977346] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 93.986236] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 93.995251] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 94.008838] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 94.019808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.028701] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.041240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.049155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.056650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.064495] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.071886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.079772] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.089349] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 94.097081] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 94.106550] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 94.116535] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 94.123704] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 94.131042] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.143731] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.154892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.163308] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.170744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.178746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.186507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.194279] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.201594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.209520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.217546] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 94.226936] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 94.235748] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 94.246234] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 94.253878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.261608] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.272139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.285847] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.293673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.301320] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.309187] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.316921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 94.324892] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 94.334053] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 94.342605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.350478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.358703] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.366854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 94.378773] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 94.395204] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 94.402627] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 94.411069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.420719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.433961] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.441847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.452899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.460693] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.469958] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 94.484318] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 94.493828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.501649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 94.521062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.529240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 94.539332] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 94.557238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.565700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 94.589261] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 94.604036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.611928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 95.032071] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.038534] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.045238] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.051588] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.068185] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 95.108122] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.114557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.121209] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.127608] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.136232] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 95.150360] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.156765] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.163410] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.169756] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.182756] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 95.190652] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.197059] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.203724] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.210078] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.219412] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 95.231858] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.238252] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.244907] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.251254] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.259010] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 95.267589] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.273997] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.280638] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.287085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.296308] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 95.883841] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 95.894674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 95.904639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 95.911804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 95.919183] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 95.926444] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 97.271491] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.372006] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.379585] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.418311] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.438275] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.466568] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 97.482002] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.595326] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 97.604515] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 97.624405] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 97.645112] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 97.697651] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 97.707204] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 97.716986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.729384] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 97.803206] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 97.809360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 97.817632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.834862] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 97.852536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 97.859490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.875022] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 97.891476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 97.902059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.929597] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 97.938533] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 97.950038] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 97.958093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.966151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 97.973367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.986660] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.002003] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.079068] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.133857] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.146355] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.171450] 8021q: adding VLAN 0 to HW filter on device team0 2018/09/28 20:01:53 executed programs: 6 [ 99.197714] hrtimer: interrupt took 35952 ns [ 100.912998] ================================================================== [ 100.920427] BUG: KASAN: use-after-free in ccid_hc_tx_delete+0xe0/0x100 [ 100.927104] Read of size 8 at addr ffff8801c3d15380 by task ksoftirqd/1/16 [ 100.934125] [ 100.935765] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 4.19.0-rc5-next-20180928+ #84 [ 100.943822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 100.953181] Call Trace: [ 100.955795] dump_stack+0x1d3/0x2c4 [ 100.959435] ? dump_stack_print_info.cold.2+0x52/0x52 [ 100.964647] ? printk+0xa7/0xcf [ 100.967948] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 100.972729] print_address_description.cold.8+0x9/0x1ff [ 100.978106] kasan_report.cold.9+0x242/0x309 [ 100.982527] ? ccid_hc_tx_delete+0xe0/0x100 [ 100.986863] __asan_report_load8_noabort+0x14/0x20 [ 100.991809] ccid_hc_tx_delete+0xe0/0x100 [ 100.995968] ? dccp_init_sock+0x4a0/0x4a0 [ 101.000125] dccp_sk_destruct+0x3c/0x80 [ 101.004106] __sk_destruct+0x107/0xa80 [ 101.008004] ? sock_no_getname+0x10/0x10 [ 101.012080] ? lock_downgrade+0x900/0x900 [ 101.016257] ? trace_hardirqs_on+0xbd/0x310 [ 101.020579] ? kasan_check_read+0x11/0x20 [ 101.024767] ? debug_object_deactivate+0x2eb/0x450 [ 101.029728] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 101.035206] ? lock_acquire+0x1ed/0x520 [ 101.039200] ? rcu_process_callbacks+0x10f2/0x1ad0 [ 101.044144] ? lock_release+0x970/0x970 [ 101.048150] ? debug_stats_show+0x100/0x100 [ 101.052512] ? __kasan_slab_free+0x119/0x150 [ 101.056947] ? kmem_cache_free+0x21a/0x290 [ 101.061201] ? sock_no_getname+0x10/0x10 [ 101.065274] rcu_process_callbacks+0xff9/0x1ad0 [ 101.069962] ? rcu_note_context_switch+0x2150/0x2150 [ 101.075075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.080626] ? pick_next_task_fair+0xa03/0x1c20 [ 101.085306] ? rcu_qs+0x23/0x110 [ 101.088698] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.094251] ? check_preemption_disabled+0x48/0x200 [ 101.099277] ? check_preemption_disabled+0x48/0x200 [ 101.104313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.109961] ? perf_sched_cb_inc+0x350/0x350 [ 101.114386] ? __run_timers+0xa1b/0xc60 [ 101.118375] ? finish_task_switch+0x1f5/0x900 [ 101.118393] ? lock_downgrade+0x900/0x900 [ 101.118405] ? finish_task_switch+0x1b5/0x900 [ 101.118427] ? trace_hardirqs_on+0xbd/0x310 [ 101.127060] ? kasan_check_read+0x11/0x20 [ 101.127074] ? finish_task_switch+0x1f5/0x900 [ 101.127091] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 101.127105] ? compat_start_thread+0x80/0x80 [ 101.127124] ? dequeue_entity+0x1770/0x1770 [ 101.135933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.135952] ? kasan_check_write+0x14/0x20 [ 101.135965] ? finish_task_switch+0x2f5/0x900 [ 101.135981] ? __switch_to_asm+0x40/0x70 [ 101.135996] ? preempt_notifier_register+0x200/0x200 [ 101.136015] ? __switch_to_asm+0x34/0x70 [ 101.144646] ? __switch_to_asm+0x34/0x70 [ 101.144660] ? __switch_to_asm+0x40/0x70 [ 101.144674] ? __switch_to_asm+0x34/0x70 [ 101.144698] ? __switch_to_asm+0x40/0x70 [ 101.144711] ? __switch_to_asm+0x34/0x70 [ 101.144729] ? __switch_to_asm+0x40/0x70 [ 101.154598] ? __switch_to_asm+0x34/0x70 [ 101.154621] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.154638] ? check_preemption_disabled+0x48/0x200 [ 101.154655] ? rcu_preempt_need_deferred_qs+0x74/0x1f0 [ 101.154686] ? trace_hardirqs_on+0xbd/0x310 [ 101.164539] ? kvm_sched_clock_read+0x9/0x20 [ 101.164554] ? run_ksoftirqd+0x94/0x100 [ 101.164571] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 101.164588] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.164603] ? check_preemption_disabled+0x48/0x200 [ 101.164621] __do_softirq+0x30b/0xb03 [ 101.182671] ? __irqentry_text_end+0x1f9698/0x1f9698 [ 101.182697] ? schedule+0x108/0x460 [ 101.182718] ? trace_hardirqs_off+0xb8/0x310 [ 101.182735] ? smpboot_thread_fn+0x68b/0xa00 [ 101.182750] ? trace_hardirqs_on+0x310/0x310 [ 101.182767] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 101.182788] ? check_preemption_disabled+0x48/0x200 [ 101.190894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.190911] ? takeover_tasklets+0xa90/0xa90 [ 101.190926] run_ksoftirqd+0x94/0x100 [ 101.190940] smpboot_thread_fn+0x68b/0xa00 [ 101.190959] ? sort_range+0x30/0x30 [ 101.317995] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 101.323100] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 101.328637] ? __kthread_parkme+0xfb/0x1a0 [ 101.332874] ? sort_range+0x30/0x30 [ 101.336500] kthread+0x35a/0x440 [ 101.339876] ? kthread_bind+0x40/0x40 [ 101.343695] ret_from_fork+0x3a/0x50 [ 101.347413] [ 101.349032] Allocated by task 7941: [ 101.355184] save_stack+0x43/0xd0 [ 101.358658] kasan_kmalloc+0xc7/0xe0 [ 101.362377] kasan_slab_alloc+0x12/0x20 [ 101.366368] kmem_cache_alloc+0x12e/0x730 [ 101.370508] ccid_new+0x25b/0x3e0 [ 101.373954] dccp_hdlr_ccid+0x27/0x150 [ 101.377847] __dccp_feat_activate+0x188/0x280 [ 101.382353] dccp_feat_activate_values+0x3c1/0x80a [ 101.387297] dccp_rcv_state_process+0x11d4/0x1a32 [ 101.392134] dccp_v6_do_rcv+0x271/0xbf0 [ 101.396103] __release_sock+0x12a/0x3a0 [ 101.400073] release_sock+0xad/0x2c0 [ 101.403811] __inet_stream_connect+0x641/0x1150 [ 101.408483] inet_stream_connect+0x58/0xa0 [ 101.412717] __sys_connect+0x37d/0x4c0 [ 101.416599] __x64_sys_connect+0x73/0xb0 [ 101.420660] do_syscall_64+0x1b9/0x820 [ 101.424559] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 101.430145] [ 101.431774] Freed by task 7959: [ 101.435080] save_stack+0x43/0xd0 [ 101.438528] __kasan_slab_free+0x102/0x150 [ 101.442759] kasan_slab_free+0xe/0x10 [ 101.446558] kmem_cache_free+0x83/0x290 [ 101.450528] ccid_hc_tx_delete+0xc3/0x100 [ 101.454673] dccp_hdlr_ccid+0x7d/0x150 [ 101.458568] __dccp_feat_activate+0x188/0x280 [ 101.463059] dccp_feat_activate_values+0x3c1/0x80a [ 101.467989] dccp_create_openreq_child+0x47a/0x630 [ 101.472917] dccp_v6_request_recv_sock+0x278/0x2020 [ 101.477929] dccp_check_req+0x47d/0x6d0 [ 101.481899] dccp_v6_rcv+0x874/0x1ce9 [ 101.485706] ip6_input_finish+0x3fc/0x1aa0 [ 101.489938] ip6_input+0xe4/0x600 [ 101.493386] ip6_rcv_finish+0x17a/0x330 [ 101.497360] ipv6_rcv+0x10e/0x640 [ 101.500808] __netif_receive_skb_one_core+0x14d/0x200 [ 101.505992] __netif_receive_skb+0x27/0x1e0 [ 101.510321] process_backlog+0x218/0x6f0 [ 101.514380] net_rx_action+0x7c5/0x1950 [ 101.518348] __do_softirq+0x30b/0xb03 [ 101.522137] [ 101.523761] The buggy address belongs to the object at ffff8801c3d15380 [ 101.523761] which belongs to the cache ccid2_hc_tx_sock of size 1240 [ 101.536935] The buggy address is located 0 bytes inside of [ 101.536935] 1240-byte region [ffff8801c3d15380, ffff8801c3d15858) [ 101.548714] The buggy address belongs to the page: [ 101.553638] page:ffffea00070f4500 count:1 mapcount:0 mapping:ffff8801ca84b980 index:0x0 compound_mapcount: 0 [ 101.563610] flags: 0x2fffc0000010200(slab|head) [ 101.568276] raw: 02fffc0000010200 ffffea00070f2608 ffffea0006fdaf08 ffff8801ca84b980 [ 101.576180] raw: 0000000000000000 ffff8801c3d14300 0000000100000005 0000000000000000 [ 101.584063] page dumped because: kasan: bad access detected [ 101.589763] [ 101.591379] Memory state around the buggy address: [ 101.596299] ffff8801c3d15280: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc [ 101.603662] ffff8801c3d15300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.611022] >ffff8801c3d15380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 101.618366] ^ [ 101.621726] ffff8801c3d15400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 101.629079] ffff8801c3d15480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 101.636428] ================================================================== [ 101.643854] Kernel panic - not syncing: panic_on_warn set ... [ 101.643854] [ 101.651234] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 4.19.0-rc5-next-20180928+ #84 [ 101.660674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 101.670045] Call Trace: [ 101.672650] dump_stack+0x1d3/0x2c4 [ 101.676299] ? dump_stack_print_info.cold.2+0x52/0x52 [ 101.681517] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 101.686290] panic+0x238/0x4e7 [ 101.689488] ? add_taint.cold.5+0x16/0x16 [ 101.693762] ? trace_hardirqs_on+0x9a/0x310 [ 101.698096] ? trace_hardirqs_on+0xb4/0x310 [ 101.702421] ? trace_hardirqs_on+0xb4/0x310 [ 101.706769] kasan_end_report+0x47/0x4f [ 101.710755] kasan_report.cold.9+0x76/0x309 [ 101.715087] ? ccid_hc_tx_delete+0xe0/0x100 [ 101.719508] __asan_report_load8_noabort+0x14/0x20 [ 101.724444] ccid_hc_tx_delete+0xe0/0x100 [ 101.728598] ? dccp_init_sock+0x4a0/0x4a0 [ 101.732753] dccp_sk_destruct+0x3c/0x80 [ 101.736751] __sk_destruct+0x107/0xa80 [ 101.740651] ? sock_no_getname+0x10/0x10 [ 101.744743] ? lock_downgrade+0x900/0x900 [ 101.748908] ? trace_hardirqs_on+0xbd/0x310 [ 101.753239] ? kasan_check_read+0x11/0x20 [ 101.757407] ? debug_object_deactivate+0x2eb/0x450 [ 101.762344] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 101.767808] ? lock_acquire+0x1ed/0x520 [ 101.771796] ? rcu_process_callbacks+0x10f2/0x1ad0 [ 101.776740] ? lock_release+0x970/0x970 [ 101.780728] ? debug_stats_show+0x100/0x100 [ 101.785060] ? __kasan_slab_free+0x119/0x150 [ 101.789480] ? kmem_cache_free+0x21a/0x290 [ 101.793744] ? sock_no_getname+0x10/0x10 [ 101.797813] rcu_process_callbacks+0xff9/0x1ad0 [ 101.802491] ? rcu_note_context_switch+0x2150/0x2150 [ 101.807135] kobject: 'loop1' (0000000043280dd7): kobject_uevent_env [ 101.807600] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.807620] ? pick_next_task_fair+0xa03/0x1c20 [ 101.807633] ? rcu_qs+0x23/0x110 [ 101.807653] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.818742] kobject: 'loop1' (0000000043280dd7): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 101.819600] ? check_preemption_disabled+0x48/0x200 [ 101.819620] ? check_preemption_disabled+0x48/0x200 [ 101.852661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.858230] ? perf_sched_cb_inc+0x350/0x350 [ 101.862667] ? __run_timers+0xa1b/0xc60 [ 101.866668] ? finish_task_switch+0x1f5/0x900 [ 101.871189] ? lock_downgrade+0x900/0x900 [ 101.875353] ? finish_task_switch+0x1b5/0x900 [ 101.879891] ? trace_hardirqs_on+0xbd/0x310 [ 101.884227] ? kasan_check_read+0x11/0x20 [ 101.888386] ? finish_task_switch+0x1f5/0x900 [ 101.892890] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 101.898348] ? compat_start_thread+0x80/0x80 [ 101.902770] ? dequeue_entity+0x1770/0x1770 [ 101.907102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.912656] ? kasan_check_write+0x14/0x20 [ 101.916910] ? finish_task_switch+0x2f5/0x900 [ 101.921417] ? __switch_to_asm+0x40/0x70 [ 101.925489] ? preempt_notifier_register+0x200/0x200 [ 101.930617] ? __switch_to_asm+0x34/0x70 [ 101.934704] ? __switch_to_asm+0x34/0x70 [ 101.938775] ? __switch_to_asm+0x40/0x70 [ 101.942846] ? __switch_to_asm+0x34/0x70 [ 101.946913] ? __switch_to_asm+0x40/0x70 [ 101.951032] ? __switch_to_asm+0x34/0x70 [ 101.955100] ? __switch_to_asm+0x40/0x70 [ 101.959171] ? __switch_to_asm+0x34/0x70 [ 101.963256] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.968808] ? check_preemption_disabled+0x48/0x200 [ 101.973849] ? rcu_preempt_need_deferred_qs+0x74/0x1f0 [ 101.979140] ? trace_hardirqs_on+0xbd/0x310 [ 101.983487] ? kvm_sched_clock_read+0x9/0x20 [ 101.985377] kobject: 'loop1' (0000000043280dd7): kobject_uevent_env [ 101.987901] ? run_ksoftirqd+0x94/0x100 [ 101.987919] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 101.987935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.987956] ? check_preemption_disabled+0x48/0x200 [ 102.014302] __do_softirq+0x30b/0xb03 [ 102.017673] kobject: 'loop1' (0000000043280dd7): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 102.018112] ? __irqentry_text_end+0x1f9698/0x1f9698 [ 102.032648] ? schedule+0x108/0x460 [ 102.036304] ? trace_hardirqs_off+0xb8/0x310 [ 102.040737] ? smpboot_thread_fn+0x68b/0xa00 [ 102.045163] ? trace_hardirqs_on+0x310/0x310 [ 102.049587] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 102.055134] ? check_preemption_disabled+0x48/0x200 [ 102.060163] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.065724] ? takeover_tasklets+0xa90/0xa90 [ 102.070144] run_ksoftirqd+0x94/0x100 [ 102.073962] smpboot_thread_fn+0x68b/0xa00 [ 102.078214] ? sort_range+0x30/0x30 [ 102.081858] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 102.086977] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 102.092536] ? __kthread_parkme+0xfb/0x1a0 [ 102.096786] ? sort_range+0x30/0x30 [ 102.100425] kthread+0x35a/0x440 [ 102.103799] ? kthread_bind+0x40/0x40 [ 102.107612] ret_from_fork+0x3a/0x50 [ 102.112285] Kernel Offset: disabled [ 102.115908] Rebooting in 86400 seconds..