[ 35.737535] audit: type=1800 audit(1551272327.432:28): pid=7522 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.537795] audit: type=1800 audit(1551272328.312:29): pid=7522 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 36.556789] audit: type=1800 audit(1551272328.312:30): pid=7522 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.116' (ECDSA) to the list of known hosts. 2019/02/27 12:59:15 parsed 1 programs 2019/02/27 12:59:18 executed programs: 0 syzkaller login: [ 66.384704] IPVS: ftp: loaded support on port[0] = 21 [ 66.386322] IPVS: ftp: loaded support on port[0] = 21 [ 66.405142] IPVS: ftp: loaded support on port[0] = 21 [ 66.417161] IPVS: ftp: loaded support on port[0] = 21 [ 66.452358] IPVS: ftp: loaded support on port[0] = 21 [ 66.463623] IPVS: ftp: loaded support on port[0] = 21 [ 66.613032] chnl_net:caif_netlink_parms(): no params data found [ 66.638407] chnl_net:caif_netlink_parms(): no params data found [ 66.673530] chnl_net:caif_netlink_parms(): no params data found [ 66.699373] chnl_net:caif_netlink_parms(): no params data found [ 66.743647] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.750082] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.758065] device bridge_slave_0 entered promiscuous mode [ 66.765109] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.771442] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.778430] device bridge_slave_0 entered promiscuous mode [ 66.785187] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.791507] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.798353] device bridge_slave_1 entered promiscuous mode [ 66.821608] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.828555] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.835473] device bridge_slave_1 entered promiscuous mode [ 66.868442] chnl_net:caif_netlink_parms(): no params data found [ 66.881230] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.887675] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.894508] device bridge_slave_0 entered promiscuous mode [ 66.902330] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 66.909922] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.916445] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.923265] device bridge_slave_1 entered promiscuous mode [ 66.950185] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 66.965783] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 66.983104] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.989574] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.997441] device bridge_slave_0 entered promiscuous mode [ 67.006963] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.013962] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.020872] device bridge_slave_1 entered promiscuous mode [ 67.030790] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 67.047090] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.054228] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.061193] device bridge_slave_0 entered promiscuous mode [ 67.070503] team0: Port device team_slave_0 added [ 67.076552] team0: Port device team_slave_1 added [ 67.086589] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 67.099734] chnl_net:caif_netlink_parms(): no params data found [ 67.109706] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.116186] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.123679] device bridge_slave_1 entered promiscuous mode [ 67.142122] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 67.158877] team0: Port device team_slave_0 added [ 67.172981] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 67.181165] team0: Port device team_slave_1 added [ 67.187038] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 67.195782] team0: Port device team_slave_0 added [ 67.212927] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 67.227508] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 67.236071] team0: Port device team_slave_1 added [ 67.249716] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.256195] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.263282] device bridge_slave_0 entered promiscuous mode [ 67.276298] team0: Port device team_slave_0 added [ 67.283340] team0: Port device team_slave_1 added [ 67.293445] team0: Port device team_slave_0 added [ 67.301477] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.308118] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.314964] device bridge_slave_1 entered promiscuous mode [ 67.364832] device hsr_slave_0 entered promiscuous mode [ 67.402531] device hsr_slave_1 entered promiscuous mode [ 67.464992] team0: Port device team_slave_1 added [ 67.503126] device hsr_slave_0 entered promiscuous mode [ 67.582049] device hsr_slave_1 entered promiscuous mode [ 67.725470] device hsr_slave_0 entered promiscuous mode [ 67.782271] device hsr_slave_1 entered promiscuous mode [ 67.830048] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 67.840815] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 67.924444] device hsr_slave_0 entered promiscuous mode [ 67.962057] device hsr_slave_1 entered promiscuous mode [ 68.015864] team0: Port device team_slave_0 added [ 68.105147] device hsr_slave_0 entered promiscuous mode [ 68.142253] device hsr_slave_1 entered promiscuous mode [ 68.183018] team0: Port device team_slave_1 added [ 68.263328] device hsr_slave_0 entered promiscuous mode [ 68.302273] device hsr_slave_1 entered promiscuous mode [ 68.435394] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.454161] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.473707] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.484686] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.508175] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.531440] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.540900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.548919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.556043] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.563203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.569963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.577369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.588689] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.605053] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.623539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.630394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.637856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 68.645766] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.653664] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.660105] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.667316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 68.675181] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.682859] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.689188] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.697204] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 68.704486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 68.712486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.720115] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.726507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.734789] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 68.750359] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.772560] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 68.780376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.789132] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.795511] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.803274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 68.810945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 68.818753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.826390] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.832813] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.839731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 68.847546] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.855120] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.861443] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.868278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 68.875948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 68.884924] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 68.892587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 68.914337] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.929101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.936086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 68.944072] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.951601] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.957968] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.967466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 68.975240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.982882] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.989234] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.996070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 69.004004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 69.010763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 69.017698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 69.045888] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 69.055699] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 69.080290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 69.088529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.096498] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.104143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.111807] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.119339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 69.127178] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 69.135256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 69.143282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 69.150915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.158815] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.166683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.174484] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.182505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 69.189891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.197301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.204944] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.212628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.220381] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.228063] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.234448] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.241259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.250031] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.257643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.265470] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.273060] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 69.280498] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 69.299990] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 69.309899] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 69.341650] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.351203] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 69.358831] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 69.365810] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 69.372925] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 69.379771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 69.387214] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 69.394098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 69.401419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 69.409222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 69.417251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.425099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.432822] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.440317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 69.448070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 69.455707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 69.463586] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.470858] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 69.478732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.486588] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.492980] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.499790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 69.507449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 69.515298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.523099] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.530600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 69.537552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 69.546081] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 69.567623] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 69.577870] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 69.590132] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 69.597446] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 69.605040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.613204] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.620650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 69.628573] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 69.636531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 69.644168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.652509] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 69.668579] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.680485] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.689459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 69.697399] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.704989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.713134] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.720649] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.727062] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.743848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 69.754640] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.773021] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 69.780231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 69.788362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.798254] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.804710] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.822861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 69.836871] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.859493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 69.878097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.912754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.940423] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.969083] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 69.989475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 70.007838] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 70.032794] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 70.065623] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 70.081290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 70.089375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 70.104828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 70.185911] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/02/27 12:59:23 executed programs: 57 2019/02/27 12:59:28 executed programs: 267 2019/02/27 12:59:33 executed programs: 488 2019/02/27 12:59:38 executed programs: 701 2019/02/27 12:59:43 executed programs: 912 2019/02/27 12:59:48 executed programs: 1121 2019/02/27 12:59:53 executed programs: 1339 [ 101.940024] ================================================================== [ 101.947535] BUG: KASAN: use-after-free in unix_dgram_poll+0x5e1/0x690 [ 101.954112] Read of size 4 at addr ffff8880a01afc20 by task syz-executor.5/13126 [ 101.961640] [ 101.963275] CPU: 1 PID: 13126 Comm: syz-executor.5 Not tainted 5.0.0-rc8+ #88 [ 101.970542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 101.979877] Call Trace: [ 101.982476] dump_stack+0x172/0x1f0 [ 101.986155] ? unix_dgram_poll+0x5e1/0x690 [ 101.990407] ? aio_setup_rw+0x180/0x180 [ 101.994366] print_address_description.cold+0x7c/0x20d [ 101.999654] ? unix_dgram_poll+0x5e1/0x690 [ 102.003889] ? unix_dgram_poll+0x5e1/0x690 [ 102.008114] ? aio_setup_rw+0x180/0x180 [ 102.012077] kasan_report.cold+0x1b/0x40 [ 102.016124] ? unix_dgram_poll+0x5e1/0x690 [ 102.020378] __asan_report_load4_noabort+0x14/0x20 [ 102.025307] unix_dgram_poll+0x5e1/0x690 [ 102.029397] ? unix_writable.part.0+0xb0/0xb0 [ 102.033903] sock_poll+0x291/0x340 [ 102.037453] io_submit_one+0xe3e/0x1cf0 [ 102.041417] ? sock_ioctl+0x610/0x610 [ 102.045228] ? ioctx_alloc+0x1db0/0x1db0 [ 102.049293] ? __might_fault+0x12b/0x1e0 [ 102.053335] ? aio_setup_rw+0x180/0x180 [ 102.057305] __x64_sys_io_submit+0x1bd/0x580 [ 102.061713] ? __x64_sys_io_submit+0x1bd/0x580 [ 102.066285] ? __ia32_sys_io_destroy+0x420/0x420 [ 102.071026] ? 0xffffffff81000000 [ 102.074524] ? do_syscall_64+0x26/0x610 [ 102.078510] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.083857] ? do_syscall_64+0x26/0x610 [ 102.087817] ? lockdep_hardirqs_on+0x415/0x5d0 [ 102.092386] do_syscall_64+0x103/0x610 [ 102.096256] ? __ia32_sys_io_destroy+0x420/0x420 [ 102.100998] ? do_syscall_64+0x103/0x610 [ 102.105048] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.110236] RIP: 0033:0x457e29 [ 102.113415] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 102.132317] RSP: 002b:00007ff39b9c3c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 102.140015] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 102.147297] RDX: 0000000020000600 RSI: 1ffffffffffffd70 RDI: 00007ff39b9a3000 [ 102.154558] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 102.161823] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff39b9c46d4 [ 102.169074] R13: 00000000004bf02f R14: 00000000004d09b0 R15: 00000000ffffffff [ 102.176328] [ 102.177938] Allocated by task 13126: [ 102.181658] save_stack+0x45/0xd0 [ 102.185134] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 102.190064] kasan_slab_alloc+0xf/0x20 [ 102.193951] kmem_cache_alloc+0x11a/0x6f0 [ 102.198121] sk_prot_alloc+0x67/0x2e0 [ 102.201910] sk_alloc+0x39/0xf70 [ 102.205285] unix_create1+0xc3/0x530 [ 102.208992] unix_create+0x103/0x1e0 [ 102.212704] __sock_create+0x3e6/0x750 [ 102.216593] __sys_socketpair+0x272/0x5e0 [ 102.220722] __x64_sys_socketpair+0x97/0xf0 [ 102.225124] do_syscall_64+0x103/0x610 [ 102.228993] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.234169] [ 102.235825] Freed by task 13125: [ 102.239204] save_stack+0x45/0xd0 [ 102.242649] __kasan_slab_free+0x102/0x150 [ 102.246884] kasan_slab_free+0xe/0x10 [ 102.250676] kmem_cache_free+0x86/0x260 [ 102.254638] __sk_destruct+0x4b6/0x6d0 [ 102.258505] sk_destruct+0x7b/0x90 [ 102.262027] __sk_free+0xce/0x300 [ 102.265462] sk_free+0x42/0x50 [ 102.268642] unix_release_sock+0x921/0xbb0 [ 102.272865] unix_release+0x44/0x90 [ 102.276480] __sock_release+0xd3/0x250 [ 102.280349] sock_close+0x1b/0x30 [ 102.283785] __fput+0x2df/0x8d0 [ 102.287048] ____fput+0x16/0x20 [ 102.290328] task_work_run+0x14a/0x1c0 [ 102.294209] exit_to_usermode_loop+0x273/0x2c0 [ 102.298787] do_syscall_64+0x52d/0x610 [ 102.302699] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.307877] [ 102.309488] The buggy address belongs to the object at ffff8880a01af880 [ 102.309488] which belongs to the cache UNIX(23:syz5) of size 1728 [ 102.322411] The buggy address is located 928 bytes inside of [ 102.322411] 1728-byte region [ffff8880a01af880, ffff8880a01aff40) [ 102.334394] The buggy address belongs to the page: [ 102.339318] page:ffffea0002806bc0 count:1 mapcount:0 mapping:ffff888094fa46c0 index:0x0 [ 102.347481] flags: 0x1fffc0000000200(slab) [ 102.351733] raw: 01fffc0000000200 ffffea0002955ec8 ffffea00025d9e88 ffff888094fa46c0 [ 102.359620] raw: 0000000000000000 ffff8880a01af140 0000000100000002 ffff88808c96eec0 [ 102.367477] page dumped because: kasan: bad access detected [ 102.373164] page->mem_cgroup:ffff88808c96eec0 [ 102.377636] [ 102.379241] Memory state around the buggy address: [ 102.384160] ffff8880a01afb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 102.391538] ffff8880a01afb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 102.398885] >ffff8880a01afc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 102.406223] ^ [ 102.410630] ffff8880a01afc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 102.418013] ffff8880a01afd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 102.425360] ================================================================== [ 102.432711] Disabling lock debugging due to kernel taint [ 102.463587] ------------[ cut here ]------------ [ 102.468352] downgrading a read lock [ 102.468449] WARNING: CPU: 1 PID: 13124 at kernel/locking/lockdep.c:3553 lock_downgrade+0x478/0x810 [ 102.468659] kobject: 'loop3' (00000000fcb52bc5): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 102.472076] Kernel panic - not syncing: panic_on_warn set ... [ 102.472091] CPU: 1 PID: 13124 Comm: blkid Tainted: G B 5.0.0-rc8+ #88 [ 102.472098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 102.472102] Call Trace: [ 102.472121] dump_stack+0x172/0x1f0 [ 102.472134] ? lock_downgrade+0x380/0x810 [ 102.524085] panic+0x2cb/0x65c [ 102.527276] ? __warn_printk+0xf3/0xf3 [ 102.531161] ? lock_downgrade+0x478/0x810 [ 102.535304] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.540855] ? __warn.cold+0x5/0x45 [ 102.544494] ? __warn+0xe8/0x1d0 [ 102.547866] ? lock_downgrade+0x478/0x810 [ 102.552020] __warn.cold+0x20/0x45 [ 102.555551] ? lock_downgrade+0x478/0x810 [ 102.559717] report_bug+0x263/0x2b0 [ 102.563362] do_error_trap+0x11b/0x200 [ 102.567242] do_invalid_op+0x37/0x50 [ 102.570943] ? lock_downgrade+0x478/0x810 [ 102.575087] invalid_op+0x14/0x20 [ 102.578535] RIP: 0010:lock_downgrade+0x478/0x810 [ 102.583279] Code: 4c 89 c6 4c 89 e7 e8 97 79 ff ff e9 32 ff ff ff 48 c7 c7 40 a9 6b 87 4c 89 8d 60 ff ff ff 48 89 85 68 ff ff ff e8 a6 e5 eb ff <0f> 0b 8b 55 98 4c 8b 8d 60 ff ff ff 48 8b 85 68 ff ff ff e9 38 fe [ 102.602167] RSP: 0018:ffff8880901efce8 EFLAGS: 00010082 [ 102.607519] RAX: 0000000000000000 RBX: 1ffff1101203dfa2 RCX: 0000000000000000 [ 102.614779] RDX: 0000000000000000 RSI: ffffffff815a9066 RDI: ffffed101203df8f [ 102.622037] RBP: ffff8880901efd98 R08: ffff8880874e0640 R09: fffffbfff1133349 [ 102.629299] R10: fffffbfff1133348 R11: ffffffff88999a43 R12: ffff8880874e0640 [ 102.636560] R13: ffffffff8a556aa0 R14: 0000000000000001 R15: ffff8880874e0eb8 [ 102.643833] ? vprintk_func+0x86/0x189 [ 102.647716] ? lock_downgrade+0x478/0x810 [ 102.651855] ? __do_munmap+0xc5a/0xef0 [ 102.655746] ? lock_set_class+0x770/0x770 [ 102.659882] ? vma_compute_subtree_gap+0x230/0x230 [ 102.664801] ? __vma_rb_erase+0x465/0xad0 [ 102.668953] downgrade_write+0x19/0x160 [ 102.672922] __do_munmap+0xc5a/0xef0 [ 102.676681] __vm_munmap+0xff/0x1a0 [ 102.680306] ? __do_munmap+0xef0/0xef0 [ 102.684216] ? blocking_notifier_call_chain+0x5e/0xb0 [ 102.689395] __x64_sys_munmap+0x67/0x80 [ 102.693358] do_syscall_64+0x103/0x610 [ 102.697262] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.702502] RIP: 0033:0x7f480ca3c417 [ 102.706203] Code: f0 ff ff 73 01 c3 48 8d 0d 8a ad 20 00 31 d2 48 29 c2 89 11 48 83 c8 ff eb eb 90 90 90 90 90 90 90 90 90 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d 5d ad 20 00 31 d2 48 29 c2 89 [ 102.725087] RSP: 002b:00007ffc68fcb3c8 EFLAGS: 00000203 ORIG_RAX: 000000000000000b [ 102.732789] RAX: ffffffffffffffda RBX: 00007f480cc471c8 RCX: 00007f480ca3c417 [ 102.740063] RDX: 00000000000e1100 RSI: 00000000000033ef RDI: 00007f480cc3f000 [ 102.747319] RBP: 00007ffc68fcb530 R08: 0000000000000001 R09: 0000000000000007 [ 102.754579] R10: 00007f480ca36a0b R11: 0000000000000203 R12: 000000007c486620 [ 102.761836] R13: 000000397c486620 R14: 000000397c3ba207 R15: 00007f480cc3c740 [ 103.977758] Shutting down cpus with NMI [ 103.982709] Kernel Offset: disabled [ 103.986330] Rebooting in 86400 seconds..