Starting Network Time Synchronization... [ OK ] Started Network Time Synchronization. [ OK ] Started Raise network interfaces. [ OK ] Reached target Network. Starting OpenBSD Secure Shell server... Starting Permit User Sessions... [ OK ] Started Permit User Sessions. [ OK ] Started OpenBSD Secure Shell server. [ 11.724810][ C0] random: crng init done [ 11.725768][ C0] random: 7 urandom warning(s) missed due to ratelimiting Warning: Permanently added '10.128.0.236' (ECDSA) to the list of known hosts. 2020/09/07 01:09:51 parsed 1 programs 2020/09/07 01:09:51 executed programs: 0 [* ] A start job is running for dev-ttyS0.device (8s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (9s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (10s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (10s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (11s / 1min 30s)[ 18.417581][ T22] audit: type=1400 audit(1599440991.751:8): avc: denied { execmem } for pid=365 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 18.425474][ T369] cgroup1: Unknown subsys name 'perf_event' [ 18.443108][ T371] cgroup1: Unknown subsys name 'perf_event' [ 18.449541][ T373] cgroup1: Unknown subsys name 'perf_event' [ 18.454722][ T371] cgroup1: Unknown subsys name 'net_cls' [ 18.455945][ T373] cgroup1: Unknown subsys name 'net_cls' [ 18.469581][ T369] cgroup1: Unknown subsys name 'net_cls' [ 18.473893][ T375] cgroup1: Unknown subsys name 'perf_event' [ *[ 18.482501][ T378] cgroup1: Unknown subsys name 'perf_event' *[[ 18.483456][ T375] cgroup1: Unknown subsys name 'net_cls' 0;31m*] A start job is running for dev-ttyS0.device (11s / 1[ 18.500381][ T378] cgroup1: Unknown subsys name 'net_cls' min 30s)[ 18.510896][ T390] cgroup1: Unknown subsys name 'perf_event' [ 18.518479][ T390] cgroup1: Unknown subsys name 'net_cls' [ **] A start job is running for dev-ttyS0.device (12s / 1min 30s) [ *] A start job is running for dev-ttyS0.device (13s / 1min 30s) [ **] A start job is running for dev-ttyS0.device (13s / 1min 30s) [ ***] A start job is running for dev-ttyS0.device (14s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (14s / 1min 30s)[ 22.090426][ T22] audit: type=1400 audit(1599440995.418:9): avc: denied { block_suspend } for pid=2767 comm="syz-executor.3" capability=36 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 2020/09/07 01:09:56 executed programs: 118 [ *** ] A start job is running for dev-ttyS0.device (15s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (16s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (16s / 1min 30s)[ 24.045899][ T3445] ================================================================== [ 24.054021][ T3445] BUG: KASAN: use-after-free in _raw_spin_lock_irqsave+0xcd/0x1c0 [ 24.061834][ T3445] Write of size 4 at addr ffff8881d4f91d88 by task syz-executor.4/3445 [ 24.070050][ T3445] [ 24.072387][ T3445] CPU: 1 PID: 3445 Comm: syz-executor.4 Not tainted 5.4.63-syzkaller-01128-g0ef1db7b69dd #0 [ 24.082434][ T3445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.092482][ T3445] Call Trace: [ 24.095761][ T3445] dump_stack+0x1b0/0x21e [ 24.100091][ T3445] ? put_task_stack+0x202/0x230 [ 24.104931][ T3445] ? show_regs_print_info+0x12/0x12 [ 24.110118][ T3445] ? put_task_struct_rcu_user+0x32/0x60 [ 24.115736][ T3445] ? printk+0xc0/0x104 [ 24.119801][ T3445] print_address_description+0x96/0x5d0 [ 24.125344][ T3445] ? devkmsg_release+0x11c/0x11c [ 24.130275][ T3445] __kasan_report+0x14b/0x1c0 [ 24.134941][ T3445] ? _raw_spin_lock_irqsave+0xcd/0x1c0 [ 24.140418][ T3445] ? _raw_spin_unlock+0x5/0x20 [ 24.145169][ T3445] kasan_report+0x27/0x50 [ 24.149486][ T3445] ? _raw_spin_unlock+0x5/0x20 [ 24.154265][ T3445] check_memory_region+0x2b5/0x2f0 [ 24.159364][ T3445] _raw_spin_lock_irqsave+0xcd/0x1c0 [ 24.164637][ T3445] ? _raw_spin_lock+0x170/0x170 [ 24.169475][ T3445] ? wake_up_new_task+0x923/0xa90 [ 24.174491][ T3445] ? memset+0x1f/0x40 [ 24.178463][ T3445] __wake_up+0x128/0x210 [ 24.182697][ T3445] ? remove_wait_queue+0x120/0x120 [ 24.187800][ T3445] ? mutex_lock+0x106/0x110 [ 24.192299][ T3445] ? __fsnotify_parent+0x300/0x300 [ 24.197399][ T3445] ? put_timespec64+0x106/0x150 [ 24.202256][ T3445] eventfd_release+0x4f/0xe0 [ 24.206837][ T3445] ? eventfd_poll+0x100/0x100 [ 24.211502][ T3445] __fput+0x27d/0x6c0 [ 24.215472][ T3445] task_work_run+0x176/0x1a0 [ 24.220134][ T3445] prepare_exit_to_usermode+0x286/0x2e0 [ 24.225683][ T3445] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.231559][ T3445] RIP: 0033:0x416f01 [ 24.235447][ T3445] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 24.255040][ T3445] RSP: 002b:00007ffe7e7f98f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 24.263488][ T3445] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000416f01 [ 24.271443][ T3445] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 0000000000000003 [ 24.279415][ T3445] RBP: 0000000000000000 R08: 0000000001190378 R09: 0000000000000000 [ 24.287379][ T3445] R10: 00007ffe7e7f99d0 R11: 0000000000000293 R12: 0000000001190380 [ 24.295335][ T3445] R13: 0000000000000000 R14: ffffffffffffffff R15: 000000000118cf4c [ 24.303300][ T3445] [ 24.305613][ T3445] Allocated by task 3449: [ 24.309931][ T3445] __kasan_kmalloc+0x117/0x1b0 [ 24.314688][ T3445] kmem_cache_alloc_trace+0xc3/0x270 [ 24.319958][ T3445] do_eventfd+0x81/0x250 [ 24.324188][ T3445] __x64_sys_eventfd+0x35/0x40 [ 24.328929][ T3445] do_syscall_64+0xcb/0x150 [ 24.333582][ T3445] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.339450][ T3445] [ 24.341868][ T3445] Freed by task 3454: [ 24.345818][ T3445] __kasan_slab_free+0x168/0x220 [ 24.350729][ T3445] slab_free_freelist_hook+0xd0/0x150 [ 24.356112][ T3445] kfree+0x12b/0x5d0 [ 24.359972][ T3445] eventfd_release+0xbb/0xe0 [ 24.364553][ T3445] __fput+0x27d/0x6c0 [ 24.368510][ T3445] task_work_run+0x176/0x1a0 [ 24.373066][ T3445] prepare_exit_to_usermode+0x286/0x2e0 [ 24.378581][ T3445] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.384435][ T3445] [ 24.386731][ T3445] The buggy address belongs to the object at ffff8881d4f91d80 [ 24.386731][ T3445] which belongs to the cache kmalloc-64 of size 64 [ 24.400616][ T3445] The buggy address is located 8 bytes inside of [ 24.400616][ T3445] 64-byte region [ffff8881d4f91d80, ffff8881d4f91dc0) [ 24.413602][ T3445] The buggy address belongs to the page: [ 24.419223][ T3445] page:ffffea000753e440 refcount:1 mapcount:0 mapping:ffff8881da803180 index:0xffff8881d4f91b80 [ 24.429612][ T3445] flags: 0x8000000000000200(slab) [ 24.434605][ T3445] raw: 8000000000000200 ffffea0007493100 0000000b0000000b ffff8881da803180 [ 24.443158][ T3445] raw: ffff8881d4f91b80 000000008020000f 00000001ffffffff 0000000000000000 [ 24.451715][ T3445] page dumped because: kasan: bad access detected [ 24.458093][ T3445] [ 24.460400][ T3445] Memory state around the buggy address: [ 24.466002][ T3445] ffff8881d4f91c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.474030][ T3445] ffff8881d4f91d00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.482056][ T3445] >ffff8881d4f91d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.490094][ T3445] ^ [ 24.494390][ T3445] ffff8881d4f91e00: 00 00 00 00 00 00 00 06 fc fc fc fc fc fc fc fc [ 24.502428][ T3445] ffff8881d4f91e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.510465][ T3445] ================================================================== [ 24.518489][ T3445] Disabling lock debugging due to kernel taint [* ] A start job is running for dev-ttyS0.device (17s / 1min 30s)[ 24.541217][ T3445] ================================================================== [ 24.549286][ T3445] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0xac/0x5c0 [ 24.557583][ T3445] [ 24.559885][ T3445] CPU: 1 PID: 3445 Comm: syz-executor.4 Tainted: G B 5.4.63-syzkaller-01128-g0ef1db7b69dd #0 [ 24.571295][ T3445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.581320][ T3445] Call Trace: [ 24.584586][ T3445] dump_stack+0x1b0/0x21e [ 24.588923][ T3445] ? vprintk_emit+0x32b/0x470 [ 24.593573][ T3445] ? show_regs_print_info+0x12/0x12 [ 24.598748][ T3445] ? printk+0xc0/0x104 [ 24.602824][ T3445] ? kmem_cache_free+0xac/0x5c0 [ 24.607642][ T3445] ? kmem_cache_free+0xac/0x5c0 [ 24.612459][ T3445] print_address_description+0x96/0x5d0 [ 24.617970][ T3445] ? devkmsg_release+0x11c/0x11c [ 24.622874][ T3445] ? switch_mm_irqs_off+0x46e/0x870 [ 24.628041][ T3445] ? kmem_cache_free+0xac/0x5c0 [ 24.632859][ T3445] ? kmem_cache_free+0xac/0x5c0 [ 24.637673][ T3445] kasan_report_invalid_free+0x54/0xc0 [ 24.643111][ T3445] __kasan_slab_free+0x102/0x220 [ 24.648033][ T3445] ? __schedule+0x8ae/0xe30 [ 24.652513][ T3445] ? cmp_ex_search+0x6d/0x90 [ 24.657068][ T3445] ? __start___ex_table+0x4818/0xa5fc [ 24.662406][ T3445] ? bsearch+0x9b/0xc0 [ 24.666489][ T3445] ? search_extable+0xf0/0xf0 [ 24.671133][ T3445] ? csum_partial_copy_generic+0xa2c/0x3ee0 [ 24.676991][ T3445] ? __stop_notes+0xc/0xc [ 24.681329][ T3445] ? search_extable+0xaf/0xf0 [ 24.685976][ T3445] ? __rcu_read_lock+0x50/0x50 [ 24.690709][ T3445] ? trim_init_extable+0x3e0/0x3e0 [ 24.695792][ T3445] ? csum_partial_copy_generic+0xa2c/0x3ee0 [ 24.701651][ T3445] ? __start___ex_table+0x4818/0xa5fc [ 24.706994][ T3445] ? __start___ex_table+0x4818/0xa5fc [ 24.712345][ T3445] ? kasan_report+0x27/0x50 [ 24.716905][ T3445] ? ex_handler_refcount+0x130/0x170 [ 24.722154][ T3445] ? ex_handler_fault+0xa0/0xa0 [ 24.726970][ T3445] ? kasan_report+0x27/0x50 [ 24.731452][ T3445] ? check_memory_region+0x2b5/0x2f0 [ 24.736702][ T3445] slab_free_freelist_hook+0xd0/0x150 [ 24.742054][ T3445] ? dput+0x2e1/0x5e0 [ 24.746010][ T3445] kmem_cache_free+0xac/0x5c0 [ 24.750680][ T3445] ? kasan_report+0x27/0x50 [ 24.755164][ T3445] dput+0x2e1/0x5e0 [ 24.758939][ T3445] __fput+0x46b/0x6c0 [ 24.762888][ T3445] task_work_run+0x176/0x1a0 [ 24.767560][ T3445] prepare_exit_to_usermode+0x286/0x2e0 [ 24.773074][ T3445] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.778953][ T3445] RIP: 0033:0x416f01 [ 24.782826][ T3445] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 24.802403][ T3445] RSP: 002b:00007ffe7e7f98f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 24.810934][ T3445] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000416f01 [ 24.818879][ T3445] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 0000000000000003 [ 24.826822][ T3445] RBP: 0000000000000000 R08: 0000000001190378 R09: 0000000000000000 [ 24.834799][ T3445] R10: 00007ffe7e7f99d0 R11: 0000000000000293 R12: 0000000001190380 [ 24.842746][ T3445] R13: 0000000000000000 R14: ffffffffffffffff R15: 000000000118cf4c [ 24.850689][ T3445] [ 24.853016][ T3445] Allocated by task 3449: [ 24.857315][ T3445] __kasan_kmalloc+0x117/0x1b0 [ 24.862065][ T3445] kmem_cache_alloc+0x1d5/0x250 [ 24.866882][ T3445] __d_alloc+0x2a/0x6b0 [ 24.871004][ T3445] d_alloc_pseudo+0x19/0x70 [ 24.875472][ T3445] alloc_file_pseudo+0x128/0x310 [ 24.880393][ T3445] anon_inode_getfile+0xa7/0x170 [ 24.885302][ T3445] anon_inode_getfd+0x3e/0x80 [ 24.889948][ T3445] do_eventfd+0x16b/0x250 [ 24.894262][ T3445] __x64_sys_eventfd+0x35/0x40 [ 24.899009][ T3445] do_syscall_64+0xcb/0x150 [ 24.903498][ T3445] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.909352][ T3445] [ 24.911646][ T3445] Freed by task 3454: [ 24.915612][ T3445] __kasan_slab_free+0x168/0x220 [ 24.920534][ T3445] slab_free_freelist_hook+0xd0/0x150 [ 24.925881][ T3445] kmem_cache_free+0xac/0x5c0 [ 24.930523][ T3445] dput+0x2e1/0x5e0 [ 24.934301][ T3445] __fput+0x46b/0x6c0 [ 24.938250][ T3445] task_work_run+0x176/0x1a0 [ 24.942827][ T3445] prepare_exit_to_usermode+0x286/0x2e0 [ 24.948340][ T3445] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.954193][ T3445] [ 24.956491][ T3445] The buggy address belongs to the object at ffff8881d3bdfcc0 [ 24.956491][ T3445] which belongs to the cache dentry of size 208 [ 24.970077][ T3445] The buggy address is located 0 bytes inside of [ 24.970077][ T3445] 208-byte region [ffff8881d3bdfcc0, ffff8881d3bdfd90) [ 24.983138][ T3445] The buggy address belongs to the page: [ 24.988752][ T3445] page:ffffea00074ef7c0 refcount:1 mapcount:0 mapping:ffff8881da8ef900 index:0x0 [ 24.997843][ T3445] flags: 0x8000000000000200(slab) [ 25.002852][ T3445] raw: 8000000000000200 ffffea00074ef300 0000000b00000002 ffff8881da8ef900 [ 25.011418][ T3445] raw: 0000000000000000 00000000000f000f 00000001ffffffff 0000000000000000 [ 25.019965][ T3445] page dumped because: kasan: bad access detected [ 25.026393][ T3445] [ 25.028692][ T3445] Memory state around the buggy address: [ 25.034309][ T3445] ffff8881d3bdfb80: fc fc fc fc fc fc fb fb fb fb fb fb fb fb fb fb [ 25.042340][ T3445] ffff8881d3bdfc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.050371][ T3445] >ffff8881d3bdfc80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 25.058398][ T3445] ^ [ 25.064556][ T3445] ffff8881d3bdfd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.072610][ T3445] ffff8881d3bdfd80: fb fb fc fc fc fc fc fc fc fc fb fb fb fb fb fb [ 25.080649][ T3445] ================================================================== [** ] A start job is running for dev-ttyS0.device (18[ 25.127450][ C0] ================================================================== [ 25.135758][ C0] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0xac/0x5c0 [ 25.144057][ C0] [ 25.146383][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Tainted: G B 5.4.63-syzkaller-01128-g0ef1db7b69dd #0 [ 25.157297][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.167374][ C0] Call Trace: [ 25.170707][ C0] dump_stack+0x1b0/0x21e [ 25.175054][ C0] ? arch_stack_walk+0xb4/0xe0 [ 25.179915][ C0] ? show_regs_print_info+0x12/0x12 [ 25.185119][ C0] ? printk+0xc0/0x104 [ 25.189188][ C0] ? kmem_cache_free+0xac/0x5c0 [ 25.194039][ C0] ? kmem_cache_free+0xac/0x5c0 [ 25.198887][ C0] print_address_description+0x96/0x5d0 [ 25.204429][ C0] ? devkmsg_release+0x11c/0x11c [ 25.209365][ C0] ? kmem_cache_free+0xac/0x5c0 [ 25.214213][ C0] ? kmem_cache_free+0xac/0x5c0 [ 25.219060][ C0] kasan_report_invalid_free+0x54/0xc0 [ 25.224515][ C0] __kasan_slab_free+0x102/0x220 [ 25.229447][ C0] ? __kasan_slab_free+0x168/0x220 [ 25.234556][ C0] ? slab_free_freelist_hook+0xd0/0x150 [ 25.240103][ C0] ? kmem_cache_free+0xac/0x5c0 [ 25.244963][ C0] ? rcu_core+0xb30/0x1270 [ 25.249366][ C0] ? __do_softirq+0x22e/0x569 [ 25.254037][ C0] ? run_ksoftirqd+0x13/0x20 [ 25.258620][ C0] ? smpboot_thread_fn+0x4f2/0x880 [ 25.263724][ C0] ? kthread+0x317/0x340 [ 25.267959][ C0] ? ret_from_fork+0x1f/0x30 [ 25.272545][ C0] ? ttwu_do_wakeup+0x154/0x5b0 [ 25.277394][ C0] ? _raw_spin_unlock+0x5/0x20 [ 25.282154][ C0] ? ttwu_queue+0x243/0x380 [ 25.286656][ C0] ? refcount_dec_not_one+0x158/0x1e0 [ 25.292027][ C0] ? _raw_spin_lock_irqsave+0xda/0x1c0 [ 25.297534][ C0] ? _raw_spin_lock+0x170/0x170 [ 25.302401][ C0] slab_free_freelist_hook+0xd0/0x150 [ 25.307773][ C0] ? rcu_core+0xb30/0x1270 [ 25.312187][ C0] kmem_cache_free+0xac/0x5c0 [ 25.316861][ C0] ? __fput+0x6c0/0x6c0 [ 25.321010][ C0] ? __fput+0x6c0/0x6c0 [ 25.325163][ C0] rcu_core+0xb30/0x1270 [ 25.329406][ C0] ? rcu_cpu_kthread_park+0x70/0x70 [ 25.334603][ C0] ? _raw_spin_unlock_irq+0x5/0x20 [ 25.339711][ C0] ? finish_task_switch+0x235/0x4c0 [ 25.344910][ C0] ? rcu_rnp_online_cpus+0x30/0x30 [ 25.350021][ C0] ? __schedule+0x8ae/0xe30 [ 25.354519][ C0] __do_softirq+0x22e/0x569 [ 25.359019][ C0] ? ksoftirqd_should_run+0x10/0x10 [ 25.364214][ C0] run_ksoftirqd+0x13/0x20 [ 25.368625][ C0] smpboot_thread_fn+0x4f2/0x880 [ 25.373562][ C0] ? cpu_report_death+0x110/0x110 [ 25.378585][ C0] ? schedule+0x13b/0x1d0 [ 25.382923][ C0] ? __kthread_parkme+0x176/0x1b0 [ 25.387953][ C0] kthread+0x317/0x340 [ 25.392020][ C0] ? cpu_report_death+0x110/0x110 [ 25.397034][ C0] ? kthread_destroy_worker+0x270/0x270 [ 25.402553][ C0] ret_from_fork+0x1f/0x30 [ 25.406969][ C0] [ 25.409373][ C0] Allocated by task 3449: [ 25.413705][ C0] __kasan_kmalloc+0x117/0x1b0 [ 25.418472][ C0] kmem_cache_alloc+0x1d5/0x250 [ 25.423300][ C0] __alloc_file+0x26/0x390 [ 25.427687][ C0] alloc_empty_file+0xa9/0x1b0 [ 25.432417][ C0] alloc_file+0x58/0x4b0 [ 25.436651][ C0] alloc_file_pseudo+0x25b/0x310 [ 25.441559][ C0] anon_inode_getfile+0xa7/0x170 [ 25.446484][ C0] anon_inode_getfd+0x3e/0x80 [ 25.451264][ C0] do_eventfd+0x16b/0x250 [ 25.455577][ C0] __x64_sys_eventfd+0x35/0x40 [ 25.460326][ C0] do_syscall_64+0xcb/0x150 [ 25.464800][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 25.470660][ C0] [ 25.472958][ C0] Freed by task 16: [ 25.476751][ C0] __kasan_slab_free+0x168/0x220 [ 25.481672][ C0] slab_free_freelist_hook+0xd0/0x150 [ 25.487010][ C0] kmem_cache_free+0xac/0x5c0 [ 25.491686][ C0] rcu_core+0xb30/0x1270 [ 25.495903][ C0] __do_softirq+0x22e/0x569 [ 25.500370][ C0] [ 25.502685][ C0] The buggy address belongs to the object at ffff8881d74c5140 [ 25.502685][ C0] which belongs to the cache filp of size 256 [ 25.516117][ C0] The buggy address is located 0 bytes inside of [ 25.516117][ C0] 256-byte region [ffff8881d74c5140, ffff8881d74c5240) [ 25.529197][ C0] The buggy address belongs to the page: [ 25.534800][ C0] page:ffffea00075d3140 refcount:1 mapcount:0 mapping:ffff8881da8efb80 index:0x0 [ 25.543881][ C0] flags: 0x8000000000000200(slab) [ 25.548876][ C0] raw: 8000000000000200 ffffea00071b4500 0000000200000002 ffff8881da8efb80 [ 25.557430][ C0] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 [ 25.565982][ C0] page dumped because: kasan: bad access detected [ 25.572374][ C0] [ 25.574680][ C0] Memory state around the buggy address: [ 25.580284][ C0] ffff8881d74c5000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.588315][ C0] ffff8881d74c5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.596348][ C0] >ffff8881d74c5100: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 25.604390][ C0] ^ [ 25.610529][ C0] ffff8881d74c5180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.618559][ C0] ffff8881d74c5200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.626585][ C0] ================================================================== s / 1min 30s)[ 25.678823][ C0] Kernel panic - not syncing: CRED: put_cred_rcu() sees 00000000111a95ef with usage -1 [ 25.688486][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Tainted: G B 5.4.63-syzkaller-01128-g0ef1db7b69dd #0 [ 25.699408][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.709460][ C0] Call Trace: [ 25.712754][ C0] dump_stack+0x1b0/0x21e [ 25.717077][ C0] ? devkmsg_release+0x11c/0x11c [ 25.722002][ C0] ? show_regs_print_info+0x12/0x12 [ 25.727190][ C0] panic+0x26c/0x710 [ 25.731078][ C0] ? nmi_panic+0x90/0x90 [ 25.735315][ C0] ? rcu_core+0xb30/0x1270 [ 25.739724][ C0] ? kmem_cache_free+0xac/0x5c0 [ 25.744563][ C0] put_cred_rcu+0x243/0x250 [ 25.749067][ C0] ? atomic_read+0x50/0x50 [ 25.753487][ C0] rcu_core+0xb30/0x1270 [ 25.757733][ C0] ? rcu_cpu_kthread_park+0x70/0x70 [ 25.762916][ C0] ? _raw_spin_unlock_irq+0x5/0x20 [ 25.768017][ C0] ? finish_task_switch+0x235/0x4c0 [ 25.773207][ C0] ? rcu_rnp_online_cpus+0x30/0x30 [ 25.778307][ C0] ? __schedule+0x8ae/0xe30 [ 25.782799][ C0] __do_softirq+0x22e/0x569 [ 25.787290][ C0] ? ksoftirqd_should_run+0x10/0x10 [ 25.792499][ C0] run_ksoftirqd+0x13/0x20 [ 25.796894][ C0] smpboot_thread_fn+0x4f2/0x880 [ 25.801823][ C0] ? cpu_report_death+0x110/0x110 [ 25.806836][ C0] ? schedule+0x13b/0x1d0 [ 25.811154][ C0] ? __kthread_parkme+0x176/0x1b0 [ 25.816165][ C0] kthread+0x317/0x340 [ 25.820232][ C0] ? cpu_report_death+0x110/0x110 [ 25.825274][ C0] ? kthread_destroy_worker+0x270/0x270 [ 25.830810][ C0] ret_from_fork+0x1f/0x30 [ 25.835599][ C0] Kernel Offset: disabled [ 25.839908][ C0] Rebooting in 86400 seconds..