[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 27.242477] kauditd_printk_skb: 7 callbacks suppressed [ 27.242489] audit: type=1800 audit(1541820092.058:29): pid=5550 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 27.267792] audit: type=1800 audit(1541820092.068:30): pid=5550 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts. 2018/11/10 03:22:03 parsed 1 programs 2018/11/10 03:22:05 executed programs: 0 syzkaller login: [ 61.032819] IPVS: ftp: loaded support on port[0] = 21 [ 61.052308] IPVS: ftp: loaded support on port[0] = 21 [ 61.053531] IPVS: ftp: loaded support on port[0] = 21 [ 61.070552] IPVS: ftp: loaded support on port[0] = 21 [ 61.071536] IPVS: ftp: loaded support on port[0] = 21 [ 61.101682] IPVS: ftp: loaded support on port[0] = 21 [ 61.862703] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.877357] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.884550] device bridge_slave_0 entered promiscuous mode [ 61.905039] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.913047] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.920809] device bridge_slave_0 entered promiscuous mode [ 61.928253] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.934601] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.942011] device bridge_slave_0 entered promiscuous mode [ 61.949612] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.955961] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.963810] device bridge_slave_0 entered promiscuous mode [ 61.971832] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.978333] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.985281] device bridge_slave_1 entered promiscuous mode [ 61.993492] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.001106] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.008304] device bridge_slave_0 entered promiscuous mode [ 62.023187] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.030673] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.041239] device bridge_slave_1 entered promiscuous mode [ 62.049567] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.056000] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.063945] device bridge_slave_1 entered promiscuous mode [ 62.071515] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 62.080207] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.090508] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.098084] device bridge_slave_1 entered promiscuous mode [ 62.105593] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 62.114880] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.122781] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.130093] device bridge_slave_0 entered promiscuous mode [ 62.137862] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 62.147234] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 62.154362] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 62.161401] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.176867] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.185551] device bridge_slave_1 entered promiscuous mode [ 62.193836] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 62.203565] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 62.233118] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.242444] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.256161] device bridge_slave_1 entered promiscuous mode [ 62.265413] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 62.276865] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 62.344486] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 62.369371] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 62.385910] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 62.400216] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 62.422662] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 62.439313] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 62.466854] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 62.486515] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 62.499486] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 62.536134] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 62.595908] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 62.620886] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 62.641358] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 62.649076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.660447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.684710] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 62.696809] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 62.707499] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 62.716799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.726955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.739344] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 62.752828] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 62.762932] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 62.783869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.792145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.802022] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 62.821800] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 62.839886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.857213] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 62.880786] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 62.902368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.917927] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 62.925497] team0: Port device team_slave_0 added [ 62.946579] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 62.974064] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.987509] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 63.018034] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 63.025429] team0: Port device team_slave_0 added [ 63.045618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.059393] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 63.079169] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 63.088337] team0: Port device team_slave_0 added [ 63.094535] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.112700] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 63.120721] team0: Port device team_slave_1 added [ 63.129140] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 63.137301] team0: Port device team_slave_0 added [ 63.145356] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 63.153210] team0: Port device team_slave_1 added [ 63.174201] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 63.183099] team0: Port device team_slave_1 added [ 63.197980] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 63.209152] team0: Port device team_slave_1 added [ 63.239717] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.273888] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.287121] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.308240] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.320449] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 63.328122] team0: Port device team_slave_0 added [ 63.341612] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.355346] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.370664] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.380035] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 63.389182] team0: Port device team_slave_0 added [ 63.394682] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 63.405538] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 63.419519] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 63.428965] team0: Port device team_slave_1 added [ 63.436059] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.453519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.462117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.470315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.480719] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.493950] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 63.504317] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 63.515047] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 63.525384] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.540708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.552990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.561718] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.569695] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.577826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.585870] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 63.593565] team0: Port device team_slave_1 added [ 63.601113] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 63.612050] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 63.627965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.635953] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.652363] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.661713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.670284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.689176] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 63.703019] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 63.717149] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 63.724342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.742350] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.755927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 63.764312] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.772156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.780245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.796094] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 63.816190] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.842627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.861432] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 63.878512] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.888825] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.908297] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 63.925618] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 63.954668] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.968268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.976103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.987924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.010534] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 64.033708] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.044992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.435160] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.441712] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.448699] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.455065] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.468948] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 64.542024] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.548460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.555160] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.561589] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.577191] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 64.645894] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.652421] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.659138] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.665481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.673397] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 64.680587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.688461] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.695677] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.775113] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.781602] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.788337] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.794709] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.804328] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 64.815770] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.822199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.828917] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.835291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.847842] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 64.857767] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.864134] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.870867] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.877272] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.893102] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 65.726368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.746701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.758624] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 67.270680] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.376954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.481670] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 67.526966] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.576615] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.585873] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.605777] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 67.739920] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.787902] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 67.796816] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 67.813855] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 67.821225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 67.837180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.845317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 67.852799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.888705] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 67.947028] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 68.029170] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 68.056768] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 68.063297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.071609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.084660] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.099102] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.185348] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 68.201615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.220166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.248667] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 68.257713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.265087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.302473] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.349556] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 68.355706] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.363715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.447359] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.521161] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.667501] 8021q: adding VLAN 0 to HW filter on device team0 2018/11/10 03:22:14 executed programs: 6 2018/11/10 03:22:19 executed programs: 189 2018/11/10 03:22:24 executed programs: 382 2018/11/10 03:22:29 executed programs: 568 2018/11/10 03:22:34 executed programs: 760 2018/11/10 03:22:39 executed programs: 961 [ 98.528098] ================================================================== [ 98.535770] BUG: KASAN: use-after-free in task_is_descendant.part.3+0x610/0x670 [ 98.543233] Read of size 8 at addr ffff8801c430a9e0 by task syz-executor5/12431 [ 98.550676] [ 98.552309] CPU: 0 PID: 12431 Comm: syz-executor5 Not tainted 4.20.0-rc1+ #328 [ 98.559658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 98.569018] Call Trace: [ 98.571624] dump_stack+0x244/0x39d [ 98.575269] ? dump_stack_print_info.cold.1+0x20/0x20 [ 98.580461] ? printk+0xa7/0xcf [ 98.583728] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 98.588493] print_address_description.cold.7+0x9/0x1ff [ 98.593873] kasan_report.cold.8+0x242/0x309 [ 98.598290] ? task_is_descendant.part.3+0x610/0x670 [ 98.603386] __asan_report_load8_noabort+0x14/0x20 [ 98.608315] task_is_descendant.part.3+0x610/0x670 [ 98.613248] ? yama_relation_cleanup+0x500/0x500 [ 98.618005] ? check_preemption_disabled+0x48/0x280 [ 98.623038] ? kasan_check_read+0x11/0x20 [ 98.627188] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 98.632452] ? rcu_softirq_qs+0x20/0x20 [ 98.636424] ? find_held_lock+0x36/0x1c0 [ 98.640513] yama_ptrace_access_check+0x215/0x10fc [ 98.645435] ? check_preemption_disabled+0x48/0x280 [ 98.650454] ? task_is_descendant.part.3+0x670/0x670 [ 98.655551] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 98.660469] ? kasan_check_read+0x11/0x20 [ 98.664606] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 98.669869] ? rcu_softirq_qs+0x20/0x20 [ 98.673842] ? cap_ptrace_access_check+0x2cc/0x6b0 [ 98.678778] ? __ptrace_may_access+0x4b0/0x980 [ 98.683378] ? cap_ptrace_traceme+0x6b0/0x6b0 [ 98.687877] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 98.693056] ? kasan_check_read+0x11/0x20 [ 98.697203] ? rcu_softirq_qs+0x20/0x20 [ 98.701200] security_ptrace_access_check+0x54/0xb0 [ 98.706229] __ptrace_may_access+0x5c8/0x980 [ 98.710639] ? ptrace_setsiginfo+0x1a0/0x1a0 [ 98.715043] ? rcu_softirq_qs+0x20/0x20 [ 98.719023] ptrace_attach+0x1fa/0x640 [ 98.722907] __x64_sys_ptrace+0x229/0x260 [ 98.727065] do_syscall_64+0x1b9/0x820 [ 98.730972] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 98.736345] ? syscall_return_slowpath+0x5e0/0x5e0 [ 98.741278] ? trace_hardirqs_on_caller+0x310/0x310 [ 98.746295] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 98.751315] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 98.757986] ? __switch_to_asm+0x40/0x70 [ 98.762048] ? __switch_to_asm+0x34/0x70 [ 98.766100] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 98.770939] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.776123] RIP: 0033:0x457569 [ 98.779331] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 98.798257] RSP: 002b:00007f174dbc1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000065 [ 98.805965] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 98.813218] RDX: 0000000000000000 RSI: 000000000000039f RDI: 0000000000004206 [ 98.820480] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 98.827748] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f174dbc26d4 [ 98.835020] R13: 00000000004c33bd R14: 00000000004d50e0 R15: 00000000ffffffff [ 98.842305] [ 98.843933] Allocated by task 5735: [ 98.847548] save_stack+0x43/0xd0 [ 98.850990] kasan_kmalloc+0xc7/0xe0 [ 98.854699] kasan_slab_alloc+0x12/0x20 [ 98.858679] kmem_cache_alloc_node+0x144/0x730 [ 98.863261] copy_process+0x2026/0x87a0 [ 98.867228] _do_fork+0x1cb/0x11d0 [ 98.870775] __x64_sys_clone+0xbf/0x150 [ 98.874752] do_syscall_64+0x1b9/0x820 [ 98.878651] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.883849] [ 98.885463] Freed by task 9: [ 98.888477] save_stack+0x43/0xd0 [ 98.891943] __kasan_slab_free+0x102/0x150 [ 98.896177] kasan_slab_free+0xe/0x10 [ 98.899967] kmem_cache_free+0x83/0x290 [ 98.903926] free_task+0x16e/0x1f0 [ 98.907452] __put_task_struct+0x2e6/0x620 [ 98.911682] delayed_put_task_struct+0x2ff/0x4c0 [ 98.916425] rcu_process_callbacks+0x100a/0x1ac0 [ 98.921167] __do_softirq+0x308/0xb7e [ 98.924952] [ 98.926582] The buggy address belongs to the object at ffff8801c430a500 [ 98.926582] which belongs to the cache task_struct(65:syz5) of size 6080 [ 98.940107] The buggy address is located 1248 bytes inside of [ 98.940107] 6080-byte region [ffff8801c430a500, ffff8801c430bcc0) [ 98.952141] The buggy address belongs to the page: [ 98.957067] page:ffffea000710c280 count:1 mapcount:0 mapping:ffff8801bc810ac0 index:0x0 compound_mapcount: 0 [ 98.967033] flags: 0x2fffc0000010200(slab|head) [ 98.971701] raw: 02fffc0000010200 ffffea00069be488 ffffea000713a808 ffff8801bc810ac0 [ 98.979578] raw: 0000000000000000 ffff8801c430a500 0000000100000001 ffff8801ca1e06c0 [ 98.987441] page dumped because: kasan: bad access detected [ 98.993164] page->mem_cgroup:ffff8801ca1e06c0 [ 98.997659] [ 98.999283] Memory state around the buggy address: [ 99.004206] ffff8801c430a880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.011566] ffff8801c430a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.018913] >ffff8801c430a980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.026260] ^ [ 99.032746] ffff8801c430aa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.040118] ffff8801c430aa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.047463] ================================================================== [ 99.054811] Disabling lock debugging due to kernel taint [ 99.060488] Kernel panic - not syncing: panic_on_warn set ... [ 99.066389] CPU: 0 PID: 12431 Comm: syz-executor5 Tainted: G B 4.20.0-rc1+ #328 [ 99.075139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 99.084486] Call Trace: [ 99.087060] dump_stack+0x244/0x39d [ 99.090692] ? dump_stack_print_info.cold.1+0x20/0x20 [ 99.095892] panic+0x2ad/0x55c [ 99.099084] ? add_taint.cold.5+0x16/0x16 [ 99.103223] ? trace_hardirqs_on+0xb4/0x310 [ 99.107532] kasan_end_report+0x47/0x4f [ 99.111492] kasan_report.cold.8+0x76/0x309 [ 99.115817] ? task_is_descendant.part.3+0x610/0x670 [ 99.120924] __asan_report_load8_noabort+0x14/0x20 [ 99.125850] task_is_descendant.part.3+0x610/0x670 [ 99.130804] ? yama_relation_cleanup+0x500/0x500 [ 99.135572] ? check_preemption_disabled+0x48/0x280 [ 99.140588] ? kasan_check_read+0x11/0x20 [ 99.144720] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 99.149995] ? rcu_softirq_qs+0x20/0x20 [ 99.153974] ? find_held_lock+0x36/0x1c0 [ 99.158025] yama_ptrace_access_check+0x215/0x10fc [ 99.162939] ? check_preemption_disabled+0x48/0x280 [ 99.167942] ? task_is_descendant.part.3+0x670/0x670 [ 99.173032] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 99.177944] ? kasan_check_read+0x11/0x20 [ 99.182078] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 99.187340] ? rcu_softirq_qs+0x20/0x20 [ 99.191310] ? cap_ptrace_access_check+0x2cc/0x6b0 [ 99.196236] ? __ptrace_may_access+0x4b0/0x980 [ 99.200818] ? cap_ptrace_traceme+0x6b0/0x6b0 [ 99.205305] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 99.210225] ? kasan_check_read+0x11/0x20 [ 99.214358] ? rcu_softirq_qs+0x20/0x20 [ 99.218324] security_ptrace_access_check+0x54/0xb0 [ 99.223342] __ptrace_may_access+0x5c8/0x980 [ 99.227770] ? ptrace_setsiginfo+0x1a0/0x1a0 [ 99.232190] ? rcu_softirq_qs+0x20/0x20 [ 99.236175] ptrace_attach+0x1fa/0x640 [ 99.240076] __x64_sys_ptrace+0x229/0x260 [ 99.244224] do_syscall_64+0x1b9/0x820 [ 99.248098] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 99.253457] ? syscall_return_slowpath+0x5e0/0x5e0 [ 99.258417] ? trace_hardirqs_on_caller+0x310/0x310 [ 99.263439] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 99.268463] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 99.275140] ? __switch_to_asm+0x40/0x70 [ 99.279188] ? __switch_to_asm+0x34/0x70 [ 99.283248] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 99.288093] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 99.293272] RIP: 0033:0x457569 [ 99.296453] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 99.315359] RSP: 002b:00007f174dbc1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000065 [ 99.323066] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 99.330331] RDX: 0000000000000000 RSI: 000000000000039f RDI: 0000000000004206 [ 99.337590] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 99.344852] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f174dbc26d4 [ 99.352132] R13: 00000000004c33bd R14: 00000000004d50e0 R15: 00000000ffffffff [ 99.360437] Kernel Offset: disabled [ 99.364061] Rebooting in 86400 seconds..