[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.150329] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.780909] random: sshd: uninitialized urandom read (32 bytes read) [ 30.082255] random: sshd: uninitialized urandom read (32 bytes read) [ 30.703659] random: sshd: uninitialized urandom read (32 bytes read) [ 172.541653] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. [ 178.204209] random: sshd: uninitialized urandom read (32 bytes read) 2018/09/22 19:03:50 parsed 1 programs [ 179.520002] random: cc1: uninitialized urandom read (8 bytes read) 2018/09/22 19:03:52 executed programs: 0 [ 181.067373] IPVS: ftp: loaded support on port[0] = 21 [ 181.069170] IPVS: ftp: loaded support on port[0] = 21 [ 181.082676] IPVS: ftp: loaded support on port[0] = 21 [ 181.085881] IPVS: ftp: loaded support on port[0] = 21 [ 181.093477] IPVS: ftp: loaded support on port[0] = 21 [ 181.095333] IPVS: ftp: loaded support on port[0] = 21 [ 181.932315] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.939060] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.947166] device bridge_slave_0 entered promiscuous mode [ 181.975842] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.991758] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.998862] device bridge_slave_0 entered promiscuous mode [ 182.014447] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.021517] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.028459] device bridge_slave_0 entered promiscuous mode [ 182.036533] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.043121] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.051148] device bridge_slave_1 entered promiscuous mode [ 182.060006] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.066635] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.073889] device bridge_slave_0 entered promiscuous mode [ 182.081969] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.088316] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.095696] device bridge_slave_0 entered promiscuous mode [ 182.102929] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.109273] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.117291] device bridge_slave_0 entered promiscuous mode [ 182.126757] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.133391] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.140456] device bridge_slave_1 entered promiscuous mode [ 182.148961] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.157821] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.164941] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.172624] device bridge_slave_1 entered promiscuous mode [ 182.179112] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.187294] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.194695] device bridge_slave_1 entered promiscuous mode [ 182.201382] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.207739] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.215154] device bridge_slave_1 entered promiscuous mode [ 182.222824] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.234240] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.242545] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.251748] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.267373] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.274334] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.282813] device bridge_slave_1 entered promiscuous mode [ 182.291082] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.298408] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.307581] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.326596] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.346172] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.367579] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.381519] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.390891] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.458762] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.470104] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.485894] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.506770] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.530803] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.544797] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.560700] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.573467] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.593554] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.609889] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.645456] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.683499] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.690752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.713708] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.722289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.734020] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 182.744833] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.763902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.780656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.797473] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.806350] team0: Port device team_slave_0 added [ 182.825318] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.849932] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.870254] team0: Port device team_slave_0 added [ 182.875893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.913250] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.929923] team0: Port device team_slave_1 added [ 182.955913] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.970412] team0: Port device team_slave_1 added [ 182.999857] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.020019] team0: Port device team_slave_0 added [ 183.027829] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.039233] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.051327] team0: Port device team_slave_0 added [ 183.057645] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.070203] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.081953] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.089327] team0: Port device team_slave_0 added [ 183.103322] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.112165] team0: Port device team_slave_1 added [ 183.117542] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.129107] team0: Port device team_slave_0 added [ 183.134657] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.143990] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 183.159513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.174065] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.183706] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.192862] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.207056] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.215874] team0: Port device team_slave_1 added [ 183.225383] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.235791] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.243830] team0: Port device team_slave_1 added [ 183.249180] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.259736] team0: Port device team_slave_1 added [ 183.266815] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.281968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.291586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.309969] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.330673] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.364801] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.375879] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.384827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.392892] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.400987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.408537] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.422672] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.431907] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.442084] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.451266] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.465157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.473798] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.482214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.497970] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.507896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.518797] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.532482] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.542705] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.554540] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.573071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.585967] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.594672] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.602482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.610174] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.623864] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.636538] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.644239] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.658520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.667089] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.675316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.685225] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.698660] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.715483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.727553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.741079] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.751696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.786265] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.808194] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.821432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.318853] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.325389] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.332343] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.338735] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.347818] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.355829] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.362256] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.368908] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.375337] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.384197] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.460098] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.466582] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.473341] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.479700] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.488647] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.546595] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.553035] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.559676] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.566097] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.577797] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.584896] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.591318] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.597970] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.604411] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.614825] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.671484] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.677879] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.684600] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.691008] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.703783] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.713500] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.721448] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.728624] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.736701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.745005] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.752476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.150594] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.221471] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.233789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.243790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.388291] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.406947] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.474668] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.493760] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.517880] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.543481] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.608857] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.649361] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.662004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.672941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.752777] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.761988] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.768227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.785326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.879341] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.893983] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.905799] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.912228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.929519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.941392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.948378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.962739] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.983614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.991651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.034293] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.052954] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 188.061704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.069902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.179942] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.206387] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.259603] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.290714] 8021q: adding VLAN 0 to HW filter on device team0 2018/09/22 19:04:01 executed programs: 6 2018/09/22 19:04:06 executed programs: 141 [ 195.698366] ================================================================== [ 195.705913] BUG: KASAN: use-after-free in fuse_dev_do_read.isra.27+0x1659/0x1920 [ 195.713445] Read of size 8 at addr ffff8801d8702630 by task syz-executor1/7794 [ 195.720805] [ 195.722438] CPU: 0 PID: 7794 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #26 [ 195.729604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.738947] Call Trace: [ 195.741556] dump_stack+0x1c4/0x2b4 [ 195.745173] ? dump_stack_print_info.cold.2+0x52/0x52 [ 195.750353] ? printk+0xa7/0xcf [ 195.753631] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 195.758388] print_address_description.cold.8+0x9/0x1ff [ 195.763769] kasan_report.cold.9+0x242/0x309 [ 195.768188] ? fuse_dev_do_read.isra.27+0x1659/0x1920 [ 195.773384] __asan_report_load8_noabort+0x14/0x20 [ 195.778307] fuse_dev_do_read.isra.27+0x1659/0x1920 [ 195.783317] ? fuse_dev_release+0x780/0x780 [ 195.787628] ? mntput_no_expire+0x1e6/0xc00 [ 195.791956] ? futex_wait_setup+0x3e0/0x3e0 [ 195.796281] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 195.801476] ? drop_futex_key_refs.isra.15+0x6d/0xe0 [ 195.806584] ? futex_wake+0x304/0x760 [ 195.810389] ? find_held_lock+0x36/0x1c0 [ 195.814443] ? __fget+0x4aa/0x740 [ 195.817906] ? check_preemption_disabled+0x48/0x200 [ 195.822915] ? kasan_check_read+0x11/0x20 [ 195.827054] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 195.832319] ? rcu_bh_qs+0xc0/0xc0 [ 195.835854] ? memset+0x31/0x40 [ 195.839126] fuse_dev_read+0x1a9/0x250 [ 195.843024] ? fuse_dev_splice_read+0x840/0x840 [ 195.847706] ? trace_hardirqs_off+0xb8/0x310 [ 195.852120] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.857645] ? iov_iter_init+0xc2/0x1e0 [ 195.861608] __vfs_read+0x6ac/0x9b0 [ 195.865226] ? vfs_copy_file_range+0xb90/0xb90 [ 195.869816] ? check_preemption_disabled+0x48/0x200 [ 195.874822] ? fsnotify+0x1330/0x1330 [ 195.878622] ? rw_verify_area+0x118/0x360 [ 195.882767] vfs_read+0x17f/0x3c0 [ 195.886211] ksys_read+0x101/0x260 [ 195.889766] ? kernel_write+0x120/0x120 [ 195.893746] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 195.899182] ? ksys_mount+0xa8/0x140 [ 195.902887] __x64_sys_read+0x73/0xb0 [ 195.906677] do_syscall_64+0x1b9/0x820 [ 195.910556] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 195.915909] ? syscall_return_slowpath+0x5e0/0x5e0 [ 195.920833] ? trace_hardirqs_on_caller+0x310/0x310 [ 195.925841] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 195.930862] ? recalc_sigpending_tsk+0x180/0x180 [ 195.935603] ? kasan_check_write+0x14/0x20 [ 195.939830] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 195.944666] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.949840] RIP: 0033:0x457679 [ 195.953019] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.971922] RSP: 002b:00007f6a5aeedc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 195.979637] RAX: ffffffffffffffda RBX: 00007f6a5aeee6d4 RCX: 0000000000457679 [ 195.986897] RDX: 0000000000001000 RSI: 0000000020001000 RDI: 0000000000000003 [ 195.994151] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 196.001407] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 196.008675] R13: 00000000004d4ad0 R14: 00000000004c31e5 R15: 0000000000000000 [ 196.015937] [ 196.017550] Allocated by task 7801: [ 196.021164] save_stack+0x43/0xd0 [ 196.024603] kasan_kmalloc+0xc7/0xe0 [ 196.028305] kasan_slab_alloc+0x12/0x20 [ 196.032269] kmem_cache_alloc+0x12e/0x730 [ 196.036402] __fuse_request_alloc+0x27/0xf0 [ 196.040720] fuse_request_alloc+0x18/0x20 [ 196.044884] fuse_fill_super+0x12bf/0x1ea0 [ 196.049105] mount_nodev+0x6b/0x110 [ 196.052716] fuse_mount+0x2c/0x40 [ 196.056171] mount_fs+0xae/0x31d [ 196.059541] vfs_kern_mount.part.35+0xdc/0x4f0 [ 196.064110] do_mount+0x581/0x31f0 [ 196.067642] ksys_mount+0x12d/0x140 [ 196.071270] __x64_sys_mount+0xbe/0x150 [ 196.075232] do_syscall_64+0x1b9/0x820 [ 196.079107] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.084276] [ 196.085888] Freed by task 7801: [ 196.089158] save_stack+0x43/0xd0 [ 196.092600] __kasan_slab_free+0x102/0x150 [ 196.096820] kasan_slab_free+0xe/0x10 [ 196.100608] kmem_cache_free+0x83/0x290 [ 196.104571] fuse_request_free+0x8b/0xa0 [ 196.108617] fuse_put_request+0x2a6/0x350 [ 196.112768] request_end+0xba/0xaa0 [ 196.116396] fuse_dev_do_write+0x192e/0x36e0 [ 196.120790] fuse_dev_write+0x19a/0x240 [ 196.124760] __vfs_write+0x6b8/0x9f0 [ 196.128460] vfs_write+0x1fc/0x560 [ 196.131997] ksys_write+0x101/0x260 [ 196.135612] __x64_sys_write+0x73/0xb0 [ 196.139485] do_syscall_64+0x1b9/0x820 [ 196.143360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.148548] [ 196.150161] The buggy address belongs to the object at ffff8801d8702600 [ 196.150161] which belongs to the cache fuse_request of size 448 [ 196.162897] The buggy address is located 48 bytes inside of [ 196.162897] 448-byte region [ffff8801d8702600, ffff8801d87027c0) [ 196.174676] The buggy address belongs to the page: [ 196.179635] page:ffffea000761c080 count:1 mapcount:0 mapping:ffff8801d4a0e240 index:0x0 [ 196.187770] flags: 0x2fffc0000000100(slab) [ 196.191994] raw: 02fffc0000000100 ffffea0006ec0e88 ffffea0006ee91c8 ffff8801d4a0e240 [ 196.199879] raw: 0000000000000000 ffff8801d8702000 0000000100000008 0000000000000000 [ 196.207748] page dumped because: kasan: bad access detected [ 196.213442] [ 196.215066] Memory state around the buggy address: [ 196.219981] ffff8801d8702500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 196.227326] ffff8801d8702580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 196.234669] >ffff8801d8702600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 196.242010] ^ [ 196.246925] ffff8801d8702680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 196.254269] ffff8801d8702700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 196.261626] ================================================================== [ 196.268992] Disabling lock debugging due to kernel taint [ 196.276246] Kernel panic - not syncing: panic_on_warn set ... [ 196.276246] [ 196.280762] kobject: '0:44' (00000000687ef57c): kobject_uevent_env [ 196.283633] CPU: 0 PID: 7794 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #26 [ 196.289961] kobject: '0:44' (00000000687ef57c): fill_kobj_path: path = '/devices/virtual/bdi/0:44' [ 196.298496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.298501] Call Trace: [ 196.298520] dump_stack+0x1c4/0x2b4 [ 196.298535] ? dump_stack_print_info.cold.2+0x52/0x52 [ 196.298555] panic+0x238/0x4e7 [ 196.298567] ? add_taint.cold.5+0x16/0x16 [ 196.298585] ? preempt_schedule+0x4d/0x60 [ 196.298601] ? ___preempt_schedule+0x16/0x18 [ 196.298616] ? trace_hardirqs_on+0xb4/0x310 [ 196.298634] kasan_end_report+0x47/0x4f [ 196.298646] kasan_report.cold.9+0x76/0x309 [ 196.298662] ? fuse_dev_do_read.isra.27+0x1659/0x1920 [ 196.298679] __asan_report_load8_noabort+0x14/0x20 [ 196.312790] kobject: '0:44' (00000000687ef57c): kobject_cleanup, parent (null) [ 196.317114] fuse_dev_do_read.isra.27+0x1659/0x1920 [ 196.317139] ? fuse_dev_release+0x780/0x780 [ 196.319774] kobject: '0:44' (00000000687ef57c): calling ktype release [ 196.323351] ? mntput_no_expire+0x1e6/0xc00 [ 196.323371] ? futex_wait_setup+0x3e0/0x3e0 [ 196.323387] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 196.323405] ? drop_futex_key_refs.isra.15+0x6d/0xe0 [ 196.323422] ? futex_wake+0x304/0x760 [ 196.330676] kobject: '0:44': free name [ 196.331796] ? find_held_lock+0x36/0x1c0 [ 196.331814] ? __fget+0x4aa/0x740 [ 196.337946] kobject: 'loop0' (0000000035128951): kobject_uevent_env [ 196.340088] ? check_preemption_disabled+0x48/0x200 [ 196.340103] ? kasan_check_read+0x11/0x20 [ 196.340124] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 196.347272] kobject: 'loop0' (0000000035128951): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 196.348830] ? rcu_bh_qs+0xc0/0xc0 [ 196.348857] ? memset+0x31/0x40 [ 196.379434] kobject: '0:44' (00000000a251f2b3): kobject_add_internal: parent: 'bdi', set: 'devices' [ 196.380450] fuse_dev_read+0x1a9/0x250 [ 196.380466] ? fuse_dev_splice_read+0x840/0x840 [ 196.380489] ? trace_hardirqs_off+0xb8/0x310 [ 196.380504] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.380524] ? iov_iter_init+0xc2/0x1e0 [ 196.385144] kobject: '0:44' (00000000a251f2b3): kobject_uevent_env [ 196.391421] __vfs_read+0x6ac/0x9b0 [ 196.391439] ? vfs_copy_file_range+0xb90/0xb90 [ 196.391452] ? check_preemption_disabled+0x48/0x200 [ 196.391467] ? fsnotify+0x1330/0x1330 [ 196.391491] ? rw_verify_area+0x118/0x360 [ 196.396512] kobject: '0:44' (00000000a251f2b3): fill_kobj_path: path = '/devices/virtual/bdi/0:44' [ 196.400112] vfs_read+0x17f/0x3c0 [ 196.400130] ksys_read+0x101/0x260 [ 196.400147] ? kernel_write+0x120/0x120 [ 196.456266] kobject: '0:51' (000000003eee3a12): kobject_add_internal: parent: 'bdi', set: 'devices' [ 196.459231] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 196.459245] ? ksys_mount+0xa8/0x140 [ 196.459264] __x64_sys_read+0x73/0xb0 [ 196.462872] kobject: '0:51' (000000003eee3a12): kobject_uevent_env [ 196.471732] do_syscall_64+0x1b9/0x820 [ 196.471755] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 196.471770] ? syscall_return_slowpath+0x5e0/0x5e0 [ 196.471785] ? trace_hardirqs_on_caller+0x310/0x310 [ 196.471804] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 196.476329] kobject: '0:51' (000000003eee3a12): fill_kobj_path: path = '/devices/virtual/bdi/0:51' [ 196.480344] ? recalc_sigpending_tsk+0x180/0x180 [ 196.480358] ? kasan_check_write+0x14/0x20 [ 196.480377] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 196.616994] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.622168] RIP: 0033:0x457679 [ 196.625347] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.644231] RSP: 002b:00007f6a5aeedc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 196.651928] RAX: ffffffffffffffda RBX: 00007f6a5aeee6d4 RCX: 0000000000457679 [ 196.659180] RDX: 0000000000001000 RSI: 0000000020001000 RDI: 0000000000000003 [ 196.666431] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 196.673682] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 196.680935] R13: 00000000004d4ad0 R14: 00000000004c31e5 R15: 0000000000000000 [ 196.689241] Kernel Offset: disabled [ 196.692869] Rebooting in 86400 seconds..