[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 35.130458] audit: type=1800 audit(1538941286.612:25): pid=5645 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 35.149675] audit: type=1800 audit(1538941286.612:26): pid=5645 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 35.181639] audit: type=1800 audit(1538941286.612:27): pid=5645 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. 2018/10/07 19:42:19 parsed 1 programs 2018/10/07 19:42:21 executed programs: 0 syzkaller login: [ 90.486468] IPVS: ftp: loaded support on port[0] = 21 [ 90.610818] IPVS: ftp: loaded support on port[0] = 21 [ 90.614229] IPVS: ftp: loaded support on port[0] = 21 [ 90.622530] IPVS: ftp: loaded support on port[0] = 21 [ 90.632199] IPVS: ftp: loaded support on port[0] = 21 [ 90.636689] IPVS: ftp: loaded support on port[0] = 21 [ 91.243975] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.253739] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.261667] device bridge_slave_0 entered promiscuous mode [ 91.315595] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.328128] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.335301] device bridge_slave_1 entered promiscuous mode [ 91.344415] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.352929] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.360010] device bridge_slave_0 entered promiscuous mode [ 91.386363] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.396341] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.403474] device bridge_slave_0 entered promiscuous mode [ 91.411644] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 91.420686] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.427045] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.435540] device bridge_slave_1 entered promiscuous mode [ 91.451473] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.457853] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.468624] device bridge_slave_0 entered promiscuous mode [ 91.482434] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.490749] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.497604] device bridge_slave_1 entered promiscuous mode [ 91.505362] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 91.514761] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 91.526253] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.533642] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.541440] device bridge_slave_0 entered promiscuous mode [ 91.550007] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.556360] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.564029] device bridge_slave_1 entered promiscuous mode [ 91.572504] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 91.581715] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 91.597648] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.605466] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.618377] device bridge_slave_0 entered promiscuous mode [ 91.626987] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.637333] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.644955] device bridge_slave_1 entered promiscuous mode [ 91.652456] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 91.661244] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 91.672338] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.682280] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.689909] device bridge_slave_1 entered promiscuous mode [ 91.706083] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 91.731904] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 91.754998] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 91.786786] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 91.810995] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 91.819584] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 91.830127] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 91.858781] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 91.886638] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 91.903383] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 91.939263] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 91.972160] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 91.980907] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 91.992010] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 92.003200] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 92.017036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 92.026821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 92.036783] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 92.046831] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 92.056341] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 92.064873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 92.075971] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 92.091801] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 92.101376] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 92.116814] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 92.130227] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 92.149384] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 92.181878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 92.189697] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 92.200067] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 92.207030] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 92.227159] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 92.237239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 92.252975] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 92.260989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 92.274229] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 92.295595] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 92.304142] team0: Port device team_slave_0 added [ 92.310286] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 92.323002] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 92.338747] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 92.348331] team0: Port device team_slave_0 added [ 92.353663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 92.379159] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 92.386480] team0: Port device team_slave_0 added [ 92.403849] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 92.417219] team0: Port device team_slave_1 added [ 92.433002] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 92.442720] team0: Port device team_slave_1 added [ 92.450625] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 92.457849] team0: Port device team_slave_1 added [ 92.474242] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 92.486928] team0: Port device team_slave_0 added [ 92.501106] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 92.511097] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 92.518849] team0: Port device team_slave_0 added [ 92.536128] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.548016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 92.563121] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 92.570464] team0: Port device team_slave_1 added [ 92.583236] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 92.595652] team0: Port device team_slave_0 added [ 92.603872] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 92.619051] team0: Port device team_slave_1 added [ 92.629003] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.636732] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 92.649730] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 92.656986] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 92.665418] team0: Port device team_slave_1 added [ 92.671623] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 92.687989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.696264] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 92.711422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 92.719616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 92.727821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 92.736396] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 92.744111] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 92.754089] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 92.763394] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 92.776308] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 92.786358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 92.799687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 92.813643] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 92.821988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 92.830007] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 92.837362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 92.845233] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 92.856584] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.864966] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.883374] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 92.893838] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 92.909047] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.919185] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 92.933428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 92.941410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 92.949357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 92.960149] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 92.972083] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 92.982036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 92.993840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.006411] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.014881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.029453] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 93.037892] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.049073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.059672] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 93.071718] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 93.088623] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.104089] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.117788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.126459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.503339] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.509756] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.516391] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.522788] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.535277] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 93.547950] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.554350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.561011] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.567358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.578676] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 93.588875] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.595244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.601924] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.608304] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.616610] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 93.674334] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.680745] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.687383] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.693770] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.706069] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 93.724568] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.730994] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.737641] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.744043] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.759759] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 93.767853] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.774241] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.780982] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.787337] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.796310] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 93.988205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 93.995353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.015315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.031191] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.039392] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.046315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 95.657347] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.667937] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.742701] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.756247] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.776727] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.815331] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 95.848574] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 95.891103] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.937347] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 95.963964] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 95.980932] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 95.994482] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 96.009568] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 96.016549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 96.059013] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 96.080376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 96.087563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 96.107050] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 96.165070] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 96.178229] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 96.185295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 96.206036] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 96.220477] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 96.229648] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 96.236634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 96.255723] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 96.268230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 96.282883] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.299979] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.357344] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 96.374653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 96.383955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 96.402074] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.419725] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.460719] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.554712] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.329276] hrtimer: interrupt took 24421 ns 2018/10/07 19:42:28 executed programs: 6 2018/10/07 19:42:33 executed programs: 243 2018/10/07 19:42:38 executed programs: 499 2018/10/07 19:42:43 executed programs: 749 2018/10/07 19:42:48 executed programs: 1009 2018/10/07 19:42:53 executed programs: 1261 2018/10/07 19:42:59 executed programs: 1513 2018/10/07 19:43:04 executed programs: 1775 [ 137.121446] ================================================================== [ 137.128876] BUG: KASAN: use-after-free in do_raw_spin_lock+0x1c0/0x200 [ 137.135549] Read of size 4 at addr ffff8801c5e5067c by task syz-executor0/17892 [ 137.142987] [ 137.144619] CPU: 0 PID: 17892 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #272 [ 137.151981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 137.161332] Call Trace: [ 137.164617] dump_stack+0x1c4/0x2b4 [ 137.168239] ? dump_stack_print_info.cold.2+0x52/0x52 [ 137.173421] ? printk+0xa7/0xcf [ 137.176683] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 137.181442] print_address_description.cold.8+0x9/0x1ff [ 137.186803] kasan_report.cold.9+0x242/0x309 [ 137.191199] ? do_raw_spin_lock+0x1c0/0x200 [ 137.195505] __asan_report_load4_noabort+0x14/0x20 [ 137.200437] do_raw_spin_lock+0x1c0/0x200 [ 137.204590] _raw_spin_lock_bh+0x39/0x40 [ 137.208658] ? vhost_transport_send_pkt+0x12e/0x380 [ 137.213680] vhost_transport_send_pkt+0x12e/0x380 [ 137.213696] ? vhost_vsock_dev_open+0x5a0/0x5a0 [ 137.213713] ? vhost_vsock_dev_open+0x5a0/0x5a0 [ 137.227873] ? vsock_core_get_transport+0x9/0x20 [ 137.227891] virtio_transport_send_pkt_info+0x31d/0x460 [ 137.227907] virtio_transport_connect+0x17c/0x220 [ 137.242844] ? virtio_transport_send_pkt_info+0x460/0x460 [ 137.248394] ? vsock_stream_connect+0x48e/0xe40 [ 137.253072] vsock_stream_connect+0x4ed/0xe40 [ 137.257575] ? vsock_dgram_connect+0x500/0x500 [ 137.262172] ? finish_wait+0x430/0x430 [ 137.266070] ? aa_af_perm+0x5a0/0x5a0 [ 137.269876] ? __might_fault+0x164/0x1e0 [ 137.274145] ? apparmor_socket_connect+0xb6/0x160 [ 137.278990] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 137.279007] ? security_socket_connect+0x94/0xc0 [ 137.279026] __sys_connect+0x37d/0x4c0 [ 137.289297] ? __ia32_sys_accept+0xb0/0xb0 [ 137.289315] ? __sanitizer_cov_trace_pc+0x14/0x50 [ 137.289330] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 137.289345] ? put_timespec64+0x10f/0x1b0 [ 137.289366] ? trace_hardirqs_on+0xbd/0x310 [ 137.316268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 137.316285] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 137.316301] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 137.316321] __x64_sys_connect+0x73/0xb0 [ 137.327208] do_syscall_64+0x1b9/0x820 [ 137.327223] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 137.327239] ? syscall_return_slowpath+0x5e0/0x5e0 [ 137.327252] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 137.327271] ? trace_hardirqs_on_caller+0x310/0x310 [ 137.360724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 137.366270] ? prepare_exit_to_usermode+0x291/0x3b0 [ 137.371292] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 137.376154] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 137.381346] RIP: 0033:0x457579 [ 137.384555] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 137.403453] RSP: 002b:00007f23369dec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 137.411149] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 137.418425] RDX: 0000000000000010 RSI: 0000000020000200 RDI: 000000000000000a [ 137.425682] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 137.432944] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f23369df6d4 [ 137.440197] R13: 00000000004bdb1a R14: 00000000004cc658 R15: 00000000ffffffff [ 137.447463] [ 137.449089] Allocated by task 17892: [ 137.452811] save_stack+0x43/0xd0 [ 137.456274] kasan_kmalloc+0xc7/0xe0 [ 137.459992] __kmalloc_node+0x47/0x70 [ 137.463803] kvmalloc_node+0xb9/0xf0 [ 137.467536] vhost_vsock_dev_open+0xa2/0x5a0 [ 137.471937] misc_open+0x3ca/0x560 [ 137.475472] chrdev_open+0x25a/0x710 [ 137.479178] do_dentry_open+0x499/0x1250 [ 137.483238] vfs_open+0xa0/0xd0 [ 137.486499] path_openat+0x12bf/0x5160 [ 137.490384] do_filp_open+0x255/0x380 [ 137.494171] do_sys_open+0x568/0x700 [ 137.497872] __x64_sys_openat+0x9d/0x100 [ 137.501914] do_syscall_64+0x1b9/0x820 [ 137.505782] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 137.510947] [ 137.512560] Freed by task 17891: [ 137.515920] save_stack+0x43/0xd0 [ 137.519373] __kasan_slab_free+0x102/0x150 [ 137.523605] kasan_slab_free+0xe/0x10 [ 137.527402] kfree+0xcf/0x230 [ 137.530524] kvfree+0x61/0x70 [ 137.533636] vhost_vsock_dev_release+0x4f4/0x720 [ 137.538438] __fput+0x385/0xa30 [ 137.541725] ____fput+0x15/0x20 [ 137.545008] task_work_run+0x1e8/0x2a0 [ 137.548898] exit_to_usermode_loop+0x318/0x380 [ 137.553491] do_syscall_64+0x6be/0x820 [ 137.557377] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 137.562563] [ 137.564193] The buggy address belongs to the object at ffff8801c5e47980 [ 137.564193] which belongs to the cache kmalloc-65536 of size 65536 [ 137.577199] The buggy address is located 36092 bytes inside of [ 137.577199] 65536-byte region [ffff8801c5e47980, ffff8801c5e57980) [ 137.589414] The buggy address belongs to the page: [ 137.589429] page:ffffea0007179000 count:1 mapcount:0 mapping:ffff8801da802500 index:0x0 compound_mapcount: 0 [ 137.589444] flags: 0x2fffc0000008100(slab|head) [ 137.589462] raw: 02fffc0000008100 ffffea0006a26008 ffffea0006a33008 ffff8801da802500 2018/10/07 19:43:09 executed programs: 2021 [ 137.589477] raw: 0000000000000000 ffff8801c5e47980 0000000100000001 0000000000000000 [ 137.616874] page dumped because: kasan: bad access detected [ 137.616879] [ 137.616883] Memory state around the buggy address: [ 137.616896] ffff8801c5e50500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 137.616906] ffff8801c5e50580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 137.616916] >ffff8801c5e50600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 137.616922] ^ [ 137.616935] ffff8801c5e50680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 137.628911] kobject: 'loop2' (0000000075e796a9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 137.630519] ffff8801c5e50700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 137.630525] ================================================================== [ 137.630610] Kernel panic - not syncing: panic_on_warn set ... [ 137.630610] [ 137.658141] kobject: 'loop1' (00000000ee900dd7): kobject_uevent_env [ 137.659170] CPU: 0 PID: 17892 Comm: syz-executor0 Tainted: G B 4.19.0-rc6+ #272 [ 137.659184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 137.666469] kobject: 'loop1' (00000000ee900dd7): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 137.673790] Call Trace: [ 137.673813] dump_stack+0x1c4/0x2b4 [ 137.673837] ? dump_stack_print_info.cold.2+0x52/0x52 [ 137.673857] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 137.692446] kobject: 'loop5' (000000005ecedf2c): kobject_uevent_env [ 137.697981] panic+0x238/0x4e7 [ 137.697995] ? add_taint.cold.5+0x16/0x16 [ 137.698019] ? trace_hardirqs_on+0xb4/0x310 [ 137.716139] kobject: 'loop5' (000000005ecedf2c): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 137.720505] kasan_end_report+0x47/0x4f [ 137.720530] kasan_report.cold.9+0x76/0x309 [ 137.720546] ? do_raw_spin_lock+0x1c0/0x200 [ 137.720563] __asan_report_load4_noabort+0x14/0x20 [ 137.768110] kobject: 'loop4' (000000006a952ef6): kobject_uevent_env [ 137.769199] do_raw_spin_lock+0x1c0/0x200 [ 137.769217] _raw_spin_lock_bh+0x39/0x40 [ 137.773558] kobject: 'loop4' (000000006a952ef6): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 137.782980] ? vhost_transport_send_pkt+0x12e/0x380 [ 137.782992] vhost_transport_send_pkt+0x12e/0x380 [ 137.783005] ? vhost_vsock_dev_open+0x5a0/0x5a0 [ 137.783016] ? vhost_vsock_dev_open+0x5a0/0x5a0 [ 137.783032] ? vsock_core_get_transport+0x9/0x20 [ 137.783049] virtio_transport_send_pkt_info+0x31d/0x460 [ 137.853733] virtio_transport_connect+0x17c/0x220 [ 137.858559] ? virtio_transport_send_pkt_info+0x460/0x460 [ 137.864097] ? vsock_stream_connect+0x48e/0xe40 [ 137.868762] vsock_stream_connect+0x4ed/0xe40 [ 137.873241] ? vsock_dgram_connect+0x500/0x500 [ 137.877811] ? finish_wait+0x430/0x430 [ 137.881696] ? aa_af_perm+0x5a0/0x5a0 [ 137.885490] ? __might_fault+0x164/0x1e0 [ 137.889547] ? apparmor_socket_connect+0xb6/0x160 [ 137.894371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 137.899891] ? security_socket_connect+0x94/0xc0 [ 137.904633] __sys_connect+0x37d/0x4c0 [ 137.908602] ? __ia32_sys_accept+0xb0/0xb0 [ 137.912827] ? __sanitizer_cov_trace_pc+0x14/0x50 [ 137.917669] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 137.923204] ? put_timespec64+0x10f/0x1b0 [ 137.927354] ? trace_hardirqs_on+0xbd/0x310 [ 137.931658] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 137.937182] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 137.942535] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 137.947970] __x64_sys_connect+0x73/0xb0 [ 137.952015] do_syscall_64+0x1b9/0x820 [ 137.955886] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 137.961231] ? syscall_return_slowpath+0x5e0/0x5e0 [ 137.966141] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 137.970972] ? trace_hardirqs_on_caller+0x310/0x310 [ 137.975970] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 137.981524] ? prepare_exit_to_usermode+0x291/0x3b0 [ 137.986542] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 137.991383] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 137.996568] RIP: 0033:0x457579 [ 137.999745] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 138.018630] RSP: 002b:00007f23369dec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 138.026322] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 138.033572] RDX: 0000000000000010 RSI: 0000000020000200 RDI: 000000000000000a [ 138.040833] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 138.048090] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f23369df6d4 [ 138.055342] R13: 00000000004bdb1a R14: 00000000004cc658 R15: 00000000ffffffff [ 138.063536] Kernel Offset: disabled [ 138.067154] Rebooting in 86400 seconds..