[ 40.292133][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 40.305464][ T10] device veth1_macvtap left promiscuous mode
[ 40.311525][ T10] device veth0_macvtap left promiscuous mode
[ 40.318030][ T10] device veth1_vlan left promiscuous mode
[ 40.324185][ T10] device veth0_vlan left promiscuous mode
[ 40.411197][ T10] team0 (unregistering): Port device team_slave_1 removed
[ 40.423707][ T10] team0 (unregistering): Port device team_slave_0 removed
[ 40.435880][ T10] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 40.447624][ T10] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 40.483012][ T10] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.1.44' (ECDSA) to the list of known hosts.
[ 52.889949][ T4003] ==================================================================
[ 52.898296][ T4003] BUG: KASAN: use-after-free in strcmp+0x9b/0xb0
[ 52.904592][ T4003] Read of size 1 at addr ffff88801d11b1c0 by task syz-executor107/4003
[ 52.912790][ T4003]
[ 52.915085][ T4003] CPU: 1 PID: 4003 Comm: syz-executor107 Not tainted 5.16.0-syzkaller #0
[ 52.923455][ T4003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 52.933473][ T4003] Call Trace:
[ 52.936722][ T4003]
[ 52.939621][ T4003] dump_stack_lvl+0x57/0x7d
[ 52.944093][ T4003] print_address_description.constprop.0.cold+0x8d/0x320
[ 52.951088][ T4003] ? strcmp+0x9b/0xb0
[ 52.955051][ T4003] ? strcmp+0x9b/0xb0
[ 52.959008][ T4003] kasan_report.cold+0x83/0xdf
[ 52.963753][ T4003] ? strcmp+0x9b/0xb0
[ 52.967715][ T4003] strcmp+0x9b/0xb0
[ 52.971501][ T4003] madvise_update_vma+0x40f/0x6a0
[ 52.976510][ T4003] madvise_vma_behavior+0xdb/0x1380
[ 52.981699][ T4003] ? madvise_vma_anon_name+0xd0/0xd0
[ 52.986972][ T4003] ? find_vma+0x8e/0x200
[ 52.991200][ T4003] ? madvise_vma_anon_name+0xd0/0xd0
[ 52.996462][ T4003] madvise_walk_vmas+0x164/0x280
[ 53.001378][ T4003] ? __remove_memory+0x10/0x10
[ 53.006117][ T4003] ? __down_timeout+0x10/0x10
[ 53.010777][ T4003] ? find_held_lock+0x2d/0x110
[ 53.015531][ T4003] do_madvise.part.0+0x119/0x270
[ 53.020455][ T4003] ? madvise_cold+0x1f0/0x1f0
[ 53.025128][ T4003] __x64_sys_madvise+0xcc/0x130
[ 53.029966][ T4003] ? syscall_enter_from_user_mode+0x21/0x70
[ 53.035838][ T4003] do_syscall_64+0x35/0xb0
[ 53.040234][ T4003] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 53.046112][ T4003] RIP: 0033:0x7f973ea84b19
[ 53.050506][ T4003] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.070097][ T4003] RSP: 002b:00007ffe99758f88 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[ 53.078494][ T4003] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f973ea84b19
[ 53.086627][ T4003] RDX: 000000000000000b RSI: 0000000000001000 RDI: 0000000020ffc000
[ 53.094757][ T4003] RBP: 00007f973ea48cc0 R08: 0000000000000000 R09: 0000000000000000
[ 53.102708][ T4003] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f973ea48d50
[ 53.110655][ T4003] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 53.118615][ T4003]
[ 53.121703][ T4003]
[ 53.124008][ T4003] Allocated by task 3614:
[ 53.128308][ T4003] kasan_save_stack+0x1e/0x50
[ 53.132966][ T4003] __kasan_kmalloc+0xa9/0xd0
[ 53.137538][ T4003] apparmor_sk_alloc_security+0x69/0xf0
[ 53.143061][ T4003] security_sk_alloc+0x44/0x80
[ 53.147798][ T4003] sk_prot_alloc+0x178/0x200
[ 53.152361][ T4003] sk_alloc+0x27/0x810
[ 53.156391][ T4003] inet_create+0x2a4/0xd60
[ 53.160768][ T4003] __sock_create+0x23e/0x590
[ 53.165319][ T4003] __sys_socket+0xd6/0x1a0
[ 53.170144][ T4003] __x64_sys_socket+0x6a/0xb0
[ 53.174781][ T4003] do_syscall_64+0x35/0xb0
[ 53.179188][ T4003] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 53.185041][ T4003]
[ 53.187332][ T4003] Freed by task 4003:
[ 53.191272][ T4003] kasan_save_stack+0x1e/0x50
[ 53.195910][ T4003] kasan_set_track+0x21/0x30
[ 53.200479][ T4003] kasan_set_free_info+0x20/0x30
[ 53.205378][ T4003] __kasan_slab_free+0xff/0x130
[ 53.210193][ T4003] slab_free_freelist_hook+0x8b/0x1c0
[ 53.215545][ T4003] kfree+0xf6/0x560
[ 53.219312][ T4003] free_vma_anon_name+0x59/0xa0
[ 53.224122][ T4003] vm_area_free+0x9/0x20
[ 53.228327][ T4003] __vma_adjust+0x738/0x20b0
[ 53.232877][ T4003] vma_merge+0x6f9/0x12e0
[ 53.237168][ T4003] madvise_update_vma+0x199/0x6a0
[ 53.242245][ T4003] madvise_vma_behavior+0xdb/0x1380
[ 53.247408][ T4003] madvise_walk_vmas+0x164/0x280
[ 53.252309][ T4003] do_madvise.part.0+0x119/0x270
[ 53.257210][ T4003] __x64_sys_madvise+0xcc/0x130
[ 53.262026][ T4003] do_syscall_64+0x35/0xb0
[ 53.266404][ T4003] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 53.272256][ T4003]
[ 53.274549][ T4003] The buggy address belongs to the object at ffff88801d11b1c0
[ 53.274549][ T4003] which belongs to the cache kmalloc-16 of size 16
[ 53.288567][ T4003] The buggy address is located 0 bytes inside of
[ 53.288567][ T4003] 16-byte region [ffff88801d11b1c0, ffff88801d11b1d0)
[ 53.301537][ T4003] The buggy address belongs to the page:
[ 53.307129][ T4003] page:ffffea00007446c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d11b
[ 53.317240][ T4003] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 53.324906][ T4003] raw: 00fff00000000200 0000000000000000 dead000000000001 ffff88800fc413c0
[ 53.333461][ T4003] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[ 53.342005][ T4003] page dumped because: kasan: bad access detected
[ 53.348378][ T4003] page_owner tracks the page as allocated
[ 53.354075][ T4003] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 4776970319, free_ts 0
[ 53.368890][ T4003] get_page_from_freelist+0xa6f/0x2f10
[ 53.374314][ T4003] __alloc_pages+0x1b2/0x500
[ 53.378863][ T4003] alloc_page_interleave+0xf/0x1c0
[ 53.383936][ T4003] new_slab+0x32d/0x4a0
[ 53.388060][ T4003] ___slab_alloc+0x91a/0xfd0
[ 53.392612][ T4003] __slab_alloc.constprop.0+0x4d/0xa0
[ 53.397948][ T4003] __kmalloc_track_caller+0x2e7/0x320
[ 53.403283][ T4003] kstrdup+0x29/0x50
[ 53.407138][ T4003] __kernfs_new_node+0x94/0x7b0
[ 53.411967][ T4003] kernfs_create_dir_ns+0x80/0x220
[ 53.417037][ T4003] sysfs_create_dir_ns+0x116/0x260
[ 53.422111][ T4003] kobject_add_internal+0x27b/0x930
[ 53.427269][ T4003] kobject_add+0x120/0x190
[ 53.431646][ T4003] device_add+0x2d6/0x1b80
[ 53.436023][ T4003] usb_hub_create_port_device+0x361/0xc90
[ 53.441708][ T4003] hub_probe.cold+0x1f9b/0x24a6
[ 53.446523][ T4003] page_owner free stack trace missing
[ 53.451853][ T4003]
[ 53.454145][ T4003] Memory state around the buggy address:
[ 53.459735][ T4003] ffff88801d11b080: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[ 53.467759][ T4003] ffff88801d11b100: 00 00 fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc
[ 53.475796][ T4003] >ffff88801d11b180: fa fb fc fc 00 00 fc fc fa fb fc fc fb fb fc fc
[ 53.483816][ T4003] ^
[ 53.489929][ T4003] ffff88801d11b200: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 53.498038][ T4003] ffff88801d11b280: fb fb fc fc fb fb fc fc fb fb fc fc 00 07 fc fc
[ 53.506076][ T4003] ==================================================================
[ 53.514201][ T4003] Disabling lock debugging due to kernel taint
[ 53.521032][ T4003] Kernel panic - not syncing: panic_on_warn set ...
[ 53.527587][ T4003] CPU: 1 PID: 4003 Comm: syz-executor107 Tainted: G B 5.16.0-syzkaller #0
[ 53.537369][ T4003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 53.547384][ T4003] Call Trace:
[ 53.550642][ T4003]
[ 53.553559][ T4003] dump_stack_lvl+0x57/0x7d
[ 53.558031][ T4003] panic+0x214/0x49f
[ 53.561907][ T4003] ? __warn_printk+0xee/0xee
[ 53.566470][ T4003] ? preempt_schedule_common+0x59/0xc0
[ 53.571904][ T4003] ? strcmp+0x9b/0xb0
[ 53.575861][ T4003] ? preempt_schedule_thunk+0x16/0x18
[ 53.581210][ T4003] ? strcmp+0x9b/0xb0
[ 53.585252][ T4003] ? strcmp+0x9b/0xb0
[ 53.589205][ T4003] end_report.cold+0x63/0x6f
[ 53.593768][ T4003] kasan_report.cold+0x71/0xdf
[ 53.598503][ T4003] ? strcmp+0x9b/0xb0
[ 53.602459][ T4003] strcmp+0x9b/0xb0
[ 53.606242][ T4003] madvise_update_vma+0x40f/0x6a0
[ 53.611245][ T4003] madvise_vma_behavior+0xdb/0x1380
[ 53.616414][ T4003] ? madvise_vma_anon_name+0xd0/0xd0
[ 53.621761][ T4003] ? find_vma+0x8e/0x200
[ 53.625979][ T4003] ? madvise_vma_anon_name+0xd0/0xd0
[ 53.631234][ T4003] madvise_walk_vmas+0x164/0x280
[ 53.636319][ T4003] ? __remove_memory+0x10/0x10
[ 53.641053][ T4003] ? __down_timeout+0x10/0x10
[ 53.645710][ T4003] ? find_held_lock+0x2d/0x110
[ 53.650450][ T4003] do_madvise.part.0+0x119/0x270
[ 53.655364][ T4003] ? madvise_cold+0x1f0/0x1f0
[ 53.660014][ T4003] __x64_sys_madvise+0xcc/0x130
[ 53.664826][ T4003] ? syscall_enter_from_user_mode+0x21/0x70
[ 53.670680][ T4003] do_syscall_64+0x35/0xb0
[ 53.675058][ T4003] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 53.680911][ T4003] RIP: 0033:0x7f973ea84b19
[ 53.685292][ T4003] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.704860][ T4003] RSP: 002b:00007ffe99758f88 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[ 53.713252][ T4003] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f973ea84b19
[ 53.721184][ T4003] RDX: 000000000000000b RSI: 0000000000001000 RDI: 0000000020ffc000
[ 53.729117][ T4003] RBP: 00007f973ea48cc0 R08: 0000000000000000 R09: 0000000000000000
[ 53.737057][ T4003] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f973ea48d50
[ 53.744997][ T4003] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 53.752936][ T4003]
[ 53.756707][ T4003] Kernel Offset: disabled
[ 53.761001][ T4003] Rebooting in 86400 seconds..