[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   33.327361] audit: type=1800 audit(1538942613.699:25): pid=5837 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   33.346541] audit: type=1800 audit(1538942613.699:26): pid=5837 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   33.369516] audit: type=1800 audit(1538942613.709:27): pid=5837 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts.
2018/10/07 20:05:23 parsed 1 programs
syzkaller login: [  143.590121] cc1 (5996) used greatest stack depth: 16584 bytes left
2018/10/07 20:05:24 executed programs: 0
[  144.519654] IPVS: ftp: loaded support on port[0] = 21
[  144.543700] IPVS: ftp: loaded support on port[0] = 21
[  144.545108] IPVS: ftp: loaded support on port[0] = 21
[  144.558149] IPVS: ftp: loaded support on port[0] = 21
[  144.559059] IPVS: ftp: loaded support on port[0] = 21
[  144.572178] IPVS: ftp: loaded support on port[0] = 21
[  145.101562] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.110966] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.118262] device bridge_slave_0 entered promiscuous mode
[  145.124568] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.131046] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.138118] device bridge_slave_0 entered promiscuous mode
[  145.148650] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.157023] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.163950] device bridge_slave_0 entered promiscuous mode
[  145.173631] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.179954] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.187061] device bridge_slave_0 entered promiscuous mode
[  145.194246] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.200579] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.207738] device bridge_slave_1 entered promiscuous mode
[  145.214971] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.221283] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.228842] device bridge_slave_1 entered promiscuous mode
[  145.235557] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.242118] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.248849] device bridge_slave_1 entered promiscuous mode
[  145.258483] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.265558] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.272777] device bridge_slave_1 entered promiscuous mode
[  145.278940] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.285717] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.292698] device bridge_slave_0 entered promiscuous mode
[  145.299721] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  145.307903] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  145.316212] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  145.326459] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.332989] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.339727] device bridge_slave_0 entered promiscuous mode
[  145.346311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  145.354120] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  145.362640] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  145.369748] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.379697] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.388606] device bridge_slave_1 entered promiscuous mode
[  145.395503] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  145.409561] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  145.422011] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.428341] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.440844] device bridge_slave_1 entered promiscuous mode
[  145.455077] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  145.468858] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  145.491312] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  145.506377] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  145.515741] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  145.526632] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  145.536644] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  145.547957] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  145.555948] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  145.566254] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  145.576418] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  145.602550] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  145.659843] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  145.672423] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  145.712129] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  145.728833] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  145.737423] team0: Port device team_slave_0 added
[  145.743997] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  145.758633] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  145.768390] team0: Port device team_slave_0 added
[  145.773694] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  145.780598] team0: Port device team_slave_1 added
[  145.788602] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  145.795945] team0: Port device team_slave_0 added
[  145.806148] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  145.816502] team0: Port device team_slave_0 added
[  145.822560] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  145.829488] team0: Port device team_slave_1 added
[  145.845754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  145.861004] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  145.869069] team0: Port device team_slave_1 added
[  145.878290] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  145.886179] team0: Port device team_slave_1 added
[  145.903348] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  145.910958] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  145.924574] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  145.937036] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  145.946693] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  145.955100] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  145.962469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  145.971521] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  145.979182] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  145.987221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  145.994939] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  146.002451] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  146.010167] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  146.017364] team0: Port device team_slave_0 added
[  146.023524] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  146.030810] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  146.041236] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  146.049465] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  146.058046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  146.066797] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  146.074478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  146.082305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  146.089862] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  146.097703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  146.105274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  146.112964] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  146.121597] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  146.128690] team0: Port device team_slave_0 added
[  146.135183] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  146.142129] team0: Port device team_slave_1 added
[  146.148170] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  146.157365] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  146.166546] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  146.174689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  146.183986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  146.191510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  146.199144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  146.206801] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  146.214561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  146.223625] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  146.232614] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  146.239583] team0: Port device team_slave_1 added
[  146.250533] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  146.260090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  146.271282] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  146.278796] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  146.286767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  146.295072] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  146.303689] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  146.318978] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  146.332961] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  146.340907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  146.350254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  146.358007] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  146.365269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  146.372954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  146.385009] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  146.395223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  146.412340] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  146.422595] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  146.431024] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  146.439250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  146.460097] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  146.484891] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  146.502949] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  146.511334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  146.528613] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  146.543524] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  146.551231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  146.740007] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.746385] bridge0: port 2(bridge_slave_1) entered forwarding state
[  146.752992] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.759324] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.771188] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  146.786740] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.793118] bridge0: port 2(bridge_slave_1) entered forwarding state
[  146.799685] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.806054] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.813166] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  146.821435] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.827779] bridge0: port 2(bridge_slave_1) entered forwarding state
[  146.834384] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.840713] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.847887] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  146.863608] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.870045] bridge0: port 2(bridge_slave_1) entered forwarding state
[  146.876650] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.883004] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.902894] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  146.916171] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  146.925486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  146.932776] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  146.939623] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  146.991850] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.998193] bridge0: port 2(bridge_slave_1) entered forwarding state
[  147.004883] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.011208] bridge0: port 1(bridge_slave_0) entered forwarding state
[  147.024825] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  147.183736] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.190099] bridge0: port 2(bridge_slave_1) entered forwarding state
[  147.196694] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.203047] bridge0: port 1(bridge_slave_0) entered forwarding state
[  147.215237] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  147.978963] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  147.988038] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  148.339460] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.437608] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.471223] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.489874] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.510552] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  148.585292] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.592768] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  148.624657] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  148.644879] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  148.657417] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  148.665081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  148.673196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  148.750817] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  148.757398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  148.764499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  148.779075] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  148.797782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  148.805208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  148.823711] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  148.833465] 8021q: adding VLAN 0 to HW filter on device team0
[  148.841461] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  148.848231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  148.858069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  148.900293] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.909255] 8021q: adding VLAN 0 to HW filter on device team0
[  148.994525] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  149.002646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  149.009482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  149.027691] 8021q: adding VLAN 0 to HW filter on device team0
[  149.036234] 8021q: adding VLAN 0 to HW filter on device team0
[  149.089888] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  149.148084] 8021q: adding VLAN 0 to HW filter on device team0
[  149.227640] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  149.238086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  149.246636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  149.382720] 8021q: adding VLAN 0 to HW filter on device team0
2018/10/07 20:05:30 executed programs: 6
2018/10/07 20:05:35 executed programs: 348
2018/10/07 20:05:40 executed programs: 706
2018/10/07 20:05:45 executed programs: 1083
2018/10/07 20:05:50 executed programs: 1435
2018/10/07 20:05:55 executed programs: 1798
2018/10/07 20:06:00 executed programs: 2151
2018/10/07 20:06:05 executed programs: 2524
2018/10/07 20:06:10 executed programs: 2888
2018/10/07 20:06:15 executed programs: 3248
2018/10/07 20:06:20 executed programs: 3616
2018/10/07 20:06:25 executed programs: 3986
2018/10/07 20:06:30 executed programs: 4346
[  212.757719] ==================================================================
[  212.765144] BUG: KASAN: use-after-free in do_raw_spin_lock+0x1c0/0x200
[  212.771788] Read of size 4 at addr ffff8801ac5aaefc by task syz-executor1/30330
[  212.779204] 
[  212.780831] CPU: 1 PID: 30330 Comm: syz-executor1 Not tainted 4.19.0-rc6-next-20181005+ #88
[  212.789291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  212.798626] Call Trace:
[  212.801205]  dump_stack+0x1d3/0x2c4
[  212.804822]  ? dump_stack_print_info.cold.2+0x52/0x52
[  212.809998]  ? printk+0xa7/0xcf
[  212.813266]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  212.818031]  print_address_description.cold.8+0x9/0x1ff
[  212.823441]  kasan_report.cold.9+0x242/0x309
[  212.827838]  ? do_raw_spin_lock+0x1c0/0x200
[  212.827853]  __asan_report_load4_noabort+0x14/0x20
[  212.827862]  do_raw_spin_lock+0x1c0/0x200
[  212.827881]  _raw_spin_lock_bh+0x39/0x40
[  212.837095]  ? vhost_transport_send_pkt+0x12e/0x380
[  212.837108]  vhost_transport_send_pkt+0x12e/0x380
[  212.837127]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  212.837140]  ? vhost_vsock_dev_open+0x5a0/0x5a0
[  212.865279]  ? virtio_transport_send_pkt_info+0x2e7/0x460
[  212.870790]  ? __local_bh_enable_ip+0x160/0x260
[  212.875434]  virtio_transport_send_pkt_info+0x31d/0x460
[  212.880790]  virtio_transport_connect+0x17c/0x220
[  212.885609]  ? virtio_transport_send_pkt_info+0x460/0x460
[  212.891137]  ? vsock_auto_bind+0xa9/0xe0
[  212.895176]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  212.900690]  vsock_stream_connect+0x4ed/0xe40
[  212.905162]  ? vsock_dgram_connect+0x500/0x500
[  212.909725]  ? __might_sleep+0x95/0x190
[  212.913683]  ? finish_wait+0x430/0x430
[  212.917564]  ? aa_af_perm+0x5a0/0x5a0
[  212.921343]  ? apparmor_socket_connect+0xb6/0x160
[  212.926171]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  212.926182]  ? security_socket_connect+0x94/0xc0
[  212.926196]  __sys_connect+0x37d/0x4c0
[  212.936558]  ? __ia32_sys_accept+0xb0/0xb0
[  212.936570]  ? kasan_check_read+0x11/0x20
[  212.936584]  ? _copy_to_user+0xc8/0x110
[  212.952742]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  212.958267]  ? put_timespec64+0x10f/0x1b0
[  212.962398]  ? trace_hardirqs_on+0xbd/0x310
[  212.966695]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  212.972208]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  212.977560]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  212.982986]  __x64_sys_connect+0x73/0xb0
[  212.987022]  do_syscall_64+0x1b9/0x820
[  212.990892]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  212.996236]  ? syscall_return_slowpath+0x5e0/0x5e0
[  213.001159]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  213.005980]  ? trace_hardirqs_on_caller+0x310/0x310
[  213.010973]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  213.015967]  ? prepare_exit_to_usermode+0x291/0x3b0
[  213.020977]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  213.025813]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  213.025822] RIP: 0033:0x457579
[  213.025835] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  213.034164] RSP: 002b:00007fd4d33d7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  213.034176] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  213.034182] RDX: 0000000000000010 RSI: 0000000020000200 RDI: 0000000000000006
[  213.034188] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  213.034194] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd4d33d86d4
[  213.034205] R13: 00000000004bdb1a R14: 00000000004cc658 R15: 00000000ffffffff
[  213.097018] 
[  213.098628] Allocated by task 30330:
[  213.102323]  save_stack+0x43/0xd0
[  213.105757]  kasan_kmalloc+0xc7/0xe0
[  213.109470]  __kmalloc_node+0x50/0x70
[  213.113247]  kvmalloc_node+0xb9/0xf0
[  213.116946]  vhost_vsock_dev_open+0xa2/0x5a0
[  213.121334]  misc_open+0x3ca/0x560
[  213.124865]  chrdev_open+0x25a/0x710
[  213.128568]  do_dentry_open+0x499/0x1250
[  213.132609]  vfs_open+0xa0/0xd0
[  213.132619]  path_openat+0x12bc/0x5160
[  213.132628]  do_filp_open+0x255/0x380
[  213.132636]  do_sys_open+0x568/0x700
[  213.132644]  __x64_sys_openat+0x9d/0x100
[  213.132658]  do_syscall_64+0x1b9/0x820
[  213.155149]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  213.160319] 
[  213.161921] Freed by task 30329:
[  213.165267]  save_stack+0x43/0xd0
[  213.168812]  __kasan_slab_free+0x102/0x150
[  213.173022]  kasan_slab_free+0xe/0x10
[  213.176797]  kfree+0xcf/0x230
[  213.179903]  kvfree+0x61/0x70
[  213.182986]  vhost_vsock_dev_release+0x4f4/0x720
[  213.187717]  __fput+0x3bc/0xa70
[  213.190980]  ____fput+0x15/0x20
[  213.194243]  task_work_run+0x1e8/0x2a0
[  213.198111]  exit_to_usermode_loop+0x318/0x380
[  213.202677]  do_syscall_64+0x6be/0x820
[  213.206551]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  213.206557] 
[  213.213347] The buggy address belongs to the object at ffff8801ac5a2200
[  213.213347]  which belongs to the cache kmalloc-64k of size 65536
[  213.226168] The buggy address is located 36092 bytes inside of
[  213.226168]  65536-byte region [ffff8801ac5a2200, ffff8801ac5b2200)
[  213.226172] The buggy address belongs to the page:
[  213.226183] page:ffffea0006b16800 count:1 mapcount:0 mapping:ffff8801da802500 index:0x0 compound_mapcount: 0
[  213.226197] flags: 0x2fffc0000010200(slab|head)
[  213.226210] raw: 02fffc0000010200 ffffea0007141808 ffffea0006b57008 ffff8801da802500
[  213.226222] raw: 0000000000000000 ffff8801ac5a2200 0000000100000001 0000000000000000
[  213.226232] page dumped because: kasan: bad access detected
[  213.279576] 
[  213.281178] Memory state around the buggy address:
[  213.286095]  ffff8801ac5aad80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  213.293440]  ffff8801ac5aae00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  213.300775] >ffff8801ac5aae80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  213.308111]                                                                 ^
[  213.315367]  ffff8801ac5aaf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  213.315375]  ffff8801ac5aaf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  213.315379] ==================================================================
[  213.315437] Kernel panic - not syncing: panic_on_warn set ...
[  213.315437] 
[  213.344811] CPU: 1 PID: 30330 Comm: syz-executor1 Tainted: G    B             4.19.0-rc6-next-20181005+ #88
[  213.350107] kobject: 'loop4' (000000001a8336ab): kobject_uevent_env
[  213.354680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  213.354685] Call Trace:
[  213.354705]  dump_stack+0x1d3/0x2c4
[  213.354718]  ? dump_stack_print_info.cold.2+0x52/0x52
[  213.354733]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.354748]  panic+0x238/0x4e7
[  213.354757]  ? add_taint.cold.5+0x16/0x16
[  213.354773]  ? trace_hardirqs_on+0xb4/0x310
[  213.363640] kobject: 'loop4' (000000001a8336ab): fill_kobj_path: path = '/devices/virtual/block/loop4'
[  213.370501]  kasan_end_report+0x47/0x4f
[  213.370513]  kasan_report.cold.9+0x76/0x309
[  213.370525]  ? do_raw_spin_lock+0x1c0/0x200
[  213.370539]  __asan_report_load4_noabort+0x14/0x20
[  213.391339] cgroup: fork rejected by pids controller in 
[  213.394019]  do_raw_spin_lock+0x1c0/0x200
[  213.394034]  _raw_spin_lock_bh+0x39/0x40
[  213.394047]  ? vhost_transport_send_pkt+0x12e/0x380
[  213.394060]  vhost_transport_send_pkt+0x12e/0x380
[  213.399444] /syz5
[  213.407799]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  213.412760] kobject: 'loop2' (0000000058e15fb3): kobject_uevent_env
[  213.416043]  ? vhost_vsock_dev_open+0x5a0/0x5a0
[  213.416059]  ? virtio_transport_send_pkt_info+0x2e7/0x460
[  213.420392] kobject: 'loop2' (0000000058e15fb3): fill_kobj_path: path = '/devices/virtual/block/loop2'
[  213.425259]  ? __local_bh_enable_ip+0x160/0x260
[  213.425274]  virtio_transport_send_pkt_info+0x31d/0x460
[  213.425288]  virtio_transport_connect+0x17c/0x220
[  213.425303]  ? virtio_transport_send_pkt_info+0x460/0x460
[  213.432104] kobject: 'loop3' (00000000234e10b9): kobject_uevent_env
[  213.434855]  ? vsock_auto_bind+0xa9/0xe0
[  213.438924] kobject: 'loop3' (00000000234e10b9): fill_kobj_path: path = '/devices/virtual/block/loop3'
[  213.443908]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  213.443920]  vsock_stream_connect+0x4ed/0xe40
[  213.443933]  ? vsock_dgram_connect+0x500/0x500
[  213.450792]  ? __might_sleep+0x95/0x190
[  213.450805]  ? finish_wait+0x430/0x430
[  213.450820]  ? aa_af_perm+0x5a0/0x5a0
[  213.461565] kobject: 'loop0' (00000000ae94e016): kobject_uevent_env
[  213.462722]  ? apparmor_socket_connect+0xb6/0x160
[  213.462735]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  213.462748]  ? security_socket_connect+0x94/0xc0
[  213.467989] kobject: 'loop0' (00000000ae94e016): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  213.472914]  __sys_connect+0x37d/0x4c0
[  213.472926]  ? __ia32_sys_accept+0xb0/0xb0
[  213.472938]  ? kasan_check_read+0x11/0x20
[  213.472949]  ? _copy_to_user+0xc8/0x110
[  213.472965]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  213.601189]  ? put_timespec64+0x10f/0x1b0
[  213.605320]  ? trace_hardirqs_on+0xbd/0x310
[  213.609617]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  213.615129]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  213.620468]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  213.625896]  __x64_sys_connect+0x73/0xb0
[  213.629935]  do_syscall_64+0x1b9/0x820
[  213.633799]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  213.639157]  ? syscall_return_slowpath+0x5e0/0x5e0
[  213.644066]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  213.648884]  ? trace_hardirqs_on_caller+0x310/0x310
[  213.653891]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  213.658892]  ? prepare_exit_to_usermode+0x291/0x3b0
[  213.663893]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  213.668714]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  213.673883] RIP: 0033:0x457579
[  213.677065] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  213.696062] RSP: 002b:00007fd4d33d7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  213.703746] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  213.710988] RDX: 0000000000000010 RSI: 0000000020000200 RDI: 0000000000000006
[  213.718231] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  213.725475] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd4d33d86d4
[  213.732719] R13: 00000000004bdb1a R14: 00000000004cc658 R15: 00000000ffffffff
[  213.741140] Kernel Offset: disabled
[  213.744759] Rebooting in 86400 seconds..