[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.274032] kauditd_printk_skb: 8 callbacks suppressed [ 28.274044] audit: type=1800 audit(1541819983.427:29): pid=5568 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.301066] audit: type=1800 audit(1541819983.437:30): pid=5568 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 51.705937] sshd (5711) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. 2018/11/10 03:20:13 parsed 1 programs 2018/11/10 03:20:16 executed programs: 0 [ 61.384589] IPVS: ftp: loaded support on port[0] = 21 [ 61.407786] IPVS: ftp: loaded support on port[0] = 21 [ 61.419576] IPVS: ftp: loaded support on port[0] = 21 [ 61.423328] IPVS: ftp: loaded support on port[0] = 21 [ 61.430881] IPVS: ftp: loaded support on port[0] = 21 [ 61.432275] IPVS: ftp: loaded support on port[0] = 21 [ 62.294834] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.311627] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.319318] device bridge_slave_0 entered promiscuous mode [ 62.342745] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.355021] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.367224] device bridge_slave_0 entered promiscuous mode [ 62.374659] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.381159] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.388490] device bridge_slave_0 entered promiscuous mode [ 62.397460] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.403940] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.411265] device bridge_slave_0 entered promiscuous mode [ 62.419989] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.426330] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.433462] device bridge_slave_0 entered promiscuous mode [ 62.441399] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.449046] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.456129] device bridge_slave_0 entered promiscuous mode [ 62.468458] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.474799] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.483312] device bridge_slave_1 entered promiscuous mode [ 62.491946] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.499516] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.506583] device bridge_slave_1 entered promiscuous mode [ 62.518371] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.524723] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.532485] device bridge_slave_1 entered promiscuous mode [ 62.539896] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.546348] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.555760] device bridge_slave_1 entered promiscuous mode [ 62.563825] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.571082] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.578391] device bridge_slave_1 entered promiscuous mode [ 62.585987] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 62.594610] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.604015] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.614554] device bridge_slave_1 entered promiscuous mode [ 62.622225] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 62.634523] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 62.643637] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 62.653980] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 62.662995] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 62.675290] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 62.685669] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 62.697040] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 62.721593] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 62.730946] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 62.761065] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 62.841085] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 62.857909] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 62.868580] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 62.917621] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 62.938692] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 62.966396] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 62.985611] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 62.998116] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 63.013188] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 63.058056] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 63.069599] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 63.077042] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.088073] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 63.097544] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 63.117842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.139125] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 63.148657] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 63.159563] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 63.174156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.187258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.197985] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 63.209497] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 63.217323] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 63.224152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.257568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.265551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.275314] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 63.303883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.332087] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 63.355219] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 63.367309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.381635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.397994] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 63.405605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.458908] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 63.477521] team0: Port device team_slave_0 added [ 63.517786] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 63.535337] team0: Port device team_slave_0 added [ 63.541685] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 63.550150] team0: Port device team_slave_0 added [ 63.576884] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 63.584331] team0: Port device team_slave_1 added [ 63.615006] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 63.624964] team0: Port device team_slave_1 added [ 63.632944] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 63.653407] team0: Port device team_slave_1 added [ 63.661627] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 63.670378] team0: Port device team_slave_0 added [ 63.685052] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.697564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.719865] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 63.728054] team0: Port device team_slave_0 added [ 63.733828] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 63.742650] team0: Port device team_slave_0 added [ 63.757910] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.768551] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.793012] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.810492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.829069] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 63.836460] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 63.844098] team0: Port device team_slave_1 added [ 63.852655] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 63.866077] team0: Port device team_slave_1 added [ 63.873029] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.884630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.903542] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 63.915152] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 63.923034] team0: Port device team_slave_1 added [ 63.931541] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 63.947333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.955375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.966104] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.977500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.996317] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.004233] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.012342] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 64.020923] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 64.044391] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.080495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.088997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.097293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.105119] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.112837] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.125379] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 64.138891] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 64.161906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.175167] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.192411] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.200704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.210518] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 64.221748] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 64.234612] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 64.256542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.265850] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.282364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.291236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.303018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.311007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.324644] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 64.334480] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 64.348967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.362457] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.377558] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.388707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.404660] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 64.424413] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.437434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.510606] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 64.530789] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.540047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.894846] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.901443] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.908515] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.914891] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.925038] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 65.053310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.069527] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.075928] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.082671] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.089082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.106382] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 65.117691] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.124063] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.130808] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.137260] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.147191] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 65.222629] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.229092] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.235759] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.242208] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.251188] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 65.321479] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.327953] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.334636] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.341096] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.365819] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 65.479388] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.485807] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.492528] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.498942] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.510466] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 66.065633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.074932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.083305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.091230] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.102368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 67.928520] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.955169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.016373] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.210867] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 68.230048] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 68.267044] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.319913] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 68.353671] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.497447] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 68.503637] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.512291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.525758] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 68.541256] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 68.550495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.559394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.573592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.589208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.610516] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.649647] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 68.727471] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 68.790681] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.822742] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.875254] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.894211] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 68.933732] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 68.941284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.958029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 69.049156] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 69.059315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 69.071538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 69.175085] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 69.193802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 69.202277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 69.224396] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.357179] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.458558] 8021q: adding VLAN 0 to HW filter on device team0 2018/11/10 03:20:25 executed programs: 6 2018/11/10 03:20:32 executed programs: 40 2018/11/10 03:20:39 executed programs: 87 [ 83.953632] ================================================================== [ 83.962265] BUG: KASAN: use-after-free in task_is_descendant.part.3+0x610/0x670 [ 83.969740] Read of size 8 at addr ffff8801d933ab60 by task syz-executor2/7664 [ 83.977136] [ 83.978786] CPU: 1 PID: 7664 Comm: syz-executor2 Not tainted 4.20.0-rc1+ #231 [ 83.986071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.995457] Call Trace: [ 83.998069] dump_stack+0x244/0x39d [ 84.001725] ? dump_stack_print_info.cold.1+0x20/0x20 [ 84.006948] ? printk+0xa7/0xcf [ 84.010248] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 84.015035] print_address_description.cold.7+0x9/0x1ff [ 84.020448] kasan_report.cold.8+0x242/0x309 [ 84.024891] ? task_is_descendant.part.3+0x610/0x670 [ 84.030035] __asan_report_load8_noabort+0x14/0x20 [ 84.034991] task_is_descendant.part.3+0x610/0x670 [ 84.039950] ? yama_relation_cleanup+0x500/0x500 [ 84.044732] ? check_preemption_disabled+0x48/0x280 [ 84.049774] ? kasan_check_read+0x11/0x20 [ 84.053949] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 84.059243] ? rcu_softirq_qs+0x20/0x20 [ 84.063238] ? find_held_lock+0x36/0x1c0 [ 84.067352] yama_ptrace_access_check+0x215/0x10fc [ 84.072318] ? check_preemption_disabled+0x48/0x280 [ 84.077352] ? task_is_descendant.part.3+0x670/0x670 [ 84.082473] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 84.087448] ? kasan_check_read+0x11/0x20 [ 84.091605] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 84.096887] ? rcu_softirq_qs+0x20/0x20 [ 84.100880] ? cap_ptrace_access_check+0x2cc/0x6b0 [ 84.105813] ? __ptrace_may_access+0x4b0/0x980 [ 84.110404] ? cap_ptrace_traceme+0x6b0/0x6b0 [ 84.114917] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 84.119859] ? kasan_check_read+0x11/0x20 [ 84.124032] ? rcu_softirq_qs+0x20/0x20 [ 84.128020] security_ptrace_access_check+0x54/0xb0 [ 84.133051] __ptrace_may_access+0x5c8/0x980 [ 84.137477] ? ptrace_setsiginfo+0x1a0/0x1a0 [ 84.141890] ? rcu_softirq_qs+0x20/0x20 [ 84.145903] ptrace_attach+0x1fa/0x640 [ 84.149823] __ia32_compat_sys_ptrace+0x1d2/0x260 [ 84.154676] do_fast_syscall_32+0x34d/0xfb2 [ 84.159011] ? do_int80_syscall_32+0x890/0x890 [ 84.163599] ? entry_SYSENTER_compat+0x68/0x7f [ 84.168188] ? trace_hardirqs_off_caller+0xbb/0x310 [ 84.173215] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 84.178130] ? trace_hardirqs_on_caller+0x310/0x310 [ 84.183154] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 84.188195] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 84.194871] ? __switch_to_asm+0x40/0x70 [ 84.198944] ? __switch_to_asm+0x34/0x70 [ 84.203029] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 84.207885] entry_SYSENTER_compat+0x70/0x7f [ 84.212283] RIP: 0023:0xf7f21a29 [ 84.215648] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 84.234739] RSP: 002b:00000000f7f1d0cc EFLAGS: 00000296 ORIG_RAX: 000000000000001a [ 84.242466] RAX: ffffffffffffffda RBX: 0000000000004206 RCX: 0000000000000136 [ 84.249743] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 84.257019] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 84.264381] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 84.271668] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 84.278962] [ 84.280595] Allocated by task 5747: [ 84.284247] save_stack+0x43/0xd0 [ 84.287709] kasan_kmalloc+0xc7/0xe0 [ 84.291439] kasan_slab_alloc+0x12/0x20 [ 84.295442] kmem_cache_alloc_node+0x144/0x730 [ 84.300049] copy_process+0x2026/0x87a0 [ 84.304031] _do_fork+0x1cb/0x11d0 [ 84.307578] __ia32_compat_sys_x86_clone+0xbc/0x140 [ 84.312601] do_fast_syscall_32+0x34d/0xfb2 [ 84.316925] entry_SYSENTER_compat+0x70/0x7f [ 84.321357] [ 84.322983] Freed by task 16: [ 84.326113] save_stack+0x43/0xd0 [ 84.329574] __kasan_slab_free+0x102/0x150 [ 84.333814] kasan_slab_free+0xe/0x10 [ 84.337619] kmem_cache_free+0x83/0x290 [ 84.341604] free_task+0x16e/0x1f0 [ 84.345149] __put_task_struct+0x2e6/0x620 [ 84.349389] delayed_put_task_struct+0x2ff/0x4c0 [ 84.354153] rcu_process_callbacks+0x100a/0x1ac0 [ 84.358911] __do_softirq+0x308/0xb7e [ 84.362722] [ 84.364356] The buggy address belongs to the object at ffff8801d933a680 [ 84.364356] which belongs to the cache task_struct(81:syz2) of size 6080 [ 84.377897] The buggy address is located 1248 bytes inside of [ 84.377897] 6080-byte region [ffff8801d933a680, ffff8801d933be40) [ 84.389966] The buggy address belongs to the page: [ 84.394909] page:ffffea000764ce80 count:1 mapcount:0 mapping:ffff8801c14199c0 index:0x0 compound_mapcount: 0 [ 84.404901] flags: 0x2fffc0000010200(slab|head) [ 84.409590] raw: 02fffc0000010200 ffffea000707d708 ffffea0007640988 ffff8801c14199c0 [ 84.417488] raw: 0000000000000000 ffff8801d933a680 0000000100000001 ffff8801d5b1ab80 [ 84.425378] page dumped because: kasan: bad access detected [ 84.431084] page->mem_cgroup:ffff8801d5b1ab80 [ 84.435571] [ 84.437193] Memory state around the buggy address: [ 84.442125] ffff8801d933aa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.449503] ffff8801d933aa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.456880] >ffff8801d933ab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.464242] ^ [ 84.470742] ffff8801d933ab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.478112] ffff8801d933ac00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.485524] ================================================================== [ 84.492881] Disabling lock debugging due to kernel taint [ 84.498539] Kernel panic - not syncing: panic_on_warn set ... [ 84.504455] CPU: 1 PID: 7664 Comm: syz-executor2 Tainted: G B 4.20.0-rc1+ #231 [ 84.513128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 84.522477] Call Trace: [ 84.525070] dump_stack+0x244/0x39d [ 84.528704] ? dump_stack_print_info.cold.1+0x20/0x20 [ 84.533904] panic+0x2ad/0x55c [ 84.537105] ? add_taint.cold.5+0x16/0x16 [ 84.541260] ? trace_hardirqs_on+0xb4/0x310 [ 84.545592] kasan_end_report+0x47/0x4f [ 84.549568] kasan_report.cold.8+0x76/0x309 [ 84.553896] ? task_is_descendant.part.3+0x610/0x670 [ 84.559006] __asan_report_load8_noabort+0x14/0x20 [ 84.563949] task_is_descendant.part.3+0x610/0x670 [ 84.568888] ? yama_relation_cleanup+0x500/0x500 [ 84.573659] ? check_preemption_disabled+0x48/0x280 [ 84.578679] ? kasan_check_read+0x11/0x20 [ 84.582841] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 84.588118] ? rcu_softirq_qs+0x20/0x20 [ 84.592098] ? find_held_lock+0x36/0x1c0 [ 84.596180] yama_ptrace_access_check+0x215/0x10fc [ 84.601130] ? check_preemption_disabled+0x48/0x280 [ 84.606150] ? task_is_descendant.part.3+0x670/0x670 [ 84.611277] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 84.616223] ? kasan_check_read+0x11/0x20 [ 84.620385] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 84.625684] ? rcu_softirq_qs+0x20/0x20 [ 84.629674] ? cap_ptrace_access_check+0x2cc/0x6b0 [ 84.634607] ? __ptrace_may_access+0x4b0/0x980 [ 84.639193] ? cap_ptrace_traceme+0x6b0/0x6b0 [ 84.643693] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 84.648627] ? kasan_check_read+0x11/0x20 [ 84.652775] ? rcu_softirq_qs+0x20/0x20 [ 84.656757] security_ptrace_access_check+0x54/0xb0 [ 84.661779] __ptrace_may_access+0x5c8/0x980 [ 84.666216] ? ptrace_setsiginfo+0x1a0/0x1a0 [ 84.670641] ? rcu_softirq_qs+0x20/0x20 [ 84.674622] ptrace_attach+0x1fa/0x640 [ 84.678517] __ia32_compat_sys_ptrace+0x1d2/0x260 [ 84.683367] do_fast_syscall_32+0x34d/0xfb2 [ 84.687697] ? do_int80_syscall_32+0x890/0x890 [ 84.692286] ? entry_SYSENTER_compat+0x68/0x7f [ 84.696873] ? trace_hardirqs_off_caller+0xbb/0x310 [ 84.701907] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 84.706762] ? trace_hardirqs_on_caller+0x310/0x310 [ 84.711805] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 84.716829] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 84.723961] ? __switch_to_asm+0x40/0x70 [ 84.728028] ? __switch_to_asm+0x34/0x70 [ 84.732094] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 84.736958] entry_SYSENTER_compat+0x70/0x7f [ 84.741384] RIP: 0023:0xf7f21a29 [ 84.744767] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 84.763689] RSP: 002b:00000000f7f1d0cc EFLAGS: 00000296 ORIG_RAX: 000000000000001a [ 84.771426] RAX: ffffffffffffffda RBX: 0000000000004206 RCX: 0000000000000136 [ 84.778697] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 84.785963] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 84.793234] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 84.800516] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 84.808768] Kernel Offset: disabled [ 84.812412] Rebooting in 86400 seconds..