Warning: Permanently added '[localhost]:40284' (ECDSA) to the list of known hosts. 2019/03/25 04:36:29 parsed 1 programs 2019/03/25 04:36:29 executed programs: 0 [ 99.996378] IPVS: Creating netns size=2720 id=2 [ 99.997190] IPVS: ftp: loaded support on port[0] = 21 [ 100.019225] IPVS: Creating netns size=2720 id=3 [ 100.020020] IPVS: ftp: loaded support on port[0] = 21 [ 100.051867] IPVS: Creating netns size=2720 id=4 [ 100.052766] IPVS: ftp: loaded support on port[0] = 21 [ 100.081267] IPVS: Creating netns size=2720 id=5 [ 100.082019] IPVS: ftp: loaded support on port[0] = 21 [ 100.111449] IPVS: Creating netns size=2720 id=6 [ 100.112443] IPVS: ftp: loaded support on port[0] = 21 [ 100.151355] IPVS: Creating netns size=2720 id=7 [ 100.152175] IPVS: ftp: loaded support on port[0] = 21 [ 100.461564] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.467875] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.469554] device bridge_slave_0 entered promiscuous mode [ 100.473626] ip (5699) used greatest stack depth: 24312 bytes left [ 100.479789] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.481153] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.482508] device bridge_slave_1 entered promiscuous mode [ 100.534922] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.578656] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.594051] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.595026] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.597015] device bridge_slave_0 entered promiscuous mode [ 100.659257] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.660207] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.662094] device bridge_slave_1 entered promiscuous mode [ 100.665639] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.666647] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.668181] device bridge_slave_0 entered promiscuous mode [ 100.701570] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.717259] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.718255] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.719841] device bridge_slave_1 entered promiscuous mode [ 100.728836] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.731978] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.735107] device bridge_slave_0 entered promiscuous mode [ 100.766951] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 100.769997] ip (5763) used greatest stack depth: 23752 bytes left [ 100.775348] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.783589] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.797377] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 100.815515] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.816862] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.818702] device bridge_slave_1 entered promiscuous mode [ 100.820955] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.841069] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.842296] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.844186] device bridge_slave_0 entered promiscuous mode [ 100.854839] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.877579] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.878618] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.880265] device bridge_slave_0 entered promiscuous mode [ 100.886029] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 100.888237] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.898003] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.899854] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.902046] device bridge_slave_1 entered promiscuous mode [ 100.909731] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.910788] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.912487] device bridge_slave_1 entered promiscuous mode [ 100.915495] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 100.924872] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.949494] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 100.957336] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 100.961248] team0: Port device team_slave_0 added [ 100.970648] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.973839] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 100.976906] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.981223] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 100.984150] team0: Port device team_slave_1 added [ 101.011729] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 101.014517] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.037066] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.047606] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 101.048871] team0: Port device team_slave_0 added [ 101.052092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.060068] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 101.085292] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 101.089261] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 101.090858] team0: Port device team_slave_1 added [ 101.094245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.098026] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 101.101349] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 101.103329] team0: Port device team_slave_0 added [ 101.111345] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 101.124528] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 101.126145] team0: Port device team_slave_1 added [ 101.127467] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.133465] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 101.138483] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 101.145143] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.158461] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.170787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.184064] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.200339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.228056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.250034] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 101.253039] team0: Port device team_slave_0 added [ 101.255903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.263746] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 101.267039] team0: Port device team_slave_0 added [ 101.294121] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 101.295707] team0: Port device team_slave_1 added [ 101.299109] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 101.301144] team0: Port device team_slave_1 added [ 101.313215] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 101.316581] team0: Port device team_slave_0 added [ 101.321714] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.330081] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.346664] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 101.348074] team0: Port device team_slave_1 added [ 101.353069] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.358395] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.377930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.384408] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.387268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.406855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.414073] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.415817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.443543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.447240] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.448228] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.450044] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.451142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.481508] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.516785] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.517905] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.518976] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.520018] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.597601] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.598773] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.600081] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.601437] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.706802] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.708712] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.710660] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.712552] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.722580] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.723708] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.725081] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.726382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.831610] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.836330] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.837606] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.838743] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.661311] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.733095] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.783743] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.839396] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.888994] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.920072] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.948799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.957536] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.987117] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.989116] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.016742] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 103.027727] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.029607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.054103] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 103.084404] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 103.111765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.145565] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 103.157311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.169226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.208300] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.235402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.252242] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.266840] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.331091] 8021q: adding VLAN 0 to HW filter on device team0 2019/03/25 04:36:34 executed programs: 92 2019/03/25 04:36:39 executed programs: 446 2019/03/25 04:36:44 executed programs: 801 2019/03/25 04:36:49 executed programs: 1113 2019/03/25 04:36:54 executed programs: 1435 2019/03/25 04:36:59 executed programs: 1750 [ 131.829242] ================================================================== [ 131.833953] BUG: KASAN: use-after-free in trailing_symlink+0x768/0x780 at addr ffff88005d723540 [ 131.835412] Read of size 1 by task syz-executor0/14737 [ 131.836771] CPU: 1 PID: 14737 Comm: syz-executor0 Not tainted 4.9.0-rc3+ #1 [ 131.839068] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 131.841992] ffff88004c7afaa8 ffffffff82aa3bb6 ffff88006c000100 ffff88005d723540 [ 131.844721] ffff88005d723560 ffff88004c7afc88 ffff88004c7afad0 ffffffff8177725c [ 131.847118] ffff88004c7afb60 ffff88005d723540 ffff88004c7afca8 ffff88004c7afb50 [ 131.849537] Call Trace: [ 131.850341] [] dump_stack+0xe6/0x120 [ 131.852008] [] kasan_object_err+0x1c/0x70 [ 131.853883] [] kasan_report_error+0x1b0/0x480 [ 131.855794] [] ? current_time+0xa/0xd0 [ 131.857511] [] ? current_time+0x79/0xd0 [ 131.859206] [] __asan_report_load1_noabort+0x3e/0x40 [ 131.861250] [] ? trailing_symlink+0x768/0x780 [ 131.863101] [] trailing_symlink+0x768/0x780 [ 131.865224] [] path_lookupat+0x13c/0x410 [ 131.866942] [] filename_lookup+0x166/0x350 [ 131.868799] [] ? filename_parentat+0x3d0/0x3d0 [ 131.870542] [] ? trace_hardirqs_on_caller+0x44c/0x5e0 [ 131.872766] [] ? getname_flags+0xfd/0x500 [ 131.874618] [] user_path_at_empty+0x31/0x40 [ 131.876436] [] do_mount+0xfc/0x2a90 [ 131.878009] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 131.880074] [] ? copy_mount_string+0x20/0x20 [ 131.881903] [] ? retint_kernel+0x2d/0x2d [ 131.883601] [] ? copy_mount_options+0x149/0x2d0 [ 131.885533] [] SyS_mount+0x90/0xd0 [ 131.887091] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 131.889081] Object at ffff88005d723540, in cache kmalloc-32 size: 32 [ 131.891017] Allocated: [ 131.891774] PID = 14740 [ 131.892544] [ 131.893001] [] save_stack_trace+0x16/0x20 [ 131.894750] [ 131.895270] [] save_stack+0x46/0xd0 [ 131.896933] [ 131.897378] [] kasan_kmalloc+0xad/0xe0 [ 131.898700] [ 131.899042] [] __kmalloc_track_caller+0x185/0x760 [ 131.900447] [ 131.900910] [] kstrdup+0x2c/0x50 [ 131.902425] [ 131.902870] [] bpf_symlink+0x20/0x110 [ 131.904438] [ 131.904836] [] vfs_symlink+0x31e/0x520 [ 131.905939] [ 131.906366] [] SyS_symlink+0x165/0x1d0 [ 131.908056] [ 131.908548] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 131.909987] Freed: [ 131.910354] PID = 14741 [ 131.910781] [ 131.911046] [] save_stack_trace+0x16/0x20 [ 131.912057] [ 131.912321] [] save_stack+0x46/0xd0 [ 131.913809] [ 131.914228] [] kasan_slab_free+0x70/0xb0 [ 131.915846] [ 131.916273] [] kfree+0xcf/0x2c0 [ 131.917683] [ 131.918108] [] bpf_evict_inode+0xe8/0x120 [ 131.919486] [ 131.919749] [] evict+0x203/0x470 [ 131.920652] [ 131.920913] [] iput+0x56b/0x880 [ 131.921768] [ 131.922046] [] do_unlinkat+0x30b/0x640 [ 131.922994] [ 131.923335] [] SyS_unlink+0x11/0x20 [ 131.924230] [ 131.924531] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 131.925675] Memory state around the buggy address: [ 131.927005] ffff88005d723400: 00 01 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 131.929181] ffff88005d723480: 00 00 01 fc fc fc fc fc 00 00 01 fc fc fc fc fc [ 131.931428] >ffff88005d723500: 00 02 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 131.933015] ^ [ 131.934098] ffff88005d723580: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 131.935352] ffff88005d723600: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc [ 131.936659] ================================================================== [ 131.937899] Disabling lock debugging due to kernel taint [ 131.941762] ================================================================== [ 131.943075] BUG: KASAN: use-after-free in link_path_walk+0x1438/0x1760 at addr ffff88005d723540 [ 131.944730] Read of size 1 by task syz-executor0/14737 [ 131.946229] CPU: 1 PID: 14737 Comm: syz-executor0 Tainted: G B 4.9.0-rc3+ #1 [ 131.947622] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 131.949563] ffff88004c7afa00 ffffffff82aa3bb6 ffff88006c000100 ffff88005d723540 [ 131.951727] ffff88005d723560 ffff88004c7afc94 ffff88004c7afa28 ffffffff8177725c [ 131.953961] ffff88004c7afab8 ffff88005d723540 ffffed00098f5f92 ffff88004c7afaa8 [ 131.955952] Call Trace: [ 131.956513] [] dump_stack+0xe6/0x120 [ 131.957786] [] kasan_object_err+0x1c/0x70 [ 131.959372] [] kasan_report_error+0x1b0/0x480 [ 131.961007] [] ? preempt_schedule+0x4e/0x60 [ 131.962679] [] ? ___preempt_schedule+0x16/0x18 [ 131.964340] [] __asan_report_load1_noabort+0x3e/0x40 [ 131.965451] [] ? link_path_walk+0x1438/0x1760 [ 131.966499] [] link_path_walk+0x1438/0x1760 [ 131.967710] [] ? walk_component+0x1090/0x1090 [ 131.969501] [] ? __asan_report_load1_noabort+0x3e/0x40 [ 131.971612] [] ? trailing_symlink+0x768/0x780 [ 131.973575] [] ? trailing_symlink+0x768/0x780 [ 131.975419] [] path_lookupat+0x14f/0x410 [ 131.976267] [] filename_lookup+0x166/0x350 [ 131.977252] [] ? filename_parentat+0x3d0/0x3d0 [ 131.978696] [] ? trace_hardirqs_on_caller+0x44c/0x5e0 [ 131.980787] [] ? getname_flags+0xfd/0x500 [ 131.982521] [] user_path_at_empty+0x31/0x40 [ 131.984283] [] do_mount+0xfc/0x2a90 [ 131.985851] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 131.987787] [] ? copy_mount_string+0x20/0x20 [ 131.989584] [] ? retint_kernel+0x2d/0x2d [ 131.991282] [] ? copy_mount_options+0x149/0x2d0 [ 131.993174] [] SyS_mount+0x90/0xd0 [ 131.993996] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 131.995744] Object at ffff88005d723540, in cache kmalloc-32 size: 32 [ 131.997751] Allocated: [ 131.998484] PID = 14740 [ 131.999260] [ 131.999713] [] save_stack_trace+0x16/0x20 [ 132.001451] [ 132.001909] [] save_stack+0x46/0xd0 [ 132.003471] [ 132.003934] [] kasan_kmalloc+0xad/0xe0 [ 132.005661] [ 132.006110] [] __kmalloc_track_caller+0x185/0x760 [ 132.008067] [ 132.008539] [] kstrdup+0x2c/0x50 [ 132.010017] [ 132.010462] [] bpf_symlink+0x20/0x110 [ 132.012075] [ 132.013007] [] vfs_symlink+0x31e/0x520 [ 132.014653] [ 132.015107] [] SyS_symlink+0x165/0x1d0 [ 132.016801] [ 132.017262] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 132.019159] Freed: [ 132.019585] PID = 14741 [ 132.020035] [ 132.020282] [] save_stack_trace+0x16/0x20 [ 132.021360] [ 132.021597] [] save_stack+0x46/0xd0 [ 132.022710] [ 132.023107] [] kasan_slab_free+0x70/0xb0 [ 132.024143] [ 132.024458] [] kfree+0xcf/0x2c0 [ 132.025630] [ 132.025949] [] bpf_evict_inode+0xe8/0x120 [ 132.027181] [ 132.027619] [] evict+0x203/0x470 [ 132.028508] [ 132.028765] [] iput+0x56b/0x880 [ 132.029568] [ 132.029832] [] do_unlinkat+0x30b/0x640 [ 132.030792] [ 132.031058] [] SyS_unlink+0x11/0x20 [ 132.031982] [ 132.032322] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 132.033500] Memory state around the buggy address: [ 132.034438] ffff88005d723400: 00 01 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 132.035623] ffff88005d723480: 00 00 01 fc fc fc fc fc 00 00 01 fc fc fc fc fc [ 132.036801] >ffff88005d723500: 00 02 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 132.037952] ^ [ 132.038804] ffff88005d723580: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 132.039930] ffff88005d723600: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc [ 132.041539] ================================================================== [ 132.045025] ================================================================== [ 132.046517] BUG: KASAN: use-after-free in link_path_walk+0xf7d/0x1760 at addr ffff88005d723540 [ 132.047989] Read of size 1 by task syz-executor0/14737 [ 132.048888] CPU: 1 PID: 14737 Comm: syz-executor0 Tainted: G B 4.9.0-rc3+ #1 [ 132.050304] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 132.051710] ffff88004c7afa00 ffffffff82aa3bb6 ffff88006c000100 ffff88005d723540 [ 132.053087] ffff88005d723560 fefefefefefefeff ffff88004c7afa28 ffffffff8177725c [ 132.054453] ffff88004c7afab8 ffff88005d723540 ffff88004a4f8580 ffff88004c7afaa8 [ 132.055739] Call Trace: [ 132.056140] [] dump_stack+0xe6/0x120 [ 132.056972] [] kasan_object_err+0x1c/0x70 [ 132.057889] [] kasan_report_error+0x1b0/0x480 [ 132.058917] [] ? security_inode_permission+0x93/0xd0 [ 132.059951] [] __asan_report_load1_noabort+0x3e/0x40 [ 132.061014] [] ? link_path_walk+0xf7d/0x1760 [ 132.062439] [] link_path_walk+0xf7d/0x1760 [ 132.063955] [] ? walk_component+0x1090/0x1090 [ 132.065006] [] ? __asan_report_load1_noabort+0x3e/0x40 [ 132.066192] [] ? trailing_symlink+0x768/0x780 [ 132.067236] [] ? trailing_symlink+0x768/0x780 [ 132.068280] [] path_lookupat+0x14f/0x410 [ 132.069242] [] filename_lookup+0x166/0x350 [ 132.070375] [] ? filename_parentat+0x3d0/0x3d0 [ 132.071474] [] ? trace_hardirqs_on_caller+0x44c/0x5e0 [ 132.072606] [] ? getname_flags+0xfd/0x500 [ 132.073487] [] user_path_at_empty+0x31/0x40 [ 132.074405] [] do_mount+0xfc/0x2a90 [ 132.075220] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 132.076239] [] ? copy_mount_string+0x20/0x20 [ 132.077183] [] ? retint_kernel+0x2d/0x2d [ 132.078058] [] ? copy_mount_options+0x149/0x2d0 [ 132.079018] [] SyS_mount+0x90/0xd0 [ 132.079825] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 132.081015] Object at ffff88005d723540, in cache kmalloc-32 size: 32 [ 132.082262] Allocated: [ 132.082716] PID = 14740 [ 132.083158] [ 132.083403] [] save_stack_trace+0x16/0x20 [ 132.084393] [ 132.084655] [] save_stack+0x46/0xd0 [ 132.085576] [ 132.085867] [] kasan_kmalloc+0xad/0xe0 [ 132.087044] [ 132.087326] [] __kmalloc_track_caller+0x185/0x760 [ 132.088630] [ 132.088873] [] kstrdup+0x2c/0x50 [ 132.089669] [ 132.089909] [] bpf_symlink+0x20/0x110 [ 132.090857] [ 132.091120] [] vfs_symlink+0x31e/0x520 [ 132.092062] [ 132.092354] [] SyS_symlink+0x165/0x1d0 [ 132.093211] [ 132.093447] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 132.094539] Freed: [ 132.094914] PID = 14741 [ 132.095409] [ 132.095671] [] save_stack_trace+0x16/0x20 [ 132.096717] [ 132.096982] [] save_stack+0x46/0xd0 [ 132.097973] [ 132.098398] [] kasan_slab_free+0x70/0xb0 [ 132.100116] [ 132.100558] [] kfree+0xcf/0x2c0 [ 132.101515] [ 132.101788] [] bpf_evict_inode+0xe8/0x120 [ 132.102785] [ 132.103057] [] evict+0x203/0x470 [ 132.104233] [ 132.104502] [] iput+0x56b/0x880 [ 132.105402] [ 132.105771] [] do_unlinkat+0x30b/0x640 [ 132.106930] [ 132.107200] [] SyS_unlink+0x11/0x20 [ 132.108402] [ 132.108675] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 132.109998] Memory state around the buggy address: [ 132.110806] ffff88005d723400: 00 01 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 132.112900] ffff88005d723480: 00 00 01 fc fc fc fc fc 00 00 01 fc fc fc fc fc [ 132.114965] >ffff88005d723500: 00 02 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 132.116649] ^ [ 132.117643] ffff88005d723580: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 132.118933] ffff88005d723600: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc [ 132.120193] ================================================================== [ 132.140415] ================================================================== [ 132.142738] BUG: KASAN: use-after-free in link_path_walk+0x1339/0x1760 at addr ffff88005d723544 [ 132.146479] Read of size 1 by task syz-executor0/14737 [ 132.148199] CPU: 1 PID: 14737 Comm: syz-executor0 Tainted: G B 4.9.0-rc3+ #1 [ 132.150884] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 132.153607] ffff88004c7afa00 ffffffff82aa3bb6 ffff88006c000100 ffff88005d723540 [ 132.156076] ffff88005d723560 fefefefefefefeff ffff88004c7afa28 ffffffff8177725c [ 132.158543] ffff88004c7afab8 ffff88005d723544 0000000000000000 ffff88004c7afaa8 [ 132.161093] Call Trace: [ 132.161759] [] dump_stack+0xe6/0x120 [ 132.162742] [] kasan_object_err+0x1c/0x70 [ 132.163778] [] kasan_report_error+0x1b0/0x480 [ 132.164984] [] __asan_report_load1_noabort+0x3e/0x40 [ 132.166340] [] ? link_path_walk+0x1339/0x1760 [ 132.167398] [] link_path_walk+0x1339/0x1760 [ 132.168787] [] ? walk_component+0x1090/0x1090 [ 132.169817] [] ? __asan_report_load1_noabort+0x3e/0x40 [ 132.170907] [] ? trailing_symlink+0x768/0x780 [ 132.171816] [] ? trailing_symlink+0x768/0x780 [ 132.172731] [] path_lookupat+0x14f/0x410 [ 132.173635] [] filename_lookup+0x166/0x350 [ 132.174564] [] ? filename_parentat+0x3d0/0x3d0 [ 132.175568] [] ? trace_hardirqs_on_caller+0x44c/0x5e0 [ 132.176773] [] ? getname_flags+0xfd/0x500 [ 132.177730] [] user_path_at_empty+0x31/0x40 [ 132.197340] [] do_mount+0xfc/0x2a90 [ 132.198991] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 132.200072] [] ? copy_mount_string+0x20/0x20 [ 132.201171] [] ? retint_kernel+0x2d/0x2d [ 132.202583] [] ? copy_mount_options+0x149/0x2d0 [ 132.204370] [] SyS_mount+0x90/0xd0 [ 132.205426] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 132.206607] Object at ffff88005d723540, in cache kmalloc-32 size: 32 [ 132.207950] Allocated: [ 132.208378] PID = 14740 [ 132.208817] [ 132.209083] [] save_stack_trace+0x16/0x20 [ 132.210076] [ 132.210346] [] save_stack+0x46/0xd0 [ 132.211277] [ 132.211537] [] kasan_kmalloc+0xad/0xe0 [ 132.219250] [ 132.219527] [] __kmalloc_track_caller+0x185/0x760 [ 132.220663] [ 132.220923] [] kstrdup+0x2c/0x50 [ 132.221790] [ 132.222054] [] bpf_symlink+0x20/0x110 [ 132.222980] [ 132.223245] [] vfs_symlink+0x31e/0x520 [ 132.224192] [ 132.224457] [] SyS_symlink+0x165/0x1d0 [ 132.225401] [ 132.225661] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 132.226767] Freed: [ 132.227128] PID = 14741 [ 132.227553] [ 132.227794] [] save_stack_trace+0x16/0x20 [ 132.228821] [ 132.229095] [] save_stack+0x46/0xd0 [ 132.230022] [ 132.230277] [] kasan_slab_free+0x70/0xb0 [ 132.231213] [ 132.231462] [] kfree+0xcf/0x2c0 [ 132.232268] [ 132.244875] [] bpf_evict_inode+0xe8/0x120 [ 132.252779] [ 132.253014] [] evict+0x203/0x470 [ 132.253755] [ 132.253988] [] iput+0x56b/0x880 [ 132.254724] [ 132.254994] [] do_unlinkat+0x30b/0x640 [ 132.255745] [ 132.255997] [] SyS_unlink+0x11/0x20 [ 132.256830] [ 132.257069] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 132.257852] Memory state around the buggy address: [ 132.258526] ffff88005d723400: 00 01 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 132.259557] ffff88005d723480: 00 00 01 fc fc fc fc fc 00 00 01 fc fc fc fc fc [ 132.260561] >ffff88005d723500: 00 02 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 132.261680] ^ [ 132.262549] ffff88005d723580: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 132.263776] ffff88005d723600: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc [ 132.265028] ================================================================== [ 132.269329] ================================================================== [ 132.270650] BUG: KASAN: use-after-free in path_lookupat+0x3b4/0x410 at addr ffff88005d723544 [ 132.272095] Read of size 1 by task syz-executor0/14737 [ 132.273224] CPU: 1 PID: 14737 Comm: syz-executor0 Tainted: G B 4.9.0-rc3+ #1 [ 132.274981] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 132.276557] ffff88004c7afae8 ffffffff82aa3bb6 ffff88006c000100 ffff88005d723540 [ 132.277959] ffff88005d723560 ffff88004c7afc94 ffff88004c7afb10 ffffffff8177725c [ 132.279422] ffff88004c7afba0 ffff88005d723544 ffffed00098f5f92 ffff88004c7afb90 [ 132.280938] Call Trace: [ 132.281457] [] dump_stack+0xe6/0x120 [ 132.283156] [] kasan_object_err+0x1c/0x70 [ 132.284850] [] kasan_report_error+0x1b0/0x480 [ 132.286402] [] ? walk_component+0x1090/0x1090 [ 132.287625] [] ? __asan_report_load1_noabort+0x3e/0x40 [ 132.288826] [] __asan_report_load1_noabort+0x3e/0x40 [ 132.289983] [] ? path_lookupat+0x3b4/0x410 [ 132.290892] [] path_lookupat+0x3b4/0x410 [ 132.291763] [] filename_lookup+0x166/0x350 [ 132.292854] [] ? filename_parentat+0x3d0/0x3d0 [ 132.294722] [] ? trace_hardirqs_on_caller+0x44c/0x5e0 [ 132.296716] [] ? getname_flags+0xfd/0x500 [ 132.298396] [] user_path_at_empty+0x31/0x40 [ 132.299535] [] do_mount+0xfc/0x2a90 [ 132.300628] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 132.302390] [] ? copy_mount_string+0x20/0x20 [ 132.304088] [] ? retint_kernel+0x2d/0x2d [ 132.305358] [] ? copy_mount_options+0x149/0x2d0 [ 132.306452] [] SyS_mount+0x90/0xd0 [ 132.307329] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 132.308495] Object at ffff88005d723540, in cache kmalloc-32 size: 32 [ 132.309569] Allocated: [ 132.310004] PID = 14740 [ 132.310421] [ 132.310670] [] save_stack_trace+0x16/0x20 [ 132.311733] [ 132.311998] [] save_stack+0x46/0xd0 [ 132.312949] [ 132.313212] [] kasan_kmalloc+0xad/0xe0 [ 132.314751] [ 132.315184] [] __kmalloc_track_caller+0x185/0x760 [ 132.317060] [ 132.317523] [] kstrdup+0x2c/0x50 [ 132.318994] [ 132.319431] [] bpf_symlink+0x20/0x110 [ 132.320511] [ 132.320862] [] vfs_symlink+0x31e/0x520 [ 132.321816] [ 132.322101] [] SyS_symlink+0x165/0x1d0 [ 132.323104] [ 132.323368] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 132.324602] Freed: [ 132.324962] PID = 14741 [ 132.325399] [ 132.325664] [] save_stack_trace+0x16/0x20 [ 132.326687] [ 132.326951] [] save_stack+0x46/0xd0 [ 132.327854] [ 132.328111] [] kasan_slab_free+0x70/0xb0 [ 132.329146] [ 132.329387] [] kfree+0xcf/0x2c0 [ 132.330158] [ 132.330396] [] bpf_evict_inode+0xe8/0x120 [ 132.331299] [ 132.331564] [] evict+0x203/0x470 [ 132.332488] [ 132.332751] [] iput+0x56b/0x880 [ 132.333603] [ 132.333867] [] do_unlinkat+0x30b/0x640 [ 132.334791] [ 132.335064] [] SyS_unlink+0x11/0x20 [ 132.335957] [ 132.336219] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 132.337347] Memory state around the buggy address: [ 132.338165] ffff88005d723400: 00 01 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 132.339385] ffff88005d723480: 00 00 01 fc fc fc fc fc 00 00 01 fc fc fc fc fc [ 132.340610] >ffff88005d723500: 00 02 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 132.341823] ^ [ 132.342731] ffff88005d723580: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 132.343888] ffff88005d723600: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc [ 132.345034] ================================================================== [ 136.090613] device bridge_slave_1 left promiscuous mode [ 136.094682] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.160857] device bridge_slave_0 left promiscuous mode [ 136.161728] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.251580] team0 (unregistering): Port device team_slave_1 removed [ 136.254753] team0 (unregistering): Port device team_slave_0 removed [ 136.257108] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 136.303305] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 136.367396] bond0 (unregistering): Released all slaves