Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 32.510563] kauditd_printk_skb: 9 callbacks suppressed [ 32.510576] audit: type=1800 audit(1538354565.641:33): pid=5344 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 32.546472] audit: type=1800 audit(1538354565.641:34): pid=5344 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.675231] audit: type=1400 audit(1538354570.801:35): avc: denied { map } for pid=5518 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.115' (ECDSA) to the list of known hosts. [ 44.287517] audit: type=1400 audit(1538354577.411:36): avc: denied { map } for pid=5532 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/10/01 00:42:57 parsed 1 programs [ 44.829129] audit: type=1400 audit(1538354577.951:37): avc: denied { map } for pid=5532 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14760 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2018/10/01 00:42:59 executed programs: 0 [ 46.652882] IPVS: ftp: loaded support on port[0] = 21 [ 46.657498] IPVS: ftp: loaded support on port[0] = 21 [ 46.664630] IPVS: ftp: loaded support on port[0] = 21 [ 46.675865] IPVS: ftp: loaded support on port[0] = 21 [ 46.676914] IPVS: ftp: loaded support on port[0] = 21 [ 46.715388] IPVS: ftp: loaded support on port[0] = 21 [ 47.474353] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.486979] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.498600] device bridge_slave_0 entered promiscuous mode [ 47.523428] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.531719] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.539436] device bridge_slave_0 entered promiscuous mode [ 47.573754] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.587467] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.594826] device bridge_slave_1 entered promiscuous mode [ 47.603132] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.609662] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.616626] device bridge_slave_0 entered promiscuous mode [ 47.623463] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.630390] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.637433] device bridge_slave_1 entered promiscuous mode [ 47.645320] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.652122] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.659422] device bridge_slave_0 entered promiscuous mode [ 47.675750] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.687675] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.700396] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.707387] device bridge_slave_1 entered promiscuous mode [ 47.714683] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.727270] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.734885] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.742330] device bridge_slave_0 entered promiscuous mode [ 47.751478] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.757841] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.764901] device bridge_slave_1 entered promiscuous mode [ 47.777879] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.787743] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.798277] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.807684] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.815358] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.826985] device bridge_slave_1 entered promiscuous mode [ 47.838173] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.846889] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.854715] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.862395] device bridge_slave_0 entered promiscuous mode [ 47.878809] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.899117] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.907373] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.925943] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.933103] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.940142] device bridge_slave_1 entered promiscuous mode [ 47.966347] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 48.004143] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.014974] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.024244] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 48.051466] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.074146] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 48.088036] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.100479] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.109855] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.128791] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.145153] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.196694] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.265202] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.277214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.290855] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.299697] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.317992] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.330494] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.371003] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.386511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.404202] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.425835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.458621] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.478368] team0: Port device team_slave_0 added [ 48.486036] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.501323] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.510314] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.517686] team0: Port device team_slave_0 added [ 48.538841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.573289] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.595808] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.612580] team0: Port device team_slave_1 added [ 48.618020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.627594] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.640388] team0: Port device team_slave_1 added [ 48.657552] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.670575] team0: Port device team_slave_0 added [ 48.676986] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.689492] team0: Port device team_slave_0 added [ 48.696903] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 48.724320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 48.739206] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.772343] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.783897] team0: Port device team_slave_1 added [ 48.792402] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.801843] team0: Port device team_slave_0 added [ 48.808858] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.819386] team0: Port device team_slave_1 added [ 48.826023] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.836438] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.860617] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.867814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.877216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.902303] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.916295] team0: Port device team_slave_1 added [ 48.933263] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.944837] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.957051] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.967747] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.977924] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.996684] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.005579] team0: Port device team_slave_0 added [ 49.011721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.020352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.029921] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.038747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.053084] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.082098] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.095470] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.115149] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.124328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.133398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.153848] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.161746] team0: Port device team_slave_1 added [ 49.167222] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.177518] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.189642] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.197624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.211918] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.227803] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.240175] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.258799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.268155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.277000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.287091] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 49.298858] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.311714] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.324033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 49.340495] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.348208] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.363667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.372199] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.380481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.411418] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.420226] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 49.429360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.437370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.457633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 49.470954] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.506455] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.534031] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.550422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.562995] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.584214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.592840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.024461] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.031090] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.038000] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.044434] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.056574] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.173239] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.179680] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.186332] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.192754] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.211457] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.220065] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.226443] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.233201] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.239615] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.248930] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.261264] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.267638] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.274372] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.280747] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.291237] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.309237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.320321] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.328616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.337684] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.356798] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.363231] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.370054] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.376440] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.387264] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.524414] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.530921] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.537577] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.544052] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.563302] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.372522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.381704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.038909] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.145959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.253903] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.309356] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.327079] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.374170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.389844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.420658] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.490602] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.583940] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.639443] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.646901] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.661431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.685180] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.704288] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.720054] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.727221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.750530] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.762465] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.777513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.785142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.927507] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.969770] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.977066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.992051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.006306] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.025870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.042779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.058722] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.073396] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.090626] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.114296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.122792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.289493] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.319485] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.396613] 8021q: adding VLAN 0 to HW filter on device team0 2018/10/01 00:43:09 executed programs: 6 2018/10/01 00:43:14 executed programs: 36 2018/10/01 00:43:20 executed programs: 66 2018/10/01 00:43:25 executed programs: 96 2018/10/01 00:43:30 executed programs: 126 2018/10/01 00:43:35 executed programs: 156 2018/10/01 00:43:40 executed programs: 186 2018/10/01 00:43:46 executed programs: 216 [ 97.270147] ================================================================== [ 97.277609] BUG: KASAN: use-after-free in fuse_dev_do_read.isra.27+0x1659/0x1920 [ 97.285157] Read of size 8 at addr ffff8801be46ca30 by task syz-executor4/9576 [ 97.292503] [ 97.294164] CPU: 0 PID: 9576 Comm: syz-executor4 Not tainted 4.19.0-rc6+ #41 [ 97.301345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.310694] Call Trace: [ 97.313272] dump_stack+0x1c4/0x2b4 [ 97.316905] ? dump_stack_print_info.cold.2+0x52/0x52 [ 97.322101] ? printk+0xa7/0xcf [ 97.325374] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 97.330127] print_address_description.cold.8+0x9/0x1ff [ 97.335503] kasan_report.cold.9+0x242/0x309 [ 97.339901] ? fuse_dev_do_read.isra.27+0x1659/0x1920 [ 97.345102] __asan_report_load8_noabort+0x14/0x20 [ 97.350040] fuse_dev_do_read.isra.27+0x1659/0x1920 [ 97.355087] ? fuse_dev_release+0x780/0x780 [ 97.359412] ? print_usage_bug+0xc0/0xc0 [ 97.363468] ? print_usage_bug+0xc0/0xc0 [ 97.367522] ? futex_wait_setup+0x3e0/0x3e0 [ 97.371854] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 97.377093] ? drop_futex_key_refs.isra.15+0x6d/0xe0 [ 97.382204] ? futex_wake+0x304/0x760 [ 97.386006] ? mark_held_locks+0x130/0x130 [ 97.390250] ? __lock_acquire+0x7ec/0x4ec0 [ 97.394511] ? find_held_lock+0x36/0x1c0 [ 97.398584] ? __fget+0x4aa/0x740 [ 97.402033] ? check_preemption_disabled+0x48/0x200 [ 97.407081] ? kasan_check_read+0x11/0x20 [ 97.411239] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 97.416508] ? rcu_bh_qs+0xc0/0xc0 [ 97.420051] ? memset+0x31/0x40 [ 97.423329] fuse_dev_read+0x1a9/0x250 [ 97.427217] ? fuse_dev_splice_read+0x840/0x840 [ 97.431897] ? __save_stack_trace+0x8d/0xf0 [ 97.436226] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 97.441786] ? iov_iter_init+0xc2/0x1e0 [ 97.445756] __vfs_read+0x6ac/0x9b0 [ 97.449381] ? vfs_copy_file_range+0xb90/0xb90 [ 97.453964] ? __might_sleep+0x95/0x190 [ 97.457929] ? fsnotify+0x12f0/0x12f0 [ 97.461720] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 97.467297] ? rw_verify_area+0x118/0x360 [ 97.471455] vfs_read+0x17f/0x3c0 [ 97.474902] ksys_read+0x101/0x260 [ 97.478432] ? kernel_write+0x120/0x120 [ 97.482431] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 97.487873] __x64_sys_read+0x73/0xb0 [ 97.491691] do_syscall_64+0x1b9/0x820 [ 97.495598] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 97.500963] ? syscall_return_slowpath+0x5e0/0x5e0 [ 97.505903] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 97.510747] ? trace_hardirqs_on_caller+0x310/0x310 [ 97.515756] ? prepare_exit_to_usermode+0x291/0x3b0 [ 97.520800] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 97.525673] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.530873] RIP: 0033:0x457579 [ 97.534093] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 97.552990] RSP: 002b:00007f815b06bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 97.560704] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 97.567961] RDX: 0000000000001000 RSI: 00000000200030c0 RDI: 0000000000000006 [ 97.575218] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 97.582499] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f815b06c6d4 [ 97.589800] R13: 00000000004c31b7 R14: 00000000004d4c98 R15: 00000000ffffffff [ 97.597083] [ 97.598698] Allocated by task 9576: [ 97.602321] save_stack+0x43/0xd0 [ 97.605762] kasan_kmalloc+0xc7/0xe0 [ 97.609465] kasan_slab_alloc+0x12/0x20 [ 97.613466] kmem_cache_alloc+0x12e/0x730 [ 97.617609] __fuse_request_alloc+0x27/0xf0 [ 97.621918] fuse_request_alloc+0x18/0x20 [ 97.626063] fuse_fill_super+0x12bf/0x1ea0 [ 97.630300] mount_nodev+0x6b/0x110 [ 97.633926] fuse_mount+0x2c/0x40 [ 97.637384] mount_fs+0xae/0x31d [ 97.640749] vfs_kern_mount.part.35+0xdc/0x4f0 [ 97.645343] do_mount+0x581/0x31f0 [ 97.648868] ksys_mount+0x12d/0x140 [ 97.652501] __x64_sys_mount+0xbe/0x150 [ 97.656478] do_syscall_64+0x1b9/0x820 [ 97.660381] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.665552] [ 97.667169] Freed by task 9624: [ 97.670436] save_stack+0x43/0xd0 [ 97.673890] __kasan_slab_free+0x102/0x150 [ 97.678123] kasan_slab_free+0xe/0x10 [ 97.681927] kmem_cache_free+0x83/0x290 [ 97.685889] fuse_request_free+0x8b/0xa0 [ 97.689936] fuse_put_request+0x2a6/0x350 [ 97.694101] request_end+0xba/0xaa0 [ 97.697729] fuse_dev_do_write+0x192e/0x36e0 [ 97.702138] fuse_dev_write+0x19a/0x240 [ 97.706108] __vfs_write+0x6b8/0x9f0 [ 97.709812] vfs_write+0x1fc/0x560 [ 97.713350] ksys_write+0x101/0x260 [ 97.716980] __x64_sys_write+0x73/0xb0 [ 97.720856] do_syscall_64+0x1b9/0x820 [ 97.724742] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.729932] [ 97.731548] The buggy address belongs to the object at ffff8801be46ca00 [ 97.731548] which belongs to the cache fuse_request of size 448 [ 97.744288] The buggy address is located 48 bytes inside of [ 97.744288] 448-byte region [ffff8801be46ca00, ffff8801be46cbc0) [ 97.756081] The buggy address belongs to the page: [ 97.760998] page:ffffea0006f91b00 count:1 mapcount:0 mapping:ffff8801d487c180 index:0x0 [ 97.769145] flags: 0x2fffc0000000100(slab) [ 97.773383] raw: 02fffc0000000100 ffffea0006d79f48 ffffea000745e448 ffff8801d487c180 [ 97.781249] raw: 0000000000000000 ffff8801be46c000 0000000100000008 0000000000000000 [ 97.789121] page dumped because: kasan: bad access detected [ 97.794822] [ 97.796438] Memory state around the buggy address: [ 97.801352] ffff8801be46c900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 97.808695] ffff8801be46c980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 97.816060] >ffff8801be46ca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 97.823417] ^ [ 97.828352] ffff8801be46ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 97.835730] ffff8801be46cb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 97.843083] ================================================================== [ 97.850426] Disabling lock debugging due to kernel taint [ 97.864570] Kernel panic - not syncing: panic_on_warn set ... [ 97.864570] [ 97.871977] CPU: 0 PID: 9576 Comm: syz-executor4 Tainted: G B 4.19.0-rc6+ #41 [ 97.880577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.887793] kobject: '0:49' (000000007508ae0a): kobject_uevent_env [ 97.889942] Call Trace: [ 97.889965] dump_stack+0x1c4/0x2b4 [ 97.889983] ? dump_stack_print_info.cold.2+0x52/0x52 [ 97.890006] panic+0x238/0x4e7 [ 97.896403] kobject: '0:49' (000000007508ae0a): fill_kobj_path: path = '/devices/virtual/bdi/0:49' [ 97.898896] ? add_taint.cold.5+0x16/0x16 [ 97.898913] ? preempt_schedule+0x4d/0x60 [ 97.898933] ? ___preempt_schedule+0x16/0x18 [ 97.904715] kobject: '0:49' (000000007508ae0a): kobject_cleanup, parent (null) [ 97.907728] ? trace_hardirqs_on+0xb4/0x310 [ 97.907746] kasan_end_report+0x47/0x4f [ 97.907762] kasan_report.cold.9+0x76/0x309 [ 97.911991] kobject: '0:49' (000000007508ae0a): calling ktype release [ 97.920037] ? fuse_dev_do_read.isra.27+0x1659/0x1920 [ 97.920066] __asan_report_load8_noabort+0x14/0x20 [ 97.920089] fuse_dev_do_read.isra.27+0x1659/0x1920 [ 97.920108] ? fuse_dev_release+0x780/0x780 [ 97.924400] kobject: '0:49': free name [ 97.928408] ? print_usage_bug+0xc0/0xc0 [ 97.928423] ? print_usage_bug+0xc0/0xc0 [ 97.928443] ? futex_wait_setup+0x3e0/0x3e0 [ 97.995903] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 98.001089] ? drop_futex_key_refs.isra.15+0x6d/0xe0 [ 98.006196] ? futex_wake+0x304/0x760 [ 98.009984] ? mark_held_locks+0x130/0x130 [ 98.014216] ? __lock_acquire+0x7ec/0x4ec0 [ 98.018483] ? find_held_lock+0x36/0x1c0 [ 98.022545] ? __fget+0x4aa/0x740 [ 98.025999] ? check_preemption_disabled+0x48/0x200 [ 98.031035] ? kasan_check_read+0x11/0x20 [ 98.035210] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 98.040473] ? rcu_bh_qs+0xc0/0xc0 [ 98.044058] ? memset+0x31/0x40 [ 98.047336] fuse_dev_read+0x1a9/0x250 [ 98.051212] ? fuse_dev_splice_read+0x840/0x840 [ 98.055870] ? __save_stack_trace+0x8d/0xf0 [ 98.060186] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 98.065724] ? iov_iter_init+0xc2/0x1e0 [ 98.069686] __vfs_read+0x6ac/0x9b0 [ 98.073303] ? vfs_copy_file_range+0xb90/0xb90 [ 98.077876] ? __might_sleep+0x95/0x190 [ 98.081878] ? fsnotify+0x12f0/0x12f0 [ 98.085664] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 98.091193] ? rw_verify_area+0x118/0x360 [ 98.095327] vfs_read+0x17f/0x3c0 [ 98.098770] ksys_read+0x101/0x260 [ 98.102299] ? kernel_write+0x120/0x120 [ 98.106261] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 98.111968] __x64_sys_read+0x73/0xb0 [ 98.115759] do_syscall_64+0x1b9/0x820 [ 98.119647] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 98.124999] ? syscall_return_slowpath+0x5e0/0x5e0 [ 98.129948] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 98.134779] ? trace_hardirqs_on_caller+0x310/0x310 [ 98.139794] ? prepare_exit_to_usermode+0x291/0x3b0 [ 98.144809] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 98.149687] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.154874] RIP: 0033:0x457579 [ 98.158059] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 98.176958] RSP: 002b:00007f815b06bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 98.184655] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 98.191910] RDX: 0000000000001000 RSI: 00000000200030c0 RDI: 0000000000000006 [ 98.199171] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 98.206467] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f815b06c6d4 [ 98.213732] R13: 00000000004c31b7 R14: 00000000004d4c98 R15: 00000000ffffffff [ 98.222024] Kernel Offset: disabled [ 98.225657] Rebooting in 86400 seconds..