[ 40.614470] audit: type=1800 audit(1546110975.351:26): pid=7888 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 40.647948] audit: type=1800 audit(1546110975.351:27): pid=7888 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 51.971894] IPVS: ftp: loaded support on port[0] = 21 [ 83.197346] can: request_module (can-proto-0) failed. [ 83.208025] can: request_module (can-proto-0) failed. Warning: Permanently added '10.128.0.101' (ECDSA) to the list of known hosts. 2018/12/29 19:17:07 parsed 1 programs 2018/12/29 19:17:08 executed programs: 0 [ 94.345548] IPVS: ftp: loaded support on port[0] = 21 [ 94.443932] IPVS: ftp: loaded support on port[0] = 21 [ 94.458929] IPVS: ftp: loaded support on port[0] = 21 [ 94.481007] IPVS: ftp: loaded support on port[0] = 21 [ 94.552179] IPVS: ftp: loaded support on port[0] = 21 [ 94.553592] IPVS: ftp: loaded support on port[0] = 21 [ 95.709641] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.717297] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.725448] device bridge_slave_0 entered promiscuous mode [ 95.824331] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.831207] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.838840] device bridge_slave_1 entered promiscuous mode [ 95.878533] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.884901] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.904940] device bridge_slave_0 entered promiscuous mode [ 95.935604] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 95.959301] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.965657] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.987902] device bridge_slave_0 entered promiscuous mode [ 96.001498] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.007945] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.016070] device bridge_slave_1 entered promiscuous mode [ 96.024626] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.032710] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.040644] device bridge_slave_0 entered promiscuous mode [ 96.051622] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.057971] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.065666] device bridge_slave_0 entered promiscuous mode [ 96.074896] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.090811] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 96.098079] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.105171] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.118963] device bridge_slave_0 entered promiscuous mode [ 96.125952] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.135143] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.143114] device bridge_slave_1 entered promiscuous mode [ 96.163723] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.170974] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.179422] device bridge_slave_1 entered promiscuous mode [ 96.189040] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.197996] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 96.209758] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.216131] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.239653] device bridge_slave_1 entered promiscuous mode [ 96.247761] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.255401] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.263144] device bridge_slave_1 entered promiscuous mode [ 96.272283] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 96.293723] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.318012] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.339028] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 96.349870] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 96.396940] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.418807] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.443040] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.454409] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.532683] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.559950] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.570856] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.598579] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.620863] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 96.629093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 96.651820] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.674298] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.691067] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.707006] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 96.721430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 96.743117] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.760989] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 96.786385] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.807515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 96.872183] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 97.034158] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.060049] team0: Port device team_slave_0 added [ 97.086567] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.094138] team0: Port device team_slave_0 added [ 97.104647] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.113218] team0: Port device team_slave_0 added [ 97.119454] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.126872] team0: Port device team_slave_0 added [ 97.153463] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.168253] team0: Port device team_slave_1 added [ 97.182164] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.199831] team0: Port device team_slave_1 added [ 97.205250] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.215194] team0: Port device team_slave_1 added [ 97.224020] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.235132] team0: Port device team_slave_1 added [ 97.248535] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.255975] team0: Port device team_slave_0 added [ 97.272872] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.289097] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.305542] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.312859] team0: Port device team_slave_0 added [ 97.330643] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.341799] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.367357] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.375933] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 97.383807] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.391398] team0: Port device team_slave_1 added [ 97.404321] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.414910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 97.436255] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.444520] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.452720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.462339] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 97.472526] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.483965] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.494558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 97.507259] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.521267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.529155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.536834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.544882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.555473] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 97.562943] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 97.573379] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.587921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 97.597965] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.606175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 97.614957] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.622882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.630829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.639088] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.646456] team0: Port device team_slave_1 added [ 97.652259] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.662582] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.675193] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 97.688700] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.698986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.720061] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.729139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.736839] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 97.745009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.756613] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 97.765787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 97.780646] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.792052] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.800377] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.811100] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.821317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.837516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.854516] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.862829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.870763] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.878826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.889513] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 97.908195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 97.924947] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.949374] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.962567] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.999211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 98.029315] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 98.040009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 98.049454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 98.092400] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 98.119090] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 98.127047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 98.557002] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.563558] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.570609] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.576979] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.587296] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.664942] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.671381] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.678044] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.684464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.692741] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.718233] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.724711] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.731477] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.737860] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.756232] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.787712] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.794192] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.800952] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.807345] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.830316] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.848084] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.854551] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.861308] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.867695] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.875975] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.933972] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.940444] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.947128] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.953597] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.967680] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 99.458722] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.466387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.504439] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.511679] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.519006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.526122] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 101.567553] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.742343] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.759516] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.768989] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.857270] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 101.867766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.889213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.007280] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.028700] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.075690] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.114887] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.128008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.138819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.163588] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.175438] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.316361] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.334055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.353701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.370509] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.378000] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.394816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.408070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.428211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.443142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.455444] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.474732] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.495184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.506771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.538684] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.556603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.569497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.629697] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.685695] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.746744] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.757122] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.864043] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.403086] ================================================================== [ 104.410701] BUG: KASAN: use-after-free in ax25_fillin_cb+0x6d5/0x810 [ 104.417225] Read of size 4 at addr ffff8881ccbc3a38 by task syz-executor1/9733 [ 104.424575] [ 104.426206] CPU: 1 PID: 9733 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 104.432959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 104.442314] Call Trace: [ 104.444914] dump_stack+0x1d3/0x2c6 [ 104.448555] ? dump_stack_print_info.cold.1+0x20/0x20 [ 104.453779] ? printk+0xa7/0xcf [ 104.457070] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 104.461835] print_address_description.cold.8+0x9/0x1ff [ 104.467186] kasan_report.cold.9+0x242/0x309 [ 104.471580] ? ax25_fillin_cb+0x6d5/0x810 [ 104.475736] __asan_report_load4_noabort+0x14/0x20 [ 104.480663] ax25_fillin_cb+0x6d5/0x810 [ 104.484632] ax25_setsockopt+0x92f/0xa10 [ 104.488691] ? ax25_fillin_cb+0x810/0x810 [ 104.492826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.498358] ? security_socket_setsockopt+0x94/0xc0 [ 104.503370] __sys_setsockopt+0x1ba/0x3c0 [ 104.507504] ? kernel_accept+0x310/0x310 [ 104.511551] ? lockdep_hardirqs_on+0x421/0x5c0 [ 104.516116] ? trace_hardirqs_on+0xbd/0x310 [ 104.520430] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 104.525782] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 104.531218] __x64_sys_setsockopt+0xbe/0x150 [ 104.535617] do_syscall_64+0x1b9/0x820 [ 104.539520] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 104.544869] ? syscall_return_slowpath+0x5e0/0x5e0 [ 104.549793] ? trace_hardirqs_on_caller+0x310/0x310 [ 104.554809] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 104.559811] ? recalc_sigpending_tsk+0x180/0x180 [ 104.564560] ? __switch_to_asm+0x40/0x70 [ 104.568605] ? __switch_to_asm+0x34/0x70 [ 104.572661] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 104.577504] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 104.582677] RIP: 0033:0x457759 [ 104.585864] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 104.604782] RSP: 002b:00007f1d916b8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 104.612473] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457759 [ 104.619731] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000005 [ 104.626996] RBP: 000000000073c040 R08: 0000000000000010 R09: 0000000000000000 [ 104.634280] R10: 0000000020000140 R11: 0000000000000246 R12: 00007f1d916b96d4 [ 104.641534] R13: 00000000004cb2d8 R14: 00000000004d8910 R15: 00000000ffffffff [ 104.648808] [ 104.650428] Allocated by task 9727: [ 104.654303] save_stack+0x43/0xd0 [ 104.657755] kasan_kmalloc+0xc7/0xe0 [ 104.661463] kmem_cache_alloc_trace+0x152/0x750 [ 104.666118] ax25_dev_device_up+0x47/0x4d0 [ 104.670355] ax25_device_event+0x208/0x2e0 [ 104.674592] notifier_call_chain+0x17e/0x380 [ 104.678985] raw_notifier_call_chain+0x2d/0x40 [ 104.683552] call_netdevice_notifiers_info+0x3f/0x90 [ 104.688653] __dev_notify_flags+0x17a/0x480 [ 104.692963] dev_change_flags+0x109/0x160 [ 104.697097] dev_ifsioc+0x7da/0xa80 [ 104.700715] dev_ioctl+0x1b5/0xcc0 [ 104.704243] sock_do_ioctl+0x1f6/0x420 [ 104.708135] sock_ioctl+0x313/0x690 [ 104.711771] do_vfs_ioctl+0x1de/0x1790 [ 104.715642] ksys_ioctl+0xa9/0xd0 [ 104.719080] __x64_sys_ioctl+0x73/0xb0 [ 104.722969] do_syscall_64+0x1b9/0x820 [ 104.726846] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 104.732013] [ 104.733621] Freed by task 9727: [ 104.736882] save_stack+0x43/0xd0 [ 104.740347] __kasan_slab_free+0x102/0x150 [ 104.744573] kasan_slab_free+0xe/0x10 [ 104.748384] kfree+0xcf/0x230 [ 104.751472] ax25_dev_device_down+0x164/0x2f0 [ 104.755959] ax25_device_event+0x1f6/0x2e0 [ 104.760183] notifier_call_chain+0x17e/0x380 [ 104.764571] raw_notifier_call_chain+0x2d/0x40 [ 104.769132] call_netdevice_notifiers_info+0x3f/0x90 [ 104.774232] __dev_notify_flags+0x29b/0x480 [ 104.778548] dev_change_flags+0x109/0x160 [ 104.782677] dev_ifsioc+0x7da/0xa80 [ 104.786299] dev_ioctl+0x1b5/0xcc0 [ 104.789851] sock_do_ioctl+0x1f6/0x420 [ 104.793720] sock_ioctl+0x313/0x690 [ 104.797370] do_vfs_ioctl+0x1de/0x1790 [ 104.801256] ksys_ioctl+0xa9/0xd0 [ 104.804700] __x64_sys_ioctl+0x73/0xb0 [ 104.808572] do_syscall_64+0x1b9/0x820 [ 104.812442] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 104.817622] [ 104.819235] The buggy address belongs to the object at ffff8881ccbc3a00 [ 104.819235] which belongs to the cache kmalloc-192 of size 192 [ 104.831873] The buggy address is located 56 bytes inside of [ 104.831873] 192-byte region [ffff8881ccbc3a00, ffff8881ccbc3ac0) [ 104.843635] The buggy address belongs to the page: [ 104.848576] page:ffffea000732f0c0 count:1 mapcount:0 mapping:ffff8881da800040 index:0x0 [ 104.856713] flags: 0x2fffc0000000200(slab) [ 104.860932] raw: 02fffc0000000200 ffffea000732be48 ffffea0007329808 ffff8881da800040 [ 104.868828] raw: 0000000000000000 ffff8881ccbc3000 0000000100000010 0000000000000000 [ 104.876687] page dumped because: kasan: bad access detected [ 104.882375] [ 104.883998] Memory state around the buggy address: [ 104.888919] ffff8881ccbc3900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 104.896273] ffff8881ccbc3980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 104.903613] >ffff8881ccbc3a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 104.910955] ^ [ 104.916124] ffff8881ccbc3a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 104.923471] ffff8881ccbc3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 104.930809] ================================================================== [ 104.938148] Disabling lock debugging due to kernel taint [ 104.946515] Kernel panic - not syncing: panic_on_warn set ... [ 104.952433] CPU: 1 PID: 9733 Comm: syz-executor1 Tainted: G B 4.20.0+ #1 [ 104.960565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 104.969900] Call Trace: [ 104.972470] dump_stack+0x1d3/0x2c6 [ 104.976096] ? dump_stack_print_info.cold.1+0x20/0x20 [ 104.981293] panic+0x2ad/0x55f [ 104.984467] ? add_taint.cold.5+0x16/0x16 [ 104.988598] ? preempt_schedule+0x4d/0x60 [ 104.992734] ? ___preempt_schedule+0x16/0x18 [ 104.997134] ? trace_hardirqs_on+0xb4/0x310 [ 105.001442] kasan_end_report+0x47/0x4f [ 105.005401] kasan_report.cold.9+0x76/0x309 [ 105.009704] ? ax25_fillin_cb+0x6d5/0x810 [ 105.013878] __asan_report_load4_noabort+0x14/0x20 [ 105.018800] ax25_fillin_cb+0x6d5/0x810 [ 105.022769] ax25_setsockopt+0x92f/0xa10 [ 105.026832] ? ax25_fillin_cb+0x810/0x810 [ 105.030984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 105.036504] ? security_socket_setsockopt+0x94/0xc0 [ 105.041515] __sys_setsockopt+0x1ba/0x3c0 [ 105.045658] ? kernel_accept+0x310/0x310 [ 105.049718] ? lockdep_hardirqs_on+0x421/0x5c0 [ 105.054285] ? trace_hardirqs_on+0xbd/0x310 [ 105.058587] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.063954] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 105.069389] __x64_sys_setsockopt+0xbe/0x150 [ 105.073784] do_syscall_64+0x1b9/0x820 [ 105.077667] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 105.083028] ? syscall_return_slowpath+0x5e0/0x5e0 [ 105.087943] ? trace_hardirqs_on_caller+0x310/0x310 [ 105.092941] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 105.097942] ? recalc_sigpending_tsk+0x180/0x180 [ 105.102696] ? __switch_to_asm+0x40/0x70 [ 105.106739] ? __switch_to_asm+0x34/0x70 [ 105.110796] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 105.115623] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.120813] RIP: 0033:0x457759 [ 105.124004] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 105.142886] RSP: 002b:00007f1d916b8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 105.150592] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457759 [ 105.157842] RDX: 0000000000000019 RSI: 0000000000000101 RDI: 0000000000000005 [ 105.165118] RBP: 000000000073c040 R08: 0000000000000010 R09: 0000000000000000 [ 105.172393] R10: 0000000020000140 R11: 0000000000000246 R12: 00007f1d916b96d4 [ 105.179643] R13: 00000000004cb2d8 R14: 00000000004d8910 R15: 00000000ffffffff [ 105.187912] Kernel Offset: disabled [ 105.191535] Rebooting in 86400 seconds..