Warning: Permanently added '10.128.0.123' (ECDSA) to the list of known hosts. 2018/11/08 17:41:34 parsed 1 programs 2018/11/08 17:41:35 executed programs: 0 [ 98.819625] IPVS: ftp: loaded support on port[0] = 21 [ 98.837129] IPVS: ftp: loaded support on port[0] = 21 [ 98.866610] IPVS: ftp: loaded support on port[0] = 21 [ 98.876412] IPVS: ftp: loaded support on port[0] = 21 [ 98.876428] IPVS: ftp: loaded support on port[0] = 21 [ 98.898533] IPVS: ftp: loaded support on port[0] = 21 [ 100.279437] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.286601] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.305499] device bridge_slave_0 entered promiscuous mode [ 100.316413] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.325168] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.332860] device bridge_slave_0 entered promiscuous mode [ 100.342397] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.349883] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.357273] device bridge_slave_0 entered promiscuous mode [ 100.397555] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.404137] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.412648] device bridge_slave_1 entered promiscuous mode [ 100.429858] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.436221] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.451613] device bridge_slave_1 entered promiscuous mode [ 100.461129] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.470646] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.478961] device bridge_slave_0 entered promiscuous mode [ 100.498166] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.504542] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.513559] device bridge_slave_1 entered promiscuous mode [ 100.522310] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.530897] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.537250] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.550235] device bridge_slave_0 entered promiscuous mode [ 100.559384] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.570790] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.577536] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.594413] device bridge_slave_1 entered promiscuous mode [ 100.601502] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.607863] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.620479] device bridge_slave_0 entered promiscuous mode [ 100.630004] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.640536] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.659211] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.666009] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.683829] device bridge_slave_1 entered promiscuous mode [ 100.691389] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.704015] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.725248] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.739817] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.747196] device bridge_slave_1 entered promiscuous mode [ 100.757036] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.771502] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.794834] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.859549] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.868367] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 100.880406] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 100.954003] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 100.980328] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 101.025869] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 101.060017] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 101.072220] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 101.085455] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 101.105427] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 101.123196] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 101.155400] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 101.175916] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 101.202553] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 101.218071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 101.227746] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 101.246140] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 101.289696] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 101.322191] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 101.376568] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 101.393543] team0: Port device team_slave_0 added [ 101.450256] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 101.472869] team0: Port device team_slave_1 added [ 101.522687] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 101.545118] team0: Port device team_slave_0 added [ 101.568300] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 101.576714] team0: Port device team_slave_0 added [ 101.607831] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.626479] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 101.642281] team0: Port device team_slave_1 added [ 101.663975] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 101.677686] team0: Port device team_slave_0 added [ 101.683695] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 101.696558] team0: Port device team_slave_1 added [ 101.705367] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.724838] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 101.732348] team0: Port device team_slave_0 added [ 101.742560] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 101.760405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.777683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.793628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.814713] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.829965] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.848939] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 101.857076] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 101.865477] team0: Port device team_slave_1 added [ 101.874043] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 101.885507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.897332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.906206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 101.914533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.925131] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 101.937675] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 101.945448] team0: Port device team_slave_0 added [ 101.951428] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 101.964739] team0: Port device team_slave_1 added [ 101.972337] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 101.982755] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.990972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.999792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 102.008174] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 102.023664] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 102.033434] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 102.041978] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 102.051394] team0: Port device team_slave_1 added [ 102.056469] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 102.070185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 102.085834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 102.096083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 102.104434] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 102.123129] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 102.135152] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 102.148323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 102.166307] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 102.175222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 102.183369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 102.192064] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 102.200656] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 102.219596] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 102.226689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 102.236265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 102.254484] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 102.264497] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 102.279149] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 102.287085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 102.300749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 102.309581] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 102.330359] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 102.356864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 102.364961] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 102.382189] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 102.392913] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 102.407911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 102.422990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 102.439146] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 102.450329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 102.464001] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 102.486880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 102.507914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 102.521445] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 102.536875] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 102.556912] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 102.573652] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 102.597384] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 102.606404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 102.922525] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.929088] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.936104] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.942549] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.962088] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 102.985016] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.991452] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.998187] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.004555] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.014587] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 103.150728] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.157131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.163862] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.170277] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.178600] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 103.356985] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.364079] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.371727] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.378553] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.389585] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 103.404777] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.411188] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.417846] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.424278] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.444296] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 103.602749] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.609193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.615855] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.622290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.634013] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 103.836159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 103.844012] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 103.858574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 103.866764] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 103.875686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 103.883607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 106.042810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.079259] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.137620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.355346] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 106.366946] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 106.397158] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.438342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.447760] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 106.613927] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.622238] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 106.641176] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 106.656871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 106.672229] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 106.694300] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 106.708534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 106.719937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 106.746893] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 106.755507] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 106.780536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 106.787610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 106.878242] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 106.977578] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 106.992652] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.999743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.006793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.026166] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.043848] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.098812] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 107.121650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.137681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.214106] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 107.225903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.234991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.304465] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.386433] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.557812] 8021q: adding VLAN 0 to HW filter on device team0 2018/11/08 17:41:45 executed programs: 6 [ 111.042981] vivid-000: kernel_thread() failed [ 111.094269] vivid-000: kernel_thread() failed [ 111.164582] ================================================================== [ 111.172133] BUG: KASAN: use-after-free in __vb2_perform_fileio+0x10e2/0x1210 [ 111.179341] Read of size 4 at addr ffff8801c05aa79c by task syz-executor4/7617 [ 111.186705] [ 111.188374] CPU: 0 PID: 7617 Comm: syz-executor4 Not tainted 4.20.0-rc1+ #1 [ 111.195484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 111.204842] Call Trace: [ 111.207444] dump_stack+0x244/0x39d [ 111.211095] ? dump_stack_print_info.cold.1+0x20/0x20 [ 111.216317] ? printk+0xa7/0xcf [ 111.219610] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 111.224390] print_address_description.cold.7+0x9/0x1ff [ 111.229771] kasan_report.cold.8+0x242/0x309 [ 111.234190] ? __vb2_perform_fileio+0x10e2/0x1210 [ 111.239054] __asan_report_load4_noabort+0x14/0x20 [ 111.239075] __vb2_perform_fileio+0x10e2/0x1210 [ 111.239103] ? vb2_core_poll+0x9b0/0x9b0 [ 111.239122] ? ksys_dup3+0x680/0x680 [ 111.239141] vb2_read+0x3b/0x50 [ 111.239160] vb2_fop_read+0x20a/0x400 [ 111.239181] ? vb2_fop_write+0x400/0x400 [ 111.239202] v4l2_read+0x168/0x220 [ 111.239222] __vfs_read+0x117/0x9b0 [ 111.248969] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 111.248996] ? v4l2_write+0x220/0x220 [ 111.249014] ? vfs_copy_file_range+0xb90/0xb90 [ 111.249053] ? fsnotify+0xf20/0xf20 [ 111.249070] ? trace_hardirqs_off_caller+0x310/0x310 [ 111.249100] ? security_file_permission+0x1c2/0x220 [ 111.249118] ? rw_verify_area+0x118/0x360 [ 111.249138] vfs_read+0x17f/0x3c0 [ 111.309825] ksys_read+0x101/0x260 [ 111.313397] ? kernel_write+0x120/0x120 [ 111.317382] ? trace_hardirqs_off_caller+0x310/0x310 [ 111.322474] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.328025] __ia32_sys_read+0x71/0xb0 [ 111.331934] do_fast_syscall_32+0x34d/0xfb2 [ 111.336261] ? do_int80_syscall_32+0x890/0x890 [ 111.340865] ? entry_SYSENTER_compat+0x68/0x7f [ 111.345496] ? trace_hardirqs_off_caller+0xbb/0x310 [ 111.350537] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 111.355378] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 111.360225] ? trace_hardirqs_on_caller+0x310/0x310 [ 111.365238] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 111.370257] ? prepare_exit_to_usermode+0x291/0x3b0 [ 111.375285] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 111.380138] entry_SYSENTER_compat+0x70/0x7f [ 111.384534] RIP: 0023:0xf7f92a29 [ 111.387892] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 111.406781] RSP: 002b:00000000f7f8e0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 111.414484] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040 [ 111.421751] RDX: 000000000000004a RSI: 0000000000000000 RDI: 0000000000000000 [ 111.429012] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 111.436286] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 111.443553] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 111.450841] [ 111.452472] Allocated by task 7617: [ 111.456096] save_stack+0x43/0xd0 [ 111.459538] kasan_kmalloc+0xc7/0xe0 [ 111.463256] kmem_cache_alloc_trace+0x152/0x750 [ 111.467953] __vb2_init_fileio+0x1ce/0xc90 [ 111.472198] __vb2_perform_fileio+0xcfd/0x1210 [ 111.476782] vb2_read+0x3b/0x50 [ 111.480066] vb2_fop_read+0x20a/0x400 [ 111.483866] v4l2_read+0x168/0x220 [ 111.487395] __vfs_read+0x117/0x9b0 [ 111.491045] vfs_read+0x17f/0x3c0 [ 111.494512] ksys_read+0x101/0x260 [ 111.498072] __ia32_sys_read+0x71/0xb0 [ 111.501972] do_fast_syscall_32+0x34d/0xfb2 [ 111.506280] entry_SYSENTER_compat+0x70/0x7f [ 111.510681] [ 111.512299] Freed by task 7614: [ 111.515601] save_stack+0x43/0xd0 [ 111.519061] __kasan_slab_free+0x102/0x150 [ 111.523312] kasan_slab_free+0xe/0x10 [ 111.527121] kfree+0xcf/0x230 [ 111.530231] __vb2_cleanup_fileio+0xf8/0x160 [ 111.534650] vb2_core_queue_release+0x1e/0x80 [ 111.539155] _vb2_fop_release+0x1d2/0x2b0 [ 111.543313] vb2_fop_release+0x77/0xc0 [ 111.547186] vivid_fop_release+0x18e/0x440 [ 111.551411] v4l2_release+0x224/0x3a0 [ 111.555224] __fput+0x385/0xa30 [ 111.558504] ____fput+0x15/0x20 [ 111.561800] task_work_run+0x1e8/0x2a0 [ 111.565717] exit_to_usermode_loop+0x318/0x380 [ 111.570318] do_fast_syscall_32+0xcd5/0xfb2 [ 111.574641] entry_SYSENTER_compat+0x70/0x7f [ 111.579043] [ 111.580678] The buggy address belongs to the object at ffff8801c05aa480 [ 111.580678] which belongs to the cache kmalloc-1k of size 1024 [ 111.593349] The buggy address is located 796 bytes inside of [ 111.593349] 1024-byte region [ffff8801c05aa480, ffff8801c05aa880) [ 111.605329] The buggy address belongs to the page: [ 111.610245] page:ffffea0007016a80 count:1 mapcount:0 mapping:ffff8801da800ac0 index:0x0 compound_mapcount: 0 [ 111.620206] flags: 0x2fffc0000010200(slab|head) [ 111.624929] raw: 02fffc0000010200 ffffea00073b0b08 ffffea000701e388 ffff8801da800ac0 [ 111.632803] raw: 0000000000000000 ffff8801c05aa000 0000000100000007 0000000000000000 [ 111.640667] page dumped because: kasan: bad access detected [ 111.646359] [ 111.647974] Memory state around the buggy address: [ 111.652914] ffff8801c05aa680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 111.660296] ffff8801c05aa700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 111.667674] >ffff8801c05aa780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 111.675036] ^ [ 111.679176] ffff8801c05aa800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 111.686536] ffff8801c05aa880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 111.693898] ================================================================== [ 111.701248] Disabling lock debugging due to kernel taint [ 111.708777] Kernel panic - not syncing: panic_on_warn set ... [ 111.714688] CPU: 0 PID: 7617 Comm: syz-executor4 Tainted: G B 4.20.0-rc1+ #1 [ 111.723172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 111.732513] Call Trace: [ 111.735114] dump_stack+0x244/0x39d [ 111.738746] ? dump_stack_print_info.cold.1+0x20/0x20 [ 111.743928] panic+0x2ad/0x55c [ 111.747115] ? add_taint.cold.5+0x16/0x16 [ 111.751263] ? preempt_schedule+0x4d/0x60 [ 111.755401] ? ___preempt_schedule+0x16/0x18 [ 111.759799] ? trace_hardirqs_on+0xb4/0x310 [ 111.764120] kasan_end_report+0x47/0x4f [ 111.768089] kasan_report.cold.8+0x76/0x309 [ 111.772399] ? __vb2_perform_fileio+0x10e2/0x1210 [ 111.777240] __asan_report_load4_noabort+0x14/0x20 [ 111.782188] __vb2_perform_fileio+0x10e2/0x1210 [ 111.786847] ? vb2_core_poll+0x9b0/0x9b0 [ 111.790908] ? ksys_dup3+0x680/0x680 [ 111.794622] vb2_read+0x3b/0x50 [ 111.797889] vb2_fop_read+0x20a/0x400 [ 111.801676] ? vb2_fop_write+0x400/0x400 [ 111.805881] v4l2_read+0x168/0x220 [ 111.809432] __vfs_read+0x117/0x9b0 [ 111.813069] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 111.818004] ? v4l2_write+0x220/0x220 [ 111.821814] ? vfs_copy_file_range+0xb90/0xb90 [ 111.826391] ? fsnotify+0xf20/0xf20 [ 111.830019] ? trace_hardirqs_off_caller+0x310/0x310 [ 111.835140] ? security_file_permission+0x1c2/0x220 [ 111.840159] ? rw_verify_area+0x118/0x360 [ 111.844295] vfs_read+0x17f/0x3c0 [ 111.847759] ksys_read+0x101/0x260 [ 111.851302] ? kernel_write+0x120/0x120 [ 111.855267] ? trace_hardirqs_off_caller+0x310/0x310 [ 111.860375] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.865902] __ia32_sys_read+0x71/0xb0 [ 111.869782] do_fast_syscall_32+0x34d/0xfb2 [ 111.874104] ? do_int80_syscall_32+0x890/0x890 [ 111.878687] ? entry_SYSENTER_compat+0x68/0x7f [ 111.883257] ? trace_hardirqs_off_caller+0xbb/0x310 [ 111.888260] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 111.893088] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 111.897915] ? trace_hardirqs_on_caller+0x310/0x310 [ 111.902926] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 111.907933] ? prepare_exit_to_usermode+0x291/0x3b0 [ 111.912952] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 111.917788] entry_SYSENTER_compat+0x70/0x7f [ 111.922185] RIP: 0023:0xf7f92a29 [ 111.925537] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 111.944430] RSP: 002b:00000000f7f8e0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 111.952139] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040 [ 111.959398] RDX: 000000000000004a RSI: 0000000000000000 RDI: 0000000000000000 [ 111.966664] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 111.973932] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 111.981193] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 111.989412] Kernel Offset: disabled [ 111.993047] Rebooting in 86400 seconds..