[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.604615] kauditd_printk_skb: 8 callbacks suppressed [ 28.604626] audit: type=1800 audit(1543414996.628:29): pid=5920 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.629773] audit: type=1800 audit(1543414996.628:30): pid=5920 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts. 2018/11/28 14:23:37 parsed 1 programs 2018/11/28 14:23:39 executed programs: 0 syzkaller login: [ 51.513526] IPVS: ftp: loaded support on port[0] = 21 [ 51.514662] IPVS: ftp: loaded support on port[0] = 21 [ 51.527034] IPVS: ftp: loaded support on port[0] = 21 [ 51.532222] IPVS: ftp: loaded support on port[0] = 21 [ 51.546980] IPVS: ftp: loaded support on port[0] = 21 [ 51.562492] IPVS: ftp: loaded support on port[0] = 21 [ 52.329124] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.344131] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.352066] device bridge_slave_0 entered promiscuous mode [ 52.366401] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.375570] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.383469] device bridge_slave_0 entered promiscuous mode [ 52.393092] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.399545] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.409455] device bridge_slave_0 entered promiscuous mode [ 52.430428] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.439962] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.448052] device bridge_slave_1 entered promiscuous mode [ 52.455481] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.464866] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.475163] device bridge_slave_0 entered promiscuous mode [ 52.482937] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.489291] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.497488] device bridge_slave_0 entered promiscuous mode [ 52.507055] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.515526] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.523781] device bridge_slave_1 entered promiscuous mode [ 52.532737] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.540205] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.548492] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.556947] device bridge_slave_0 entered promiscuous mode [ 52.566666] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.573442] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.581449] device bridge_slave_1 entered promiscuous mode [ 52.588080] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.595014] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.602682] device bridge_slave_1 entered promiscuous mode [ 52.611574] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.621821] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.629089] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.637324] device bridge_slave_1 entered promiscuous mode [ 52.644758] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.653614] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.661321] device bridge_slave_1 entered promiscuous mode [ 52.669802] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.680232] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.704739] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.724751] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.737510] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.753857] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.768917] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.797228] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.828998] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.854573] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.876145] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.963870] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.978900] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.995777] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.067613] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.085875] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.102018] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.115458] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.125502] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.138670] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.152731] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.167991] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.195577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.204552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.215815] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.235219] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.242255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.251818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.268695] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.278847] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.291952] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.317917] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.326836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.338983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.358289] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.376118] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.384053] team0: Port device team_slave_0 added [ 53.391260] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.416055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.427893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.454200] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.463164] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.475106] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.485972] team0: Port device team_slave_1 added [ 53.493045] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.507435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.517261] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.526494] team0: Port device team_slave_0 added [ 53.532376] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.553658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.584738] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.627954] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.638549] team0: Port device team_slave_1 added [ 53.657103] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.676417] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.684509] team0: Port device team_slave_0 added [ 53.692501] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.720153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.731378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.763850] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.773128] team0: Port device team_slave_0 added [ 53.781255] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.791417] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.798889] team0: Port device team_slave_1 added [ 53.805598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.816721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.825472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.838783] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.846731] team0: Port device team_slave_0 added [ 53.858130] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.867859] team0: Port device team_slave_1 added [ 53.873498] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.889170] team0: Port device team_slave_0 added [ 53.898640] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.909227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.925070] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.944740] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.959033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.968823] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.976405] team0: Port device team_slave_1 added [ 53.989216] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.012379] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.022181] team0: Port device team_slave_1 added [ 54.028587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.038764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.049073] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.061603] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.080736] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.091709] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.101281] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.116031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.129753] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 54.142690] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.153298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.168538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.188200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.196634] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.205667] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.218826] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.230074] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.241598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.249404] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.272153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.279951] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.287558] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.295307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.303563] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.316287] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.327382] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.348199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.361369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.369105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.380397] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.389772] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.407993] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.418973] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.436842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.454684] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.462557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.470283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.478258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.494170] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.509561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.524307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.794689] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.801207] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.808212] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.814629] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.832484] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.113593] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.149393] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.155810] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.162531] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.168932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.190157] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.203381] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.209736] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.216432] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.222838] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.232274] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.240561] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.246975] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.253647] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.260000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.269766] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.282844] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.289306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.296121] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.302542] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.330423] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.354750] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.361155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.367806] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.374238] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.383987] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.154331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.167781] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.196718] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.209807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.217079] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.687109] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.915553] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.978188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.045428] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.131350] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.142750] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.156508] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.215181] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.234651] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.256492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.272402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.331946] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.392909] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.432990] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.443032] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.449490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.466355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.533910] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.562598] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.613918] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.620086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.631263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.645789] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.657596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.667796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.735614] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.744772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.756266] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.781099] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.878329] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.916574] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.940925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.948068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.967855] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.053878] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.141914] 8021q: adding VLAN 0 to HW filter on device team0 2018/11/28 14:23:48 executed programs: 6 2018/11/28 14:23:53 executed programs: 250 [ 68.808956] ================================================================== [ 68.816500] BUG: KASAN: use-after-free in path_lookupat.isra.43+0x9f8/0xc00 [ 68.823582] Read of size 1 at addr ffff8801c4865c47 by task syz-executor2/9423 [ 68.830922] [ 68.832534] CPU: 0 PID: 9423 Comm: syz-executor2 Not tainted 4.20.0-rc1-next-20181109+ #110 [ 68.841000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.850367] Call Trace: [ 68.853017] dump_stack+0x244/0x39d [ 68.856644] ? dump_stack_print_info.cold.1+0x20/0x20 [ 68.861826] ? printk+0xa7/0xcf [ 68.865115] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 68.869861] ? atime_needs_update+0x507/0x710 [ 68.874348] print_address_description.cold.7+0x9/0x1ff [ 68.879705] kasan_report.cold.8+0x242/0x309 [ 68.884095] ? path_lookupat.isra.43+0x9f8/0xc00 [ 68.888835] __asan_report_load1_noabort+0x14/0x20 [ 68.893746] path_lookupat.isra.43+0x9f8/0xc00 [ 68.898313] ? path_parentat.isra.41+0x160/0x160 [ 68.903054] ? __check_object_size+0xb1/0x782 [ 68.907634] ? usercopy_warn+0x110/0x110 [ 68.911681] ? check_preemption_disabled+0x48/0x280 [ 68.916680] filename_lookup+0x26a/0x520 [ 68.920720] ? nd_jump_link+0x1d0/0x1d0 [ 68.924683] ? digsig_verify+0x1530/0x1530 [ 68.928903] ? find_held_lock+0x36/0x1c0 [ 68.932960] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 68.938483] ? getname_flags+0x26e/0x590 [ 68.942530] user_path_at_empty+0x40/0x50 [ 68.946687] do_mount+0x180/0x1ff0 [ 68.950210] ? copy_mount_string+0x40/0x40 [ 68.954448] ? retint_kernel+0x2d/0x2d [ 68.958320] ? copy_mount_options+0x1e3/0x430 [ 68.962804] ? copy_mount_options+0x1f2/0x430 [ 68.967283] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 68.972800] ? copy_mount_options+0x315/0x430 [ 68.977296] ksys_mount+0x12d/0x140 [ 68.980937] __x64_sys_mount+0xbe/0x150 [ 68.984916] do_syscall_64+0x1b9/0x820 [ 68.988788] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 68.994246] ? syscall_return_slowpath+0x5e0/0x5e0 [ 68.999159] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 69.004014] ? trace_hardirqs_on_caller+0x310/0x310 [ 69.009018] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 69.014025] ? prepare_exit_to_usermode+0x291/0x3b0 [ 69.019041] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 69.023878] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.029048] RIP: 0033:0x457569 [ 69.032238] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.051132] RSP: 002b:00007fde6ed96c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 69.058819] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457569 [ 69.066065] RDX: 0000000020000040 RSI: 0000000020000000 RDI: 0000000000000000 [ 69.073312] RBP: 000000000072bf00 R08: 0000000020000340 R09: 0000000000000000 [ 69.080568] R10: 0000000000200000 R11: 0000000000000246 R12: 00007fde6ed976d4 [ 69.087815] R13: 00000000004c2c24 R14: 00000000004d4990 R15: 00000000ffffffff [ 69.095077] [ 69.096710] Allocated by task 9424: [ 69.100338] save_stack+0x43/0xd0 [ 69.103773] kasan_kmalloc+0xc7/0xe0 [ 69.107484] __kmalloc_track_caller+0x157/0x760 [ 69.112136] kstrdup+0x39/0x70 [ 69.115311] bpf_symlink+0x26/0x140 [ 69.118926] vfs_symlink+0x37a/0x5d0 [ 69.122634] do_symlinkat+0x242/0x2d0 [ 69.126415] __x64_sys_symlink+0x59/0x80 [ 69.130734] do_syscall_64+0x1b9/0x820 [ 69.134608] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.139775] [ 69.141383] Freed by task 9425: [ 69.144644] save_stack+0x43/0xd0 [ 69.148093] __kasan_slab_free+0x102/0x150 [ 69.152314] kasan_slab_free+0xe/0x10 [ 69.156103] kfree+0xcf/0x230 [ 69.159191] bpf_evict_inode+0x11f/0x150 [ 69.163241] evict+0x4b9/0x980 [ 69.166413] iput+0x674/0xa90 [ 69.169498] do_unlinkat+0x733/0xa30 [ 69.173190] __x64_sys_unlink+0x42/0x50 [ 69.177144] do_syscall_64+0x1b9/0x820 [ 69.181021] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.186184] [ 69.187814] The buggy address belongs to the object at ffff8801c4865c40 [ 69.187814] which belongs to the cache kmalloc-32 of size 32 [ 69.200336] The buggy address is located 7 bytes inside of [ 69.200336] 32-byte region [ffff8801c4865c40, ffff8801c4865c60) [ 69.211983] The buggy address belongs to the page: [ 69.216910] page:ffffea0007121940 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801c4865fc1 [ 69.226340] flags: 0x2fffc0000000200(slab) [ 69.230576] raw: 02fffc0000000200 ffffea000763c048 ffffea000762cf08 ffff8801da8001c0 [ 69.238448] raw: ffff8801c4865fc1 ffff8801c4865000 000000010000003f 0000000000000000 [ 69.247406] page dumped because: kasan: bad access detected [ 69.253108] [ 69.254715] Memory state around the buggy address: [ 69.259636] ffff8801c4865b00: fb fb fb fb fc fc fc fc 05 fc fc fc fc fc fc fc [ 69.266990] ffff8801c4865b80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 69.274336] >ffff8801c4865c00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 69.281675] ^ [ 69.287107] ffff8801c4865c80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 69.294448] ffff8801c4865d00: fb fb fb fb fc fc fc fc 05 fc fc fc fc fc fc fc [ 69.301786] ================================================================== [ 69.309138] Disabling lock debugging due to kernel taint [ 69.315762] Kernel panic - not syncing: panic_on_warn set ... [ 69.321664] CPU: 0 PID: 9423 Comm: syz-executor2 Tainted: G B 4.20.0-rc1-next-20181109+ #110 [ 69.331540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.332003] kobject: 'loop0' (000000003087a57d): kobject_uevent_env [ 69.340897] Call Trace: [ 69.340917] dump_stack+0x244/0x39d [ 69.340934] ? dump_stack_print_info.cold.1+0x20/0x20 [ 69.340955] panic+0x2ad/0x55c [ 69.353678] kobject: 'loop0' (000000003087a57d): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 69.358730] ? add_taint.cold.5+0x16/0x16 [ 69.358746] ? preempt_schedule+0x4d/0x60 [ 69.358780] ? ___preempt_schedule+0x16/0x18 [ 69.363260] kobject: 'loop5' (00000000420a01aa): kobject_uevent_env [ 69.371389] ? trace_hardirqs_on+0xb4/0x310 [ 69.371407] kasan_end_report+0x47/0x4f [ 69.371419] kasan_report.cold.8+0x76/0x309 [ 69.371436] ? path_lookupat.isra.43+0x9f8/0xc00 [ 69.376003] kobject: 'loop5' (00000000420a01aa): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 69.379727] __asan_report_load1_noabort+0x14/0x20 [ 69.379741] path_lookupat.isra.43+0x9f8/0xc00 [ 69.379757] ? path_parentat.isra.41+0x160/0x160 [ 69.431554] ? __check_object_size+0xb1/0x782 [ 69.436050] ? usercopy_warn+0x110/0x110 [ 69.440101] ? check_preemption_disabled+0x48/0x280 [ 69.445113] filename_lookup+0x26a/0x520 [ 69.449158] ? nd_jump_link+0x1d0/0x1d0 [ 69.453123] ? digsig_verify+0x1530/0x1530 [ 69.457361] ? find_held_lock+0x36/0x1c0 [ 69.461412] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.466931] ? getname_flags+0x26e/0x590 [ 69.470977] user_path_at_empty+0x40/0x50 [ 69.475124] do_mount+0x180/0x1ff0 [ 69.478666] ? copy_mount_string+0x40/0x40 [ 69.482887] ? retint_kernel+0x2d/0x2d [ 69.486760] ? copy_mount_options+0x1e3/0x430 [ 69.491240] ? copy_mount_options+0x1f2/0x430 [ 69.495717] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.501238] ? copy_mount_options+0x315/0x430 [ 69.505717] ksys_mount+0x12d/0x140 [ 69.509337] __x64_sys_mount+0xbe/0x150 [ 69.513311] do_syscall_64+0x1b9/0x820 [ 69.517190] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 69.522557] ? syscall_return_slowpath+0x5e0/0x5e0 [ 69.527468] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 69.532305] ? trace_hardirqs_on_caller+0x310/0x310 [ 69.537312] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 69.542321] ? prepare_exit_to_usermode+0x291/0x3b0 [ 69.547339] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 69.552171] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.557351] RIP: 0033:0x457569 [ 69.560527] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.579411] RSP: 002b:00007fde6ed96c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 69.587099] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457569 [ 69.594377] RDX: 0000000020000040 RSI: 0000000020000000 RDI: 0000000000000000 [ 69.601625] RBP: 000000000072bf00 R08: 0000000020000340 R09: 0000000000000000 [ 69.608891] R10: 0000000000200000 R11: 0000000000000246 R12: 00007fde6ed976d4 [ 69.616144] R13: 00000000004c2c24 R14: 00000000004d4990 R15: 00000000ffffffff [ 69.624337] Kernel Offset: disabled [ 69.627962] Rebooting in 86400 seconds..