[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   26.793549] kauditd_printk_skb: 7 callbacks suppressed
[   26.793560] audit: type=1800 audit(1540492389.801:29): pid=5198 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   26.823853] audit: type=1800 audit(1540492389.801:30): pid=5198 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.82' (ECDSA) to the list of known hosts.
syzkaller login: [   42.138944] IPVS: ftp: loaded support on port[0] = 21
[   42.140189] IPVS: ftp: loaded support on port[0] = 21
[   42.154298] IPVS: ftp: loaded support on port[0] = 21
[   42.154459] IPVS: ftp: loaded support on port[0] = 21
[   42.169841] IPVS: ftp: loaded support on port[0] = 21
[   42.181160] IPVS: ftp: loaded support on port[0] = 21
[   43.027498] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.036049] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.044724] device bridge_slave_0 entered promiscuous mode
[   43.055396] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.063884] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.071936] device bridge_slave_0 entered promiscuous mode
[   43.089699] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.096223] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.105265] device bridge_slave_1 entered promiscuous mode
[   43.114554] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.124285] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.132057] device bridge_slave_0 entered promiscuous mode
[   43.141296] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.147707] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.155649] device bridge_slave_0 entered promiscuous mode
[   43.175621] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.182545] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.191918] device bridge_slave_1 entered promiscuous mode
[   43.203199] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.209583] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.217648] device bridge_slave_0 entered promiscuous mode
[   43.226791] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   43.237072] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.243930] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.257734] device bridge_slave_1 entered promiscuous mode
[   43.267933] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.277941] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.286051] device bridge_slave_0 entered promiscuous mode
[   43.295503] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.302335] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.309833] device bridge_slave_1 entered promiscuous mode
[   43.318657] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   43.329535] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   43.338346] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   43.354157] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.361528] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.377952] device bridge_slave_1 entered promiscuous mode
[   43.388275] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.400567] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.407987] device bridge_slave_1 entered promiscuous mode
[   43.417935] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   43.425846] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   43.436207] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   43.461921] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   43.488490] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   43.509021] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   43.532355] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   43.600907] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   43.615499] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   43.627989] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   43.691498] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   43.724097] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   43.752086] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   43.768812] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   43.789716] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   43.803510] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   43.819097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   43.832712] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   43.844329] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   43.856982] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   43.871675] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   43.881539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   43.891082] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   43.900765] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   43.912558] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   43.919928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   43.934056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   43.953552] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   43.968047] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   43.989179] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   43.999512] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   44.015499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   44.036832] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   44.063950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   44.077891] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   44.101863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   44.166412] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   44.188891] team0: Port device team_slave_0 added
[   44.229721] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   44.241059] team0: Port device team_slave_0 added
[   44.251794] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   44.259870] team0: Port device team_slave_1 added
[   44.285545] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   44.296723] team0: Port device team_slave_0 added
[   44.328428] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   44.343544] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   44.362337] team0: Port device team_slave_1 added
[   44.370056] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   44.379787] team0: Port device team_slave_0 added
[   44.390618] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   44.399397] team0: Port device team_slave_1 added
[   44.412942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   44.423334] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   44.433433] team0: Port device team_slave_0 added
[   44.442364] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   44.449753] team0: Port device team_slave_0 added
[   44.458783] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   44.474297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.491545] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.501230] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   44.513289] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   44.522410] team0: Port device team_slave_1 added
[   44.534259] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   44.542811] team0: Port device team_slave_1 added
[   44.549952] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   44.564231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   44.572434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.581725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.589892] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   44.597876] team0: Port device team_slave_1 added
[   44.620999] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   44.631392] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   44.653966] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   44.676100] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   44.689995] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   44.702079] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   44.709430] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   44.733271] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   44.742945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.754988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.764232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   44.772835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   44.780721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.788647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.801019] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   44.808964] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   44.823206] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   44.830688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.839356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.849837] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.858777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.873935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   44.882165] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   44.895009] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   44.904764] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   44.917379] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   44.930810] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.938866] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.964471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   44.972443] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   44.979876] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.987903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.996182] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   45.010775] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   45.028510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.039866] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   45.060841] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   45.068835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   45.080172] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   45.106959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.121053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   45.139124] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
RTNETLINK answers: Operation not supported
[   45.150653] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.165145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
[   45.463459] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.469996] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.477115] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.483568] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.503127] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
[   45.681398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   45.707598] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.714054] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.720762] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.727146] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.743654] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   45.754074] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.760546] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.767254] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.773708] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   45.781442] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
[   45.896678] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.903121] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.909814] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.916263] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.933388] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   45.962448] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.968840] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.975585] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.982004] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.999688] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
[   46.009023] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.015446] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.022174] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.028550] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.036578] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
[   46.691996] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   46.699223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   46.714122] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   46.723663] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   46.731422] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   48.383227] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.449279] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.635225] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   48.694800] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.712061] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.724645] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   48.745426] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.794675] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.883022] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   48.890508] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   48.897698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   48.981345] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   49.002936] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   49.031420] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   49.043799] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   49.049998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   49.057651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.101673] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   49.139274] 8021q: adding VLAN 0 to HW filter on device team0
[   49.249175] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   49.268361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   49.277903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.297028] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   49.309804] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   49.319056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   49.329177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.337287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   49.344951] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.372583] 8021q: adding VLAN 0 to HW filter on device team0
[   49.443292] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   49.456265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   49.466894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.562915] 8021q: adding VLAN 0 to HW filter on device team0
[   49.571205] 8021q: adding VLAN 0 to HW filter on device team0
[   49.595163] 8021q: adding VLAN 0 to HW filter on device team0
[   49.697111] 8021q: adding VLAN 0 to HW filter on device team0
[   50.737282] FAULT_INJECTION: forcing a failure.
[   50.737282] name failslab, interval 1, probability 0, space 0, times 1
[   50.790143] CPU: 0 PID: 6742 Comm: syz-executor977 Not tainted 4.19.0+ #80
[   50.797197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.806560] Call Trace:
[   50.809165]  dump_stack+0x244/0x39d
[   50.812807]  ? dump_stack_print_info.cold.1+0x20/0x20
[   50.818017]  ? mark_held_locks+0x130/0x130
[   50.822262]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   50.827819]  ? idr_get_free+0xa83/0xec0
[   50.831813]  should_fail.cold.4+0xa/0x17
[   50.835896]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   50.841024]  ? find_held_lock+0x36/0x1c0
[   50.845111]  ? find_held_lock+0x36/0x1c0
[   50.849207]  ? perf_trace_sched_process_exec+0x860/0x860
[   50.854678]  ? wait_for_completion+0x8a0/0x8a0
[   50.859289]  __should_failslab+0x124/0x180
[   50.863550]  should_failslab+0x9/0x14
[   50.867395]  kmem_cache_alloc_trace+0x2d7/0x750
[   50.872084]  ? kasan_check_read+0x11/0x20
[   50.876247]  ? do_raw_spin_unlock+0xa7/0x330
[   50.880672]  ? do_raw_spin_trylock+0x270/0x270
[   50.885272]  drm_vma_node_allow+0x5f/0x290
[   50.889530]  drm_gem_handle_create_tail+0x233/0x440
[   50.894564]  ? drm_gem_destroy+0xb0/0xb0
[   50.896017] FAULT_INJECTION: forcing a failure.
[   50.896017] name failslab, interval 1, probability 0, space 0, times 1
[   50.898650]  drm_gem_handle_create+0x52/0x60
[   50.898678]  vgem_gem_dumb_create+0x115/0x260
[   50.918761]  drm_mode_create_dumb+0x28d/0x310
[   50.923279]  drm_mode_create_dumb_ioctl+0x25/0x30
[   50.928153]  drm_ioctl_kernel+0x245/0x2f0
[   50.932311]  ? drm_mode_create_dumb+0x310/0x310
[   50.937006]  ? drm_setversion+0x8b0/0x8b0
[   50.941169]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   50.946717]  ? _copy_from_user+0xdf/0x150
[   50.950884]  drm_ioctl+0x57a/0xb20
[   50.954451]  ? drm_mode_create_dumb+0x310/0x310
[   50.959139]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   50.963475]  ? proc_fail_nth_write+0x9e/0x210
[   50.965057] FAULT_INJECTION: forcing a failure.
[   50.965057] name failslab, interval 1, probability 0, space 0, times 1
[   50.967985]  ? proc_cwd_link+0x1d0/0x1d0
[   50.968003]  ? trace_hardirqs_off+0xb8/0x310
[   50.968035]  ? smk_tskacc+0x3dd/0x520
[   50.991478]  ? smack_privileged+0xd0/0xd0
[   50.995632]  ? vfs_write+0x2f3/0x560
[   50.999382]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   51.003723]  do_vfs_ioctl+0x1de/0x1720
[   51.007619]  ? __lock_is_held+0xb5/0x140
[   51.011696]  ? ioctl_preallocate+0x300/0x300
[   51.016115]  ? smk_curacc+0x7f/0xa0
[   51.019754]  ? smack_file_ioctl+0x210/0x3c0
[   51.024081]  ? fget_raw+0x20/0x20
[   51.027543]  ? smack_file_lock+0x2e0/0x2e0
[   51.031795]  ? do_syscall_64+0x9a/0x820
[   51.035778]  ? do_syscall_64+0x9a/0x820
[   51.039763]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.045328]  ? security_file_ioctl+0x94/0xc0
[   51.049763]  ksys_ioctl+0xa9/0xd0
[   51.053231]  __x64_sys_ioctl+0x73/0xb0
[   51.057156]  do_syscall_64+0x1b9/0x820
[   51.061055]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   51.066433]  ? syscall_return_slowpath+0x5e0/0x5e0
[   51.071375]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   51.076228]  ? trace_hardirqs_on_caller+0x310/0x310
[   51.081256]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   51.086283]  ? prepare_exit_to_usermode+0x291/0x3b0
[   51.091333]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   51.096198]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.101390] RIP: 0033:0x445989
[   51.104587] Code: e8 4c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b c8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   51.123670] RSP: 002b:00007ffcf076f4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   51.131398] RAX: ffffffffffffffda RBX: 00007ffcf076f500 RCX: 0000000000445989
[   51.138676] RDX: 0000000020000000 RSI: ffffffffffffffb2 RDI: 0000000000000003
[   51.145954] RBP: 0000000000000004 R08: 0000000000000001 R09: 0000000000000100
[   51.153233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   51.160526] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   51.167830] CPU: 1 PID: 6767 Comm: syz-executor977 Not tainted 4.19.0+ #80
[   51.174872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.184231] Call Trace:
[   51.186838]  dump_stack+0x244/0x39d
[   51.190499]  ? dump_stack_print_info.cold.1+0x20/0x20
[   51.195705]  ? mark_held_locks+0x130/0x130
[   51.199958]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.205517]  ? idr_get_free+0xa83/0xec0
[   51.209514]  should_fail.cold.4+0xa/0x17
[   51.213595]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   51.218721]  ? find_held_lock+0x36/0x1c0
[   51.222809]  ? find_held_lock+0x36/0x1c0
[   51.227031]  ? perf_trace_sched_process_exec+0x860/0x860
[   51.232523]  ? wait_for_completion+0x8a0/0x8a0
[   51.237126]  __should_failslab+0x124/0x180
[   51.241377]  should_failslab+0x9/0x14
[   51.245192]  kmem_cache_alloc_trace+0x2d7/0x750
[   51.249884]  ? kasan_check_read+0x11/0x20
[   51.254048]  ? do_raw_spin_unlock+0xa7/0x330
[   51.258469]  ? do_raw_spin_trylock+0x270/0x270
[   51.261960] FAULT_INJECTION: forcing a failure.
[   51.261960] name failslab, interval 1, probability 0, space 0, times 1
[   51.263103]  drm_vma_node_allow+0x5f/0x290
[   51.263129]  drm_gem_handle_create_tail+0x233/0x440
[   51.263159]  ? drm_gem_destroy+0xb0/0xb0
[   51.287669]  drm_gem_handle_create+0x52/0x60
[   51.292099]  vgem_gem_dumb_create+0x115/0x260
[   51.296612]  drm_mode_create_dumb+0x28d/0x310
[   51.301145]  drm_mode_create_dumb_ioctl+0x25/0x30
[   51.306004]  drm_ioctl_kernel+0x245/0x2f0
[   51.310165]  ? drm_mode_create_dumb+0x310/0x310
[   51.314848]  ? drm_setversion+0x8b0/0x8b0
[   51.319019]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   51.324568]  ? _copy_from_user+0xdf/0x150
[   51.328736]  drm_ioctl+0x57a/0xb20
[   51.332291]  ? drm_mode_create_dumb+0x310/0x310
[   51.336992]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   51.341344]  ? proc_fail_nth_write+0x9e/0x210
[   51.345866]  ? proc_cwd_link+0x1d0/0x1d0
[   51.349940]  ? trace_hardirqs_off+0xb8/0x310
[   51.354368]  ? smk_tskacc+0x3dd/0x520
[   51.358188]  ? smack_privileged+0xd0/0xd0
[   51.362367]  ? vfs_write+0x2f3/0x560
[   51.366102]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   51.370443]  do_vfs_ioctl+0x1de/0x1720
[   51.374364]  ? __lock_is_held+0xb5/0x140
[   51.378449]  ? ioctl_preallocate+0x300/0x300
[   51.382877]  ? smk_curacc+0x7f/0xa0
[   51.386522]  ? smack_file_ioctl+0x210/0x3c0
[   51.390864]  ? fget_raw+0x20/0x20
[   51.394342]  ? smack_file_lock+0x2e0/0x2e0
[   51.398613]  ? do_syscall_64+0x9a/0x820
[   51.402598]  ? do_syscall_64+0x9a/0x820
[   51.406593]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.412148]  ? security_file_ioctl+0x94/0xc0
[   51.416578]  ksys_ioctl+0xa9/0xd0
[   51.420069]  __x64_sys_ioctl+0x73/0xb0
[   51.423972]  do_syscall_64+0x1b9/0x820
[   51.427879]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   51.433378]  ? syscall_return_slowpath+0x5e0/0x5e0
[   51.438332]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   51.443197]  ? trace_hardirqs_on_caller+0x310/0x310
[   51.448235]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   51.453272]  ? prepare_exit_to_usermode+0x291/0x3b0
[   51.458343]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   51.463217]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.468431] RIP: 0033:0x445989
[   51.471640] Code: e8 4c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b c8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   51.491007] RSP: 002b:00007ffcf076f4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   51.498759] RAX: ffffffffffffffda RBX: 00007ffcf076f500 RCX: 0000000000445989
[   51.506103] RDX: 0000000020000000 RSI: ffffffffffffffb2 RDI: 0000000000000003
[   51.513412] RBP: 0000000000000004 R08: 0000000000000001 R09: 0000000000000100
[   51.521563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   51.528844] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   51.536164] CPU: 0 PID: 6770 Comm: syz-executor977 Not tainted 4.19.0+ #80
[   51.543197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.552564] Call Trace:
[   51.555166]  dump_stack+0x244/0x39d
[   51.558811]  ? dump_stack_print_info.cold.1+0x20/0x20
[   51.564030]  ? mark_held_locks+0x130/0x130
[   51.568283]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.573857]  ? idr_get_free+0xa83/0xec0
[   51.577860]  should_fail.cold.4+0xa/0x17
[   51.581293] FAULT_INJECTION: forcing a failure.
[   51.581293] name failslab, interval 1, probability 0, space 0, times 1
[   51.581939]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   51.581965]  ? find_held_lock+0x36/0x1c0
[   51.581991]  ? find_held_lock+0x36/0x1c0
[   51.606462]  ? perf_trace_sched_process_exec+0x860/0x860
[   51.611944]  ? wait_for_completion+0x8a0/0x8a0
[   51.616558]  __should_failslab+0x124/0x180
[   51.620816]  should_failslab+0x9/0x14
[   51.624637]  kmem_cache_alloc_trace+0x2d7/0x750
[   51.629332]  ? kasan_check_read+0x11/0x20
[   51.633507]  ? do_raw_spin_unlock+0xa7/0x330
[   51.637937]  ? do_raw_spin_trylock+0x270/0x270
[   51.642542]  drm_vma_node_allow+0x5f/0x290
[   51.646809]  drm_gem_handle_create_tail+0x233/0x440
[   51.651855]  ? drm_gem_destroy+0xb0/0xb0
[   51.655946]  drm_gem_handle_create+0x52/0x60
[   51.660378]  vgem_gem_dumb_create+0x115/0x260
[   51.664894]  drm_mode_create_dumb+0x28d/0x310
[   51.669409]  drm_mode_create_dumb_ioctl+0x25/0x30
[   51.674273]  drm_ioctl_kernel+0x245/0x2f0
[   51.678439]  ? drm_mode_create_dumb+0x310/0x310
[   51.683127]  ? drm_setversion+0x8b0/0x8b0
[   51.687291]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   51.692852]  ? _copy_from_user+0xdf/0x150
[   51.697026]  drm_ioctl+0x57a/0xb20
[   51.700578]  ? drm_mode_create_dumb+0x310/0x310
[   51.705274]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   51.709611]  ? proc_fail_nth_write+0x9e/0x210
[   51.714119]  ? proc_cwd_link+0x1d0/0x1d0
[   51.718193]  ? trace_hardirqs_off+0xb8/0x310
[   51.722619]  ? smk_tskacc+0x3dd/0x520
[   51.726438]  ? smack_privileged+0xd0/0xd0
[   51.730604]  ? vfs_write+0x2f3/0x560
[   51.734349]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   51.738698]  do_vfs_ioctl+0x1de/0x1720
[   51.742601]  ? __lock_is_held+0xb5/0x140
[   51.746679]  ? ioctl_preallocate+0x300/0x300
[   51.751101]  ? smk_curacc+0x7f/0xa0
[   51.754744]  ? smack_file_ioctl+0x210/0x3c0
[   51.759086]  ? fget_raw+0x20/0x20
[   51.762557]  ? smack_file_lock+0x2e0/0x2e0
[   51.766820]  ? do_syscall_64+0x9a/0x820
[   51.770807]  ? do_syscall_64+0x9a/0x820
[   51.774802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.780371]  ? security_file_ioctl+0x94/0xc0
[   51.784808]  ksys_ioctl+0xa9/0xd0
[   51.788282]  __x64_sys_ioctl+0x73/0xb0
[   51.792195]  do_syscall_64+0x1b9/0x820
[   51.796095]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   51.801474]  ? syscall_return_slowpath+0x5e0/0x5e0
[   51.806416]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   51.811271]  ? trace_hardirqs_on_caller+0x310/0x310
[   51.816304]  ? prepare_exit_to_usermode+0x291/0x3b0
[   51.821361]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   51.826228]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.831425] RIP: 0033:0x445989
[   51.834629] Code: e8 4c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b c8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   51.853539] RSP: 002b:00007ffcf076f4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   51.861254] RAX: ffffffffffffffda RBX: 00007ffcf076f500 RCX: 0000000000445989
[   51.868529] RDX: 0000000020000000 RSI: ffffffffffffffb2 RDI: 0000000000000003
[   51.875799] RBP: 0000000000000004 R08: 0000000000000001 R09: 0000000000000100
[   51.883074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   51.890360] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   51.897671] CPU: 1 PID: 6782 Comm: syz-executor977 Not tainted 4.19.0+ #80
[   51.904697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.914053] Call Trace:
[   51.916653]  dump_stack+0x244/0x39d
[   51.920313]  ? dump_stack_print_info.cold.1+0x20/0x20
[   51.925523]  ? mark_held_locks+0x130/0x130
[   51.929760]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.935308]  ? idr_get_free+0xa83/0xec0
[   51.939316]  should_fail.cold.4+0xa/0x17
[   51.943416]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   51.948586]  ? find_held_lock+0x36/0x1c0
[   51.952680]  ? find_held_lock+0x36/0x1c0
[   51.956784]  ? perf_trace_sched_process_exec+0x860/0x860
[   51.962260]  ? wait_for_completion+0x8a0/0x8a0
[   51.966869]  __should_failslab+0x124/0x180
[   51.971120]  should_failslab+0x9/0x14
[   51.974936]  kmem_cache_alloc_trace+0x2d7/0x750
[   51.979621]  ? kasan_check_read+0x11/0x20
[   51.983785]  ? do_raw_spin_unlock+0xa7/0x330
[   51.988228]  ? do_raw_spin_trylock+0x270/0x270
[   51.992859]  drm_vma_node_allow+0x5f/0x290
[   51.997121]  drm_gem_handle_create_tail+0x233/0x440
[   52.002158]  ? drm_gem_destroy+0xb0/0xb0
[   52.006246]  drm_gem_handle_create+0x52/0x60
[   52.010673]  vgem_gem_dumb_create+0x115/0x260
[   52.015192]  drm_mode_create_dumb+0x28d/0x310
[   52.019732]  drm_mode_create_dumb_ioctl+0x25/0x30
[   52.024595]  drm_ioctl_kernel+0x245/0x2f0
[   52.028756]  ? drm_mode_create_dumb+0x310/0x310
[   52.033438]  ? drm_setversion+0x8b0/0x8b0
[   52.037600]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   52.043147]  ? _copy_from_user+0xdf/0x150
[   52.047315]  drm_ioctl+0x57a/0xb20
[   52.050880]  ? drm_mode_create_dumb+0x310/0x310
[   52.055575]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   52.059913]  ? proc_fail_nth_write+0x9e/0x210
[   52.060554] ==================================================================
[   52.064424]  ? proc_cwd_link+0x1d0/0x1d0
[   52.064444]  ? trace_hardirqs_off+0xb8/0x310
[   52.071931] BUG: KASAN: use-after-free in drm_gem_object_release+0xf1/0x110
[   52.071949] Read of size 8 at addr ffff8801d83d3410 by task syz-executor977/6742
[   52.076019]  ? smk_tskacc+0x3dd/0x520
[   52.080410] 
[   52.087522]  ? smack_privileged+0xd0/0xd0
[   52.104594]  ? vfs_write+0x2f3/0x560
[   52.108336]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   52.112677]  do_vfs_ioctl+0x1de/0x1720
[   52.116577]  ? __lock_is_held+0xb5/0x140
[   52.120653]  ? ioctl_preallocate+0x300/0x300
[   52.125066]  ? smk_curacc+0x7f/0xa0
[   52.128705]  ? smack_file_ioctl+0x210/0x3c0
[   52.133035]  ? fget_raw+0x20/0x20
[   52.136499]  ? smack_file_lock+0x2e0/0x2e0
[   52.140768]  ? do_syscall_64+0x9a/0x820
[   52.144762]  ? do_syscall_64+0x9a/0x820
[   52.148754]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.154609]  ? security_file_ioctl+0x94/0xc0
[   52.159731]  ksys_ioctl+0xa9/0xd0
[   52.163200]  __x64_sys_ioctl+0x73/0xb0
[   52.167112]  do_syscall_64+0x1b9/0x820
[   52.171013]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   52.176410]  ? syscall_return_slowpath+0x5e0/0x5e0
[   52.181359]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   52.186230]  ? trace_hardirqs_on_caller+0x310/0x310
[   52.191259]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   52.196287]  ? prepare_exit_to_usermode+0x291/0x3b0
[   52.201331]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   52.206284]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.211492] RIP: 0033:0x445989
[   52.214697] Code: e8 4c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b c8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   52.233879] RSP: 002b:00007ffcf076f4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   52.241613] RAX: ffffffffffffffda RBX: 00007ffcf076f500 RCX: 0000000000445989
[   52.248899] RDX: 0000000020000000 RSI: ffffffffffffffb2 RDI: 0000000000000003
[   52.256273] RBP: 0000000000000004 R08: 0000000000000001 R09: 0000000000000100
[   52.263555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   52.270838] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   52.278156] CPU: 0 PID: 6742 Comm: syz-executor977 Not tainted 4.19.0+ #80
[   52.285186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.294552] Call Trace:
[   52.297161]  dump_stack+0x244/0x39d
[   52.300802]  ? dump_stack_print_info.cold.1+0x20/0x20
[   52.306005]  ? printk+0xa7/0xcf
[   52.309307]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   52.314107]  print_address_description.cold.7+0x9/0x1ff
[   52.319485]  kasan_report.cold.8+0x242/0x309
[   52.323902]  ? drm_gem_object_release+0xf1/0x110
[   52.328671]  __asan_report_load8_noabort+0x14/0x20
[   52.333610]  drm_gem_object_release+0xf1/0x110
[   52.338203]  vgem_gem_dumb_create+0x1f8/0x260
[   52.342714]  drm_mode_create_dumb+0x28d/0x310
[   52.347223]  drm_mode_create_dumb_ioctl+0x25/0x30
[   52.352081]  drm_ioctl_kernel+0x245/0x2f0
[   52.356694]  ? drm_mode_create_dumb+0x310/0x310
[   52.361380]  ? drm_setversion+0x8b0/0x8b0
[   52.365539]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   52.371091]  ? _copy_from_user+0xdf/0x150
[   52.375258]  drm_ioctl+0x57a/0xb20
[   52.378807]  ? drm_mode_create_dumb+0x310/0x310
[   52.383495]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   52.388088]  ? proc_fail_nth_write+0x9e/0x210
[   52.392590]  ? proc_cwd_link+0x1d0/0x1d0
[   52.396658]  ? trace_hardirqs_off+0xb8/0x310
[   52.401076]  ? smk_tskacc+0x3dd/0x520
[   52.404886]  ? smack_privileged+0xd0/0xd0
[   52.409036]  ? vfs_write+0x2f3/0x560
[   52.412763]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   52.417095]  do_vfs_ioctl+0x1de/0x1720
[   52.420989]  ? __lock_is_held+0xb5/0x140
[   52.425089]  ? ioctl_preallocate+0x300/0x300
[   52.429507]  ? smk_curacc+0x7f/0xa0
[   52.433149]  ? smack_file_ioctl+0x210/0x3c0
[   52.437478]  ? fget_raw+0x20/0x20
[   52.440946]  ? smack_file_lock+0x2e0/0x2e0
[   52.445199]  ? do_syscall_64+0x9a/0x820
[   52.449182]  ? do_syscall_64+0x9a/0x820
[   52.453163]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.458713]  ? security_file_ioctl+0x94/0xc0
[   52.463132]  ksys_ioctl+0xa9/0xd0
[   52.466595]  __x64_sys_ioctl+0x73/0xb0
[   52.470489]  do_syscall_64+0x1b9/0x820
[   52.474390]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   52.479762]  ? syscall_return_slowpath+0x5e0/0x5e0
[   52.484695]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   52.489544]  ? trace_hardirqs_on_caller+0x310/0x310
[   52.494566]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   52.499590]  ? prepare_exit_to_usermode+0x291/0x3b0
[   52.504614]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   52.509473]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.514666] RIP: 0033:0x445989
[   52.517868] Code: e8 4c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b c8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   52.536786] RSP: 002b:00007ffcf076f4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   52.544504] RAX: ffffffffffffffda RBX: 00007ffcf076f500 RCX: 0000000000445989
[   52.551775] RDX: 0000000020000000 RSI: ffffffffffffffb2 RDI: 0000000000000003
[   52.559050] RBP: 0000000000000004 R08: 0000000000000001 R09: 0000000000000100
[   52.566342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   52.573620] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   52.580910] 
[   52.582546] Allocated by task 6742:
[   52.586178]  save_stack+0x43/0xd0
[   52.589632]  kasan_kmalloc+0xc7/0xe0
[   52.593350]  kmem_cache_alloc_trace+0x152/0x750
[   52.598029]  __vgem_gem_create+0x4c/0x100
[   52.602183]  vgem_gem_dumb_create+0xce/0x260
[   52.606591]  drm_mode_create_dumb+0x28d/0x310
[   52.611095]  drm_mode_create_dumb_ioctl+0x25/0x30
[   52.615947]  drm_ioctl_kernel+0x245/0x2f0
[   52.620101]  drm_ioctl+0x57a/0xb20
[   52.623650]  do_vfs_ioctl+0x1de/0x1720
[   52.627540]  ksys_ioctl+0xa9/0xd0
[   52.630997]  __x64_sys_ioctl+0x73/0xb0
[   52.634895]  do_syscall_64+0x1b9/0x820
[   52.638801]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.643990] 
[   52.645616] Freed by task 6742:
[   52.648910]  save_stack+0x43/0xd0
[   52.652384]  __kasan_slab_free+0x102/0x150
[   52.656627]  kasan_slab_free+0xe/0x10
[   52.660434]  kfree+0xcf/0x230
[   52.663547]  vgem_gem_free_object+0xb6/0xe0
[   52.667879]  drm_gem_object_free+0xf1/0x2b0
[   52.672207]  drm_gem_object_put_unlocked+0x14c/0x180
[   52.677327]  vgem_gem_dumb_create+0x120/0x260
[   52.681830]  drm_mode_create_dumb+0x28d/0x310
[   52.686335]  drm_mode_create_dumb_ioctl+0x25/0x30
[   52.691188]  drm_ioctl_kernel+0x245/0x2f0
[   52.695364]  drm_ioctl+0x57a/0xb20
[   52.698924]  do_vfs_ioctl+0x1de/0x1720
[   52.702822]  ksys_ioctl+0xa9/0xd0
[   52.706312]  __x64_sys_ioctl+0x73/0xb0
[   52.710218]  do_syscall_64+0x1b9/0x820
[   52.714119]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.719306] 
[   52.720945] The buggy address belongs to the object at ffff8801d83d3300
[   52.720945]  which belongs to the cache kmalloc-512 of size 512
[   52.733623] The buggy address is located 272 bytes inside of
[   52.733623]  512-byte region [ffff8801d83d3300, ffff8801d83d3500)
[   52.745518] The buggy address belongs to the page:
[   52.750464] page:ffffea000760f4c0 count:1 mapcount:0 mapping:ffff8801da800940 index:0x0
[   52.758619] flags: 0x2fffc0000000100(slab)
[   52.762869] raw: 02fffc0000000100 ffffea0007473948 ffffea0007471dc8 ffff8801da800940
[   52.770766] raw: 0000000000000000 ffff8801d83d3080 0000000100000006 0000000000000000
[   52.778652] page dumped because: kasan: bad access detected
[   52.784367] 
[   52.785993] Memory state around the buggy address:
[   52.790926]  ffff8801d83d3300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.798294]  ffff8801d83d3380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.805673] >ffff8801d83d3400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.813032]                          ^
[   52.816929]  ffff8801d83d3480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.824302]  ffff8801d83d3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.831679] ==================================================================
[   52.839046] Disabling lock debugging due to kernel taint
[   52.844498] ==================================================================
[   52.847969] CPU: 0 PID: 6778 Comm: syz-executor977 Tainted: G    B             4.19.0+ #80
[   52.851903] BUG: KASAN: double-free or invalid-free in vgem_gem_dumb_create+0x203/0x260
[   52.860286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.868410] 
[   52.879380] Call Trace:
[   52.881976]  dump_stack+0x244/0x39d
[   52.885609]  ? dump_stack_print_info.cold.1+0x20/0x20
[   52.890802]  ? mark_held_locks+0x130/0x130
[   52.895036]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.900574]  ? idr_get_free+0xa83/0xec0
[   52.904555]  should_fail.cold.4+0xa/0x17
[   52.908619]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   52.913729]  ? find_held_lock+0x36/0x1c0
[   52.917799]  ? find_held_lock+0x36/0x1c0
[   52.921879]  ? perf_trace_sched_process_exec+0x860/0x860
[   52.927344]  ? wait_for_completion+0x8a0/0x8a0
[   52.931940]  __should_failslab+0x124/0x180
[   52.936181]  should_failslab+0x9/0x14
[   52.940000]  kmem_cache_alloc_trace+0x2d7/0x750
[   52.944674]  ? kasan_check_read+0x11/0x20
[   52.948827]  ? do_raw_spin_unlock+0xa7/0x330
[   52.953240]  ? do_raw_spin_trylock+0x270/0x270
[   52.957863]  drm_vma_node_allow+0x5f/0x290
[   52.962133]  drm_gem_handle_create_tail+0x233/0x440
[   52.967158]  ? drm_gem_destroy+0xb0/0xb0
[   52.971236]  drm_gem_handle_create+0x52/0x60
[   52.975658]  vgem_gem_dumb_create+0x115/0x260
[   52.980160]  drm_mode_create_dumb+0x28d/0x310
[   52.984667]  drm_mode_create_dumb_ioctl+0x25/0x30
[   52.989530]  drm_ioctl_kernel+0x245/0x2f0
[   52.993681]  ? drm_mode_create_dumb+0x310/0x310
[   52.998371]  ? drm_setversion+0x8b0/0x8b0
[   53.002523]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   53.008068]  ? _copy_from_user+0xdf/0x150
[   53.012227]  drm_ioctl+0x57a/0xb20
[   53.015767]  ? drm_mode_create_dumb+0x310/0x310
[   53.020451]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   53.024772]  ? proc_fail_nth_write+0x9e/0x210
[   53.029281]  ? proc_cwd_link+0x1d0/0x1d0
[   53.033358]  ? trace_hardirqs_off+0xb8/0x310
[   53.037782]  ? smk_tskacc+0x3dd/0x520
[   53.041589]  ? smack_privileged+0xd0/0xd0
[   53.045739]  ? vfs_write+0x2f3/0x560
[   53.049460]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   53.053790]  do_vfs_ioctl+0x1de/0x1720
[   53.057685]  ? __lock_is_held+0xb5/0x140
[   53.061752]  ? ioctl_preallocate+0x300/0x300
[   53.066163]  ? smk_curacc+0x7f/0xa0
[   53.069792]  ? smack_file_ioctl+0x210/0x3c0
[   53.074117]  ? fget_raw+0x20/0x20
[   53.077571]  ? smack_file_lock+0x2e0/0x2e0
[   53.081815]  ? do_syscall_64+0x9a/0x820
[   53.085811]  ? do_syscall_64+0x9a/0x820
[   53.089793]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.095343]  ? security_file_ioctl+0x94/0xc0
[   53.099764]  ksys_ioctl+0xa9/0xd0
[   53.103222]  __x64_sys_ioctl+0x73/0xb0
[   53.107118]  do_syscall_64+0x1b9/0x820
[   53.111008]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   53.116383]  ? syscall_return_slowpath+0x5e0/0x5e0
[   53.121316]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   53.126176]  ? trace_hardirqs_on_caller+0x310/0x310
[   53.131199]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   53.136222]  ? prepare_exit_to_usermode+0x291/0x3b0
[   53.141242]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   53.146096]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.151284] RIP: 0033:0x445989
[   53.154477] Code: e8 4c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b c8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   53.173414] RSP: 002b:00007ffcf076f4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   53.181133] RAX: ffffffffffffffda RBX: 00007ffcf076f500 RCX: 0000000000445989
[   53.188416] RDX: 0000000020000000 RSI: ffffffffffffffb2 RDI: 0000000000000003
[   53.195724] RBP: 0000000000000004 R08: 0000000000000001 R09: 0000000000000100
[   53.203015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   53.210295] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   53.217603] CPU: 1 PID: 6767 Comm: syz-executor977 Tainted: G    B             4.19.0+ #80
[   53.226016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.235375] Call Trace:
[   53.237983]  dump_stack+0x244/0x39d
[   53.241631]  ? dump_stack_print_info.cold.1+0x20/0x20
[   53.246833]  ? printk+0xa7/0xcf
[   53.250136]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   53.254901]  ? debug_check_no_obj_freed+0x305/0x58d
[   53.259933]  print_address_description.cold.7+0x9/0x1ff
[   53.265344]  ? vgem_gem_dumb_create+0x203/0x260
[   53.270024]  kasan_report_invalid_free+0x64/0xa0
[   53.274788]  ? vgem_gem_dumb_create+0x203/0x260
[   53.279460]  __kasan_slab_free+0x13a/0x150
[   53.283704]  ? vgem_gem_dumb_create+0x203/0x260
[   53.288387]  kasan_slab_free+0xe/0x10
[   53.292195]  kfree+0xcf/0x230
[   53.295318]  vgem_gem_dumb_create+0x203/0x260
[   53.299832]  drm_mode_create_dumb+0x28d/0x310
[   53.304351]  drm_mode_create_dumb_ioctl+0x25/0x30
[   53.309206]  drm_ioctl_kernel+0x245/0x2f0
[   53.313359]  ? drm_mode_create_dumb+0x310/0x310
[   53.318039]  ? drm_setversion+0x8b0/0x8b0
[   53.322197]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   53.327743]  ? _copy_from_user+0xdf/0x150
[   53.331902]  drm_ioctl+0x57a/0xb20
[   53.335446]  ? drm_mode_create_dumb+0x310/0x310
[   53.340741]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   53.345068]  ? proc_fail_nth_write+0x9e/0x210
[   53.349572]  ? proc_cwd_link+0x1d0/0x1d0
[   53.353733]  ? trace_hardirqs_off+0xb8/0x310
[   53.358156]  ? smk_tskacc+0x3dd/0x520
[   53.361973]  ? smack_privileged+0xd0/0xd0
[   53.366125]  ? vfs_write+0x2f3/0x560
[   53.369848]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   53.374185]  do_vfs_ioctl+0x1de/0x1720
[   53.378082]  ? __lock_is_held+0xb5/0x140
[   53.382151]  ? ioctl_preallocate+0x300/0x300
[   53.386571]  ? smk_curacc+0x7f/0xa0
[   53.390211]  ? smack_file_ioctl+0x210/0x3c0
[   53.394545]  ? fget_raw+0x20/0x20
[   53.398006]  ? smack_file_lock+0x2e0/0x2e0
[   53.402284]  ? do_syscall_64+0x9a/0x820
[   53.406262]  ? do_syscall_64+0x9a/0x820
[   53.410336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.415893]  ? security_file_ioctl+0x94/0xc0
[   53.420314]  ksys_ioctl+0xa9/0xd0
[   53.423789]  __x64_sys_ioctl+0x73/0xb0
[   53.427689]  do_syscall_64+0x1b9/0x820
[   53.431586]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   53.436966]  ? syscall_return_slowpath+0x5e0/0x5e0
[   53.441907]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   53.446761]  ? trace_hardirqs_on_caller+0x310/0x310
[   53.451787]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   53.456813]  ? prepare_exit_to_usermode+0x291/0x3b0
[   53.461846]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   53.466715]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.471928] RIP: 0033:0x445989
[   53.475129] Code: e8 4c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b c8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   53.494560] RSP: 002b:00007ffcf076f4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   53.502285] RAX: ffffffffffffffda RBX: 00007ffcf076f500 RCX: 0000000000445989
[   53.509656] RDX: 0000000020000000 RSI: ffffffffffffffb2 RDI: 0000000000000003
[   53.516931] RBP: 0000000000000004 R08: 0000000000000001 R09: 0000000000000100
[   53.524204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   53.531478] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   53.538756] 
[   53.540383] Allocated by task 6767:
[   53.544014]  save_stack+0x43/0xd0
[   53.547469]  kasan_kmalloc+0xc7/0xe0
[   53.551182]  kmem_cache_alloc_trace+0x152/0x750
[   53.555858]  __vgem_gem_create+0x4c/0x100
[   53.560009]  vgem_gem_dumb_create+0xce/0x260
[   53.564415]  drm_mode_create_dumb+0x28d/0x310
[   53.568911]  drm_mode_create_dumb_ioctl+0x25/0x30
[   53.573762]  drm_ioctl_kernel+0x245/0x2f0
[   53.577915]  drm_ioctl+0x57a/0xb20
[   53.581462]  do_vfs_ioctl+0x1de/0x1720
[   53.585359]  ksys_ioctl+0xa9/0xd0
[   53.588817]  __x64_sys_ioctl+0x73/0xb0
[   53.592704]  do_syscall_64+0x1b9/0x820
[   53.596600]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.601780] 
[   53.603402] Freed by task 6767:
[   53.606687]  save_stack+0x43/0xd0
[   53.610149]  __kasan_slab_free+0x102/0x150
[   53.614408]  kasan_slab_free+0xe/0x10
[   53.618210]  kfree+0xcf/0x230
[   53.621317]  vgem_gem_free_object+0xb6/0xe0
[   53.625653]  drm_gem_object_free+0xf1/0x2b0
[   53.629982]  drm_gem_object_put_unlocked+0x14c/0x180
[   53.635091]  vgem_gem_dumb_create+0x120/0x260
[   53.639589]  drm_mode_create_dumb+0x28d/0x310
[   53.644086]  drm_mode_create_dumb_ioctl+0x25/0x30
[   53.648938]  drm_ioctl_kernel+0x245/0x2f0
[   53.653095]  drm_ioctl+0x57a/0xb20
[   53.656641]  do_vfs_ioctl+0x1de/0x1720
[   53.660534]  ksys_ioctl+0xa9/0xd0
[   53.663993]  __x64_sys_ioctl+0x73/0xb0
[   53.667885]  do_syscall_64+0x1b9/0x820
[   53.671776]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.676955] 
[   53.678587] The buggy address belongs to the object at ffff8801d4974080
[   53.678587]  which belongs to the cache kmalloc-512 of size 512
[   53.691270] The buggy address is located 0 bytes inside of
[   53.691270]  512-byte region [ffff8801d4974080, ffff8801d4974280)
[   53.702979] The buggy address belongs to the page:
[   53.707939] page:ffffea0007525d00 count:1 mapcount:0 mapping:ffff8801da800940 index:0x0
[   53.716094] flags: 0x2fffc0000000100(slab)
[   53.720345] raw: 02fffc0000000100 ffffea0007558e48 ffffea00071d0508 ffff8801da800940
[   53.728237] raw: 0000000000000000 ffff8801d4974080 0000000100000006 0000000000000000
[   53.736115] page dumped because: kasan: bad access detected
[   53.741824] 
[   53.743453] Memory state around the buggy address:
[   53.748386]  ffff8801d4973f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.755755]  ffff8801d4974000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.763134] >ffff8801d4974080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.770493]                    ^
[   53.773867]  ffff8801d4974100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.781231]  ffff8801d4974180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.788604] ==================================================================
[   53.795968] ==================================================================
[   53.795974] Kernel panic - not syncing: panic_on_warn set ...
[   53.795974] 
[   53.795995] CPU: 1 PID: 6767 Comm: syz-executor977 Tainted: G    B             4.19.0+ #80
[   53.803379] BUG: KASAN: double-free or invalid-free in vgem_gem_dumb_create+0x203/0x260
[   53.810721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.819116] 
[   53.827249] Call Trace:
[   53.840808]  dump_stack+0x244/0x39d
[   53.844456]  ? dump_stack_print_info.cold.1+0x20/0x20
[   53.849664]  ? lock_downgrade+0x900/0x900
[   53.853829]  ? vgem_gem_dumb_create+0x1f0/0x260
[   53.858508]  panic+0x238/0x4e7
[   53.861707]  ? add_taint.cold.5+0x16/0x16
[   53.865870]  ? print_shadow_for_address+0xb6/0x116
[   53.870802]  ? trace_hardirqs_off+0xaf/0x310
[   53.875220]  ? vgem_gem_dumb_create+0x203/0x260
[   53.879896]  kasan_end_report+0x47/0x4f
[   53.883882]  kasan_report_invalid_free+0x81/0xa0
[   53.888644]  ? vgem_gem_dumb_create+0x203/0x260
[   53.893313]  __kasan_slab_free+0x13a/0x150
[   53.897562]  ? vgem_gem_dumb_create+0x203/0x260
[   53.902233]  kasan_slab_free+0xe/0x10
[   53.906034]  kfree+0xcf/0x230
[   53.909187]  vgem_gem_dumb_create+0x203/0x260
[   53.913687]  drm_mode_create_dumb+0x28d/0x310
[   53.918186]  drm_mode_create_dumb_ioctl+0x25/0x30
[   53.923040]  drm_ioctl_kernel+0x245/0x2f0
[   53.927194]  ? drm_mode_create_dumb+0x310/0x310
[   53.931871]  ? drm_setversion+0x8b0/0x8b0
[   53.936025]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   53.941577]  ? _copy_from_user+0xdf/0x150
[   53.945732]  drm_ioctl+0x57a/0xb20
[   53.949276]  ? drm_mode_create_dumb+0x310/0x310
[   53.953957]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   53.958283]  ? proc_fail_nth_write+0x9e/0x210
[   53.962781]  ? proc_cwd_link+0x1d0/0x1d0
[   53.966859]  ? trace_hardirqs_off+0xb8/0x310
[   53.971272]  ? smk_tskacc+0x3dd/0x520
[   53.975076]  ? smack_privileged+0xd0/0xd0
[   53.979224]  ? vfs_write+0x2f3/0x560
[   53.982946]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   53.987271]  do_vfs_ioctl+0x1de/0x1720
[   53.991163]  ? __lock_is_held+0xb5/0x140
[   53.995240]  ? ioctl_preallocate+0x300/0x300
[   53.999650]  ? smk_curacc+0x7f/0xa0
[   54.003279]  ? smack_file_ioctl+0x210/0x3c0
[   54.007603]  ? fget_raw+0x20/0x20
[   54.011062]  ? smack_file_lock+0x2e0/0x2e0
[   54.015309]  ? do_syscall_64+0x9a/0x820
[   54.019305]  ? do_syscall_64+0x9a/0x820
[   54.023302]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.028869]  ? security_file_ioctl+0x94/0xc0
[   54.033290]  ksys_ioctl+0xa9/0xd0
[   54.036767]  __x64_sys_ioctl+0x73/0xb0
[   54.040679]  do_syscall_64+0x1b9/0x820
[   54.044573]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   54.049948]  ? syscall_return_slowpath+0x5e0/0x5e0
[   54.054887]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   54.059735]  ? trace_hardirqs_on_caller+0x310/0x310
[   54.064764]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   54.069799]  ? prepare_exit_to_usermode+0x291/0x3b0
[   54.074841]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   54.079712]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.084908] RIP: 0033:0x445989
[   54.088107] Code: e8 4c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b c8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   54.107013] RSP: 002b:00007ffcf076f4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   54.114760] RAX: ffffffffffffffda RBX: 00007ffcf076f500 RCX: 0000000000445989
[   54.122038] RDX: 0000000020000000 RSI: ffffffffffffffb2 RDI: 0000000000000003
[   54.129316] RBP: 0000000000000004 R08: 0000000000000001 R09: 0000000000000100
[   54.136604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   54.143889] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   54.151194] CPU: 0 PID: 6770 Comm: syz-executor977 Tainted: G    B             4.19.0+ #80
[   54.159615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.168978] Call Trace:
[   54.171582]  dump_stack+0x244/0x39d
[   54.175214]  ? dump_stack_print_info.cold.1+0x20/0x20
[   54.180411]  ? printk+0xa7/0xcf
[   54.183787]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   54.188553]  ? debug_check_no_obj_freed+0x305/0x58d
[   54.193587]  print_address_description.cold.7+0x9/0x1ff
[   54.198963]  ? vgem_gem_dumb_create+0x203/0x260
[   54.203639]  kasan_report_invalid_free+0x64/0xa0
[   54.208425]  ? vgem_gem_dumb_create+0x203/0x260
[   54.213110]  __kasan_slab_free+0x13a/0x150
[   54.217370]  ? vgem_gem_dumb_create+0x203/0x260
[   54.222055]  kasan_slab_free+0xe/0x10
[   54.225884]  kfree+0xcf/0x230
[   54.229015]  vgem_gem_dumb_create+0x203/0x260
[   54.233520]  drm_mode_create_dumb+0x28d/0x310
[   54.238038]  drm_mode_create_dumb_ioctl+0x25/0x30
[   54.242894]  drm_ioctl_kernel+0x245/0x2f0
[   54.247051]  ? drm_mode_create_dumb+0x310/0x310
[   54.251727]  ? drm_setversion+0x8b0/0x8b0
[   54.255879]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   54.261428]  ? _copy_from_user+0xdf/0x150
[   54.265589]  drm_ioctl+0x57a/0xb20
[   54.269134]  ? drm_mode_create_dumb+0x310/0x310
[   54.273814]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   54.278141]  ? proc_fail_nth_write+0x9e/0x210
[   54.282642]  ? proc_cwd_link+0x1d0/0x1d0
[   54.286726]  ? trace_hardirqs_off+0xb8/0x310
[   54.291143]  ? smk_tskacc+0x3dd/0x520
[   54.294952]  ? smack_privileged+0xd0/0xd0
[   54.299103]  ? vfs_write+0x2f3/0x560
[   54.302844]  ? drm_ioctl_kernel+0x2f0/0x2f0
[   54.307175]  do_vfs_ioctl+0x1de/0x1720
[   54.311066]  ? __lock_is_held+0xb5/0x140
[   54.315135]  ? ioctl_preallocate+0x300/0x300
[   54.319551]  ? smk_curacc+0x7f/0xa0
[   54.323180]  ? smack_file_ioctl+0x210/0x3c0
[   54.327512]  ? fget_raw+0x20/0x20
[   54.330969]  ? smack_file_lock+0x2e0/0x2e0
[   54.335217]  ? do_syscall_64+0x9a/0x820
[   54.339199]  ? do_syscall_64+0x9a/0x820
[   54.343187]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.348743]  ? security_file_ioctl+0x94/0xc0
[   54.353163]  ksys_ioctl+0xa9/0xd0
[   54.357045]  __x64_sys_ioctl+0x73/0xb0
[   54.360941]  do_syscall_64+0x1b9/0x820
[   54.364834]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   54.370204]  ? syscall_return_slowpath+0x5e0/0x5e0
[   54.375145]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   54.379992]  ? trace_hardirqs_on_caller+0x310/0x310
[   54.385017]  ? prepare_exit_to_usermode+0x291/0x3b0
[   54.390052]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   54.394911]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.400105] RIP: 0033:0x445989
[   54.403308] Code: e8 4c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b c8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   54.422228] RSP: 002b:00007ffcf076f4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   54.429948] RAX: ffffffffffffffda RBX: 00007ffcf076f500 RCX: 0000000000445989
[   54.437222] RDX: 0000000020000000 RSI: ffffffffffffffb2 RDI: 0000000000000003
[   54.444497] RBP: 0000000000000004 R08: 0000000000000001 R09: 0000000000000100
[   54.451779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   54.459232] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   54.466529] 
[   54.468157] Allocated by task 6770:
[   54.471793]  save_stack+0x43/0xd0
[   54.475250]  kasan_kmalloc+0xc7/0xe0
[   54.478966]  kmem_cache_alloc_trace+0x152/0x750
[   54.483645]  __vgem_gem_create+0x4c/0x100
[   54.487807]  vgem_gem_dumb_create+0xce/0x260
[   54.492228]  drm_mode_create_dumb+0x28d/0x310
[   54.496729]  drm_mode_create_dumb_ioctl+0x25/0x30
[   54.501587]  drm_ioctl_kernel+0x245/0x2f0
[   54.505765]  drm_ioctl+0x57a/0xb20
[   54.509316]  do_vfs_ioctl+0x1de/0x1720
[   54.513220]  ksys_ioctl+0xa9/0xd0
[   54.516682]  __x64_sys_ioctl+0x73/0xb0
[   54.520577]  do_syscall_64+0x1b9/0x820
[   54.524470]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.529648] 
[   54.531274] Freed by task 6770:
[   54.534558]  save_stack+0x43/0xd0
[   54.538009]  __kasan_slab_free+0x102/0x150
[   54.542247]  kasan_slab_free+0xe/0x10
[   54.546042]  kfree+0xcf/0x230
[   54.549153]  vgem_gem_free_object+0xb6/0xe0
[   54.553472]  drm_gem_object_free+0xf1/0x2b0
[   54.557803]  drm_gem_object_put_unlocked+0x14c/0x180
[   54.562906]  vgem_gem_dumb_create+0x120/0x260
[   54.567400]  drm_mode_create_dumb+0x28d/0x310
[   54.571893]  drm_mode_create_dumb_ioctl+0x25/0x30
[   54.576737]  drm_ioctl_kernel+0x245/0x2f0
[   54.580884]  drm_ioctl+0x57a/0xb20
[   54.584424]  do_vfs_ioctl+0x1de/0x1720
[   54.588310]  ksys_ioctl+0xa9/0xd0
[   54.591772]  __x64_sys_ioctl+0x73/0xb0
[   54.595657]  do_syscall_64+0x1b9/0x820
[   54.599552]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.604735] 
[   54.606373] The buggy address belongs to the object at ffff8801d55c5280
[   54.606373]  which belongs to the cache kmalloc-512 of size 512
[   54.619043] The buggy address is located 0 bytes inside of
[   54.619043]  512-byte region [ffff8801d55c5280, ffff8801d55c5480)
[   54.630833] The buggy address belongs to the page:
[   54.635772] page:ffffea0007557140 count:1 mapcount:0 mapping:ffff8801da800940 index:0x0
[   54.643918] flags: 0x2fffc0000000100(slab)
[   54.648155] raw: 02fffc0000000100 ffffea0006e9ac88 ffffea0006e6a088 ffff8801da800940
[   54.656043] raw: 0000000000000000 ffff8801d55c5000 0000000100000006 0000000000000000
[   54.663920] page dumped because: kasan: bad access detected
[   54.669633] 
[   54.671253] Memory state around the buggy address:
[   54.676181]  ffff8801d55c5180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.683544]  ffff8801d55c5200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.690909] >ffff8801d55c5280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.698271]                    ^
[   54.701640]  ffff8801d55c5300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.709004]  ffff8801d55c5380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.716367] ==================================================================
[   55.293520] Shutting down cpus with NMI
[   55.298399] Kernel Offset: disabled
[   55.302030] Rebooting in 86400 seconds..