[ 39.210798] IPVS: ftp: loaded support on port[0] = 21 [ 40.418067] can: request_module (can-proto-0) failed. [ 40.431558] can: request_module (can-proto-0) failed. [ 40.440238] can: request_module (can-proto-0) failed. [ 40.612478] audit: type=1400 audit(1579258769.398:37): avc: denied { create } for pid=6834 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 40.636607] audit: type=1400 audit(1579258769.398:38): avc: denied { create } for pid=6834 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 40.660856] audit: type=1400 audit(1579258769.398:39): avc: denied { create } for pid=6834 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 40.827440] random: sshd: uninitialized urandom read (32 bytes read) [ 41.575077] random: sshd: uninitialized urandom read (32 bytes read) [ 41.771358] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.47' (ECDSA) to the list of known hosts. 2020/01/17 10:59:36 parsed 1 programs 2020/01/17 10:59:36 executed programs: 0 [ 47.731994] audit: type=1400 audit(1579258776.508:40): avc: denied { map } for pid=6906 comm="syz-execprog" path="/root/syzkaller-shm256711070" dev="sda1" ino=16492 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 47.980844] IPVS: ftp: loaded support on port[0] = 21 [ 48.745748] IPVS: ftp: loaded support on port[0] = 21 [ 48.786151] chnl_net:caif_netlink_parms(): no params data found [ 48.833590] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.840193] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.847169] device bridge_slave_0 entered promiscuous mode [ 48.854771] IPVS: ftp: loaded support on port[0] = 21 [ 48.855254] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.866901] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.874775] device bridge_slave_1 entered promiscuous mode [ 48.913972] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.924262] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.935615] chnl_net:caif_netlink_parms(): no params data found [ 48.961427] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.968487] team0: Port device team_slave_0 added [ 48.980732] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.987775] team0: Port device team_slave_1 added [ 48.993155] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.006080] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.033861] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.040335] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.047408] device bridge_slave_0 entered promiscuous mode [ 49.054465] IPVS: ftp: loaded support on port[0] = 21 [ 49.111746] device hsr_slave_0 entered promiscuous mode [ 49.150244] device hsr_slave_1 entered promiscuous mode [ 49.190606] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 49.197388] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.203894] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.211684] device bridge_slave_1 entered promiscuous mode [ 49.232680] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 49.240420] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.250586] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.286600] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.293931] team0: Port device team_slave_0 added [ 49.301391] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.308542] team0: Port device team_slave_1 added [ 49.314001] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.335543] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.353700] chnl_net:caif_netlink_parms(): no params data found [ 49.422080] device hsr_slave_0 entered promiscuous mode [ 49.460297] device hsr_slave_1 entered promiscuous mode [ 49.503359] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.509835] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.516895] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.523461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.537520] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 49.545012] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 49.553126] IPVS: ftp: loaded support on port[0] = 21 [ 49.589638] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.596405] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.604517] device bridge_slave_0 entered promiscuous mode [ 49.612671] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.619726] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.626899] device bridge_slave_1 entered promiscuous mode [ 49.669560] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.680330] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.707357] chnl_net:caif_netlink_parms(): no params data found [ 49.719456] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.726618] team0: Port device team_slave_0 added [ 49.732752] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.739776] team0: Port device team_slave_1 added [ 49.746988] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.755747] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.762130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.768700] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.775379] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.805036] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.825612] IPVS: ftp: loaded support on port[0] = 21 [ 49.829296] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 49.837364] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.854637] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.861139] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.868089] device bridge_slave_0 entered promiscuous mode [ 49.875226] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.882854] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.889658] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 49.897551] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.904364] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.921950] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 49.973288] device hsr_slave_0 entered promiscuous mode [ 50.010334] device hsr_slave_1 entered promiscuous mode [ 50.050319] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.056689] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.063809] device bridge_slave_1 entered promiscuous mode [ 50.080265] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.088621] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.099805] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.106850] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.114217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.121761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.130433] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.184447] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 50.192065] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.206736] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.214846] team0: Port device team_slave_0 added [ 50.222985] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.230499] team0: Port device team_slave_1 added [ 50.241615] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.251721] chnl_net:caif_netlink_parms(): no params data found [ 50.262841] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.271069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.278751] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.286426] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.292837] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.302836] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.331532] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.339044] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.358652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.366778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.374474] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.380963] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.432219] device hsr_slave_0 entered promiscuous mode [ 50.480310] device hsr_slave_1 entered promiscuous mode [ 50.520678] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.527723] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.580805] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 50.593846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.603762] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.610628] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.617534] device bridge_slave_0 entered promiscuous mode [ 50.624811] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.631922] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.638841] device bridge_slave_1 entered promiscuous mode [ 50.648876] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 50.658752] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.665917] chnl_net:caif_netlink_parms(): no params data found [ 50.675744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.690592] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.714256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.722282] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.729835] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.740189] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.747121] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.755476] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.775008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.783048] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.796408] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.822553] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.829128] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.835811] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.843157] device bridge_slave_0 entered promiscuous mode [ 50.849444] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.857307] team0: Port device team_slave_0 added [ 50.864924] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 50.873284] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.880944] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.887925] device bridge_slave_1 entered promiscuous mode [ 50.894776] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.902566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.910501] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.917503] team0: Port device team_slave_1 added [ 50.926986] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.935405] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 50.952390] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.959824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.967465] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.978993] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.987378] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 50.993532] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.010406] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.022690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.029485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.044075] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 51.050297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.058315] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.067700] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.112456] device hsr_slave_0 entered promiscuous mode [ 51.160974] device hsr_slave_1 entered promiscuous mode [ 51.200766] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.208186] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.223365] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.236367] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.246832] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 51.260712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.268684] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.276689] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.283066] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.291540] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.299238] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.310226] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.320619] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.327816] team0: Port device team_slave_0 added [ 51.334104] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.341055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.349777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.358247] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.364705] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.371983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.379525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.386488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.393977] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.401763] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 51.409049] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.416435] team0: Port device team_slave_1 added [ 51.422274] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.429592] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.442404] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.448552] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.457134] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 51.463862] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 51.475272] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.487344] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.495780] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.503087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.513512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.520452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.535025] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.541988] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.551441] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 51.562357] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.592393] device hsr_slave_0 entered promiscuous mode [ 51.640434] device hsr_slave_1 entered promiscuous mode [ 51.703451] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.712644] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.719759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.727518] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.735639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.743761] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.751877] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.758247] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.765291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.773223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.780871] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.787245] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.794222] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.801126] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.809098] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.820817] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.830909] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 51.838503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.846392] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.857980] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.864382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.871612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.879246] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.887708] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.895551] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.903947] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.913297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.922720] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.930221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.937900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.946254] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.952663] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.961079] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 51.969706] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 51.977710] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.987428] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.999909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.007742] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.015312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.023195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.030864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.038871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.048830] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.055601] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.063902] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.072977] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.081923] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.090845] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.102952] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 52.110575] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.116979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.127288] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.134995] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.142896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.150628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.158025] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.164993] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.173577] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.202255] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.214259] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.224380] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.236188] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.248286] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.256449] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.271101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.284164] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.294385] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.305313] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.319712] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.332945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.345218] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.357100] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.365233] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.375369] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.383192] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.391187] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.398605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.406682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.414493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.422218] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.431649] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.437655] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.451118] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.457145] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.466278] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.475941] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.483272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.499726] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 52.507993] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.514510] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.523797] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.534836] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 52.548848] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.560512] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.566959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.575078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.583290] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.589729] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.596735] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.603559] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.610538] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.617224] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.624267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.633446] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.646689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.654523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.662259] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.668596] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.678914] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.691077] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.706109] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.712934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.723483] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.732782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.752021] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.765366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.776962] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.785115] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.793524] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.803268] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.812884] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.823294] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 52.833319] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.846876] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.853433] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.866881] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.874745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.883011] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.891640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.899246] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.907055] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.919701] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 52.929698] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.937404] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.947114] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.976860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.987012] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.997402] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.012058] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.019529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready 2020/01/17 10:59:41 executed programs: 15 [ 53.027226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.039027] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 53.047196] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.061321] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.068602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.078030] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.088504] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.094892] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.106582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.118872] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.126710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.134651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.142204] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.148534] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.158340] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.165644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.175350] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.182890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.193531] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.200761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.209171] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.217470] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.226402] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 53.233583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.241767] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.251581] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 53.258284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.266281] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.275534] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 53.286229] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.294516] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.307548] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.314571] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.327424] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 53.335296] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 53.342497] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 53.349227] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 53.368487] 8021q: adding VLAN 0 to HW filter on device batadv0 2020/01/17 10:59:47 executed programs: 156 2020/01/17 10:59:52 executed programs: 381 2020/01/17 10:59:57 executed programs: 597 2020/01/17 11:00:02 executed programs: 748 2020/01/17 11:00:07 executed programs: 920 2020/01/17 11:00:13 executed programs: 1094 2020/01/17 11:00:18 executed programs: 1275 2020/01/17 11:00:23 executed programs: 1433 2020/01/17 11:00:28 executed programs: 1611 2020/01/17 11:00:33 executed programs: 1772 2020/01/17 11:00:38 executed programs: 1920 2020/01/17 11:00:43 executed programs: 2034 2020/01/17 11:00:48 executed programs: 2169 2020/01/17 11:00:53 executed programs: 2277 2020/01/17 11:00:58 executed programs: 2387 2020/01/17 11:01:03 executed programs: 2508 2020/01/17 11:01:08 executed programs: 2645 2020/01/17 11:01:13 executed programs: 2772 2020/01/17 11:01:18 executed programs: 2902 2020/01/17 11:01:24 executed programs: 3011 2020/01/17 11:01:29 executed programs: 3121 2020/01/17 11:01:34 executed programs: 3232 2020/01/17 11:01:39 executed programs: 3344 2020/01/17 11:01:44 executed programs: 3446 2020/01/17 11:01:49 executed programs: 3551 2020/01/17 11:01:54 executed programs: 3646 2020/01/17 11:01:59 executed programs: 3730 2020/01/17 11:02:04 executed programs: 3830 2020/01/17 11:02:09 executed programs: 3928 2020/01/17 11:02:14 executed programs: 4027 2020/01/17 11:02:19 executed programs: 4132 2020/01/17 11:02:24 executed programs: 4223 2020/01/17 11:02:29 executed programs: 4321 2020/01/17 11:02:34 executed programs: 4420 2020/01/17 11:02:39 executed programs: 4511 2020/01/17 11:02:44 executed programs: 4601 2020/01/17 11:02:50 executed programs: 4692 2020/01/17 11:02:55 executed programs: 4778 2020/01/17 11:03:00 executed programs: 4868 2020/01/17 11:03:05 executed programs: 4947 2020/01/17 11:03:10 executed programs: 5035 2020/01/17 11:03:15 executed programs: 5122 2020/01/17 11:03:20 executed programs: 5210 2020/01/17 11:03:25 executed programs: 5293 2020/01/17 11:03:30 executed programs: 5381 2020/01/17 11:03:35 executed programs: 5463 2020/01/17 11:03:40 executed programs: 5541 2020/01/17 11:03:45 executed programs: 5618 2020/01/17 11:03:50 executed programs: 5695 2020/01/17 11:03:56 executed programs: 5771 2020/01/17 11:04:01 executed programs: 5848 2020/01/17 11:04:06 executed programs: 5925 2020/01/17 11:04:11 executed programs: 6000 2020/01/17 11:04:16 executed programs: 6075 2020/01/17 11:04:21 executed programs: 6146 2020/01/17 11:04:26 executed programs: 6223 2020/01/17 11:04:31 executed programs: 6296 2020/01/17 11:04:36 executed programs: 6367 2020/01/17 11:04:41 executed programs: 6440 2020/01/17 11:04:46 executed programs: 6510 2020/01/17 11:04:51 executed programs: 6581 2020/01/17 11:04:56 executed programs: 6651 2020/01/17 11:05:01 executed programs: 6717 [ 373.085579] random: crng init done [ 373.562377] libceph: connect [d::]:6789 error -101 [ 373.568339] libceph: mon0 [d::]:6789 connect error [ 373.774936] libceph: connect [d::]:6789 error -101 [ 373.779982] libceph: mon0 [d::]:6789 connect error [ 373.820514] libceph: connect [d::]:6789 error -101 [ 373.825559] libceph: mon0 [d::]:6789 connect error [ 373.913530] libceph: connect [d::]:6789 error -101 [ 373.926850] libceph: mon0 [d::]:6789 connect error [ 374.010857] libceph: connect [d::]:6789 error -101 [ 374.017916] libceph: mon0 [d::]:6789 connect error [ 375.030405] libceph: connect [d::]:6789 error -101 [ 375.035847] libceph: mon0 [d::]:6789 connect error [ 375.047648] libceph: connect [d::]:6789 error -101 [ 375.053193] libceph: mon0 [d::]:6789 connect error [ 375.058948] libceph: connect [d::]:6789 error -101 [ 375.069253] libceph: mon0 [d::]:6789 connect error [ 375.075110] libceph: connect [d::]:6789 error -101 [ 375.085278] libceph: mon0 [d::]:6789 connect error [ 376.070501] libceph: connect [d::]:6789 error -101 [ 376.076515] libceph: mon0 [d::]:6789 connect error [ 376.092869] libceph: connect [d::]:6789 error -101 [ 376.098684] libceph: mon0 [d::]:6789 connect error [ 376.108598] libceph: connect [d::]:6789 error -101 [ 376.116879] libceph: mon0 [d::]:6789 connect error [ 377.030764] libceph: connect [d::]:6789 error -101 [ 377.036104] libceph: mon0 [d::]:6789 connect error [ 378.071958] libceph: mon1 [::6]:6789 socket closed (con state CONNECTING) [ 378.079075] libceph: mon1 [::6]:6789 socket closed (con state CONNECTING) [ 378.091664] libceph: mon1 [::6]:6789 socket closed (con state CONNECTING) [ 378.099002] libceph: mon1 [::6]:6789 socket closed (con state CONNECTING) [ 378.692026] libceph: connect [d::]:6789 error -101 [ 378.889102] libceph: mon0 [d::]:6789 connect error 2020/01/17 11:05:08 executed programs: 6720 [ 379.742484] libceph: connect [d::]:6789 error -101 [ 379.747523] libceph: mon0 [d::]:6789 connect error [ 379.761753] libceph: connect [d::]:6789 error -101 [ 380.195527] syz-executor.2: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 382.829100] syz-executor.2: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 382.845423] syz-executor.0: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 382.865203] syz-executor.4: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 382.879596] syz-executor.2: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 382.893373] syz-executor.3: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 382.907515] syz-executor.2: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 382.933144] syz-executor.4: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 382.948834] syz-executor.3: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 382.967178] syz-executor.1: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 383.123037] libceph: mon0 [d::]:6789 connect error [ 383.128261] libceph: connect [d::]:6789 error -101 [ 384.910079] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 384.915741] CPU: 0 PID: 13715 Comm: syz-executor.3 Not tainted 4.14.165-syzkaller #0 [ 384.923611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 384.933024] Call Trace: [ 384.935689] dump_stack+0xf7/0x13b [ 384.939240] warn_alloc.cold.114+0xa2/0x1be [ 384.943564] ? zone_watermark_ok_safe+0x260/0x260 [ 384.948400] ? compaction_deferred+0x1fe/0x2d0 [ 384.952975] ? __alloc_pages_direct_compact+0xc2/0x330 [ 384.958274] __alloc_pages_slowpath+0x2052/0x2650 [ 384.963119] ? warn_alloc+0x100/0x100 [ 384.966922] ? get_page_from_freelist+0x1046/0x23b0 [ 384.971931] ? __might_sleep+0x93/0xb0 [ 384.975829] __alloc_pages_nodemask+0x60d/0x770 [ 384.980516] ? __alloc_pages_slowpath+0x2650/0x2650 [ 384.985522] ? cache_grow_begin+0x331/0x3f0 [ 384.989973] cache_grow_begin+0x80/0x3f0 [ 384.994021] fallback_alloc+0x203/0x2c0 [ 384.997975] ____cache_alloc_node+0x1c7/0x1e0 [ 385.002452] __kmalloc+0x213/0x7b0 [ 385.005999] ? __lockdep_init_map+0x105/0x550 [ 385.010486] ? mempool_kmalloc+0x10/0x20 [ 385.014529] ? mempool_resize+0x5e0/0x5e0 [ 385.018669] mempool_kmalloc+0x10/0x20 [ 385.022548] mempool_create_node+0x296/0x370 [ 385.026937] mempool_create+0x15/0x20 [ 385.030717] ceph_mount+0x68e/0x15a8 [ 385.034413] ? __lockdep_init_map+0x105/0x550 [ 385.038901] mount_fs+0x7f/0x269 [ 385.042274] ? alloc_vfsmnt+0x470/0x750 [ 385.046234] vfs_kern_mount.part.33+0x58/0x3c0 [ 385.050798] do_mount+0x36b/0x26a0 [ 385.054333] ? __might_fault+0xf1/0x1b0 [ 385.058305] ? copy_mount_string+0x20/0x20 [ 385.062541] ? kasan_check_write+0x14/0x20 [ 385.066766] ? _copy_from_user+0x9c/0xd0 [ 385.070816] ? memdup_user+0x4a/0x80 [ 385.074563] SyS_mount+0xb8/0xd0 [ 385.077918] ? copy_mnt_ns+0xae0/0xae0 [ 385.081787] do_syscall_64+0x1c7/0x5b0 [ 385.085666] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 385.090565] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 385.095747] RIP: 0033:0x45a219 [ 385.098923] RSP: 002b:00007f6488510c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 385.106623] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a219 [ 385.113883] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000500 [ 385.121140] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 385.128402] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f64885116d4 [ 385.135659] R13: 00000000004c6d95 R14: 00000000004dc508 R15: 00000000ffffffff [ 385.155548] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 385.161347] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 385.166718] CPU: 0 PID: 13678 Comm: syz-executor.3 Not tainted 4.14.165-syzkaller #0 [ 385.175192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 385.184533] Call Trace: [ 385.187109] dump_stack+0xf7/0x13b [ 385.190632] warn_alloc.cold.114+0xa2/0x1be [ 385.195031] ? zone_watermark_ok_safe+0x260/0x260 [ 385.199963] ? defer_compaction+0x20d/0x2b0 [ 385.204276] ? __alloc_pages_direct_compact+0x28d/0x330 [ 385.209633] __alloc_pages_slowpath+0x2052/0x2650 [ 385.214464] ? warn_alloc+0x100/0x100 [ 385.218503] ? get_page_from_freelist+0x1046/0x23b0 [ 385.223512] ? __might_sleep+0x93/0xb0 [ 385.227475] __alloc_pages_nodemask+0x60d/0x770 [ 385.232133] ? __alloc_pages_slowpath+0x2650/0x2650 [ 385.237134] ? cache_grow_begin+0x331/0x3f0 [ 385.241439] cache_grow_begin+0x80/0x3f0 [ 385.245497] fallback_alloc+0x203/0x2c0 [ 385.249458] ____cache_alloc_node+0x1c7/0x1e0 [ 385.253947] __kmalloc+0x213/0x7b0 [ 385.257513] ? __lockdep_init_map+0x105/0x550 [ 385.261988] ? mempool_kmalloc+0x10/0x20 [ 385.266048] ? mempool_resize+0x5e0/0x5e0 [ 385.270187] mempool_kmalloc+0x10/0x20 [ 385.274136] mempool_create_node+0x296/0x370 [ 385.278545] mempool_create+0x15/0x20 [ 385.282360] ceph_mount+0x68e/0x15a8 [ 385.286053] ? __lockdep_init_map+0x105/0x550 [ 385.290529] mount_fs+0x7f/0x269 [ 385.293875] ? alloc_vfsmnt+0x470/0x750 [ 385.297905] vfs_kern_mount.part.33+0x58/0x3c0 [ 385.302485] do_mount+0x36b/0x26a0 [ 385.306039] ? __might_fault+0xf1/0x1b0 [ 385.310011] ? copy_mount_string+0x20/0x20 [ 385.314247] ? kasan_check_write+0x14/0x20 [ 385.318613] ? _copy_from_user+0x9c/0xd0 [ 385.322672] ? memdup_user+0x4a/0x80 [ 385.326384] SyS_mount+0xb8/0xd0 [ 385.329744] ? copy_mnt_ns+0xae0/0xae0 [ 385.333620] do_syscall_64+0x1c7/0x5b0 [ 385.337513] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 385.342370] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 385.347549] RIP: 0033:0x45a219 [ 385.350723] RSP: 002b:00007f6488510c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 385.358774] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a219 [ 385.366034] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000500 [ 385.373292] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 385.380550] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f64885116d4 [ 385.387806] R13: 00000000004c6d95 R14: 00000000004dc508 R15: 00000000ffffffff [ 385.399689] warn_alloc: 231 callbacks suppressed [ 385.399692] syz-executor.0: [ 385.405032] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 385.424672] syz-executor.1: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 385.451953] syz-executor.5: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 385.462748] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 385.468138] CPU: 0 PID: 15607 Comm: syz-executor.2 Not tainted 4.14.165-syzkaller #0 [ 385.475996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 385.485338] Call Trace: [ 385.487937] dump_stack+0xf7/0x13b [ 385.491460] warn_alloc.cold.114+0xa2/0x1be [ 385.495770] ? zone_watermark_ok_safe+0x260/0x260 [ 385.500596] ? __alloc_pages_direct_compact+0xc2/0x330 [ 385.505868] __alloc_pages_slowpath+0x2052/0x2650 [ 385.510722] ? warn_alloc+0x100/0x100 [ 385.514501] ? get_page_from_freelist+0x1046/0x23b0 [ 385.519519] ? __might_sleep+0x93/0xb0 [ 385.523409] __alloc_pages_nodemask+0x60d/0x770 [ 385.528060] ? __alloc_pages_slowpath+0x2650/0x2650 [ 385.533119] ? cache_grow_begin+0x331/0x3f0 [ 385.537449] cache_grow_begin+0x80/0x3f0 [ 385.541507] fallback_alloc+0x203/0x2c0 [ 385.545463] ____cache_alloc_node+0x1c7/0x1e0 [ 385.549965] __kmalloc+0x213/0x7b0 [ 385.553499] ? __lockdep_init_map+0x105/0x550 [ 385.557973] ? mempool_kmalloc+0x10/0x20 [ 385.562029] ? mempool_resize+0x5e0/0x5e0 [ 385.566156] mempool_kmalloc+0x10/0x20 [ 385.570026] mempool_create_node+0x296/0x370 [ 385.574481] mempool_create+0x15/0x20 [ 385.578260] ceph_mount+0x68e/0x15a8 [ 385.582220] ? __lockdep_init_map+0x105/0x550 [ 385.586714] mount_fs+0x7f/0x269 [ 385.590067] ? alloc_vfsmnt+0x470/0x750 [ 385.594040] vfs_kern_mount.part.33+0x58/0x3c0 [ 385.598699] do_mount+0x36b/0x26a0 [ 385.602239] ? __might_fault+0xf1/0x1b0 [ 385.606803] ? copy_mount_string+0x20/0x20 [ 385.611072] ? kasan_check_write+0x14/0x20 [ 385.615304] ? _copy_from_user+0x9c/0xd0 [ 385.619358] ? memdup_user+0x4a/0x80 [ 385.623110] SyS_mount+0xb8/0xd0 [ 385.626462] ? copy_mnt_ns+0xae0/0xae0 [ 385.630346] do_syscall_64+0x1c7/0x5b0 [ 385.634399] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 385.639248] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 385.644444] RIP: 0033:0x45a219 [ 385.647616] RSP: 002b:00007ff08bb18c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 385.655303] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a219 [ 385.662564] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000500 [ 385.669826] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 385.677088] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff08bb196d4 [ 385.684377] R13: 00000000004c6d95 R14: 00000000004dc508 R15: 00000000ffffffff [ 385.695378] syz-executor.3: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 385.706221] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 385.715219] syz-executor.3: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 385.726106] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 385.731826] syz-executor.5: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 385.749360] syz-executor.3: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 385.762915] syz-executor.4: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 385.776409] syz-executor.4: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 385.793149] syz-executor.3: page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 385.806731] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 385.832097] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 385.837489] CPU: 0 PID: 13755 Comm: syz-executor.0 Not tainted 4.14.165-syzkaller #0 [ 385.845477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 385.854818] Call Trace: [ 385.857392] dump_stack+0xf7/0x13b [ 385.860929] warn_alloc.cold.114+0xa2/0x1be [ 385.865238] ? zone_watermark_ok_safe+0x260/0x260 [ 385.870075] ? defer_compaction+0x20d/0x2b0 [ 385.874427] ? __alloc_pages_direct_compact+0x28d/0x330 [ 385.879788] __alloc_pages_slowpath+0x2052/0x2650 [ 385.884628] ? warn_alloc+0x100/0x100 [ 385.888422] ? get_page_from_freelist+0x1046/0x23b0 [ 385.893431] ? __might_sleep+0x93/0xb0 [ 385.897394] __alloc_pages_nodemask+0x60d/0x770 [ 385.903987] ? __alloc_pages_slowpath+0x2650/0x2650 [ 385.909003] ? cache_grow_begin+0x331/0x3f0 [ 385.913338] cache_grow_begin+0x80/0x3f0 [ 385.917388] fallback_alloc+0x203/0x2c0 [ 385.921351] ____cache_alloc_node+0x1c7/0x1e0 [ 385.925856] __kmalloc+0x213/0x7b0 [ 385.929382] ? __lockdep_init_map+0x105/0x550 [ 385.933923] ? mempool_kmalloc+0x10/0x20 [ 385.937976] ? mempool_resize+0x5e0/0x5e0 [ 385.942146] mempool_kmalloc+0x10/0x20 [ 385.946025] mempool_create_node+0x296/0x370 [ 385.950429] mempool_create+0x15/0x20 [ 385.954217] ceph_mount+0x68e/0x15a8 [ 385.957916] ? __lockdep_init_map+0x105/0x550 [ 385.962395] mount_fs+0x7f/0x269 [ 385.965780] ? alloc_vfsmnt+0x470/0x750 [ 385.969740] vfs_kern_mount.part.33+0x58/0x3c0 [ 385.974305] do_mount+0x36b/0x26a0 [ 385.977836] ? __might_fault+0xf1/0x1b0 [ 385.981796] ? copy_mount_string+0x20/0x20 [ 385.986023] ? kasan_check_write+0x14/0x20 [ 385.990240] ? _copy_from_user+0x9c/0xd0 [ 385.994313] ? memdup_user+0x4a/0x80 [ 385.998009] SyS_mount+0xb8/0xd0 [ 386.001368] ? copy_mnt_ns+0xae0/0xae0 [ 386.005454] do_syscall_64+0x1c7/0x5b0 [ 386.009354] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 386.014228] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 386.019963] RIP: 0033:0x45a219 [ 386.023164] RSP: 002b:00007f710d7e3c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 386.030873] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a219 [ 386.038172] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000500 [ 386.045451] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 386.052707] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f710d7e46d4 [ 386.059960] R13: 00000000004c6d95 R14: 00000000004dc508 R15: 00000000ffffffff [ 386.102504] libceph: mon0 [d::]:6789 connect error [ 386.217250] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 386.267297] CPU: 0 PID: 17690 Comm: syz-executor.1 Not tainted 4.14.165-syzkaller #0 [ 386.275227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 386.284604] Call Trace: [ 386.287234] dump_stack+0xf7/0x13b [ 386.290788] warn_alloc.cold.114+0xa2/0x1be [ 386.295095] ? zone_watermark_ok_safe+0x260/0x260 [ 386.299929] ? compaction_deferred+0x1fe/0x2d0 [ 386.304505] ? __alloc_pages_direct_compact+0xc2/0x330 [ 386.310470] __alloc_pages_slowpath+0x2052/0x2650 [ 386.315323] ? warn_alloc+0x100/0x100 [ 386.319107] ? get_page_from_freelist+0x1046/0x23b0 [ 386.324160] ? __might_sleep+0x93/0xb0 [ 386.328045] __alloc_pages_nodemask+0x60d/0x770 [ 386.332711] ? __alloc_pages_slowpath+0x2650/0x2650 [ 386.337797] ? cache_grow_begin+0x331/0x3f0 [ 386.342112] cache_grow_begin+0x80/0x3f0 [ 386.346167] fallback_alloc+0x203/0x2c0 [ 386.350134] ____cache_alloc_node+0x1c7/0x1e0 [ 386.354622] __kmalloc+0x213/0x7b0 [ 386.358141] ? __lockdep_init_map+0x105/0x550 [ 386.362635] ? mempool_kmalloc+0x10/0x20 [ 386.366681] ? mempool_resize+0x5e0/0x5e0 [ 386.370821] mempool_kmalloc+0x10/0x20 [ 386.374710] mempool_create_node+0x296/0x370 [ 386.379109] mempool_create+0x15/0x20 [ 386.382893] ceph_mount+0x68e/0x15a8 [ 386.386591] ? __lockdep_init_map+0x105/0x550 [ 386.391070] mount_fs+0x7f/0x269 [ 386.394428] ? alloc_vfsmnt+0x470/0x750 [ 386.398389] vfs_kern_mount.part.33+0x58/0x3c0 [ 386.402987] do_mount+0x36b/0x26a0 [ 386.406517] ? __might_fault+0xf1/0x1b0 [ 386.410469] ? copy_mount_string+0x20/0x20 [ 386.414687] ? kasan_check_write+0x14/0x20 [ 386.418914] ? _copy_from_user+0x9c/0xd0 [ 386.422958] ? memdup_user+0x4a/0x80 [ 386.426838] SyS_mount+0xb8/0xd0 [ 386.430186] ? copy_mnt_ns+0xae0/0xae0 [ 386.434053] do_syscall_64+0x1c7/0x5b0 [ 386.437933] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 386.442773] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 386.447952] RIP: 0033:0x45a219 [ 386.451119] RSP: 002b:00007f27bc4bdc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 386.458813] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a219 [ 386.466171] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000500 [ 386.473439] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 386.480750] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f27bc4be6d4 [ 386.488099] R13: 00000000004c6d95 R14: 00000000004dc508 R15: 00000000ffffffff [ 386.531131] CPU: 0 PID: 13703 Comm: syz-executor.2 Not tainted 4.14.165-syzkaller #0 [ 386.539109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 386.548448] Call Trace: [ 386.551020] dump_stack+0xf7/0x13b [ 386.554538] warn_alloc.cold.114+0xa2/0x1be [ 386.558853] ? zone_watermark_ok_safe+0x260/0x260 [ 386.563700] ? compaction_deferred+0x1fe/0x2d0 [ 386.568278] ? __alloc_pages_direct_compact+0xc2/0x330 [ 386.573539] __alloc_pages_slowpath+0x2052/0x2650 [ 386.578377] ? warn_alloc+0x100/0x100 [ 386.582220] ? get_page_from_freelist+0x1046/0x23b0 [ 386.587228] ? __might_sleep+0x93/0xb0 [ 386.591117] __alloc_pages_nodemask+0x60d/0x770 [ 386.595768] ? __alloc_pages_slowpath+0x2650/0x2650 [ 386.600772] ? cache_grow_begin+0x331/0x3f0 [ 386.605593] cache_grow_begin+0x80/0x3f0 [ 386.609649] fallback_alloc+0x203/0x2c0 [ 386.613609] ____cache_alloc_node+0x1c7/0x1e0 [ 386.618114] __kmalloc+0x213/0x7b0 [ 386.621638] ? __lockdep_init_map+0x105/0x550 [ 386.626171] ? mempool_kmalloc+0x10/0x20 [ 386.630220] ? mempool_resize+0x5e0/0x5e0 [ 386.634544] mempool_kmalloc+0x10/0x20 [ 386.638410] mempool_create_node+0x296/0x370 [ 386.643070] mempool_create+0x15/0x20 [ 386.646850] ceph_mount+0x68e/0x15a8 [ 386.650544] ? __lockdep_init_map+0x105/0x550 [ 386.655029] mount_fs+0x7f/0x269 [ 386.658385] ? alloc_vfsmnt+0x470/0x750 [ 386.662349] vfs_kern_mount.part.33+0x58/0x3c0 [ 386.666911] do_mount+0x36b/0x26a0 [ 386.670447] ? __might_fault+0xf1/0x1b0 [ 386.674404] ? copy_mount_string+0x20/0x20 [ 386.679501] ? kasan_check_write+0x14/0x20 [ 386.683819] ? _copy_from_user+0x9c/0xd0 [ 386.687867] ? memdup_user+0x4a/0x80 [ 386.691649] SyS_mount+0xb8/0xd0 [ 386.695009] ? copy_mnt_ns+0xae0/0xae0 [ 386.698900] do_syscall_64+0x1c7/0x5b0 [ 386.702781] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 386.707616] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 386.712966] RIP: 0033:0x45a219 [ 386.716138] RSP: 002b:00007ff08bb18c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 386.723824] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a219 [ 386.731088] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000500 [ 386.738367] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 386.745654] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff08bb196d4 [ 386.752934] R13: 00000000004c6d95 R14: 00000000004dc508 R15: 00000000ffffffff [ 386.838193] CPU: 0 PID: 13700 Comm: syz-executor.4 Not tainted 4.14.165-syzkaller #0 [ 386.846153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 386.855516] Call Trace: [ 386.858095] dump_stack+0xf7/0x13b [ 386.861615] warn_alloc.cold.114+0xa2/0x1be [ 386.865969] ? zone_watermark_ok_safe+0x260/0x260 [ 386.870795] ? compaction_deferred+0x1fe/0x2d0 [ 386.875361] ? __alloc_pages_direct_compact+0xc2/0x330 [ 386.880627] __alloc_pages_slowpath+0x2052/0x2650 [ 386.885476] ? warn_alloc+0x100/0x100 [ 386.889267] ? get_page_from_freelist+0x1046/0x23b0 [ 386.894267] ? __might_sleep+0x93/0xb0 [ 386.898146] __alloc_pages_nodemask+0x60d/0x770 [ 386.902822] ? __alloc_pages_slowpath+0x2650/0x2650 [ 386.907826] ? cache_grow_begin+0x331/0x3f0 [ 386.912146] cache_grow_begin+0x80/0x3f0 [ 386.916198] fallback_alloc+0x203/0x2c0 [ 386.920208] ____cache_alloc_node+0x1c7/0x1e0 [ 386.924684] __kmalloc+0x213/0x7b0 [ 386.928220] ? __lockdep_init_map+0x105/0x550 [ 386.932737] ? mempool_kmalloc+0x10/0x20 [ 386.936819] ? mempool_resize+0x5e0/0x5e0 [ 386.941162] mempool_kmalloc+0x10/0x20 [ 386.945032] mempool_create_node+0x296/0x370 [ 386.949432] mempool_create+0x15/0x20 [ 386.953216] ceph_mount+0x68e/0x15a8 [ 386.956922] ? __lockdep_init_map+0x105/0x550 [ 386.961440] mount_fs+0x7f/0x269 [ 386.964785] ? alloc_vfsmnt+0x470/0x750 [ 386.968754] vfs_kern_mount.part.33+0x58/0x3c0 [ 386.973333] do_mount+0x36b/0x26a0 [ 386.976865] ? __might_fault+0xf1/0x1b0 [ 386.980828] ? copy_mount_string+0x20/0x20 [ 386.985052] ? kasan_check_write+0x14/0x20 [ 386.989282] ? _copy_from_user+0x9c/0xd0 [ 386.993353] ? memdup_user+0x4a/0x80 [ 386.997049] SyS_mount+0xb8/0xd0 [ 387.000394] ? copy_mnt_ns+0xae0/0xae0 [ 387.004260] do_syscall_64+0x1c7/0x5b0 [ 387.008134] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 387.012979] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 387.018153] RIP: 0033:0x45a219 [ 387.021319] RSP: 002b:00007f795e796c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 387.029043] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a219 [ 387.036316] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000500 [ 387.043575] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 387.050827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f795e7976d4 [ 387.058095] R13: 00000000004c6d95 R14: 00000000004dc508 R15: 00000000ffffffff [ 387.140340] CPU: 0 PID: 13731 Comm: syz-executor.4 Not tainted 4.14.165-syzkaller #0 [ 387.148253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 387.157602] Call Trace: [ 387.160236] dump_stack+0xf7/0x13b [ 387.163760] warn_alloc.cold.114+0xa2/0x1be [ 387.168078] ? zone_watermark_ok_safe+0x260/0x260 [ 387.172906] ? compaction_deferred+0x1fe/0x2d0 [ 387.177472] ? __alloc_pages_direct_compact+0xc2/0x330 [ 387.182735] __alloc_pages_slowpath+0x2052/0x2650 [ 387.187611] ? warn_alloc+0x100/0x100 [ 387.191395] ? get_page_from_freelist+0x1046/0x23b0 [ 387.196468] ? __might_sleep+0x93/0xb0 [ 387.200349] __alloc_pages_nodemask+0x60d/0x770 [ 387.205028] ? __alloc_pages_slowpath+0x2650/0x2650 [ 387.210043] ? cache_grow_begin+0x331/0x3f0 [ 387.214351] cache_grow_begin+0x80/0x3f0 [ 387.218389] fallback_alloc+0x203/0x2c0 [ 387.222346] ____cache_alloc_node+0x1c7/0x1e0 [ 387.226856] __kmalloc+0x213/0x7b0 [ 387.230388] ? __lockdep_init_map+0x105/0x550 [ 387.234872] ? mempool_kmalloc+0x10/0x20 [ 387.238910] ? mempool_resize+0x5e0/0x5e0 [ 387.243037] mempool_kmalloc+0x10/0x20 [ 387.246916] mempool_create_node+0x296/0x370 [ 387.251315] mempool_create+0x15/0x20 [ 387.255101] ceph_mount+0x68e/0x15a8 [ 387.258802] ? __lockdep_init_map+0x105/0x550 [ 387.263286] mount_fs+0x7f/0x269 [ 387.266655] ? alloc_vfsmnt+0x470/0x750 [ 387.270661] vfs_kern_mount.part.33+0x58/0x3c0 [ 387.275240] do_mount+0x36b/0x26a0 [ 387.278825] ? __might_fault+0xf1/0x1b0 [ 387.282800] ? copy_mount_string+0x20/0x20 [ 387.287037] ? kasan_check_write+0x14/0x20 [ 387.291260] ? _copy_from_user+0x9c/0xd0 [ 387.295308] ? memdup_user+0x4a/0x80 [ 387.299126] SyS_mount+0xb8/0xd0 [ 387.302480] ? copy_mnt_ns+0xae0/0xae0 [ 387.306359] do_syscall_64+0x1c7/0x5b0 [ 387.310227] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 387.315055] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 387.320233] RIP: 0033:0x45a219 [ 387.323424] RSP: 002b:00007f795e796c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 387.331146] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a219 [ 387.338398] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000500 [ 387.345668] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 387.352942] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f795e7976d4 [ 387.360202] R13: 00000000004c6d95 R14: 00000000004dc508 R15: 00000000ffffffff [ 387.390460] CPU: 0 PID: 13725 Comm: syz-executor.2 Not tainted 4.14.165-syzkaller #0 [ 387.398411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 387.407806] Call Trace: [ 387.410389] dump_stack+0xf7/0x13b [ 387.413975] warn_alloc.cold.114+0xa2/0x1be [ 387.418314] ? zone_watermark_ok_safe+0x260/0x260 [ 387.423140] ? defer_compaction+0x20d/0x2b0 [ 387.427458] ? __alloc_pages_direct_compact+0x28d/0x330 [ 387.432814] __alloc_pages_slowpath+0x2052/0x2650 [ 387.437652] ? warn_alloc+0x100/0x100 [ 387.441513] ? get_page_from_freelist+0x1046/0x23b0 [ 387.446515] ? __might_sleep+0x93/0xb0 [ 387.450390] __alloc_pages_nodemask+0x60d/0x770 [ 387.455046] ? __alloc_pages_slowpath+0x2650/0x2650 [ 387.460060] ? cache_grow_begin+0x331/0x3f0 [ 387.464421] cache_grow_begin+0x80/0x3f0 [ 387.468465] fallback_alloc+0x203/0x2c0 [ 387.472434] ____cache_alloc_node+0x1c7/0x1e0 [ 387.476927] __kmalloc+0x213/0x7b0 [ 387.480525] ? __lockdep_init_map+0x105/0x550 [ 387.484998] ? mempool_kmalloc+0x10/0x20 [ 387.489033] ? mempool_resize+0x5e0/0x5e0 [ 387.493170] mempool_kmalloc+0x10/0x20 [ 387.497052] mempool_create_node+0x296/0x370 [ 387.501495] mempool_create+0x15/0x20 [ 387.505285] ceph_mount+0x68e/0x15a8 [ 387.508976] ? __lockdep_init_map+0x105/0x550 [ 387.513460] mount_fs+0x7f/0x269 [ 387.516804] ? alloc_vfsmnt+0x470/0x750 [ 387.520757] vfs_kern_mount.part.33+0x58/0x3c0 [ 387.525330] do_mount+0x36b/0x26a0 [ 387.528872] ? __might_fault+0xf1/0x1b0 [ 387.532846] ? copy_mount_string+0x20/0x20 [ 387.537063] ? kasan_check_write+0x14/0x20 [ 387.541295] ? _copy_from_user+0x9c/0xd0 [ 387.545346] ? memdup_user+0x4a/0x80 [ 387.549051] SyS_mount+0xb8/0xd0 [ 387.552399] ? copy_mnt_ns+0xae0/0xae0 [ 387.556265] do_syscall_64+0x1c7/0x5b0 [ 387.560178] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 387.565170] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 387.570358] RIP: 0033:0x45a219 [ 387.573549] RSP: 002b:00007ff08bb18c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 387.581240] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a219 [ 387.588497] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000500 [ 387.595749] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 387.603105] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff08bb196d4 [ 387.610380] R13: 00000000004c6d95 R14: 00000000004dc508 R15: 00000000ffffffff [ 387.650064] page allocation failure: order:5, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 387.659439] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 387.716207] CPU: 0 PID: 13790 Comm: syz-executor.2 Not tainted 4.14.165-syzkaller #0 [ 387.724115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 387.733458] Call Trace: [ 387.736033] dump_stack+0xf7/0x13b [ 387.739549] warn_alloc.cold.114+0xa2/0x1be [ 387.743889] ? zone_watermark_ok_safe+0x260/0x260 [ 387.748723] ? defer_compaction+0x20d/0x2b0 [ 387.753030] ? __alloc_pages_direct_compact+0x28d/0x330 [ 387.758385] __alloc_pages_slowpath+0x2052/0x2650 [ 387.763230] ? warn_alloc+0x100/0x100 [ 387.767038] ? get_page_from_freelist+0x1046/0x23b0 [ 387.772043] ? __might_sleep+0x93/0xb0 [ 387.775928] __alloc_pages_nodemask+0x60d/0x770 [ 387.780580] ? __alloc_pages_slowpath+0x2650/0x2650 [ 387.785585] ? cache_grow_begin+0x331/0x3f0 [ 387.790140] cache_grow_begin+0x80/0x3f0 [ 387.794179] fallback_alloc+0x203/0x2c0 [ 387.798143] ____cache_alloc_node+0x1c7/0x1e0 [ 387.802660] __kmalloc+0x213/0x7b0 [ 387.806209] ? __lockdep_init_map+0x105/0x550 [ 387.810708] ? mempool_kmalloc+0x10/0x20 [ 387.814746] ? mempool_resize+0x5e0/0x5e0 [ 387.818876] mempool_kmalloc+0x10/0x20 [ 387.822753] mempool_create_node+0x296/0x370 [ 387.827148] mempool_create+0x15/0x20 [ 387.830956] ceph_mount+0x68e/0x15a8 [ 387.834672] ? __lockdep_init_map+0x105/0x550 [ 387.839157] mount_fs+0x7f/0x269 [ 387.842506] ? alloc_vfsmnt+0x470/0x750 [ 387.846481] vfs_kern_mount.part.33+0x58/0x3c0 [ 387.851182] do_mount+0x36b/0x26a0 [ 387.854698] ? __might_fault+0xf1/0x1b0 [ 387.858652] ? copy_mount_string+0x20/0x20 [ 387.863740] ? kasan_check_write+0x14/0x20 [ 387.868056] ? _copy_from_user+0x9c/0xd0 [ 387.872104] ? memdup_user+0x4a/0x80 [ 387.875799] SyS_mount+0xb8/0xd0 [ 387.879155] ? copy_mnt_ns+0xae0/0xae0 [ 387.883022] do_syscall_64+0x1c7/0x5b0 [ 387.886909] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 387.891737] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 387.896913] RIP: 0033:0x45a219 [ 387.900525] RSP: 002b:00007ff08bb18c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 387.908219] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a219 [ 387.915602] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000500 [ 387.922856] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 387.930178] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff08bb196d4 [ 387.937435] R13: 00000000004c6d95 R14: 00000000004dc508 R15: 00000000ffffffff [ 387.960100] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 387.965557] CPU: 0 PID: 11151 Comm: syz-executor.5 Not tainted 4.14.165-syzkaller #0 [ 387.973507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 387.982841] Call Trace: [ 387.985415] dump_stack+0xf7/0x13b [ 387.988948] warn_alloc.cold.114+0xa2/0x1be [ 387.993250] ? zone_watermark_ok_safe+0x260/0x260 [ 387.998108] ? defer_compaction+0x20d/0x2b0 [ 388.002415] ? __alloc_pages_direct_compact+0x28d/0x330 [ 388.007780] __alloc_pages_slowpath+0x2052/0x2650 [ 388.012607] ? warn_alloc+0x100/0x100 [ 388.016399] ? get_page_from_freelist+0x1046/0x23b0 [ 388.021463] ? __might_sleep+0x93/0xb0 [ 388.025350] __alloc_pages_nodemask+0x60d/0x770 [ 388.030019] ? __alloc_pages_slowpath+0x2650/0x2650 [ 388.035035] ? cache_grow_begin+0x331/0x3f0 [ 388.039349] cache_grow_begin+0x80/0x3f0 [ 388.045474] fallback_alloc+0x203/0x2c0 [ 388.049441] ____cache_alloc_node+0x1c7/0x1e0 [ 388.053930] __kmalloc+0x213/0x7b0 [ 388.057452] ? __lockdep_init_map+0x105/0x550 [ 388.061933] ? mempool_kmalloc+0x10/0x20 [ 388.065974] ? mempool_resize+0x5e0/0x5e0 [ 388.070101] mempool_kmalloc+0x10/0x20 [ 388.073968] mempool_create_node+0x296/0x370 [ 388.078369] mempool_create+0x15/0x20 [ 388.082159] ceph_mount+0x68e/0x15a8 [ 388.085950] ? __lockdep_init_map+0x105/0x550 [ 388.090429] mount_fs+0x7f/0x269 [ 388.093786] ? alloc_vfsmnt+0x470/0x750 [ 388.097752] vfs_kern_mount.part.33+0x58/0x3c0 [ 388.102325] do_mount+0x36b/0x26a0 [ 388.105857] ? __might_fault+0xf1/0x1b0 [ 388.109824] ? copy_mount_string+0x20/0x20 [ 388.114039] ? kasan_check_write+0x14/0x20 [ 388.118264] ? _copy_from_user+0x9c/0xd0 [ 388.122314] ? memdup_user+0x4a/0x80 [ 388.126012] SyS_mount+0xb8/0xd0 [ 388.129370] ? copy_mnt_ns+0xae0/0xae0 [ 388.133273] do_syscall_64+0x1c7/0x5b0 [ 388.137184] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 388.142018] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 388.147191] RIP: 0033:0x45a219 [ 388.150368] RSP: 002b:00007f5b0f734c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 388.158066] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a219 [ 388.165324] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000500 [ 388.172584] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 388.179839] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5b0f7356d4 [ 388.187122] R13: 00000000004c6d95 R14: 00000000004dc508 R15: 00000000ffffffff [ 388.210307] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 388.215849] CPU: 0 PID: 14612 Comm: syz-executor.5 Not tainted 4.14.165-syzkaller #0 [ 388.223717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 388.233052] Call Trace: [ 388.235630] dump_stack+0xf7/0x13b [ 388.239161] warn_alloc.cold.114+0xa2/0x1be [ 388.243485] ? zone_watermark_ok_safe+0x260/0x260 [ 388.248396] ? compaction_deferred+0x1fe/0x2d0 [ 388.252964] ? __alloc_pages_direct_compact+0xc2/0x330 [ 388.258375] __alloc_pages_slowpath+0x2052/0x2650 [ 388.263217] ? warn_alloc+0x100/0x100 [ 388.267040] ? get_page_from_freelist+0x1046/0x23b0 [ 388.272042] ? __might_sleep+0x93/0xb0 [ 388.275915] __alloc_pages_nodemask+0x60d/0x770 [ 388.280571] ? __alloc_pages_slowpath+0x2650/0x2650 [ 388.285572] ? cache_grow_begin+0x331/0x3f0 [ 388.290022] cache_grow_begin+0x80/0x3f0 [ 388.294078] fallback_alloc+0x203/0x2c0 [ 388.298559] ____cache_alloc_node+0x1c7/0x1e0 [ 388.303035] __kmalloc+0x213/0x7b0 [ 388.306574] ? __lockdep_init_map+0x105/0x550 [ 388.311058] ? mempool_kmalloc+0x10/0x20 [ 388.315106] ? mempool_resize+0x5e0/0x5e0 [ 388.319250] mempool_kmalloc+0x10/0x20 [ 388.323119] mempool_create_node+0x296/0x370 [ 388.327507] mempool_create+0x15/0x20 [ 388.331298] ceph_mount+0x68e/0x15a8 [ 388.335002] ? __lockdep_init_map+0x105/0x550 [ 388.339493] mount_fs+0x7f/0x269 [ 388.342895] ? alloc_vfsmnt+0x470/0x750 [ 388.346857] vfs_kern_mount.part.33+0x58/0x3c0 [ 388.351435] do_mount+0x36b/0x26a0 [ 388.354990] ? __might_fault+0xf1/0x1b0 [ 388.358967] ? copy_mount_string+0x20/0x20 [ 388.363180] ? kasan_check_write+0x14/0x20 [ 388.367390] ? _copy_from_user+0x9c/0xd0 [ 388.371456] ? memdup_user+0x4a/0x80 [ 388.375161] SyS_mount+0xb8/0xd0 [ 388.378511] ? copy_mnt_ns+0xae0/0xae0 [ 388.382392] do_syscall_64+0x1c7/0x5b0 [ 388.386305] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 388.391133] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 388.396313] RIP: 0033:0x45a219 [ 388.399486] RSP: 002b:00007f5b0f734c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 388.407194] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a219 [ 388.414452] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000500 [ 388.421708] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 388.428958] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5b0f7356d4 [ 388.436217] R13: 00000000004c6d95 R14: 00000000004dc508 R15: 00000000ffffffff [ 388.455820] libceph: mon1 [::6]:6789 socket closed (con state CONNECTING) 2020/01/17 11:05:17 executed programs: 6721 [ 388.466221] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 388.472283] ================================================================== [ 388.479940] BUG: KASAN: use-after-free in ceph_destroy_options+0xc6/0xf0 [ 388.486784] Read of size 8 at addr ffff8880a9c43690 by task syz-executor.5/11637 [ 388.494307] [ 388.495932] CPU: 0 PID: 11637 Comm: syz-executor.5 Not tainted 4.14.165-syzkaller #0 [ 388.504080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 388.513433] Call Trace: [ 388.516022] dump_stack+0xf7/0x13b [ 388.519564] ? ceph_destroy_options+0xc6/0xf0 [ 388.524058] print_address_description.cold.7+0x9/0x1c9 [ 388.529534] ? ceph_destroy_options+0xc6/0xf0 [ 388.534057] kasan_report.cold.8+0x11a/0x2d3 [ 388.538474] __asan_report_load8_noabort+0x14/0x20 [ 388.543405] ceph_destroy_options+0xc6/0xf0 [ 388.547721] ceph_mount+0xa3d/0x15a8 [ 388.551433] ? __lockdep_init_map+0x105/0x550 [ 388.555931] mount_fs+0x7f/0x269 [ 388.559294] ? alloc_vfsmnt+0x470/0x750 [ 388.563324] vfs_kern_mount.part.33+0x58/0x3c0 [ 388.567902] do_mount+0x36b/0x26a0 [ 388.571446] ? __might_fault+0xf1/0x1b0 [ 388.575425] ? copy_mount_string+0x20/0x20 [ 388.579674] ? kasan_check_write+0x14/0x20 [ 388.584014] ? _copy_from_user+0x9c/0xd0 [ 388.588078] ? memdup_user+0x4a/0x80 [ 388.591798] SyS_mount+0xb8/0xd0 [ 388.595156] ? copy_mnt_ns+0xae0/0xae0 [ 388.599142] do_syscall_64+0x1c7/0x5b0 [ 388.603024] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 388.607875] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 388.613058] RIP: 0033:0x45a219 [ 388.616237] RSP: 002b:00007f5b0f734c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 388.623968] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a219 [ 388.632445] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000500 [ 388.639707] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 388.646961] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5b0f7356d4 [ 388.654217] R13: 00000000004c6d95 R14: 00000000004dc508 R15: 00000000ffffffff [ 388.661476] [ 388.663140] Allocated by task 11637: [ 388.666837] save_stack_trace+0x16/0x20 [ 388.670794] save_stack+0x43/0xd0 [ 388.674352] kasan_kmalloc+0xc7/0xe0 [ 388.678044] kmem_cache_alloc_trace+0x152/0x7a0 [ 388.682702] ceph_parse_options+0xe3/0xc60 [ 388.686914] ceph_mount+0x390/0x15a8 [ 388.690614] mount_fs+0x7f/0x269 [ 388.694110] vfs_kern_mount.part.33+0x58/0x3c0 [ 388.698678] do_mount+0x36b/0x26a0 [ 388.702206] SyS_mount+0xb8/0xd0 [ 388.705550] do_syscall_64+0x1c7/0x5b0 [ 388.709424] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 388.714594] [ 388.716215] Freed by task 11637: [ 388.719590] save_stack_trace+0x16/0x20 [ 388.723556] save_stack+0x43/0xd0 [ 388.726987] kasan_slab_free+0x71/0xc0 [ 388.730873] kfree+0xcc/0x270 [ 388.733969] ceph_destroy_options+0xbc/0xf0 [ 388.738283] ceph_destroy_client+0x8f/0xb0 [ 388.742508] ceph_mount+0xad1/0x15a8 [ 388.746319] mount_fs+0x7f/0x269 [ 388.749662] vfs_kern_mount.part.33+0x58/0x3c0 [ 388.754230] do_mount+0x36b/0x26a0 [ 388.757749] SyS_mount+0xb8/0xd0 [ 388.761098] do_syscall_64+0x1c7/0x5b0 [ 388.764968] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 388.770135] [ 388.771777] The buggy address belongs to the object at ffff8880a9c435c0 [ 388.771777] which belongs to the cache kmalloc-256 of size 256 [ 388.784426] The buggy address is located 208 bytes inside of [ 388.784426] 256-byte region [ffff8880a9c435c0, ffff8880a9c436c0) [ 388.796284] The buggy address belongs to the page: [ 388.801203] page:ffffea0002a710c0 count:1 mapcount:0 mapping:ffff8880a9c430c0 index:0x0 [ 388.809401] flags: 0x1fffc0000000100(slab) [ 388.813619] raw: 01fffc0000000100 ffff8880a9c430c0 0000000000000000 000000010000000c [ 388.821479] raw: ffffea00024678a0 ffffea0002556aa0 ffff8880aa8007c0 0000000000000000 [ 388.829333] page dumped because: kasan: bad access detected [ 388.835021] [ 388.836623] Memory state around the buggy address: [ 388.841584] ffff8880a9c43580: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 388.848939] ffff8880a9c43600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 388.856291] >ffff8880a9c43680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 388.863800] ^ [ 388.867679] ffff8880a9c43700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 388.875031] ffff8880a9c43780: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 388.882407] ================================================================== [ 388.889751] Disabling lock debugging due to kernel taint [ 388.895478] ================================================================== [ 388.902849] BUG: KASAN: double-free or invalid-free in ceph_destroy_options+0xb4/0xf0 [ 388.910808] [ 388.912428] CPU: 0 PID: 11274 Comm: syz-executor.5 Tainted: G B 4.14.165-syzkaller #0 [ 388.921518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 388.930867] Call Trace: [ 388.933446] dump_stack+0xf7/0x13b [ 388.936976] ? ceph_destroy_options+0xb4/0xf0 [ 388.941451] print_address_description.cold.7+0x9/0x1c9 [ 388.946804] ? ceph_destroy_options+0xb4/0xf0 [ 388.951276] ? ceph_destroy_options+0xb4/0xf0 [ 388.955746] kasan_report_double_free+0x55/0x80 [ 388.965891] kasan_slab_free+0xa3/0xc0 [ 388.969763] kfree+0xcc/0x270 [ 388.972844] ceph_destroy_options+0xb4/0xf0 [ 388.977148] ceph_mount+0xa3d/0x15a8 [ 388.980841] ? __lockdep_init_map+0x105/0x550 [ 388.985320] mount_fs+0x7f/0x269 [ 388.988660] ? alloc_vfsmnt+0x470/0x750 [ 388.992607] vfs_kern_mount.part.33+0x58/0x3c0 [ 388.997512] do_mount+0x36b/0x26a0 [ 389.001047] ? __might_fault+0xf1/0x1b0 [ 389.004995] ? copy_mount_string+0x20/0x20 [ 389.009204] ? kasan_check_write+0x14/0x20 [ 389.013414] ? _copy_from_user+0x9c/0xd0 [ 389.017450] ? memdup_user+0x4a/0x80 [ 389.021139] SyS_mount+0xb8/0xd0 [ 389.024480] ? copy_mnt_ns+0xae0/0xae0 [ 389.029384] do_syscall_64+0x1c7/0x5b0 [ 389.033244] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 389.038147] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 389.043310] RIP: 0033:0x45a219 [ 389.046475] RSP: 002b:00007f5b0f734c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 389.054163] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a219 [ 389.061426] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000500 [ 389.068668] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 389.075909] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5b0f7356d4 [ 389.083160] R13: 00000000004c6d95 R14: 00000000004dc508 R15: 00000000ffffffff [ 389.091974] [ 389.093592] Allocated by task 11274: [ 389.097291] save_stack_trace+0x16/0x20 [ 389.101254] save_stack+0x43/0xd0 [ 389.104681] kasan_kmalloc+0xc7/0xe0 [ 389.108371] kmem_cache_alloc_trace+0x152/0x7a0 [ 389.113014] ceph_parse_options+0x127/0xc60 [ 389.117322] ceph_mount+0x390/0x15a8 [ 389.121034] mount_fs+0x7f/0x269 [ 389.124393] vfs_kern_mount.part.33+0x58/0x3c0 [ 389.129042] do_mount+0x36b/0x26a0 [ 389.132566] SyS_mount+0xb8/0xd0 [ 389.135907] do_syscall_64+0x1c7/0x5b0 [ 389.139782] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 389.144942] [ 389.146549] Freed by task 11274: [ 389.149897] save_stack_trace+0x16/0x20 [ 389.153846] save_stack+0x43/0xd0 [ 389.157326] kasan_slab_free+0x71/0xc0 [ 389.161189] kfree+0xcc/0x270 [ 389.164275] ceph_destroy_options+0xb4/0xf0 [ 389.168578] ceph_destroy_client+0x8f/0xb0 [ 389.172817] ceph_mount+0xad1/0x15a8 [ 389.176502] mount_fs+0x7f/0x269 [ 389.179850] vfs_kern_mount.part.33+0x58/0x3c0 [ 389.184407] do_mount+0x36b/0x26a0 [ 389.187919] SyS_mount+0xb8/0xd0 [ 389.191261] do_syscall_64+0x1c7/0x5b0 [ 389.195130] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 389.200295] [ 389.201904] The buggy address belongs to the object at ffff8881ccd295c0 [ 389.201904] which belongs to the cache kmalloc-8192 of size 8192 [ 389.214710] The buggy address is located 0 bytes inside of [ 389.214710] 8192-byte region [ffff8881ccd295c0, ffff8881ccd2b5c0) [ 389.226477] The buggy address belongs to the page: [ 389.231383] page:ffffea0007334a00 count:1 mapcount:0 mapping:ffff8881ccd295c0 index:0x0 compound_mapcount: 0 [ 389.241326] flags: 0x6fffc0000008100(slab|head) [ 389.246006] raw: 06fffc0000008100 ffff8881ccd295c0 0000000000000000 0000000100000001 [ 389.253860] raw: ffffea00076ebf20 ffffea00075bf420 ffff8880aa802080 0000000000000000 [ 389.261761] page dumped because: kasan: bad access detected [ 389.267455] [ 389.269059] Memory state around the buggy address: [ 389.273970] ffff8881ccd29480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 389.281302] ffff8881ccd29500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 389.288755] >ffff8881ccd29580: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 389.296096] ^ [ 389.301523] ffff8881ccd29600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 389.308860] ffff8881ccd29680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 389.316199] ================================================================== [ 389.323531] Kernel panic - not syncing: panic_on_warn set ... [ 389.323531] [ 389.330881] CPU: 0 PID: 11274 Comm: syz-executor.5 Tainted: G B 4.14.165-syzkaller #0 [ 389.339957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 389.349294] Call Trace: [ 389.351907] dump_stack+0xf7/0x13b [ 389.355441] ? ceph_compare_options+0x5e0/0x5e0 [ 389.360088] ? ceph_destroy_options+0xb4/0xf0 [ 389.364649] panic+0x1b0/0x358 [ 389.367816] ? add_taint.cold.5+0x11/0x11 [ 389.371938] ? lock_downgrade+0x7f0/0x7f0 [ 389.376075] ? ceph_destroy_options+0xb4/0xf0 [ 389.380584] ? ceph_destroy_options+0xb4/0xf0 [ 389.385062] kasan_end_report+0x47/0x4f [ 389.389022] kasan_report_double_free+0x72/0x80 [ 389.393674] kasan_slab_free+0xa3/0xc0 [ 389.397545] kfree+0xcc/0x270 [ 389.400636] ceph_destroy_options+0xb4/0xf0 [ 389.404936] ceph_mount+0xa3d/0x15a8 [ 389.408626] ? __lockdep_init_map+0x105/0x550 [ 389.413108] mount_fs+0x7f/0x269 [ 389.416461] ? alloc_vfsmnt+0x470/0x750 [ 389.420792] vfs_kern_mount.part.33+0x58/0x3c0 [ 389.425507] do_mount+0x36b/0x26a0 [ 389.429160] ? __might_fault+0xf1/0x1b0 [ 389.433294] ? copy_mount_string+0x20/0x20 [ 389.437744] ? kasan_check_write+0x14/0x20 [ 389.442188] ? _copy_from_user+0x9c/0xd0 [ 389.446608] ? memdup_user+0x4a/0x80 [ 389.450357] SyS_mount+0xb8/0xd0 [ 389.453851] ? copy_mnt_ns+0xae0/0xae0 [ 389.457849] do_syscall_64+0x1c7/0x5b0 [ 389.461715] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 389.466893] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 389.472066] RIP: 0033:0x45a219 [ 389.475763] RSP: 002b:00007f5b0f734c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 389.483709] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a219 [ 389.491335] RDX: 0000000020000140 RSI: 00000000200000c0 RDI: 0000000020000500 [ 389.498807] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 389.506154] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5b0f7356d4 [ 389.513421] R13: 00000000004c6d95 R14: 00000000004dc508 R15: 00000000ffffffff [ 389.522336] Kernel Offset: disabled [ 389.526130] Rebooting in 86400 seconds..