[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 34.707341] audit: type=1800 audit(1538360494.712:25): pid=5885 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 34.726492] audit: type=1800 audit(1538360494.712:26): pid=5885 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 34.746501] audit: type=1800 audit(1538360494.712:27): pid=5885 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. 2018/10/01 02:21:57 parsed 1 programs 2018/10/01 02:21:59 executed programs: 0 syzkaller login: [ 59.061745] IPVS: ftp: loaded support on port[0] = 21 [ 59.070548] IPVS: ftp: loaded support on port[0] = 21 [ 59.081849] IPVS: ftp: loaded support on port[0] = 21 [ 59.097042] IPVS: ftp: loaded support on port[0] = 21 [ 59.098763] IPVS: ftp: loaded support on port[0] = 21 [ 59.104849] IPVS: ftp: loaded support on port[0] = 21 [ 59.680829] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.687345] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.696818] device bridge_slave_0 entered promiscuous mode [ 59.703733] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.711161] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.717957] device bridge_slave_0 entered promiscuous mode [ 59.741990] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.748313] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.758563] device bridge_slave_0 entered promiscuous mode [ 59.766207] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.773500] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.782872] device bridge_slave_1 entered promiscuous mode [ 59.792787] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.799970] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.806790] device bridge_slave_0 entered promiscuous mode [ 59.814457] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.821670] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.828457] device bridge_slave_0 entered promiscuous mode [ 59.835113] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.842360] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.849362] device bridge_slave_1 entered promiscuous mode [ 59.856312] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 59.863587] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.871911] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.878775] device bridge_slave_0 entered promiscuous mode [ 59.886267] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.892792] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.899687] device bridge_slave_1 entered promiscuous mode [ 59.906414] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.913755] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.920791] device bridge_slave_1 entered promiscuous mode [ 59.927861] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.936922] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.944039] device bridge_slave_1 entered promiscuous mode [ 59.951340] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 59.958585] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 59.967418] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.975397] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.982495] device bridge_slave_1 entered promiscuous mode [ 59.989674] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 59.996943] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 60.006429] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.016179] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.025176] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.037655] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 60.045873] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 60.068513] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.108144] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.134534] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 60.154059] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 60.174849] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 60.187985] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 60.211658] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 60.224434] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 60.243225] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 60.254942] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 60.297230] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 60.307851] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 60.357737] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 60.384636] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 60.468361] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 60.475741] team0: Port device team_slave_0 added [ 60.515701] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 60.531661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.543095] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 60.551214] team0: Port device team_slave_1 added [ 60.566974] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 60.576321] team0: Port device team_slave_0 added [ 60.582902] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 60.592878] team0: Port device team_slave_0 added [ 60.600135] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 60.608046] team0: Port device team_slave_0 added [ 60.616489] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 60.638249] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 60.649276] team0: Port device team_slave_1 added [ 60.654304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.665810] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.680993] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 60.688208] team0: Port device team_slave_1 added [ 60.695217] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 60.702900] team0: Port device team_slave_1 added [ 60.710540] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.728049] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 60.738514] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 60.748218] team0: Port device team_slave_0 added [ 60.760849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.768566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.776683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.784502] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.793270] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 60.802206] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 60.811869] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 60.822480] team0: Port device team_slave_0 added [ 60.829457] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 60.838713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.846454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.855560] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.864205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.872004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.879592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.887306] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.898175] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.906506] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 60.914705] team0: Port device team_slave_1 added [ 60.921859] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 60.932912] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 60.952386] team0: Port device team_slave_1 added [ 60.957578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.966268] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.976400] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.984184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.991818] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.999228] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.006859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.016798] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 61.025971] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 61.035975] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.048225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.056346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.064553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.074208] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 61.084477] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 61.094097] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.105191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.118099] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.126665] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.134617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.145085] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.154805] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 61.171763] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 61.192069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.204430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.220626] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.227949] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.235995] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.256469] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.264194] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 61.278284] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.287837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.323369] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 61.336702] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.347951] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.359141] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 61.380025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.390136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.406828] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 61.422678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.438981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.709546] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.715937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.722598] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.728966] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.742367] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.792710] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.799114] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.805740] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.812133] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.828232] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.901444] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.907828] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.914484] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.920853] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.939927] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.951661] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.958018] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.964670] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.971046] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.978402] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 62.028149] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.034531] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.041197] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.048030] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.055641] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 62.064610] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.070987] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.077600] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.083997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.092317] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 62.562335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.574442] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.587197] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.594819] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.602622] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.610320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.910600] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.970000] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.031824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.099182] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.118398] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.125260] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 64.134572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.189272] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 64.224496] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 64.282897] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 64.301875] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.310964] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 64.318350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.329584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.341064] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 64.371041] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.377267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.385295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.463983] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.478177] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.487757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.496888] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.505257] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.518215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.528202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.540608] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.547556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.608296] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.615025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.623292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.636580] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.649156] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.704974] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.734876] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.744924] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.791334] 8021q: adding VLAN 0 to HW filter on device team0 2018/10/01 02:22:05 executed programs: 6 [ 65.886968] ================================================================== [ 65.894386] BUG: KASAN: use-after-free in tcf_block_find+0x9d1/0xb90 [ 65.900888] Read of size 4 at addr ffff8801d90ab778 by task syz-executor5/7608 [ 65.908243] [ 65.909878] CPU: 1 PID: 7608 Comm: syz-executor5 Not tainted 4.19.0-rc5-next-20180928+ #84 [ 65.918276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.927622] Call Trace: [ 65.930197] dump_stack+0x1d3/0x2c4 [ 65.933824] ? dump_stack_print_info.cold.2+0x52/0x52 [ 65.938999] ? printk+0xa7/0xcf [ 65.942263] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 65.947008] print_address_description.cold.8+0x9/0x1ff [ 65.952373] kasan_report.cold.9+0x242/0x309 [ 65.956791] ? tcf_block_find+0x9d1/0xb90 [ 65.960937] __asan_report_load4_noabort+0x14/0x20 [ 65.965850] tcf_block_find+0x9d1/0xb90 [ 65.969820] tc_new_tfilter+0x497/0x1d10 [ 65.973873] ? mutex_trylock+0x2b0/0x2b0 [ 65.977921] ? tc_del_tfilter+0x1290/0x1290 [ 65.982232] ? refcount_inc_not_zero_checked+0x2f0/0x2f0 [ 65.987694] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 65.993238] ? apparmor_capable+0x355/0x6c0 [ 65.997555] ? __netlink_lookup+0x5b6/0xa90 [ 66.001875] ? apparmor_cred_transfer+0x590/0x590 [ 66.006706] ? rtnetlink_rcv_msg+0x3d3/0xc20 [ 66.011108] ? lock_downgrade+0x900/0x900 [ 66.015252] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 66.020788] ? rtnl_get_link+0x170/0x370 [ 66.024858] ? tc_del_tfilter+0x1290/0x1290 [ 66.029177] rtnetlink_rcv_msg+0x46a/0xc20 [ 66.033407] ? rtnetlink_put_metrics+0x690/0x690 [ 66.038164] netlink_rcv_skb+0x172/0x440 [ 66.042219] ? rtnetlink_put_metrics+0x690/0x690 [ 66.046967] ? netlink_ack+0xb80/0xb80 [ 66.050841] rtnetlink_rcv+0x1c/0x20 [ 66.054541] netlink_unicast+0x5a5/0x760 [ 66.058597] ? netlink_attachskb+0x9a0/0x9a0 [ 66.063016] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 66.068564] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 66.073578] netlink_sendmsg+0xa18/0xfc0 [ 66.077633] ? netlink_unicast+0x760/0x760 [ 66.081853] ? aa_sock_msg_perm.isra.12+0xba/0x160 [ 66.086769] ? apparmor_socket_sendmsg+0x29/0x30 [ 66.091522] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 66.097069] ? security_socket_sendmsg+0x94/0xc0 [ 66.101829] ? netlink_unicast+0x760/0x760 [ 66.106055] sock_sendmsg+0xd5/0x120 [ 66.109764] ___sys_sendmsg+0x7fd/0x930 [ 66.113735] ? copy_msghdr_from_user+0x580/0x580 [ 66.118492] ? __fd_install+0x2b5/0x8f0 [ 66.122454] ? __fget_light+0x2e9/0x430 [ 66.126414] ? fget_raw+0x20/0x20 [ 66.129857] ? lock_downgrade+0x900/0x900 [ 66.133989] ? lock_release+0x970/0x970 [ 66.137948] ? check_same_owner+0x330/0x330 [ 66.142274] ? posix_ktime_get_ts+0x15/0x20 [ 66.146582] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 66.152028] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 66.157549] ? sockfd_lookup_light+0xc5/0x160 [ 66.162030] __sys_sendmsg+0x11d/0x280 [ 66.165920] ? __ia32_sys_shutdown+0x80/0x80 [ 66.170315] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 66.175839] ? put_timespec64+0x10f/0x1b0 [ 66.179983] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 66.185421] __x64_sys_sendmsg+0x78/0xb0 [ 66.189470] do_syscall_64+0x1b9/0x820 [ 66.193348] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 66.198702] ? syscall_return_slowpath+0x5e0/0x5e0 [ 66.203622] ? trace_hardirqs_on_caller+0x310/0x310 [ 66.208623] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 66.213625] ? recalc_sigpending_tsk+0x180/0x180 [ 66.218369] ? kasan_check_write+0x14/0x20 [ 66.222593] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 66.227428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 66.232604] RIP: 0033:0x457579 [ 66.235782] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 66.254665] RSP: 002b:00007fccf491cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 66.262359] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 66.269611] RDX: 0000000000000000 RSI: 0000000020005000 RDI: 0000000000000003 [ 66.276860] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 66.284111] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fccf491d6d4 [ 66.291365] R13: 00000000004c3891 R14: 00000000004d56d0 R15: 00000000ffffffff [ 66.298622] [ 66.300229] Allocated by task 7068: [ 66.303840] save_stack+0x43/0xd0 [ 66.307313] kasan_kmalloc+0xc7/0xe0 [ 66.311012] __kmalloc_node+0x47/0x70 [ 66.314795] qdisc_alloc+0x10f/0xb50 [ 66.318490] qdisc_create_dflt+0x7a/0x1e0 [ 66.322618] dev_activate+0x82f/0xcb0 [ 66.326403] __dev_open+0x2cb/0x410 [ 66.330049] __dev_change_flags+0x730/0x9b0 [ 66.334357] dev_change_flags+0x89/0x150 [ 66.338408] do_setlink+0xb5f/0x3f20 [ 66.342114] rtnl_newlink+0x136f/0x1d40 [ 66.346072] rtnetlink_rcv_msg+0x46a/0xc20 [ 66.350310] netlink_rcv_skb+0x172/0x440 [ 66.354352] rtnetlink_rcv+0x1c/0x20 [ 66.358058] netlink_unicast+0x5a5/0x760 [ 66.362114] netlink_sendmsg+0xa18/0xfc0 [ 66.366180] sock_sendmsg+0xd5/0x120 [ 66.369896] ___sys_sendmsg+0x7fd/0x930 [ 66.373851] __sys_sendmsg+0x11d/0x280 [ 66.377735] __x64_sys_sendmsg+0x78/0xb0 [ 66.381782] do_syscall_64+0x1b9/0x820 [ 66.385658] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 66.390820] [ 66.392427] Freed by task 3420: [ 66.395690] save_stack+0x43/0xd0 [ 66.399127] __kasan_slab_free+0x102/0x150 [ 66.403344] kasan_slab_free+0xe/0x10 [ 66.407125] kfree+0xcf/0x230 [ 66.410216] qdisc_free+0x89/0x100 [ 66.413738] qdisc_free_cb+0x19/0x20 [ 66.417435] rcu_process_callbacks+0xff9/0x1ad0 [ 66.422094] __do_softirq+0x30b/0xb03 [ 66.425874] [ 66.427483] The buggy address belongs to the object at ffff8801d90ab740 [ 66.427483] which belongs to the cache kmalloc-2k of size 2048 [ 66.440121] The buggy address is located 56 bytes inside of [ 66.440121] 2048-byte region [ffff8801d90ab740, ffff8801d90abf40) [ 66.451972] The buggy address belongs to the page: [ 66.456882] page:ffffea0007642a80 count:1 mapcount:0 mapping:ffff8801da800c40 index:0x0 compound_mapcount: 0 [ 66.466830] flags: 0x2fffc0000010200(slab|head) [ 66.471486] raw: 02fffc0000010200 ffffea0006f14808 ffffea0006f13108 ffff8801da800c40 [ 66.479352] raw: 0000000000000000 ffff8801d90aa640 0000000100000003 0000000000000000 [ 66.487214] page dumped because: kasan: bad access detected [ 66.492912] [ 66.494516] Memory state around the buggy address: [ 66.499434] ffff8801d90ab600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.506788] ffff8801d90ab680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 66.514126] >ffff8801d90ab700: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 66.521461] ^ [ 66.528716] ffff8801d90ab780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.536059] ffff8801d90ab800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.543407] ================================================================== [ 66.556628] Kernel panic - not syncing: panic_on_warn set ... [ 66.556628] [ 66.564017] CPU: 0 PID: 7608 Comm: syz-executor5 Tainted: G B 4.19.0-rc5-next-20180928+ #84 [ 66.573885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.583218] Call Trace: [ 66.585801] dump_stack+0x1d3/0x2c4 [ 66.589429] ? dump_stack_print_info.cold.2+0x52/0x52 [ 66.594618] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 66.599368] panic+0x238/0x4e7 [ 66.602546] ? add_taint.cold.5+0x16/0x16 [ 66.606685] ? preempt_schedule+0x4d/0x60 [ 66.610839] ? ___preempt_schedule+0x16/0x18 [ 66.615236] ? trace_hardirqs_on+0xb4/0x310 [ 66.619556] kasan_end_report+0x47/0x4f [ 66.623518] kasan_report.cold.9+0x76/0x309 [ 66.627824] ? tcf_block_find+0x9d1/0xb90 [ 66.631962] __asan_report_load4_noabort+0x14/0x20 [ 66.636874] tcf_block_find+0x9d1/0xb90 [ 66.640836] tc_new_tfilter+0x497/0x1d10 [ 66.644883] ? mutex_trylock+0x2b0/0x2b0 [ 66.648930] ? tc_del_tfilter+0x1290/0x1290 [ 66.653238] ? refcount_inc_not_zero_checked+0x2f0/0x2f0 [ 66.658694] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 66.664225] ? apparmor_capable+0x355/0x6c0 [ 66.668531] ? __netlink_lookup+0x5b6/0xa90 [ 66.672836] ? apparmor_cred_transfer+0x590/0x590 [ 66.677667] ? rtnetlink_rcv_msg+0x3d3/0xc20 [ 66.682064] ? lock_downgrade+0x900/0x900 [ 66.686215] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 66.691746] ? rtnl_get_link+0x170/0x370 [ 66.695817] ? tc_del_tfilter+0x1290/0x1290 [ 66.700172] rtnetlink_rcv_msg+0x46a/0xc20 [ 66.704413] ? rtnetlink_put_metrics+0x690/0x690 [ 66.709177] netlink_rcv_skb+0x172/0x440 [ 66.713243] ? rtnetlink_put_metrics+0x690/0x690 [ 66.717999] ? netlink_ack+0xb80/0xb80 [ 66.721896] rtnetlink_rcv+0x1c/0x20 [ 66.725611] netlink_unicast+0x5a5/0x760 [ 66.729675] ? netlink_attachskb+0x9a0/0x9a0 [ 66.734098] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 66.739641] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 66.744660] netlink_sendmsg+0xa18/0xfc0 [ 66.748723] ? netlink_unicast+0x760/0x760 [ 66.752960] ? aa_sock_msg_perm.isra.12+0xba/0x160 [ 66.757892] ? apparmor_socket_sendmsg+0x29/0x30 [ 66.762675] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 66.768222] ? security_socket_sendmsg+0x94/0xc0 [ 66.772977] ? netlink_unicast+0x760/0x760 [ 66.777214] sock_sendmsg+0xd5/0x120 [ 66.780932] ___sys_sendmsg+0x7fd/0x930 [ 66.784914] ? copy_msghdr_from_user+0x580/0x580 [ 66.789673] ? __fd_install+0x2b5/0x8f0 [ 66.793654] ? __fget_light+0x2e9/0x430 [ 66.797625] ? fget_raw+0x20/0x20 [ 66.801097] ? lock_downgrade+0x900/0x900 [ 66.805255] ? lock_release+0x970/0x970 [ 66.809235] ? check_same_owner+0x330/0x330 [ 66.813556] ? posix_ktime_get_ts+0x15/0x20 [ 66.817884] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 66.823345] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 66.828883] ? sockfd_lookup_light+0xc5/0x160 [ 66.833380] __sys_sendmsg+0x11d/0x280 [ 66.837269] ? __ia32_sys_shutdown+0x80/0x80 [ 66.841682] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 66.847221] ? put_timespec64+0x10f/0x1b0 [ 66.851383] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 66.856839] __x64_sys_sendmsg+0x78/0xb0 [ 66.860905] do_syscall_64+0x1b9/0x820 [ 66.864798] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 66.870525] ? syscall_return_slowpath+0x5e0/0x5e0 [ 66.875459] ? trace_hardirqs_on_caller+0x310/0x310 [ 66.880478] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 66.885498] ? recalc_sigpending_tsk+0x180/0x180 [ 66.890256] ? kasan_check_write+0x14/0x20 [ 66.894496] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 66.899344] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 66.904530] RIP: 0033:0x457579 [ 66.907727] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 66.926626] RSP: 002b:00007fccf491cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 66.934331] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 66.941599] RDX: 0000000000000000 RSI: 0000000020005000 RDI: 0000000000000003 [ 66.948865] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 66.956148] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fccf491d6d4 [ 66.963417] R13: 00000000004c3891 R14: 00000000004d56d0 R15: 00000000ffffffff [ 66.971592] Kernel Offset: disabled [ 66.975218] Rebooting in 86400 seconds..