Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts. executing program [ 85.246554][ T26] audit: type=1400 audit(1558403053.603:36): avc: denied { map } for pid=9285 comm="syz-executor687" path="/root/syz-executor687015086" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 85.250168][ T9285] ================================================================== [ 85.281599][ T9285] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x3ba2/0x5490 [ 85.289305][ T9285] Read of size 8 at addr ffff8882165dbdc0 by task syz-executor687/9285 [ 85.297519][ T9285] [ 85.299838][ T9285] CPU: 1 PID: 9285 Comm: syz-executor687 Not tainted 5.2.0-rc1+ #1 [ 85.307711][ T9285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.317756][ T9285] Call Trace: [ 85.321031][ T9285] dump_stack+0x172/0x1f0 [ 85.325351][ T9285] ? __lock_acquire+0x3ba2/0x5490 [ 85.330380][ T9285] print_address_description.cold+0x7c/0x20d [ 85.336353][ T9285] ? __lock_acquire+0x3ba2/0x5490 [ 85.341366][ T9285] ? __lock_acquire+0x3ba2/0x5490 [ 85.346395][ T9285] __kasan_report.cold+0x1b/0x40 [ 85.351315][ T9285] ? __lock_acquire+0x3ba2/0x5490 [ 85.356321][ T9285] kasan_report+0x12/0x20 [ 85.360766][ T9285] __asan_report_load8_noabort+0x14/0x20 [ 85.366395][ T9285] __lock_acquire+0x3ba2/0x5490 [ 85.371226][ T9285] ? sock_diag_rcv+0x2b/0x40 [ 85.375797][ T9285] ? netlink_unicast+0x531/0x710 [ 85.380724][ T9285] ? netlink_sendmsg+0x8ae/0xd70 [ 85.385654][ T9285] ? sock_sendmsg+0xd7/0x130 [ 85.390230][ T9285] ? ___sys_sendmsg+0x803/0x920 [ 85.395089][ T9285] ? __sys_sendmsg+0x105/0x1d0 [ 85.399843][ T9285] ? __x64_sys_sendmsg+0x78/0xb0 [ 85.404770][ T9285] ? do_syscall_64+0xfd/0x680 [ 85.409431][ T9285] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.415489][ T9285] ? mark_held_locks+0xf0/0xf0 [ 85.420244][ T9285] ? mark_held_locks+0xf0/0xf0 [ 85.424999][ T9285] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 85.430625][ T9285] ? find_held_lock+0x35/0x130 [ 85.435385][ T9285] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 85.441015][ T9285] lock_acquire+0x16f/0x3f0 [ 85.445514][ T9285] ? rhashtable_walk_enter+0xf9/0x390 [ 85.450972][ T9285] _raw_spin_lock+0x2f/0x40 [ 85.455481][ T9285] ? rhashtable_walk_enter+0xf9/0x390 [ 85.460854][ T9285] rhashtable_walk_enter+0xf9/0x390 [ 85.466048][ T9285] __tipc_dump_start+0x1fa/0x3c0 [ 85.470983][ T9285] tipc_dump_start+0x70/0x90 [ 85.475567][ T9285] __netlink_dump_start+0x4f8/0x7d0 [ 85.480764][ T9285] ? __tipc_dump_start+0x3c0/0x3c0 [ 85.485873][ T9285] tipc_sock_diag_handler_dump+0x1d9/0x270 [ 85.491678][ T9285] ? __tipc_diag_gen_cookie+0x90/0x90 [ 85.497042][ T9285] ? sock_diag_rcv+0x1c/0x40 [ 85.501627][ T9285] ? __tipc_dump_start+0x3c0/0x3c0 [ 85.506732][ T9285] ? tipc_unregister_sysctl+0x20/0x20 [ 85.512097][ T9285] ? tipc_ioctl+0x2e0/0x2e0 [ 85.516603][ T9285] sock_diag_rcv_msg+0x319/0x410 [ 85.521531][ T9285] netlink_rcv_skb+0x177/0x450 [ 85.526289][ T9285] ? sock_diag_bind+0x80/0x80 [ 85.530957][ T9285] ? netlink_ack+0xb50/0xb50 [ 85.535537][ T9285] ? kasan_check_read+0x11/0x20 [ 85.540391][ T9285] ? netlink_deliver_tap+0x254/0xbf0 [ 85.545665][ T9285] sock_diag_rcv+0x2b/0x40 [ 85.550076][ T9285] netlink_unicast+0x531/0x710 [ 85.554836][ T9285] ? netlink_attachskb+0x770/0x770 [ 85.559963][ T9285] ? _copy_from_iter_full+0x25d/0x8c0 [ 85.565329][ T9285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.571562][ T9285] netlink_sendmsg+0x8ae/0xd70 [ 85.576324][ T9285] ? netlink_unicast+0x710/0x710 [ 85.581260][ T9285] ? tomoyo_socket_sendmsg+0x26/0x30 [ 85.586556][ T9285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.592876][ T9285] ? security_socket_sendmsg+0x8d/0xc0 [ 85.598328][ T9285] ? netlink_unicast+0x710/0x710 [ 85.603252][ T9285] sock_sendmsg+0xd7/0x130 [ 85.607654][ T9285] ___sys_sendmsg+0x803/0x920 [ 85.612342][ T9285] ? copy_msghdr_from_user+0x430/0x430 [ 85.617791][ T9285] ? prep_transhuge_page+0xa0/0xa0 [ 85.622906][ T9285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.629144][ T9285] ? __handle_mm_fault+0x7cb/0x3eb0 [ 85.634346][ T9285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 85.640583][ T9285] ? __fget_light+0x1a9/0x230 [ 85.645525][ T9285] ? __fdget+0x1b/0x20 [ 85.649608][ T9285] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 85.655934][ T9285] __sys_sendmsg+0x105/0x1d0 [ 85.660527][ T9285] ? __ia32_sys_shutdown+0x80/0x80 [ 85.665637][ T9285] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 85.671087][ T9285] ? do_syscall_64+0x26/0x680 [ 85.675754][ T9285] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.681809][ T9285] ? do_syscall_64+0x26/0x680 [ 85.686477][ T9285] __x64_sys_sendmsg+0x78/0xb0 [ 85.691276][ T9285] do_syscall_64+0xfd/0x680 [ 85.695777][ T9285] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.701663][ T9285] RIP: 0033:0x440209 [ 85.705543][ T9285] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 85.725130][ T9285] RSP: 002b:00007ffce4bb5bc8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.733539][ T9285] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440209 [ 85.741514][ T9285] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 85.749478][ T9285] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 85.757614][ T9285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a90 [ 85.765580][ T9285] R13: 0000000000401b20 R14: 0000000000000000 R15: 0000000000000000 [ 85.777111][ T9285] [ 85.779452][ T9285] Allocated by task 1: [ 85.783534][ T9285] save_stack+0x23/0x90 [ 85.787695][ T9285] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 85.793356][ T9285] kasan_slab_alloc+0xf/0x20 [ 85.797953][ T9285] kmem_cache_alloc+0x11a/0x6f0 [ 85.802812][ T9285] __kernfs_new_node+0xf0/0x6c0 [ 85.807654][ T9285] kernfs_new_node+0x96/0x120 [ 85.812324][ T9285] __kernfs_create_file+0x51/0x340 [ 85.817428][ T9285] sysfs_add_file_mode_ns+0x222/0x560 [ 85.822814][ T9285] internal_create_group+0x359/0xc40 [ 85.828089][ T9285] sysfs_create_groups+0x9b/0x141 [ 85.833184][ T9285] device_add+0x1353/0x17a0 [ 85.837710][ T9285] netdev_register_kobject+0x183/0x3b0 [ 85.843168][ T9285] register_netdevice+0x875/0xff0 [ 85.848182][ T9285] register_netdev+0x30/0x50 [ 85.852761][ T9285] vti6_init_net+0x518/0x820 [ 85.857336][ T9285] ops_init+0xb3/0x410 [ 85.861394][ T9285] register_pernet_operations+0x382/0x7f0 [ 85.867100][ T9285] register_pernet_device+0x2a/0x80 [ 85.872282][ T9285] vti6_tunnel_init+0x19/0x176 [ 85.877209][ T9285] do_one_initcall+0x107/0x7ba [ 85.882006][ T9285] kernel_init_freeable+0x4d4/0x5c3 [ 85.887190][ T9285] kernel_init+0x12/0x1c5 [ 85.891530][ T9285] ret_from_fork+0x24/0x30 [ 85.895924][ T9285] [ 85.898236][ T9285] Freed by task 0: [ 85.901948][ T9285] (stack is not available) [ 85.906342][ T9285] [ 85.908672][ T9285] The buggy address belongs to the object at ffff8882165dbd20 [ 85.908672][ T9285] which belongs to the cache kernfs_node_cache of size 160 [ 85.923242][ T9285] The buggy address is located 0 bytes to the right of [ 85.923242][ T9285] 160-byte region [ffff8882165dbd20, ffff8882165dbdc0) [ 85.936847][ T9285] The buggy address belongs to the page: [ 85.942473][ T9285] page:ffffea00085976c0 refcount:1 mapcount:0 mapping:ffff8880aa5964c0 index:0xffff8882165dbfee [ 85.952896][ T9285] flags: 0x6fffc0000000200(slab) [ 85.957840][ T9285] raw: 06fffc0000000200 ffffea0008590208 ffffea0008597708 ffff8880aa5964c0 [ 85.966413][ T9285] raw: ffff8882165dbfee ffff8882165db000 0000000100000012 0000000000000000 [ 85.974983][ T9285] page dumped because: kasan: bad access detected [ 85.981376][ T9285] [ 85.983686][ T9285] Memory state around the buggy address: [ 85.989308][ T9285] ffff8882165dbc80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 85.997361][ T9285] ffff8882165dbd00: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.005462][ T9285] >ffff8882165dbd80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 86.013507][ T9285] ^ [ 86.019656][ T9285] ffff8882165dbe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.027708][ T9285] ffff8882165dbe80: 00 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 00 [ 86.035756][ T9285] ================================================================== [ 86.043893][ T9285] Disabling lock debugging due to kernel taint [ 86.050035][ T9285] Kernel panic - not syncing: panic_on_warn set ... [ 86.056622][ T9285] CPU: 1 PID: 9285 Comm: syz-executor687 Tainted: G B 5.2.0-rc1+ #1 [ 86.065883][ T9285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.077121][ T9285] Call Trace: [ 86.080460][ T9285] dump_stack+0x172/0x1f0 [ 86.084791][ T9285] panic+0x2cb/0x744 [ 86.088677][ T9285] ? __warn_printk+0xf3/0xf3 [ 86.093278][ T9285] ? lock_downgrade+0x880/0x880 [ 86.098130][ T9285] ? __lock_acquire+0x3ba2/0x5490 [ 86.103148][ T9285] ? trace_hardirqs_off+0x62/0x220 [ 86.108529][ T9285] ? trace_hardirqs_off+0x59/0x220 [ 86.113984][ T9285] ? __lock_acquire+0x3ba2/0x5490 [ 86.119003][ T9285] end_report+0x47/0x4f [ 86.123149][ T9285] ? __lock_acquire+0x3ba2/0x5490 [ 86.128171][ T9285] __kasan_report.cold+0xe/0x40 [ 86.133032][ T9285] ? __lock_acquire+0x3ba2/0x5490 [ 86.138058][ T9285] kasan_report+0x12/0x20 [ 86.142387][ T9285] __asan_report_load8_noabort+0x14/0x20 [ 86.148035][ T9285] __lock_acquire+0x3ba2/0x5490 [ 86.152878][ T9285] ? sock_diag_rcv+0x2b/0x40 [ 86.157471][ T9285] ? netlink_unicast+0x531/0x710 [ 86.162400][ T9285] ? netlink_sendmsg+0x8ae/0xd70 [ 86.167330][ T9285] ? sock_sendmsg+0xd7/0x130 [ 86.171905][ T9285] ? ___sys_sendmsg+0x803/0x920 [ 86.176770][ T9285] ? __sys_sendmsg+0x105/0x1d0 [ 86.181555][ T9285] ? __x64_sys_sendmsg+0x78/0xb0 [ 86.186490][ T9285] ? do_syscall_64+0xfd/0x680 [ 86.191156][ T9285] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.197211][ T9285] ? mark_held_locks+0xf0/0xf0 [ 86.201965][ T9285] ? mark_held_locks+0xf0/0xf0 [ 86.206728][ T9285] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 86.212345][ T9285] ? find_held_lock+0x35/0x130 [ 86.217090][ T9285] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 86.222723][ T9285] lock_acquire+0x16f/0x3f0 [ 86.227220][ T9285] ? rhashtable_walk_enter+0xf9/0x390 [ 86.232572][ T9285] _raw_spin_lock+0x2f/0x40 [ 86.237067][ T9285] ? rhashtable_walk_enter+0xf9/0x390 [ 86.242422][ T9285] rhashtable_walk_enter+0xf9/0x390 [ 86.247612][ T9285] __tipc_dump_start+0x1fa/0x3c0 [ 86.252533][ T9285] tipc_dump_start+0x70/0x90 [ 86.257195][ T9285] __netlink_dump_start+0x4f8/0x7d0 [ 86.262392][ T9285] ? __tipc_dump_start+0x3c0/0x3c0 [ 86.267514][ T9285] tipc_sock_diag_handler_dump+0x1d9/0x270 [ 86.273333][ T9285] ? __tipc_diag_gen_cookie+0x90/0x90 [ 86.278706][ T9285] ? sock_diag_rcv+0x1c/0x40 [ 86.283289][ T9285] ? __tipc_dump_start+0x3c0/0x3c0 [ 86.288393][ T9285] ? tipc_unregister_sysctl+0x20/0x20 [ 86.293773][ T9285] ? tipc_ioctl+0x2e0/0x2e0 [ 86.298275][ T9285] sock_diag_rcv_msg+0x319/0x410 [ 86.303205][ T9285] netlink_rcv_skb+0x177/0x450 [ 86.307973][ T9285] ? sock_diag_bind+0x80/0x80 [ 86.312633][ T9285] ? netlink_ack+0xb50/0xb50 [ 86.317202][ T9285] ? kasan_check_read+0x11/0x20 [ 86.322050][ T9285] ? netlink_deliver_tap+0x254/0xbf0 [ 86.327324][ T9285] sock_diag_rcv+0x2b/0x40 [ 86.331747][ T9285] netlink_unicast+0x531/0x710 [ 86.336503][ T9285] ? netlink_attachskb+0x770/0x770 [ 86.341594][ T9285] ? _copy_from_iter_full+0x25d/0x8c0 [ 86.346963][ T9285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.353187][ T9285] netlink_sendmsg+0x8ae/0xd70 [ 86.357949][ T9285] ? netlink_unicast+0x710/0x710 [ 86.362872][ T9285] ? tomoyo_socket_sendmsg+0x26/0x30 [ 86.368322][ T9285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.374550][ T9285] ? security_socket_sendmsg+0x8d/0xc0 [ 86.379989][ T9285] ? netlink_unicast+0x710/0x710 [ 86.384906][ T9285] sock_sendmsg+0xd7/0x130 [ 86.389327][ T9285] ___sys_sendmsg+0x803/0x920 [ 86.393996][ T9285] ? copy_msghdr_from_user+0x430/0x430 [ 86.399558][ T9285] ? prep_transhuge_page+0xa0/0xa0 [ 86.404666][ T9285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.410898][ T9285] ? __handle_mm_fault+0x7cb/0x3eb0 [ 86.416083][ T9285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.422305][ T9285] ? __fget_light+0x1a9/0x230 [ 86.426992][ T9285] ? __fdget+0x1b/0x20 [ 86.431161][ T9285] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 86.437396][ T9285] __sys_sendmsg+0x105/0x1d0 [ 86.441976][ T9285] ? __ia32_sys_shutdown+0x80/0x80 [ 86.447082][ T9285] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 86.452534][ T9285] ? do_syscall_64+0x26/0x680 [ 86.457197][ T9285] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.463245][ T9285] ? do_syscall_64+0x26/0x680 [ 86.467935][ T9285] __x64_sys_sendmsg+0x78/0xb0 [ 86.472691][ T9285] do_syscall_64+0xfd/0x680 [ 86.477203][ T9285] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.483124][ T9285] RIP: 0033:0x440209 [ 86.487026][ T9285] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 86.506616][ T9285] RSP: 002b:00007ffce4bb5bc8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 86.515191][ T9285] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440209 [ 86.523267][ T9285] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 86.531259][ T9285] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 86.539228][ T9285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a90 [ 86.547197][ T9285] R13: 0000000000401b20 R14: 0000000000000000 R15: 0000000000000000 [ 86.556266][ T9285] Kernel Offset: disabled [ 86.560594][ T9285] Rebooting in 86400 seconds..