[ 31.986020] audit: type=1800 audit(1567159444.686:34): pid=6861 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.786504] random: sshd: uninitialized urandom read (32 bytes read) [ 36.023043] audit: type=1400 audit(1567159448.756:35): avc: denied { map } for pid=7036 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 36.075738] random: sshd: uninitialized urandom read (32 bytes read) [ 36.586173] random: sshd: uninitialized urandom read (32 bytes read) [ 808.489907] audit: type=1400 audit(1567160221.216:36): avc: denied { map } for pid=7044 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 1525.459234] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.233' (ECDSA) to the list of known hosts. [ 1530.965466] random: sshd: uninitialized urandom read (32 bytes read) [ 1531.155635] audit: type=1400 audit(1567160943.886:37): avc: denied { map } for pid=7051 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/08/30 10:29:04 parsed 1 programs [ 1532.189380] audit: type=1400 audit(1567160944.916:38): avc: denied { map } for pid=7051 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13758 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 1532.940821] random: cc1: uninitialized urandom read (8 bytes read) 2019/08/30 10:29:06 executed programs: 0 [ 1534.060134] audit: type=1400 audit(1567160946.786:40): avc: denied { map } for pid=7051 comm="syz-execprog" path="/root/syzkaller-shm503674574" dev="sda1" ino=2233 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 1534.086500] audit: type=1400 audit(1567160946.786:39): avc: denied { map } for pid=7051 comm="syz-execprog" path="/root/syzkaller-shm526546901" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 1534.361169] IPVS: ftp: loaded support on port[0] = 21 [ 1535.158633] chnl_net:caif_netlink_parms(): no params data found [ 1535.167347] IPVS: ftp: loaded support on port[0] = 21 [ 1535.216110] bridge0: port 1(bridge_slave_0) entered blocking state [ 1535.223107] bridge0: port 1(bridge_slave_0) entered disabled state [ 1535.231079] device bridge_slave_0 entered promiscuous mode [ 1535.239799] bridge0: port 2(bridge_slave_1) entered blocking state [ 1535.246453] bridge0: port 2(bridge_slave_1) entered disabled state [ 1535.253581] device bridge_slave_1 entered promiscuous mode [ 1535.264917] IPVS: ftp: loaded support on port[0] = 21 [ 1535.283286] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1535.295256] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1535.325948] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1535.333485] team0: Port device team_slave_0 added [ 1535.349903] IPVS: ftp: loaded support on port[0] = 21 [ 1535.358127] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1535.365979] team0: Port device team_slave_1 added [ 1535.371671] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1535.387224] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1535.492427] device hsr_slave_0 entered promiscuous mode [ 1535.540369] device hsr_slave_1 entered promiscuous mode [ 1535.628373] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1535.635895] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1535.642913] chnl_net:caif_netlink_parms(): no params data found [ 1535.664841] chnl_net:caif_netlink_parms(): no params data found [ 1535.697383] bridge0: port 2(bridge_slave_1) entered blocking state [ 1535.704046] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1535.711163] bridge0: port 1(bridge_slave_0) entered blocking state [ 1535.717620] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1535.746083] IPVS: ftp: loaded support on port[0] = 21 [ 1535.763366] bridge0: port 1(bridge_slave_0) entered blocking state [ 1535.770222] bridge0: port 1(bridge_slave_0) entered disabled state [ 1535.777709] device bridge_slave_0 entered promiscuous mode [ 1535.788908] bridge0: port 2(bridge_slave_1) entered blocking state [ 1535.795492] bridge0: port 2(bridge_slave_1) entered disabled state [ 1535.802857] device bridge_slave_1 entered promiscuous mode [ 1535.815506] bridge0: port 1(bridge_slave_0) entered blocking state [ 1535.822760] bridge0: port 1(bridge_slave_0) entered disabled state [ 1535.830650] device bridge_slave_0 entered promiscuous mode [ 1535.851452] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1535.859878] bridge0: port 2(bridge_slave_1) entered blocking state [ 1535.867952] bridge0: port 2(bridge_slave_1) entered disabled state [ 1535.875322] device bridge_slave_1 entered promiscuous mode [ 1535.892515] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1535.929745] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1535.938014] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1535.946368] team0: Port device team_slave_0 added [ 1535.989694] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1535.998288] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1536.007095] team0: Port device team_slave_1 added [ 1536.013596] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1536.045946] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1536.064326] chnl_net:caif_netlink_parms(): no params data found [ 1536.074740] IPVS: ftp: loaded support on port[0] = 21 [ 1536.075755] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1536.088241] team0: Port device team_slave_0 added [ 1536.098202] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1536.105586] team0: Port device team_slave_1 added [ 1536.111664] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1536.138839] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1536.213544] device hsr_slave_0 entered promiscuous mode [ 1536.270605] device hsr_slave_1 entered promiscuous mode [ 1536.341579] bridge0: port 1(bridge_slave_0) entered disabled state [ 1536.348994] bridge0: port 2(bridge_slave_1) entered disabled state [ 1536.359575] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1536.413428] device hsr_slave_0 entered promiscuous mode [ 1536.470505] device hsr_slave_1 entered promiscuous mode [ 1536.534582] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1536.555106] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1536.576212] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1536.589716] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1536.598697] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1536.608920] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1536.622162] bridge0: port 1(bridge_slave_0) entered blocking state [ 1536.629046] bridge0: port 1(bridge_slave_0) entered disabled state [ 1536.638041] device bridge_slave_0 entered promiscuous mode [ 1536.645256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1536.653525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1536.665848] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1536.672076] 8021q: adding VLAN 0 to HW filter on device team0 [ 1536.680777] chnl_net:caif_netlink_parms(): no params data found [ 1536.692360] bridge0: port 2(bridge_slave_1) entered blocking state [ 1536.698828] bridge0: port 2(bridge_slave_1) entered disabled state [ 1536.706797] device bridge_slave_1 entered promiscuous mode [ 1536.730851] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1536.739705] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1536.783869] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1536.791279] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1536.798584] team0: Port device team_slave_0 added [ 1536.804848] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1536.812264] team0: Port device team_slave_1 added [ 1536.823389] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1536.834821] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1536.844020] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1536.852916] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1536.874661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1536.883608] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1536.891802] bridge0: port 1(bridge_slave_0) entered blocking state [ 1536.898938] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1536.944586] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1536.966516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1536.974660] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1536.982738] bridge0: port 2(bridge_slave_1) entered blocking state [ 1536.989094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1537.005953] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1537.015307] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1537.023143] bridge0: port 1(bridge_slave_0) entered blocking state [ 1537.029733] bridge0: port 1(bridge_slave_0) entered disabled state [ 1537.038035] device bridge_slave_0 entered promiscuous mode [ 1537.092265] device hsr_slave_0 entered promiscuous mode [ 1537.130371] device hsr_slave_1 entered promiscuous mode [ 1537.170712] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1537.179764] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1537.191765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1537.200742] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1537.208891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1537.220158] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1537.229445] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1537.237455] bridge0: port 2(bridge_slave_1) entered blocking state [ 1537.244260] bridge0: port 2(bridge_slave_1) entered disabled state [ 1537.252437] device bridge_slave_1 entered promiscuous mode [ 1537.258640] chnl_net:caif_netlink_parms(): no params data found [ 1537.273220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1537.281173] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1537.288706] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1537.296552] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1537.304499] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1537.317488] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1537.339806] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1537.351287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1537.359033] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1537.367928] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1537.386277] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1537.399708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1537.410204] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1537.441107] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1537.448253] bridge0: port 1(bridge_slave_0) entered blocking state [ 1537.456986] bridge0: port 1(bridge_slave_0) entered disabled state [ 1537.464658] device bridge_slave_0 entered promiscuous mode [ 1537.472577] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1537.479987] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1537.486994] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1537.494367] team0: Port device team_slave_0 added [ 1537.500784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1537.508311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1537.516794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1537.524105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1537.533217] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1537.539501] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1537.547040] bridge0: port 2(bridge_slave_1) entered blocking state [ 1537.553876] bridge0: port 2(bridge_slave_1) entered disabled state [ 1537.561569] device bridge_slave_1 entered promiscuous mode [ 1537.578177] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1537.586518] team0: Port device team_slave_1 added [ 1537.593630] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1537.599836] 8021q: adding VLAN 0 to HW filter on device team0 [ 1537.607049] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1537.616768] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1537.623097] 8021q: adding VLAN 0 to HW filter on device team0 [ 1537.635745] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1537.645723] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1537.654320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1537.662657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1537.671673] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1537.683404] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1537.693755] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1537.708238] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1537.716721] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1537.726978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1537.734812] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1537.742901] bridge0: port 1(bridge_slave_0) entered blocking state [ 1537.749768] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1537.757520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1537.765635] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1537.774002] bridge0: port 2(bridge_slave_1) entered blocking state [ 1537.780420] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1537.788752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1537.796754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1537.804996] bridge0: port 1(bridge_slave_0) entered blocking state [ 1537.811499] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1537.818944] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1537.826575] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1537.834782] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1537.853273] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1537.860939] team0: Port device team_slave_0 added [ 1537.866762] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1537.874183] team0: Port device team_slave_1 added [ 1537.882303] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1537.892538] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1537.900630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1537.908797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1537.917396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1537.925264] bridge0: port 2(bridge_slave_1) entered blocking state [ 1537.931650] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1537.946240] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1537.955158] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1537.963844] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1537.974481] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1537.983102] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1537.995397] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1538.003555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1538.063230] device hsr_slave_0 entered promiscuous mode [ 1538.130560] device hsr_slave_1 entered promiscuous mode [ 1538.201682] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1538.208671] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1538.235608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1538.247154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1538.255834] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1538.263619] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1538.276180] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1538.285103] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1538.333617] device hsr_slave_0 entered promiscuous mode [ 1538.380437] device hsr_slave_1 entered promiscuous mode [ 1538.420762] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1538.427769] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1538.440981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1538.449126] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1538.457324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1538.475636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1538.493662] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1538.502345] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1538.509976] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1538.517996] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1538.527320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1538.535534] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1538.543578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1538.551394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1538.559129] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1538.568407] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1538.579132] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1538.588165] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1538.595698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1538.614045] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1538.622011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1538.629116] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1538.636525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1538.644379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1538.654395] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1538.666065] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1538.679465] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1538.688156] 8021q: adding VLAN 0 to HW filter on device team0 [ 1538.697211] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1538.704084] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1538.711572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1538.714262] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7110 comm=syz-executor.3 [ 1538.719894] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1538.731743] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7110 comm=syz-executor.3 [ 1538.752487] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7110 comm=syz-executor.3 [ 1538.769178] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7110 comm=syz-executor.3 [ 1538.772965] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1538.785882] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7110 comm=syz-executor.3 [ 1538.790593] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1538.808454] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7110 comm=syz-executor.3 [ 1538.824099] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7110 comm=syz-executor.3 [ 1538.826149] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1538.836909] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7110 comm=syz-executor.3 [ 1538.853042] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1538.856014] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7110 comm=syz-executor.3 [ 1538.867790] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1538.876872] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7110 comm=syz-executor.3 [ 1538.884417] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1538.908313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1538.916303] bridge0: port 1(bridge_slave_0) entered blocking state [ 1538.922981] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1538.941646] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1538.948115] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1538.962658] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1538.980725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1538.988717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1539.001992] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1539.009747] bridge0: port 2(bridge_slave_1) entered blocking state [ 1539.016261] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1539.030766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1539.043723] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1539.068859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1539.077278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1539.088475] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1539.097715] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1539.111914] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1539.121631] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1539.130698] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1539.140293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1539.148331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1539.156466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1539.170829] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1539.179505] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1539.192699] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1539.206741] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1539.213747] 8021q: adding VLAN 0 to HW filter on device team0 [ 1539.221685] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1539.228343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1539.236936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1539.254567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1539.272676] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1539.284006] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1539.297138] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1539.312956] 8021q: adding VLAN 0 to HW filter on device team0 [ 1539.321123] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1539.336289] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1539.345781] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1539.361757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1539.369487] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1539.377843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1539.389186] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1539.409012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1539.417670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1539.429547] bridge0: port 1(bridge_slave_0) entered blocking state [ 1539.435966] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1539.449892] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1539.459699] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1539.480346] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1539.499246] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 2019/08/30 10:29:12 executed programs: 6 [ 1539.514905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1539.527097] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1539.544340] bridge0: port 1(bridge_slave_0) entered blocking state [ 1539.550919] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1539.559016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1539.569706] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1539.577782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1539.586088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1539.594349] bridge0: port 2(bridge_slave_1) entered blocking state [ 1539.600848] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1539.609388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1539.618733] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1539.628521] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1539.646079] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1539.657207] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1539.676101] bridge0: port 2(bridge_slave_1) entered blocking state [ 1539.682548] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1539.693767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1539.703056] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1539.709305] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1539.742789] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1539.752711] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1539.760986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1539.768963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1539.785168] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1539.798661] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1539.808743] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1539.821432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1539.837480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1539.857607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1539.882565] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1539.891298] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1539.915334] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1539.936302] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1539.951771] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1539.966260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1539.987367] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1540.007966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1540.029112] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1540.050514] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1540.070928] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1540.094152] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1540.111186] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1540.130646] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1540.137710] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1540.151360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1540.171500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1540.193793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1540.213822] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1540.237258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1540.264389] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1540.282924] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1540.298912] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1540.317606] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1540.337376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1540.349078] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1540.374957] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1540.385623] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1540.424934] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1540.456493] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1540.480988] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1540.506252] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1543.720239] selinux_nlmsg_perm: 29709 callbacks suppressed [ 1543.720247] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7293 comm=syz-executor.4 [ 1543.722052] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7292 comm=syz-executor.5 [ 1543.726162] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7295 comm=syz-executor.0 [ 1543.738972] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7294 comm=syz-executor.1 [ 1543.751497] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7261 comm=syz-executor.3 [ 1543.764152] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7290 comm=syz-executor.2 [ 1543.776807] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7293 comm=syz-executor.4 [ 1543.793773] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7292 comm=syz-executor.5 [ 1543.802779] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7261 comm=syz-executor.3 [ 1543.817116] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7294 comm=syz-executor.1 [ 1544.494338] ================================================================== [ 1544.501973] BUG: KASAN: use-after-free in __smc_diag_dump.isra.0+0x16e0/0x17b0 [ 1544.509673] Read of size 8 at addr ffff8880761a6ae0 by task syz-executor.4/7307 [ 1544.517450] [ 1544.519169] CPU: 0 PID: 7307 Comm: syz-executor.4 Not tainted 4.14.141 #37 [ 1544.526555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1544.536242] Call Trace: [ 1544.538906] dump_stack+0x138/0x197 [ 1544.542532] ? __smc_diag_dump.isra.0+0x16e0/0x17b0 [ 1544.547893] print_address_description.cold+0x7c/0x1dc [ 1544.553181] ? __smc_diag_dump.isra.0+0x16e0/0x17b0 [ 1544.558221] kasan_report.cold+0xa9/0x2af [ 1544.562399] __asan_report_load8_noabort+0x14/0x20 [ 1544.567331] __smc_diag_dump.isra.0+0x16e0/0x17b0 [ 1544.572182] ? smc_diag_handler_dump+0x200/0x200 [ 1544.577163] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1544.582612] ? __kmalloc_node_track_caller+0x3d/0x80 [ 1544.587983] ? rcu_read_lock_sched_held+0x110/0x130 [ 1544.593080] ? kmem_cache_alloc_node_trace+0x379/0x770 [ 1544.598681] ? kasan_unpoison_shadow+0x35/0x50 [ 1544.608819] ? kasan_kmalloc+0xce/0xf0 [ 1544.612695] ? lock_acquire+0x16f/0x430 [ 1544.618152] ? smc_diag_dump+0x8d/0x2a0 [ 1544.622383] smc_diag_dump+0x1e5/0x2a0 [ 1544.626521] netlink_dump+0x3fa/0xb10 [ 1544.630352] __netlink_dump_start+0x4ff/0x750 [ 1544.635006] smc_diag_handler_dump+0x1b7/0x200 [ 1544.639605] ? smc_gid_be16_convert+0x2c0/0x2c0 [ 1544.644275] ? __smc_diag_dump.isra.0+0x17b0/0x17b0 [ 1544.649366] sock_diag_rcv_msg+0x29e/0x3a0 [ 1544.653602] netlink_rcv_skb+0x14f/0x3c0 [ 1544.657683] ? sock_diag_bind+0x90/0x90 [ 1544.661866] ? lock_downgrade+0x6e0/0x6e0 [ 1544.666025] ? netlink_ack+0x9a0/0x9a0 [ 1544.669914] sock_diag_rcv+0x2b/0x40 [ 1544.673641] netlink_unicast+0x45d/0x640 [ 1544.677881] ? netlink_attachskb+0x6a0/0x6a0 [ 1544.682353] ? security_netlink_send+0x81/0xb0 [ 1544.687052] netlink_sendmsg+0x7c4/0xc60 [ 1544.691132] ? netlink_unicast+0x640/0x640 [ 1544.695374] ? security_socket_sendmsg+0x89/0xb0 [ 1544.700128] ? netlink_unicast+0x640/0x640 [ 1544.704532] sock_sendmsg+0xce/0x110 [ 1544.708251] kernel_sendmsg+0x44/0x50 [ 1544.712124] sock_no_sendpage+0x107/0x130 [ 1544.716269] ? sock_kzfree_s+0x50/0x50 [ 1544.720259] ? pipe_lock+0x63/0x80 [ 1544.724718] kernel_sendpage+0x92/0xf0 [ 1544.728609] ? sock_kzfree_s+0x50/0x50 [ 1544.732496] sock_sendpage+0x8b/0xc0 [ 1544.736235] ? kernel_sendpage+0xf0/0xf0 [ 1544.740305] pipe_to_sendpage+0x242/0x340 [ 1544.744456] ? direct_splice_actor+0x190/0x190 [ 1544.749044] __splice_from_pipe+0x348/0x780 [ 1544.753365] ? direct_splice_actor+0x190/0x190 [ 1544.758039] ? direct_splice_actor+0x190/0x190 [ 1544.762757] splice_from_pipe+0xf0/0x150 [ 1544.766912] ? splice_shrink_spd+0xb0/0xb0 [ 1544.771142] ? security_file_permission+0x89/0x1f0 [ 1544.776164] generic_splice_sendpage+0x3c/0x50 [ 1544.780727] ? splice_from_pipe+0x150/0x150 [ 1544.785031] SyS_splice+0xd92/0x1430 [ 1544.788729] ? put_timespec64+0xb4/0x100 [ 1544.792803] ? compat_SyS_vmsplice+0x250/0x250 [ 1544.797369] ? do_syscall_64+0x53/0x640 [ 1544.801333] ? compat_SyS_vmsplice+0x250/0x250 [ 1544.805900] do_syscall_64+0x1e8/0x640 [ 1544.809772] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1544.814733] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1544.820005] RIP: 0033:0x459879 [ 1544.823180] RSP: 002b:00007f1544487c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 1544.830970] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459879 [ 1544.838333] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000004 [ 1544.845771] RBP: 000000000075c070 R08: 0000000080000001 R09: 0000000000000000 [ 1544.853302] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f15444886d4 [ 1544.860730] R13: 00000000004c907b R14: 00000000004df4f0 R15: 00000000ffffffff [ 1544.867990] [ 1544.869601] Allocated by task 7307: [ 1544.873230] save_stack_trace+0x16/0x20 [ 1544.877222] save_stack+0x45/0xd0 [ 1544.880670] kasan_kmalloc+0xce/0xf0 [ 1544.884366] kasan_slab_alloc+0xf/0x20 [ 1544.888252] kmem_cache_alloc+0x12e/0x780 [ 1544.892390] sock_alloc_inode+0x1d/0x260 [ 1544.896802] alloc_inode+0x64/0x180 [ 1544.901580] new_inode_pseudo+0x19/0xf0 [ 1544.905650] sock_alloc+0x41/0x280 [ 1544.909468] __sock_create+0x8f/0x620 [ 1544.913249] sock_create_kern+0x3b/0x50 [ 1544.917448] smc_create+0x109/0x300 [ 1544.921173] __sock_create+0x2f6/0x620 [ 1544.925575] SyS_socket+0xd3/0x170 [ 1544.929273] do_syscall_64+0x1e8/0x640 [ 1544.933166] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1544.938348] [ 1544.939959] Freed by task 7281: [ 1544.943224] save_stack_trace+0x16/0x20 [ 1544.947179] save_stack+0x45/0xd0 [ 1544.950792] kasan_slab_free+0x75/0xc0 [ 1544.954687] kmem_cache_free+0x83/0x2b0 [ 1544.958649] sock_destroy_inode+0x54/0x60 [ 1544.963051] destroy_inode+0xc2/0x120 [ 1544.966934] evict+0x3e6/0x630 [ 1544.970270] iput+0x471/0x900 [ 1544.973372] __sock_release+0x236/0x2b0 [ 1544.977425] sock_release+0x18/0x20 [ 1544.981034] smc_release+0x23b/0x630 [ 1544.984743] __sock_release+0xce/0x2b0 [ 1544.988890] sock_close+0x1b/0x30 [ 1544.992329] __fput+0x275/0x7a0 [ 1544.995678] ____fput+0x16/0x20 [ 1544.998944] task_work_run+0x114/0x190 [ 1545.003162] exit_to_usermode_loop+0x1da/0x220 [ 1545.008194] do_syscall_64+0x4bc/0x640 [ 1545.012073] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1545.017272] [ 1545.018884] The buggy address belongs to the object at ffff8880761a6ac0 [ 1545.018884] which belongs to the cache sock_inode_cache of size 992 [ 1545.033311] The buggy address is located 32 bytes inside of [ 1545.033311] 992-byte region [ffff8880761a6ac0, ffff8880761a6ea0) [ 1545.045364] The buggy address belongs to the page: [ 1545.050374] page:ffffea0001d86980 count:1 mapcount:0 mapping:ffff8880761a61c0 index:0xffff8880761a6ffd [ 1545.059803] flags: 0x1fffc0000000100(slab) [ 1545.064118] raw: 01fffc0000000100 ffff8880761a61c0 ffff8880761a6ffd 0000000100000003 [ 1545.071983] raw: ffffea000251d4a0 ffffea000251ac60 ffff8880a9e82c00 0000000000000000 [ 1545.079846] page dumped because: kasan: bad access detected [ 1545.085717] [ 1545.087324] Memory state around the buggy address: [ 1545.092259] ffff8880761a6980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1545.099604] ffff8880761a6a00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 1545.107036] >ffff8880761a6a80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 1545.114578] ^ [ 1545.121237] ffff8880761a6b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1545.128667] ffff8880761a6b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1545.136033] ================================================================== [ 1545.143956] Disabling lock debugging due to kernel taint [ 1545.150081] Kernel panic - not syncing: panic_on_warn set ... [ 1545.150081] [ 1545.157529] CPU: 0 PID: 7307 Comm: syz-executor.4 Tainted: G B 4.14.141 #37 [ 1545.165759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1545.175360] Call Trace: [ 1545.178026] dump_stack+0x138/0x197 [ 1545.181654] ? __smc_diag_dump.isra.0+0x16e0/0x17b0 [ 1545.186927] panic+0x1f2/0x426 [ 1545.190188] ? add_taint.cold+0x16/0x16 [ 1545.194230] kasan_end_report+0x47/0x4f [ 1545.198553] kasan_report.cold+0x130/0x2af [ 1545.202775] __asan_report_load8_noabort+0x14/0x20 [ 1545.207869] __smc_diag_dump.isra.0+0x16e0/0x17b0 [ 1545.212822] ? smc_diag_handler_dump+0x200/0x200 [ 1545.217650] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1545.223553] ? __kmalloc_node_track_caller+0x3d/0x80 [ 1545.228937] ? rcu_read_lock_sched_held+0x110/0x130 [ 1545.234022] ? kmem_cache_alloc_node_trace+0x379/0x770 [ 1545.239300] ? kasan_unpoison_shadow+0x35/0x50 [ 1545.243951] ? kasan_kmalloc+0xce/0xf0 [ 1545.247913] ? lock_acquire+0x16f/0x430 [ 1545.251889] ? smc_diag_dump+0x8d/0x2a0 [ 1545.255935] smc_diag_dump+0x1e5/0x2a0 [ 1545.259811] netlink_dump+0x3fa/0xb10 [ 1545.263708] __netlink_dump_start+0x4ff/0x750 [ 1545.268187] smc_diag_handler_dump+0x1b7/0x200 [ 1545.272754] ? smc_gid_be16_convert+0x2c0/0x2c0 [ 1545.277515] ? __smc_diag_dump.isra.0+0x17b0/0x17b0 [ 1545.282620] sock_diag_rcv_msg+0x29e/0x3a0 [ 1545.287075] netlink_rcv_skb+0x14f/0x3c0 [ 1545.291205] ? sock_diag_bind+0x90/0x90 [ 1545.295260] ? lock_downgrade+0x6e0/0x6e0 [ 1545.299404] ? netlink_ack+0x9a0/0x9a0 [ 1545.303276] sock_diag_rcv+0x2b/0x40 [ 1545.306986] netlink_unicast+0x45d/0x640 [ 1545.311031] ? netlink_attachskb+0x6a0/0x6a0 [ 1545.315510] ? security_netlink_send+0x81/0xb0 [ 1545.320081] netlink_sendmsg+0x7c4/0xc60 [ 1545.324228] ? netlink_unicast+0x640/0x640 [ 1545.328544] ? security_socket_sendmsg+0x89/0xb0 [ 1545.333282] ? netlink_unicast+0x640/0x640 [ 1545.337500] sock_sendmsg+0xce/0x110 [ 1545.341198] kernel_sendmsg+0x44/0x50 [ 1545.345505] sock_no_sendpage+0x107/0x130 [ 1545.349776] ? sock_kzfree_s+0x50/0x50 [ 1545.353764] ? pipe_lock+0x63/0x80 [ 1545.357287] kernel_sendpage+0x92/0xf0 [ 1545.361195] ? sock_kzfree_s+0x50/0x50 [ 1545.365156] sock_sendpage+0x8b/0xc0 [ 1545.368860] ? kernel_sendpage+0xf0/0xf0 [ 1545.372919] pipe_to_sendpage+0x242/0x340 [ 1545.377058] ? direct_splice_actor+0x190/0x190 [ 1545.381626] __splice_from_pipe+0x348/0x780 [ 1545.385953] ? direct_splice_actor+0x190/0x190 [ 1545.390609] ? direct_splice_actor+0x190/0x190 [ 1545.409705] splice_from_pipe+0xf0/0x150 [ 1545.413855] ? splice_shrink_spd+0xb0/0xb0 [ 1545.418160] ? security_file_permission+0x89/0x1f0 [ 1545.423421] generic_splice_sendpage+0x3c/0x50 [ 1545.427985] ? splice_from_pipe+0x150/0x150 [ 1545.432457] SyS_splice+0xd92/0x1430 [ 1545.436607] ? put_timespec64+0xb4/0x100 [ 1545.440654] ? compat_SyS_vmsplice+0x250/0x250 [ 1545.445312] ? do_syscall_64+0x53/0x640 [ 1545.449275] ? compat_SyS_vmsplice+0x250/0x250 [ 1545.453851] do_syscall_64+0x1e8/0x640 [ 1545.457729] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1545.462666] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1545.467850] RIP: 0033:0x459879 [ 1545.471020] RSP: 002b:00007f1544487c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 1545.478728] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459879 [ 1545.485987] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000004 [ 1545.493235] RBP: 000000000075c070 R08: 0000000080000001 R09: 0000000000000000 [ 1545.500489] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f15444886d4 [ 1545.507760] R13: 00000000004c907b R14: 00000000004df4f0 R15: 00000000ffffffff [ 1545.517607] Kernel Offset: disabled [ 1545.521354] Rebooting in 86400 seconds..