Warning: Permanently added '10.128.0.95' (ECDSA) to the list of known hosts. [ 988.346688] audit: type=1400 audit(1564800585.095:36): avc: denied { map } for pid=7914 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/08/03 02:49:45 parsed 1 programs [ 989.229444] audit: type=1400 audit(1564800585.975:37): avc: denied { map } for pid=7914 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=726 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/08/03 02:49:47 executed programs: 0 [ 991.014708] IPVS: ftp: loaded support on port[0] = 21 [ 991.080054] chnl_net:caif_netlink_parms(): no params data found [ 991.112850] bridge0: port 1(bridge_slave_0) entered blocking state [ 991.119646] bridge0: port 1(bridge_slave_0) entered disabled state [ 991.126929] device bridge_slave_0 entered promiscuous mode [ 991.135134] bridge0: port 2(bridge_slave_1) entered blocking state [ 991.141597] bridge0: port 2(bridge_slave_1) entered disabled state [ 991.148871] device bridge_slave_1 entered promiscuous mode [ 991.165969] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 991.174958] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 991.191366] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 991.199164] team0: Port device team_slave_0 added [ 991.204653] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 991.211818] team0: Port device team_slave_1 added [ 991.217236] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 991.224541] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 991.305089] device hsr_slave_0 entered promiscuous mode [ 991.343616] device hsr_slave_1 entered promiscuous mode [ 991.383631] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 991.390566] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 991.404944] bridge0: port 2(bridge_slave_1) entered blocking state [ 991.411350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 991.418356] bridge0: port 1(bridge_slave_0) entered blocking state [ 991.424764] bridge0: port 1(bridge_slave_0) entered forwarding state [ 991.458045] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 991.465028] 8021q: adding VLAN 0 to HW filter on device bond0 [ 991.472933] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 991.481413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 991.500712] bridge0: port 1(bridge_slave_0) entered disabled state [ 991.508580] bridge0: port 2(bridge_slave_1) entered disabled state [ 991.516490] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 991.527306] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 991.533576] 8021q: adding VLAN 0 to HW filter on device team0 [ 991.544606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 991.552388] bridge0: port 1(bridge_slave_0) entered blocking state [ 991.558807] bridge0: port 1(bridge_slave_0) entered forwarding state [ 991.573986] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 991.581577] bridge0: port 2(bridge_slave_1) entered blocking state [ 991.587996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 991.597599] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 991.606430] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 991.621295] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 991.631188] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 991.642668] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 991.650660] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 991.658588] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 991.666309] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 991.674434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 991.686036] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 991.697060] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 991.707968] audit: type=1400 audit(1564800588.455:38): avc: denied { associate } for pid=7931 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 991.759209] audit: type=1400 audit(1564800588.505:39): avc: denied { map_create } for pid=7941 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 991.784891] audit: type=1400 audit(1564800588.505:40): avc: denied { map_read map_write } for pid=7941 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 2019/08/03 02:49:52 executed programs: 211 2019/08/03 02:49:57 executed programs: 463 2019/08/03 02:50:02 executed programs: 719 2019/08/03 02:50:07 executed programs: 974 2019/08/03 02:50:12 executed programs: 1226 2019/08/03 02:50:17 executed programs: 1480 2019/08/03 02:50:22 executed programs: 1727 2019/08/03 02:50:27 executed programs: 1984 2019/08/03 02:50:32 executed programs: 2241 2019/08/03 02:50:37 executed programs: 2496 2019/08/03 02:50:42 executed programs: 2754 2019/08/03 02:50:47 executed programs: 3003 2019/08/03 02:50:52 executed programs: 3252 2019/08/03 02:50:57 executed programs: 3498 2019/08/03 02:51:02 executed programs: 3739 2019/08/03 02:51:07 executed programs: 3989 2019/08/03 02:51:12 executed programs: 4240 2019/08/03 02:51:17 executed programs: 4496 2019/08/03 02:51:22 executed programs: 4745 2019/08/03 02:51:27 executed programs: 4994 2019/08/03 02:51:32 executed programs: 5241 2019/08/03 02:51:37 executed programs: 5488 2019/08/03 02:51:42 executed programs: 5745 2019/08/03 02:51:47 executed programs: 5997 2019/08/03 02:51:52 executed programs: 6249 2019/08/03 02:51:58 executed programs: 6494 2019/08/03 02:52:03 executed programs: 6737 2019/08/03 02:52:08 executed programs: 6983 2019/08/03 02:52:13 executed programs: 7236 2019/08/03 02:52:18 executed programs: 7486 2019/08/03 02:52:23 executed programs: 7732 2019/08/03 02:52:28 executed programs: 7978 2019/08/03 02:52:33 executed programs: 8226 2019/08/03 02:52:38 executed programs: 8471 [ 1162.015291] ================================================================== [ 1162.022905] BUG: KASAN: use-after-free in __lock_acquire+0x34ac/0x49c0 [ 1162.029620] Read of size 8 at addr ffff888081f78288 by task syz-executor.0/7771 [ 1162.037053] [ 1162.038710] CPU: 1 PID: 7771 Comm: syz-executor.0 Not tainted 4.19.63 #37 [ 1162.045616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1162.055032] Call Trace: [ 1162.057713] dump_stack+0x172/0x1f0 [ 1162.061340] ? __lock_acquire+0x34ac/0x49c0 [ 1162.065725] print_address_description.cold+0x7c/0x20d [ 1162.071002] ? __lock_acquire+0x34ac/0x49c0 [ 1162.075312] kasan_report.cold+0x8c/0x2ba [ 1162.079446] __asan_report_load8_noabort+0x14/0x20 [ 1162.084375] __lock_acquire+0x34ac/0x49c0 [ 1162.088530] ? save_stack+0xa9/0xd0 [ 1162.092145] ? save_stack+0x45/0xd0 [ 1162.095773] ? __kasan_slab_free+0x102/0x150 [ 1162.100180] ? kasan_slab_free+0xe/0x10 [ 1162.104163] ? kfree+0xcf/0x220 [ 1162.107498] ? bpf_tcp_remove+0x478/0xa20 [ 1162.111661] ? bpf_tcp_close+0x130/0x390 [ 1162.115753] ? inet_release+0xff/0x1e0 [ 1162.119688] ? inet6_release+0x53/0x80 [ 1162.123630] ? __sock_release+0xce/0x2a0 [ 1162.127696] ? sock_close+0x1b/0x30 [ 1162.131352] ? __fput+0x2dd/0x8b0 [ 1162.134806] ? mark_held_locks+0x100/0x100 [ 1162.139053] ? find_held_lock+0x35/0x130 [ 1162.143157] ? debug_check_no_obj_freed+0x200/0x464 [ 1162.148183] ? lock_downgrade+0x810/0x810 [ 1162.152316] lock_acquire+0x16f/0x3f0 [ 1162.156107] ? psock_map_pop.isra.0+0x2d/0x1f0 [ 1162.160712] ? kfree+0x170/0x220 [ 1162.164121] _raw_spin_lock_bh+0x33/0x50 [ 1162.168182] ? psock_map_pop.isra.0+0x2d/0x1f0 [ 1162.172764] psock_map_pop.isra.0+0x2d/0x1f0 [ 1162.177183] bpf_tcp_remove+0x481/0xa20 [ 1162.181192] ? tcp_check_oom+0x560/0x560 [ 1162.185244] bpf_tcp_close+0x130/0x390 [ 1162.189122] inet_release+0xff/0x1e0 [ 1162.192848] inet6_release+0x53/0x80 [ 1162.196565] __sock_release+0xce/0x2a0 [ 1162.200463] ? __sock_release+0x2a0/0x2a0 [ 1162.204626] sock_close+0x1b/0x30 [ 1162.208076] __fput+0x2dd/0x8b0 [ 1162.211355] ____fput+0x16/0x20 [ 1162.214660] task_work_run+0x145/0x1c0 [ 1162.218583] exit_to_usermode_loop+0x273/0x2c0 [ 1162.223156] do_syscall_64+0x53d/0x620 [ 1162.227076] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1162.232269] RIP: 0033:0x413511 [ 1162.235463] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1162.254374] RSP: 002b:00007fff49354940 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1162.262063] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000413511 [ 1162.269312] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 1162.276563] RBP: 0000000000000000 R08: ffffffffffffffff R09: ffffffffffffffff [ 1162.283831] R10: 00007fff49354a20 R11: 0000000000000293 R12: 000000000075bfc8 [ 1162.291083] R13: 000000000011baff R14: 00000000007610a8 R15: ffffffffffffffff [ 1162.298337] [ 1162.299989] Allocated by task 7774: [ 1162.303628] save_stack+0x45/0xd0 [ 1162.307078] kasan_kmalloc+0xce/0xf0 [ 1162.310781] kmem_cache_alloc_node_trace+0x153/0x720 [ 1162.315872] __sock_map_ctx_update_elem.isra.0+0x675/0xdc0 [ 1162.321480] sock_hash_ctx_update_elem.isra.0+0x6c2/0x10d0 [ 1162.327086] sock_hash_update_elem+0x246/0x4b0 [ 1162.331698] map_update_elem+0x791/0xda0 [ 1162.335777] __x64_sys_bpf+0x2ec/0x4c0 [ 1162.339668] do_syscall_64+0xfd/0x620 [ 1162.343475] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1162.348729] [ 1162.350337] Freed by task 7935: [ 1162.353613] save_stack+0x45/0xd0 [ 1162.357062] __kasan_slab_free+0x102/0x150 [ 1162.361278] kasan_slab_free+0xe/0x10 [ 1162.365061] kfree+0xcf/0x220 [ 1162.368154] smap_gc_work+0x7e5/0xab0 [ 1162.371948] process_one_work+0x989/0x1750 [ 1162.376165] worker_thread+0x98/0xe40 [ 1162.379971] kthread+0x354/0x420 [ 1162.383322] ret_from_fork+0x24/0x30 [ 1162.387056] [ 1162.388666] The buggy address belongs to the object at ffff888081f78040 [ 1162.388666] which belongs to the cache kmalloc-1024 of size 1024 [ 1162.401581] The buggy address is located 584 bytes inside of [ 1162.401581] 1024-byte region [ffff888081f78040, ffff888081f78440) [ 1162.413539] The buggy address belongs to the page: [ 1162.418455] page:ffffea000207de00 count:1 mapcount:0 mapping:ffff88812c3f0ac0 index:0x0 compound_mapcount: 0 [ 1162.428423] flags: 0x1fffc0000008100(slab|head) [ 1162.433088] raw: 01fffc0000008100 ffffea000207d388 ffffea000274bd08 ffff88812c3f0ac0 [ 1162.440957] raw: 0000000000000000 ffff888081f78040 0000000100000007 0000000000000000 [ 1162.448818] page dumped because: kasan: bad access detected [ 1162.454508] [ 1162.456113] Memory state around the buggy address: [ 1162.461025] ffff888081f78180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1162.468383] ffff888081f78200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1162.475780] >ffff888081f78280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1162.483119] ^ [ 1162.486727] ffff888081f78300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1162.494077] ffff888081f78380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1162.501426] ================================================================== [ 1162.508769] Disabling lock debugging due to kernel taint [ 1162.514223] Kernel panic - not syncing: panic_on_warn set ... [ 1162.514223] [ 1162.521586] CPU: 1 PID: 7771 Comm: syz-executor.0 Tainted: G B 4.19.63 #37 [ 1162.529892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1162.539224] Call Trace: [ 1162.541909] dump_stack+0x172/0x1f0 [ 1162.545521] ? __lock_acquire+0x34ac/0x49c0 [ 1162.549875] panic+0x263/0x507 [ 1162.553082] ? __warn_printk+0xf3/0xf3 [ 1162.556957] ? lock_downgrade+0x810/0x810 [ 1162.561131] ? trace_hardirqs_off+0x62/0x220 [ 1162.565532] ? trace_hardirqs_off+0x59/0x220 [ 1162.569922] ? __lock_acquire+0x34ac/0x49c0 [ 1162.574228] kasan_end_report+0x47/0x4f [ 1162.578188] kasan_report.cold+0xa9/0x2ba [ 1162.582321] __asan_report_load8_noabort+0x14/0x20 [ 1162.587236] __lock_acquire+0x34ac/0x49c0 [ 1162.591396] ? save_stack+0xa9/0xd0 [ 1162.595017] ? save_stack+0x45/0xd0 [ 1162.598660] ? __kasan_slab_free+0x102/0x150 [ 1162.603065] ? kasan_slab_free+0xe/0x10 [ 1162.607034] ? kfree+0xcf/0x220 [ 1162.610317] ? bpf_tcp_remove+0x478/0xa20 [ 1162.614459] ? bpf_tcp_close+0x130/0x390 [ 1162.618506] ? inet_release+0xff/0x1e0 [ 1162.622386] ? inet6_release+0x53/0x80 [ 1162.626288] ? __sock_release+0xce/0x2a0 [ 1162.630332] ? sock_close+0x1b/0x30 [ 1162.633941] ? __fput+0x2dd/0x8b0 [ 1162.637396] ? mark_held_locks+0x100/0x100 [ 1162.641617] ? find_held_lock+0x35/0x130 [ 1162.645685] ? debug_check_no_obj_freed+0x200/0x464 [ 1162.650702] ? lock_downgrade+0x810/0x810 [ 1162.654834] lock_acquire+0x16f/0x3f0 [ 1162.658649] ? psock_map_pop.isra.0+0x2d/0x1f0 [ 1162.663218] ? kfree+0x170/0x220 [ 1162.666571] _raw_spin_lock_bh+0x33/0x50 [ 1162.670620] ? psock_map_pop.isra.0+0x2d/0x1f0 [ 1162.675207] psock_map_pop.isra.0+0x2d/0x1f0 [ 1162.679600] bpf_tcp_remove+0x481/0xa20 [ 1162.683561] ? tcp_check_oom+0x560/0x560 [ 1162.687620] bpf_tcp_close+0x130/0x390 [ 1162.691507] inet_release+0xff/0x1e0 [ 1162.695209] inet6_release+0x53/0x80 [ 1162.698908] __sock_release+0xce/0x2a0 [ 1162.702779] ? __sock_release+0x2a0/0x2a0 [ 1162.706909] sock_close+0x1b/0x30 [ 1162.710349] __fput+0x2dd/0x8b0 [ 1162.713612] ____fput+0x16/0x20 [ 1162.716882] task_work_run+0x145/0x1c0 [ 1162.720776] exit_to_usermode_loop+0x273/0x2c0 [ 1162.725346] do_syscall_64+0x53d/0x620 [ 1162.729221] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1162.734418] RIP: 0033:0x413511 [ 1162.737596] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1162.756504] RSP: 002b:00007fff49354940 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1162.764195] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000413511 [ 1162.771448] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 1162.778706] RBP: 0000000000000000 R08: ffffffffffffffff R09: ffffffffffffffff [ 1162.785980] R10: 00007fff49354a20 R11: 0000000000000293 R12: 000000000075bfc8 [ 1162.793246] R13: 000000000011baff R14: 00000000007610a8 R15: ffffffffffffffff [ 1162.801576] Kernel Offset: disabled [ 1162.805199] Rebooting in 86400 seconds..