[info] Using makefile-style concurrent boot in runlevel 2. [ 23.929504] audit: type=1800 audit(1538280199.944:21): pid=5175 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [ 23.956805] audit: type=1800 audit(1538280199.954:22): pid=5175 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.123' (ECDSA) to the list of known hosts. 2018/09/30 04:03:29 parsed 1 programs 2018/09/30 04:03:31 executed programs: 0 syzkaller login: [ 35.554722] IPVS: ftp: loaded support on port[0] = 21 [ 35.574541] IPVS: ftp: loaded support on port[0] = 21 [ 35.583206] IPVS: ftp: loaded support on port[0] = 21 [ 35.600423] IPVS: ftp: loaded support on port[0] = 21 [ 35.611363] IPVS: ftp: loaded support on port[0] = 21 [ 35.615706] IPVS: ftp: loaded support on port[0] = 21 [ 36.908427] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.915478] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.923602] device bridge_slave_0 entered promiscuous mode [ 36.957956] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.968526] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.976535] device bridge_slave_0 entered promiscuous mode [ 36.993872] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.000240] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.008493] device bridge_slave_0 entered promiscuous mode [ 37.027595] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.038286] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.046181] device bridge_slave_0 entered promiscuous mode [ 37.057289] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.065202] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.072704] device bridge_slave_1 entered promiscuous mode [ 37.080715] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.087981] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.095872] device bridge_slave_1 entered promiscuous mode [ 37.105165] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.111522] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.119097] device bridge_slave_1 entered promiscuous mode [ 37.127982] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.134968] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.142902] device bridge_slave_0 entered promiscuous mode [ 37.149957] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.156969] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.165294] device bridge_slave_0 entered promiscuous mode [ 37.175136] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 37.184570] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 37.194738] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.201526] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.213459] device bridge_slave_1 entered promiscuous mode [ 37.222969] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.229332] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.242515] device bridge_slave_1 entered promiscuous mode [ 37.249260] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 37.259740] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 37.268925] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 37.282033] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.292931] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.300305] device bridge_slave_1 entered promiscuous mode [ 37.315884] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 37.326952] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 37.340051] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 37.373978] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 37.383631] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 37.419472] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 37.455281] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 37.482255] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 37.574070] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 37.588239] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 37.601528] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 37.621562] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 37.652985] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 37.664234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 37.680464] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 37.702861] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 37.716442] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 37.734489] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 37.754397] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 37.771638] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 37.788439] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 37.797341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 37.807768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 37.818934] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 37.830265] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 37.840536] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 37.852831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 37.861443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 37.882378] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 37.894448] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 37.908914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 38.051152] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 38.060153] team0: Port device team_slave_0 added [ 38.111232] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 38.131511] team0: Port device team_slave_0 added [ 38.140967] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 38.151039] team0: Port device team_slave_1 added [ 38.159865] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 38.169181] team0: Port device team_slave_0 added [ 38.174712] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 38.184383] team0: Port device team_slave_0 added [ 38.205872] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 38.219822] team0: Port device team_slave_1 added [ 38.242284] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 38.249682] team0: Port device team_slave_1 added [ 38.263225] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 38.270628] team0: Port device team_slave_0 added [ 38.279616] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.310417] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 38.317767] team0: Port device team_slave_1 added [ 38.342719] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 38.351238] team0: Port device team_slave_0 added [ 38.359496] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.369867] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.384161] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.393604] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 38.400847] team0: Port device team_slave_1 added [ 38.422967] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 38.431419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.449817] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.464763] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.473149] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.480967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.492616] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 38.499710] team0: Port device team_slave_1 added [ 38.507904] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 38.518176] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 38.546576] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.558606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.571163] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.579184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.587372] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.595218] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.604812] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 38.611864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 38.619776] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.628596] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 38.643452] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 38.655369] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 38.664850] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.681881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.690563] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.699188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.707254] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.715166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.723255] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 38.734987] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 38.752869] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 38.759992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 38.772632] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.791099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.799960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.808389] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.816464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.826013] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 38.839523] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 38.859532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 38.873991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.902070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.910045] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.921024] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 38.940378] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 38.948080] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.972637] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.988438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.996811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.030557] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 39.046530] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.062782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.445720] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.454293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.461379] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.467806] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.476824] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 39.549777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.572016] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.578388] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.585105] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.591461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.607171] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 39.620128] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.626536] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.633255] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.639619] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.648574] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 39.666960] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.673381] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.680026] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.686440] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.712647] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 39.803663] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.810047] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.816742] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.823146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.832913] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 39.888024] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.894451] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.902734] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.909878] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.921198] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 40.612225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 40.621358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 40.648542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 40.655952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 40.663297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 42.198619] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.329482] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.346151] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.404152] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.457999] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.517842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.591066] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.630169] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.669792] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.691106] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.714692] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.720938] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.734722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.815590] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.890817] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.916572] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.933017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.942382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.959569] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.974989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.987924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.008211] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.024110] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 43.031831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.038984] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.140021] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 43.151840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.159442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.185932] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 43.198744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.209869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.233143] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.250825] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.320901] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.427875] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.453388] 8021q: adding VLAN 0 to HW filter on device team0 2018/09/30 04:03:40 executed programs: 6 [ 44.554865] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 44.669562] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 44.718883] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 44.750823] ================================================================== [ 44.758327] BUG: KASAN: use-after-free in tcf_block_find+0x9d1/0xb90 [ 44.764829] Read of size 4 at addr ffff8801c2817238 by task syz-executor4/6866 [ 44.772183] [ 44.773826] CPU: 0 PID: 6866 Comm: syz-executor4 Not tainted 4.19.0-rc5+ #237 [ 44.781104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.790455] Call Trace: [ 44.793046] dump_stack+0x1c4/0x2b4 [ 44.796667] ? dump_stack_print_info.cold.2+0x52/0x52 [ 44.801841] ? printk+0xa7/0xcf [ 44.805104] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 44.809854] print_address_description.cold.8+0x9/0x1ff [ 44.815203] kasan_report.cold.9+0x242/0x309 [ 44.819605] ? tcf_block_find+0x9d1/0xb90 [ 44.823764] __asan_report_load4_noabort+0x14/0x20 [ 44.828694] tcf_block_find+0x9d1/0xb90 [ 44.832654] tc_del_tfilter+0x42b/0x1290 [ 44.836708] ? tc_get_tfilter+0xa90/0xa90 [ 44.840844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.846366] ? check_preemption_disabled+0x48/0x200 [ 44.851366] ? check_preemption_disabled+0x48/0x200 [ 44.856372] ? __lock_is_held+0xb5/0x140 [ 44.860421] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 44.865950] ? rtnl_get_link+0x170/0x370 [ 44.870002] ? tc_get_tfilter+0xa90/0xa90 [ 44.874135] rtnetlink_rcv_msg+0x46a/0xc20 [ 44.878365] ? rtnetlink_put_metrics+0x690/0x690 [ 44.883124] netlink_rcv_skb+0x172/0x440 [ 44.887178] ? rtnetlink_put_metrics+0x690/0x690 [ 44.891925] ? netlink_ack+0xb80/0xb80 [ 44.895805] rtnetlink_rcv+0x1c/0x20 [ 44.899510] netlink_unicast+0x5a5/0x760 [ 44.903566] ? netlink_attachskb+0x9a0/0x9a0 [ 44.907960] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.913534] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 44.918538] netlink_sendmsg+0xa18/0xfc0 [ 44.922590] ? netlink_unicast+0x760/0x760 [ 44.926809] ? aa_sock_msg_perm.isra.12+0xba/0x160 [ 44.931732] ? apparmor_socket_sendmsg+0x29/0x30 [ 44.936483] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.942006] ? security_socket_sendmsg+0x94/0xc0 [ 44.946755] ? netlink_unicast+0x760/0x760 [ 44.950981] sock_sendmsg+0xd5/0x120 [ 44.954682] ___sys_sendmsg+0x7fd/0x930 [ 44.958659] ? copy_msghdr_from_user+0x580/0x580 [ 44.963405] ? __fd_install+0x2b5/0x8f0 [ 44.967373] ? __fget_light+0x2e9/0x430 [ 44.971332] ? fget_raw+0x20/0x20 [ 44.974784] ? lock_downgrade+0x900/0x900 [ 44.978921] ? lock_release+0x970/0x970 [ 44.982884] ? arch_local_save_flags+0x40/0x40 [ 44.987453] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 44.992900] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 44.998432] ? sockfd_lookup_light+0xc5/0x160 [ 45.002920] __sys_sendmsg+0x11d/0x280 [ 45.006799] ? __ia32_sys_shutdown+0x80/0x80 [ 45.011202] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 45.016738] ? put_timespec64+0x10f/0x1b0 [ 45.020898] ? do_syscall_64+0x9a/0x820 [ 45.024859] ? do_syscall_64+0x9a/0x820 [ 45.028845] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 45.034294] __x64_sys_sendmsg+0x78/0xb0 [ 45.038357] do_syscall_64+0x1b9/0x820 [ 45.042258] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 45.047617] ? syscall_return_slowpath+0x5e0/0x5e0 [ 45.052554] ? trace_hardirqs_on_caller+0x310/0x310 [ 45.057559] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 45.062560] ? preempt_schedule+0x4d/0x60 [ 45.066696] ? ___preempt_schedule+0x16/0x18 [ 45.071105] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.075946] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.081120] RIP: 0033:0x457579 [ 45.084297] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 45.103207] RSP: 002b:00007efc7e24dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 45.110920] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 45.118176] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 45.125437] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 45.132698] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc7e24e6d4 [ 45.139950] R13: 00000000004c38ca R14: 00000000004d5718 R15: 00000000ffffffff [ 45.147217] [ 45.148846] Allocated by task 5791: [ 45.152463] save_stack+0x43/0xd0 [ 45.155900] kasan_kmalloc+0xc7/0xe0 [ 45.159597] __kmalloc_node+0x47/0x70 [ 45.163383] qdisc_alloc+0x10f/0xb50 [ 45.167079] qdisc_create_dflt+0x7a/0x1e0 [ 45.171209] dev_activate+0x82f/0xcb0 [ 45.174996] __dev_open+0x2cb/0x410 [ 45.178625] __dev_change_flags+0x730/0x9b0 [ 45.182940] dev_change_flags+0x89/0x150 [ 45.186992] do_setlink+0xb5f/0x3f20 [ 45.190690] rtnl_newlink+0x136f/0x1d40 [ 45.194649] rtnetlink_rcv_msg+0x46a/0xc20 [ 45.198868] netlink_rcv_skb+0x172/0x440 [ 45.202909] rtnetlink_rcv+0x1c/0x20 [ 45.206606] netlink_unicast+0x5a5/0x760 [ 45.210655] netlink_sendmsg+0xa18/0xfc0 [ 45.214700] sock_sendmsg+0xd5/0x120 [ 45.218405] ___sys_sendmsg+0x7fd/0x930 [ 45.222374] __sys_sendmsg+0x11d/0x280 [ 45.226248] __x64_sys_sendmsg+0x78/0xb0 [ 45.230305] do_syscall_64+0x1b9/0x820 [ 45.234176] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.239343] [ 45.240950] Freed by task 5346: [ 45.244230] save_stack+0x43/0xd0 [ 45.247667] __kasan_slab_free+0x102/0x150 [ 45.251886] kasan_slab_free+0xe/0x10 [ 45.255669] kfree+0xcf/0x230 [ 45.258764] qdisc_free+0x89/0x100 [ 45.262294] qdisc_free_cb+0x19/0x20 [ 45.265993] rcu_process_callbacks+0xf23/0x2670 [ 45.270648] __do_softirq+0x30b/0xad8 [ 45.274424] [ 45.276035] The buggy address belongs to the object at ffff8801c2817200 [ 45.276035] which belongs to the cache kmalloc-1024 of size 1024 [ 45.288848] The buggy address is located 56 bytes inside of [ 45.288848] 1024-byte region [ffff8801c2817200, ffff8801c2817600) [ 45.300854] The buggy address belongs to the page: [ 45.305790] page:ffffea00070a0580 count:1 mapcount:0 mapping:ffff8801da800ac0 index:0x0 compound_mapcount: 0 [ 45.315774] flags: 0x2fffc0000008100(slab|head) [ 45.320439] raw: 02fffc0000008100 ffffea000715df08 ffffea00070f9d08 ffff8801da800ac0 [ 45.328330] raw: 0000000000000000 ffff8801c2816000 0000000100000007 0000000000000000 [ 45.336208] page dumped because: kasan: bad access detected [ 45.341909] [ 45.343515] Memory state around the buggy address: [ 45.348447] ffff8801c2817100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.355806] ffff8801c2817180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.363155] >ffff8801c2817200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.370522] ^ [ 45.375695] ffff8801c2817280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.383036] ffff8801c2817300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.390374] ================================================================== [ 45.397711] Disabling lock debugging due to kernel taint [ 45.410299] Kernel panic - not syncing: panic_on_warn set ... [ 45.410299] [ 45.417675] CPU: 0 PID: 6866 Comm: syz-executor4 Tainted: G B 4.19.0-rc5+ #237 [ 45.426327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.435659] Call Trace: [ 45.438229] dump_stack+0x1c4/0x2b4 [ 45.441843] ? dump_stack_print_info.cold.2+0x52/0x52 [ 45.447020] panic+0x238/0x4e7 [ 45.450193] ? add_taint.cold.5+0x16/0x16 [ 45.454324] ? preempt_schedule+0x4d/0x60 [ 45.458455] ? ___preempt_schedule+0x16/0x18 [ 45.462910] ? trace_hardirqs_on+0xb4/0x310 [ 45.467218] kasan_end_report+0x47/0x4f [ 45.471174] kasan_report.cold.9+0x76/0x309 [ 45.475480] ? tcf_block_find+0x9d1/0xb90 [ 45.479608] __asan_report_load4_noabort+0x14/0x20 [ 45.484535] tcf_block_find+0x9d1/0xb90 [ 45.488493] tc_del_tfilter+0x42b/0x1290 [ 45.492553] ? tc_get_tfilter+0xa90/0xa90 [ 45.496694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.502231] ? check_preemption_disabled+0x48/0x200 [ 45.507245] ? check_preemption_disabled+0x48/0x200 [ 45.512247] ? __lock_is_held+0xb5/0x140 [ 45.516296] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 45.521814] ? rtnl_get_link+0x170/0x370 [ 45.525863] ? tc_get_tfilter+0xa90/0xa90 [ 45.529991] rtnetlink_rcv_msg+0x46a/0xc20 [ 45.534211] ? rtnetlink_put_metrics+0x690/0x690 [ 45.538964] netlink_rcv_skb+0x172/0x440 [ 45.543019] ? rtnetlink_put_metrics+0x690/0x690 [ 45.547762] ? netlink_ack+0xb80/0xb80 [ 45.551661] rtnetlink_rcv+0x1c/0x20 [ 45.555364] netlink_unicast+0x5a5/0x760 [ 45.559407] ? netlink_attachskb+0x9a0/0x9a0 [ 45.563800] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.569317] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 45.574325] netlink_sendmsg+0xa18/0xfc0 [ 45.578384] ? netlink_unicast+0x760/0x760 [ 45.582604] ? aa_sock_msg_perm.isra.12+0xba/0x160 [ 45.587524] ? apparmor_socket_sendmsg+0x29/0x30 [ 45.592270] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.597794] ? security_socket_sendmsg+0x94/0xc0 [ 45.602529] ? netlink_unicast+0x760/0x760 [ 45.606785] sock_sendmsg+0xd5/0x120 [ 45.610481] ___sys_sendmsg+0x7fd/0x930 [ 45.614442] ? copy_msghdr_from_user+0x580/0x580 [ 45.619180] ? __fd_install+0x2b5/0x8f0 [ 45.623139] ? __fget_light+0x2e9/0x430 [ 45.627105] ? fget_raw+0x20/0x20 [ 45.630545] ? lock_downgrade+0x900/0x900 [ 45.634675] ? lock_release+0x970/0x970 [ 45.638635] ? arch_local_save_flags+0x40/0x40 [ 45.643200] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 45.648635] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 45.654151] ? sockfd_lookup_light+0xc5/0x160 [ 45.658629] __sys_sendmsg+0x11d/0x280 [ 45.662502] ? __ia32_sys_shutdown+0x80/0x80 [ 45.666893] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 45.672428] ? put_timespec64+0x10f/0x1b0 [ 45.676561] ? do_syscall_64+0x9a/0x820 [ 45.680519] ? do_syscall_64+0x9a/0x820 [ 45.684477] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 45.689912] __x64_sys_sendmsg+0x78/0xb0 [ 45.693956] do_syscall_64+0x1b9/0x820 [ 45.697863] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 45.703210] ? syscall_return_slowpath+0x5e0/0x5e0 [ 45.708123] ? trace_hardirqs_on_caller+0x310/0x310 [ 45.713123] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 45.718123] ? preempt_schedule+0x4d/0x60 [ 45.722252] ? ___preempt_schedule+0x16/0x18 [ 45.726645] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.731485] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.736664] RIP: 0033:0x457579 [ 45.739839] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 45.758818] RSP: 002b:00007efc7e24dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 45.766506] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 45.773763] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 45.781019] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 45.788267] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc7e24e6d4 [ 45.795518] R13: 00000000004c38ca R14: 00000000004d5718 R15: 00000000ffffffff [ 45.803698] Kernel Offset: disabled [ 45.807321] Rebooting in 86400 seconds..