[ 32.536911] audit: type=1800 audit(1577604047.584:33): pid=6860 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 32.563557] audit: type=1800 audit(1577604047.584:34): pid=6860 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.321119] random: sshd: uninitialized urandom read (32 bytes read) [ 36.586593] audit: type=1400 audit(1577604051.634:35): avc: denied { map } for pid=7034 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 36.628219] random: sshd: uninitialized urandom read (32 bytes read) [ 37.211911] random: sshd: uninitialized urandom read (32 bytes read) [ 1011.358912] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts. [ 1016.857195] random: sshd: uninitialized urandom read (32 bytes read) [ 1017.036354] audit: type=1400 audit(1577605032.084:36): avc: denied { map } for pid=7047 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/12/29 07:37:12 parsed 1 programs [ 1017.549620] random: cc1: uninitialized urandom read (8 bytes read) 2019/12/29 07:37:13 executed programs: 0 [ 1018.407286] audit: type=1400 audit(1577605033.454:37): avc: denied { map } for pid=7047 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=15707 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 1018.700943] IPVS: ftp: loaded support on port[0] = 21 [ 1019.535950] chnl_net:caif_netlink_parms(): no params data found [ 1019.565353] bridge0: port 1(bridge_slave_0) entered blocking state [ 1019.572941] bridge0: port 1(bridge_slave_0) entered disabled state [ 1019.579988] device bridge_slave_0 entered promiscuous mode [ 1019.587164] bridge0: port 2(bridge_slave_1) entered blocking state [ 1019.593800] bridge0: port 2(bridge_slave_1) entered disabled state [ 1019.600954] device bridge_slave_1 entered promiscuous mode [ 1019.615352] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1019.624428] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1019.639481] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1019.647332] team0: Port device team_slave_0 added [ 1019.652833] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1019.659783] team0: Port device team_slave_1 added [ 1019.665272] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1019.672645] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1019.731661] device hsr_slave_0 entered promiscuous mode [ 1019.770223] device hsr_slave_1 entered promiscuous mode [ 1019.810557] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1019.817513] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1019.831859] bridge0: port 2(bridge_slave_1) entered blocking state [ 1019.838252] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1019.845041] bridge0: port 1(bridge_slave_0) entered blocking state [ 1019.851382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1019.881182] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 1019.887236] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1019.895064] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1019.903358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1019.911591] bridge0: port 1(bridge_slave_0) entered disabled state [ 1019.918443] bridge0: port 2(bridge_slave_1) entered disabled state [ 1019.928064] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1019.934338] 8021q: adding VLAN 0 to HW filter on device team0 [ 1019.942729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1019.950634] bridge0: port 1(bridge_slave_0) entered blocking state [ 1019.957055] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1019.970682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1019.978273] bridge0: port 2(bridge_slave_1) entered blocking state [ 1019.984636] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1019.991698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1019.999561] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1020.008934] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1020.019145] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1020.028885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1020.037923] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1020.044735] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1020.057730] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1020.065463] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1020.072489] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1020.082636] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1020.530483] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready 2019/12/29 07:37:18 executed programs: 64 [ 1024.674961] l2tp_core: tunl 4: sockfd_lookup(fd=4) returned -9 [ 1027.471025] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:37:23 executed programs: 215 [ 1030.431817] l2tp_core: tunl 4: sockfd_lookup(fd=4) returned -9 2019/12/29 07:37:28 executed programs: 367 [ 1033.787246] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1034.812173] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:37:33 executed programs: 523 [ 1042.633629] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:37:38 executed programs: 680 [ 1047.861023] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1047.932181] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:37:43 executed programs: 835 [ 1050.600959] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:37:48 executed programs: 992 [ 1058.151056] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:37:53 executed programs: 1148 [ 1061.302369] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1063.005068] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:37:58 executed programs: 1304 [ 1065.762007] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:38:03 executed programs: 1460 2019/12/29 07:38:08 executed programs: 1618 2019/12/29 07:38:13 executed programs: 1774 2019/12/29 07:38:18 executed programs: 1927 [ 1087.025272] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:38:23 executed programs: 2083 2019/12/29 07:38:28 executed programs: 2239 [ 1096.669916] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1097.021577] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:38:33 executed programs: 2394 [ 1099.841925] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:38:38 executed programs: 2548 [ 1105.044109] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1106.750805] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1108.337707] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1108.509498] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:38:43 executed programs: 2703 2019/12/29 07:38:48 executed programs: 2860 [ 1114.464182] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:38:53 executed programs: 3017 2019/12/29 07:38:58 executed programs: 3171 [ 1123.781880] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:39:03 executed programs: 3328 [ 1131.782208] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1133.431610] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:39:08 executed programs: 3483 [ 1133.734769] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1134.272919] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:39:13 executed programs: 3639 2019/12/29 07:39:18 executed programs: 3793 2019/12/29 07:39:23 executed programs: 3949 [ 1148.783150] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1150.088832] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1151.050972] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:39:28 executed programs: 4106 2019/12/29 07:39:33 executed programs: 4262 [ 1163.711002] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:39:38 executed programs: 4417 [ 1165.201579] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1167.160983] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1167.904022] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:39:43 executed programs: 4573 [ 1169.281162] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1172.054027] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:39:48 executed programs: 4730 2019/12/29 07:39:53 executed programs: 4887 [ 1180.472307] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:39:58 executed programs: 5041 [ 1188.842472] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:40:03 executed programs: 5198 [ 1191.701376] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1192.245868] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:40:08 executed programs: 5354 2019/12/29 07:40:13 executed programs: 5510 2019/12/29 07:40:18 executed programs: 5664 [ 1206.131884] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:40:24 executed programs: 5821 [ 1209.442850] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1211.599810] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:40:29 executed programs: 5976 [ 1215.692316] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1216.701161] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:40:34 executed programs: 6134 2019/12/29 07:40:39 executed programs: 6290 [ 1227.311220] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:40:44 executed programs: 6448 2019/12/29 07:40:49 executed programs: 6607 2019/12/29 07:40:54 executed programs: 6766 [ 1242.023644] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:40:59 executed programs: 6921 2019/12/29 07:41:04 executed programs: 7077 [ 1253.020408] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:41:09 executed programs: 7235 [ 1254.974892] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:41:14 executed programs: 7393 [ 1261.532895] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:41:19 executed programs: 7548 [ 1265.242680] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1265.859365] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:41:24 executed programs: 7705 2019/12/29 07:41:29 executed programs: 7863 2019/12/29 07:41:34 executed programs: 8022 [ 1283.681080] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:41:39 executed programs: 8180 [ 1286.440568] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1288.234065] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1288.272615] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:41:44 executed programs: 8338 [ 1289.801654] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1291.280724] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:41:49 executed programs: 8497 2019/12/29 07:41:54 executed programs: 8655 [ 1299.290913] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1303.683265] random: crng init done 2019/12/29 07:41:59 executed programs: 8810 2019/12/29 07:42:04 executed programs: 8968 [ 1309.658820] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1311.926181] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1313.851543] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:42:09 executed programs: 9126 [ 1318.680530] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:42:14 executed programs: 9282 [ 1322.331350] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:42:19 executed programs: 9436 [ 1325.880932] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 [ 1327.372725] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:42:24 executed programs: 9594 2019/12/29 07:42:29 executed programs: 9751 [ 1337.509498] l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9 2019/12/29 07:42:34 executed programs: 9903 [ 1339.593552] ================================================================== [ 1339.601136] BUG: KASAN: use-after-free in __lock_acquire+0x3098/0x4620 [ 1339.607789] Read of size 8 at addr ffff88807d136a20 by task syz-executor.0/21839 [ 1339.615509] [ 1339.617126] CPU: 0 PID: 21839 Comm: syz-executor.0 Not tainted 4.14.160-syzkaller #0 [ 1339.625247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1339.634589] Call Trace: [ 1339.637201] dump_stack+0x142/0x197 [ 1339.640905] ? __lock_acquire+0x3098/0x4620 [ 1339.645272] print_address_description.cold+0x7c/0x1dc [ 1339.650537] ? __lock_acquire+0x3098/0x4620 [ 1339.654843] kasan_report.cold+0xa9/0x2af [ 1339.658975] __asan_report_load8_noabort+0x14/0x20 [ 1339.663885] __lock_acquire+0x3098/0x4620 [ 1339.668027] ? __dentry_kill+0x3e6/0x580 [ 1339.672072] ? dput.part.0+0x59f/0x750 [ 1339.675943] ? dput+0x20/0x30 [ 1339.679057] ? __fput+0x45f/0x7a0 [ 1339.682496] ? ____fput+0x16/0x20 [ 1339.685939] ? __lock_acquire+0x5f7/0x4620 [ 1339.690162] ? trace_hardirqs_on+0x10/0x10 [ 1339.694646] ? lock_downgrade+0x740/0x740 [ 1339.698789] ? trace_hardirqs_on+0x10/0x10 [ 1339.703013] ? save_trace+0x290/0x290 [ 1339.706800] ? trace_hardirqs_on+0x10/0x10 [ 1339.711146] ? __lock_is_held+0xb6/0x140 [ 1339.715236] lock_acquire+0x16f/0x430 [ 1339.719041] ? lock_sock_nested+0x3f/0x110 [ 1339.723294] _raw_spin_lock_bh+0x33/0x50 [ 1339.727343] ? lock_sock_nested+0x3f/0x110 [ 1339.731565] lock_sock_nested+0x3f/0x110 [ 1339.735807] pppol2tp_release+0x4e/0x310 [ 1339.739916] __sock_release+0xce/0x2b0 [ 1339.743815] ? __sock_release+0x2b0/0x2b0 [ 1339.747953] sock_close+0x1b/0x30 [ 1339.751394] __fput+0x275/0x7a0 [ 1339.754663] ____fput+0x16/0x20 [ 1339.757956] task_work_run+0x114/0x190 [ 1339.761832] exit_to_usermode_loop+0x1da/0x220 [ 1339.766400] do_syscall_64+0x4bc/0x640 [ 1339.770273] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1339.775103] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1339.780277] RIP: 0033:0x4144b1 [ 1339.783452] RSP: 002b:00007ffda5c5d320 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1339.791637] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004144b1 [ 1339.798892] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004 [ 1339.806152] RBP: 0000000000000000 R08: ffffffffffffffff R09: ffffffffffffffff [ 1339.813411] R10: 00007ffda5c5d400 R11: 0000000000000293 R12: 000000000075bfc8 [ 1339.820667] R13: 00000000001470c9 R14: 0000000000760858 R15: 000000000075bfd4 [ 1339.827930] [ 1339.829541] Allocated by task 21844: [ 1339.833241] save_stack_trace+0x16/0x20 [ 1339.837200] save_stack+0x45/0xd0 [ 1339.840638] kasan_kmalloc+0xce/0xf0 [ 1339.844334] __kmalloc+0x15d/0x7a0 [ 1339.847859] sk_prot_alloc+0x171/0x2a0 [ 1339.851729] sk_alloc+0x39/0xd70 [ 1339.855078] pppol2tp_create+0x32/0x1f0 [ 1339.859078] pppox_create+0xf7/0x210 [ 1339.862895] __sock_create+0x2f6/0x620 [ 1339.866775] SyS_socket+0xd3/0x170 [ 1339.870309] do_syscall_64+0x1e8/0x640 [ 1339.874180] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1339.879348] [ 1339.880959] Freed by task 21839: [ 1339.884306] save_stack_trace+0x16/0x20 [ 1339.888358] save_stack+0x45/0xd0 [ 1339.891797] kasan_slab_free+0x75/0xc0 [ 1339.895736] kfree+0xcc/0x270 [ 1339.898846] __sk_destruct+0x50f/0x650 [ 1339.902714] sk_destruct+0xa4/0xd0 [ 1339.906237] __sk_free+0x54/0x230 [ 1339.909675] sk_free+0x35/0x40 [ 1339.912925] pppol2tp_session_sock_put+0x66/0x80 [ 1339.917666] l2tp_tunnel_closeall+0x27f/0x380 [ 1339.922196] l2tp_udp_encap_destroy+0x96/0x100 [ 1339.926925] udpv6_destroy_sock+0xb3/0xd0 [ 1339.931058] sk_common_release+0x6b/0x310 [ 1339.935195] udp_lib_close+0x16/0x20 [ 1339.938925] inet_release+0xec/0x1c0 [ 1339.942663] inet6_release+0x53/0x80 [ 1339.946363] __sock_release+0xce/0x2b0 [ 1339.950236] sock_close+0x1b/0x30 [ 1339.953673] __fput+0x275/0x7a0 [ 1339.956948] ____fput+0x16/0x20 [ 1339.960211] task_work_run+0x114/0x190 [ 1339.964098] exit_to_usermode_loop+0x1da/0x220 [ 1339.968847] do_syscall_64+0x4bc/0x640 [ 1339.976291] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1339.981471] [ 1339.983087] The buggy address belongs to the object at ffff88807d136980 [ 1339.983087] which belongs to the cache kmalloc-2048 of size 2048 [ 1339.996447] The buggy address is located 160 bytes inside of [ 1339.996447] 2048-byte region [ffff88807d136980, ffff88807d137180) [ 1340.008442] The buggy address belongs to the page: [ 1340.013366] page:ffffea0001f44d80 count:1 mapcount:0 mapping:ffff88807d136100 index:0x0 compound_mapcount: 0 [ 1340.023409] flags: 0xfffe0000008100(slab|head) [ 1340.027979] raw: 00fffe0000008100 ffff88807d136100 0000000000000000 0000000100000003 [ 1340.035854] raw: ffffea000271c320 ffffea00026fd8a0 ffff8880aa800c40 0000000000000000 [ 1340.043812] page dumped because: kasan: bad access detected [ 1340.049508] [ 1340.051121] Memory state around the buggy address: [ 1340.056040] ffff88807d136900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1340.063507] ffff88807d136980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1340.070852] >ffff88807d136a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1340.078192] ^ [ 1340.082582] ffff88807d136a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1340.089933] ffff88807d136b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1340.097450] ================================================================== [ 1340.104794] Disabling lock debugging due to kernel taint [ 1340.110230] Kernel panic - not syncing: panic_on_warn set ... [ 1340.110230] [ 1340.117579] CPU: 0 PID: 21839 Comm: syz-executor.0 Tainted: G B 4.14.160-syzkaller #0 [ 1340.126726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1340.136103] Call Trace: [ 1340.138781] dump_stack+0x142/0x197 [ 1340.142408] ? __lock_acquire+0x3098/0x4620 [ 1340.146908] panic+0x1f9/0x42d [ 1340.150103] ? add_taint.cold+0x16/0x16 [ 1340.154096] ? lock_downgrade+0x740/0x740 [ 1340.158230] kasan_end_report+0x47/0x4f [ 1340.162322] kasan_report.cold+0x130/0x2af [ 1340.166663] __asan_report_load8_noabort+0x14/0x20 [ 1340.171652] __lock_acquire+0x3098/0x4620 [ 1340.175793] ? __dentry_kill+0x3e6/0x580 [ 1340.179849] ? dput.part.0+0x59f/0x750 [ 1340.183725] ? dput+0x20/0x30 [ 1340.186819] ? __fput+0x45f/0x7a0 [ 1340.190257] ? ____fput+0x16/0x20 [ 1340.193704] ? __lock_acquire+0x5f7/0x4620 [ 1340.197925] ? trace_hardirqs_on+0x10/0x10 [ 1340.202150] ? lock_downgrade+0x740/0x740 [ 1340.206295] ? trace_hardirqs_on+0x10/0x10 [ 1340.210634] ? save_trace+0x290/0x290 [ 1340.214423] ? trace_hardirqs_on+0x10/0x10 [ 1340.218862] ? __lock_is_held+0xb6/0x140 [ 1340.222915] lock_acquire+0x16f/0x430 [ 1340.226706] ? lock_sock_nested+0x3f/0x110 [ 1340.230931] _raw_spin_lock_bh+0x33/0x50 [ 1340.234988] ? lock_sock_nested+0x3f/0x110 [ 1340.239217] lock_sock_nested+0x3f/0x110 [ 1340.243395] pppol2tp_release+0x4e/0x310 [ 1340.247451] __sock_release+0xce/0x2b0 [ 1340.251328] ? __sock_release+0x2b0/0x2b0 [ 1340.255577] sock_close+0x1b/0x30 [ 1340.259099] __fput+0x275/0x7a0 [ 1340.262453] ____fput+0x16/0x20 [ 1340.265897] task_work_run+0x114/0x190 [ 1340.269840] exit_to_usermode_loop+0x1da/0x220 [ 1340.274430] do_syscall_64+0x4bc/0x640 [ 1340.278303] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1340.283256] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1340.288433] RIP: 0033:0x4144b1 [ 1340.292215] RSP: 002b:00007ffda5c5d320 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1340.299907] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004144b1 [ 1340.307298] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004 [ 1340.314559] RBP: 0000000000000000 R08: ffffffffffffffff R09: ffffffffffffffff [ 1340.321820] R10: 00007ffda5c5d400 R11: 0000000000000293 R12: 000000000075bfc8 [ 1340.329211] R13: 00000000001470c9 R14: 0000000000760858 R15: 000000000075bfd4 [ 1340.338232] Kernel Offset: disabled [ 1340.341867] Rebooting in 86400 seconds..