Warning: Permanently added '10.128.1.51' (ECDSA) to the list of known hosts. [ 62.011696] audit: type=1400 audit(1572451800.481:36): avc: denied { map } for pid=7495 comm="syz-executor758" path="/root/syz-executor758556051" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 62.033285] IPVS: ftp: loaded support on port[0] = 21 [ 62.088847] chnl_net:caif_netlink_parms(): no params data found [ 62.120366] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.127103] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.134637] device bridge_slave_0 entered promiscuous mode [ 62.141956] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.148341] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.155421] device bridge_slave_1 entered promiscuous mode [ 62.170125] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 62.179313] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 62.195724] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 62.203265] team0: Port device team_slave_0 added [ 62.208629] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 62.216043] team0: Port device team_slave_1 added [ 62.221333] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 62.228554] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 62.283491] device hsr_slave_0 entered promiscuous mode [ 62.351439] device hsr_slave_1 entered promiscuous mode [ 62.392112] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 62.399189] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 62.413019] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.419406] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.426299] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.432678] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.461064] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 62.468044] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.476229] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 62.484921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.504257] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.511435] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.518413] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 62.528763] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 62.535894] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.545592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.554374] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.560704] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.569552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.577557] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.583927] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.598439] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.606079] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 62.615816] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 62.628682] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 62.638781] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 62.649985] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready executing program [ 62.656520] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.664605] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.673012] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 62.684056] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 62.694422] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.743301] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 62.766902] FAULT_INJECTION: forcing a failure. [ 62.766902] name failslab, interval 1, probability 0, space 0, times 1 [ 62.778951] CPU: 0 PID: 7496 Comm: syz-executor758 Not tainted 4.19.81 #0 [ 62.785907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.795250] Call Trace: [ 62.797831] dump_stack+0x172/0x1f0 [ 62.801447] should_fail.cold+0xa/0x1b [ 62.805325] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 62.810416] ? lock_downgrade+0x880/0x880 [ 62.814564] __should_failslab+0x121/0x190 [ 62.818779] should_failslab+0x9/0x14 [ 62.822562] __kmalloc+0x2e2/0x750 [ 62.826085] ? lock_downgrade+0x880/0x880 [ 62.830222] ? tls_push_record+0x107/0x13a0 [ 62.834529] tls_push_record+0x107/0x13a0 [ 62.838721] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 62.843723] ? _copy_from_iter+0x30d/0xb30 [ 62.847939] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 62.853456] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 62.859235] ? __check_object_size+0x3d/0x42a [ 62.863715] tls_sw_sendmsg+0xdde/0x1240 [ 62.867769] ? tls_sw_push_pending_record+0x30/0x30 [ 62.872769] ? proc_fail_nth_write+0x9d/0x1e0 [ 62.877252] inet_sendmsg+0x141/0x5d0 [ 62.881034] ? ipip_gro_receive+0x100/0x100 [ 62.885340] sock_sendmsg+0xd7/0x130 [ 62.889034] __sys_sendto+0x262/0x380 [ 62.892841] ? __ia32_sys_getpeername+0xb0/0xb0 [ 62.897784] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 62.903318] ? __sb_end_write+0xd9/0x110 [ 62.907366] ? vfs_write+0x160/0x560 [ 62.911067] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 62.916589] ? ksys_write+0x1f1/0x2d0 [ 62.920376] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 62.925121] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 62.929877] ? do_syscall_64+0x26/0x620 [ 62.933846] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.939214] __x64_sys_sendto+0xe1/0x1a0 [ 62.943355] do_syscall_64+0xfd/0x620 [ 62.947141] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.952348] RIP: 0033:0x441e49 [ 62.955522] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.974417] RSP: 002b:00007ffde4c6cad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 62.982112] RAX: ffffffffffffffda RBX: 00007ffde4c6cb40 RCX: 0000000000441e49 [ 62.989364] RDX: ffffffffffffffc1 RSI: 0000000020000080 RDI: 0000000000000003 [ 62.996614] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffffffffffe5b [ 63.003873] R10: 0000000000000040 R11: 0000000000000246 R12: ffffffffffffffff [ 63.011129] R13: 0000000000000006 R14: 0000000000000000 R15: 0000000000000000 [ 63.142245] ================================================================== [ 63.149704] BUG: KASAN: use-after-free in tls_push_record+0x102a/0x13a0 [ 63.156476] Write of size 1 at addr ffff88809e438000 by task syz-executor758/7496 [ 63.164072] [ 63.165719] CPU: 0 PID: 7496 Comm: syz-executor758 Not tainted 4.19.81 #0 [ 63.172626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.182481] Call Trace: [ 63.185054] dump_stack+0x172/0x1f0 [ 63.188689] ? tls_push_record+0x102a/0x13a0 [ 63.193079] print_address_description.cold+0x7c/0x20d [ 63.198340] ? tls_push_record+0x102a/0x13a0 [ 63.202732] kasan_report.cold+0x8c/0x2ba [ 63.206862] __asan_report_store1_noabort+0x17/0x20 [ 63.211864] tls_push_record+0x102a/0x13a0 [ 63.216081] ? __local_bh_enable_ip+0x15a/0x270 [ 63.220735] ? lock_sock_nested+0x9a/0x120 [ 63.224960] tls_sw_push_pending_record+0x23/0x30 [ 63.229822] tls_sk_proto_close+0x5bb/0xab0 [ 63.234127] ? debug_object_activate+0x2c1/0x4e0 [ 63.238865] ? tcp_check_oom+0x560/0x560 [ 63.242907] ? tls_write_space+0x310/0x310 [ 63.247123] ? ip_mc_drop_socket+0x20c/0x270 [ 63.251516] ? __sock_release+0x89/0x2a0 [ 63.255571] inet_release+0xff/0x1e0 [ 63.259267] inet6_release+0x53/0x80 [ 63.262999] __sock_release+0xce/0x2a0 [ 63.266961] ? __sock_release+0x2a0/0x2a0 [ 63.271094] sock_close+0x1b/0x30 [ 63.274537] __fput+0x2dd/0x8b0 [ 63.277802] ____fput+0x16/0x20 [ 63.281107] task_work_run+0x145/0x1c0 [ 63.285000] do_exit+0x994/0x2fa0 [ 63.288487] ? mm_update_next_owner+0x660/0x660 [ 63.293185] ? up_read+0x1a/0x110 [ 63.296623] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 63.302144] ? __do_page_fault+0x484/0xe90 [ 63.306406] ? ksys_write+0x1f1/0x2d0 [ 63.310193] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 63.314931] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 63.319670] do_group_exit+0x135/0x370 [ 63.323544] __x64_sys_exit_group+0x44/0x50 [ 63.327849] do_syscall_64+0xfd/0x620 [ 63.331645] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.336817] RIP: 0033:0x440a78 [ 63.340017] Code: Bad RIP value. [ 63.343370] RSP: 002b:00007ffde4c6ca98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 63.351064] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000440a78 [ 63.358321] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 [ 63.365577] RBP: 00000000004c6fb0 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 63.372828] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001 [ 63.380078] R13: 00000000006d95e0 R14: 0000000000000000 R15: 0000000000000000 [ 63.387466] [ 63.389079] The buggy address belongs to the page: [ 63.393989] page:ffffea0002790e00 count:0 mapcount:-128 mapping:0000000000000000 index:0x0 [ 63.402371] flags: 0x1fffc0000000000() [ 63.406240] raw: 01fffc0000000000 ffffea0002186408 ffff88812fffc878 0000000000000000 [ 63.414101] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000 [ 63.421959] page dumped because: kasan: bad access detected [ 63.427643] [ 63.429249] Memory state around the buggy address: [ 63.434158] ffff88809e437f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.441505] ffff88809e437f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.448845] >ffff88809e438000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.456181] ^ [ 63.459708] ffff88809e438080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.467048] ffff88809e438100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.474383] ================================================================== [ 63.481718] Disabling lock debugging due to kernel taint [ 63.489510] Kernel panic - not syncing: panic_on_warn set ... [ 63.489510] [ 63.496896] CPU: 0 PID: 7496 Comm: syz-executor758 Tainted: G B 4.19.81 #0 [ 63.505202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.514544] Call Trace: [ 63.517131] dump_stack+0x172/0x1f0 [ 63.520742] ? tls_push_record+0x102a/0x13a0 [ 63.525133] panic+0x26a/0x50e [ 63.528305] ? __warn_printk+0xf3/0xf3 [ 63.532183] ? tls_push_record+0x102a/0x13a0 [ 63.536586] ? preempt_schedule+0x4b/0x60 [ 63.540716] ? ___preempt_schedule+0x16/0x18 [ 63.545117] ? trace_hardirqs_on+0x5e/0x220 [ 63.549420] ? tls_push_record+0x102a/0x13a0 [ 63.553810] kasan_end_report+0x47/0x4f [ 63.557788] kasan_report.cold+0xa9/0x2ba [ 63.561928] __asan_report_store1_noabort+0x17/0x20 [ 63.566974] tls_push_record+0x102a/0x13a0 [ 63.571195] ? __local_bh_enable_ip+0x15a/0x270 [ 63.575852] ? lock_sock_nested+0x9a/0x120 [ 63.580068] tls_sw_push_pending_record+0x23/0x30 [ 63.584891] tls_sk_proto_close+0x5bb/0xab0 [ 63.589208] ? debug_object_activate+0x2c1/0x4e0 [ 63.593947] ? tcp_check_oom+0x560/0x560 [ 63.597992] ? tls_write_space+0x310/0x310 [ 63.602214] ? ip_mc_drop_socket+0x20c/0x270 [ 63.606612] ? __sock_release+0x89/0x2a0 [ 63.610661] inet_release+0xff/0x1e0 [ 63.614357] inet6_release+0x53/0x80 [ 63.618052] __sock_release+0xce/0x2a0 [ 63.621918] ? __sock_release+0x2a0/0x2a0 [ 63.626055] sock_close+0x1b/0x30 [ 63.629490] __fput+0x2dd/0x8b0 [ 63.632749] ____fput+0x16/0x20 [ 63.636008] task_work_run+0x145/0x1c0 [ 63.639876] do_exit+0x994/0x2fa0 [ 63.643312] ? mm_update_next_owner+0x660/0x660 [ 63.647971] ? up_read+0x1a/0x110 [ 63.651406] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 63.656922] ? __do_page_fault+0x484/0xe90 [ 63.661149] ? ksys_write+0x1f1/0x2d0 [ 63.664949] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 63.669693] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 63.674436] do_group_exit+0x135/0x370 [ 63.678301] __x64_sys_exit_group+0x44/0x50 [ 63.682607] do_syscall_64+0xfd/0x620 [ 63.686388] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.691556] RIP: 0033:0x440a78 [ 63.694743] Code: Bad RIP value. [ 63.698087] RSP: 002b:00007ffde4c6ca98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 63.705790] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000440a78 [ 63.713055] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 [ 63.720305] RBP: 00000000004c6fb0 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 63.727555] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001 [ 63.734815] R13: 00000000006d95e0 R14: 0000000000000000 R15: 0000000000000000 [ 63.743467] Kernel Offset: disabled [ 63.747106] Rebooting in 86400 seconds..