__vfs_write+0xf9/0x5a0 fs/read_write.c:482 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access vfs_write+0x17f/0x4d0 fs/read_write.c:546 SYSC_write fs/read_write.c:594 [inline] SyS_write+0x102/0x250 fs/read_write.c:586 general protection fault: 0000 [#1] PREEMPT SMP KASAN NOPTI Modules linked in: do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 CPU: 1 PID: 3815 Comm: syz-executor.2 Not tainted 4.14.143+ #0 RIP: 0033:0x4598e9 task: 00000000e018343c task.stack: 00000000807ae78f RSP: 002b:00007f9e339fdc78 EFLAGS: 00000246 RIP: 0010:tcp_sendmsg_locked+0x509/0x2f50 net/ipv4/tcp.c:1281 ORIG_RAX: 0000000000000001 RSP: 0018:ffff8881cb02f998 EFLAGS: 00010206 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RAX: 0000000000000011 RBX: ffff8881cccd1b80 RCX: 000000000000010c RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 RDX: ffffffff8252e3a0 RSI: ffffc90003348000 RDI: 0000000000000088 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9e339fe6d4 RBP: ffff8881c8334d12 R08: 0000000000000001 R09: 0000000000000001 R13: 00000000004c9b57 R14: 00000000004e12c8 R15: 00000000ffffffff R10: fffffbfff5605ba5 R11: 0000000000000000 R12: ffff8881cb02fc00 audit: type=1400 audit(1568356799.473:16): avc: denied { create } for pid=3809 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 R13: 0000000000000000 R14: ffff8881c8334d00 R15: dffffc0000000000 FS: 00007f8a49dbc700(0000) GS:ffff8881dbb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000001cce36002 CR4: 00000000001606a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: audit: type=1400 audit(1568356799.473:17): avc: denied { write } for pid=3809 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1568356799.473:18): avc: denied { read } for pid=3809 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 tcp_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1457 inet_sendmsg+0x15b/0x520 net/ipv4/af_inet.c:760 Mem-Info: sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xb7/0x100 net/socket.c:656 active_anon:83069 inactive_anon:2033 isolated_anon:0 active_file:4353 inactive_file:11112 isolated_file:0 unevictable:0 dirty:115 writeback:0 unstable:0 slab_reclaimable:5555 slab_unreclaimable:57897 mapped:58846 shmem:4144 pagetables:937 bounce:0 free:1417512 free_pcp:154 free_cma:0 sock_write_iter+0x20f/0x360 net/socket.c:925 call_write_iter include/linux/fs.h:1788 [inline] new_sync_write fs/read_write.c:471 [inline] __vfs_write+0x401/0x5a0 fs/read_write.c:484 Node 0 active_anon:332276kB inactive_anon:8132kB active_file:17412kB inactive_file:44448kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235384kB dirty:460kB writeback:0kB shmem:16576kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no vfs_write+0x17f/0x4d0 fs/read_write.c:546 DMA32 free:3079672kB min:4792kB low:7868kB high:10944kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:3079672kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB SYSC_write fs/read_write.c:594 [inline] SyS_write+0x102/0x250 fs/read_write.c:586 lowmem_reserve[]: do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 0 RIP: 0033:0x4598e9 RSP: 002b:00007f8a49dbbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 RDX: 000000000000004c RSI: 0000000020000140 RDI: 0000000000000007 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8a49dbc6d4 R13: 00000000004c5e50 R14: 00000000004e0380 R15: 00000000ffffffff Code: 4e 32 de fe 48 3437 85 db 0f 84 12 3437 08 00 00 e8 40 32 de fe 8b 84 24 08 01 00 00 49 8d bd 88 00 00 00 89 44 24 08 48 89 f8 48 c1 e8 Normal free:2589556kB min:5480kB low:9000kB high:12520kB active_anon:332276kB inactive_anon:8132kB active_file:17412kB inactive_file:44448kB unevictable:0kB writepending:460kB present:4718592kB managed:3521564kB mlocked:0kB kernel_stack:3232kB pagetables:3896kB bounce:0kB free_pcp:620kB local_pcp:228kB free_cma:0kB 03 <42> 0f b6 04 38 84 c0 74 06 0f 8e lowmem_reserve[]: 07 24 00 00 41 f6 85 88 00 00 0 RIP: tcp_sendmsg_locked+0x509/0x2f50 net/ipv4/tcp.c:1281 RSP: ffff8881cb02f998 ---[ end trace 33f184410e14726f ]--- 0