[ 34.571219] random: cc1: uninitialized urandom read (8 bytes read) [ 35.220805] IPVS: ftp: loaded support on port[0] = 21 [ 36.351333] can: request_module (can-proto-0) failed. [ 36.360142] can: request_module (can-proto-0) failed. [ 36.503314] audit: type=1400 audit(1575901539.941:37): avc: denied { create } for pid=6512 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 36.526886] audit: type=1400 audit(1575901539.941:38): avc: denied { create } for pid=6512 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 36.550488] audit: type=1400 audit(1575901539.941:39): avc: denied { create } for pid=6512 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 36.698920] random: sshd: uninitialized urandom read (32 bytes read) [ 37.255256] random: sshd: uninitialized urandom read (32 bytes read) [ 37.502871] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.189' (ECDSA) to the list of known hosts. 2019/12/09 14:25:46 parsed 1 programs 2019/12/09 14:25:46 executed programs: 0 [ 43.610808] IPVS: ftp: loaded support on port[0] = 21 [ 44.421776] chnl_net:caif_netlink_parms(): no params data found [ 44.431787] IPVS: ftp: loaded support on port[0] = 21 [ 44.455489] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.462219] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.469022] device bridge_slave_0 entered promiscuous mode [ 44.475921] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.482619] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.489635] device bridge_slave_1 entered promiscuous mode [ 44.505292] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 44.514008] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 44.528535] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 44.535860] team0: Port device team_slave_0 added [ 44.541339] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 44.548331] team0: Port device team_slave_1 added [ 44.553556] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.561002] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.611922] device hsr_slave_0 entered promiscuous mode [ 44.660283] device hsr_slave_1 entered promiscuous mode [ 44.700657] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.708999] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.735669] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.742187] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.749173] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.755572] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.756611] IPVS: ftp: loaded support on port[0] = 21 [ 44.807435] chnl_net:caif_netlink_parms(): no params data found [ 44.854592] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.861059] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.868026] device bridge_slave_0 entered promiscuous mode [ 44.879681] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.886126] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.892902] device bridge_slave_1 entered promiscuous mode [ 44.902724] IPVS: ftp: loaded support on port[0] = 21 [ 44.951419] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 44.957507] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.968411] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 44.978584] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 44.994890] chnl_net:caif_netlink_parms(): no params data found [ 45.013420] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 45.020575] team0: Port device team_slave_0 added [ 45.028650] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 45.036188] team0: Port device team_slave_1 added [ 45.042340] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 45.051015] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 45.058219] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 45.080814] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.087217] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.094196] device bridge_slave_0 entered promiscuous mode [ 45.111624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.119625] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.126677] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.134711] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.142263] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.149027] device bridge_slave_1 entered promiscuous mode [ 45.201816] device hsr_slave_0 entered promiscuous mode [ 45.240346] device hsr_slave_1 entered promiscuous mode [ 45.332289] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 45.339814] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 45.353855] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.362751] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 45.368832] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.376081] IPVS: ftp: loaded support on port[0] = 21 [ 45.389342] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.406657] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.414547] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.420908] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.427668] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.435802] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.442161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.449324] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 45.457884] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 45.468311] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 45.475842] team0: Port device team_slave_0 added [ 45.482068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 45.489683] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.499231] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 45.509887] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 45.519281] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 45.526439] team0: Port device team_slave_1 added [ 45.531766] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 45.538763] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.546113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 45.553646] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.561318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.568626] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.589926] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.597692] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 45.647786] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 45.711969] device hsr_slave_0 entered promiscuous mode [ 45.770276] device hsr_slave_1 entered promiscuous mode [ 45.824188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.832101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.842889] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 45.848868] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 45.858424] chnl_net:caif_netlink_parms(): no params data found [ 45.866723] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 45.889240] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 45.905372] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 45.913662] IPVS: ftp: loaded support on port[0] = 21 [ 45.938944] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.953998] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.961266] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.968059] device bridge_slave_0 entered promiscuous mode [ 45.988974] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.995461] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.002393] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.009932] device bridge_slave_1 entered promiscuous mode [ 46.069413] chnl_net:caif_netlink_parms(): no params data found [ 46.087999] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.097114] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.108662] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.140201] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.152223] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.159352] team0: Port device team_slave_0 added [ 46.176873] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.184244] team0: Port device team_slave_1 added [ 46.192888] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.201687] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 46.223682] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.239913] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.248039] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.258030] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.267197] FAULT_INJECTION: forcing a failure. [ 46.267197] name failslab, interval 1, probability 0, space 0, times 1 [ 46.267376] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.284793] CPU: 1 PID: 6637 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 46.287838] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.292577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.292583] Call Trace: [ 46.292595] dump_stack+0xf7/0x13b [ 46.292605] should_fail.cold.3+0x105/0x14b [ 46.292614] should_failslab+0xba/0xf0 [ 46.292621] __kmalloc+0x2e8/0x7b0 [ 46.292630] ? tls_push_record+0xf6/0x14c0 [ 46.292637] tls_push_record+0xf6/0x14c0 [ 46.292651] tls_sw_sendpage+0x443/0xc50 [ 46.292662] ? tls_sw_sendmsg+0x10a0/0x10a0 [ 46.292668] ? pipe_lock+0x4f/0x60 [ 46.292678] inet_sendpage+0x122/0x600 [ 46.292686] ? kernel_sendpage+0xd0/0xd0 [ 46.292691] kernel_sendpage+0x60/0xd0 [ 46.292695] ? pipe_lock+0x4f/0x60 [ 46.292700] sock_sendpage+0x6d/0xd0 [ 46.292707] pipe_to_sendpage+0x206/0x420 [ 46.292712] ? generic_pipe_buf_nosteal+0x10/0x10 [ 46.292723] __splice_from_pipe+0x2cb/0x720 [ 46.292733] ? generic_pipe_buf_nosteal+0x10/0x10 [ 46.299119] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.308369] ? generic_pipe_buf_nosteal+0x10/0x10 [ 46.308374] splice_from_pipe+0xb5/0x110 [ 46.308380] ? selinux_file_permission+0x2d1/0x3e0 [ 46.308384] ? splice_shrink_spd+0xa0/0xa0 [ 46.308394] ? rw_verify_area+0xb8/0x2b0 [ 46.308400] generic_splice_sendpage+0x10/0x20 [ 46.308404] SyS_splice+0x6e9/0x1580 [ 46.308410] ? __sb_end_write+0xa4/0xd0 [ 46.308421] ? compat_SyS_vmsplice+0x1e0/0x1e0 [ 46.308430] ? do_syscall_64+0x4c/0x5b0 [ 46.308436] ? compat_SyS_vmsplice+0x1e0/0x1e0 [ 46.308441] do_syscall_64+0x1c7/0x5b0 [ 46.308444] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.308455] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 46.318829] RIP: 0033:0x459a29 [ 46.318833] RSP: 002b:00007ff9a11f5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 46.318839] RAX: ffffffffffffffda RBX: 00007ff9a11f5c90 RCX: 0000000000459a29 [ 46.318842] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 46.318844] RBP: 000000000075bf20 R08: 0000000100000000 R09: 0000000000000000 [ 46.318848] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff9a11f66d4 [ 46.323389] device bridge_slave_0 entered promiscuous mode [ 46.326264] R13: 00000000004c9222 R14: 00000000004df820 R15: 0000000000000005 [ 46.470371] ================================================================== [ 46.483996] BUG: KASAN: use-after-free in scatterwalk_copychunks+0x207/0x690 [ 46.484001] Read of size 4096 at addr ffff8880a5b16000 by task syz-executor.2/6637 [ 46.484003] [ 46.484009] CPU: 1 PID: 6637 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 46.496869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.496872] Call Trace: [ 46.496883] dump_stack+0xf7/0x13b [ 46.496890] ? scatterwalk_copychunks+0x207/0x690 [ 46.496898] print_address_description.cold.7+0x9/0x1c9 [ 46.511487] ? scatterwalk_copychunks+0x207/0x690 [ 46.511495] kasan_report.cold.8+0x11a/0x2d3 [ 46.511502] check_memory_region+0x13e/0x1b0 [ 46.511507] memcpy+0x23/0x50 [ 46.511512] scatterwalk_copychunks+0x207/0x690 [ 46.511522] scatterwalk_map_and_copy+0x10d/0x1a0 [ 46.511529] ? __lock_is_held+0xb5/0x140 [ 46.511535] ? scatterwalk_copychunks+0x690/0x690 [ 46.511545] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.511552] ? __kmalloc+0x36d/0x7b0 [ 46.511561] ? gcmaes_encrypt.constprop.14+0x130/0xae0 [ 46.520933] kobject: 'ip6gretap0' (ffff888080d48cf0): kobject_uevent_env [ 46.526423] gcmaes_encrypt.constprop.14+0x1c0/0xae0 [ 46.526438] generic_gcmaes_encrypt+0xf8/0x13d [ 46.528101] kobject: 'ip6gretap0' (ffff888080d48cf0): fill_kobj_path: path = '/devices/virtual/net/ip6gretap0' [ 46.535817] ? helper_rfc4106_encrypt+0x430/0x430 [ 46.535826] ? __kmalloc+0x36d/0x7b0 [ 46.535833] ? sk_stream_wait_memory+0x840/0xd00 [ 46.535839] gcmaes_wrapper_encrypt+0xe0/0x140 [ 46.535848] tls_push_record+0x8e6/0x14c0 [ 46.535862] tls_sw_sendpage+0x443/0xc50 [ 46.535874] ? tls_sw_sendmsg+0x10a0/0x10a0 [ 46.535881] ? pipe_lock+0x4f/0x60 [ 46.535891] inet_sendpage+0x122/0x600 [ 46.535898] ? kernel_sendpage+0xd0/0xd0 [ 46.535902] kernel_sendpage+0x60/0xd0 [ 46.535906] ? pipe_lock+0x4f/0x60 [ 46.535910] sock_sendpage+0x6d/0xd0 [ 46.535916] pipe_to_sendpage+0x206/0x420 [ 46.535922] ? generic_pipe_buf_nosteal+0x10/0x10 [ 46.535932] __splice_from_pipe+0x2cb/0x720 [ 46.535937] ? generic_pipe_buf_nosteal+0x10/0x10 [ 46.535944] ? generic_pipe_buf_nosteal+0x10/0x10 [ 46.535949] splice_from_pipe+0xb5/0x110 [ 46.535955] ? selinux_file_permission+0x2d1/0x3e0 [ 46.535959] ? splice_shrink_spd+0xa0/0xa0 [ 46.535968] ? rw_verify_area+0xb8/0x2b0 [ 46.535974] generic_splice_sendpage+0x10/0x20 [ 46.535978] SyS_splice+0x6e9/0x1580 [ 46.535982] ? __sb_end_write+0xa4/0xd0 [ 46.535993] ? compat_SyS_vmsplice+0x1e0/0x1e0 [ 46.536001] ? do_syscall_64+0x4c/0x5b0 [ 46.536006] ? compat_SyS_vmsplice+0x1e0/0x1e0 [ 46.536010] do_syscall_64+0x1c7/0x5b0 [ 46.536013] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.536023] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 46.536028] RIP: 0033:0x459a29 [ 46.536031] RSP: 002b:00007ff9a11f5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 46.536036] RAX: ffffffffffffffda RBX: 00007ff9a11f5c90 RCX: 0000000000459a29 [ 46.536039] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 46.536042] RBP: 000000000075bf20 R08: 0000000100000000 R09: 0000000000000000 [ 46.536044] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff9a11f66d4 [ 46.536046] R13: 00000000004c9222 R14: 00000000004df820 R15: 0000000000000005 [ 46.536057] [ 46.536060] Allocated by task 6612: [ 46.536066] save_stack_trace+0x16/0x20 [ 46.536069] save_stack+0x43/0xd0 [ 46.536074] kasan_kmalloc+0xc7/0xe0 [ 46.547183] kobject: 'queues' (ffff88809452de48): kobject_add_internal: parent: 'ip6gretap0', set: '' [ 46.547973] kasan_slab_alloc+0x12/0x20 [ 46.547979] kmem_cache_alloc+0x12e/0x790 [ 46.547986] sk_prot_alloc+0x5d/0x240 [ 46.547990] sk_alloc+0x30/0xc10 [ 46.547997] unix_create1+0x6a/0x4c0 [ 46.552362] kobject: 'queues' (ffff88809452de48): kobject_uevent_env [ 46.556339] unix_create+0x123/0x1c0 [ 46.556345] __sock_create+0x262/0x540 [ 46.556349] SyS_socket+0xc6/0x1a0 [ 46.556355] do_syscall_64+0x1c7/0x5b0 [ 46.556359] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 46.556362] [ 46.562746] kobject: 'queues' (ffff88809452de48): kobject_uevent_env: filter function caused the event to drop! [ 46.566518] Freed by task 6612: [ 46.566525] save_stack_trace+0x16/0x20 [ 46.566530] save_stack+0x43/0xd0 [ 46.566533] kasan_slab_free+0x71/0xc0 [ 46.566539] kmem_cache_free+0x80/0x2d0 [ 46.566545] __sk_destruct+0x358/0x4e0 [ 46.571100] kobject: 'rx-0' (ffff8880a82fc0d0): kobject_add_internal: parent: 'queues', set: 'queues' [ 46.575398] sk_destruct+0x83/0xb0 [ 46.575402] __sk_free+0x47/0x1f0 [ 46.575406] sk_free+0x23/0x30 [ 46.575410] unix_release_sock+0x7ce/0x970 [ 46.575413] unix_release+0x35/0x70 [ 46.575416] __sock_release+0xc2/0x2a0 [ 46.575420] sock_close+0x10/0x20 [ 46.578587] kobject: 'rx-0' (ffff8880a82fc0d0): kobject_uevent_env [ 46.583150] __fput+0x232/0x750 [ 46.583154] ____fput+0x9/0x10 [ 46.583159] task_work_run+0xe5/0x170 [ 46.583164] exit_to_usermode_loop+0x16a/0x1b0 [ 46.583168] do_syscall_64+0x416/0x5b0 [ 46.583173] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 46.583174] [ 46.583178] The buggy address belongs to the object at ffff8880a5b16000 [ 46.583178] which belongs to the cache UNIX of size 1728 [ 46.583182] The buggy address is located 0 bytes inside of [ 46.583182] 1728-byte region [ffff8880a5b16000, ffff8880a5b166c0) [ 46.583184] The buggy address belongs to the page: [ 46.583189] page:ffffea000296c580 count:1 mapcount:0 mapping:ffff8880a5b16000 index:0x0 [ 46.583196] flags: 0x1fffc0000000100(slab) [ 46.583202] raw: 01fffc0000000100 ffff8880a5b16000 0000000000000000 0000000100000002 [ 46.583206] raw: ffffea0002817a20 ffffea000253e960 ffff8880a7374e40 0000000000000000 [ 46.583208] page dumped because: kasan: bad access detected [ 46.583215] [ 46.583217] Memory state around the buggy address: [ 46.583221] ffff8880a5b15f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.583224] ffff8880a5b15f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.583228] >ffff8880a5b16000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.591205] kobject: 'rx-0' (ffff8880a82fc0d0): fill_kobj_path: path = '/devices/virtual/net/ip6gretap0/queues/rx-0' [ 46.592085] ^ [ 46.597290] kobject: 'tx-0' (ffff888091332558): kobject_add_internal: parent: 'queues', set: 'queues' [ 46.601931] ffff8880a5b16080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.601935] ffff8880a5b16100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.601937] ================================================================== [ 46.601939] Disabling lock debugging due to kernel taint [ 46.602447] Kernel panic - not syncing: panic_on_warn set ... [ 46.602447] [ 46.607154] kobject: 'tx-0' (ffff888091332558): kobject_uevent_env [ 46.610961] CPU: 1 PID: 6637 Comm: syz-executor.2 Tainted: G B 4.14.158-syzkaller #0 [ 46.610964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.610966] Call Trace: [ 46.610975] dump_stack+0xf7/0x13b [ 46.610982] ? scatterwalk_copychunks+0x207/0x690 [ 46.610987] panic+0x1b0/0x358 [ 46.610992] ? add_taint.cold.5+0x11/0x11 [ 46.617860] kobject: 'tx-0' (ffff888091332558): fill_kobj_path: path = '/devices/virtual/net/ip6gretap0/queues/tx-0' [ 46.622893] ? scatterwalk_copychunks+0x207/0x690 [ 46.622898] kasan_end_report+0x47/0x4f [ 46.622902] kasan_report.cold.8+0x76/0x2d3 [ 46.622906] check_memory_region+0x13e/0x1b0 [ 46.622909] memcpy+0x23/0x50 [ 46.622913] scatterwalk_copychunks+0x207/0x690 [ 46.622919] scatterwalk_map_and_copy+0x10d/0x1a0 [ 46.622925] ? __lock_is_held+0xb5/0x140 [ 46.622929] ? scatterwalk_copychunks+0x690/0x690 [ 46.622936] ? rcu_read_lock_sched_held+0x108/0x120 [ 46.622941] ? __kmalloc+0x36d/0x7b0 [ 46.622947] ? gcmaes_encrypt.constprop.14+0x130/0xae0 [ 46.622952] gcmaes_encrypt.constprop.14+0x1c0/0xae0 [ 46.622959] generic_gcmaes_encrypt+0xf8/0x13d [ 46.622963] ? helper_rfc4106_encrypt+0x430/0x430 [ 46.622967] ? __kmalloc+0x36d/0x7b0 [ 46.622973] ? sk_stream_wait_memory+0x840/0xd00 [ 46.622977] gcmaes_wrapper_encrypt+0xe0/0x140 [ 46.622983] tls_push_record+0x8e6/0x14c0 [ 46.622992] tls_sw_sendpage+0x443/0xc50 [ 46.622999] ? tls_sw_sendmsg+0x10a0/0x10a0 [ 46.623005] ? pipe_lock+0x4f/0x60 [ 46.623012] inet_sendpage+0x122/0x600 [ 46.623017] ? kernel_sendpage+0xd0/0xd0 [ 46.623019] kernel_sendpage+0x60/0xd0 [ 46.623022] ? pipe_lock+0x4f/0x60 [ 46.623025] sock_sendpage+0x6d/0xd0 [ 46.623029] pipe_to_sendpage+0x206/0x420 [ 46.623032] ? generic_pipe_buf_nosteal+0x10/0x10 [ 46.623037] __splice_from_pipe+0x2cb/0x720 [ 46.623041] ? generic_pipe_buf_nosteal+0x10/0x10 [ 46.623044] ? generic_pipe_buf_nosteal+0x10/0x10 [ 46.623047] splice_from_pipe+0xb5/0x110 [ 46.623053] ? selinux_file_permission+0x2d1/0x3e0 [ 46.623056] ? splice_shrink_spd+0xa0/0xa0 [ 46.623063] ? rw_verify_area+0xb8/0x2b0 [ 46.623067] generic_splice_sendpage+0x10/0x20 [ 46.623071] SyS_splice+0x6e9/0x1580 [ 46.629548] kobject: 'batman_adv' (ffff888096801880): kobject_add_internal: parent: 'ip6gretap0', set: '' [ 46.637752] ? __sb_end_write+0xa4/0xd0 [ 46.637760] ? compat_SyS_vmsplice+0x1e0/0x1e0 [ 46.637765] ? do_syscall_64+0x4c/0x5b0 [ 46.637769] ? compat_SyS_vmsplice+0x1e0/0x1e0 [ 46.637772] do_syscall_64+0x1c7/0x5b0 [ 46.637776] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.637782] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 46.637788] RIP: 0033:0x459a29 [ 46.647367] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.651064] RSP: 002b:00007ff9a11f5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 46.651069] RAX: ffffffffffffffda RBX: 00007ff9a11f5c90 RCX: 0000000000459a29 [ 46.651071] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 46.651073] RBP: 000000000075bf20 R08: 0000000100000000 R09: 0000000000000000 [ 46.651075] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff9a11f66d4 [ 46.651077] R13: 00000000004c9222 R14: 00000000004df820 R15: 0000000000000005 [ 46.652457] Kernel Offset: disabled [ 47.457496] Rebooting in 86400 seconds..