[ 423.040747][T11731] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 423.071047][T11732] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 423.113185][T11736] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 423.126608][T11738] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 423.143270][T11739] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 423.178032][T11741] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 423.197302][T11742] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 423.217889][T11750] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 423.290018][T11755] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 423.309059][T11752] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 428.048639][T12287] validate_nla: 263 callbacks suppressed [ 428.048659][T12287] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 428.093296][T12288] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 428.109280][T12289] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 428.145581][T12292] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 428.161167][T12295] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 428.181400][T12294] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 428.193201][T12297] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 428.204322][T12299] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 428.247755][T12301] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 428.267296][T12305] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 430.655201][ T50] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 Warning: Permanently added '10.128.1.123' (ECDSA) to the list of known hosts. [ 430.763680][ T50] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.890419][ T50] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.964075][ T50] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.958596][ T50] device hsr_slave_0 left promiscuous mode [ 431.982791][ T50] device hsr_slave_1 left promiscuous mode [ 431.990005][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 431.997557][ T50] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 432.013953][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 432.023141][ T50] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 432.040960][ T50] device bridge_slave_1 left promiscuous mode [ 432.051590][ T50] bridge0: port 2(bridge_slave_1) entered disabled state [ 432.076613][ T50] device bridge_slave_0 left promiscuous mode [ 432.082889][ T50] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.108915][ T50] device veth1_macvtap left promiscuous mode [ 432.115271][ T50] device veth0_macvtap left promiscuous mode [ 432.130716][ T50] device veth1_vlan left promiscuous mode [ 432.136674][ T50] device veth0_vlan left promiscuous mode [ 432.545325][ T50] team0 (unregistering): Port device team_slave_1 removed [ 432.583502][ T50] team0 (unregistering): Port device team_slave_0 removed [ 432.600369][ T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 432.626423][ T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 432.826570][ T50] bond0 (unregistering): Released all slaves [ 433.071756][T12412] validate_nla: 80 callbacks suppressed [ 433.071774][T12412] netlink: 'syz-executor123': attribute type 4 has an invalid length. [ 433.092760][T12413] netlink: 'syz-executor123': attribute type 4 has an invalid length. [ 433.114393][T12414] netlink: 'syz-executor123': attribute type 4 has an invalid length. [ 433.155584][T12415] netlink: 'syz-executor123': attribute type 4 has an invalid length. [ 433.169713][T12416] netlink: 'syz-executor123': attribute type 4 has an invalid length. [ 433.184105][T12417] netlink: 'syz-executor123': attribute type 4 has an invalid length. [ 433.208680][T12418] netlink: 'syz-executor123': attribute type 4 has an invalid length. [ 433.224874][T12419] netlink: 'syz-executor123': attribute type 4 has an invalid length. [ 433.240632][T12420] netlink: 'syz-executor123': attribute type 4 has an invalid length. [ 433.254952][T12421] netlink: 'syz-executor123': attribute type 4 has an invalid length. [ 434.036618][ C1] ================================================================== [ 434.044893][ C1] BUG: KASAN: use-after-free in tcp_retransmit_timer+0x2ef3/0x3360 [ 434.053004][ C1] Read of size 8 at addr ffff888020328380 by task udevd/4158 [ 434.060395][ C1] [ 434.062735][ C1] CPU: 1 PID: 4158 Comm: udevd Not tainted 5.18.0-rc3-syzkaller-00074-gb05a5683eba6-dirty #0 [ 434.073256][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 434.083600][ C1] Call Trace: [ 434.086894][ C1] [ 434.089749][ C1] dump_stack_lvl+0xcd/0x134 [ 434.094491][ C1] print_address_description.constprop.0.cold+0xeb/0x467 [ 434.102544][ C1] ? tcp_retransmit_timer+0x2ef3/0x3360 [ 434.108116][ C1] kasan_report.cold+0xf4/0x1c6 [ 434.113004][ C1] ? tcp_retransmit_timer+0x2ef3/0x3360 [ 434.118798][ C1] tcp_retransmit_timer+0x2ef3/0x3360 [ 434.124192][ C1] ? tcp_mstamp_refresh+0x12/0xa0 [ 434.129250][ C1] ? tcp_delack_timer+0x320/0x320 [ 434.134298][ C1] ? ktime_get+0x38a/0x470 [ 434.138840][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 434.144176][ C1] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 434.149976][ C1] ? ktime_get+0x30b/0x470 [ 434.154422][ C1] tcp_write_timer_handler+0x5e6/0xbc0 [ 434.160023][ C1] tcp_write_timer+0xa2/0x2b0 [ 434.164902][ C1] ? tcp_write_timer_handler+0xbc0/0xbc0 [ 434.170564][ C1] call_timer_fn+0x1a5/0x6b0 [ 434.175195][ C1] ? timer_fixup_activate+0x350/0x350 [ 434.180590][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 434.185726][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 434.191034][ C1] ? tcp_write_timer_handler+0xbc0/0xbc0 [ 434.196987][ C1] __run_timers.part.0+0x679/0xa80 [ 434.202125][ C1] ? call_timer_fn+0x6b0/0x6b0 [ 434.206916][ C1] ? kvm_sched_clock_read+0x14/0x40 [ 434.212168][ C1] ? sched_clock_cpu+0x15/0x1f0 [ 434.217110][ C1] run_timer_softirq+0xb3/0x1d0 [ 434.221987][ C1] __do_softirq+0x29b/0x9c2 [ 434.226518][ C1] __irq_exit_rcu+0x123/0x180 [ 434.231313][ C1] irq_exit_rcu+0x5/0x20 [ 434.235580][ C1] sysvec_apic_timer_interrupt+0x93/0xc0 [ 434.241247][ C1] [ 434.244193][ C1] [ 434.247142][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 434.253153][ C1] RIP: 0010:__kmalloc+0x1af/0x4d0 [ 434.258263][ C1] Code: 0f 84 46 01 00 00 4d 85 f6 48 89 54 24 18 0f 85 dd 01 00 00 9c 58 f6 c4 02 0f 85 fb 01 00 00 4d 85 f6 74 01 fb 48 8b 74 24 18 <0f> 0d 0e 0f 1f 44 00 00 48 83 7b 50 00 0f 84 85 00 00 00 44 8b 35 [ 434.280005][ C1] RSP: 0018:ffffc90003687738 EFLAGS: 00000206 [ 434.286097][ C1] RAX: 0000000000000006 RBX: ffff888010c40900 RCX: 1ffffffff1b6cca9 [ 434.294091][ C1] RDX: 0000000000000000 RSI: ffff88804483a000 RDI: 0000000000000000 [ 434.302082][ C1] RBP: 0000000000000c40 R08: 0000000000000001 R09: 0000000000000001 [ 434.310069][ C1] R10: ffffffff817e0cc8 R11: 0000000000000001 R12: 0000000000001000 [ 434.318060][ C1] R13: 0000000000000c40 R14: 0000000000000200 R15: 0000000000000000 [ 434.326047][ C1] ? trace_hardirqs_on+0x38/0x1c0 [ 434.331437][ C1] ? tomoyo_realpath_from_path+0xc3/0x620 [ 434.337247][ C1] tomoyo_realpath_from_path+0xc3/0x620 [ 434.342828][ C1] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 434.349100][ C1] tomoyo_check_open_permission+0x272/0x380 [ 434.355021][ C1] ? tomoyo_path_number_perm+0x590/0x590 [ 434.360685][ C1] ? path_get+0x5d/0x80 [ 434.364932][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 434.370067][ C1] ? do_raw_spin_lock+0x120/0x2a0 [ 434.375154][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 434.380216][ C1] tomoyo_file_open+0x9d/0xc0 [ 434.385023][ C1] security_file_open+0x45/0xb0 [ 434.389963][ C1] do_dentry_open+0x349/0x11e0 [ 434.394855][ C1] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 434.401226][ C1] ? may_open+0x1f6/0x420 [ 434.405599][ C1] path_openat+0x1c71/0x2910 [ 434.410273][ C1] ? path_lookupat+0x860/0x860 [ 434.415076][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 434.421101][ C1] do_filp_open+0x1aa/0x400 [ 434.425748][ C1] ? may_open_dev+0xf0/0xf0 [ 434.430288][ C1] ? simple_attr_release+0x40/0x40 [ 434.435494][ C1] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 434.441778][ C1] ? _find_next_bit+0x1e3/0x260 [ 434.446759][ C1] ? _raw_spin_unlock+0x24/0x40 [ 434.451762][ C1] ? alloc_fd+0x2f0/0x670 [ 434.456125][ C1] do_sys_openat2+0x16d/0x4c0 [ 434.460827][ C1] ? find_held_lock+0x2d/0x110 [ 434.465617][ C1] ? build_open_flags+0x6f0/0x6f0 [ 434.470758][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 434.475765][ C1] __x64_sys_openat+0x13f/0x1f0 [ 434.480649][ C1] ? __ia32_sys_open+0x1c0/0x1c0 [ 434.485615][ C1] ? syscall_enter_from_user_mode+0x21/0x70 [ 434.491733][ C1] do_syscall_64+0x35/0x80 [ 434.496178][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 434.502104][ C1] RIP: 0033:0x7f05b0b25697 [ 434.506553][ C1] Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f [ 434.526444][ C1] RSP: 002b:00007ffe2589e810 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 434.534884][ C1] RAX: ffffffffffffffda RBX: 0000556cc6fd3150 RCX: 00007f05b0b25697 [ 434.542877][ C1] RDX: 0000000000080000 RSI: 0000556cc6f9d160 RDI: 00000000ffffff9c [ 434.550875][ C1] RBP: 0000556cc6f9d160 R08: 0000556cc6f9d160 R09: 00007f05b0bf5a60 [ 434.558956][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000080000 [ 434.566965][ C1] R13: 0000000000000705 R14: 0000000000000000 R15: 0000000000000000 [ 434.575052][ C1] [ 434.578085][ C1] [ 434.580415][ C1] Allocated by task 3894: [ 434.584747][ C1] kasan_save_stack+0x1e/0x40 [ 434.589448][ C1] __kasan_slab_alloc+0x85/0xb0 [ 434.594417][ C1] kmem_cache_alloc+0x265/0x560 [ 434.599300][ C1] copy_net_ns+0x125/0x760 [ 434.603902][ C1] create_new_namespaces+0x3f6/0xb20 [ 434.609315][ C1] unshare_nsproxy_namespaces+0xc1/0x1f0 [ 434.615004][ C1] ksys_unshare+0x445/0x920 [ 434.619631][ C1] __x64_sys_unshare+0x2d/0x40 [ 434.624420][ C1] do_syscall_64+0x35/0x80 [ 434.628877][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 434.634796][ C1] [ 434.637129][ C1] Freed by task 50: [ 434.640939][ C1] kasan_save_stack+0x1e/0x40 [ 434.645642][ C1] kasan_set_track+0x21/0x30 [ 434.650259][ C1] kasan_set_free_info+0x20/0x30 [ 434.655224][ C1] ____kasan_slab_free+0x13d/0x180 [ 434.660451][ C1] kmem_cache_free.part.0+0xa9/0x240 [ 434.665852][ C1] cleanup_net+0x8ba/0xb00 [ 434.670298][ C1] process_one_work+0x996/0x1610 [ 434.675260][ C1] worker_thread+0x665/0x1080 [ 434.679960][ C1] kthread+0x2e9/0x3a0 [ 434.684062][ C1] ret_from_fork+0x1f/0x30 [ 434.688541][ C1] [ 434.690867][ C1] Last potentially related work creation: [ 434.696586][ C1] kasan_save_stack+0x1e/0x40 [ 434.701281][ C1] __kasan_record_aux_stack+0x7e/0x90 [ 434.706681][ C1] insert_work+0x48/0x350 [ 434.711090][ C1] __queue_work+0x62e/0x1140 [ 434.715701][ C1] call_timer_fn+0x1a5/0x6b0 [ 434.720303][ C1] __run_timers.part.0+0x4a3/0xa80 [ 434.725428][ C1] run_timer_softirq+0x152/0x1d0 [ 434.730375][ C1] __do_softirq+0x29b/0x9c2 [ 434.734892][ C1] [ 434.737229][ C1] Second to last potentially related work creation: [ 434.744421][ C1] kasan_save_stack+0x1e/0x40 [ 434.749123][ C1] __kasan_record_aux_stack+0x7e/0x90 [ 434.754633][ C1] insert_work+0x48/0x350 [ 434.759239][ C1] __queue_work+0x62e/0x1140 [ 434.763894][ C1] call_timer_fn+0x1a5/0x6b0 [ 434.768512][ C1] __run_timers.part.0+0x4a3/0xa80 [ 434.773672][ C1] run_timer_softirq+0x152/0x1d0 [ 434.778718][ C1] __do_softirq+0x29b/0x9c2 [ 434.783246][ C1] [ 434.785584][ C1] The buggy address belongs to the object at ffff8880203280c0 [ 434.785584][ C1] which belongs to the cache net_namespace of size 6784 [ 434.800178][ C1] The buggy address is located 704 bytes inside of [ 434.800178][ C1] 6784-byte region [ffff8880203280c0, ffff888020329b40) [ 434.814953][ C1] [ 434.817314][ C1] The buggy address belongs to the physical page: [ 434.823733][ C1] page:ffffea000080ca00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20328 [ 434.833986][ C1] head:ffffea000080ca00 order:1 compound_mapcount:0 compound_pincount:0 [ 434.842334][ C1] memcg:ffff88801605c281 [ 434.846580][ C1] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 434.854596][ C1] raw: 00fff00000010200 ffffea00008ef008 ffffea0001f97108 ffff8880114d3600 [ 434.863202][ C1] raw: 0000000000000000 ffff8880203280c0 0000000100000001 ffff88801605c281 [ 434.871883][ C1] page dumped because: kasan: bad access detected [ 434.878311][ C1] page_owner tracks the page as allocated [ 434.884290][ C1] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x3420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_HARDWALL|__GFP_THISNODE), pid 3894, tgid 3894 (syz-executor.3), ts 65729083336, free_ts 62504832892 [ 434.906126][ C1] get_page_from_freelist+0xba2/0x3e00 [ 434.911740][ C1] __alloc_pages+0x1b2/0x500 [ 434.916357][ C1] cache_grow_begin+0x75/0x350 [ 434.921158][ C1] cache_alloc_refill+0x27f/0x380 [ 434.926220][ C1] kmem_cache_alloc+0x450/0x560 [ 434.931092][ C1] copy_net_ns+0x125/0x760 [ 434.935542][ C1] create_new_namespaces+0x3f6/0xb20 [ 434.940866][ C1] unshare_nsproxy_namespaces+0xc1/0x1f0 [ 434.946530][ C1] ksys_unshare+0x445/0x920 [ 434.951051][ C1] __x64_sys_unshare+0x2d/0x40 [ 434.955842][ C1] do_syscall_64+0x35/0x80 [ 434.960279][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 434.966196][ C1] page last free stack trace: [ 434.970881][ C1] free_pcp_prepare+0x549/0xd20 [ 434.975774][ C1] free_unref_page+0x19/0x6a0 [ 434.980655][ C1] slabs_destroy+0x89/0xc0 [ 434.985219][ C1] ___cache_free+0x34e/0x670 [ 434.989833][ C1] qlist_free_all+0x4f/0x1b0 [ 434.994523][ C1] kasan_quarantine_reduce+0x180/0x200 [ 435.000008][ C1] __kasan_slab_alloc+0x97/0xb0 [ 435.004892][ C1] kmem_cache_alloc_node+0x2ea/0x590 [ 435.010214][ C1] __alloc_skb+0x215/0x340 [ 435.014817][ C1] alloc_skb_with_frags+0x93/0x730 [ 435.020039][ C1] sock_alloc_send_pskb+0x793/0x920 [ 435.025350][ C1] unix_dgram_sendmsg+0x414/0x1a90 [ 435.030570][ C1] sock_sendmsg+0xcf/0x120 [ 435.035083][ C1] sock_write_iter+0x283/0x3c0 [ 435.039870][ C1] new_sync_write+0x38a/0x560 [ 435.044652][ C1] vfs_write+0x7c0/0xac0 [ 435.048916][ C1] [ 435.051246][ C1] Memory state around the buggy address: [ 435.056885][ C1] ffff888020328280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 435.064964][ C1] ffff888020328300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 435.073136][ C1] >ffff888020328380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 435.081217][ C1] ^ [ 435.085303][ C1] ffff888020328400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 435.093381][ C1] ffff888020328480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 435.101542][ C1] ================================================================== [ 435.109988][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 435.116678][ C1] CPU: 1 PID: 4158 Comm: udevd Not tainted 5.18.0-rc3-syzkaller-00074-gb05a5683eba6-dirty #0 [ 435.127369][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 435.137724][ C1] Call Trace: [ 435.141019][ C1] [ 435.143876][ C1] dump_stack_lvl+0xcd/0x134 [ 435.148498][ C1] panic+0x2d7/0x636 [ 435.152487][ C1] ? panic_print_sys_info.part.0+0x10b/0x10b [ 435.158676][ C1] ? tcp_retransmit_timer+0x2ef3/0x3360 [ 435.164256][ C1] ? tcp_retransmit_timer+0x2ef3/0x3360 [ 435.169825][ C1] end_report.part.0+0x3f/0x7c [ 435.174617][ C1] kasan_report.cold+0x93/0x1c6 [ 435.179506][ C1] ? tcp_retransmit_timer+0x2ef3/0x3360 [ 435.185095][ C1] tcp_retransmit_timer+0x2ef3/0x3360 [ 435.190678][ C1] ? tcp_mstamp_refresh+0x12/0xa0 [ 435.195746][ C1] ? tcp_delack_timer+0x320/0x320 [ 435.200796][ C1] ? ktime_get+0x38a/0x470 [ 435.205238][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 435.210465][ C1] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 435.216211][ C1] ? ktime_get+0x30b/0x470 [ 435.220669][ C1] tcp_write_timer_handler+0x5e6/0xbc0 [ 435.226152][ C1] tcp_write_timer+0xa2/0x2b0 [ 435.230894][ C1] ? tcp_write_timer_handler+0xbc0/0xbc0 [ 435.236642][ C1] call_timer_fn+0x1a5/0x6b0 [ 435.241259][ C1] ? timer_fixup_activate+0x350/0x350 [ 435.246659][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 435.251538][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 435.256766][ C1] ? tcp_write_timer_handler+0xbc0/0xbc0 [ 435.262430][ C1] __run_timers.part.0+0x679/0xa80 [ 435.267571][ C1] ? call_timer_fn+0x6b0/0x6b0 [ 435.272371][ C1] ? kvm_sched_clock_read+0x14/0x40 [ 435.277604][ C1] ? sched_clock_cpu+0x15/0x1f0 [ 435.282486][ C1] run_timer_softirq+0xb3/0x1d0 [ 435.287368][ C1] __do_softirq+0x29b/0x9c2 [ 435.291913][ C1] __irq_exit_rcu+0x123/0x180 [ 435.296840][ C1] irq_exit_rcu+0x5/0x20 [ 435.301226][ C1] sysvec_apic_timer_interrupt+0x93/0xc0 [ 435.307511][ C1] [ 435.310459][ C1] [ 435.313395][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 435.319412][ C1] RIP: 0010:__kmalloc+0x1af/0x4d0 [ 435.324461][ C1] Code: 0f 84 46 01 00 00 4d 85 f6 48 89 54 24 18 0f 85 dd 01 00 00 9c 58 f6 c4 02 0f 85 fb 01 00 00 4d 85 f6 74 01 fb 48 8b 74 24 18 <0f> 0d 0e 0f 1f 44 00 00 48 83 7b 50 00 0f 84 85 00 00 00 44 8b 35 [ 435.344185][ C1] RSP: 0018:ffffc90003687738 EFLAGS: 00000206 [ 435.350274][ C1] RAX: 0000000000000006 RBX: ffff888010c40900 RCX: 1ffffffff1b6cca9 [ 435.358436][ C1] RDX: 0000000000000000 RSI: ffff88804483a000 RDI: 0000000000000000 [ 435.366702][ C1] RBP: 0000000000000c40 R08: 0000000000000001 R09: 0000000000000001 [ 435.374802][ C1] R10: ffffffff817e0cc8 R11: 0000000000000001 R12: 0000000000001000 [ 435.383533][ C1] R13: 0000000000000c40 R14: 0000000000000200 R15: 0000000000000000 [ 435.392754][ C1] ? trace_hardirqs_on+0x38/0x1c0 [ 435.398100][ C1] ? tomoyo_realpath_from_path+0xc3/0x620 [ 435.404291][ C1] tomoyo_realpath_from_path+0xc3/0x620 [ 435.409877][ C1] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 435.416318][ C1] tomoyo_check_open_permission+0x272/0x380 [ 435.422251][ C1] ? tomoyo_path_number_perm+0x590/0x590 [ 435.428161][ C1] ? path_get+0x5d/0x80 [ 435.432701][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 435.437595][ C1] ? do_raw_spin_lock+0x120/0x2a0 [ 435.442671][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 435.447634][ C1] tomoyo_file_open+0x9d/0xc0 [ 435.452427][ C1] security_file_open+0x45/0xb0 [ 435.457771][ C1] do_dentry_open+0x349/0x11e0 [ 435.462569][ C1] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 435.468961][ C1] ? may_open+0x1f6/0x420 [ 435.473402][ C1] path_openat+0x1c71/0x2910 [ 435.478019][ C1] ? path_lookupat+0x860/0x860 [ 435.482989][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 435.490156][ C1] do_filp_open+0x1aa/0x400 [ 435.494916][ C1] ? may_open_dev+0xf0/0xf0 [ 435.499448][ C1] ? simple_attr_release+0x40/0x40 [ 435.504770][ C1] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 435.511247][ C1] ? _find_next_bit+0x1e3/0x260 [ 435.516124][ C1] ? _raw_spin_unlock+0x24/0x40 [ 435.521289][ C1] ? alloc_fd+0x2f0/0x670 [ 435.525641][ C1] do_sys_openat2+0x16d/0x4c0 [ 435.530344][ C1] ? find_held_lock+0x2d/0x110 [ 435.535225][ C1] ? build_open_flags+0x6f0/0x6f0 [ 435.540272][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 435.545237][ C1] __x64_sys_openat+0x13f/0x1f0 [ 435.550199][ C1] ? __ia32_sys_open+0x1c0/0x1c0 [ 435.555163][ C1] ? syscall_enter_from_user_mode+0x21/0x70 [ 435.561093][ C1] do_syscall_64+0x35/0x80 [ 435.565553][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 435.571476][ C1] RIP: 0033:0x7f05b0b25697 [ 435.575899][ C1] Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f [ 435.595732][ C1] RSP: 002b:00007ffe2589e810 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 435.604332][ C1] RAX: ffffffffffffffda RBX: 0000556cc6fd3150 RCX: 00007f05b0b25697 [ 435.612337][ C1] RDX: 0000000000080000 RSI: 0000556cc6f9d160 RDI: 00000000ffffff9c [ 435.620323][ C1] RBP: 0000556cc6f9d160 R08: 0000556cc6f9d160 R09: 00007f05b0bf5a60 [ 435.628314][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000080000 [ 435.636298][ C1] R13: 0000000000000705 R14: 0000000000000000 R15: 0000000000000000 [ 435.644543][ C1] [ 435.647834][ C1] Kernel Offset: disabled [ 435.652151][ C1] Rebooting in 86400 seconds..