[ 402.025138] ? find_held_lock+0x36/0x1d0 [ 402.029925] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 402.036306] ? __fget+0x278/0x400 [ 402.041153] ? kasan_check_read+0x11/0x20 [ 402.045794] ? __fget+0x295/0x400 [ 402.050064] ? ksys_dup3+0x2e0/0x2e0 [ 402.054449] ? __f_unlock_pos+0xd/0x10 [ 402.059121] ? __fget_light+0x174/0x1e0 [ 402.065052] ? __fdget+0xe/0x10 [ 402.069107] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 402.075497] __sys_sendmsg+0xd9/0x180 [ 402.080476] ? __ia32_sys_shutdown+0x70/0x70 [ 402.085381] ? __sb_end_write+0xa4/0xd0 [ 402.090210] ? kasan_check_write+0x14/0x20 [ 402.095244] ? fput+0x18/0x120 [ 402.099832] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 402.106490] __x64_sys_sendmsg+0x73/0xb0 [ 402.111122] do_syscall_64+0xd0/0x4e0 [ 402.115826] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 402.122299] RIP: 0033:0x45c4a9 [ 402.126141] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 402.149721] RSP: 002b:00007f065372dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 402.159498] RAX: ffffffffffffffda RBX: 00007f065372e6d4 RCX: 000000000045c4a9 [ 402.168746] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000008 [ 402.179003] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 402.187810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 402.197179] R13: 00000000000009fa R14: 00000000004cc76b R15: 0000000000000005 [ 402.207514] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 402.227914] FAULT_INJECTION: forcing a failure. [ 402.227914] name failslab, interval 1, probability 0, space 0, times 0 [ 402.247235] CPU: 1 PID: 13262 Comm: syz-executor.2 Not tainted 4.19.168-syzkaller #0 [ 402.256941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 402.270028] Call Trace: [ 402.273121] dump_stack+0x123/0x171 [ 402.277102] should_fail.cold.4+0x5/0xa [ 402.281605] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 402.287563] ? lock_downgrade+0x860/0x860 [ 402.292493] __should_failslab+0xba/0xf0 [ 402.298070] should_failslab+0x9/0x20 [ 402.304033] kmem_cache_alloc_trace+0x2d4/0x740 [ 402.309824] ? qfq_change_class+0xa89/0x14c0 [ 402.314679] ? qfq_change_class+0xa89/0x14c0 [ 402.320526] ? __local_bh_enable_ip+0x160/0x260 [ 402.326671] qfq_change_class+0xacf/0x14c0 [ 402.331864] ? qfq_delete_class+0x2d0/0x2d0 [ 402.338162] ? nla_parse+0x197/0x280 [ 402.342987] tc_ctl_tclass+0x3e9/0xba0 [ 402.348539] ? end_bio_extent_readpage+0xcb4/0x1200 [ 402.354784] ? qdisc_tree_reduce_backlog+0x560/0x560 [ 402.361713] ? find_held_lock+0x36/0x1d0 [ 402.366845] rtnetlink_rcv_msg+0x34f/0x8f0 [ 402.372271] ? rtnetlink_put_metrics+0x490/0x490 [ 402.378904] ? find_held_lock+0x36/0x1d0 [ 402.384282] netlink_rcv_skb+0x13e/0x3d0 [ 402.389260] ? lock_downgrade+0x860/0x860 [ 402.396999] ? rtnetlink_put_metrics+0x490/0x490 [ 402.404553] ? netlink_ack+0xa50/0xa50 [ 402.410329] ? netlink_deliver_tap+0x182/0xb00 [ 402.416416] rtnetlink_rcv+0x10/0x20 [ 402.421661] netlink_unicast+0x443/0x650 [ 402.427087] ? netlink_attachskb+0x6c0/0x6c0 [ 402.433570] ? _copy_from_iter_full+0x182/0x720 [ 402.439460] ? __check_object_size+0x1ef/0x310 [ 402.445394] netlink_sendmsg+0x765/0xc40 [ 402.450539] ? netlink_unicast+0x650/0x650 [ 402.456863] ? apparmor_socket_sendmsg+0x1b/0x20 [ 402.463723] ? netlink_unicast+0x650/0x650 [ 402.469301] sock_sendmsg+0xb5/0xf0 [ 402.473766] ___sys_sendmsg+0x647/0x950 [ 402.478707] ? find_held_lock+0x36/0x1d0 [ 402.484462] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 402.491178] ? __fget+0x278/0x400 [ 402.495687] ? kasan_check_read+0x11/0x20 [ 402.501445] ? __fget+0x295/0x400 [ 402.506437] ? ksys_dup3+0x2e0/0x2e0 [ 402.511517] ? __f_unlock_pos+0xd/0x10 [ 402.515602] ? __fget_light+0x174/0x1e0 [ 402.520521] ? __fdget+0xe/0x10 [ 402.524932] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 402.531144] __sys_sendmsg+0xd9/0x180 [ 402.537017] ? __ia32_sys_shutdown+0x70/0x70 [ 402.543750] ? __sb_end_write+0xa4/0xd0 [ 402.548809] ? kasan_check_write+0x14/0x20 [ 402.554487] ? fput+0x18/0x120 [ 402.558156] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 402.565723] __x64_sys_sendmsg+0x73/0xb0 [ 402.571560] do_syscall_64+0xd0/0x4e0 [ 402.575855] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 402.583723] RIP: 0033:0x45c4a9 [ 402.588900] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 402.615006] RSP: 002b:00007f66f7b47c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 402.624649] RAX: ffffffffffffffda RBX: 00007f66f7b486d4 RCX: 000000000045c4a9 [ 402.633879] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000008 [ 402.642091] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 402.650517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 402.659490] R13: 00000000000009fa R14: 00000000004cc76b R15: 0000000000000005 [ 402.671327] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 402.704997] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 402.721203] FAULT_INJECTION: forcing a failure. [ 402.721203] name failslab, interval 1, probability 0, space 0, times 0 [ 402.735183] CPU: 0 PID: 13274 Comm: syz-executor.1 Not tainted 4.19.168-syzkaller #0 [ 402.745157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 402.756581] Call Trace: [ 402.759660] dump_stack+0x123/0x171 [ 402.764933] should_fail.cold.4+0x5/0xa [ 402.770307] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 402.776997] ? lock_downgrade+0x860/0x860 [ 402.782068] __should_failslab+0xba/0xf0 [ 402.787827] should_failslab+0x9/0x20 [ 402.792058] kmem_cache_alloc_trace+0x2d4/0x740 [ 402.797119] ? qfq_change_class+0xa89/0x14c0 [ 402.802152] ? qfq_change_class+0xa89/0x14c0 [ 402.807785] ? __local_bh_enable_ip+0x160/0x260 [ 402.813476] qfq_change_class+0xacf/0x14c0 [ 402.819051] ? qfq_delete_class+0x2d0/0x2d0 [ 402.824128] ? nla_parse+0x197/0x280 [ 402.827976] tc_ctl_tclass+0x3e9/0xba0 [ 402.832848] ? run_scheduled_bios+0xb64/0xd40 [ 402.838476] ? qdisc_tree_reduce_backlog+0x560/0x560 [ 402.844291] ? find_held_lock+0x36/0x1d0 [ 402.848927] rtnetlink_rcv_msg+0x34f/0x8f0 [ 402.854053] ? rtnetlink_put_metrics+0x490/0x490 [ 402.859471] ? find_held_lock+0x36/0x1d0 [ 402.864419] netlink_rcv_skb+0x13e/0x3d0 [ 402.868961] ? lock_downgrade+0x860/0x860 [ 402.874213] ? rtnetlink_put_metrics+0x490/0x490 [ 402.880873] ? netlink_ack+0xa50/0xa50 [ 402.885843] ? netlink_deliver_tap+0x182/0xb00 [ 402.891188] rtnetlink_rcv+0x10/0x20 [ 402.896460] netlink_unicast+0x443/0x650 [ 402.901915] ? netlink_attachskb+0x6c0/0x6c0 [ 402.907267] ? _copy_from_iter_full+0x182/0x720 [ 402.913406] ? __check_object_size+0x1ef/0x310 [ 402.919100] netlink_sendmsg+0x765/0xc40 [ 402.924203] ? netlink_unicast+0x650/0x650 [ 402.930548] ? apparmor_socket_sendmsg+0x1b/0x20 [ 402.935612] ? netlink_unicast+0x650/0x650 [ 402.940849] sock_sendmsg+0xb5/0xf0 [ 402.945542] ___sys_sendmsg+0x647/0x950 [ 402.950063] ? find_held_lock+0x36/0x1d0 [ 402.954600] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 402.960376] ? __fget+0x278/0x400 [ 402.964380] ? kasan_check_read+0x11/0x20 [ 402.969208] ? __fget+0x295/0x400 [ 402.973406] ? ksys_dup3+0x2e0/0x2e0 [ 402.978512] ? __f_unlock_pos+0xd/0x10 [ 402.983120] ? __fget_light+0x174/0x1e0 [ 402.987660] ? __fdget+0xe/0x10 [ 402.991551] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 402.998467] __sys_sendmsg+0xd9/0x180 [ 403.002866] ? __ia32_sys_shutdown+0x70/0x70 [ 403.008644] ? __sb_end_write+0xa4/0xd0 [ 403.013355] ? kasan_check_write+0x14/0x20 [ 403.018209] ? fput+0x18/0x120 [ 403.022988] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 403.032444] __x64_sys_sendmsg+0x73/0xb0 [ 403.037168] do_syscall_64+0xd0/0x4e0 [ 403.041784] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 403.047808] RIP: 0033:0x45c4a9 [ 403.051373] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 403.076950] RSP: 002b:00007f3f04263c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 403.087689] RAX: ffffffffffffffda RBX: 00007f3f042646d4 RCX: 000000000045c4a9 [ 403.097274] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000008 [ 403.107037] RBP: 000000000076c060 R08: 0000000000000000 R09: 0000000000000000 [ 403.117785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 403.127981] R13: 00000000000009fa R14: 00000000004cc76b R15: 0000000000000005 [ 403.138896] FAULT_INJECTION: forcing a failure. [ 403.138896] name failslab, interval 1, probability 0, space 0, times 0 [ 403.152316] CPU: 0 PID: 13275 Comm: syz-executor.4 Not tainted 4.19.168-syzkaller #0 [ 403.161173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 403.172096] Call Trace: [ 403.175191] dump_stack+0x123/0x171 [ 403.179092] should_fail.cold.4+0x5/0xa [ 403.183427] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 403.189526] ? lock_downgrade+0x860/0x860 [ 403.194242] __should_failslab+0xba/0xf0 [ 403.198823] should_failslab+0x9/0x20 [ 403.203168] kmem_cache_alloc_trace+0x2d4/0x740 [ 403.208591] ? qfq_change_class+0xa89/0x14c0 [ 403.214131] ? qfq_change_class+0xa89/0x14c0 [ 403.218736] ? __local_bh_enable_ip+0x160/0x260 [ 403.223961] qfq_change_class+0xacf/0x14c0 [ 403.229064] ? qfq_delete_class+0x2d0/0x2d0 [ 403.233799] ? nla_parse+0x197/0x280 [ 403.238713] tc_ctl_tclass+0x3e9/0xba0 [ 403.243936] ? __btrfs_map_block+0x504/0x3e30 [ 403.249879] ? qdisc_tree_reduce_backlog+0x560/0x560 [ 403.256025] ? find_held_lock+0x36/0x1d0 [ 403.260837] rtnetlink_rcv_msg+0x34f/0x8f0 [ 403.266365] ? rtnetlink_put_metrics+0x490/0x490 [ 403.271760] ? find_held_lock+0x36/0x1d0 [ 403.276727] netlink_rcv_skb+0x13e/0x3d0 [ 403.281767] ? lock_downgrade+0x860/0x860 [ 403.286612] ? rtnetlink_put_metrics+0x490/0x490 [ 403.292150] ? netlink_ack+0xa50/0xa50 [ 403.296496] ? netlink_deliver_tap+0x182/0xb00 [ 403.302918] rtnetlink_rcv+0x10/0x20 [ 403.307636] netlink_unicast+0x443/0x650 [ 403.312542] ? netlink_attachskb+0x6c0/0x6c0 [ 403.318444] ? _copy_from_iter_full+0x182/0x720 [ 403.324573] ? __check_object_size+0x1ef/0x310 [ 403.330168] netlink_sendmsg+0x765/0xc40 [ 403.335426] ? netlink_unicast+0x650/0x650 [ 403.341157] ? apparmor_socket_sendmsg+0x1b/0x20 [ 403.346717] ? netlink_unicast+0x650/0x650 [ 403.351812] sock_sendmsg+0xb5/0xf0 [ 403.356858] ___sys_sendmsg+0x647/0x950 [ 403.362385] ? find_held_lock+0x36/0x1d0 [ 403.366988] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 403.373358] ? __fget+0x278/0x400 [ 403.378433] ? kasan_check_read+0x11/0x20 [ 403.383817] ? __fget+0x295/0x400 [ 403.388700] ? ksys_dup3+0x2e0/0x2e0 [ 403.395203] ? __f_unlock_pos+0xd/0x10 [ 403.400764] ? __fget_light+0x174/0x1e0 [ 403.407066] ? __fdget+0xe/0x10 [ 403.411493] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 403.417658] __sys_sendmsg+0xd9/0x180 [ 403.423341] ? __ia32_sys_shutdown+0x70/0x70 [ 403.429098] ? __sb_end_write+0xa4/0xd0 [ 403.433425] ? kasan_check_write+0x14/0x20 [ 403.439136] ? fput+0x18/0x120 [ 403.443244] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 403.450311] __x64_sys_sendmsg+0x73/0xb0 [ 403.455804] do_syscall_64+0xd0/0x4e0 [ 403.462152] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 403.469095] RIP: 0033:0x45c4a9 [ 403.472904] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 403.495215] RSP: 002b:00007fad2e364c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 403.505671] RAX: ffffffffffffffda RBX: 00007fad2e3656d4 RCX: 000000000045c4a9 [ 403.514076] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000008 [ 403.524129] RBP: 000000000076c060 R08: 0000000000000000 R09: 0000000000000000 [ 403.534221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 403.543372] R13: 00000000000009fa R14: 00000000004cc76b R15: 0000000000000005 [ 403.556075] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 404.166548] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 404.174701] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 404.186626] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 404.196173] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 404.206068] device bridge_slave_1 left promiscuous mode [ 404.213663] bridge0: port 2(bridge_slave_1) entered disabled state [ 404.275103] device bridge_slave_0 left promiscuous mode [ 404.281745] bridge0: port 1(bridge_slave_0) entered disabled state [ 404.337961] device veth1_macvtap left promiscuous mode [ 404.344694] device veth0_macvtap left promiscuous mode [ 404.350614] device veth1_vlan left promiscuous mode [ 404.358020] device veth0_vlan left promiscuous mode [ 404.409214] ================================================================== [ 404.418985] BUG: KASAN: use-after-free in qfq_reset_qdisc+0x216/0x290 [ 404.429862] Read of size 8 at addr ffff8881e77f54c8 by task kworker/u4:0/7 [ 404.439009] [ 404.441206] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 4.19.168-syzkaller #0 [ 404.450769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 404.462697] Workqueue: netns cleanup_net [ 404.467529] Call Trace: [ 404.470757] dump_stack+0x123/0x171 [ 404.475020] print_address_description.cold.8+0x9/0x1ff [ 404.481808] kasan_report.cold.9+0x242/0x2fe [ 404.486488] ? qfq_reset_qdisc+0x216/0x290 [ 404.491832] __asan_report_load8_noabort+0x14/0x20 [ 404.500129] qfq_reset_qdisc+0x216/0x290 [ 404.505010] qdisc_destroy+0xfb/0x650 [ 404.509526] ? __lock_is_held+0xb5/0x140 [ 404.516187] dev_shutdown+0x236/0x410 [ 404.520384] rollback_registered_many+0x4b7/0xb50 [ 404.526324] ? kernfs_put+0x2d4/0x540 [ 404.530774] ? netif_set_real_num_tx_queues+0x620/0x620 [ 404.536709] ? kasan_check_write+0x14/0x20 [ 404.541787] ? kernfs_put+0x2e6/0x540 [ 404.546337] ? unregister_netdevice_queue+0xf3/0x240 [ 404.552231] unregister_netdevice_many+0x3e/0x1f0 [ 404.559444] default_device_exit_batch+0x2e4/0x3d0 [ 404.565871] ? unregister_netdevice_many+0x1f0/0x1f0 [ 404.571769] ? rtnl_unlock+0x9/0x10 [ 404.576488] ? default_device_exit+0x1c5/0x260 [ 404.581696] ? do_wait_intr_irq+0x310/0x310 [ 404.586688] ops_exit_list.isra.5+0xd3/0x120 [ 404.591612] cleanup_net+0x368/0x850 [ 404.597713] ? net_drop_ns+0x60/0x60 [ 404.602378] ? __lock_is_held+0xb5/0x140 [ 404.607039] process_one_work+0x830/0x1670 [ 404.611955] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 404.617846] ? lock_acquire+0x173/0x3d0 [ 404.622330] ? kasan_check_write+0x14/0x20 [ 404.627009] ? do_raw_spin_lock+0xd0/0x240 [ 404.632797] worker_thread+0x85/0xb60 [ 404.637556] ? __kthread_parkme+0x37/0x1c0 [ 404.643356] kthread+0x347/0x410 [ 404.647323] ? process_one_work+0x1670/0x1670 [ 404.652943] ? kthread_cancel_delayed_work_sync+0x10/0x10 [ 404.659926] ret_from_fork+0x24/0x30 [ 404.664500] [ 404.666465] Allocated by task 13275: [ 404.670952] save_stack+0x43/0xd0 [ 404.675218] kasan_kmalloc+0xc7/0xe0 [ 404.679432] kmem_cache_alloc_trace+0x152/0x740 [ 404.684738] qfq_change_class+0x609/0x14c0 [ 404.689852] tc_ctl_tclass+0x3e9/0xba0 [ 404.695261] rtnetlink_rcv_msg+0x34f/0x8f0 [ 404.700810] netlink_rcv_skb+0x13e/0x3d0 [ 404.706075] rtnetlink_rcv+0x10/0x20 [ 404.711344] netlink_unicast+0x443/0x650 [ 404.716121] netlink_sendmsg+0x765/0xc40 [ 404.721215] sock_sendmsg+0xb5/0xf0 [ 404.726025] ___sys_sendmsg+0x647/0x950 [ 404.730870] __sys_sendmsg+0xd9/0x180 [ 404.735761] __x64_sys_sendmsg+0x73/0xb0 [ 404.740337] do_syscall_64+0xd0/0x4e0 [ 404.744773] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 404.750750] [ 404.752787] Freed by task 13275: [ 404.756738] save_stack+0x43/0xd0 [ 404.760668] __kasan_slab_free+0x102/0x150 [ 404.766298] kasan_slab_free+0xe/0x10 [ 404.771105] kfree+0xcf/0x220 [ 404.774759] qfq_change_class+0xd3a/0x14c0 [ 404.779575] tc_ctl_tclass+0x3e9/0xba0 [ 404.784087] rtnetlink_rcv_msg+0x34f/0x8f0 [ 404.789225] netlink_rcv_skb+0x13e/0x3d0 [ 404.793330] rtnetlink_rcv+0x10/0x20 [ 404.797424] netlink_unicast+0x443/0x650 [ 404.802181] netlink_sendmsg+0x765/0xc40 [ 404.807715] sock_sendmsg+0xb5/0xf0 [ 404.811808] ___sys_sendmsg+0x647/0x950 [ 404.818082] __sys_sendmsg+0xd9/0x180 [ 404.823990] __x64_sys_sendmsg+0x73/0xb0 [ 404.829425] do_syscall_64+0xd0/0x4e0 [ 404.833987] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 404.840850] [ 404.842649] The buggy address belongs to the object at ffff8881e77f5480 [ 404.842649] which belongs to the cache kmalloc-128 of size 128 [ 404.859654] The buggy address is located 72 bytes inside of [ 404.859654] 128-byte region [ffff8881e77f5480, ffff8881e77f5500) [ 404.873688] The buggy address belongs to the page: [ 404.879652] page:ffffea00079dfd40 count:1 mapcount:0 mapping:ffff8881f6400640 index:0x0 [ 404.890145] flags: 0x17ffe0000000100(slab) [ 404.894933] raw: 017ffe0000000100 ffffea000736b708 ffffea00076f4708 ffff8881f6400640 [ 404.904868] raw: 0000000000000000 ffff8881e77f5000 0000000100000015 0000000000000000 [ 404.915086] page dumped because: kasan: bad access detected [ 404.921939] [ 404.923736] Memory state around the buggy address: [ 404.929782] ffff8881e77f5380: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 404.938879] ffff8881e77f5400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 404.947792] >ffff8881e77f5480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 404.956100] ^ [ 404.962889] ffff8881e77f5500: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 404.972990] ffff8881e77f5580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 404.980955] ================================================================== [ 404.989163] Disabling lock debugging due to kernel taint [ 404.998377] Kernel panic - not syncing: panic_on_warn set ... [ 404.998377] [ 405.006646] CPU: 0 PID: 7 Comm: kworker/u4:0 Tainted: G B 4.19.168-syzkaller #0 [ 405.016726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 405.028102] Workqueue: netns cleanup_net [ 405.032424] Call Trace: [ 405.035749] dump_stack+0x123/0x171 [ 405.040293] panic+0x1cd/0x375 [ 405.044253] ? __warn_printk+0xd6/0xd6 [ 405.049358] ? ___preempt_schedule+0x16/0x18 [ 405.054681] kasan_end_report+0x47/0x4f [ 405.059455] kasan_report.cold.9+0x76/0x2fe [ 405.065032] ? qfq_reset_qdisc+0x216/0x290 [ 405.070116] __asan_report_load8_noabort+0x14/0x20 [ 405.076487] qfq_reset_qdisc+0x216/0x290 [ 405.081671] qdisc_destroy+0xfb/0x650 [ 405.086589] ? __lock_is_held+0xb5/0x140 [ 405.092636] dev_shutdown+0x236/0x410 [ 405.097562] rollback_registered_many+0x4b7/0xb50 [ 405.103458] ? kernfs_put+0x2d4/0x540 [ 405.108669] ? netif_set_real_num_tx_queues+0x620/0x620 [ 405.116055] ? kasan_check_write+0x14/0x20 [ 405.120673] ? kernfs_put+0x2e6/0x540 [ 405.125546] ? unregister_netdevice_queue+0xf3/0x240 [ 405.132378] unregister_netdevice_many+0x3e/0x1f0 [ 405.137736] default_device_exit_batch+0x2e4/0x3d0 [ 405.143624] ? unregister_netdevice_many+0x1f0/0x1f0 [ 405.149601] ? rtnl_unlock+0x9/0x10 [ 405.153911] ? default_device_exit+0x1c5/0x260 [ 405.158938] ? do_wait_intr_irq+0x310/0x310 [ 405.164132] ops_exit_list.isra.5+0xd3/0x120 [ 405.169223] cleanup_net+0x368/0x850 [ 405.174338] ? net_drop_ns+0x60/0x60 [ 405.178642] ? __lock_is_held+0xb5/0x140 [ 405.183574] process_one_work+0x830/0x1670 [ 405.188752] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 405.194132] ? lock_acquire+0x173/0x3d0 [ 405.198943] ? kasan_check_write+0x14/0x20 [ 405.203539] ? do_raw_spin_lock+0xd0/0x240 [ 405.208602] worker_thread+0x85/0xb60 [ 405.212835] ? __kthread_parkme+0x37/0x1c0 [ 405.218021] kthread+0x347/0x410 [ 405.221913] ? process_one_work+0x1670/0x1670 [ 405.227207] ? kthread_cancel_delayed_work_sync+0x10/0x10 [ 405.233619] ret_from_fork+0x24/0x30 [ 405.242486] Kernel Offset: disabled [ 405.246654] Rebooting in 86400 seconds..