[ 50.875855][ T36] audit: type=1400 audit(1639313107.452:151): avc: denied { create } for pid=5433 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 50.952968][ T36] audit: type=1400 audit(1639313107.532:152): avc: denied { create } for pid=5433 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 50.983378][ T36] audit: type=1400 audit(1639313107.562:153): avc: denied { create } for pid=5433 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 51.064365][ T36] audit: type=1400 audit(1639313107.642:154): avc: denied { create } for pid=5433 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 51.254293][ T36] audit: type=1400 audit(1639313107.832:155): avc: denied { create } for pid=5433 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 51.329560][ T36] audit: type=1400 audit(1639313107.902:156): avc: denied { create } for pid=5433 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 51.350603][ T36] audit: type=1400 audit(1639313107.922:157): avc: denied { create } for pid=5433 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 51.372383][ T36] audit: type=1400 audit(1639313107.922:158): avc: denied { create } for pid=5433 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 51.413197][ T36] audit: type=1400 audit(1639313107.992:159): avc: denied { create } for pid=5433 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 51.434481][ T36] audit: type=1400 audit(1639313107.992:160): avc: denied { create } for pid=5433 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. [ 70.633531][ T36] kauditd_printk_skb: 29 callbacks suppressed [ 70.633540][ T36] audit: type=1400 audit(1639313127.212:190): avc: denied { mounton } for pid=5890 comm="syz-executor965" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 70.634621][ T5890] cgroup: Unknown subsys name 'net' [ 70.673275][ T5890] cgroup: Unknown subsys name 'rlimit' [ 70.690995][ T36] audit: type=1400 audit(1639313127.262:191): avc: denied { mounton } for pid=5896 comm="syz-executor965" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 70.710267][ T5899] IPVS: ftp: loaded support on port[0] = 21 [ 70.720721][ T5901] IPVS: ftp: loaded support on port[0] = 21 [ 70.731452][ T5902] IPVS: ftp: loaded support on port[0] = 21 [ 70.731834][ T5896] IPVS: ftp: loaded support on port[0] = 21 [ 70.749055][ T5900] IPVS: ftp: loaded support on port[0] = 21 [ 70.756619][ T5898] IPVS: ftp: loaded support on port[0] = 21 [ 70.821586][ T36] audit: type=1400 audit(1639313127.392:192): avc: denied { mounton } for pid=5899 comm="syz-executor965" path="/dev/binderfs" dev="devtmpfs" ino=2313 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 70.885972][ T36] audit: type=1400 audit(1639313127.462:193): avc: denied { setopt } for pid=5903 comm="syz-executor965" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 70.933256][ T36] audit: type=1400 audit(1639313127.502:194): avc: denied { ioctl } for pid=5903 comm="syz-executor965" path="socket:[28025]" dev="sockfs" ino=28025 ioctlcmd=0x9429 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 71.145155][ T5] cfg80211: failed to load regulatory.db [ 100.331300][T19913] ================================================================== [ 100.339659][T19913] BUG: KASAN: double-free or invalid-free in packet_set_ring+0xd9a/0x19d0 [ 100.348145][T19913] [ 100.350460][T19913] CPU: 0 PID: 19913 Comm: syz-executor965 Not tainted 5.11.0-syzkaller #0 [ 100.359196][T19913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 100.369262][T19913] Call Trace: [ 100.372544][T19913] dump_stack+0x9a/0xcc [ 100.376689][T19913] print_address_description.constprop.0.cold+0x5b/0x2c6 [ 100.383869][T19913] ? packet_set_ring+0xd9a/0x19d0 [ 100.388900][T19913] ? packet_set_ring+0xd9a/0x19d0 [ 100.393902][T19913] kasan_report_invalid_free+0x51/0x80 [ 100.399342][T19913] ? packet_set_ring+0xd9a/0x19d0 [ 100.404620][T19913] ____kasan_slab_free+0xcc/0xe0 [ 100.409542][T19913] kfree+0xed/0x270 [ 100.413326][T19913] ? packet_rcv+0x1220/0x1220 [ 100.417985][T19913] packet_set_ring+0xd9a/0x19d0 [ 100.422814][T19913] ? packet_create+0x950/0x950 [ 100.427727][T19913] ? lock_downgrade+0x6d0/0x6d0 [ 100.432590][T19913] packet_setsockopt+0x16c8/0x3640 [ 100.437816][T19913] ? find_held_lock+0x2d/0x110 [ 100.442667][T19913] ? packet_bind+0x180/0x180 [ 100.448479][T19913] ? selinux_add_mnt_opt+0x2b0/0x2b0 [ 100.453759][T19913] ? selinux_netlbl_sock_rcv_skb+0x380/0x380 [ 100.459916][T19913] ? __fget_files+0x1ab/0x2b0 [ 100.464585][T19913] __sys_setsockopt+0x1fd/0x4e0 [ 100.469433][T19913] ? __ia32_sys_recv+0xf0/0xf0 [ 100.474287][T19913] ? lock_downgrade+0x6d0/0x6d0 [ 100.479126][T19913] __x64_sys_setsockopt+0xb5/0x150 [ 100.484579][T19913] ? syscall_enter_from_user_mode+0x27/0x70 [ 100.490451][T19913] do_syscall_64+0x2d/0x70 [ 100.494950][T19913] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 100.500822][T19913] RIP: 0033:0x7f47707199b9 [ 100.505212][T19913] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 100.525155][T19913] RSP: 002b:00007f47706a9318 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 100.533550][T19913] RAX: ffffffffffffffda RBX: 00007f47707a34b8 RCX: 00007f47707199b9 [ 100.541509][T19913] RDX: 0000000000000005 RSI: 0000000000000107 RDI: 0000000000000003 [ 100.549458][T19913] RBP: 00007f47707a34b0 R08: 000000000000001c R09: 0000000000000000 [ 100.557406][T19913] R10: 00000000200000c0 R11: 0000000000000246 R12: 00007f4770770294 [ 100.565360][T19913] R13: 00007ffe0be36b1f R14: 00007f47706a9400 R15: 0000000000022000 [ 100.573313][T19913] [ 100.575622][T19913] Allocated by task 19906: [ 100.580023][T19913] kasan_save_stack+0x1b/0x40 [ 100.584683][T19913] ____kasan_kmalloc.constprop.0+0x7f/0xa0 [ 100.590547][T19913] __kmalloc+0x20c/0x440 [ 100.594761][T19913] packet_set_ring+0xa86/0x19d0 [ 100.599696][T19913] packet_setsockopt+0x16c8/0x3640 [ 100.604865][T19913] __sys_setsockopt+0x1fd/0x4e0 [ 100.609691][T19913] __x64_sys_setsockopt+0xb5/0x150 [ 100.614779][T19913] do_syscall_64+0x2d/0x70 [ 100.619251][T19913] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 100.625112][T19913] [ 100.627417][T19913] Freed by task 19913: [ 100.631451][T19913] kasan_save_stack+0x1b/0x40 [ 100.636112][T19913] kasan_set_track+0x1c/0x30 [ 100.640846][T19913] kasan_set_free_info+0x20/0x30 [ 100.645749][T19913] ____kasan_slab_free+0xb0/0xe0 [ 100.650655][T19913] kfree+0xed/0x270 [ 100.654434][T19913] packet_set_ring+0x620/0x19d0 [ 100.659258][T19913] packet_setsockopt+0x16c8/0x3640 [ 100.664339][T19913] __sys_setsockopt+0x1fd/0x4e0 [ 100.669167][T19913] __x64_sys_setsockopt+0xb5/0x150 [ 100.674246][T19913] do_syscall_64+0x2d/0x70 [ 100.678640][T19913] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 100.684506][T19913] [ 100.686810][T19913] The buggy address belongs to the object at ffff888016922f00 [ 100.686810][T19913] which belongs to the cache kmalloc-64 of size 64 [ 100.700767][T19913] The buggy address is located 0 bytes inside of [ 100.700767][T19913] 64-byte region [ffff888016922f00, ffff888016922f40) [ 100.713748][T19913] The buggy address belongs to the page: [ 100.719351][T19913] page:00000000e69c5d50 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16922 [ 100.729470][T19913] flags: 0xfff00000000200(slab) [ 100.734296][T19913] raw: 00fff00000000200 ffffea0000aced08 ffffea0000684988 ffff88800f440200 [ 100.742863][T19913] raw: 0000000000000000 ffff888016922000 0000000100000020 0000000000000000 [ 100.751423][T19913] page dumped because: kasan: bad access detected [ 100.757808][T19913] page_owner tracks the page as allocated [ 100.763501][T19913] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x342040(__GFP_IO|__GFP_NOWARN|__GFP_COMP|__GFP_HARDWALL|__GFP_THISNODE), pid 5899, ts 75416457169 [ 100.779972][T19913] post_alloc_hook+0x144/0x1c0 [ 100.784718][T19913] get_page_from_freelist+0x1c6e/0x3f80 [ 100.790335][T19913] __alloc_pages_nodemask+0x2d6/0x730 [ 100.795696][T19913] cache_grow_begin+0x71/0x430 [ 100.800481][T19913] cache_alloc_refill+0x27f/0x380 [ 100.805759][T19913] __kmalloc+0x35c/0x440 [ 100.810074][T19913] tomoyo_encode2.part.0+0x92/0x310 [ 100.815257][T19913] tomoyo_realpath_from_path+0x140/0x6a0 [ 100.820865][T19913] tomoyo_path_perm+0x1fb/0x350 [ 100.825692][T19913] tomoyo_path_unlink+0x7f/0xd0 [ 100.830516][T19913] security_path_unlink+0xb3/0x110 [ 100.835686][T19913] do_unlinkat+0x2ac/0x520 [ 100.840165][T19913] do_syscall_64+0x2d/0x70 [ 100.844641][T19913] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 100.850510][T19913] page last free stack trace: [ 100.855158][T19913] free_pcp_prepare+0x2cb/0x410 [ 100.859979][T19913] free_unref_page+0x12/0x1b0 [ 100.864649][T19913] __vunmap+0x59e/0x940 [ 100.868978][T19913] free_work+0x4b/0x70 [ 100.873027][T19913] process_one_work+0x84c/0x13b0 [ 100.877958][T19913] worker_thread+0x598/0xf80 [ 100.882524][T19913] kthread+0x36f/0x450 [ 100.886571][T19913] ret_from_fork+0x1f/0x30 [ 100.890960][T19913] [ 100.893257][T19913] Memory state around the buggy address: [ 100.898858][T19913] ffff888016922e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 100.906911][T19913] ffff888016922e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 100.914958][T19913] >ffff888016922f00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 100.923013][T19913] ^ [ 100.927153][T19913] ffff888016922f80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 100.935275][T19913] ffff888016923000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 100.943309][T19913] ================================================================== [ 100.951342][T19913] Disabling lock debugging due to kernel taint [ 100.957578][T19913] Kernel panic - not syncing: panic_on_warn set ... [ 100.964144][T19913] CPU: 0 PID: 19913 Comm: syz-executor965 Tainted: G B 5.11.0-syzkaller #0 [ 100.974014][T19913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 100.984055][T19913] Call Trace: [ 100.987838][T19913] dump_stack+0x9a/0xcc [ 100.992156][T19913] ? packet_set_ring+0xd10/0x19d0 [ 100.997171][T19913] panic+0x256/0x4eb [ 101.001041][T19913] ? __warn_printk+0xee/0xee [ 101.005681][T19913] ? packet_set_ring+0xd9a/0x19d0 [ 101.010766][T19913] ? packet_set_ring+0xd9a/0x19d0 [ 101.015845][T19913] end_report+0x58/0x5e [ 101.019986][T19913] kasan_report_invalid_free+0x6d/0x80 [ 101.025627][T19913] ? packet_set_ring+0xd9a/0x19d0 [ 101.030622][T19913] ____kasan_slab_free+0xcc/0xe0 [ 101.035525][T19913] kfree+0xed/0x270 [ 101.039324][T19913] ? packet_rcv+0x1220/0x1220 [ 101.043968][T19913] packet_set_ring+0xd9a/0x19d0 [ 101.048784][T19913] ? packet_create+0x950/0x950 [ 101.053526][T19913] ? lock_downgrade+0x6d0/0x6d0 [ 101.058354][T19913] packet_setsockopt+0x16c8/0x3640 [ 101.063568][T19913] ? find_held_lock+0x2d/0x110 [ 101.068321][T19913] ? packet_bind+0x180/0x180 [ 101.072943][T19913] ? selinux_add_mnt_opt+0x2b0/0x2b0 [ 101.078213][T19913] ? selinux_netlbl_sock_rcv_skb+0x380/0x380 [ 101.084165][T19913] ? __fget_files+0x1ab/0x2b0 [ 101.088815][T19913] __sys_setsockopt+0x1fd/0x4e0 [ 101.093635][T19913] ? __ia32_sys_recv+0xf0/0xf0 [ 101.098369][T19913] ? lock_downgrade+0x6d0/0x6d0 [ 101.103224][T19913] __x64_sys_setsockopt+0xb5/0x150 [ 101.108391][T19913] ? syscall_enter_from_user_mode+0x27/0x70 [ 101.114262][T19913] do_syscall_64+0x2d/0x70 [ 101.118734][T19913] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 101.124615][T19913] RIP: 0033:0x7f47707199b9 [ 101.129007][T19913] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 101.148677][T19913] RSP: 002b:00007f47706a9318 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 101.157068][T19913] RAX: ffffffffffffffda RBX: 00007f47707a34b8 RCX: 00007f47707199b9 [ 101.165108][T19913] RDX: 0000000000000005 RSI: 0000000000000107 RDI: 0000000000000003 [ 101.173224][T19913] RBP: 00007f47707a34b0 R08: 000000000000001c R09: 0000000000000000 [ 101.181251][T19913] R10: 00000000200000c0 R11: 0000000000000246 R12: 00007f4770770294 [ 101.189374][T19913] R13: 00007ffe0be36b1f R14: 00007f47706a9400 R15: 0000000000022000 [ 101.197908][T19913] Kernel Offset: disabled [ 101.202385][T19913] Rebooting in 86400 seconds..