------------[ cut here ]------------ sk->sk_forward_alloc WARNING: net/ipv4/af_inet.c:162 at inet_sock_destruct+0x653/0x800 net/ipv4/af_inet.c:162, CPU#3: udevd/5146 Modules linked in: CPU: 3 UID: 0 PID: 5146 Comm: udevd Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:inet_sock_destruct+0x653/0x800 net/ipv4/af_inet.c:162 Code: 59 4c ff e9 06 fd ff ff e8 aa f3 ee f7 90 0f 0b 90 e9 35 fe ff ff e8 9c f3 ee f7 90 0f 0b 90 e9 c5 fe ff ff e8 8e f3 ee f7 90 <0f> 0b 90 e9 04 ff ff ff e8 80 f3 ee f7 90 0f 0b 90 e9 65 fe ff ff RSP: 0018:ffffc900006f8d90 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88802fbdbb80 RCX: ffffffff8a1a8b97 RDX: ffff88803035ca80 RSI: ffffffff8a1a8c92 RDI: ffff88803035ca80 RBP: 0000000000000090 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000090 R11: 0000000000000000 R12: ffff88802fbdbb80 R13: ffff88802fbdbc10 R14: ffffffff81eebfad R15: 0000000000000000 FS: 00007f5748b80880(0000) GS:ffff8880d63e0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f16c03ea540 CR3: 000000002b5c9000 CR4: 0000000000352ef0 Call Trace: __sk_destruct+0x85/0xab0 net/core/sock.c:2357 rcu_do_batch kernel/rcu/tree.c:2645 [inline] rcu_core+0x5a2/0x10d0 kernel/rcu/tree.c:2897 handle_softirqs+0x1ea/0x9b0 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x162/0x210 kernel/softirq.c:735 irq_exit_rcu+0x9/0x30 kernel/softirq.c:752 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1062 [inline] sysvec_apic_timer_interrupt+0xa3/0xc0 arch/x86/kernel/apic/apic.c:1062 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:674 RIP: 0010:tomoyo_compare_name_union security/tomoyo/file.c:85 [inline] RIP: 0010:tomoyo_check_path_acl security/tomoyo/file.c:264 [inline] RIP: 0010:tomoyo_check_path_acl+0xf1/0x210 security/tomoyo/file.c:256 Code: 0f 85 0e 01 00 00 49 8d 7c 24 28 48 8b 5d 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 e0 00 00 00 <4d> 8b 6c 24 28 4d 85 ed 74 55 e8 00 87 47 fd 4c 89 ee 48 89 df e8 RSP: 0018:ffffc900066efa40 EFLAGS: 00000246 RAX: dffffc0000000000 RBX: ffffc900066efb58 RCX: ffffffff84c1f8c1 RDX: 1ffff11006864795 RSI: ffffffff84c1f8ce RDI: ffff888034323ca8 RBP: ffffc900066efb98 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: ffff888034323c80 R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000 tomoyo_check_acl+0x143/0x410 security/tomoyo/domain.c:175 tomoyo_path_permission security/tomoyo/file.c:591 [inline] tomoyo_path_permission+0x1ff/0x3b0 security/tomoyo/file.c:577 tomoyo_path_perm+0x364/0x460 security/tomoyo/file.c:843 security_inode_getattr+0x116/0x280 security/security.c:1895 vfs_getattr fs/stat.c:259 [inline] vfs_fstat+0x4b/0xe0 fs/stat.c:281 __do_sys_newfstat+0x8b/0x110 fs/stat.c:551 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x115/0x870 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5748511ad7 Code: 73 01 c3 48 8b 0d 21 f3 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 05 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 f1 f2 0d 00 f7 d8 64 89 02 b8 RSP: 002b:00007fff46ec8428 EFLAGS: 00000206 ORIG_RAX: 0000000000000005 RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007f5748511ad7 RDX: 0000000000090800 RSI: 00007fff46ec8430 RDI: 000000000000000d RBP: 00007fff46ec8430 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000206 R12: 000055dde7e3a170 R13: 00000000000000ff R14: 000055ddb7097be0 R15: 00007fff46ec8750 ---------------- Code disassembly (best guess): 0: 0f 85 0e 01 00 00 jne 0x114 6: 49 8d 7c 24 28 lea 0x28(%r12),%rdi b: 48 8b 5d 18 mov 0x18(%rbp),%rbx f: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 16: fc ff df 19: 48 89 fa mov %rdi,%rdx 1c: 48 c1 ea 03 shr $0x3,%rdx 20: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 24: 0f 85 e0 00 00 00 jne 0x10a * 2a: 4d 8b 6c 24 28 mov 0x28(%r12),%r13 <-- trapping instruction 2f: 4d 85 ed test %r13,%r13 32: 74 55 je 0x89 34: e8 00 87 47 fd call 0xfd478739 39: 4c 89 ee mov %r13,%rsi 3c: 48 89 df mov %rbx,%rdi 3f: e8 .byte 0xe8