------------[ cut here ]------------
sk->sk_forward_alloc
WARNING: net/ipv4/af_inet.c:162 at inet_sock_destruct+0x653/0x800 net/ipv4/af_inet.c:162, CPU#3: udevd/5146
Modules linked in:
CPU: 3 UID: 0 PID: 5146 Comm: udevd Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:inet_sock_destruct+0x653/0x800 net/ipv4/af_inet.c:162
Code: 59 4c ff e9 06 fd ff ff e8 aa f3 ee f7 90 0f 0b 90 e9 35 fe ff ff e8 9c f3 ee f7 90 0f 0b 90 e9 c5 fe ff ff e8 8e f3 ee f7 90 <0f> 0b 90 e9 04 ff ff ff e8 80 f3 ee f7 90 0f 0b 90 e9 65 fe ff ff
RSP: 0018:ffffc900006f8d90 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88802fbdbb80 RCX: ffffffff8a1a8b97
RDX: ffff88803035ca80 RSI: ffffffff8a1a8c92 RDI: ffff88803035ca80
RBP: 0000000000000090 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000090 R11: 0000000000000000 R12: ffff88802fbdbb80
R13: ffff88802fbdbc10 R14: ffffffff81eebfad R15: 0000000000000000
FS: 00007f5748b80880(0000) GS:ffff8880d63e0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f16c03ea540 CR3: 000000002b5c9000 CR4: 0000000000352ef0
Call Trace:
__sk_destruct+0x85/0xab0 net/core/sock.c:2357
rcu_do_batch kernel/rcu/tree.c:2645 [inline]
rcu_core+0x5a2/0x10d0 kernel/rcu/tree.c:2897
handle_softirqs+0x1ea/0x9b0 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x162/0x210 kernel/softirq.c:735
irq_exit_rcu+0x9/0x30 kernel/softirq.c:752
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1062 [inline]
sysvec_apic_timer_interrupt+0xa3/0xc0 arch/x86/kernel/apic/apic.c:1062
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:674
RIP: 0010:tomoyo_compare_name_union security/tomoyo/file.c:85 [inline]
RIP: 0010:tomoyo_check_path_acl security/tomoyo/file.c:264 [inline]
RIP: 0010:tomoyo_check_path_acl+0xf1/0x210 security/tomoyo/file.c:256
Code: 0f 85 0e 01 00 00 49 8d 7c 24 28 48 8b 5d 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 e0 00 00 00 <4d> 8b 6c 24 28 4d 85 ed 74 55 e8 00 87 47 fd 4c 89 ee 48 89 df e8
RSP: 0018:ffffc900066efa40 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: ffffc900066efb58 RCX: ffffffff84c1f8c1
RDX: 1ffff11006864795 RSI: ffffffff84c1f8ce RDI: ffff888034323ca8
RBP: ffffc900066efb98 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888034323c80
R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
tomoyo_check_acl+0x143/0x410 security/tomoyo/domain.c:175
tomoyo_path_permission security/tomoyo/file.c:591 [inline]
tomoyo_path_permission+0x1ff/0x3b0 security/tomoyo/file.c:577
tomoyo_path_perm+0x364/0x460 security/tomoyo/file.c:843
security_inode_getattr+0x116/0x280 security/security.c:1895
vfs_getattr fs/stat.c:259 [inline]
vfs_fstat+0x4b/0xe0 fs/stat.c:281
__do_sys_newfstat+0x8b/0x110 fs/stat.c:551
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x115/0x870 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5748511ad7
Code: 73 01 c3 48 8b 0d 21 f3 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 05 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 f1 f2 0d 00 f7 d8 64 89 02 b8
RSP: 002b:00007fff46ec8428 EFLAGS: 00000206 ORIG_RAX: 0000000000000005
RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007f5748511ad7
RDX: 0000000000090800 RSI: 00007fff46ec8430 RDI: 000000000000000d
RBP: 00007fff46ec8430 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000206 R12: 000055dde7e3a170
R13: 00000000000000ff R14: 000055ddb7097be0 R15: 00007fff46ec8750
----------------
Code disassembly (best guess):
0: 0f 85 0e 01 00 00 jne 0x114
6: 49 8d 7c 24 28 lea 0x28(%r12),%rdi
b: 48 8b 5d 18 mov 0x18(%rbp),%rbx
f: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
16: fc ff df
19: 48 89 fa mov %rdi,%rdx
1c: 48 c1 ea 03 shr $0x3,%rdx
20: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
24: 0f 85 e0 00 00 00 jne 0x10a
* 2a: 4d 8b 6c 24 28 mov 0x28(%r12),%r13 <-- trapping instruction
2f: 4d 85 ed test %r13,%r13
32: 74 55 je 0x89
34: e8 00 87 47 fd call 0xfd478739
39: 4c 89 ee mov %r13,%rsi
3c: 48 89 df mov %rbx,%rdi
3f: e8 .byte 0xe8