[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 21.048528] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 24.886129] random: sshd: uninitialized urandom read (32 bytes read) [ 25.369090] random: sshd: uninitialized urandom read (32 bytes read) [ 26.294420] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts. [ 31.720978] random: sshd: uninitialized urandom read (32 bytes read) 2018/06/10 22:53:51 fuzzer started [ 33.146333] random: cc1: uninitialized urandom read (8 bytes read) 2018/06/10 22:53:53 dialing manager at 10.128.0.26:35009 [ 68.559445] can: request_module (can-proto-0) failed. [ 68.569166] can: request_module (can-proto-0) failed. 2018/06/10 22:54:29 kcov=true, comps=true [ 74.219641] random: crng init done 22:54:40 executing program 0: syz_open_procfs(0x0, &(0x7f0000000180)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") 22:54:40 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x100000006, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000081, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffd, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) 22:54:40 executing program 7: perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000f4eff8)='./file0\x00', 0x0) chroot(&(0x7f0000000040)='./file0\x00') mount(&(0x7f000000a000)='./file0\x00', &(0x7f000000aff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f000001c000)) chdir(&(0x7f0000000780)='./file0\x00') symlink(&(0x7f0000000140)='..', &(0x7f00000000c0)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000640)='../file0\x00', 0x0, 0x0) 22:54:40 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = syz_open_procfs(0x0, &(0x7f00000002c0)="2f6578650000000000049b840572137291be10eebf000ee9a90f798058439ed5e901d2da75060002acc7edbcd7a071fb35331ce39c5a000000080000007c54ecf16b46e8f5eb845f06c2b4833f0f84b356f039192806008f7ce66c7288410412f83962fc4ae2805c44331afe5705952580b49acad4596489f4455f2cba58ee6d298147dfab3256c742c1b69f67793dfd6a9b4db888e646223be7fb8b2717202ea956118f193fb8ab5dd2c0fdaf9716ed51bd15d81d43b89e1cecabcba5d2e62f5b3ec8667778db1218b7bc16e0571138971db98e50262419de58d747295da8aebc0f7f7f5680e4d3eeade20a2d3e420b35456180b109549e4ef0e1b55691030039ce36a24837297a9b9f7a674b065f6f33f02b4ff484f04d8bba269191d364ec5ac1383d9ab7460d2a89938fb7600936d99b6a7926fafb27e09600c5030b051d15119f710af1a0") fgetxattr(r1, &(0x7f0000000100)=@known='user.syz\x00', &(0x7f0000000180)=""/2, 0xe38fcc87f242135b) 22:54:40 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000280)="295ee1311f16f477671070") r1 = syz_open_procfs(0x0, &(0x7f0000000080)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") fcntl$setstatus(r1, 0x4, 0x6800) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r2) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x8200) r4 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r4, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r3, r5, &(0x7f0000d83ff8), 0x8000fffffffe) pread64(r1, &(0x7f0000003c00)=""/4096, 0x1000, 0x0) 22:54:40 executing program 3: r0 = socket(0x2, 0x3, 0x9) perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) 22:54:40 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes256\x00'}, 0x58) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x5, 0x400000) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r1, 0x81785501, &(0x7f00000000c0)=""/243) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003c1000), 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192\x00'}, 0x58) 22:54:40 executing program 6: r0 = socket$inet_sctp(0x2, 0x3, 0x84) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000240)="295ee1311f16f477671070") perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg$inet_sctp(r0, &(0x7f0000000240)=[{&(0x7f0000000000)=@in={0x2, 0x0, @loopback=0x7f000001}, 0x10, &(0x7f0000000040), 0x0, &(0x7f0000000140)}], 0x1, 0x8004) sendto$inet(r0, &(0x7f0000000140)="ed470d4ba6adc051ccb930d404cf323a", 0x10, 0x0, &(0x7f0000000200)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000180)={0x0, 0xc000000}, 0x8) [ 81.687360] IPVS: ftp: loaded support on port[0] = 21 [ 81.811917] IPVS: ftp: loaded support on port[0] = 21 [ 81.824374] IPVS: ftp: loaded support on port[0] = 21 [ 81.827306] IPVS: ftp: loaded support on port[0] = 21 [ 81.876988] IPVS: ftp: loaded support on port[0] = 21 [ 81.884590] IPVS: ftp: loaded support on port[0] = 21 [ 81.890284] IPVS: ftp: loaded support on port[0] = 21 [ 81.907523] IPVS: ftp: loaded support on port[0] = 21 [ 83.797449] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.804083] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.829345] device bridge_slave_0 entered promiscuous mode [ 84.012449] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.018947] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.034675] device bridge_slave_1 entered promiscuous mode [ 84.050262] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.056690] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.065579] device bridge_slave_0 entered promiscuous mode [ 84.083758] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.090182] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.120229] device bridge_slave_0 entered promiscuous mode [ 84.132654] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.139113] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.146850] device bridge_slave_0 entered promiscuous mode [ 84.156094] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.162495] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.170330] device bridge_slave_0 entered promiscuous mode [ 84.179322] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.185725] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.195274] device bridge_slave_0 entered promiscuous mode [ 84.204166] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 84.222857] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.229354] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.238667] device bridge_slave_0 entered promiscuous mode [ 84.249044] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.255477] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.267637] device bridge_slave_0 entered promiscuous mode [ 84.277282] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.283837] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.300718] device bridge_slave_1 entered promiscuous mode [ 84.308194] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.314601] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.322369] device bridge_slave_1 entered promiscuous mode [ 84.330980] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.337702] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.347282] device bridge_slave_1 entered promiscuous mode [ 84.355640] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.362125] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.371412] device bridge_slave_1 entered promiscuous mode [ 84.386949] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.393488] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.412990] device bridge_slave_1 entered promiscuous mode [ 84.422145] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 84.429489] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.436109] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.443503] device bridge_slave_1 entered promiscuous mode [ 84.453614] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 84.464350] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 84.472942] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.479406] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.497455] device bridge_slave_1 entered promiscuous mode [ 84.515777] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 84.524295] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 84.532619] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 84.557787] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 84.575131] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 84.601142] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 84.629046] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 84.639066] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 84.648804] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 84.663126] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 84.728688] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 84.770963] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 84.962403] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 84.989514] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 84.999140] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 85.069252] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 85.097441] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 85.109071] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 85.120275] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 85.135724] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 85.145944] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 85.155302] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 85.164819] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 85.223855] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 85.246941] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 85.265318] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 85.273713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.289967] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 85.298431] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 85.305386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.325481] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 85.339871] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 85.347826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.363994] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 85.372181] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 85.379428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.397850] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 85.405119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.432573] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 85.439548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.455149] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 85.462529] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 85.469390] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.501696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.537555] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 85.546429] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 85.553337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.561425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.572225] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 85.579376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.611445] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 85.620543] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 85.641203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.662639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.691460] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 85.698615] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 85.706158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.727630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.765190] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 85.772135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.907714] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 85.922923] team0: Port device team_slave_0 added [ 85.931372] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 85.945247] team0: Port device team_slave_0 added [ 85.971571] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 85.989762] team0: Port device team_slave_0 added [ 86.028117] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 86.043276] team0: Port device team_slave_1 added [ 86.056824] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 86.071102] team0: Port device team_slave_1 added [ 86.079514] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 86.092456] team0: Port device team_slave_0 added [ 86.100272] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 86.112714] team0: Port device team_slave_0 added [ 86.125501] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 86.139518] team0: Port device team_slave_0 added [ 86.147132] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 86.154899] team0: Port device team_slave_1 added [ 86.166656] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 86.180951] team0: Port device team_slave_0 added [ 86.210300] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.226005] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.263081] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 86.274011] team0: Port device team_slave_1 added [ 86.283784] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 86.294658] team0: Port device team_slave_1 added [ 86.301834] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 86.311275] team0: Port device team_slave_1 added [ 86.319145] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 86.328633] team0: Port device team_slave_0 added [ 86.339651] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 86.346689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 86.358499] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.376000] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 86.383609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 86.396200] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.423187] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 86.430349] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 86.437403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 86.455286] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.470473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 86.483774] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.492157] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 86.499813] team0: Port device team_slave_1 added [ 86.507489] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 86.516574] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 86.525680] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 86.534857] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 86.541952] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 86.550076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 86.568678] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.601332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.620094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.628244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 86.635953] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.643671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 86.652413] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.659847] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.667695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.675664] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 86.683592] team0: Port device team_slave_1 added [ 86.688886] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 86.695873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 86.710533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.721224] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 86.730277] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 86.737634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 86.754258] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.774190] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 86.785945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.796631] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 86.804947] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 86.813931] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 86.822849] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 86.833334] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 86.851889] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 86.859193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.876178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.894008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.917609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.930524] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.938563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 86.946499] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.954426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 86.962280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 86.969998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.977539] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.985455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.993558] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 87.002852] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 87.012376] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 87.024461] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 87.050937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 87.066778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 87.081990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 87.096099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 87.104111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 87.113878] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 87.121792] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 87.129423] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 87.139137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 87.150558] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 87.159841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 87.169618] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 87.180218] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 87.193731] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 87.205660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 87.244213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 87.275918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 87.298272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 87.306183] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 87.314254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 87.339555] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 87.355819] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 87.372738] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 87.389368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 87.422344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 87.443997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 87.458431] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 87.466124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 87.474601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 87.496694] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 87.504213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 87.518404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 88.463676] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.470259] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.477378] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.483796] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.501704] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 88.508300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 88.523360] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.529765] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.536393] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.542743] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.553680] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 88.564649] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.571066] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.577744] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.584136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.634709] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 88.646132] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.652537] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.659202] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.665580] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.678927] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 88.699469] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.705916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.712611] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.719070] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.737092] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 88.961899] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.968343] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.975053] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.981454] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.990337] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 89.004217] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.010658] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.017353] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.023756] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.032366] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 89.040853] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.047324] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.054055] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.060463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.068546] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 89.570111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.582784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.603574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.631655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.643354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.650449] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.657905] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 93.765410] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.861298] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.884618] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.903864] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.035125] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.056059] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.092524] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.211365] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.219416] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.323942] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.352641] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.448516] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.492176] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.538999] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.565746] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.697636] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.731752] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 94.738091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.751616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.832326] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 94.857260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.878582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.903607] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 94.918831] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 94.926535] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.949681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.973735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.986344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.002074] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.008682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.021383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.039479] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.070966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.087693] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.124855] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.131211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.141542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.249634] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.256234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.267661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.318162] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.448517] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.459499] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.471558] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.495980] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.512128] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.656116] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.812405] 8021q: adding VLAN 0 to HW filter on device team0 22:54:57 executing program 6: r0 = socket$inet_sctp(0x2, 0x3, 0x84) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000240)="295ee1311f16f477671070") perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg$inet_sctp(r0, &(0x7f0000000240)=[{&(0x7f0000000000)=@in={0x2, 0x0, @loopback=0x7f000001}, 0x10, &(0x7f0000000040), 0x0, &(0x7f0000000140)}], 0x1, 0x8004) sendto$inet(r0, &(0x7f0000000140)="ed470d4ba6adc051ccb930d404cf323a", 0x10, 0x0, &(0x7f0000000200)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000180)={0x0, 0xc000000}, 0x8) 22:54:57 executing program 2: listxattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)=""/30, 0x1e) syz_fuseblk_mount(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = fanotify_init(0x4, 0x0) fanotify_mark(r0, 0x11, 0x20, 0xffffffffffffffff, &(0x7f0000000040)='/\x00') r1 = inotify_init1(0x80000) inotify_add_watch(r1, &(0x7f0000000240)='./file0\x00', 0x20000000) creat(&(0x7f00000004c0)='./file0\x00', 0x0) 22:54:57 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$xfs(&(0x7f0000000040)='xfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x2a, &(0x7f0000000280), 0x0, &(0x7f00000002c0)={'nouuid,', {[{@rtdev={'rtdev', 0x3d, './file0'}, 0x2c}, {@rtdev={'rtdev', 0x3d, './file0'}, 0x2c}]}}) r1 = dup(r0) flistxattr(r1, &(0x7f0000000080)=""/62, 0x34e) syz_open_dev$urandom(&(0x7f0000000100)='/dev/urandom\x00', 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000000)={0x1, 0x3, 0xf675, 0xff}) openat(r1, &(0x7f00000001c0)='./file0\x00', 0xc000, 0x1) 22:54:57 executing program 6: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000000)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000701000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7050000230000006a0a00fe00000000850000000b000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x10, 0xc0, &(0x7f0000000080)="c9ecf37c9d0000000000000000000000", &(0x7f0000000280)=""/192}, 0x28) openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rfkill\x00', 0x200, 0x0) 22:54:57 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000100)="0047fc2f07d82c99240970") fcntl$getownex(r0, 0x10, &(0x7f0000000040)) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000000c0)={'veth1_to_bond\x00', &(0x7f0000000000)=@ethtool_stats={0x1c}}) close(r2) close(r1) [ 98.529862] ================================================================== [ 98.537462] BUG: KASAN: slab-out-of-bounds in skb_ensure_writable+0x554/0x620 [ 98.544752] Read of size 4 at addr ffff8801c481c040 by task syz-executor6/6697 [ 98.552111] [ 98.553757] CPU: 0 PID: 6697 Comm: syz-executor6 Not tainted 4.17.0+ #94 [ 98.560599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 98.569964] Call Trace: [ 98.572577] dump_stack+0x1b9/0x294 [ 98.576229] ? dump_stack_print_info.cold.2+0x52/0x52 [ 98.581434] ? printk+0x9e/0xba [ 98.584733] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 98.589508] ? kasan_check_write+0x14/0x20 [ 98.593804] print_address_description+0x6c/0x20b [ 98.598663] ? skb_ensure_writable+0x554/0x620 [ 98.603261] kasan_report.cold.7+0x242/0x2fe [ 98.607687] __asan_report_load4_noabort+0x14/0x20 [ 98.612631] skb_ensure_writable+0x554/0x620 [ 98.617060] ? skb_cow_data+0xf10/0xf10 [ 98.621052] ? perf_trace_lock+0xd6/0x900 [ 98.625217] ? trace_hardirqs_on+0xd/0x10 22:54:57 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000040)="025cc83d6d345f8f760070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x1}) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r4, 0x50, &(0x7f0000000080)}, 0x10) [ 98.629389] ? zap_class+0x720/0x720 [ 98.633125] bpf_l4_csum_replace+0x91/0x4a0 [ 98.637473] ? lock_downgrade+0x8e0/0x8e0 [ 98.641635] ? rcu_pm_notify+0xc0/0xc0 [ 98.643358] XFS (loop5): unknown mount option [noľ]. [ 98.645585] ? pvclock_read_flags+0x160/0x160 [ 98.645609] ? rcu_read_lock_sched_held+0x108/0x120 [ 98.645626] ? kmem_cache_alloc+0x5fa/0x760 [ 98.645639] ? ktime_get+0x33e/0x430 [ 98.645663] ? lock_acquire+0x1dc/0x520 [ 98.672430] ? bpf_test_run+0x1f3/0x3b0 [ 98.676417] ? kasan_check_read+0x11/0x20 [ 98.680585] ? rcu_is_watching+0x85/0x140 [ 98.684727] ? rcu_report_qs_rnp+0x790/0x790 [ 98.689128] ? __might_sleep+0x95/0x190 [ 98.693099] ? bpf_test_run+0xaf/0x3b0 [ 98.696995] ? bpf_prog_test_run_skb+0x622/0xa20 [ 98.701746] ? bpf_test_finish.isra.7+0x1e0/0x1e0 [ 98.706576] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 98.712101] ? fput+0x130/0x1a0 [ 98.715370] ? __bpf_prog_get+0x9b/0x290 [ 98.719421] ? bpf_test_finish.isra.7+0x1e0/0x1e0 [ 98.724256] ? bpf_prog_test_run+0x130/0x1a0 [ 98.728654] ? __x64_sys_bpf+0x3d8/0x510 [ 98.732701] ? bpf_prog_get+0x20/0x20 [ 98.736493] ? ksys_ioctl+0x81/0xd0 [ 98.740119] ? do_syscall_64+0x92/0x800 [ 98.744084] ? do_syscall_64+0x1b1/0x800 [ 98.748144] ? finish_task_switch+0x1ca/0x840 [ 98.752643] ? syscall_return_slowpath+0x5c0/0x5c0 [ 98.757562] ? syscall_return_slowpath+0x30f/0x5c0 [ 98.762483] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 98.767835] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 98.772680] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.778037] [ 98.779650] Allocated by task 2414: [ 98.783266] save_stack+0x43/0xd0 [ 98.786705] kasan_kmalloc+0xc4/0xe0 [ 98.790417] kasan_slab_alloc+0x12/0x20 [ 98.794390] kmem_cache_alloc+0x12e/0x760 [ 98.798538] skb_clone+0x1ed/0x4f0 [ 98.802066] netlink_broadcast_filtered+0x1024/0x1580 [ 98.807244] netlink_broadcast+0x3a/0x50 [ 98.811290] kobject_uevent_env+0x829/0x1110 [ 98.815682] kobject_synth_uevent+0xa4f/0xc0b [ 98.820164] uevent_store+0x26/0x70 [ 98.823776] dev_attr_store+0x5e/0x90 [ 98.827562] sysfs_kf_write+0x118/0x170 [ 98.831522] kernfs_fop_write+0x2ba/0x480 [ 98.835656] __vfs_write+0x10b/0x9d0 [ 98.839358] vfs_write+0x1f8/0x560 [ 98.842901] ksys_write+0xf9/0x250 [ 98.846435] __x64_sys_write+0x73/0xb0 [ 98.850308] do_syscall_64+0x1b1/0x800 [ 98.854181] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.859349] [ 98.860959] Freed by task 2414: [ 98.864226] save_stack+0x43/0xd0 [ 98.867662] __kasan_slab_free+0x11a/0x170 [ 98.871891] kasan_slab_free+0xe/0x10 [ 98.875684] kmem_cache_free+0x86/0x2d0 [ 98.879648] kfree_skbmem+0x13c/0x210 [ 98.883433] consume_skb+0x193/0x550 [ 98.887132] skb_free_datagram+0x1a/0xf0 [ 98.891193] netlink_recvmsg+0x6fe/0x1450 [ 98.895326] sock_recvmsg+0xd0/0x110 [ 98.899030] ___sys_recvmsg+0x2b6/0x680 [ 98.902993] __sys_recvmsg+0x112/0x260 [ 98.906874] __x64_sys_recvmsg+0x78/0xb0 [ 98.910930] do_syscall_64+0x1b1/0x800 [ 98.914804] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.920899] [ 98.922535] The buggy address belongs to the object at ffff8801c481c080 [ 98.922535] which belongs to the cache skbuff_head_cache of size 232 [ 98.935712] The buggy address is located 64 bytes to the left of [ 98.935712] 232-byte region [ffff8801c481c080, ffff8801c481c168) [ 98.947919] The buggy address belongs to the page: [ 98.952840] page:ffffea0007120700 count:1 mapcount:0 mapping:ffff8801d9a0d080 index:0xffff8801c481cbc0 [ 98.962281] flags: 0x2fffc0000000100(slab) [ 98.966505] raw: 02fffc0000000100 ffffea0006c2a588 ffffea000740f9c8 ffff8801d9a0d080 [ 98.974377] raw: ffff8801c481cbc0 ffff8801c481c080 000000010000000b 0000000000000000 [ 98.982237] page dumped because: kasan: bad access detected [ 98.987929] [ 98.989538] Memory state around the buggy address: [ 98.994467] ffff8801c481bf00: fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 99.001829] ffff8801c481bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 99.009178] >ffff8801c481c000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 99.016520] ^ [ 99.021974] ffff8801c481c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.029322] ffff8801c481c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 99.036661] ================================================================== [ 99.044001] Disabling lock debugging due to kernel taint [ 99.050624] Kernel panic - not syncing: panic_on_warn set ... [ 99.050624] [ 99.058019] CPU: 0 PID: 6697 Comm: syz-executor6 Tainted: G B 4.17.0+ #94 [ 99.066247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 99.075600] Call Trace: [ 99.078200] dump_stack+0x1b9/0x294 [ 99.081844] ? dump_stack_print_info.cold.2+0x52/0x52 [ 99.087054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 99.091825] ? skb_ensure_writable+0x550/0x620 [ 99.096420] panic+0x22f/0x4de [ 99.099651] ? add_taint.cold.5+0x16/0x16 [ 99.103902] ? do_raw_spin_unlock+0x9e/0x2e0 [ 99.108322] ? do_raw_spin_unlock+0x9e/0x2e0 [ 99.112741] ? skb_ensure_writable+0x554/0x620 [ 99.117339] kasan_end_report+0x47/0x4f [ 99.122033] kasan_report.cold.7+0x76/0x2fe [ 99.126376] __asan_report_load4_noabort+0x14/0x20 [ 99.131494] skb_ensure_writable+0x554/0x620 [ 99.135922] ? skb_cow_data+0xf10/0xf10 [ 99.139912] ? perf_trace_lock+0xd6/0x900 [ 99.144068] ? trace_hardirqs_on+0xd/0x10 [ 99.148258] ? zap_class+0x720/0x720 [ 99.151978] bpf_l4_csum_replace+0x91/0x4a0 [ 99.156292] ? lock_downgrade+0x8e0/0x8e0 [ 99.160425] ? rcu_pm_notify+0xc0/0xc0 [ 99.164300] ? pvclock_read_flags+0x160/0x160 [ 99.168781] ? rcu_read_lock_sched_held+0x108/0x120 [ 99.173780] ? kmem_cache_alloc+0x5fa/0x760 [ 99.178083] ? ktime_get+0x33e/0x430 [ 99.181781] ? lock_acquire+0x1dc/0x520 [ 99.185738] ? bpf_test_run+0x1f3/0x3b0 [ 99.189700] ? kasan_check_read+0x11/0x20 [ 99.193855] ? rcu_is_watching+0x85/0x140 [ 99.197990] ? rcu_report_qs_rnp+0x790/0x790 [ 99.202385] ? __might_sleep+0x95/0x190 [ 99.206348] ? bpf_test_run+0xaf/0x3b0 [ 99.210223] ? bpf_prog_test_run_skb+0x622/0xa20 [ 99.214963] ? bpf_test_finish.isra.7+0x1e0/0x1e0 [ 99.219803] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 99.225335] ? fput+0x130/0x1a0 [ 99.228617] ? __bpf_prog_get+0x9b/0x290 [ 99.232663] ? bpf_test_finish.isra.7+0x1e0/0x1e0 [ 99.237505] ? bpf_prog_test_run+0x130/0x1a0 [ 99.241905] ? __x64_sys_bpf+0x3d8/0x510 [ 99.245949] ? bpf_prog_get+0x20/0x20 [ 99.249754] ? ksys_ioctl+0x81/0xd0 [ 99.253367] ? do_syscall_64+0x92/0x800 [ 99.257330] ? do_syscall_64+0x1b1/0x800 [ 99.261374] ? finish_task_switch+0x1ca/0x840 [ 99.265857] ? syscall_return_slowpath+0x5c0/0x5c0 [ 99.270777] ? syscall_return_slowpath+0x30f/0x5c0 [ 99.275706] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 99.281059] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 99.285904] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 99.291763] Dumping ftrace buffer: [ 99.295324] (ftrace buffer empty) [ 99.299015] Kernel Offset: disabled [ 99.302623] Rebooting in 86400 seconds..