syzbot


BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx_his

Status: auto-closed as invalid on 2020/05/10 14:54
Reported-by: syzbot+0080d427af63bf31ca3e@syzkaller.appspotmail.com
First crash: 900d, last: 900d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx_his 1 1105d 1105d 0/1 auto-closed as invalid on 2019/10/25 08:41
upstream BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx_his C 7456 327d 1515d 0/22 closed as dup on 2018/05/09 05:39

Sample crash report:
BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:424/tfrc_rx_hist_sample_rtt()
audit: type=1400 audit(1578754423.260:4335): avc:  denied  { name_connect } for  pid=16593 comm="syz-executor.5" dest=20000 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1
CPU: 0 PID: 16609 Comm: syz-executor.5 Not tainted 4.14.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 tfrc_rx_hist_sample_rtt.cold+0x59/0x6b net/dccp/ccids/lib/packet_history.c:424
 ccid3_hc_rx_packet_recv+0x501/0xda0 net/dccp/ccids/ccid3.c:766
 ccid_hc_rx_packet_recv net/dccp/ccid.h:185 [inline]
 dccp_deliver_input_to_ccids+0xdd/0x250 net/dccp/input.c:180
 dccp_rcv_established net/dccp/input.c:378 [inline]
 dccp_rcv_established+0x6b/0xb0 net/dccp/input.c:368
 dccp_v4_do_rcv+0x122/0x170 net/dccp/ipv4.c:656
 sk_backlog_rcv include/net/sock.h:917 [inline]
 __release_sock+0x12d/0x350 net/core/sock.c:2264
 release_sock+0x59/0x1b0 net/core/sock.c:2779
 dccp_sendmsg+0x57e/0x950 net/dccp/proto.c:813
 inet_sendmsg+0x122/0x500 net/ipv4/af_inet.c:762
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xce/0x110 net/socket.c:656
 ___sys_sendmsg+0x349/0x840 net/socket.c:2062
 __sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
 SYSC_sendmmsg net/socket.c:2183 [inline]
 SyS_sendmmsg+0x35/0x60 net/socket.c:2178
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45af49
RSP: 002b:00007f4657e4cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045af49
RDX: 00000000000003a6 RSI: 0000000020005700 RDI: 0000000000000005
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4657e4d6d4
R13: 00000000004c9b0f R14: 00000000004e2af8 R15: 00000000ffffffff
bond1 (uninitialized): Released all slaves
dccp_close: ABORT with 1061 bytes unread
bond1 (uninitialized): Released all slaves
dccp_close: ABORT with 9446 bytes unread
nbd_handle_cmd: 82 callbacks suppressed
block nbd1: Attempted send on invalid socket
print_req_error: 82 callbacks suppressed
print_req_error: I/O error, dev nbd1, sector 0
f2fs_msg: 82 callbacks suppressed
F2FS-fs (nbd1): Unable to read 1th superblock
block nbd1: Attempted send on invalid socket
print_req_error: I/O error, dev nbd1, sector 8
F2FS-fs (nbd1): Unable to read 2th superblock
block nbd1: Attempted send on invalid socket
print_req_error: I/O error, dev nbd1, sector 0
F2FS-fs (nbd1): Unable to read 1th superblock
block nbd1: Attempted send on invalid socket
print_req_error: I/O error, dev nbd1, sector 8
F2FS-fs (nbd1): Unable to read 2th superblock
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
block nbd1: Attempted send on invalid socket
print_req_error: I/O error, dev nbd1, sector 0
F2FS-fs (nbd1): Unable to read 1th superblock
CPU: 1 PID: 16746 Comm: syz-executor.4 Not tainted 4.14.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
 should_failslab+0xdb/0x130 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3297 [inline]
 kmem_cache_alloc_node+0x287/0x780 mm/slab.c:3640
 __alloc_skb+0x9c/0x500 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:980 [inline]
 alloc_skb_with_frags+0x86/0x4b0 net/core/skbuff.c:5228
 sock_alloc_send_pskb+0x5db/0x740 net/core/sock.c:2078
 sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2095
 __ip_append_data.isra.0+0x1227/0x20f0 net/ipv4/ip_output.c:972
 ip_make_skb+0x17a/0x1d0 net/ipv4/ip_output.c:1489
 udp_sendmsg+0x16a6/0x1da0 net/ipv4/udp.c:1052
 inet_sendmsg+0x122/0x500 net/ipv4/af_inet.c:762
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xce/0x110 net/socket.c:656
 ___sys_sendmsg+0x349/0x840 net/socket.c:2062
 __sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
 SYSC_sendmmsg net/socket.c:2183 [inline]
 SyS_sendmmsg+0x35/0x60 net/socket.c:2178
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
block nbd1: Attempted send on invalid socket
RIP: 0033:0x45af49
RSP: 002b:00007f0af0cf2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f0af0cf2c90 RCX: 000000000045af49
RDX: 04000000000001a8 RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0af0cf36d4
R13: 00000000004c9b0f R14: 00000000004e2af8 R15: 0000000000000007
print_req_error: I/O error, dev nbd1, sector 8
F2FS-fs (nbd1): Unable to read 2th superblock
block nbd1: Attempted send on invalid socket
print_req_error: I/O error, dev nbd1, sector 0
F2FS-fs (nbd1): Unable to read 1th superblock
block nbd1: Attempted send on invalid socket
print_req_error: I/O error, dev nbd1, sector 8
F2FS-fs (nbd1): Unable to read 2th superblock
dccp_close: ABORT with 9446 bytes unread
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 16782 Comm: syz-executor.4 Not tainted 4.14.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
 should_failslab+0xdb/0x130 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3297 [inline]
 kmem_cache_alloc_node_trace+0x280/0x770 mm/slab.c:3659
 __do_kmalloc_node mm/slab.c:3681 [inline]
 __kmalloc_node_track_caller+0x3d/0x80 mm/slab.c:3696
 __kmalloc_reserve.isra.0+0x40/0xe0 net/core/skbuff.c:137
 __alloc_skb+0xcf/0x500 net/core/skbuff.c:205
 alloc_skb include/linux/skbuff.h:980 [inline]
 alloc_skb_with_frags+0x86/0x4b0 net/core/skbuff.c:5228
 sock_alloc_send_pskb+0x5db/0x740 net/core/sock.c:2078
 sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2095
 __ip_append_data.isra.0+0x1227/0x20f0 net/ipv4/ip_output.c:972
 ip_make_skb+0x17a/0x1d0 net/ipv4/ip_output.c:1489
 udp_sendmsg+0x16a6/0x1da0 net/ipv4/udp.c:1052
 inet_sendmsg+0x122/0x500 net/ipv4/af_inet.c:762
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xce/0x110 net/socket.c:656
 ___sys_sendmsg+0x349/0x840 net/socket.c:2062
 __sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
 SYSC_sendmmsg net/socket.c:2183 [inline]
 SyS_sendmmsg+0x35/0x60 net/socket.c:2178
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45af49
RSP: 002b:00007f0af0cf2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f0af0cf2c90 RCX: 000000000045af49
RDX: 04000000000001a8 RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0af0cf36d4
R13: 00000000004c9b0f R14: 00000000004e2af8 R15: 0000000000000007
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 16808 Comm: syz-executor.4 Not tainted 4.14.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
 should_failslab+0xdb/0x130 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3376 [inline]
 kmem_cache_alloc+0x47/0x780 mm/slab.c:3550
 skb_clone+0x129/0x320 net/core/skbuff.c:1282
 ip_mc_output+0x628/0xd40 net/ipv4/ip_output.c:383
 dst_output include/net/dst.h:462 [inline]
 ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
 ip_send_skb+0x3e/0xc0 net/ipv4/ip_output.c:1422
 udp_send_skb+0x53f/0xb90 net/ipv4/udp.c:833
 udp_sendmsg+0x16df/0x1da0 net/ipv4/udp.c:1057
 inet_sendmsg+0x122/0x500 net/ipv4/af_inet.c:762
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xce/0x110 net/socket.c:656
 ___sys_sendmsg+0x349/0x840 net/socket.c:2062
 __sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
 SYSC_sendmmsg net/socket.c:2183 [inline]
 SyS_sendmmsg+0x35/0x60 net/socket.c:2178
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45af49
RSP: 002b:00007f0af0cf2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f0af0cf2c90 RCX: 000000000045af49
RDX: 04000000000001a8 RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0af0cf36d4
R13: 00000000004c9b0f R14: 00000000004e2af8 R15: 0000000000000007
block nbd1: Attempted send on invalid socket
print_req_error: I/O error, dev nbd1, sector 0
F2FS-fs (nbd1): Unable to read 1th superblock
block nbd1: Attempted send on invalid socket
print_req_error: I/O error, dev nbd1, sector 8
F2FS-fs (nbd1): Unable to read 2th superblock
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 16843 Comm: syz-executor.4 Not tainted 4.14.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
 should_failslab+0xdb/0x130 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3376 [inline]
 kmem_cache_alloc+0x47/0x780 mm/slab.c:3550
 skb_clone+0x129/0x320 net/core/skbuff.c:1282
 dev_queue_xmit_nit+0x2da/0x940 net/core/dev.c:1943
 xmit_one net/core/dev.c:3005 [inline]
 dev_hard_start_xmit+0xa7/0x8b0 net/core/dev.c:3025
 sch_direct_xmit+0x27a/0x550 net/sched/sch_generic.c:186
 __dev_xmit_skb net/core/dev.c:3218 [inline]
 __dev_queue_xmit+0x1b6e/0x25e0 net/core/dev.c:3493
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
 dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
 neigh_hh_output include/net/neighbour.h:490 [inline]
 neigh_output include/net/neighbour.h:498 [inline]
 ip_finish_output2+0xde8/0x14a0 net/ipv4/ip_output.c:229
 ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
 NF_HOOK_COND include/linux/netfilter.h:239 [inline]
 ip_mc_output+0x24a/0xd40 net/ipv4/ip_output.c:390
 dst_output include/net/dst.h:462 [inline]
 ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
 ip_send_skb+0x3e/0xc0 net/ipv4/ip_output.c:1422
 udp_send_skb+0x53f/0xb90 net/ipv4/udp.c:833
 udp_sendmsg+0x16df/0x1da0 net/ipv4/udp.c:1057
 inet_sendmsg+0x122/0x500 net/ipv4/af_inet.c:762
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xce/0x110 net/socket.c:656
 ___sys_sendmsg+0x349/0x840 net/socket.c:2062
 __sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
 SYSC_sendmmsg net/socket.c:2183 [inline]
 SyS_sendmmsg+0x35/0x60 net/socket.c:2178
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45af49
RSP: 002b:00007f0af0cf2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f0af0cf2c90 RCX: 000000000045af49
RDX: 04000000000001a8 RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0af0cf36d4
R13: 00000000004c9b0f R14: 00000000004e2af8 R15: 0000000000000007
protocol 88fb is buggy, dev hsr_slave_0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 16881 Comm: syz-executor.4 Not tainted 4.14.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
 should_failslab+0xdb/0x130 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3376 [inline]
 kmem_cache_alloc+0x47/0x780 mm/slab.c:3550
 skb_clone+0x129/0x320 net/core/skbuff.c:1282
 packet_rcv+0x304/0x1330 net/packet/af_packet.c:2118
 packet_rcv_fanout+0x472/0x5d0 net/packet/af_packet.c:1498
 deliver_skb net/core/dev.c:1881 [inline]
 dev_queue_xmit_nit+0x1f8/0x940 net/core/dev.c:1937
 xmit_one net/core/dev.c:3005 [inline]
 dev_hard_start_xmit+0xa7/0x8b0 net/core/dev.c:3025
 sch_direct_xmit+0x27a/0x550 net/sched/sch_generic.c:186
 __dev_xmit_skb net/core/dev.c:3218 [inline]
 __dev_queue_xmit+0x1b6e/0x25e0 net/core/dev.c:3493
 dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
 neigh_hh_output include/net/neighbour.h:490 [inline]
 neigh_output include/net/neighbour.h:498 [inline]
 ip_finish_output2+0xde8/0x14a0 net/ipv4/ip_output.c:229
 ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
 NF_HOOK_COND include/linux/netfilter.h:239 [inline]
 ip_mc_output+0x24a/0xd40 net/ipv4/ip_output.c:390
 dst_output include/net/dst.h:462 [inline]
 ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
 ip_send_skb+0x3e/0xc0 net/ipv4/ip_output.c:1422
 udp_send_skb+0x53f/0xb90 net/ipv4/udp.c:833
 udp_sendmsg+0x16df/0x1da0 net/ipv4/udp.c:1057
 inet_sendmsg+0x122/0x500 net/ipv4/af_inet.c:762
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xce/0x110 net/socket.c:656
 ___sys_sendmsg+0x349/0x840 net/socket.c:2062
 __sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
 SYSC_sendmmsg net/socket.c:2183 [inline]
 SyS_sendmmsg+0x35/0x60 net/socket.c:2178
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45af49
RSP: 002b:00007f0af0cf2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f0af0cf2c90 RCX: 000000000045af49
RDX: 04000000000001a8 RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0af0cf36d4
R13: 00000000004c9b0f R14: 00000000004e2af8 R15: 0000000000000007
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 16917 Comm: syz-executor.4 Not tainted 4.14.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
 should_failslab+0xdb/0x130 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3297 [inline]
 kmem_cache_alloc_node_trace+0x280/0x770 mm/slab.c:3659
 __do_kmalloc_node mm/slab.c:3681 [inline]
 __kmalloc_node_track_caller+0x3d/0x80 mm/slab.c:3696
 __kmalloc_reserve.isra.0+0x40/0xe0 net/core/skbuff.c:137
 __alloc_skb+0xcf/0x500 net/core/skbuff.c:205
 alloc_skb include/linux/skbuff.h:980 [inline]
 alloc_skb_with_frags+0x86/0x4b0 net/core/skbuff.c:5228
 sock_alloc_send_pskb+0x5db/0x740 net/core/sock.c:2078
 sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2095
 __ip_append_data.isra.0+0x1227/0x20f0 net/ipv4/ip_output.c:972
 ip_make_skb+0x17a/0x1d0 net/ipv4/ip_output.c:1489
 udp_sendmsg+0x16a6/0x1da0 net/ipv4/udp.c:1052
 inet_sendmsg+0x122/0x500 net/ipv4/af_inet.c:762
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xce/0x110 net/socket.c:656
 ___sys_sendmsg+0x349/0x840 net/socket.c:2062
 __sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
 SYSC_sendmmsg net/socket.c:2183 [inline]
 SyS_sendmmsg+0x35/0x60 net/socket.c:2178
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45af49
RSP: 002b:00007f0af0cf2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f0af0cf2c90 RCX: 000000000045af49
RDX: 04000000000001a8 RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0af0cf36d4
R13: 00000000004c9b0f R14: 00000000004e2af8 R15: 0000000000000007
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
overlayfs: missing 'workdir'
CPU: 1 PID: 16939 Comm: syz-executor.4 Not tainted 4.14.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
 should_failslab+0xdb/0x130 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3376 [inline]
 kmem_cache_alloc+0x47/0x780 mm/slab.c:3550
 skb_clone+0x129/0x320 net/core/skbuff.c:1282
batman_adv: Cannot find parent device
 ip_mc_output+0x628/0xd40 net/ipv4/ip_output.c:383
 dst_output include/net/dst.h:462 [inline]
 ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
 ip_send_skb+0x3e/0xc0 net/ipv4/ip_output.c:1422
 udp_send_skb+0x53f/0xb90 net/ipv4/udp.c:833
 udp_sendmsg+0x16df/0x1da0 net/ipv4/udp.c:1057
 inet_sendmsg+0x122/0x500 net/ipv4/af_inet.c:762
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xce/0x110 net/socket.c:656
 ___sys_sendmsg+0x349/0x840 net/socket.c:2062
 __sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
 SYSC_sendmmsg net/socket.c:2183 [inline]
 SyS_sendmmsg+0x35/0x60 net/socket.c:2178
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45af49
RSP: 002b:00007f0af0cf2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f0af0cf2c90 RCX: 000000000045af49
RDX: 04000000000001a8 RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0af0cf36d4
R13: 00000000004c9b0f R14: 00000000004e2af8 R15: 0000000000000007
batman_adv: Cannot find parent device
nbd_handle_cmd: 58 callbacks suppressed
block nbd0: Attempted send on invalid socket
print_req_error: 58 callbacks suppressed
print_req_error: I/O error, dev nbd0, sector 0
f2fs_msg: 58 callbacks suppressed
F2FS-fs (nbd0): Unable to read 1th superblock
block nbd0: Attempted send on invalid socket
print_req_error: I/O error, dev nbd0, sector 8
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
F2FS-fs (nbd0): Unable to read 2th superblock
CPU: 0 PID: 16987 Comm: syz-executor.4 Not tainted 4.14.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
block nbd0: Attempted send on invalid socket
 should_failslab+0xdb/0x130 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3376 [inline]
 kmem_cache_alloc+0x47/0x780 mm/slab.c:3550
 skb_clone+0x129/0x320 net/core/skbuff.c:1282
 dev_queue_xmit_nit+0x2da/0x940 net/core/dev.c:1943
print_req_error: I/O error, dev nbd0, sector 0
 xmit_one net/core/dev.c:3005 [inline]
 dev_hard_start_xmit+0xa7/0x8b0 net/core/dev.c:3025
F2FS-fs (nbd0): Unable to read 1th superblock
 sch_direct_xmit+0x27a/0x550 net/sched/sch_generic.c:186
 __dev_xmit_skb net/core/dev.c:3218 [inline]
 __dev_queue_xmit+0x1b6e/0x25e0 net/core/dev.c:3493
block nbd0: Attempted send on invalid socket
 dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
 neigh_hh_output include/net/neighbour.h:490 [inline]
 neigh_output include/net/neighbour.h:498 [inline]
 ip_finish_output2+0xde8/0x14a0 net/ipv4/ip_output.c:229
print_req_error: I/O error, dev nbd0, sector 8
 ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
 NF_HOOK_COND include/linux/netfilter.h:239 [inline]
 ip_mc_output+0x24a/0xd40 net/ipv4/ip_output.c:390
F2FS-fs (nbd0): Unable to read 2th superblock
 dst_output include/net/dst.h:462 [inline]
 ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
 ip_send_skb+0x3e/0xc0 net/ipv4/ip_output.c:1422
 udp_send_skb+0x53f/0xb90 net/ipv4/udp.c:833
 udp_sendmsg+0x16df/0x1da0 net/ipv4/udp.c:1057
 inet_sendmsg+0x122/0x500 net/ipv4/af_inet.c:762
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xce/0x110 net/socket.c:656
 ___sys_sendmsg+0x349/0x840 net/socket.c:2062
 __sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
 SYSC_sendmmsg net/socket.c:2183 [inline]
 SyS_sendmmsg+0x35/0x60 net/socket.c:2178
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45af49
RSP: 002b:00007f0af0cf2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f0af0cf2c90 RCX: 000000000045af49
RDX: 04000000000001a8 RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0af0cf36d4
R13: 00000000004c9b0f R14: 00000000004e2af8 R15: 0000000000000007
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'.
block nbd1: Attempted send on invalid socket
print_req_error: I/O error, dev nbd1, sector 0
F2FS-fs (nbd1): Unable to read 1th superblock
block nbd1: Attempted send on invalid socket
print_req_error: I/O error, dev nbd1, sector 8
F2FS-fs (nbd1): Unable to read 2th superblock
block nbd1: Attempted send on invalid socket
print_req_error: I/O error, dev nbd1, sector 0
F2FS-fs (nbd1): Unable to read 1th superblock
block nbd1: Attempted send on invalid socket
print_req_error: I/O error, dev nbd1, sector 8
F2FS-fs (nbd1): Unable to read 2th superblock
block nbd1: Attempted send on invalid socket
print_req_error: I/O error, dev nbd1, sector 0
F2FS-fs (nbd1): Unable to read 1th superblock
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'.
block nbd1: Attempted send on invalid socket
print_req_error: I/O error, dev nbd1, sector 8
F2FS-fs (nbd1): Unable to read 2th superblock
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 17024 Comm: syz-executor.4 Not tainted 4.14.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
 should_failslab+0xdb/0x130 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3297 [inline]
 kmem_cache_alloc_node+0x287/0x780 mm/slab.c:3640
 __alloc_skb+0x9c/0x500 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:980 [inline]
 alloc_skb_with_frags+0x86/0x4b0 net/core/skbuff.c:5228
 sock_alloc_send_pskb+0x5db/0x740 net/core/sock.c:2078
 sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2095
 __ip_append_data.isra.0+0x1227/0x20f0 net/ipv4/ip_output.c:972
 ip_make_skb+0x17a/0x1d0 net/ipv4/ip_output.c:1489
 udp_sendmsg+0x16a6/0x1da0 net/ipv4/udp.c:1052
 inet_sendmsg+0x122/0x500 net/ipv4/af_inet.c:762
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xce/0x110 net/socket.c:656
 ___sys_sendmsg+0x349/0x840 net/socket.c:2062
 __sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
 SYSC_sendmmsg net/socket.c:2183 [inline]
 SyS_sendmmsg+0x35/0x60 net/socket.c:2178
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45af49
RSP: 002b:00007f0af0cf2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f0af0cf2c90 RCX: 000000000045af49
RDX: 04000000000001a8 RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0af0cf36d4
R13: 00000000004c9b0f R14: 00000000004e2af8 R15: 0000000000000007
net_ratelimit: 23 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_1
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
audit: type=1400 audit(1578754431.900:4336): avc:  denied  { map } for  pid=17054 comm="syz-executor.5" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=85679 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=1
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
audit: type=1800 audit(1578754432.170:4337): pid=17080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=17235 res=0
audit: type=1804 audit(1578754432.200:4338): pid=17080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir833292619/syzkaller.kVdqKd/227/file0" dev="sda1" ino=17235 res=1
hugetlbfs: syz-executor.2 (17128): Using mlock ulimits for SHM_HUGETLB is deprecated

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-14 2020/01/11 14:53 linux-4.14.y b0cdffaa546e 4c04afaa .config log report