[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 27.142666] random: sshd: uninitialized urandom read (32 bytes read) [ 27.245028] random: sshd: uninitialized urandom read (32 bytes read) [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 27.543709] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.222' (ECDSA) to the list of known hosts. syzkaller login: [ 33.629545] urandom_read: 1 callbacks suppressed [ 33.629549] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/15 21:16:51 fuzzer started [ 33.815299] kauditd_printk_skb: 10 callbacks suppressed [ 33.815307] audit: type=1400 audit(1568582211.253:36): avc: denied { map } for pid=6753 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16480 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 34.189957] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/15 21:16:52 dialing manager at 10.128.0.105:34685 2019/09/15 21:16:52 syscalls: 2466 2019/09/15 21:16:52 code coverage: enabled 2019/09/15 21:16:52 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/15 21:16:52 extra coverage: extra coverage is not supported by the kernel 2019/09/15 21:16:52 setuid sandbox: enabled 2019/09/15 21:16:52 namespace sandbox: enabled 2019/09/15 21:16:52 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/15 21:16:52 fault injection: enabled 2019/09/15 21:16:52 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/15 21:16:52 net packet injection: enabled 2019/09/15 21:16:52 net device setup: enabled [ 35.483562] random: crng init done [ 44.003390] audit: type=1400 audit(1568582221.443:37): avc: denied { map } for pid=6772 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 21:18:35 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x0, 0x5) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)="53000000c659ca807737f400000000800000170800000000000020200000000000000000bfbbb18016410f67f8ed2fbda6599591076756fcb9ff7daf0bdd7cfa3d4ade61ccb14424af8c63ab6fd1845b0c90c78bf8059655", 0x58}], 0x1) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000340)='clear_refs\x00g\xff\xca\x02\x8a\xf0\xe1ZM\xfa@\x1bS0\x11\xbe\xdc\xdc\xdd\xc1\x17~\x18\xd6\xa5\x88Cd**\xde\xae\xaf\xcf\t\xec0\x04\xe7\xf3\"\b9\xb5\x96VR+\xbb\xa0a\xbb\xc8') r2 = syz_open_procfs(0x0, &(0x7f0000000200)='loginuid\x009\xda\xd3\xc4D\xdeJ5\xf0\xfd\"=\xb6\xaa\x1e/\xddc\xc9\xf3_8\x9eFi\xe0\xafe\"\xc2%\xbb\xb6E\xae\x9e\x0fF\xc8|\xd4M\xb4\x91\x9c\x1a4\xab\x1d\x00\xbbAW\xf7\x9b#\x91.\x9b\x96Vn\xbf#a\x8d\xfd\xd31\xfc\xac\xfe\xcc\xdb\x93\x89t\xf4\x8dB\fI\xe5\xb3\x7f\x94\xbd\xb6Q\xb9\xc1\x02e\x904\xf4\x19/') sendfile(r1, r2, 0x0, 0x1) 21:18:35 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xfffffffffffffdc6, 0x20000004, &(0x7f0000000280)={0xa, 0x4e22}, 0x1c) recvfrom$inet6(r1, &(0x7f0000001840)=""/31, 0xfffffe0e, 0x100, &(0x7f0000001880), 0x1c) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff00c}, {0x80000006}]}, 0x10) socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) connect$inet6(0xffffffffffffffff, 0x0, 0x0) accept4(0xffffffffffffffff, &(0x7f0000000040)=@xdp, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet6(r3, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) 21:18:35 executing program 3: mkdir(&(0x7f0000000100)='./control\x00', 0x0) r0 = open(&(0x7f0000028000)='./control\x00', 0x0, 0x0) symlinkat(&(0x7f0000000300)='./control\x00', r0, &(0x7f0000000340)='./file0\x00') 21:18:35 executing program 0: r0 = syz_open_pts(0xffffffffffffffff, 0x0) fcntl$setown(r0, 0x6, 0x0) 21:18:35 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000440)='/proc/self//exe\x00', 0x3, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000000c0)={0x0, 0x0, 0x30b, 0x0, [], [{}, {0xffffffff}]}) 21:18:35 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ptmx\x00', 0x1000882, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(r0, &(0x7f0000000780)="a2c125818f20535ab26ac576452f9d2313f547b1cfa1ea631c212fe1dfa370146bce8b3d571c3e19a2ae06c701a3307f5b7a4a188bbb3d12879251d21913ea989cf3e7b31eae5355703fb34a949fe7e99dbfc102b6c2819ef51629314092ab4c15ac8d9b208a28c99fec0769f5576dc3c661d5a98ae85cbd4f60a0a730193a02a7718517471f54d61abfe885bdfe5a442aa22f6b67acf7ebd16e6f5335155d1fd41900ec", 0xffffffdf) [ 137.721054] audit: type=1400 audit(1568582315.163:38): avc: denied { map } for pid=6774 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=3704 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 138.140794] IPVS: ftp: loaded support on port[0] = 21 [ 138.935055] chnl_net:caif_netlink_parms(): no params data found [ 138.961219] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.967801] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.974649] device bridge_slave_0 entered promiscuous mode [ 138.981633] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.981944] IPVS: ftp: loaded support on port[0] = 21 [ 138.988150] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.000660] device bridge_slave_1 entered promiscuous mode [ 139.017452] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 139.025906] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 139.039567] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 139.047336] team0: Port device team_slave_0 added [ 139.052570] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 139.059520] team0: Port device team_slave_1 added [ 139.064702] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 139.071821] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 139.122077] device hsr_slave_0 entered promiscuous mode [ 139.170331] device hsr_slave_1 entered promiscuous mode [ 139.220544] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 139.228820] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 139.256496] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.257004] IPVS: ftp: loaded support on port[0] = 21 [ 139.262995] bridge0: port 2(bridge_slave_1) entered forwarding state [ 139.274875] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.281341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 139.359131] chnl_net:caif_netlink_parms(): no params data found [ 139.374105] IPVS: ftp: loaded support on port[0] = 21 [ 139.404304] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.411161] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.417836] device bridge_slave_0 entered promiscuous mode [ 139.425467] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.431924] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.438732] device bridge_slave_1 entered promiscuous mode [ 139.468717] IPVS: ftp: loaded support on port[0] = 21 [ 139.535579] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 139.541869] 8021q: adding VLAN 0 to HW filter on device bond0 [ 139.548746] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 139.558980] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 139.598379] chnl_net:caif_netlink_parms(): no params data found [ 139.614738] chnl_net:caif_netlink_parms(): no params data found [ 139.629293] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 139.636589] team0: Port device team_slave_0 added [ 139.642319] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 139.648678] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 139.656020] team0: Port device team_slave_1 added [ 139.674034] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 139.681466] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 139.699468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.708453] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.725466] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.742612] IPVS: ftp: loaded support on port[0] = 21 [ 139.754828] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 139.761046] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.801838] device hsr_slave_0 entered promiscuous mode [ 139.841096] device hsr_slave_1 entered promiscuous mode [ 139.901952] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 139.925848] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 139.945945] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 139.952956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 139.960870] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.967312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 139.974068] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 139.981740] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.988059] bridge0: port 2(bridge_slave_1) entered forwarding state [ 139.999245] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.006471] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.013203] device bridge_slave_0 entered promiscuous mode [ 140.029764] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 140.040515] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.046834] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.053710] device bridge_slave_0 entered promiscuous mode [ 140.059984] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.067175] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.073931] device bridge_slave_1 entered promiscuous mode [ 140.093620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.125965] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.133677] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.140555] device bridge_slave_1 entered promiscuous mode [ 140.158023] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 140.166554] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 140.186103] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 140.194754] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 140.208772] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 140.219263] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 140.227279] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.234854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 140.242423] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 140.249818] chnl_net:caif_netlink_parms(): no params data found [ 140.262077] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 140.269062] team0: Port device team_slave_0 added [ 140.274516] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 140.281700] team0: Port device team_slave_1 added [ 140.288586] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 140.296268] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 140.303885] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 140.319301] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 140.326568] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 140.334119] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 140.345699] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 140.357534] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 140.364817] team0: Port device team_slave_0 added [ 140.382414] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 140.389377] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 140.396952] team0: Port device team_slave_1 added [ 140.402664] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 140.409932] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 140.417914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 140.425347] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 140.434849] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 140.493094] device hsr_slave_0 entered promiscuous mode [ 140.540466] device hsr_slave_1 entered promiscuous mode [ 140.585292] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 140.601995] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 140.609406] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 140.618449] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 140.624764] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 140.637729] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 140.649976] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.656935] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.664064] device bridge_slave_0 entered promiscuous mode [ 140.722144] device hsr_slave_0 entered promiscuous mode [ 140.760333] device hsr_slave_1 entered promiscuous mode [ 140.800710] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 140.825047] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.831444] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.838199] device bridge_slave_1 entered promiscuous mode [ 140.856441] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 140.881327] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 140.895528] chnl_net:caif_netlink_parms(): no params data found [ 140.911074] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 140.924371] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 140.938104] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 140.957507] 8021q: adding VLAN 0 to HW filter on device bond0 [ 140.971916] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 140.979508] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 140.986943] team0: Port device team_slave_0 added [ 140.994013] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 141.025687] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 141.032894] team0: Port device team_slave_1 added [ 141.038139] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 141.048360] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 141.056221] 8021q: adding VLAN 0 to HW filter on device bond0 [ 141.064952] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.071978] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.078724] device bridge_slave_0 entered promiscuous mode [ 141.095841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 141.103170] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 141.109973] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 141.117725] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 141.125716] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 141.143872] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.151694] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.158595] device bridge_slave_1 entered promiscuous mode [ 141.175176] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 141.181637] 8021q: adding VLAN 0 to HW filter on device team0 [ 141.189172] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 141.197670] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 141.210193] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 141.224691] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 141.231231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 141.238828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 141.246809] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.253159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.259844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 141.267774] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 141.275285] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.281886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.288828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 141.295636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 141.304716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 141.312786] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready 21:18:38 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000000000d50000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0}, 0x28) [ 141.321484] bond0: Enslaving bond_slave_1 as an active interface with an up link 21:18:38 executing program 3: r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB="b15961c1", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) r2 = socket(0xa, 0x1, 0x0) close(r2) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8) sendmmsg$inet_sctp(r2, &(0x7f0000002cc0)=[{0x0, 0x0, &(0x7f0000001600)=[{&(0x7f00000000c0)='\x00', 0x34000}], 0x1, &(0x7f00000016c0)=[@sndinfo={0x20}], 0x20}], 0x1, 0x0) [ 141.372989] device hsr_slave_0 entered promiscuous mode [ 141.391828] device hsr_slave_1 entered promiscuous mode [ 141.410901] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 141.419234] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 141.425833] 8021q: adding VLAN 0 to HW filter on device team0 [ 141.432086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 141.441267] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 141.462227] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 141.475134] 8021q: adding VLAN 0 to HW filter on device bond0 [ 141.481423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 141.490371] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 141.498858] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 141.505964] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 141.514136] team0: Port device team_slave_0 added [ 141.521207] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 141.528129] team0: Port device team_slave_1 added [ 141.533371] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 141.542457] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 141.549781] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 141.556743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 141.564453] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 141.572055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 141.579514] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 141.586927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 141.593743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 141.601352] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 141.608383] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 141.616959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 141.624541] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 141.632225] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.638549] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.645517] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 141.664269] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 141.670900] 8021q: adding VLAN 0 to HW filter on device team0 [ 141.677959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 141.689204] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 141.742996] device hsr_slave_0 entered promiscuous mode [ 141.780304] device hsr_slave_1 entered promiscuous mode [ 141.842335] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 141.850335] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 141.857284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 141.864746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 141.872345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 141.879905] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 141.887745] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.894087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.902211] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 141.911883] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 141.930414] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 141.937495] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 141.944825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 141.952531] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 141.959974] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.966312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.973145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 141.981637] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 141.989080] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.995421] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.002461] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 142.010992] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 142.019498] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 142.029394] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 142.037995] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 142.054926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 142.062625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 142.070351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 142.077642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 142.088111] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 142.097735] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 142.107444] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 142.115251] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 142.123017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 142.130582] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 142.137949] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 142.145832] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 142.155615] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 142.166813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.177818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.184330] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 21:18:39 executing program 3: mknod(&(0x7f0000000000)='./bus\x00', 0x80008007, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) read(r0, &(0x7f00000003c0)=""/134, 0x3ea) close(r0) pipe2(0x0, 0x0) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x400000002c2, 0x0) execve(0x0, 0x0, 0x0) [ 142.193194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 142.201673] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 142.210662] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 142.218043] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 142.229167] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready 21:18:39 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x4}) [ 142.243513] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 142.259552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 142.269628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 142.287693] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 142.297113] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 142.304770] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 142.313394] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 142.321068] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 142.329400] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 142.339943] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 142.346128] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 142.346667] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 142.368854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 142.375675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 142.382527] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 142.389986] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 142.401141] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 142.409602] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 142.416420] 8021q: adding VLAN 0 to HW filter on device team0 [ 142.428405] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 142.443585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 142.456163] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 142.465859] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 142.480897] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 21:18:39 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ipv6_route\x00') preadv(r0, &(0x7f0000000900)=[{&(0x7f0000000180)=""/21, 0x15}], 0x1, 0xfffffffffffffffe) 21:18:39 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rt_sigtimedwait(&(0x7f0000000040), 0x0, &(0x7f0000000100)={0x0, 0x989680}, 0x8) [ 142.489639] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 142.514314] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.525182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 142.533976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 21:18:40 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) unshare(0x10050000) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="c0dca5055e0bcfec7be070") socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) fstat(r2, &(0x7f0000000140)) openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/attr/exec\x00', 0x2, 0x0) r3 = dup(r0) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000080)=0x8737) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x700, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) flock(r0, 0x4) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000000)='bridge0\x00') unshare(0x20000000) unshare(0x24020400) r5 = getpid() r6 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x8000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfff}}, r5, 0x3, 0xffffffffffffffff, 0x0) epoll_create(0x2) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x80) r7 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x0) socketpair(0x4, 0x1, 0x59, &(0x7f00000002c0)) ioctl$PERF_EVENT_IOC_DISABLE(r6, 0x2401, 0x0) flock(r7, 0x4) creat(&(0x7f0000000100)='./file0\x00', 0x20) ioctl$TCGETA(r3, 0x5405, &(0x7f00000000c0)) socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r10, 0x0, r9, 0x0, 0x420000a77, 0x0) dup3(r11, 0xffffffffffffffff, 0x0) dup2(r11, r8) write$binfmt_elf64(r11, &(0x7f0000000000)=ANY=[], 0xfffffd88) getsockopt$IP6T_SO_GET_REVISION_TARGET(r11, 0x29, 0x45, &(0x7f0000000340)={'ipvs\x00'}, 0xfffffffffffffffe) [ 142.555891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 142.576991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 142.584907] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.591282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.599030] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 142.607526] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 142.618209] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.624568] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.633580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 142.643486] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 142.654270] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 142.670232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 142.678561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 142.685970] protocol 88fb is buggy, dev hsr_slave_0 [ 142.686019] protocol 88fb is buggy, dev hsr_slave_1 [ 142.699028] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.708787] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 142.723689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 142.731500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 142.740531] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 142.748348] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 142.757206] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 142.764256] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 142.772809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 142.784807] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 142.793317] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 142.806847] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 142.813996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 142.821690] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 142.830308] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 142.837713] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 142.844116] 8021q: adding VLAN 0 to HW filter on device team0 [ 142.855078] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 142.873308] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 142.881312] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 142.893079] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 142.899793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 142.906639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 142.914483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 142.922119] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.928485] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.936370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 142.943829] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 142.952015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 142.960985] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 142.969865] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 142.979283] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 142.989750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 142.990097] protocol 88fb is buggy, dev hsr_slave_0 [ 142.997750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 143.002227] protocol 88fb is buggy, dev hsr_slave_1 [ 143.015062] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.021419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 143.028121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 143.036815] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 143.045064] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 143.055317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 143.062456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 143.074946] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 143.082432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 143.091473] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 143.097471] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 143.110079] protocol 88fb is buggy, dev hsr_slave_0 [ 143.115107] protocol 88fb is buggy, dev hsr_slave_1 [ 143.117610] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 143.120422] protocol 88fb is buggy, dev hsr_slave_0 [ 143.120455] protocol 88fb is buggy, dev hsr_slave_1 [ 143.149388] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 143.156055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 143.163934] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 143.171890] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 143.182331] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 143.190174] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 143.197876] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 143.210084] protocol 88fb is buggy, dev hsr_slave_0 [ 143.215154] protocol 88fb is buggy, dev hsr_slave_1 [ 143.222761] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 143.231947] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 143.241091] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 143.247789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 143.255758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 143.263276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 143.270909] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 143.279725] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 143.287269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 143.306295] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 143.325145] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 143.720471] ================================================================== [ 143.728012] BUG: KASAN: use-after-free in tcp_ack+0x414f/0x4760 [ 143.734041] Read of size 4 at addr ffff8880a06e27ec by task syz-executor.2/6860 [ 143.741566] [ 143.743167] CPU: 0 PID: 6860 Comm: syz-executor.2 Not tainted 4.14.143 #0 [ 143.750067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 143.759397] Call Trace: [ 143.761963] [ 143.764105] dump_stack+0x138/0x197 [ 143.767717] ? tcp_ack+0x414f/0x4760 [ 143.771417] print_address_description.cold+0x7c/0x1dc [ 143.776684] ? tcp_ack+0x414f/0x4760 [ 143.780382] kasan_report.cold+0xa9/0x2af [ 143.784522] __asan_report_load4_noabort+0x14/0x20 [ 143.789438] tcp_ack+0x414f/0x4760 [ 143.792957] ? trace_hardirqs_on+0x10/0x10 [ 143.797169] ? tcp_fastretrans_alert+0x2620/0x2620 [ 143.802076] ? lock_downgrade+0x6e0/0x6e0 [ 143.806287] tcp_rcv_established+0x3e9/0x1650 [ 143.810756] ? tcp_data_queue+0x3730/0x3730 [ 143.815053] ? ip6_dst_check+0x16a/0x2c0 [ 143.819090] tcp_v6_do_rcv+0x417/0x1190 [ 143.823041] tcp_v6_rcv+0x2446/0x2ed0 [ 143.826812] ? save_trace+0x290/0x290 [ 143.830604] ip6_input_finish+0x300/0x15a0 [ 143.834819] ip6_input+0xd5/0x340 [ 143.838242] ? ip6_input_finish+0x15a0/0x15a0 [ 143.842711] ? ipv6_rcv+0x16aa/0x1d20 [ 143.846483] ? ip6_rcv_finish+0x7a0/0x7a0 [ 143.850605] ip6_rcv_finish+0x23f/0x7a0 [ 143.854582] ipv6_rcv+0xe4d/0x1d20 [ 143.858092] ? put_prev_task_stop+0x358/0x400 [ 143.862560] ? ip6_input+0x340/0x340 [ 143.866245] ? __lock_is_held+0xb6/0x140 [ 143.870277] ? check_preemption_disabled+0x3c/0x250 [ 143.875266] ? ip6_make_skb+0x410/0x410 [ 143.879215] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 143.884637] ? ip6_input+0x340/0x340 [ 143.888329] __netif_receive_skb_core+0x1eae/0x2ca0 [ 143.893319] ? trace_hardirqs_on+0x10/0x10 [ 143.897526] ? enqueue_to_backlog+0xcc0/0xcc0 [ 143.901992] ? process_backlog+0x43e/0x730 [ 143.906198] ? lock_acquire+0x16f/0x430 [ 143.910153] __netif_receive_skb+0x2c/0x1b0 [ 143.914453] ? __netif_receive_skb+0x2c/0x1b0 [ 143.918920] process_backlog+0x21f/0x730 [ 143.922963] ? mark_held_locks+0xb1/0x100 [ 143.927094] net_rx_action+0x490/0xf80 [ 143.931026] ? napi_complete_done+0x4f0/0x4f0 [ 143.935495] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 143.940923] __do_softirq+0x244/0x9a0 [ 143.944712] ? ip6_finish_output2+0x9c0/0x21b0 [ 143.949272] do_softirq_own_stack+0x2a/0x40 [ 143.953653] [ 143.955866] do_softirq.part.0+0x10e/0x160 [ 143.960080] __local_bh_enable_ip+0x154/0x1a0 [ 143.964553] ip6_finish_output2+0x9f3/0x21b0 [ 143.968937] ? ip6_forward_finish+0x480/0x480 [ 143.973407] ? __lock_is_held+0xb6/0x140 [ 143.977576] ? check_preemption_disabled+0x3c/0x250 [ 143.982573] ip6_finish_output+0x4f4/0xb50 [ 143.986794] ? ip6_finish_output+0x4f4/0xb50 [ 143.991178] ip6_output+0x20f/0x6d0 [ 143.994819] ? ip6_finish_output+0xb50/0xb50 [ 143.999212] ? __lock_is_held+0xb6/0x140 [ 144.003258] ? check_preemption_disabled+0x3c/0x250 [ 144.008258] ? ip6_fragment+0x32c0/0x32c0 [ 144.012382] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 144.017816] ip6_xmit+0xd53/0x1eb0 [ 144.021374] ? ip6_finish_output2+0x21b0/0x21b0 [ 144.026018] ? save_trace+0x290/0x290 [ 144.029792] ? ip6_append_data+0x2f0/0x2f0 [ 144.034005] ? __lock_is_held+0xb6/0x140 [ 144.038044] ? check_preemption_disabled+0x3c/0x250 [ 144.043041] inet6_csk_xmit+0x286/0x4d0 [ 144.046990] ? inet6_csk_update_pmtu+0x140/0x140 [ 144.051719] ? tcp_md5_do_lookup+0x1d3/0x530 [ 144.056108] __tcp_transmit_skb+0x172c/0x2fe0 [ 144.060580] ? __tcp_select_window+0x6e0/0x6e0 [ 144.065140] ? kvm_clock_read+0x23/0x40 [ 144.069091] ? sched_clock_cpu+0x1b/0x1c0 [ 144.073211] ? tcp_small_queue_check+0x184/0x1e0 [ 144.077940] tcp_write_xmit+0x523/0x4960 [ 144.081983] ? tcp_v6_md5_lookup+0x23/0x30 [ 144.086199] ? tcp_established_options+0x2c5/0x420 [ 144.091110] ? tcp_current_mss+0x1b1/0x2f0 [ 144.095318] __tcp_push_pending_frames+0xa6/0x260 [ 144.100136] tcp_send_fin+0x17e/0xc40 [ 144.103921] tcp_close+0xcc8/0xfb0 [ 144.107429] ? lock_acquire+0x16f/0x430 [ 144.111414] ? ip_mc_drop_socket+0x1d6/0x230 [ 144.115805] inet_release+0xec/0x1c0 [ 144.119495] inet6_release+0x53/0x80 [ 144.123182] __sock_release+0xce/0x2b0 [ 144.127040] ? __sock_release+0x2b0/0x2b0 [ 144.131157] sock_close+0x1b/0x30 [ 144.134583] __fput+0x275/0x7a0 [ 144.137836] ____fput+0x16/0x20 [ 144.141089] task_work_run+0x114/0x190 [ 144.144963] exit_to_usermode_loop+0x1da/0x220 [ 144.149532] do_syscall_64+0x4bc/0x640 [ 144.153389] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 144.158208] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 144.163385] RIP: 0033:0x4135d1 [ 144.166547] RSP: 002b:00007fff32357740 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 144.174227] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00000000004135d1 [ 144.181473] RDX: 0000000000000000 RSI: 000000000000033f RDI: 0000000000000006 [ 144.188717] RBP: 0000000000000001 R08: 000000008beec33f R09: 000000008beec343 [ 144.195963] R10: 00007fff32357820 R11: 0000000000000293 R12: 000000000075c9a0 [ 144.203205] R13: 000000000075c9a0 R14: 0000000000760db0 R15: ffffffffffffffff [ 144.210449] [ 144.212046] Allocated by task 6861: [ 144.215646] save_stack_trace+0x16/0x20 [ 144.219597] save_stack+0x45/0xd0 [ 144.223050] kasan_kmalloc+0xce/0xf0 [ 144.226731] kasan_slab_alloc+0xf/0x20 [ 144.230597] kmem_cache_alloc_node+0x144/0x780 [ 144.235149] __alloc_skb+0x9c/0x500 [ 144.238746] sk_stream_alloc_skb+0xb3/0x780 [ 144.243042] tcp_sendmsg_locked+0xf61/0x3200 [ 144.247419] tcp_sendmsg+0x30/0x50 [ 144.250962] inet_sendmsg+0x122/0x500 [ 144.254731] sock_sendmsg+0xce/0x110 [ 144.258416] SYSC_sendto+0x206/0x310 [ 144.262110] SyS_sendto+0x40/0x50 [ 144.265562] do_syscall_64+0x1e8/0x640 [ 144.269422] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 144.274671] [ 144.276270] Freed by task 6861: [ 144.279523] save_stack_trace+0x16/0x20 [ 144.283469] save_stack+0x45/0xd0 [ 144.286893] kasan_slab_free+0x75/0xc0 [ 144.290759] kmem_cache_free+0x83/0x2b0 [ 144.294706] kfree_skbmem+0x8d/0x120 [ 144.298407] __kfree_skb+0x1e/0x30 [ 144.301920] tcp_remove_empty_skb.part.0+0x231/0x2e0 [ 144.306993] tcp_sendmsg_locked+0x1ced/0x3200 [ 144.311475] tcp_sendmsg+0x30/0x50 [ 144.314987] inet_sendmsg+0x122/0x500 [ 144.318760] sock_sendmsg+0xce/0x110 [ 144.322446] SYSC_sendto+0x206/0x310 [ 144.326129] SyS_sendto+0x40/0x50 [ 144.329558] do_syscall_64+0x1e8/0x640 [ 144.333417] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 144.338576] [ 144.340181] The buggy address belongs to the object at ffff8880a06e27c0 [ 144.340181] which belongs to the cache skbuff_fclone_cache of size 472 [ 144.353511] The buggy address is located 44 bytes inside of [ 144.353511] 472-byte region [ffff8880a06e27c0, ffff8880a06e2998) [ 144.365265] The buggy address belongs to the page: [ 144.370164] page:ffffea000281b880 count:1 mapcount:0 mapping:ffff8880a06e2040 index:0x0 [ 144.378276] flags: 0x1fffc0000000100(slab) [ 144.382481] raw: 01fffc0000000100 ffff8880a06e2040 0000000000000000 0000000100000006 [ 144.390343] raw: ffffea0002633e20 ffffea00026199a0 ffff88821b7203c0 0000000000000000 [ 144.398193] page dumped because: kasan: bad access detected [ 144.403874] [ 144.405470] Memory state around the buggy address: [ 144.410367] ffff8880a06e2680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 144.417698] ffff8880a06e2700: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.425030] >ffff8880a06e2780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 144.432356] ^ [ 144.439079] ffff8880a06e2800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 144.446408] ffff8880a06e2880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 144.453731] ================================================================== [ 144.461076] Disabling lock debugging due to kernel taint [ 144.466515] Kernel panic - not syncing: panic_on_warn set ... [ 144.466515] [ 144.473853] CPU: 0 PID: 6860 Comm: syz-executor.2 Tainted: G B 4.14.143 #0 [ 144.481963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 144.491293] Call Trace: [ 144.493848] [ 144.495972] dump_stack+0x138/0x197 [ 144.499572] ? tcp_ack+0x414f/0x4760 [ 144.503347] panic+0x1f2/0x426 [ 144.506510] ? add_taint.cold+0x16/0x16 [ 144.510458] kasan_end_report+0x47/0x4f [ 144.514401] kasan_report.cold+0x130/0x2af [ 144.518608] __asan_report_load4_noabort+0x14/0x20 [ 144.523511] tcp_ack+0x414f/0x4760 [ 144.527026] ? trace_hardirqs_on+0x10/0x10 [ 144.531255] ? tcp_fastretrans_alert+0x2620/0x2620 [ 144.536157] ? lock_downgrade+0x6e0/0x6e0 [ 144.540285] tcp_rcv_established+0x3e9/0x1650 [ 144.544753] ? tcp_data_queue+0x3730/0x3730 [ 144.549047] ? ip6_dst_check+0x16a/0x2c0 [ 144.553078] tcp_v6_do_rcv+0x417/0x1190 [ 144.557021] tcp_v6_rcv+0x2446/0x2ed0 [ 144.560794] ? save_trace+0x290/0x290 [ 144.564571] ip6_input_finish+0x300/0x15a0 [ 144.568780] ip6_input+0xd5/0x340 [ 144.572210] ? ip6_input_finish+0x15a0/0x15a0 [ 144.576696] ? ipv6_rcv+0x16aa/0x1d20 [ 144.580473] ? ip6_rcv_finish+0x7a0/0x7a0 [ 144.584593] ip6_rcv_finish+0x23f/0x7a0 [ 144.588539] ipv6_rcv+0xe4d/0x1d20 [ 144.592054] ? put_prev_task_stop+0x358/0x400 [ 144.596530] ? ip6_input+0x340/0x340 [ 144.600218] ? __lock_is_held+0xb6/0x140 [ 144.604253] ? check_preemption_disabled+0x3c/0x250 [ 144.609243] ? ip6_make_skb+0x410/0x410 [ 144.613189] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 144.618609] ? ip6_input+0x340/0x340 [ 144.622296] __netif_receive_skb_core+0x1eae/0x2ca0 [ 144.627286] ? trace_hardirqs_on+0x10/0x10 [ 144.631491] ? enqueue_to_backlog+0xcc0/0xcc0 [ 144.635957] ? process_backlog+0x43e/0x730 [ 144.640171] ? lock_acquire+0x16f/0x430 [ 144.644128] __netif_receive_skb+0x2c/0x1b0 [ 144.648441] ? __netif_receive_skb+0x2c/0x1b0 [ 144.652910] process_backlog+0x21f/0x730 [ 144.656940] ? mark_held_locks+0xb1/0x100 [ 144.661062] net_rx_action+0x490/0xf80 [ 144.664923] ? napi_complete_done+0x4f0/0x4f0 [ 144.669394] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 144.674821] __do_softirq+0x244/0x9a0 [ 144.678595] ? ip6_finish_output2+0x9c0/0x21b0 [ 144.683157] do_softirq_own_stack+0x2a/0x40 [ 144.687444] [ 144.689658] do_softirq.part.0+0x10e/0x160 [ 144.693954] __local_bh_enable_ip+0x154/0x1a0 [ 144.698423] ip6_finish_output2+0x9f3/0x21b0 [ 144.702804] ? ip6_forward_finish+0x480/0x480 [ 144.707268] ? __lock_is_held+0xb6/0x140 [ 144.711304] ? check_preemption_disabled+0x3c/0x250 [ 144.716292] ip6_finish_output+0x4f4/0xb50 [ 144.720500] ? ip6_finish_output+0x4f4/0xb50 [ 144.724880] ip6_output+0x20f/0x6d0 [ 144.728477] ? ip6_finish_output+0xb50/0xb50 [ 144.732864] ? __lock_is_held+0xb6/0x140 [ 144.737068] ? check_preemption_disabled+0x3c/0x250 [ 144.742055] ? ip6_fragment+0x32c0/0x32c0 [ 144.746179] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 144.751614] ip6_xmit+0xd53/0x1eb0 [ 144.755137] ? ip6_finish_output2+0x21b0/0x21b0 [ 144.759778] ? save_trace+0x290/0x290 [ 144.763551] ? ip6_append_data+0x2f0/0x2f0 [ 144.767759] ? __lock_is_held+0xb6/0x140 [ 144.771792] ? check_preemption_disabled+0x3c/0x250 [ 144.776786] inet6_csk_xmit+0x286/0x4d0 [ 144.780732] ? inet6_csk_update_pmtu+0x140/0x140 [ 144.785456] ? tcp_md5_do_lookup+0x1d3/0x530 [ 144.789837] __tcp_transmit_skb+0x172c/0x2fe0 [ 144.794303] ? __tcp_select_window+0x6e0/0x6e0 [ 144.798858] ? kvm_clock_read+0x23/0x40 [ 144.802811] ? sched_clock_cpu+0x1b/0x1c0 [ 144.806943] ? tcp_small_queue_check+0x184/0x1e0 [ 144.811673] tcp_write_xmit+0x523/0x4960 [ 144.815707] ? tcp_v6_md5_lookup+0x23/0x30 [ 144.819914] ? tcp_established_options+0x2c5/0x420 [ 144.824815] ? tcp_current_mss+0x1b1/0x2f0 [ 144.829026] __tcp_push_pending_frames+0xa6/0x260 [ 144.833840] tcp_send_fin+0x17e/0xc40 [ 144.837609] tcp_close+0xcc8/0xfb0 [ 144.841122] ? lock_acquire+0x16f/0x430 [ 144.845068] ? ip_mc_drop_socket+0x1d6/0x230 [ 144.849456] inet_release+0xec/0x1c0 [ 144.853147] inet6_release+0x53/0x80 [ 144.856849] __sock_release+0xce/0x2b0 [ 144.860710] ? __sock_release+0x2b0/0x2b0 [ 144.864828] sock_close+0x1b/0x30 [ 144.868251] __fput+0x275/0x7a0 [ 144.871503] ____fput+0x16/0x20 [ 144.874870] task_work_run+0x114/0x190 [ 144.878732] exit_to_usermode_loop+0x1da/0x220 [ 144.883290] do_syscall_64+0x4bc/0x640 [ 144.887147] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 144.891965] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 144.897123] RIP: 0033:0x4135d1 [ 144.900288] RSP: 002b:00007fff32357740 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 144.907973] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00000000004135d1 [ 144.915213] RDX: 0000000000000000 RSI: 000000000000033f RDI: 0000000000000006 [ 144.922452] RBP: 0000000000000001 R08: 000000008beec33f R09: 000000008beec343 [ 144.929694] R10: 00007fff32357820 R11: 0000000000000293 R12: 000000000075c9a0 [ 144.936935] R13: 000000000075c9a0 R14: 0000000000760db0 R15: ffffffffffffffff [ 144.945425] Kernel Offset: disabled [ 144.949037] Rebooting in 86400 seconds..