[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.947850] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.722979] random: sshd: uninitialized urandom read (32 bytes read) [ 23.148255] sshd (4509) used greatest stack depth: 17000 bytes left [ 23.175042] random: sshd: uninitialized urandom read (32 bytes read) [ 24.121856] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. [ 29.788705] random: sshd: uninitialized urandom read (32 bytes read) 2018/06/30 11:49:36 fuzzer started [ 31.225713] random: cc1: uninitialized urandom read (8 bytes read) 2018/06/30 11:49:38 dialing manager at 10.128.0.26:43217 2018/06/30 11:49:41 syscalls: 1612 2018/06/30 11:49:41 code coverage: enabled 2018/06/30 11:49:41 comparison tracing: enabled 2018/06/30 11:49:41 setuid sandbox: enabled 2018/06/30 11:49:41 namespace sandbox: enabled 2018/06/30 11:49:41 fault injection: enabled 2018/06/30 11:49:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/06/30 11:49:41 net packed injection: enabled [ 38.890519] random: crng init done 11:50:23 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000a80)=[{&(0x7f0000000980)="94", 0x1}], 0x1, 0x81804) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r1, &(0x7f00000000c0), 0x4000000000000004) 11:50:23 executing program 1: getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000140)={{{@in=@broadcast}}, {{@in=@remote}, 0x0, @in6=@mcast1}}, &(0x7f0000000240)=0xe8) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) sched_getaffinity(0x0, 0x8, &(0x7f00000004c0)) ptrace$cont(0xffffffffffffffff, 0x0, 0x0, 0x7f) 11:50:23 executing program 7: 11:50:23 executing program 4: r0 = socket$inet6(0xa, 0x2000000802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@remote={0xfe, 0x80, [], 0xbb}, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f000089b000)=0x1, 0x4) sendmsg(r0, &(0x7f0000000000)={&(0x7f00000001c0)=@in6={0xa, 0x4e24, 0x800, @dev={0xfe, 0x80}}, 0x80, &(0x7f0000000180), 0x0, &(0x7f0000000240)}, 0x0) 11:50:23 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="c400000019000901000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000f40000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000c00080008000800e8ffffff"], 0x3}, 0x1}, 0x0) 11:50:23 executing program 3: r0 = syz_open_dev$tun(&(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={"6966623000faffffffffffffff00", 0x5001}) 11:50:23 executing program 5: r0 = perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x4, 0x4, 0x20000000004, 0x101}, 0x2c) dup3(r0, r1, 0x0) 11:50:23 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'veth1_to_bond\x00'}) sendmsg$nl_route(r0, &(0x7f0000004fc8)={&(0x7f0000016000)={0x10}, 0xc, &(0x7f000000b000)={&(0x7f000002c000)=ANY=[@ANYBLOB="2400000018002100e8ff0000000000001c140000fe0000010000000000"], 0x1}, 0x1}, 0x0) [ 77.259709] IPVS: ftp: loaded support on port[0] = 21 [ 77.266291] IPVS: ftp: loaded support on port[0] = 21 [ 77.358964] IPVS: ftp: loaded support on port[0] = 21 [ 77.359281] IPVS: ftp: loaded support on port[0] = 21 [ 77.397609] IPVS: ftp: loaded support on port[0] = 21 [ 77.398944] IPVS: ftp: loaded support on port[0] = 21 [ 77.415515] IPVS: ftp: loaded support on port[0] = 21 [ 77.458365] IPVS: ftp: loaded support on port[0] = 21 [ 79.451430] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.457966] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.497944] device bridge_slave_0 entered promiscuous mode [ 79.528954] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.535485] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.556149] device bridge_slave_0 entered promiscuous mode [ 79.573861] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.580320] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.592666] device bridge_slave_0 entered promiscuous mode [ 79.625498] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.631893] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.650582] device bridge_slave_0 entered promiscuous mode [ 79.667155] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.673565] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.694965] device bridge_slave_0 entered promiscuous mode [ 79.704984] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.711407] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.722606] device bridge_slave_1 entered promiscuous mode [ 79.733899] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.740303] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.756197] device bridge_slave_0 entered promiscuous mode [ 79.766647] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.773056] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.780904] device bridge_slave_1 entered promiscuous mode [ 79.789822] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.796186] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.807131] device bridge_slave_1 entered promiscuous mode [ 79.815562] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 79.823720] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.830084] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.856215] device bridge_slave_0 entered promiscuous mode [ 79.866418] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.872798] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.882198] device bridge_slave_0 entered promiscuous mode [ 79.893933] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.900326] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.908462] device bridge_slave_1 entered promiscuous mode [ 79.915206] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.921594] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.930064] device bridge_slave_1 entered promiscuous mode [ 79.940347] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 79.948880] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 79.956408] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.962785] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.981005] device bridge_slave_1 entered promiscuous mode [ 79.991981] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 80.000910] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.007338] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.032958] device bridge_slave_1 entered promiscuous mode [ 80.046394] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.052808] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.061235] device bridge_slave_1 entered promiscuous mode [ 80.069550] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 80.078172] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 80.088385] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 80.097039] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 80.104428] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 80.152874] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 80.204160] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 80.215300] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 80.222744] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 80.258722] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 80.304402] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 80.376310] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 80.420699] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 80.527277] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 80.561324] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 80.572311] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 80.593875] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 80.637741] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 80.654424] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 80.664655] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 80.699271] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 80.711337] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 80.754195] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 80.772766] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 80.803882] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 80.812972] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 80.876187] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 80.920783] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 80.971687] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 80.981461] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 80.988405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 81.010258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 81.027162] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 81.036943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 81.050746] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 81.062774] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 81.071288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 81.094898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 81.121503] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 81.128596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 81.147183] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 81.154367] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 81.161243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 81.181597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 81.222683] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 81.230188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 81.251589] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 81.258840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 81.330107] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 81.360629] team0: Port device team_slave_0 added [ 81.366471] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 81.374983] team0: Port device team_slave_0 added [ 81.441467] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 81.460650] team0: Port device team_slave_1 added [ 81.474935] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 81.498694] team0: Port device team_slave_0 added [ 81.524455] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 81.533101] team0: Port device team_slave_0 added [ 81.556263] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 81.566682] team0: Port device team_slave_0 added [ 81.573119] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 81.588653] team0: Port device team_slave_1 added [ 81.610487] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 81.631381] team0: Port device team_slave_1 added [ 81.647276] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.679710] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 81.689448] team0: Port device team_slave_0 added [ 81.696990] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 81.704868] team0: Port device team_slave_0 added [ 81.712976] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 81.730262] team0: Port device team_slave_1 added [ 81.737789] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 81.747200] team0: Port device team_slave_1 added [ 81.766262] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 81.793831] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.809736] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.834264] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 81.843711] team0: Port device team_slave_0 added [ 81.850625] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 81.857972] team0: Port device team_slave_1 added [ 81.869070] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 81.878960] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 81.886939] team0: Port device team_slave_1 added [ 81.920006] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.943191] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 81.963654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 81.979667] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 81.988329] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.997561] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 82.004613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 82.012493] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.022720] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 82.033580] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 82.042439] team0: Port device team_slave_1 added [ 82.049375] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.061161] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 82.070248] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 82.082883] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 82.094731] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.116959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.130170] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.139184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 82.147428] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.155423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 82.163199] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.173600] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 82.183246] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.192982] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 82.200814] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.208041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 82.217434] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.225674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.235543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.245277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 82.275146] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.286458] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.294913] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.303354] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.312913] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 82.322500] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.331274] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.340172] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.347699] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 82.354664] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.371670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.404689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 82.427662] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.449314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.457270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.465206] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.472925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.480707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.488533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.496293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 82.503889] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.511709] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 82.518756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 82.527213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.541543] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.551236] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.563828] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.577331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.596388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.621581] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.643365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.661444] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.673094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.681333] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.688965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.697228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.713114] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.731176] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.745814] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.752909] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.781260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.824466] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.851117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.863060] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.870809] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.920370] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.927541] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.946258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.834972] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.841510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.848496] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.854885] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.880689] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 83.902868] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.909274] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.915968] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.922359] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.997924] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 84.004473] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 84.013133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 84.030506] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.036881] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.043536] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.049899] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.059479] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 84.068101] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.074476] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.081150] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.087534] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.099511] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 84.245448] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.251873] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.258545] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.264925] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.304223] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 84.313188] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.319573] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.326199] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.332612] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.350355] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 84.378380] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.384795] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.391469] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.397856] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.452940] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 84.466313] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.472754] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.479435] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.485832] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.495794] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 85.023422] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 85.041524] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 85.066213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 85.081205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 85.092789] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 85.099840] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.153124] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.177132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.295140] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.325529] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.393438] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.535816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.559280] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.605528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.685520] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 89.693585] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 89.767625] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 89.783740] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 89.857610] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 90.011193] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 90.032713] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 90.096524] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 90.165752] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 90.172213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 90.184297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 90.217920] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 90.224120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 90.234706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 90.256602] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 90.264051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 90.295571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 90.316651] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 90.326435] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 90.341116] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 90.384534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 90.417763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 90.430555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 90.577774] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 90.584193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 90.592374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 90.618613] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 90.626183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 90.651646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 90.680634] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.705967] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.730643] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 90.749659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 90.766747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 90.794536] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.810042] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.834847] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.107516] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.163156] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.200057] 8021q: adding VLAN 0 to HW filter on device team0 11:50:39 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioprio_get$pid(0x0, 0x0) capset(&(0x7f00000000c0), &(0x7f0000000440)) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000300)={"65716cffffffff007a000000eb00"}) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8, 0x1b}]}, 0x28}, 0x1}, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505331, &(0x7f0000000340)) statfs(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=""/18) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000340)={{&(0x7f0000010000/0x2000)=nil, 0x2000}}) open(&(0x7f0000032ff8)='./file0\x00', 0x0, 0x0) 11:50:39 executing program 7: 11:50:39 executing program 7: 11:50:39 executing program 5: [ 93.649403] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 93.684839] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 11:50:39 executing program 7: 11:50:39 executing program 5: 11:50:39 executing program 7: [ 93.794763] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 11:50:40 executing program 7: 11:50:40 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x20a200, 0x0) poll(&(0x7f0000000140)=[{}], 0x1, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x400a00, 0x0) ioctl$GIO_UNISCRNMAP(r0, 0x4b69, &(0x7f0000000040)=""/102) 11:50:40 executing program 1: r0 = creat(&(0x7f0000000340)='./bus\x00', 0x1) fcntl$setstatus(r0, 0x4, 0x4000) ioctl$ASHMEM_GET_NAME(r0, 0x81007702, &(0x7f0000000440)=""/201) truncate(&(0x7f0000000300)='./bus\x00', 0xa00) getcwd(&(0x7f0000000540)=""/94, 0x5e) r1 = open(&(0x7f0000000200)='./bus\x00', 0x20000000000014, 0x8) lseek(r0, 0x0, 0x2) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r1, &(0x7f0000000040), 0x8000fffffffe) request_key(&(0x7f0000000180)='.dead\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000000240)='/dev/net/tun\x00', 0x0) setsockopt$inet6_int(r1, 0x29, 0x49, &(0x7f00000000c0)=0x7, 0x4) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000003c0)={0x0, 0x0}, &(0x7f0000000400)=0xc) syz_fuse_mount(&(0x7f0000000380)='./bus\x00', 0xb001, r2, 0x0, 0x81, 0x0) truncate(&(0x7f0000000140)='./bus\x00', 0x0) 11:50:40 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000001fc0)='./file0\x00', 0x440040, 0x0) close(r0) socket$unix(0x1, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x4, &(0x7f00000001c0)={@remote={0xac, 0x14, 0x14, 0xbb}, @multicast1=0xe0000001}, 0xc) 11:50:40 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f00000002c0)=0x4006, 0x4) sendto$inet6(r0, &(0x7f0000000000)="0401000000c0031102daf2c2510200130011", 0x12, 0x0, &(0x7f00000000c0)={0xa, 0x200000000010894f, 0x2}, 0x1c) 11:50:40 executing program 5: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x800) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000080)="2957e1311f16f477671070") perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) [ 94.186603] ================================================================== [ 94.194153] BUG: KASAN: slab-out-of-bounds in ipv6_gso_pull_exthdrs+0x57a/0x5f0 [ 94.201604] Read of size 1 at addr ffff8801c1154001 by task syz-executor4/6641 [ 94.208956] [ 94.210591] CPU: 0 PID: 6641 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #26 [ 94.217772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 94.227123] Call Trace: [ 94.229722] dump_stack+0x1c9/0x2b4 [ 94.233364] ? dump_stack_print_info.cold.2+0x52/0x52 [ 94.238563] ? printk+0xa7/0xcf [ 94.241854] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 94.246621] ? ipv6_gso_pull_exthdrs+0x57a/0x5f0 [ 94.251383] print_address_description+0x6c/0x20b [ 94.256234] ? ipv6_gso_pull_exthdrs+0x57a/0x5f0 [ 94.260999] kasan_report.cold.7+0x242/0x2fe [ 94.265416] __asan_report_load1_noabort+0x14/0x20 [ 94.270350] ipv6_gso_pull_exthdrs+0x57a/0x5f0 [ 94.274940] ? ip4ip6_gro_receive+0x100/0x100 [ 94.279445] ? graph_lock+0x170/0x170 [ 94.283254] ? task_numa_work+0xf00/0xf00 [ 94.287410] ipv6_gso_segment+0x37a/0x11e0 [ 94.291658] ? netdev_alert+0x78/0x170 [ 94.295560] ? sit_ip6ip6_gro_receive+0x100/0x100 [ 94.300413] ? kasan_check_read+0x11/0x20 [ 94.304562] ? rcu_is_watching+0x8c/0x150 [ 94.308718] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 94.313136] ? skb_network_protocol+0xfc/0x4c0 [ 94.317735] skb_mac_gso_segment+0x3b5/0x740 [ 94.322151] ? __lock_acquire+0x7fc/0x5020 [ 94.326391] ? sit_ip6ip6_gro_receive+0x100/0x100 [ 94.331251] ? skb_network_protocol+0x4c0/0x4c0 [ 94.335938] ? lock_acquire+0x1e4/0x540 [ 94.339923] ? skb_mac_gso_segment+0x229/0x740 [ 94.344524] nsh_gso_segment+0x470/0xb40 [ 94.348604] skb_mac_gso_segment+0x3b5/0x740 [ 94.353021] ? nsh_pop+0x500/0x500 [ 94.356575] ? skb_network_protocol+0x4c0/0x4c0 [ 94.361253] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 94.366441] ? skb_network_protocol+0xfc/0x4c0 [ 94.371016] ? sock_sendmsg+0xd5/0x120 [ 94.374894] ? __sys_sendto+0x3d7/0x670 [ 94.378853] ? __ia32_sys_sendto+0xdf/0x1a0 [ 94.383158] ? do_fast_syscall_32+0x34d/0xfb2 [ 94.387638] __skb_gso_segment+0x3c3/0x880 [ 94.391862] ? skb_mac_gso_segment+0x740/0x740 [ 94.396429] ? lock_acquire+0x1e4/0x540 [ 94.400412] ? __dev_queue_xmit+0x328/0x3910 [ 94.404807] validate_xmit_skb+0x640/0xf30 [ 94.409040] ? netif_skb_features+0xb70/0xb70 [ 94.413621] __dev_queue_xmit+0xc14/0x3910 [ 94.417856] ? netdev_pick_tx+0x2d0/0x2d0 [ 94.422006] ? graph_lock+0x170/0x170 [ 94.425974] ? skb_scrub_packet+0x580/0x580 [ 94.430282] ? trace_hardirqs_on+0x10/0x10 [ 94.434511] ? print_usage_bug+0xc0/0xc0 [ 94.438559] ? graph_lock+0x170/0x170 [ 94.442350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.447873] ? find_held_lock+0x36/0x1c0 [ 94.451926] ? lock_downgrade+0x8f0/0x8f0 [ 94.456059] ? lock_release+0xa30/0xa30 [ 94.460019] ? check_same_owner+0x340/0x340 [ 94.464333] ? skb_set_owner_w+0x24e/0x360 [ 94.468560] ? kasan_check_write+0x14/0x20 [ 94.472782] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 94.477784] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 94.482786] ? __check_object_size+0x9d/0x5f2 [ 94.487267] ? usercopy_warn+0x120/0x120 [ 94.491315] ? _copy_from_iter_nocache+0x1050/0x1050 [ 94.497184] ? _copy_from_iter_full+0x2bc/0xd20 [ 94.501836] ? kasan_check_read+0x11/0x20 [ 94.505972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.511494] ? skb_copy_datagram_from_iter+0x451/0x660 [ 94.516751] ? iov_iter_advance+0x14e0/0x14e0 [ 94.521234] dev_queue_xmit+0x17/0x20 [ 94.525025] ? dev_queue_xmit+0x17/0x20 [ 94.528984] packet_sendmsg+0x428e/0x6130 [ 94.533115] ? find_held_lock+0x36/0x1c0 [ 94.537172] ? kernel_poison_pages+0x1a9/0x220 [ 94.541740] ? packet_getname+0x5f0/0x5f0 [ 94.545876] ? do_raw_spin_unlock+0x91/0x2f0 [ 94.550268] ? expand_files.part.8+0x9c0/0x9c0 [ 94.554836] ? compat_start_thread+0x80/0x80 [ 94.559232] ? _raw_spin_unlock_irq+0x27/0x70 [ 94.563724] ? lock_downgrade+0x8f0/0x8f0 [ 94.567856] ? check_same_owner+0x340/0x340 [ 94.572345] ? __check_object_size+0x9d/0x5f2 [ 94.576831] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 94.582351] ? security_socket_sendmsg+0x94/0xc0 [ 94.587091] ? packet_getname+0x5f0/0x5f0 [ 94.591223] sock_sendmsg+0xd5/0x120 [ 94.594920] __sys_sendto+0x3d7/0x670 [ 94.598709] ? __ia32_sys_getpeername+0xb0/0xb0 [ 94.603362] ? rcu_pm_notify+0xc0/0xc0 [ 94.607243] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 94.612768] ? syscall_trace_enter+0x68e/0x1210 [ 94.617434] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.622954] ? syscall_slow_exit_work+0x111/0x500 [ 94.627782] ? lockdep_sys_exit_thunk+0x2e/0x2e [ 94.632436] ? tracehook_report_syscall_exit+0x2f0/0x2f0 [ 94.637867] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.643387] ? exit_to_usermode_loop+0x1f4/0x370 [ 94.648124] ? syscall_slow_exit_work+0x500/0x500 [ 94.652964] __ia32_sys_sendto+0xdf/0x1a0 [ 94.657100] do_fast_syscall_32+0x34d/0xfb2 [ 94.661407] ? do_int80_syscall_32+0x890/0x890 [ 94.665974] ? _raw_spin_unlock_irq+0x27/0x70 [ 94.670455] ? finish_task_switch+0x1d3/0x890 [ 94.674934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.680457] ? syscall_return_slowpath+0x31d/0x5e0 [ 94.685369] ? sysret32_from_system_call+0x5/0x46 [ 94.690210] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 94.695041] entry_SYSENTER_compat+0x70/0x7f [ 94.699432] RIP: 0023:0xf7f94cb9 [ 94.702775] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 94.722019] RSP: 002b:00000000f5f900ac EFLAGS: 00000282 ORIG_RAX: 0000000000000171 [ 94.729713] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000020000000 [ 94.736962] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 00000000200000c0 [ 94.744212] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 [ 94.751463] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 94.758714] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 94.765971] [ 94.767579] Allocated by task 6390: [ 94.771193] save_stack+0x43/0xd0 [ 94.774626] kasan_kmalloc+0xc4/0xe0 [ 94.778325] kasan_slab_alloc+0x12/0x20 [ 94.782280] kmem_cache_alloc+0x12e/0x760 [ 94.786416] getname_flags+0xd0/0x5a0 [ 94.790196] getname+0x19/0x20 [ 94.793368] do_sys_open+0x3a2/0x760 [ 94.797060] __x64_sys_open+0x7e/0xc0 [ 94.800842] do_syscall_64+0x1b9/0x820 [ 94.804712] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.809879] [ 94.811485] Freed by task 6390: [ 94.814745] save_stack+0x43/0xd0 [ 94.818183] __kasan_slab_free+0x11a/0x170 [ 94.822399] kasan_slab_free+0xe/0x10 [ 94.826185] kmem_cache_free+0x86/0x2d0 [ 94.830142] putname+0xf2/0x130 [ 94.833401] do_sys_open+0x569/0x760 [ 94.837099] __x64_sys_open+0x7e/0xc0 [ 94.840884] do_syscall_64+0x1b9/0x820 [ 94.844755] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.849921] [ 94.851530] The buggy address belongs to the object at ffff8801c1154e40 [ 94.851530] which belongs to the cache names_cache of size 4096 [ 94.864689] The buggy address is located 3647 bytes to the left of [ 94.864689] 4096-byte region [ffff8801c1154e40, ffff8801c1155e40) [ 94.877159] The buggy address belongs to the page: [ 94.882071] page:ffffea0007045500 count:1 mapcount:0 mapping:ffff8801da987dc0 index:0x0 compound_mapcount: 0 [ 94.892027] flags: 0x2fffc0000008100(slab|head) [ 94.896694] raw: 02fffc0000008100 ffffea0006af2208 ffffea00072bd208 ffff8801da987dc0 [ 94.904560] raw: 0000000000000000 ffff8801c1154e40 0000000100000001 0000000000000000 [ 94.912418] page dumped because: kasan: bad access detected [ 94.918104] [ 94.919709] Memory state around the buggy address: [ 94.924617] ffff8801c1153f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 94.931957] ffff8801c1153f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 94.940116] >ffff8801c1154000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 94.947458] ^ [ 94.950804] ffff8801c1154080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 94.958141] ffff8801c1154100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 94.965476] ================================================================== [ 94.972810] Disabling lock debugging due to kernel taint [ 94.978358] Kernel panic - not syncing: panic_on_warn set ... [ 94.978358] [ 94.985733] CPU: 0 PID: 6641 Comm: syz-executor4 Tainted: G B 4.18.0-rc2+ #26 [ 94.994300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 95.003645] Call Trace: [ 95.006237] dump_stack+0x1c9/0x2b4 [ 95.009865] ? dump_stack_print_info.cold.2+0x52/0x52 [ 95.015060] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 95.019824] panic+0x238/0x4e7 [ 95.023019] ? add_taint.cold.5+0x16/0x16 [ 95.027176] ? do_raw_spin_unlock+0xa7/0x2f0 [ 95.031590] ? do_raw_spin_unlock+0xa7/0x2f0 [ 95.035999] ? ipv6_gso_pull_exthdrs+0x57a/0x5f0 [ 95.040752] kasan_end_report+0x47/0x4f [ 95.044723] kasan_report.cold.7+0x76/0x2fe [ 95.049046] __asan_report_load1_noabort+0x14/0x20 [ 95.053974] ipv6_gso_pull_exthdrs+0x57a/0x5f0 [ 95.058557] ? ip4ip6_gro_receive+0x100/0x100 [ 95.063054] ? graph_lock+0x170/0x170 [ 95.066851] ? task_numa_work+0xf00/0xf00 [ 95.070996] ipv6_gso_segment+0x37a/0x11e0 [ 95.075238] ? netdev_alert+0x78/0x170 [ 95.079133] ? sit_ip6ip6_gro_receive+0x100/0x100 [ 95.083978] ? kasan_check_read+0x11/0x20 [ 95.088122] ? rcu_is_watching+0x8c/0x150 [ 95.092266] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 95.096677] ? skb_network_protocol+0xfc/0x4c0 [ 95.101270] skb_mac_gso_segment+0x3b5/0x740 [ 95.105677] ? __lock_acquire+0x7fc/0x5020 [ 95.109911] ? sit_ip6ip6_gro_receive+0x100/0x100 [ 95.114758] ? skb_network_protocol+0x4c0/0x4c0 [ 95.119438] ? lock_acquire+0x1e4/0x540 [ 95.123419] ? skb_mac_gso_segment+0x229/0x740 [ 95.128008] nsh_gso_segment+0x470/0xb40 [ 95.132079] skb_mac_gso_segment+0x3b5/0x740 [ 95.136495] ? nsh_pop+0x500/0x500 [ 95.140041] ? skb_network_protocol+0x4c0/0x4c0 [ 95.144716] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 95.149902] ? skb_network_protocol+0xfc/0x4c0 [ 95.154462] ? sock_sendmsg+0xd5/0x120 [ 95.158329] ? __sys_sendto+0x3d7/0x670 [ 95.162278] ? __ia32_sys_sendto+0xdf/0x1a0 [ 95.166580] ? do_fast_syscall_32+0x34d/0xfb2 [ 95.171058] __skb_gso_segment+0x3c3/0x880 [ 95.175276] ? skb_mac_gso_segment+0x740/0x740 [ 95.179841] ? lock_acquire+0x1e4/0x540 [ 95.183797] ? __dev_queue_xmit+0x328/0x3910 [ 95.188191] validate_xmit_skb+0x640/0xf30 [ 95.192411] ? netif_skb_features+0xb70/0xb70 [ 95.196894] __dev_queue_xmit+0xc14/0x3910 [ 95.201118] ? netdev_pick_tx+0x2d0/0x2d0 [ 95.205249] ? graph_lock+0x170/0x170 [ 95.209033] ? skb_scrub_packet+0x580/0x580 [ 95.213337] ? trace_hardirqs_on+0x10/0x10 [ 95.217554] ? print_usage_bug+0xc0/0xc0 [ 95.221599] ? graph_lock+0x170/0x170 [ 95.225388] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.230907] ? find_held_lock+0x36/0x1c0 [ 95.234955] ? lock_downgrade+0x8f0/0x8f0 [ 95.239084] ? lock_release+0xa30/0xa30 [ 95.243040] ? check_same_owner+0x340/0x340 [ 95.247346] ? skb_set_owner_w+0x24e/0x360 [ 95.251565] ? kasan_check_write+0x14/0x20 [ 95.255784] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 95.260792] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 95.265789] ? __check_object_size+0x9d/0x5f2 [ 95.270265] ? usercopy_warn+0x120/0x120 [ 95.274308] ? _copy_from_iter_nocache+0x1050/0x1050 [ 95.279395] ? _copy_from_iter_full+0x2bc/0xd20 [ 95.284044] ? kasan_check_read+0x11/0x20 [ 95.288177] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.293697] ? skb_copy_datagram_from_iter+0x451/0x660 [ 95.298951] ? iov_iter_advance+0x14e0/0x14e0 [ 95.303431] dev_queue_xmit+0x17/0x20 [ 95.307216] ? dev_queue_xmit+0x17/0x20 [ 95.311171] packet_sendmsg+0x428e/0x6130 [ 95.315302] ? find_held_lock+0x36/0x1c0 [ 95.319352] ? kernel_poison_pages+0x1a9/0x220 [ 95.323917] ? packet_getname+0x5f0/0x5f0 [ 95.328046] ? do_raw_spin_unlock+0x91/0x2f0 [ 95.332434] ? expand_files.part.8+0x9c0/0x9c0 [ 95.336998] ? compat_start_thread+0x80/0x80 [ 95.341393] ? _raw_spin_unlock_irq+0x27/0x70 [ 95.345878] ? lock_downgrade+0x8f0/0x8f0 [ 95.350008] ? check_same_owner+0x340/0x340 [ 95.354313] ? __check_object_size+0x9d/0x5f2 [ 95.358793] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 95.364313] ? security_socket_sendmsg+0x94/0xc0 [ 95.369049] ? packet_getname+0x5f0/0x5f0 [ 95.373190] sock_sendmsg+0xd5/0x120 [ 95.376883] __sys_sendto+0x3d7/0x670 [ 95.380668] ? __ia32_sys_getpeername+0xb0/0xb0 [ 95.385317] ? rcu_pm_notify+0xc0/0xc0 [ 95.389191] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 95.394708] ? syscall_trace_enter+0x68e/0x1210 [ 95.399371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.404891] ? syscall_slow_exit_work+0x111/0x500 [ 95.409722] ? lockdep_sys_exit_thunk+0x2e/0x2e [ 95.414385] ? tracehook_report_syscall_exit+0x2f0/0x2f0 [ 95.419816] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.425335] ? exit_to_usermode_loop+0x1f4/0x370 [ 95.430078] ? syscall_slow_exit_work+0x500/0x500 [ 95.434901] __ia32_sys_sendto+0xdf/0x1a0 [ 95.439034] do_fast_syscall_32+0x34d/0xfb2 [ 95.443340] ? do_int80_syscall_32+0x890/0x890 [ 95.447992] ? _raw_spin_unlock_irq+0x27/0x70 [ 95.452468] ? finish_task_switch+0x1d3/0x890 [ 95.456944] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 95.462461] ? syscall_return_slowpath+0x31d/0x5e0 [ 95.467372] ? sysret32_from_system_call+0x5/0x46 [ 95.472208] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 95.477031] entry_SYSENTER_compat+0x70/0x7f [ 95.481419] RIP: 0023:0xf7f94cb9 [ 95.484767] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 95.503934] RSP: 002b:00000000f5f900ac EFLAGS: 00000282 ORIG_RAX: 0000000000000171 [ 95.511621] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000020000000 [ 95.518870] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 00000000200000c0 [ 95.526119] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 [ 95.533370] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 95.540617] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 95.548352] Dumping ftrace buffer: [ 95.551867] (ftrace buffer empty) [ 95.555549] Kernel Offset: disabled [ 95.559152] Rebooting in 86400 seconds..