[ 38.662011] audit: type=1400 audit(1573480405.085:38): avc: denied { create } for pid=6506 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 38.686211] audit: type=1400 audit(1573480405.086:39): avc: denied { create } for pid=6506 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 38.711648] audit: type=1400 audit(1573480405.086:40): avc: denied { create } for pid=6506 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 Warning: Permanently added '10.128.15.198' (ECDSA) to the list of known hosts. 2019/11/11 13:53:31 parsed 1 programs 2019/11/11 13:53:32 executed programs: 0 [ 45.620702] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready [ 45.629054] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready [ 45.639724] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready [ 45.639758] IPVS: ftp: loaded support on port[0] = 21 [ 45.661332] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready [ 45.671578] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready [ 45.679284] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready [ 45.699217] IPVS: ftp: loaded support on port[0] = 21 [ 45.732950] IPVS: ftp: loaded support on port[0] = 21 [ 45.781068] chnl_net:caif_netlink_parms(): no params data found [ 45.800912] IPVS: ftp: loaded support on port[0] = 21 [ 45.850666] chnl_net:caif_netlink_parms(): no params data found [ 45.871862] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.878237] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.884966] device bridge_slave_0 entered promiscuous mode [ 45.894709] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.901106] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.907817] device bridge_slave_1 entered promiscuous mode [ 45.954746] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.961583] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.968235] device bridge_slave_0 entered promiscuous mode [ 46.003641] IPVS: ftp: loaded support on port[0] = 21 [ 46.004849] chnl_net:caif_netlink_parms(): no params data found [ 46.015034] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.015055] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.015665] device bridge_slave_1 entered promiscuous mode [ 46.021766] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.022818] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.045304] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.046324] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.052535] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.052922] team0: Port device team_slave_0 added [ 46.053609] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.053960] team0: Port device team_slave_1 added [ 46.054396] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.054737] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.124570] device hsr_slave_0 entered promiscuous mode [ 46.160344] device hsr_slave_1 entered promiscuous mode [ 46.200864] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.207888] team0: Port device team_slave_0 added [ 46.213209] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.219531] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.226353] device bridge_slave_0 entered promiscuous mode [ 46.234475] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.240837] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.247761] device bridge_slave_1 entered promiscuous mode [ 46.257726] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.265469] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.272538] team0: Port device team_slave_1 added [ 46.277679] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.286584] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.307891] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.323777] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.342764] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.365117] chnl_net:caif_netlink_parms(): no params data found [ 46.379499] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.387681] team0: Port device team_slave_0 added [ 46.431760] device hsr_slave_0 entered promiscuous mode [ 46.490216] device hsr_slave_1 entered promiscuous mode [ 46.540733] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.563608] IPVS: ftp: loaded support on port[0] = 21 [ 46.572548] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.579453] team0: Port device team_slave_1 added [ 46.587503] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.608649] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.615714] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.622771] device bridge_slave_0 entered promiscuous mode [ 46.629805] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.638815] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.659659] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.666065] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.672998] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.679331] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.688716] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.695148] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.702395] device bridge_slave_1 entered promiscuous mode [ 46.766112] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.831854] device hsr_slave_0 entered promiscuous mode [ 46.880203] device hsr_slave_1 entered promiscuous mode [ 46.942517] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.949448] chnl_net:caif_netlink_parms(): no params data found [ 46.967810] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.974211] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.980809] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.987139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.998410] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.016588] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.024164] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.031200] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.037685] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.046211] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 47.086834] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.093595] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.101077] device bridge_slave_0 entered promiscuous mode [ 47.107857] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.114738] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.121699] device bridge_slave_1 entered promiscuous mode [ 47.147664] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.154762] team0: Port device team_slave_0 added [ 47.165864] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 47.176781] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.187589] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.195472] team0: Port device team_slave_1 added [ 47.215589] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.234110] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.243554] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.251703] team0: Port device team_slave_0 added [ 47.257172] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.264519] team0: Port device team_slave_1 added [ 47.269770] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.278031] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.286154] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.392565] device hsr_slave_0 entered promiscuous mode [ 47.430270] device hsr_slave_1 entered promiscuous mode [ 47.485102] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 47.533014] device hsr_slave_0 entered promiscuous mode [ 47.570195] device hsr_slave_1 entered promiscuous mode [ 47.630607] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 47.637410] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 47.644193] chnl_net:caif_netlink_parms(): no params data found [ 47.663444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.675968] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 47.708953] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.716974] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.724171] device bridge_slave_0 entered promiscuous mode [ 47.736389] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.751578] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.759482] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.766534] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.775159] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.782336] device bridge_slave_1 entered promiscuous mode [ 47.793403] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.807334] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 47.819734] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 47.826429] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.835921] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.842272] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.848816] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.855264] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.866988] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.873665] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.881081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.888552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.898739] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.905100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.913639] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.928210] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 47.935131] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.962196] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.969110] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.976179] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.984270] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.990638] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.998104] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.005775] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.017536] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.031114] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.038563] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.044905] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.053560] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 48.080687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.088322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.098269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.105967] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.112324] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.120359] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.127274] team0: Port device team_slave_0 added [ 48.137113] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 48.145607] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.160985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.168100] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.179565] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.187429] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.195598] team0: Port device team_slave_1 added [ 48.201260] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.214039] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.234812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.242783] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.249585] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.261192] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.267512] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.274588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.282325] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.288643] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.295653] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.308893] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 48.318872] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 48.329196] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 48.362073] device hsr_slave_0 entered promiscuous mode [ 48.400166] device hsr_slave_1 entered promiscuous mode [ 48.440679] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 48.447710] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 48.456562] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.464196] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.471873] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.479504] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 48.489880] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 48.505637] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.521049] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 48.533395] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 48.539446] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.551166] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.558974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.566415] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.576543] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 48.583137] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.601474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.609762] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.617974] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.624378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.632792] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.640562] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.647895] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.656764] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.677695] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.689883] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.696260] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.703351] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.711259] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.717563] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.724678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.732314] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.738615] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.746018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.773559] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.795547] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.803564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.812419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.819833] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.828701] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 48.840691] audit: type=1400 audit(1573480415.260:41): avc: denied { associate } for pid=6607 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 48.843981] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.874892] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 48.874896] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 48.875398] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 48.879808] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.880433] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.880714] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.880952] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.881243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.889476] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 48.942498] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.945013] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 48.949924] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 48.949929] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.955006] FAULT_INJECTION: forcing a failure. [ 48.955006] name failslab, interval 1, probability 0, space 0, times 1 [ 48.955017] CPU: 0 PID: 6702 Comm: syz-executor.0 Not tainted 4.13.0-rc4+ #0 [ 48.955019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.955022] Call Trace: [ 48.955032] dump_stack+0x145/0x1e1 [ 48.955038] ? arch_local_irq_restore+0x43/0x43 [ 48.955045] ? ip_finish_output2+0x86f/0x1400 [ 48.955051] ? trace_hardirqs_on+0xd/0x10 [ 48.955056] ? __local_bh_enable_ip+0x9c/0x170 [ 48.955071] should_fail.cold.4+0x5/0x15 [ 48.955078] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 48.955085] ? find_held_lock+0x36/0x1c0 [ 48.955097] ? __lock_is_held+0xb5/0x140 [ 48.955107] ? debug_check_no_locks_freed+0x310/0x310 [ 48.955112] ? find_held_lock+0x36/0x1c0 [ 48.955121] ? trace_hardirqs_off+0x10/0x10 [ 48.955128] should_failslab+0xba/0xf0 [ 48.955134] kmem_cache_alloc_trace+0x44/0x7a0 [ 48.955141] ? mod_timer_pending+0xfa0/0xfa0 [ 48.955145] ? debug_smp_processor_id+0x17/0x20 [ 48.955150] ? rcu_is_watching+0x61/0x170 [ 48.955160] dccp_ackvec_parsed_add+0xa2/0x360 [ 48.955166] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 48.955175] ccid2_hc_tx_parse_options+0x5b/0x80 [ 48.955180] dccp_parse_options+0x523/0xf90 [ 48.955191] dccp_rcv_established+0x23/0x70 [ 48.955196] dccp_v4_do_rcv+0xfa/0x160 [ 48.955202] __release_sock+0x10b/0x330 [ 48.955210] release_sock+0x9a/0x270 [ 48.955215] ? __release_sock+0x330/0x330 [ 48.955219] ? dccp_qpolicy_top+0x67/0x80 [ 48.955222] ? dccp_write_xmit+0x3b/0x180 [ 48.955228] dccp_sendmsg+0x57f/0xda0 [ 48.955232] ? lock_release+0x960/0x960 [ 48.955236] ? check_same_owner+0x320/0x320 [ 48.955243] ? dccp_getsockopt+0xd0/0xd0 [ 48.955247] ? sock_has_perm+0x278/0x420 [ 48.955252] ? selinux_tun_dev_create+0xc0/0xc0 [ 48.955257] ? dup_iter+0x1d2/0x250 [ 48.955267] inet_sendmsg+0x148/0x5a0 [ 48.955272] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 48.955275] ? rcu_pm_notify+0xc0/0xc0 [ 48.955279] ? inet_recvmsg+0x790/0x790 [ 48.955284] ? selinux_socket_sendmsg+0x31/0x40 [ 48.955287] ? security_socket_sendmsg+0x6a/0xa0 [ 48.955291] ? inet_recvmsg+0x790/0x790 [ 48.955295] sock_sendmsg+0xb5/0xf0 [ 48.955300] ___sys_sendmsg+0x2a7/0x9a0 [ 48.955308] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 48.955312] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 48.955318] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 48.955322] ? find_held_lock+0x36/0x1c0 [ 48.955331] ? __might_fault+0xf1/0x1b0 [ 48.955335] ? lock_downgrade+0x830/0x830 [ 48.955346] ? check_same_owner+0x320/0x320 [ 48.955350] ? __might_sleep+0x93/0xb0 [ 48.955358] __sys_sendmmsg+0x1ae/0x590 [ 48.955365] ? SyS_sendmsg+0x20/0x20 [ 48.955371] ? __lock_is_held+0xb5/0x140 [ 48.955374] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 48.955386] ? __sb_end_write+0xa4/0xd0 [ 48.955394] ? mutex_unlock+0xd/0x10 [ 48.955398] ? __f_unlock_pos+0xd/0x10 [ 48.955402] ? SyS_write+0x199/0x240 [ 48.955408] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 48.955413] ? trace_hardirqs_on_caller+0x40c/0x580 [ 48.955420] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 48.955425] SyS_sendmmsg+0xd/0x20 [ 48.955429] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 48.955433] RIP: 0033:0x45a219 [ 48.955436] RSP: 002b:00007f0378977c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 48.955441] RAX: ffffffffffffffda RBX: 00007f0378977c90 RCX: 000000000045a219 [ 48.955443] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 48.955445] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 48.955447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 48.955449] R13: 00007fff0aa350cf R14: 00007f03789789c0 R15: 000000000075bf2c [ 48.955519] dccp_parse_options: DCCP(ffff88011c95d480): Option 38 (len=1) error=5 [ 48.971885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.978799] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.979037] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.979057] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.979388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.988873] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.989106] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.989129] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.035734] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.036093] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.044889] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.049042] FAULT_INJECTION: forcing a failure. [ 49.049042] name failslab, interval 1, probability 0, space 0, times 0 [ 49.049049] CPU: 1 PID: 6718 Comm: syz-executor.1 Not tainted 4.13.0-rc4+ #0 [ 49.049052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.049054] Call Trace: [ 49.049065] dump_stack+0x145/0x1e1 [ 49.049072] ? arch_local_irq_restore+0x43/0x43 [ 49.049080] ? ip_finish_output2+0x86f/0x1400 [ 49.049087] ? trace_hardirqs_on+0xd/0x10 [ 49.049092] ? __local_bh_enable_ip+0x9c/0x170 [ 49.049101] should_fail.cold.4+0x5/0x15 [ 49.049107] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 49.049116] ? find_held_lock+0x36/0x1c0 [ 49.049129] ? __lock_is_held+0xb5/0x140 [ 49.049146] ? debug_check_no_locks_freed+0x310/0x310 [ 49.049151] ? find_held_lock+0x36/0x1c0 [ 49.049161] ? trace_hardirqs_off+0x10/0x10 [ 49.049169] should_failslab+0xba/0xf0 [ 49.049177] kmem_cache_alloc_trace+0x44/0x7a0 [ 49.049183] ? mod_timer_pending+0xfa0/0xfa0 [ 49.049188] ? debug_smp_processor_id+0x17/0x20 [ 49.049193] ? rcu_is_watching+0x61/0x170 [ 49.049203] dccp_ackvec_parsed_add+0xa2/0x360 [ 49.049209] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 49.049220] ccid2_hc_tx_parse_options+0x5b/0x80 [ 49.049226] dccp_parse_options+0x523/0xf90 [ 49.049240] dccp_rcv_established+0x23/0x70 [ 49.049245] dccp_v4_do_rcv+0xfa/0x160 [ 49.049253] __release_sock+0x10b/0x330 [ 49.049263] release_sock+0x9a/0x270 [ 49.049268] ? __release_sock+0x330/0x330 [ 49.049273] ? dccp_qpolicy_top+0x67/0x80 [ 49.049278] ? dccp_write_xmit+0x3b/0x180 [ 49.049285] dccp_sendmsg+0x57f/0xda0 [ 49.049289] ? lock_release+0x960/0x960 [ 49.049294] ? check_same_owner+0x320/0x320 [ 49.049303] ? dccp_getsockopt+0xd0/0xd0 [ 49.049307] ? sock_has_perm+0x278/0x420 [ 49.049313] ? selinux_tun_dev_create+0xc0/0xc0 [ 49.049319] ? dup_iter+0x1d2/0x250 [ 49.049330] inet_sendmsg+0x148/0x5a0 [ 49.049335] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 49.049339] ? rcu_pm_notify+0xc0/0xc0 [ 49.049344] ? inet_recvmsg+0x790/0x790 [ 49.049350] ? selinux_socket_sendmsg+0x31/0x40 [ 49.049354] ? security_socket_sendmsg+0x6a/0xa0 [ 49.049359] ? inet_recvmsg+0x790/0x790 [ 49.049364] sock_sendmsg+0xb5/0xf0 [ 49.049370] ___sys_sendmsg+0x2a7/0x9a0 [ 49.049379] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 49.049384] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 49.049390] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 49.049396] ? find_held_lock+0x36/0x1c0 [ 49.049406] ? __might_fault+0xf1/0x1b0 [ 49.049411] ? lock_downgrade+0x830/0x830 [ 49.049426] ? check_same_owner+0x320/0x320 [ 49.049430] ? __might_sleep+0x93/0xb0 [ 49.049440] __sys_sendmmsg+0x1ae/0x590 [ 49.049448] ? SyS_sendmsg+0x20/0x20 [ 49.049455] ? __lock_is_held+0xb5/0x140 [ 49.049459] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 49.049474] ? __sb_end_write+0xa4/0xd0 [ 49.049483] ? mutex_unlock+0xd/0x10 [ 49.049488] ? __f_unlock_pos+0xd/0x10 [ 49.049492] ? SyS_write+0x199/0x240 [ 49.049511] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 49.049516] ? trace_hardirqs_on_caller+0x40c/0x580 [ 49.049522] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 49.049529] SyS_sendmmsg+0xd/0x20 [ 49.049534] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 49.049538] RIP: 0033:0x45a219 [ 49.049541] RSP: 002b:00007f4c965f9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 49.049547] RAX: ffffffffffffffda RBX: 00007f4c965f9c90 RCX: 000000000045a219 [ 49.049550] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 49.049552] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 49.049561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 49.049564] R13: 00007ffd3709072f R14: 00007f4c965fa9c0 R15: 000000000075bf2c [ 49.049653] dccp_parse_options: DCCP(ffff88011c374b00): Option 38 (len=1) error=5 [ 49.053545] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.057073] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.074787] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.101783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.144006] FAULT_INJECTION: forcing a failure. [ 49.144006] name failslab, interval 1, probability 0, space 0, times 0 [ 49.144014] CPU: 0 PID: 6732 Comm: syz-executor.3 Not tainted 4.13.0-rc4+ #0 [ 49.144016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.144019] Call Trace: [ 49.144029] dump_stack+0x145/0x1e1 [ 49.144036] ? arch_local_irq_restore+0x43/0x43 [ 49.144043] ? ip_finish_output2+0x86f/0x1400 [ 49.144054] ? trace_hardirqs_on+0xd/0x10 [ 49.144059] ? __local_bh_enable_ip+0x9c/0x170 [ 49.144067] should_fail.cold.4+0x5/0x15 [ 49.144073] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 49.144080] ? find_held_lock+0x36/0x1c0 [ 49.144092] ? __lock_is_held+0xb5/0x140 [ 49.144102] ? debug_check_no_locks_freed+0x310/0x310 [ 49.144107] ? find_held_lock+0x36/0x1c0 [ 49.144115] ? trace_hardirqs_off+0x10/0x10 [ 49.144123] should_failslab+0xba/0xf0 [ 49.144129] kmem_cache_alloc_trace+0x44/0x7a0 [ 49.144135] ? mod_timer_pending+0xfa0/0xfa0 [ 49.144141] ? debug_smp_processor_id+0x17/0x20 [ 49.144145] ? rcu_is_watching+0x61/0x170 [ 49.144155] dccp_ackvec_parsed_add+0xa2/0x360 [ 49.144160] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 49.144170] ccid2_hc_tx_parse_options+0x5b/0x80 [ 49.144175] dccp_parse_options+0x523/0xf90 [ 49.144187] dccp_rcv_established+0x23/0x70 [ 49.144193] dccp_v4_do_rcv+0xfa/0x160 [ 49.144200] __release_sock+0x10b/0x330 [ 49.144209] release_sock+0x9a/0x270 [ 49.144214] ? __release_sock+0x330/0x330 [ 49.144219] ? dccp_qpolicy_top+0x67/0x80 [ 49.144223] ? dccp_write_xmit+0x3b/0x180 [ 49.144230] dccp_sendmsg+0x57f/0xda0 [ 49.144233] ? lock_release+0x960/0x960 [ 49.144238] ? check_same_owner+0x320/0x320 [ 49.144245] ? dccp_getsockopt+0xd0/0xd0 [ 49.144250] ? sock_has_perm+0x278/0x420 [ 49.144255] ? selinux_tun_dev_create+0xc0/0xc0 [ 49.144260] ? dup_iter+0x1d2/0x250 [ 49.144270] inet_sendmsg+0x148/0x5a0 [ 49.144274] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 49.144278] ? rcu_pm_notify+0xc0/0xc0 [ 49.144282] ? inet_recvmsg+0x790/0x790 [ 49.144287] ? selinux_socket_sendmsg+0x31/0x40 [ 49.144291] ? security_socket_sendmsg+0x6a/0xa0 [ 49.144296] ? inet_recvmsg+0x790/0x790 [ 49.144300] sock_sendmsg+0xb5/0xf0 [ 49.144306] ___sys_sendmsg+0x2a7/0x9a0 [ 49.144314] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 49.144319] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 49.144325] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 49.144330] ? find_held_lock+0x36/0x1c0 [ 49.144340] ? __might_fault+0xf1/0x1b0 [ 49.144344] ? lock_downgrade+0x830/0x830 [ 49.144357] ? check_same_owner+0x320/0x320 [ 49.144361] ? __might_sleep+0x93/0xb0 [ 49.144370] __sys_sendmmsg+0x1ae/0x590 [ 49.144382] ? SyS_sendmsg+0x20/0x20 [ 49.144388] ? __lock_is_held+0xb5/0x140 [ 49.144392] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 49.144405] ? __sb_end_write+0xa4/0xd0 [ 49.144412] ? mutex_unlock+0xd/0x10 [ 49.144416] ? __f_unlock_pos+0xd/0x10 [ 49.144420] ? SyS_write+0x199/0x240 [ 49.144425] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 49.144430] ? trace_hardirqs_on_caller+0x40c/0x580 [ 49.144436] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 49.144442] SyS_sendmmsg+0xd/0x20 [ 49.144446] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 49.144451] RIP: 0033:0x45a219 [ 49.144453] RSP: 002b:00007ff2a37c4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 49.144458] RAX: ffffffffffffffda RBX: 00007ff2a37c4c90 RCX: 000000000045a219 [ 49.144461] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 49.144463] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 49.144465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 49.144468] R13: 00007fff9308e3bf R14: 00007ff2a37c59c0 R15: 000000000075bf2c [ 49.145710] dccp_parse_options: DCCP(ffff88011c95cac0): Option 38 (len=1) error=5 [ 49.239083] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.241571] FAULT_INJECTION: forcing a failure. [ 49.241571] name failslab, interval 1, probability 0, space 0, times 0 2019/11/11 13:53:37 executed programs: 18 [ 49.241577] CPU: 0 PID: 6750 Comm: syz-executor.2 Not tainted 4.13.0-rc4+ #0 [ 49.241580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.241582] Call Trace: [ 49.241592] dump_stack+0x145/0x1e1 [ 49.241599] ? arch_local_irq_restore+0x43/0x43 [ 49.241606] ? ip_finish_output2+0x86f/0x1400 [ 49.241612] ? trace_hardirqs_on+0xd/0x10 [ 49.241617] ? __local_bh_enable_ip+0x9c/0x170 [ 49.241625] should_fail.cold.4+0x5/0x15 [ 49.241631] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 49.241640] ? find_held_lock+0x36/0x1c0 [ 49.241653] ? __lock_is_held+0xb5/0x140 [ 49.241662] ? debug_check_no_locks_freed+0x310/0x310 [ 49.241668] ? find_held_lock+0x36/0x1c0 [ 49.241677] ? trace_hardirqs_off+0x10/0x10 [ 49.241685] should_failslab+0xba/0xf0 [ 49.241692] kmem_cache_alloc_trace+0x44/0x7a0 [ 49.241698] ? mod_timer_pending+0xfa0/0xfa0 [ 49.241703] ? debug_smp_processor_id+0x17/0x20 [ 49.241708] ? rcu_is_watching+0x61/0x170 [ 49.241719] dccp_ackvec_parsed_add+0xa2/0x360 [ 49.241724] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 49.241735] ccid2_hc_tx_parse_options+0x5b/0x80 [ 49.241741] dccp_parse_options+0x523/0xf90 [ 49.241753] dccp_rcv_established+0x23/0x70 [ 49.241759] dccp_v4_do_rcv+0xfa/0x160 [ 49.241766] __release_sock+0x10b/0x330 [ 49.241776] release_sock+0x9a/0x270 [ 49.241781] ? __release_sock+0x330/0x330 [ 49.241786] ? dccp_qpolicy_top+0x67/0x80 [ 49.241790] ? dccp_write_xmit+0x3b/0x180 [ 49.241797] dccp_sendmsg+0x57f/0xda0 [ 49.241801] ? lock_release+0x960/0x960 [ 49.241806] ? check_same_owner+0x320/0x320 [ 49.241814] ? dccp_getsockopt+0xd0/0xd0 [ 49.241818] ? sock_has_perm+0x278/0x420 [ 49.241824] ? selinux_tun_dev_create+0xc0/0xc0 [ 49.241828] ? dup_iter+0x1d2/0x250 [ 49.241839] inet_sendmsg+0x148/0x5a0 [ 49.241844] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 49.241847] ? rcu_pm_notify+0xc0/0xc0 [ 49.241851] ? inet_recvmsg+0x790/0x790 [ 49.241857] ? selinux_socket_sendmsg+0x31/0x40 [ 49.241861] ? security_socket_sendmsg+0x6a/0xa0 [ 49.241866] ? inet_recvmsg+0x790/0x790 [ 49.241871] sock_sendmsg+0xb5/0xf0 [ 49.241882] ___sys_sendmsg+0x2a7/0x9a0 [ 49.241891] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 49.241895] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 49.241902] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 49.241908] ? find_held_lock+0x36/0x1c0 [ 49.241919] ? __might_fault+0xf1/0x1b0 [ 49.241924] ? lock_downgrade+0x830/0x830 [ 49.241937] ? check_same_owner+0x320/0x320 [ 49.241942] ? __might_sleep+0x93/0xb0 [ 49.241951] __sys_sendmmsg+0x1ae/0x590 [ 49.241959] ? SyS_sendmsg+0x20/0x20 [ 49.241966] ? __lock_is_held+0xb5/0x140 [ 49.241969] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 49.241984] ? __sb_end_write+0xa4/0xd0 [ 49.241992] ? mutex_unlock+0xd/0x10 [ 49.241997] ? __f_unlock_pos+0xd/0x10 [ 49.242001] ? SyS_write+0x199/0x240 [ 49.242006] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 49.242012] ? trace_hardirqs_on_caller+0x40c/0x580 [ 49.242018] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 49.242025] SyS_sendmmsg+0xd/0x20 [ 49.242030] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 49.242034] RIP: 0033:0x45a219 [ 49.242037] RSP: 002b:00007fe88224ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 49.242046] RAX: ffffffffffffffda RBX: 00007fe88224ec90 RCX: 000000000045a219 [ 49.242049] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 49.242051] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 49.242054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 49.242056] R13: 00007ffc2edd460f R14: 00007fe88224f9c0 R15: 000000000075bf2c [ 49.243322] dccp_parse_options: DCCP(ffff88011c95c100): Option 38 (len=1) error=5 [ 49.297117] FAULT_INJECTION: forcing a failure. [ 49.297117] name failslab, interval 1, probability 0, space 0, times 0 [ 49.297124] CPU: 1 PID: 6756 Comm: syz-executor.5 Not tainted 4.13.0-rc4+ #0 [ 49.297127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.297129] Call Trace: [ 49.297139] dump_stack+0x145/0x1e1 [ 49.297145] ? arch_local_irq_restore+0x43/0x43 [ 49.297153] ? ip_finish_output2+0x86f/0x1400 [ 49.297160] ? trace_hardirqs_on+0xd/0x10 [ 49.297165] ? __local_bh_enable_ip+0x9c/0x170 [ 49.297173] should_fail.cold.4+0x5/0x15 [ 49.297180] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 49.297188] ? find_held_lock+0x36/0x1c0 [ 49.297202] ? __lock_is_held+0xb5/0x140 [ 49.297212] ? debug_check_no_locks_freed+0x310/0x310 [ 49.297218] ? find_held_lock+0x36/0x1c0 [ 49.297227] ? trace_hardirqs_off+0x10/0x10 [ 49.297235] should_failslab+0xba/0xf0 [ 49.297242] kmem_cache_alloc_trace+0x44/0x7a0 [ 49.297248] ? mod_timer_pending+0xfa0/0xfa0 [ 49.297254] ? debug_smp_processor_id+0x17/0x20 [ 49.297259] ? rcu_is_watching+0x61/0x170 [ 49.297269] dccp_ackvec_parsed_add+0xa2/0x360 [ 49.297275] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 49.297287] ccid2_hc_tx_parse_options+0x5b/0x80 [ 49.297292] dccp_parse_options+0x523/0xf90 [ 49.297305] dccp_rcv_established+0x23/0x70 [ 49.297311] dccp_v4_do_rcv+0xfa/0x160 [ 49.297318] __release_sock+0x10b/0x330 [ 49.297328] release_sock+0x9a/0x270 [ 49.297334] ? __release_sock+0x330/0x330 [ 49.297339] ? dccp_qpolicy_top+0x67/0x80 [ 49.297343] ? dccp_write_xmit+0x3b/0x180 [ 49.297350] dccp_sendmsg+0x57f/0xda0 [ 49.297354] ? lock_release+0x960/0x960 [ 49.297358] ? check_same_owner+0x320/0x320 [ 49.297364] ? dccp_getsockopt+0xd0/0xd0 [ 49.297368] ? sock_has_perm+0x278/0x420 [ 49.297374] ? selinux_tun_dev_create+0xc0/0xc0 [ 49.297379] ? dup_iter+0x1d2/0x250 [ 49.297391] inet_sendmsg+0x148/0x5a0 [ 49.297396] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 49.297400] ? rcu_pm_notify+0xc0/0xc0 [ 49.297404] ? inet_recvmsg+0x790/0x790 [ 49.297409] ? selinux_socket_sendmsg+0x31/0x40 [ 49.297414] ? security_socket_sendmsg+0x6a/0xa0 [ 49.297418] ? inet_recvmsg+0x790/0x790 [ 49.297423] sock_sendmsg+0xb5/0xf0 [ 49.297428] ___sys_sendmsg+0x2a7/0x9a0 [ 49.297437] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 49.297441] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 49.297447] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 49.297459] ? find_held_lock+0x36/0x1c0 [ 49.297469] ? __might_fault+0xf1/0x1b0 [ 49.297473] ? lock_downgrade+0x830/0x830 [ 49.297485] ? check_same_owner+0x320/0x320 [ 49.297489] ? __might_sleep+0x93/0xb0 [ 49.297498] __sys_sendmmsg+0x1ae/0x590 [ 49.297506] ? SyS_sendmsg+0x20/0x20 [ 49.297512] ? __lock_is_held+0xb5/0x140 [ 49.297516] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 49.297531] ? __sb_end_write+0xa4/0xd0 [ 49.297545] ? mutex_unlock+0xd/0x10 [ 49.297550] ? __f_unlock_pos+0xd/0x10 [ 49.297555] ? SyS_write+0x199/0x240 [ 49.297560] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 49.297566] ? trace_hardirqs_on_caller+0x40c/0x580 [ 49.297572] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 49.297580] SyS_sendmmsg+0xd/0x20 [ 49.297584] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 49.297588] RIP: 0033:0x45a219 [ 49.297591] RSP: 002b:00007f1e5de22c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 49.297597] RAX: ffffffffffffffda RBX: 00007f1e5de22c90 RCX: 000000000045a219 [ 49.297599] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 49.297601] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 49.297604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 49.297606] R13: 00007ffd14464d5f R14: 00007f1e5de239c0 R15: 000000000075bf2c [ 49.299882] dccp_parse_options: DCCP(ffff88011c374b00): Option 38 (len=1) error=5 [ 49.358826] FAULT_INJECTION: forcing a failure. [ 49.358826] name failslab, interval 1, probability 0, space 0, times 0 [ 49.358832] CPU: 0 PID: 6771 Comm: syz-executor.4 Not tainted 4.13.0-rc4+ #0 [ 49.358835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.358837] Call Trace: [ 49.358847] dump_stack+0x145/0x1e1 [ 49.358854] ? arch_local_irq_restore+0x43/0x43 [ 49.358861] ? ip_finish_output2+0x86f/0x1400 [ 49.358868] ? trace_hardirqs_on+0xd/0x10 [ 49.358873] ? __local_bh_enable_ip+0x9c/0x170 [ 49.358881] should_fail.cold.4+0x5/0x15 [ 49.358887] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 49.358896] ? find_held_lock+0x36/0x1c0 [ 49.358908] ? __lock_is_held+0xb5/0x140 [ 49.358917] ? debug_check_no_locks_freed+0x310/0x310 [ 49.358923] ? find_held_lock+0x36/0x1c0 [ 49.358933] ? trace_hardirqs_off+0x10/0x10 [ 49.358941] should_failslab+0xba/0xf0 [ 49.358948] kmem_cache_alloc_trace+0x44/0x7a0 [ 49.358954] ? mod_timer_pending+0xfa0/0xfa0 [ 49.358959] ? debug_smp_processor_id+0x17/0x20 [ 49.358965] ? rcu_is_watching+0x61/0x170 [ 49.358975] dccp_ackvec_parsed_add+0xa2/0x360 [ 49.358980] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 49.358992] ccid2_hc_tx_parse_options+0x5b/0x80 [ 49.358997] dccp_parse_options+0x523/0xf90 [ 49.359010] dccp_rcv_established+0x23/0x70 [ 49.359015] dccp_v4_do_rcv+0xfa/0x160 [ 49.359022] __release_sock+0x10b/0x330 [ 49.359041] release_sock+0x9a/0x270 [ 49.359047] ? __release_sock+0x330/0x330 [ 49.359052] ? dccp_qpolicy_top+0x67/0x80 [ 49.359057] ? dccp_write_xmit+0x3b/0x180 [ 49.359064] dccp_sendmsg+0x57f/0xda0 [ 49.359068] ? lock_release+0x960/0x960 [ 49.359073] ? check_same_owner+0x320/0x320 [ 49.359081] ? dccp_getsockopt+0xd0/0xd0 [ 49.359087] ? sock_has_perm+0x278/0x420 [ 49.359093] ? selinux_tun_dev_create+0xc0/0xc0 [ 49.359099] ? dup_iter+0x1d2/0x250 [ 49.359110] inet_sendmsg+0x148/0x5a0 [ 49.359115] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 49.359119] ? rcu_pm_notify+0xc0/0xc0 [ 49.359123] ? inet_recvmsg+0x790/0x790 [ 49.359128] ? selinux_socket_sendmsg+0x31/0x40 [ 49.359132] ? security_socket_sendmsg+0x6a/0xa0 [ 49.359137] ? inet_recvmsg+0x790/0x790 [ 49.359142] sock_sendmsg+0xb5/0xf0 [ 49.359148] ___sys_sendmsg+0x2a7/0x9a0 [ 49.359156] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 49.359161] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 49.359167] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 49.359173] ? find_held_lock+0x36/0x1c0 [ 49.359184] ? __might_fault+0xf1/0x1b0 [ 49.359189] ? lock_downgrade+0x830/0x830 [ 49.359203] ? check_same_owner+0x320/0x320 [ 49.359208] ? __might_sleep+0x93/0xb0 [ 49.359217] __sys_sendmmsg+0x1ae/0x590 [ 49.359226] ? SyS_sendmsg+0x20/0x20 [ 49.359233] ? __lock_is_held+0xb5/0x140 [ 49.359236] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 49.359251] ? __sb_end_write+0xa4/0xd0 [ 49.359260] ? mutex_unlock+0xd/0x10 [ 49.359265] ? __f_unlock_pos+0xd/0x10 [ 49.359269] ? SyS_write+0x199/0x240 [ 49.359275] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 49.359280] ? trace_hardirqs_on_caller+0x40c/0x580 [ 49.359288] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 49.359295] SyS_sendmmsg+0xd/0x20 [ 49.359299] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 49.359305] RIP: 0033:0x45a219 [ 49.359307] RSP: 002b:00007fea8228cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 49.359313] RAX: ffffffffffffffda RBX: 00007fea8228cc90 RCX: 000000000045a219 [ 49.359316] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 49.359318] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 49.359321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 49.359324] R13: 00007ffe5710e7cf R14: 00007fea8228d9c0 R15: 000000000075bf2c [ 49.359542] dccp_parse_options: DCCP(ffff880106c82b40): Option 38 (len=1) error=5 [ 51.727791] audit: type=1400 audit(1573480415.340:42): avc: denied { name_bind } for pid=6701 comm="syz-executor.0" src=20003 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 51.764698] audit: type=1400 audit(1573480415.340:43): avc: denied { node_bind } for pid=6701 comm="syz-executor.0" src=20003 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 [ 51.791332] audit: type=1400 audit(1573480415.340:44): avc: denied { name_connect } for pid=6701 comm="syz-executor.0" dest=20003 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 2019/11/11 13:53:42 executed programs: 56 2019/11/11 13:53:47 executed programs: 95 2019/11/11 13:53:52 executed programs: 132 2019/11/11 13:53:57 executed programs: 170 2019/11/11 13:54:02 executed programs: 208 2019/11/11 13:54:07 executed programs: 246 2019/11/11 13:54:12 executed programs: 284 2019/11/11 13:54:17 executed programs: 322 2019/11/11 13:54:23 executed programs: 360 2019/11/11 13:54:28 executed programs: 398 2019/11/11 13:54:33 executed programs: 436 [ 110.699185] FAULT_INJECTION: forcing a failure. [ 110.699185] name failslab, interval 1, probability 0, space 0, times 0 [ 110.710495] CPU: 0 PID: 8579 Comm: syz-executor.0 Not tainted 4.13.0-rc4+ #0 [ 110.717886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 110.727239] Call Trace: [ 110.729829] dump_stack+0x145/0x1e1 [ 110.733453] ? arch_local_irq_restore+0x43/0x43 [ 110.738115] ? find_held_lock+0x36/0x1c0 [ 110.742174] should_fail.cold.4+0x5/0x15 [ 110.746240] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 110.751351] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 110.755932] ? rcu_is_watching+0x61/0x170 [ 110.760070] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 110.764653] ? __lock_is_held+0xb5/0x140 [ 110.768715] ? depot_save_stack+0x12b/0x423 [ 110.773033] ? check_same_owner+0x320/0x320 [ 110.777349] ? mark_held_locks+0xc7/0x130 [ 110.777765] FAULT_INJECTION: forcing a failure. [ 110.777765] name failslab, interval 1, probability 0, space 0, times 0 [ 110.792681] should_failslab+0xba/0xf0 [ 110.796570] kmem_cache_alloc_trace+0x2e3/0x7a0 [ 110.801262] ? sock_sendmsg+0xb5/0xf0 [ 110.805060] ? ___sys_sendmsg+0x2a7/0x9a0 [ 110.809200] ? __sys_sendmmsg+0x1ae/0x590 [ 110.813336] ? SyS_sendmmsg+0xd/0x20 [ 110.817051] ? entry_SYSCALL_64_fastpath+0x23/0xc2 [ 110.822012] dccp_feat_entry_new+0x1a4/0x4f0 [ 110.826429] ? dccp_feat_nn_get+0x310/0x310 [ 110.830768] dccp_feat_push_confirm+0x26/0x280 [ 110.835349] dccp_feat_parse_options+0x10e5/0x1d90 [ 110.840276] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 110.844861] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 110.848983] FAULT_INJECTION: forcing a failure. [ 110.848983] name failslab, interval 1, probability 0, space 0, times 0 [ 110.862633] ? dccp_ackvec_parsed_add+0xa2/0x360 [ 110.867388] ? rcu_read_lock_sched_held+0x108/0x120 [ 110.872402] ? kmem_cache_alloc_trace+0x637/0x7a0 [ 110.877244] ? mod_timer_pending+0xfa0/0xfa0 [ 110.881652] ? debug_smp_processor_id+0x17/0x20 [ 110.886321] ? rcu_is_watching+0x61/0x170 [ 110.890470] ? dccp_ackvec_parsed_add+0x180/0x360 [ 110.895302] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 110.900400] dccp_parse_options+0x830/0xf90 [ 110.904724] dccp_rcv_established+0x23/0x70 [ 110.909039] dccp_v4_do_rcv+0xfa/0x160 [ 110.912913] __release_sock+0x10b/0x330 [ 110.916881] release_sock+0x9a/0x270 [ 110.920589] ? __release_sock+0x330/0x330 [ 110.924727] ? dccp_qpolicy_top+0x67/0x80 [ 110.928868] ? dccp_write_xmit+0x3b/0x180 [ 110.933009] dccp_sendmsg+0x57f/0xda0 [ 110.936801] ? lock_release+0x960/0x960 [ 110.940771] ? check_same_owner+0x320/0x320 [ 110.945087] ? dccp_getsockopt+0xd0/0xd0 [ 110.949142] ? sock_has_perm+0x278/0x420 [ 110.953200] ? selinux_tun_dev_create+0xc0/0xc0 [ 110.957868] ? dup_iter+0x1d2/0x250 [ 110.960429] FAULT_INJECTION: forcing a failure. [ 110.960429] name failslab, interval 1, probability 0, space 0, times 0 [ 110.972664] inet_sendmsg+0x148/0x5a0 [ 110.976460] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 110.981205] ? rcu_pm_notify+0xc0/0xc0 [ 110.985087] ? inet_recvmsg+0x790/0x790 [ 110.989059] ? selinux_socket_sendmsg+0x31/0x40 [ 110.993748] ? security_socket_sendmsg+0x6a/0xa0 [ 110.998512] ? inet_recvmsg+0x790/0x790 [ 111.002488] sock_sendmsg+0xb5/0xf0 [ 111.006113] ___sys_sendmsg+0x2a7/0x9a0 [ 111.010082] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 111.014832] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 111.021498] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 111.026084] ? find_held_lock+0x36/0x1c0 [ 111.030148] ? __might_fault+0xf1/0x1b0 [ 111.033644] FAULT_INJECTION: forcing a failure. [ 111.033644] name failslab, interval 1, probability 0, space 0, times 0 [ 111.045284] ? lock_downgrade+0x830/0x830 [ 111.049447] ? check_same_owner+0x320/0x320 [ 111.053765] ? __might_sleep+0x93/0xb0 [ 111.057652] __sys_sendmmsg+0x1ae/0x590 [ 111.061621] ? SyS_sendmsg+0x20/0x20 [ 111.065325] ? __lock_is_held+0xb5/0x140 [ 111.069374] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 111.073957] ? __sb_end_write+0xa4/0xd0 [ 111.077925] ? mutex_unlock+0xd/0x10 [ 111.081634] ? __f_unlock_pos+0xd/0x10 [ 111.085505] ? SyS_write+0x199/0x240 [ 111.089206] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 111.094038] ? trace_hardirqs_on_caller+0x40c/0x580 [ 111.099053] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 111.103823] SyS_sendmmsg+0xd/0x20 [ 111.107357] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 111.112101] RIP: 0033:0x45a219 [ 111.115274] RSP: 002b:00007f0378977c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 111.122975] RAX: ffffffffffffffda RBX: 00007f0378977c90 RCX: 000000000045a219 [ 111.130237] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 111.130337] FAULT_INJECTION: forcing a failure. [ 111.130337] name failslab, interval 1, probability 0, space 0, times 0 [ 111.148649] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 111.155913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.163163] R13: 00007fff0aa350cf R14: 00007f03789789c0 R15: 000000000075bf2c [ 111.170426] CPU: 1 PID: 8588 Comm: syz-executor.2 Not tainted 4.13.0-rc4+ #0 [ 111.177614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 111.186954] Call Trace: [ 111.189537] dump_stack+0x145/0x1e1 [ 111.193182] ? arch_local_irq_restore+0x43/0x43 [ 111.197846] ? find_held_lock+0x36/0x1c0 [ 111.201905] should_fail.cold.4+0x5/0x15 [ 111.205966] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 111.211072] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 111.215652] ? rcu_is_watching+0x61/0x170 [ 111.219796] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 111.224371] ? __lock_is_held+0xb5/0x140 [ 111.228427] ? depot_save_stack+0x12b/0x423 [ 111.232733] ? check_same_owner+0x320/0x320 [ 111.237038] ? mark_held_locks+0xc7/0x130 [ 111.241175] should_failslab+0xba/0xf0 [ 111.245049] kmem_cache_alloc_trace+0x2e3/0x7a0 [ 111.249720] ? sock_sendmsg+0xb5/0xf0 [ 111.253500] ? ___sys_sendmsg+0x2a7/0x9a0 [ 111.257628] ? __sys_sendmmsg+0x1ae/0x590 [ 111.261756] ? SyS_sendmmsg+0xd/0x20 [ 111.265464] ? entry_SYSCALL_64_fastpath+0x23/0xc2 [ 111.270396] dccp_feat_entry_new+0x1a4/0x4f0 [ 111.274786] ? dccp_feat_nn_get+0x310/0x310 [ 111.279097] dccp_feat_push_confirm+0x26/0x280 [ 111.283677] dccp_feat_parse_options+0x10e5/0x1d90 [ 111.288591] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 111.293157] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 111.299024] ? dccp_ackvec_parsed_add+0xa2/0x360 [ 111.303763] ? rcu_read_lock_sched_held+0x108/0x120 [ 111.308763] ? kmem_cache_alloc_trace+0x637/0x7a0 [ 111.313587] ? mod_timer_pending+0xfa0/0xfa0 [ 111.317975] ? debug_smp_processor_id+0x17/0x20 [ 111.322642] ? rcu_is_watching+0x61/0x170 [ 111.326801] ? dccp_ackvec_parsed_add+0x180/0x360 [ 111.331674] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 111.336777] dccp_parse_options+0x830/0xf90 [ 111.341093] dccp_rcv_established+0x23/0x70 [ 111.345401] dccp_v4_do_rcv+0xfa/0x160 [ 111.349273] __release_sock+0x10b/0x330 [ 111.353248] release_sock+0x9a/0x270 [ 111.356947] ? __release_sock+0x330/0x330 [ 111.361076] ? dccp_qpolicy_top+0x67/0x80 [ 111.365207] ? dccp_write_xmit+0x3b/0x180 [ 111.369337] dccp_sendmsg+0x57f/0xda0 [ 111.373120] ? lock_release+0x960/0x960 [ 111.377075] ? check_same_owner+0x320/0x320 [ 111.381399] ? dccp_getsockopt+0xd0/0xd0 [ 111.385447] ? sock_has_perm+0x278/0x420 [ 111.389495] ? selinux_tun_dev_create+0xc0/0xc0 [ 111.394145] ? dup_iter+0x1d2/0x250 [ 111.397760] inet_sendmsg+0x148/0x5a0 [ 111.401545] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 111.406284] ? rcu_pm_notify+0xc0/0xc0 [ 111.410153] ? inet_recvmsg+0x790/0x790 [ 111.414115] ? selinux_socket_sendmsg+0x31/0x40 [ 111.418796] ? security_socket_sendmsg+0x6a/0xa0 [ 111.423538] ? inet_recvmsg+0x790/0x790 [ 111.427509] sock_sendmsg+0xb5/0xf0 [ 111.431130] ___sys_sendmsg+0x2a7/0x9a0 [ 111.435091] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 111.439848] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 111.446498] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 111.451062] ? find_held_lock+0x36/0x1c0 [ 111.455113] ? __might_fault+0xf1/0x1b0 [ 111.459071] ? lock_downgrade+0x830/0x830 [ 111.463228] ? check_same_owner+0x320/0x320 [ 111.467530] ? __might_sleep+0x93/0xb0 [ 111.471427] __sys_sendmmsg+0x1ae/0x590 [ 111.475387] ? SyS_sendmsg+0x20/0x20 [ 111.479083] ? __lock_is_held+0xb5/0x140 [ 111.483125] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 111.487697] ? __sb_end_write+0xa4/0xd0 [ 111.491671] ? mutex_unlock+0xd/0x10 [ 111.495367] ? __f_unlock_pos+0xd/0x10 [ 111.499238] ? SyS_write+0x199/0x240 [ 111.502941] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 111.507767] ? trace_hardirqs_on_caller+0x40c/0x580 [ 111.512780] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 111.517524] SyS_sendmmsg+0xd/0x20 [ 111.521057] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 111.525805] RIP: 0033:0x45a219 [ 111.528980] RSP: 002b:00007fe88224ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 111.536670] RAX: ffffffffffffffda RBX: 00007fe88224ec90 RCX: 000000000045a219 [ 111.543933] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 111.551184] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 111.558438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.565692] R13: 00007ffc2edd460f R14: 00007fe88224f9c0 R15: 000000000075bf2c [ 111.572957] CPU: 0 PID: 8591 Comm: syz-executor.5 Not tainted 4.13.0-rc4+ #0 [ 111.580154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 111.589506] Call Trace: [ 111.592089] dump_stack+0x145/0x1e1 [ 111.595708] ? arch_local_irq_restore+0x43/0x43 [ 111.600370] ? find_held_lock+0x36/0x1c0 [ 111.604420] should_fail.cold.4+0x5/0x15 [ 111.608470] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 111.613568] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 111.618152] ? rcu_is_watching+0x61/0x170 [ 111.622293] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 111.626871] ? __lock_is_held+0xb5/0x140 [ 111.630928] ? depot_save_stack+0x12b/0x423 [ 111.635262] ? check_same_owner+0x320/0x320 [ 111.639577] ? mark_held_locks+0xc7/0x130 [ 111.643730] should_failslab+0xba/0xf0 [ 111.647631] kmem_cache_alloc_trace+0x2e3/0x7a0 [ 111.652304] ? sock_sendmsg+0xb5/0xf0 [ 111.656091] ? ___sys_sendmsg+0x2a7/0x9a0 [ 111.660225] ? __sys_sendmmsg+0x1ae/0x590 [ 111.664359] ? SyS_sendmmsg+0xd/0x20 [ 111.668061] ? entry_SYSCALL_64_fastpath+0x23/0xc2 [ 111.673005] dccp_feat_entry_new+0x1a4/0x4f0 [ 111.677401] ? dccp_feat_nn_get+0x310/0x310 [ 111.681738] dccp_feat_push_confirm+0x26/0x280 [ 111.686314] dccp_feat_parse_options+0x10e5/0x1d90 [ 111.691232] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 111.695811] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 111.701694] ? dccp_ackvec_parsed_add+0xa2/0x360 [ 111.706443] ? rcu_read_lock_sched_held+0x108/0x120 [ 111.711449] ? kmem_cache_alloc_trace+0x637/0x7a0 [ 111.716301] ? mod_timer_pending+0xfa0/0xfa0 [ 111.720693] ? debug_smp_processor_id+0x17/0x20 [ 111.725381] ? rcu_is_watching+0x61/0x170 [ 111.729518] ? dccp_ackvec_parsed_add+0x180/0x360 [ 111.734352] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 111.739473] dccp_parse_options+0x830/0xf90 [ 111.743801] dccp_rcv_established+0x23/0x70 [ 111.748108] dccp_v4_do_rcv+0xfa/0x160 [ 111.752003] __release_sock+0x10b/0x330 [ 111.755968] release_sock+0x9a/0x270 [ 111.759667] ? __release_sock+0x330/0x330 [ 111.763800] ? dccp_qpolicy_top+0x67/0x80 [ 111.767937] ? dccp_write_xmit+0x3b/0x180 [ 111.772082] dccp_sendmsg+0x57f/0xda0 [ 111.775870] ? lock_release+0x960/0x960 [ 111.779825] ? check_same_owner+0x320/0x320 [ 111.784151] ? dccp_getsockopt+0xd0/0xd0 [ 111.788195] ? sock_has_perm+0x278/0x420 [ 111.792245] ? selinux_tun_dev_create+0xc0/0xc0 [ 111.796903] ? dup_iter+0x1d2/0x250 [ 111.800529] inet_sendmsg+0x148/0x5a0 [ 111.804349] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 111.809095] ? rcu_pm_notify+0xc0/0xc0 [ 111.813002] ? inet_recvmsg+0x790/0x790 [ 111.816964] ? selinux_socket_sendmsg+0x31/0x40 [ 111.821624] ? security_socket_sendmsg+0x6a/0xa0 [ 111.826374] ? inet_recvmsg+0x790/0x790 [ 111.830344] sock_sendmsg+0xb5/0xf0 [ 111.833990] ___sys_sendmsg+0x2a7/0x9a0 [ 111.837954] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 111.843231] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 111.849903] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 111.855265] ? find_held_lock+0x36/0x1c0 [ 111.859329] ? __might_fault+0xf1/0x1b0 [ 111.865294] ? lock_downgrade+0x830/0x830 [ 111.869442] ? check_same_owner+0x320/0x320 [ 111.873951] ? __might_sleep+0x93/0xb0 [ 111.877845] __sys_sendmmsg+0x1ae/0x590 [ 111.881814] ? SyS_sendmsg+0x20/0x20 [ 111.885522] ? __lock_is_held+0xb5/0x140 [ 111.889673] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 111.894271] ? __sb_end_write+0xa4/0xd0 [ 111.898230] ? mutex_unlock+0xd/0x10 [ 111.901932] ? __f_unlock_pos+0xd/0x10 [ 111.905805] ? SyS_write+0x199/0x240 [ 111.909507] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 111.914337] ? trace_hardirqs_on_caller+0x40c/0x580 [ 111.919363] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 111.924111] SyS_sendmmsg+0xd/0x20 [ 111.927646] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 111.932416] RIP: 0033:0x45a219 [ 111.935593] RSP: 002b:00007f1e5de22c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 111.943313] RAX: ffffffffffffffda RBX: 00007f1e5de22c90 RCX: 000000000045a219 [ 111.950571] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 111.957833] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 111.965089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.972347] R13: 00007ffd14464d5f R14: 00007f1e5de239c0 R15: 000000000075bf2c [ 111.979624] CPU: 1 PID: 8585 Comm: syz-executor.3 Not tainted 4.13.0-rc4+ #0 [ 111.983617] dccp_parse_options: DCCP(ffff88011e16ac00): Option 32 (len=7) error=9 [ 111.984158] ================================================================== [ 111.984177] BUG: KASAN: use-after-free in ccid2_hc_tx_packet_recv+0x281e/0x288f [ 111.984181] Read of size 1 at addr ffff880109e3e85d by task syz-executor.0/8579 [ 111.984182] [ 112.018214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 112.027549] Call Trace: [ 112.030122] dump_stack+0x145/0x1e1 [ 112.033730] ? arch_local_irq_restore+0x43/0x43 [ 112.038383] ? find_held_lock+0x36/0x1c0 [ 112.042436] should_fail.cold.4+0x5/0x15 [ 112.046480] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 112.051566] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 112.056127] ? rcu_is_watching+0x61/0x170 [ 112.060253] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.064821] ? __lock_is_held+0xb5/0x140 [ 112.068868] ? depot_save_stack+0x12b/0x423 [ 112.073168] ? check_same_owner+0x320/0x320 [ 112.077469] ? mark_held_locks+0xc7/0x130 [ 112.081600] should_failslab+0xba/0xf0 [ 112.085466] kmem_cache_alloc_trace+0x2e3/0x7a0 [ 112.090126] ? sock_sendmsg+0xb5/0xf0 [ 112.093915] ? ___sys_sendmsg+0x2a7/0x9a0 [ 112.098042] ? __sys_sendmmsg+0x1ae/0x590 [ 112.102176] ? SyS_sendmmsg+0xd/0x20 [ 112.105870] ? entry_SYSCALL_64_fastpath+0x23/0xc2 [ 112.110783] dccp_feat_entry_new+0x1a4/0x4f0 [ 112.115182] ? dccp_feat_nn_get+0x310/0x310 [ 112.119500] dccp_feat_push_confirm+0x26/0x280 [ 112.124064] dccp_feat_parse_options+0x10e5/0x1d90 [ 112.128981] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.133544] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 112.139419] ? dccp_ackvec_parsed_add+0xa2/0x360 [ 112.144151] ? rcu_read_lock_sched_held+0x108/0x120 [ 112.149148] ? kmem_cache_alloc_trace+0x637/0x7a0 [ 112.153979] ? mod_timer_pending+0xfa0/0xfa0 [ 112.158362] ? debug_smp_processor_id+0x17/0x20 [ 112.163020] ? rcu_is_watching+0x61/0x170 [ 112.167151] ? dccp_ackvec_parsed_add+0x180/0x360 [ 112.171982] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 112.177069] dccp_parse_options+0x830/0xf90 [ 112.181387] dccp_rcv_established+0x23/0x70 [ 112.185688] dccp_v4_do_rcv+0xfa/0x160 [ 112.189557] __release_sock+0x10b/0x330 [ 112.193516] release_sock+0x9a/0x270 [ 112.197211] ? __release_sock+0x330/0x330 [ 112.201346] ? dccp_qpolicy_top+0x67/0x80 [ 112.205473] ? dccp_write_xmit+0x3b/0x180 [ 112.209602] dccp_sendmsg+0x57f/0xda0 [ 112.213393] ? lock_release+0x960/0x960 [ 112.217351] ? check_same_owner+0x320/0x320 [ 112.221657] ? dccp_getsockopt+0xd0/0xd0 [ 112.225697] ? sock_has_perm+0x278/0x420 [ 112.229738] ? selinux_tun_dev_create+0xc0/0xc0 [ 112.234385] ? dup_iter+0x1d2/0x250 [ 112.237998] inet_sendmsg+0x148/0x5a0 [ 112.241778] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 112.246527] ? rcu_pm_notify+0xc0/0xc0 [ 112.250396] ? inet_recvmsg+0x790/0x790 [ 112.254362] ? selinux_socket_sendmsg+0x31/0x40 [ 112.259008] ? security_socket_sendmsg+0x6a/0xa0 [ 112.263742] ? inet_recvmsg+0x790/0x790 [ 112.267696] sock_sendmsg+0xb5/0xf0 [ 112.271304] ___sys_sendmsg+0x2a7/0x9a0 [ 112.275259] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 112.279993] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 112.286640] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 112.291203] ? find_held_lock+0x36/0x1c0 [ 112.295246] ? __might_fault+0xf1/0x1b0 [ 112.299199] ? lock_downgrade+0x830/0x830 [ 112.303333] ? check_same_owner+0x320/0x320 [ 112.307645] ? __might_sleep+0x93/0xb0 [ 112.311515] __sys_sendmmsg+0x1ae/0x590 [ 112.315471] ? SyS_sendmsg+0x20/0x20 [ 112.319164] ? __lock_is_held+0xb5/0x140 [ 112.323204] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.327774] ? __sb_end_write+0xa4/0xd0 [ 112.331745] ? mutex_unlock+0xd/0x10 [ 112.335441] ? __f_unlock_pos+0xd/0x10 [ 112.339307] ? SyS_write+0x199/0x240 [ 112.343001] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 112.347826] ? trace_hardirqs_on_caller+0x40c/0x580 [ 112.352826] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 112.357563] SyS_sendmmsg+0xd/0x20 [ 112.361096] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 112.365830] RIP: 0033:0x45a219 [ 112.368998] RSP: 002b:00007ff2a37c4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 112.376688] RAX: ffffffffffffffda RBX: 00007ff2a37c4c90 RCX: 000000000045a219 [ 112.383940] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 112.391204] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 112.398466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.405741] R13: 00007fff9308e3bf R14: 00007ff2a37c59c0 R15: 000000000075bf2c [ 112.413016] CPU: 0 PID: 8579 Comm: syz-executor.0 Not tainted 4.13.0-rc4+ #0 [ 112.420267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 112.429618] Call Trace: [ 112.432204] dump_stack+0x145/0x1e1 [ 112.435822] ? arch_local_irq_restore+0x43/0x43 [ 112.440482] ? printk+0x91/0xab [ 112.443747] ? log_store.cold.31+0x22/0x22 [ 112.447975] ? sock_sendmsg+0xb5/0xf0 [ 112.451763] ? ccid2_hc_tx_packet_recv+0x281e/0x288f [ 112.456858] print_address_description.cold.7+0x9/0x1c9 [ 112.462210] ? ccid2_hc_tx_packet_recv+0x281e/0x288f [ 112.467298] kasan_report.cold.8+0x121/0x2da [ 112.471699] __asan_report_load1_noabort+0x14/0x20 [ 112.476616] ccid2_hc_tx_packet_recv+0x281e/0x288f [ 112.481543] ? __lock_is_held+0xb5/0x140 [ 112.485590] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.490163] ? ccid2_hc_tx_rto_expire+0x630/0x630 [ 112.494995] ? kmem_cache_free+0x25f/0x2d0 [ 112.499228] ? dccp_ackvec_clear_state+0x3c0/0x8f0 [ 112.504151] ? dccp_ackvec_input+0x2d2/0x4a0 [ 112.508544] dccp_deliver_input_to_ccids+0x19f/0x210 [ 112.513631] dccp_rcv_established+0x49/0x70 [ 112.517955] dccp_v4_do_rcv+0xfa/0x160 [ 112.521830] __release_sock+0x10b/0x330 [ 112.525790] release_sock+0x9a/0x270 [ 112.529488] ? __release_sock+0x330/0x330 [ 112.533624] ? dccp_qpolicy_top+0x67/0x80 [ 112.537774] ? dccp_write_xmit+0x3b/0x180 [ 112.541909] dccp_sendmsg+0x57f/0xda0 [ 112.545693] ? lock_release+0x960/0x960 [ 112.549652] ? check_same_owner+0x320/0x320 [ 112.553959] ? dccp_getsockopt+0xd0/0xd0 [ 112.558000] ? sock_has_perm+0x278/0x420 [ 112.562048] ? selinux_tun_dev_create+0xc0/0xc0 [ 112.566702] ? dup_iter+0x1d2/0x250 [ 112.570322] inet_sendmsg+0x148/0x5a0 [ 112.574108] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 112.578845] ? rcu_pm_notify+0xc0/0xc0 [ 112.582720] ? inet_recvmsg+0x790/0x790 [ 112.586701] ? selinux_socket_sendmsg+0x31/0x40 [ 112.591355] ? security_socket_sendmsg+0x6a/0xa0 [ 112.596100] ? inet_recvmsg+0x790/0x790 [ 112.600059] sock_sendmsg+0xb5/0xf0 [ 112.603673] ___sys_sendmsg+0x2a7/0x9a0 [ 112.607653] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 112.612395] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 112.619052] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 112.623622] ? find_held_lock+0x36/0x1c0 [ 112.627674] ? __might_fault+0xf1/0x1b0 [ 112.631635] ? lock_downgrade+0x830/0x830 [ 112.635778] ? check_same_owner+0x320/0x320 [ 112.640087] ? __might_sleep+0x93/0xb0 [ 112.643967] __sys_sendmmsg+0x1ae/0x590 [ 112.647932] ? SyS_sendmsg+0x20/0x20 [ 112.651636] ? __lock_is_held+0xb5/0x140 [ 112.655678] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.660257] ? __sb_end_write+0xa4/0xd0 [ 112.664236] ? mutex_unlock+0xd/0x10 [ 112.667930] ? __f_unlock_pos+0xd/0x10 [ 112.671801] ? SyS_write+0x199/0x240 [ 112.675502] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 112.680329] ? trace_hardirqs_on_caller+0x40c/0x580 [ 112.685348] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 112.690105] SyS_sendmmsg+0xd/0x20 [ 112.693647] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 112.698390] RIP: 0033:0x45a219 [ 112.701582] RSP: 002b:00007f0378977c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 112.709279] RAX: ffffffffffffffda RBX: 00007f0378977c90 RCX: 000000000045a219 [ 112.716535] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 112.723791] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 112.731047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.738302] R13: 00007fff0aa350cf R14: 00007f03789789c0 R15: 000000000075bf2c [ 112.745564] [ 112.745569] CPU: 1 PID: 8582 Comm: syz-executor.1 Not tainted 4.13.0-rc4+ #0 2019/11/11 13:54:39 executed programs: 468 [ 112.745573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 112.745575] Call Trace: [ 112.745588] dump_stack+0x145/0x1e1 [ 112.745594] ? arch_local_irq_restore+0x43/0x43 [ 112.745602] ? find_held_lock+0x36/0x1c0 [ 112.745611] should_fail.cold.4+0x5/0x15 [ 112.745618] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 112.745625] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 112.745631] ? rcu_is_watching+0x61/0x170 [ 112.745636] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.745646] ? __lock_is_held+0xb5/0x140 [ 112.745657] ? depot_save_stack+0x12b/0x423 [ 112.745663] ? check_same_owner+0x320/0x320 [ 112.745669] ? mark_held_locks+0xc7/0x130 [ 112.745678] should_failslab+0xba/0xf0 [ 112.745684] kmem_cache_alloc_trace+0x2e3/0x7a0 [ 112.745689] ? sock_sendmsg+0xb5/0xf0 [ 112.745693] ? ___sys_sendmsg+0x2a7/0x9a0 [ 112.745696] ? __sys_sendmmsg+0x1ae/0x590 [ 112.745699] ? SyS_sendmmsg+0xd/0x20 [ 112.745704] ? entry_SYSCALL_64_fastpath+0x23/0xc2 [ 112.745713] dccp_feat_entry_new+0x1a4/0x4f0 [ 112.745718] ? dccp_feat_nn_get+0x310/0x310 [ 112.745728] dccp_feat_push_confirm+0x26/0x280 [ 112.745733] dccp_feat_parse_options+0x10e5/0x1d90 [ 112.745737] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.745745] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 112.745749] ? dccp_ackvec_parsed_add+0xa2/0x360 [ 112.745752] ? rcu_read_lock_sched_held+0x108/0x120 [ 112.745761] ? kmem_cache_alloc_trace+0x637/0x7a0 [ 112.745767] ? mod_timer_pending+0xfa0/0xfa0 [ 112.745772] ? debug_smp_processor_id+0x17/0x20 [ 112.745776] ? rcu_is_watching+0x61/0x170 [ 112.745784] ? dccp_ackvec_parsed_add+0x180/0x360 [ 112.745789] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 112.745801] dccp_parse_options+0x830/0xf90 [ 112.745813] dccp_rcv_established+0x23/0x70 [ 112.745818] dccp_v4_do_rcv+0xfa/0x160 [ 112.745824] __release_sock+0x10b/0x330 [ 112.745833] release_sock+0x9a/0x270 [ 112.745838] ? __release_sock+0x330/0x330 [ 112.745843] ? dccp_qpolicy_top+0x67/0x80 [ 112.745848] ? dccp_write_xmit+0x3b/0x180 [ 112.745854] dccp_sendmsg+0x57f/0xda0 [ 112.745858] ? lock_release+0x960/0x960 [ 112.745861] ? check_same_owner+0x320/0x320 [ 112.745869] ? dccp_getsockopt+0xd0/0xd0 [ 112.745873] ? sock_has_perm+0x278/0x420 [ 112.745878] ? selinux_tun_dev_create+0xc0/0xc0 [ 112.745883] ? dup_iter+0x1d2/0x250 [ 112.745893] inet_sendmsg+0x148/0x5a0 [ 112.745897] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 112.745901] ? rcu_pm_notify+0xc0/0xc0 [ 112.745905] ? inet_recvmsg+0x790/0x790 [ 112.745910] ? selinux_socket_sendmsg+0x31/0x40 [ 112.745914] ? security_socket_sendmsg+0x6a/0xa0 [ 112.745919] ? inet_recvmsg+0x790/0x790 [ 112.745923] sock_sendmsg+0xb5/0xf0 [ 112.745929] ___sys_sendmsg+0x2a7/0x9a0 [ 112.745938] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 112.745942] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 112.745948] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 112.745953] ? find_held_lock+0x36/0x1c0 [ 112.745963] ? __might_fault+0xf1/0x1b0 [ 112.745968] ? lock_downgrade+0x830/0x830 [ 112.745981] ? check_same_owner+0x320/0x320 [ 112.745985] ? __might_sleep+0x93/0xb0 [ 112.745993] __sys_sendmmsg+0x1ae/0x590 [ 112.746005] ? SyS_sendmsg+0x20/0x20 [ 112.746012] ? __lock_is_held+0xb5/0x140 [ 112.746015] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.746028] ? __sb_end_write+0xa4/0xd0 [ 112.746035] ? mutex_unlock+0xd/0x10 [ 112.746039] ? __f_unlock_pos+0xd/0x10 [ 112.746043] ? SyS_write+0x199/0x240 [ 112.746048] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 112.746053] ? trace_hardirqs_on_caller+0x40c/0x580 [ 112.746059] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 112.746065] SyS_sendmmsg+0xd/0x20 [ 112.746070] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 112.746074] RIP: 0033:0x45a219 [ 112.746077] RSP: 002b:00007f4c965f9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 112.746081] RAX: ffffffffffffffda RBX: 00007f4c965f9c90 RCX: 000000000045a219 [ 112.746084] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 112.746086] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 112.746088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.746091] R13: 00007ffd3709072f R14: 00007f4c965fa9c0 R15: 000000000075bf2c [ 112.746246] CPU: 1 PID: 8596 Comm: syz-executor.4 Not tainted 4.13.0-rc4+ #0 [ 112.746248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 112.746250] Call Trace: [ 112.746255] dump_stack+0x145/0x1e1 [ 112.746260] ? arch_local_irq_restore+0x43/0x43 [ 112.746265] ? find_held_lock+0x36/0x1c0 [ 112.746273] should_fail.cold.4+0x5/0x15 [ 112.746279] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 112.746285] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 112.746290] ? rcu_is_watching+0x61/0x170 [ 112.746294] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.746304] ? __lock_is_held+0xb5/0x140 [ 112.746315] ? depot_save_stack+0x12b/0x423 [ 112.746319] ? check_same_owner+0x320/0x320 [ 112.746325] ? mark_held_locks+0xc7/0x130 [ 112.746334] should_failslab+0xba/0xf0 [ 112.746339] kmem_cache_alloc_trace+0x2e3/0x7a0 [ 112.746342] ? sock_sendmsg+0xb5/0xf0 [ 112.746346] ? ___sys_sendmsg+0x2a7/0x9a0 [ 112.746348] ? __sys_sendmmsg+0x1ae/0x590 [ 112.746351] ? SyS_sendmmsg+0xd/0x20 [ 112.746355] ? entry_SYSCALL_64_fastpath+0x23/0xc2 [ 112.746362] dccp_feat_entry_new+0x1a4/0x4f0 [ 112.746368] ? dccp_feat_nn_get+0x310/0x310 [ 112.746378] dccp_feat_push_confirm+0x26/0x280 [ 112.746383] dccp_feat_parse_options+0x10e5/0x1d90 [ 112.746386] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.746394] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 112.746398] ? dccp_ackvec_parsed_add+0xa2/0x360 [ 112.746402] ? rcu_read_lock_sched_held+0x108/0x120 [ 112.746406] ? kmem_cache_alloc_trace+0x637/0x7a0 [ 112.746410] ? mod_timer_pending+0xfa0/0xfa0 [ 112.746414] ? debug_smp_processor_id+0x17/0x20 [ 112.746417] ? rcu_is_watching+0x61/0x170 [ 112.746425] ? dccp_ackvec_parsed_add+0x180/0x360 [ 112.746431] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 112.746442] dccp_parse_options+0x830/0xf90 [ 112.746455] dccp_rcv_established+0x23/0x70 [ 112.746460] dccp_v4_do_rcv+0xfa/0x160 [ 112.746465] __release_sock+0x10b/0x330 [ 112.746474] release_sock+0x9a/0x270 [ 112.746479] ? __release_sock+0x330/0x330 [ 112.746484] ? dccp_qpolicy_top+0x67/0x80 [ 112.746488] ? dccp_write_xmit+0x3b/0x180 [ 112.746495] dccp_sendmsg+0x57f/0xda0 [ 112.746498] ? lock_release+0x960/0x960 [ 112.746501] ? check_same_owner+0x320/0x320 [ 112.746509] ? dccp_getsockopt+0xd0/0xd0 [ 112.746512] ? sock_has_perm+0x278/0x420 [ 112.746517] ? selinux_tun_dev_create+0xc0/0xc0 [ 112.746521] ? dup_iter+0x1d2/0x250 [ 112.746531] inet_sendmsg+0x148/0x5a0 [ 112.746535] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 112.746538] ? rcu_pm_notify+0xc0/0xc0 [ 112.746542] ? inet_recvmsg+0x790/0x790 [ 112.746547] ? selinux_socket_sendmsg+0x31/0x40 [ 112.746551] ? security_socket_sendmsg+0x6a/0xa0 [ 112.746556] ? inet_recvmsg+0x790/0x790 [ 112.746560] sock_sendmsg+0xb5/0xf0 [ 112.746566] ___sys_sendmsg+0x2a7/0x9a0 [ 112.746574] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 112.746578] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 112.746584] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 112.746589] ? find_held_lock+0x36/0x1c0 [ 112.746598] ? __might_fault+0xf1/0x1b0 [ 112.746603] ? lock_downgrade+0x830/0x830 [ 112.746616] ? check_same_owner+0x320/0x320 [ 112.746620] ? __might_sleep+0x93/0xb0 [ 112.746629] __sys_sendmmsg+0x1ae/0x590 [ 112.746637] ? SyS_sendmsg+0x20/0x20 [ 112.746643] ? __lock_is_held+0xb5/0x140 [ 112.746646] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.746659] ? __sb_end_write+0xa4/0xd0 [ 112.746665] ? mutex_unlock+0xd/0x10 [ 112.746668] ? __f_unlock_pos+0xd/0x10 [ 112.746672] ? SyS_write+0x199/0x240 [ 112.746677] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 112.746682] ? trace_hardirqs_on_caller+0x40c/0x580 [ 112.746687] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 112.746694] SyS_sendmmsg+0xd/0x20 [ 112.746698] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 112.746701] RIP: 0033:0x45a219 [ 112.746703] RSP: 002b:00007fea8226bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 112.746708] RAX: ffffffffffffffda RBX: 00007fea8226bc90 RCX: 000000000045a219 [ 112.746710] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 112.746712] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 112.746714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.746717] R13: 00007ffe5710e7cf R14: 00007fea8226c9c0 R15: 000000000075bfd4 [ 112.746736] dccp_parse_options: DCCP(ffff88010e522ac0): Option 32 (len=7) error=9 [ 112.747424] dccp_parse_options: DCCP(ffff88011c95d480): Option 32 (len=7) error=9 [ 112.753282] dccp_parse_options: DCCP(ffff88011c3754c0): Option 32 (len=7) error=9 [ 112.839814] FAULT_INJECTION: forcing a failure. [ 112.839814] name failslab, interval 1, probability 0, space 0, times 0 [ 112.839821] CPU: 1 PID: 8604 Comm: syz-executor.1 Not tainted 4.13.0-rc4+ #0 [ 112.839824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 112.839826] Call Trace: [ 112.839837] dump_stack+0x145/0x1e1 [ 112.839844] ? arch_local_irq_restore+0x43/0x43 [ 112.839852] ? find_held_lock+0x36/0x1c0 [ 112.839861] should_fail.cold.4+0x5/0x15 [ 112.839867] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 112.839874] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 112.839880] ? rcu_is_watching+0x61/0x170 [ 112.839884] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.839894] ? __lock_is_held+0xb5/0x140 [ 112.839906] ? depot_save_stack+0x12b/0x423 [ 112.839912] ? check_same_owner+0x320/0x320 [ 112.839918] ? mark_held_locks+0xc7/0x130 [ 112.839927] should_failslab+0xba/0xf0 [ 112.839933] kmem_cache_alloc_trace+0x2e3/0x7a0 [ 112.839938] ? sock_sendmsg+0xb5/0xf0 [ 112.839942] ? ___sys_sendmsg+0x2a7/0x9a0 [ 112.839944] ? __sys_sendmmsg+0x1ae/0x590 [ 112.839947] ? SyS_sendmmsg+0xd/0x20 [ 112.839952] ? entry_SYSCALL_64_fastpath+0x23/0xc2 [ 112.839961] dccp_feat_entry_new+0x1a4/0x4f0 [ 112.839971] ? dccp_feat_nn_get+0x310/0x310 [ 112.839981] dccp_feat_push_confirm+0x26/0x280 [ 112.839987] dccp_feat_parse_options+0x10e5/0x1d90 [ 112.839990] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.839998] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 112.840007] ? dccp_ackvec_parsed_add+0xa2/0x360 [ 112.840011] ? rcu_read_lock_sched_held+0x108/0x120 [ 112.840016] ? kmem_cache_alloc_trace+0x637/0x7a0 [ 112.840021] ? mod_timer_pending+0xfa0/0xfa0 [ 112.840026] ? debug_smp_processor_id+0x17/0x20 [ 112.840030] ? rcu_is_watching+0x61/0x170 [ 112.840038] ? dccp_ackvec_parsed_add+0x180/0x360 [ 112.840043] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 112.840055] dccp_parse_options+0x830/0xf90 [ 112.840067] dccp_rcv_established+0x23/0x70 [ 112.840072] dccp_v4_do_rcv+0xfa/0x160 [ 112.840079] __release_sock+0x10b/0x330 [ 112.840088] release_sock+0x9a/0x270 [ 112.840093] ? __release_sock+0x330/0x330 [ 112.840098] ? dccp_qpolicy_top+0x67/0x80 [ 112.840102] ? dccp_write_xmit+0x3b/0x180 [ 112.840109] dccp_sendmsg+0x57f/0xda0 [ 112.840112] ? lock_release+0x960/0x960 [ 112.840116] ? check_same_owner+0x320/0x320 [ 112.840123] ? dccp_getsockopt+0xd0/0xd0 [ 112.840128] ? sock_has_perm+0x278/0x420 [ 112.840134] ? selinux_tun_dev_create+0xc0/0xc0 [ 112.840139] ? dup_iter+0x1d2/0x250 [ 112.840151] inet_sendmsg+0x148/0x5a0 [ 112.840155] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 112.840158] ? rcu_pm_notify+0xc0/0xc0 [ 112.840163] ? inet_recvmsg+0x790/0x790 [ 112.840168] ? selinux_socket_sendmsg+0x31/0x40 [ 112.840172] ? security_socket_sendmsg+0x6a/0xa0 [ 112.840177] ? inet_recvmsg+0x790/0x790 [ 112.840181] sock_sendmsg+0xb5/0xf0 [ 112.840187] ___sys_sendmsg+0x2a7/0x9a0 [ 112.840195] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 112.840199] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 112.840205] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 112.840211] ? find_held_lock+0x36/0x1c0 [ 112.840220] ? __might_fault+0xf1/0x1b0 [ 112.840225] ? lock_downgrade+0x830/0x830 [ 112.840237] ? check_same_owner+0x320/0x320 [ 112.840242] ? __might_sleep+0x93/0xb0 [ 112.840250] __sys_sendmmsg+0x1ae/0x590 [ 112.840258] ? SyS_sendmsg+0x20/0x20 [ 112.840264] ? __lock_is_held+0xb5/0x140 [ 112.840268] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.840282] ? __sb_end_write+0xa4/0xd0 [ 112.840288] ? mutex_unlock+0xd/0x10 [ 112.840292] ? __f_unlock_pos+0xd/0x10 [ 112.840296] ? SyS_write+0x199/0x240 [ 112.840301] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 112.840306] ? trace_hardirqs_on_caller+0x40c/0x580 [ 112.840312] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 112.840319] SyS_sendmmsg+0xd/0x20 [ 112.840323] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 112.840328] RIP: 0033:0x45a219 [ 112.840330] RSP: 002b:00007f4c965f9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 112.840335] RAX: ffffffffffffffda RBX: 00007f4c965f9c90 RCX: 000000000045a219 [ 112.840338] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 112.840340] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 112.840342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.840345] R13: 00007ffd3709072f R14: 00007f4c965fa9c0 R15: 000000000075bf2c [ 112.843267] FAULT_INJECTION: forcing a failure. [ 112.843267] name failslab, interval 1, probability 0, space 0, times 0 [ 112.843271] CPU: 1 PID: 8603 Comm: syz-executor.4 Not tainted 4.13.0-rc4+ #0 [ 112.843273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 112.843275] Call Trace: [ 112.843281] dump_stack+0x145/0x1e1 [ 112.843286] ? arch_local_irq_restore+0x43/0x43 [ 112.843292] ? ip_finish_output2+0x86f/0x1400 [ 112.843296] ? trace_hardirqs_on+0xd/0x10 [ 112.843300] ? __local_bh_enable_ip+0x9c/0x170 [ 112.843306] should_fail.cold.4+0x5/0x15 [ 112.843311] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 112.843317] ? find_held_lock+0x36/0x1c0 [ 112.843327] ? __lock_is_held+0xb5/0x140 [ 112.843335] ? debug_check_no_locks_freed+0x310/0x310 [ 112.843340] ? find_held_lock+0x36/0x1c0 [ 112.843347] ? trace_hardirqs_off+0x10/0x10 [ 112.843352] should_failslab+0xba/0xf0 [ 112.843357] kmem_cache_alloc_trace+0x44/0x7a0 [ 112.843361] ? mod_timer_pending+0xfa0/0xfa0 [ 112.843365] ? debug_smp_processor_id+0x17/0x20 [ 112.843368] ? rcu_is_watching+0x61/0x170 [ 112.843375] dccp_ackvec_parsed_add+0xa2/0x360 [ 112.843380] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 112.843388] ccid2_hc_tx_parse_options+0x5b/0x80 [ 112.843393] dccp_parse_options+0x523/0xf90 [ 112.843402] dccp_rcv_established+0x23/0x70 [ 112.843407] dccp_v4_do_rcv+0xfa/0x160 [ 112.843412] __release_sock+0x10b/0x330 [ 112.843420] release_sock+0x9a/0x270 [ 112.843424] ? __release_sock+0x330/0x330 [ 112.843428] ? dccp_qpolicy_top+0x67/0x80 [ 112.843431] ? dccp_write_xmit+0x3b/0x180 [ 112.843437] dccp_sendmsg+0x57f/0xda0 [ 112.843440] ? lock_release+0x960/0x960 [ 112.843443] ? check_same_owner+0x320/0x320 [ 112.843466] ? dccp_getsockopt+0xd0/0xd0 [ 112.843470] ? sock_has_perm+0x278/0x420 [ 112.843474] ? selinux_tun_dev_create+0xc0/0xc0 [ 112.843478] ? dup_iter+0x1d2/0x250 [ 112.843487] inet_sendmsg+0x148/0x5a0 [ 112.843491] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 112.843494] ? rcu_pm_notify+0xc0/0xc0 [ 112.843497] ? inet_recvmsg+0x790/0x790 [ 112.843502] ? selinux_socket_sendmsg+0x31/0x40 [ 112.843506] ? security_socket_sendmsg+0x6a/0xa0 [ 112.843510] ? inet_recvmsg+0x790/0x790 [ 112.843514] sock_sendmsg+0xb5/0xf0 [ 112.843519] ___sys_sendmsg+0x2a7/0x9a0 [ 112.843527] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 112.843531] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 112.843536] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 112.843541] ? find_held_lock+0x36/0x1c0 [ 112.843550] ? __might_fault+0xf1/0x1b0 [ 112.843554] ? lock_downgrade+0x830/0x830 [ 112.843566] ? check_same_owner+0x320/0x320 [ 112.843570] ? __might_sleep+0x93/0xb0 [ 112.843577] __sys_sendmmsg+0x1ae/0x590 [ 112.843584] ? SyS_sendmsg+0x20/0x20 [ 112.843590] ? __lock_is_held+0xb5/0x140 [ 112.843593] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.843604] ? __sb_end_write+0xa4/0xd0 [ 112.843610] ? mutex_unlock+0xd/0x10 [ 112.843614] ? __f_unlock_pos+0xd/0x10 [ 112.843618] ? SyS_write+0x199/0x240 [ 112.843622] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 112.843627] ? trace_hardirqs_on_caller+0x40c/0x580 [ 112.843632] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 112.843637] SyS_sendmmsg+0xd/0x20 [ 112.843641] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 112.843645] RIP: 0033:0x45a219 [ 112.843647] RSP: 002b:00007fea8228cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 112.843651] RAX: ffffffffffffffda RBX: 00007fea8228cc90 RCX: 000000000045a219 [ 112.843653] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 112.843655] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 112.843657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.843660] R13: 00007ffe5710e7cf R14: 00007fea8228d9c0 R15: 000000000075bf2c [ 112.843674] dccp_parse_options: DCCP(ffff88011c95d480): Option 38 (len=1) error=5 [ 112.845904] dccp_parse_options: DCCP(ffff8801161100c0): Option 32 (len=7) error=9 [ 112.854138] FAULT_INJECTION: forcing a failure. [ 112.854138] name failslab, interval 1, probability 0, space 0, times 0 [ 112.854143] CPU: 1 PID: 8605 Comm: syz-executor.3 Not tainted 4.13.0-rc4+ #0 [ 112.854145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 112.854147] Call Trace: [ 112.854155] dump_stack+0x145/0x1e1 [ 112.854160] ? arch_local_irq_restore+0x43/0x43 [ 112.854167] ? find_held_lock+0x36/0x1c0 [ 112.854175] should_fail.cold.4+0x5/0x15 [ 112.854181] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 112.854187] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 112.854193] ? rcu_is_watching+0x61/0x170 [ 112.854197] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.854207] ? __lock_is_held+0xb5/0x140 [ 112.854218] ? depot_save_stack+0x12b/0x423 [ 112.854223] ? check_same_owner+0x320/0x320 [ 112.854229] ? mark_held_locks+0xc7/0x130 [ 112.854238] should_failslab+0xba/0xf0 [ 112.854244] kmem_cache_alloc_trace+0x2e3/0x7a0 [ 112.854249] ? sock_sendmsg+0xb5/0xf0 [ 112.854252] ? ___sys_sendmsg+0x2a7/0x9a0 [ 112.854255] ? __sys_sendmmsg+0x1ae/0x590 [ 112.854258] ? SyS_sendmmsg+0xd/0x20 [ 112.854262] ? entry_SYSCALL_64_fastpath+0x23/0xc2 [ 112.854270] dccp_feat_entry_new+0x1a4/0x4f0 [ 112.854276] ? dccp_feat_nn_get+0x310/0x310 [ 112.854286] dccp_feat_push_confirm+0x26/0x280 [ 112.854292] dccp_feat_parse_options+0x10e5/0x1d90 [ 112.854295] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.854303] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 112.854307] ? dccp_ackvec_parsed_add+0xa2/0x360 [ 112.854310] ? rcu_read_lock_sched_held+0x108/0x120 [ 112.854315] ? kmem_cache_alloc_trace+0x637/0x7a0 [ 112.854319] ? mod_timer_pending+0xfa0/0xfa0 [ 112.854323] ? debug_smp_processor_id+0x17/0x20 [ 112.854327] ? rcu_is_watching+0x61/0x170 [ 112.854335] ? dccp_ackvec_parsed_add+0x180/0x360 [ 112.854340] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 112.854352] dccp_parse_options+0x830/0xf90 [ 112.854365] dccp_rcv_established+0x23/0x70 [ 112.854370] dccp_v4_do_rcv+0xfa/0x160 [ 112.854375] __release_sock+0x10b/0x330 [ 112.854385] release_sock+0x9a/0x270 [ 112.854390] ? __release_sock+0x330/0x330 [ 112.854394] ? dccp_qpolicy_top+0x67/0x80 [ 112.854399] ? dccp_write_xmit+0x3b/0x180 [ 112.854405] dccp_sendmsg+0x57f/0xda0 [ 112.854409] ? lock_release+0x960/0x960 [ 112.854412] ? check_same_owner+0x320/0x320 [ 112.854420] ? dccp_getsockopt+0xd0/0xd0 [ 112.854423] ? sock_has_perm+0x278/0x420 [ 112.854429] ? selinux_tun_dev_create+0xc0/0xc0 [ 112.854433] ? dup_iter+0x1d2/0x250 [ 112.854443] inet_sendmsg+0x148/0x5a0 [ 112.854447] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 112.854450] ? rcu_pm_notify+0xc0/0xc0 [ 112.854455] ? inet_recvmsg+0x790/0x790 [ 112.854460] ? selinux_socket_sendmsg+0x31/0x40 [ 112.854464] ? security_socket_sendmsg+0x6a/0xa0 [ 112.854469] ? inet_recvmsg+0x790/0x790 [ 112.854473] sock_sendmsg+0xb5/0xf0 [ 112.854479] ___sys_sendmsg+0x2a7/0x9a0 [ 112.854487] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 112.854491] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 112.854497] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 112.854503] ? find_held_lock+0x36/0x1c0 [ 112.854512] ? __might_fault+0xf1/0x1b0 [ 112.854516] ? lock_downgrade+0x830/0x830 [ 112.854529] ? check_same_owner+0x320/0x320 [ 112.854533] ? __might_sleep+0x93/0xb0 [ 112.854541] __sys_sendmmsg+0x1ae/0x590 [ 112.854549] ? SyS_sendmsg+0x20/0x20 [ 112.854560] ? __lock_is_held+0xb5/0x140 [ 112.854563] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 112.854576] ? __sb_end_write+0xa4/0xd0 [ 112.854583] ? mutex_unlock+0xd/0x10 [ 112.854586] ? __f_unlock_pos+0xd/0x10 [ 112.854590] ? SyS_write+0x199/0x240 [ 112.854595] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 112.854601] ? trace_hardirqs_on_caller+0x40c/0x580 [ 112.854606] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 112.854612] SyS_sendmmsg+0xd/0x20 [ 112.854616] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 112.854620] RIP: 0033:0x45a219 [ 112.854623] RSP: 002b:00007ff2a37c4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 112.854628] RAX: ffffffffffffffda RBX: 00007ff2a37c4c90 RCX: 000000000045a219 [ 112.854631] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 112.854633] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 112.854635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.854638] R13: 00007fff9308e3bf R14: 00007ff2a37c59c0 R15: 000000000075bf2c [ 112.855270] dccp_parse_options: DCCP(ffff88011904a200): Option 32 (len=7) error=9 [ 112.942186] dccp_parse_options: DCCP(ffff88011c95c100): Option 32 (len=7) error=9 [ 112.992894] dccp_parse_options: DCCP(ffff88011c374140): Option 32 (len=7) error=9 [ 114.790889] Allocated by task 8579: [ 114.794511] save_stack_trace+0x16/0x20 [ 114.798457] save_stack+0x43/0xd0 [ 114.801899] kasan_kmalloc+0xc7/0xe0 [ 114.805594] __kmalloc_node_track_caller+0x47/0x70 [ 114.810501] __kmalloc_reserve.isra.37+0x2c/0xb0 [ 114.815235] __alloc_skb+0x10c/0x6f0 [ 114.818930] dccp_send_ack+0xb3/0x340 [ 114.822719] ccid2_hc_rx_packet_recv+0xf9/0x170 [ 114.827362] dccp_deliver_input_to_ccids+0xc5/0x210 [ 114.832350] dccp_rcv_established+0x49/0x70 [ 114.836646] dccp_v4_do_rcv+0xfa/0x160 [ 114.840513] __sk_receive_skb+0x295/0xac0 [ 114.844662] dccp_v4_rcv+0xde1/0x2163 [ 114.848436] ip_local_deliver_finish+0x288/0xa70 [ 114.853186] ip_local_deliver+0x1b1/0x690 [ 114.857308] ip_rcv_finish+0x940/0x20f0 [ 114.861260] ip_rcv+0xbb8/0x1924 [ 114.864641] __netif_receive_skb_core+0x2140/0x3500 [ 114.869642] __netif_receive_skb+0x1f/0x1a0 [ 114.873992] process_backlog+0x1fc/0x710 [ 114.878207] net_rx_action+0x72d/0x1800 [ 114.882200] __do_softirq+0x300/0xb35 [ 114.886003] [ 114.887606] Freed by task 8579: [ 114.890870] save_stack_trace+0x16/0x20 [ 114.894826] save_stack+0x43/0xd0 [ 114.898254] kasan_slab_free+0x71/0xc0 [ 114.902131] kfree+0xcc/0x270 [ 114.905214] skb_free_head+0x74/0x90 [ 114.908910] skb_release_data+0x549/0x840 [ 114.913032] skb_release_all+0x3d/0x50 [ 114.916987] kfree_skb+0x13d/0x4f0 [ 114.920505] dccp_v4_do_rcv+0x111/0x160 [ 114.924457] __release_sock+0x10b/0x330 [ 114.928404] release_sock+0x9a/0x270 [ 114.932116] dccp_sendmsg+0x57f/0xda0 [ 114.935903] inet_sendmsg+0x148/0x5a0 [ 114.939690] sock_sendmsg+0xb5/0xf0 [ 114.943290] ___sys_sendmsg+0x2a7/0x9a0 [ 114.947239] __sys_sendmmsg+0x1ae/0x590 [ 114.951192] SyS_sendmmsg+0xd/0x20 [ 114.954742] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 114.959476] [ 114.961088] The buggy address belongs to the object at ffff880109e3e3c0 [ 114.961088] which belongs to the cache kmalloc-2048 of size 2048 [ 114.973911] The buggy address is located 1181 bytes inside of [ 114.973911] 2048-byte region [ffff880109e3e3c0, ffff880109e3ebc0) [ 114.985935] The buggy address belongs to the page: [ 114.990845] page:ffffea0004278f80 count:1 mapcount:0 mapping:ffff880109e3e3c0 index:0x0 compound_mapcount: 0 [ 115.000815] flags: 0x2fffc0000008100(slab|head) [ 115.005484] raw: 02fffc0000008100 ffff880109e3e3c0 0000000000000000 0000000100000003 [ 115.013343] raw: ffffea0004274120 ffffea00049d0d20 ffff88012bc00c40 0000000000000000 [ 115.021213] page dumped because: kasan: bad access detected [ 115.026925] [ 115.028527] Memory state around the buggy address: [ 115.033454] ffff880109e3e700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 115.040805] ffff880109e3e780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 115.048156] >ffff880109e3e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 115.055510] ^ [ 115.061718] ffff880109e3e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 115.069055] ffff880109e3e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 115.076393] ================================================================== [ 115.083743] Disabling lock debugging due to kernel taint [ 115.093829] Kernel panic - not syncing: panic_on_warn set ... [ 115.093829] [ 115.101214] CPU: 0 PID: 8579 Comm: syz-executor.0 Tainted: G B 4.13.0-rc4+ #0 [ 115.109605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.118936] Call Trace: [ 115.121509] dump_stack+0x145/0x1e1 [ 115.125124] ? arch_local_irq_restore+0x43/0x43 [ 115.129768] ? ccid2_hc_tx_packet_recv+0x281e/0x288f [ 115.134850] panic+0x1a9/0x34e [ 115.138014] ? add_taint.cold.5+0x11/0x11 [ 115.142154] ? ___preempt_schedule+0x16/0x18 [ 115.146554] ? ccid2_hc_tx_packet_recv+0x281e/0x288f [ 115.151632] kasan_end_report+0x47/0x4f [ 115.155580] kasan_report.cold.8+0x76/0x2da [ 115.159873] __asan_report_load1_noabort+0x14/0x20 [ 115.164792] ccid2_hc_tx_packet_recv+0x281e/0x288f [ 115.169696] ? __lock_is_held+0xb5/0x140 [ 115.173734] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 115.178294] ? ccid2_hc_tx_rto_expire+0x630/0x630 [ 115.183125] ? kmem_cache_free+0x25f/0x2d0 [ 115.187334] ? dccp_ackvec_clear_state+0x3c0/0x8f0 [ 115.192251] ? dccp_ackvec_input+0x2d2/0x4a0 [ 115.196639] dccp_deliver_input_to_ccids+0x19f/0x210 [ 115.201722] dccp_rcv_established+0x49/0x70 [ 115.206033] dccp_v4_do_rcv+0xfa/0x160 [ 115.209906] __release_sock+0x10b/0x330 [ 115.213876] release_sock+0x9a/0x270 [ 115.217575] ? __release_sock+0x330/0x330 [ 115.221699] ? dccp_qpolicy_top+0x67/0x80 [ 115.225824] ? dccp_write_xmit+0x3b/0x180 [ 115.229954] dccp_sendmsg+0x57f/0xda0 [ 115.233729] ? lock_release+0x960/0x960 [ 115.237681] ? check_same_owner+0x320/0x320 [ 115.241981] ? dccp_getsockopt+0xd0/0xd0 [ 115.246017] ? sock_has_perm+0x278/0x420 [ 115.250067] ? selinux_tun_dev_create+0xc0/0xc0 [ 115.254730] ? dup_iter+0x1d2/0x250 [ 115.258335] inet_sendmsg+0x148/0x5a0 [ 115.262123] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 115.266855] ? rcu_pm_notify+0xc0/0xc0 [ 115.270723] ? inet_recvmsg+0x790/0x790 [ 115.274682] ? selinux_socket_sendmsg+0x31/0x40 [ 115.279332] ? security_socket_sendmsg+0x6a/0xa0 [ 115.284061] ? inet_recvmsg+0x790/0x790 [ 115.288013] sock_sendmsg+0xb5/0xf0 [ 115.291615] ___sys_sendmsg+0x2a7/0x9a0 [ 115.295574] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 115.300310] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 115.306957] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 115.311517] ? find_held_lock+0x36/0x1c0 [ 115.315554] ? __might_fault+0xf1/0x1b0 [ 115.319500] ? lock_downgrade+0x830/0x830 [ 115.323628] ? check_same_owner+0x320/0x320 [ 115.327921] ? __might_sleep+0x93/0xb0 [ 115.331794] __sys_sendmmsg+0x1ae/0x590 [ 115.335744] ? SyS_sendmsg+0x20/0x20 [ 115.339431] ? __lock_is_held+0xb5/0x140 [ 115.343465] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 115.348024] ? __sb_end_write+0xa4/0xd0 [ 115.351977] ? mutex_unlock+0xd/0x10 [ 115.355673] ? __f_unlock_pos+0xd/0x10 [ 115.359540] ? SyS_write+0x199/0x240 [ 115.363226] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 115.368039] ? trace_hardirqs_on_caller+0x40c/0x580 [ 115.373027] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 115.377755] SyS_sendmmsg+0xd/0x20 [ 115.381269] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 115.385997] RIP: 0033:0x45a219 [ 115.389160] RSP: 002b:00007f0378977c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 115.396839] RAX: ffffffffffffffda RBX: 00007f0378977c90 RCX: 000000000045a219 [ 115.404095] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 115.411340] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 115.418584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.425836] R13: 00007fff0aa350cf R14: 00007f03789789c0 R15: 000000000075bf2c [ 115.435094] Kernel Offset: disabled [ 115.438720] Rebooting in 86400 seconds..