[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 55.707427][ T26] audit: type=1800 audit(1572087200.075:25): pid=8495 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 55.753199][ T26] audit: type=1800 audit(1572087200.085:26): pid=8495 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 55.815351][ T26] audit: type=1800 audit(1572087200.085:27): pid=8495 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. 2019/10/26 10:53:31 fuzzer started 2019/10/26 10:53:33 dialing manager at 10.128.0.26:35573 2019/10/26 10:53:33 syscalls: 2534 2019/10/26 10:53:33 code coverage: enabled 2019/10/26 10:53:33 comparison tracing: enabled 2019/10/26 10:53:33 extra coverage: extra coverage is not supported by the kernel 2019/10/26 10:53:33 setuid sandbox: enabled 2019/10/26 10:53:33 namespace sandbox: enabled 2019/10/26 10:53:33 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/26 10:53:33 fault injection: enabled 2019/10/26 10:53:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/26 10:53:33 net packet injection: enabled 2019/10/26 10:53:33 net device setup: enabled 2019/10/26 10:53:33 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 10:55:17 executing program 0: perf_event_open(&(0x7f0000000040)={0x3, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mknod$loop(&(0x7f0000000ff8)='./file0\x00', 0x0, 0x1) lsetxattr(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) set_tid_address(0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(0x0, 0x0, 0x0) dup(0xffffffffffffffff) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r1, &(0x7f0000000000)=[{{0x0, 0x7530}}], 0xfe72) socket$inet6_tcp(0xa, 0x1, 0x0) socket$packet(0x11, 0x674c3e4460e6e4bc, 0x300) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) 10:55:18 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000010010000010000007700000000000000f41b25e406d58937e7e899e0524843c9577f89f71ebddf077798b47ab4a76907477a209522adca7e5454b7dec9d9a67305c04a8ccffca56ccbcabfb25cc94628348a24593c5dbdf200796a8fd217367c017f76f131c8693ac43b77471be914707d2c3545b812f7f58f436706ffff26aebac8e1ae913379902436610c52b724993141a5cb7a0a9c3dca0a16787a4d0c82e2d9829219e3d981d196f1b7256c49aacd6b000000002150a4058a8e4347e13f94be6d87fc7ecdaf0452bcab9ba8c432927bb88b1a5cde17a53552e6797c056103b8d9e4eac3f0076580f6e76aec101fc935e5c25fac970f73d3fe7d1f036c1e5b40464269b3a1071a96f3d5fdf7a8e7b907d236e91a85b6e2a13b6b5e410d0000000001f8fffffffffffff24b868ab71aa86afeec3f8f839c8ae78a385e7a71fe9b86fd9441b98ec40ef211f7e200484de5ec5fc44db6315972a3b623adc042ced50d902f28d44d11d9ab06c18475a75e557931010be82948457516e3249279a71eab35a2250068b2b564419fe566836d3fe057cd4383dbfae80a52bf06b245dea9b66010bc91aff60b97bef613ce49ea5a8ba72058bb0e1402e66005d02514c634b82e2c63e74d5df4a6b04df52e1500ac18483f3c48dc3a565f2c3158a4ff4f445bb8f431f60a292fc7108bcb5be92ed0fd17273a97f73ae04dd05ac7c4ef21ebbdcd81b46453508eba26e1951a15a85c4ea854b02d0382b5aae22c861e6a2348bd3d75f0cbe1091f0b8f55ea56e89891e95b8de634f4c434592091e8e40d921bb8f54b8b5f0d6176bcd34599d360308cbfa55d8897eb2028c1bfe72a066996120bf1dbee83f9e096d8c5070765b2"], 0x18}}], 0x1, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000031c0)=[{{0x0, 0xf000000, 0x0, 0x0, 0x0, 0xfffffffffffffd6d}}], 0x371, 0x12040, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0xa080, 0x0) r2 = socket$inet(0x2, 0x80001, 0x0) ioctl$VIDIOC_G_FREQUENCY(r2, 0xc02c5638, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, 0x0, &(0x7f0000000040)) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000000c0), 0x0) ioctl$SG_GET_NUM_WAITING(r1, 0x227d, &(0x7f0000000700)) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x0, 0x0, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x40000, 0x0) ioctl$VIDIOC_DBG_S_REGISTER(0xffffffffffffffff, 0x4038564f, &(0x7f00000002c0)={{0x3, @addr=0x40000000}, 0x8, 0x3, 0x9}) ioctl$KVM_GET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) syzkaller login: [ 173.685465][ T8662] IPVS: ftp: loaded support on port[0] = 21 [ 173.872785][ T8662] chnl_net:caif_netlink_parms(): no params data found [ 173.917436][ T8665] IPVS: ftp: loaded support on port[0] = 21 [ 173.945019][ T8662] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.955218][ T8662] bridge0: port 1(bridge_slave_0) entered disabled state 10:55:18 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000002c0)={0x1, &(0x7f0000000140)=[{0x20000006, 0x0, 0x0, 0x50000}]}) r0 = accept$inet6(0xffffffffffffff9c, 0x0, 0x0) write$binfmt_aout(r0, 0x0, 0x0) [ 173.964029][ T8662] device bridge_slave_0 entered promiscuous mode [ 173.984119][ T8662] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.993750][ T8662] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.002217][ T8662] device bridge_slave_1 entered promiscuous mode [ 174.055500][ T8662] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 174.083294][ T8662] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 174.184039][ T8668] IPVS: ftp: loaded support on port[0] = 21 [ 174.190728][ T8662] team0: Port device team_slave_0 added [ 174.202047][ T8665] chnl_net:caif_netlink_parms(): no params data found [ 174.221447][ T8662] team0: Port device team_slave_1 added 10:55:18 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb)={'\x00\x00\x10', 0xffffffffffffffff, 0x4c00000000006800}, &(0x7f0000001fee)='R\x10rist\xe3cusgrVid:De', 0x0) [ 174.354196][ T8662] device hsr_slave_0 entered promiscuous mode 10:55:18 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)="8c2fb074d782b99a4ebb28bd49ca9d8f70aca1f2e24e7dc4636db1607852800ad7239bfbb123065f680fcd8bd0da6e13b662424ccd67943bc81a1d56defee801abbb295542689614ad3cf075062ecc8f45aa7708f05b4a75cd21c51a0cdf5c1d22ec6c88b2f328c35d2284ce37375165fc7b892d92b8d60d65de6a11b376b8379dea0e24d9d54997f9b0c35fdbb691b6a85b1dd235877eaf2c6b56cdebc12feefd6c32891969cc07ec80aa29bcc95a7fa0866e97a784c0ac21edab15d06cfb51b0f47e5f4404000000", 0xc9}], 0x1}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000006840)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/62, 0x3e}], 0x1}}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000a40)=""/38, 0x26}, {&(0x7f0000000a80)=""/108, 0x6c}], 0x2}}], 0x2, 0x0, 0x0) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcbcc87cecc7a95c25a3a07e756ec5a899499fae409581f947335332bc6544ab", 0xff3a, 0x4015, 0x0, 0xffffffffffffff24) [ 174.478843][ T8662] device hsr_slave_1 entered promiscuous mode [ 174.605375][ T8670] IPVS: ftp: loaded support on port[0] = 21 [ 174.618024][ T8665] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.625635][ T8665] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.634114][ T8665] device bridge_slave_0 entered promiscuous mode [ 174.670000][ T8665] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.677103][ T8665] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.686151][ T8665] device bridge_slave_1 entered promiscuous mode [ 174.716899][ T8672] IPVS: ftp: loaded support on port[0] = 21 10:55:19 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000008c0)=ANY=[@ANYBLOB="640000002400010f000000110000000000000000", @ANYRES32=r1, @ANYBLOB="00000000ffffffff00000000240008001c0001000a00400000003597100000000008000000000000000000000401020014000100706669666f5f686561645f64726f700018000200000000ab0d0d7998e90040bdc2add87619aa09005eb6878c2fbadff713a91db5d0f3b0fa27291ff682d0b5ee0d049cae3240f25fd180c1c9c0a6c3046932bdd2e12f39b3b135c0bddd00d4848cb81d05ddc54a7d11fb2110481aa9b9a960bab292e9705b4b8e65d8dbbfa6d4d2f3da41f90327f3a8989d3b3e24968382e720c13d833f25e25772be350bc9858df039f2ea6dfa57b3f5e18acbe518697819a10a894f0ab2a877044b672af8d804bd0da51901e186a0d6a5b140f1d65d3c261c93bde2e596520bf8d67c9a94d80b49461c8504af613a1ceb4d3b39b6197ea1f32c264fb6c9915cc308abdb4ca0fe67558ca15ebe21f8c3cb6de0e025301cb3601d9f47767397625a7c9a59be72330debf4252cac9c27d4fe3edc54f7cedf020ca6769f18e6ab85e73b63bd694840e5d95ab6ca485ef62f0f43137cff548b14fc5950d888bb6ee7679daf323515678ce62f000000002797795eadfedbfd09be1fca7a9f3c8cc5cf1f3c19f8e6fef39844007fcc7b4db8d1229cf9d3a506301b6ab537e23bfe5ed593a2a4b044ad9c36f0d38ab78cdc18000000000000000000000000c037e7357d46fb5ea852126a9a75a8963e453f5171c93f4a734e31a99c8a0098f6bb77cef6070af9301b35d3a41f24270f1376fe2074b5fcba16ae517e58ab5e837e36daca22a3d6f0c0878b0a0c4bdf48f493db6d54260c9502204ead0c5c2746e3b67b10239f76a54e316529600307d19b461e03613eac77f656079f4d8edc04428917ff6c2b6b80f7a8e2869bba81a24be7192217c43c5a9bc395f1084401bd6cc643f86e56b2318734e234e04e796120cf879f1b2cf72be558301cda6f772f6d3ea0d7fa069e97e01086394c1d1ce895388f329996060a5c0e57961c7b541f2b2036a245b87e38089d1823561c932483155d649858e8d0f054aad5"], 0x64}}, 0x0) [ 174.780884][ T8665] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 174.797110][ T8665] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 174.817680][ T8662] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.825164][ T8662] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.832998][ T8662] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.840100][ T8662] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.892623][ T8665] team0: Port device team_slave_0 added [ 174.900190][ T8665] team0: Port device team_slave_1 added [ 174.919807][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.938378][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.071304][ T8665] device hsr_slave_0 entered promiscuous mode [ 175.138695][ T8665] device hsr_slave_1 entered promiscuous mode [ 175.188399][ T8665] debugfs: Directory 'hsr0' with parent '/' already present! [ 175.264040][ T8676] IPVS: ftp: loaded support on port[0] = 21 [ 175.285425][ T8668] chnl_net:caif_netlink_parms(): no params data found [ 175.311542][ T8670] chnl_net:caif_netlink_parms(): no params data found [ 175.401397][ T8668] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.409217][ T8668] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.421254][ T8668] device bridge_slave_0 entered promiscuous mode [ 175.437676][ T8668] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.445036][ T8668] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.453007][ T8668] device bridge_slave_1 entered promiscuous mode [ 175.474873][ T8668] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.495648][ T8670] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.503528][ T8670] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.511732][ T8670] device bridge_slave_0 entered promiscuous mode [ 175.524002][ T8670] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.531793][ T8670] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.540639][ T8670] device bridge_slave_1 entered promiscuous mode [ 175.552979][ T8668] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.570808][ T8672] chnl_net:caif_netlink_parms(): no params data found [ 175.613202][ T8670] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.630067][ T8662] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.651890][ T8668] team0: Port device team_slave_0 added [ 175.663161][ T8670] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.674601][ T8672] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.684301][ T8672] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.692931][ T8672] device bridge_slave_0 entered promiscuous mode [ 175.708695][ T8668] team0: Port device team_slave_1 added [ 175.724576][ T8672] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.735201][ T8672] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.743278][ T8672] device bridge_slave_1 entered promiscuous mode [ 175.767231][ T8670] team0: Port device team_slave_0 added [ 175.794299][ T8675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 175.803417][ T8675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 175.819289][ T8670] team0: Port device team_slave_1 added [ 175.826630][ T8672] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.847269][ T8672] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.860140][ T8662] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.910287][ T8668] device hsr_slave_0 entered promiscuous mode [ 175.968698][ T8668] device hsr_slave_1 entered promiscuous mode [ 176.028296][ T8668] debugfs: Directory 'hsr0' with parent '/' already present! [ 176.041496][ T8665] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.066922][ T8672] team0: Port device team_slave_0 added [ 176.073793][ T8672] team0: Port device team_slave_1 added [ 176.124018][ T8665] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.181655][ T8670] device hsr_slave_0 entered promiscuous mode [ 176.238689][ T8670] device hsr_slave_1 entered promiscuous mode [ 176.279285][ T8670] debugfs: Directory 'hsr0' with parent '/' already present! [ 176.321405][ T8672] device hsr_slave_0 entered promiscuous mode [ 176.358684][ T8672] device hsr_slave_1 entered promiscuous mode [ 176.408328][ T8672] debugfs: Directory 'hsr0' with parent '/' already present! [ 176.450180][ T8675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 176.458489][ T8675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.466176][ T8675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.475593][ T8675] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.484700][ T8675] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.492063][ T8675] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.534184][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.543372][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.552539][ T8674] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.559655][ T8674] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.567199][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.576427][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.584944][ T8674] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.592149][ T8674] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.600040][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 176.644115][ T8676] chnl_net:caif_netlink_parms(): no params data found [ 176.657089][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 176.665642][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.674463][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.683077][ T8674] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.690271][ T8674] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.698483][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 176.707059][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.715889][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 176.724626][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.733356][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.742032][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.750678][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.783134][ T8665] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 176.794181][ T8665] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 176.815429][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.824163][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.833152][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.841688][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 176.850337][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.859189][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 176.867642][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.876411][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.884514][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.943512][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.955732][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.965525][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 176.974764][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.994507][ T8662] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 177.005920][ T8662] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 177.028120][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.037727][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.054987][ T8665] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.098125][ T8668] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.116288][ T8662] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.125662][ T8676] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.140348][ T8676] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.152930][ T8676] device bridge_slave_0 entered promiscuous mode [ 177.188299][ T3024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.196166][ T3024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.205861][ T8676] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.214435][ T8676] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.224614][ T8676] device bridge_slave_1 entered promiscuous mode [ 177.245609][ T8668] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.268581][ T8676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.280731][ T8676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.300092][ T3024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.310408][ T3024] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.321447][ T3024] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.328701][ T3024] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.336485][ T3024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.345519][ T3024] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.354171][ T3024] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.361473][ T3024] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.369579][ T3024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.402660][ T8670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.415961][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.424583][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.439407][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.449161][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.458080][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.475923][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.493668][ T8676] team0: Port device team_slave_0 added [ 177.545738][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 177.556598][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.571184][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.586740][ C0] hrtimer: interrupt took 44998 ns [ 177.588240][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.606812][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.615335][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 177.631224][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.656963][ T8676] team0: Port device team_slave_1 added [ 177.667042][ T8668] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 177.679041][ T8670] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.696028][ T8672] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.725652][ T8697] ================================================================== [ 177.733917][ T8697] BUG: KASAN: use-after-free in nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 177.733936][ T8697] Read of size 1 at addr ffff8880979b3604 by task syz-executor.1/8697 [ 177.733940][ T8697] [ 177.733955][ T8697] CPU: 1 PID: 8697 Comm: syz-executor.1 Not tainted 5.4.0-rc4-next-20191025 #0 [ 177.733964][ T8697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.733969][ T8697] Call Trace: [ 177.733985][ T8697] dump_stack+0x172/0x1f0 [ 177.734001][ T8697] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 177.734023][ T8697] print_address_description.constprop.0.cold+0xd4/0x30b [ 177.734036][ T8697] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 177.734051][ T8697] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 177.734067][ T8697] __kasan_report.cold+0x1b/0x41 [ 177.734086][ T8697] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 177.734104][ T8697] kasan_report+0x12/0x20 [ 177.734119][ T8697] __asan_report_load1_noabort+0x14/0x20 [ 177.734131][ T8697] nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 177.734151][ T8697] ? nf_ct_expect_unregister_notifier+0x140/0x140 [ 177.750905][ T8697] nf_confirm+0x3d8/0x4d0 [ 177.762223][ T8697] ipv4_confirm+0x14c/0x240 [ 177.762242][ T8697] nf_hook_slow+0xbc/0x1e0 [ 177.762259][ T8697] ip_output+0x40d/0x670 [ 177.762272][ T8697] ? ip_mc_output+0xf60/0xf60 [ 177.762288][ T8697] ? __ip_finish_output+0xbd0/0xbd0 [ 177.762304][ T8697] ? __this_cpu_preempt_check+0x35/0x190 [ 177.762325][ T8697] ? retint_kernel+0x2b/0x2b [ 177.762343][ T8697] ip_local_out+0xbb/0x1b0 [ 177.762357][ T8697] ip_send_skb+0x42/0xf0 [ 177.762378][ T8697] udp_send_skb.isra.0+0x6d5/0x11b0 [ 177.780174][ T8697] ? xfrm_lookup_route+0x5b/0x1e0 [ 177.780195][ T8697] udp_sendmsg+0x1e8f/0x2810 [ 177.780210][ T8697] ? mark_lock+0xc2/0x1220 [ 177.780227][ T8697] ? ip_reply_glue_bits+0xc0/0xc0 [ 177.780245][ T8697] ? udp_unicast_rcv_skb.isra.0+0x360/0x360 [ 177.780258][ T8697] ? lockdep_hardirqs_on+0x421/0x5e0 [ 177.780274][ T8697] ? retint_kernel+0x2b/0x2b [ 177.780291][ T8697] ? __kasan_check_read+0x11/0x20 [ 177.780319][ T8697] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.780330][ T8697] ? lockdep_hardirqs_on+0x421/0x5e0 [ 177.780348][ T8697] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.780371][ T8697] ? __this_cpu_preempt_check+0x35/0x190 [ 177.780385][ T8697] ? retint_kernel+0x2b/0x2b [ 177.780409][ T8697] inet_sendmsg+0x9e/0xe0 [ 177.780424][ T8697] ? inet_sendmsg+0x9e/0xe0 [ 177.780443][ T8697] ? inet_send_prepare+0x4e0/0x4e0 [ 177.780459][ T8697] sock_sendmsg+0xd7/0x130 [ 177.780478][ T8697] kernel_sendmsg+0x44/0x50 [ 177.780502][ T8697] rxrpc_send_data_packet+0x10cb/0x36b0 [ 177.780523][ T8697] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.780552][ T8697] ? rxrpc_send_abort_packet+0xe70/0xe70 [ 177.780574][ T8697] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 177.780600][ T8697] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 177.780620][ T8697] ? rxrpc_get_connection+0xa3/0x380 [ 177.780640][ T8697] rxrpc_send_data+0x1097/0x4130 [ 177.780652][ T8697] ? rxrpc_send_data+0x1097/0x4130 [ 177.780664][ T8697] ? __kasan_check_read+0x11/0x20 [ 177.780686][ T8697] ? mark_held_locks+0xa4/0xf0 [ 177.780707][ T8697] ? rxrpc_kernel_abort_call+0x8b0/0x8b0 [ 177.793695][ T8697] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.793714][ T8697] ? __this_cpu_preempt_check+0x35/0x190 [ 177.793728][ T8697] ? retint_kernel+0x2b/0x2b [ 177.793756][ T8697] rxrpc_do_sendmsg+0xb8e/0x1d5f [ 177.793771][ T8697] ? lockdep_hardirqs_on+0x421/0x5e0 [ 177.793787][ T8697] ? trace_hardirqs_on+0x1f1/0x240 [ 177.793806][ T8697] ? rxrpc_kernel_send_data+0x4e0/0x4e0 [ 177.793824][ T8697] ? __this_cpu_preempt_check+0x35/0x190 [ 177.805753][ T8697] ? retint_kernel+0x2b/0x2b [ 177.816729][ T8697] rxrpc_sendmsg+0x4d6/0x5f0 [ 177.826929][ T8697] ? rxrpc_kernel_probe_life+0x40/0x40 [ 177.839683][ T8697] sock_sendmsg+0xd7/0x130 [ 177.839699][ T8697] ___sys_sendmsg+0x3e2/0x920 [ 177.839715][ T8697] ? copy_msghdr_from_user+0x440/0x440 [ 177.839734][ T8697] ? lock_downgrade+0x920/0x920 [ 177.839751][ T8697] ? rcu_read_lock_held+0x9c/0xb0 [ 177.839769][ T8697] ? __kasan_check_read+0x11/0x20 [ 177.839787][ T8697] ? __fget+0x37f/0x550 [ 177.839806][ T8697] ? ksys_dup3+0x3e0/0x3e0 [ 177.839828][ T8697] ? __lock_acquire+0x16f2/0x4a00 [ 177.853317][ T8697] ? __this_cpu_preempt_check+0x35/0x190 [ 177.862297][ T8697] ? __fget_light+0x1a9/0x230 [ 177.862311][ T8697] ? __fdget+0x1b/0x20 [ 177.862323][ T8697] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 177.862342][ T8697] ? sockfd_lookup_light+0xcb/0x180 [ 177.862358][ T8697] __sys_sendmmsg+0x1bf/0x4d0 [ 177.862375][ T8697] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 177.862401][ T8697] ? _copy_to_user+0x118/0x160 [ 177.862417][ T8697] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 177.862432][ T8697] ? put_timespec64+0xda/0x140 [ 177.862446][ T8697] ? nsecs_to_jiffies+0x30/0x30 [ 177.862470][ T8697] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.862482][ T8697] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 177.862494][ T8697] ? do_syscall_64+0x26/0x760 [ 177.862509][ T8697] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.862521][ T8697] ? do_syscall_64+0x26/0x760 [ 177.862537][ T8697] __x64_sys_sendmmsg+0x9d/0x100 [ 177.862553][ T8697] do_syscall_64+0xfa/0x760 [ 177.862572][ T8697] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.862583][ T8697] RIP: 0033:0x459f39 [ 177.862598][ T8697] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 177.862606][ T8697] RSP: 002b:00007f954174fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 177.862619][ T8697] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459f39 [ 177.862627][ T8697] RDX: 0000000000000001 RSI: 0000000020005c00 RDI: 0000000000000004 [ 177.862635][ T8697] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 177.862643][ T8697] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f95417506d4 [ 177.862650][ T8697] R13: 00000000004c7b70 R14: 00000000004ddaa8 R15: 00000000ffffffff [ 177.862670][ T8697] [ 177.862684][ T8697] Allocated by task 8697: [ 177.878112][ T8697] save_stack+0x23/0x90 [ 177.886818][ T8697] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 178.328199][ T8697] kasan_krealloc+0x84/0xc0 [ 178.332690][ T8697] krealloc+0xa6/0xd0 [ 178.336681][ T8697] nf_ct_ext_add+0x2c7/0x630 [ 178.341355][ T8697] init_conntrack.isra.0+0x5ed/0x11a0 [ 178.346707][ T8697] nf_conntrack_in+0xd94/0x1460 [ 178.351632][ T8697] ipv4_conntrack_local+0x127/0x220 [ 178.356829][ T8697] nf_hook_slow+0xbc/0x1e0 [ 178.361227][ T8697] __ip_local_out+0x403/0x870 [ 178.366115][ T8697] ip_local_out+0x2d/0x1b0 [ 178.370513][ T8697] ip_send_skb+0x42/0xf0 [ 178.374741][ T8697] udp_send_skb.isra.0+0x6d5/0x11b0 [ 178.379917][ T8697] udp_sendmsg+0x1e8f/0x2810 [ 178.384492][ T8697] inet_sendmsg+0x9e/0xe0 [ 178.388804][ T8697] sock_sendmsg+0xd7/0x130 [ 178.393199][ T8697] kernel_sendmsg+0x44/0x50 [ 178.397682][ T8697] rxrpc_send_data_packet+0x10cb/0x36b0 [ 178.403222][ T8697] rxrpc_send_data+0x1097/0x4130 [ 178.408184][ T8697] rxrpc_do_sendmsg+0xb8e/0x1d5f [ 178.413105][ T8697] rxrpc_sendmsg+0x4d6/0x5f0 [ 178.417689][ T8697] sock_sendmsg+0xd7/0x130 [ 178.422085][ T8697] ___sys_sendmsg+0x3e2/0x920 [ 178.427020][ T8697] __sys_sendmmsg+0x1bf/0x4d0 [ 178.431681][ T8697] __x64_sys_sendmmsg+0x9d/0x100 [ 178.436670][ T8697] do_syscall_64+0xfa/0x760 [ 178.441177][ T8697] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.447054][ T8697] [ 178.449364][ T8697] Freed by task 8697: [ 178.453331][ T8697] save_stack+0x23/0x90 [ 178.457521][ T8697] __kasan_slab_free+0x102/0x150 [ 178.462441][ T8697] kasan_slab_free+0xe/0x10 [ 178.466942][ T8697] kfree+0x10a/0x2c0 [ 178.470825][ T8697] nf_ct_ext_destroy+0x2ab/0x2e0 [ 178.475743][ T8697] nf_conntrack_free+0x8f/0xe0 [ 178.480488][ T8697] destroy_conntrack+0x1a2/0x270 [ 178.485418][ T8697] nf_conntrack_destroy+0xed/0x230 [ 178.490516][ T8697] __nf_conntrack_confirm+0x21ca/0x2830 [ 178.496152][ T8697] nf_confirm+0x3e7/0x4d0 [ 178.500470][ T8697] ipv4_confirm+0x14c/0x240 [ 178.505306][ T8697] nf_hook_slow+0xbc/0x1e0 [ 178.509704][ T8697] ip_output+0x40d/0x670 [ 178.514053][ T8697] ip_local_out+0xbb/0x1b0 [ 178.518449][ T8697] ip_send_skb+0x42/0xf0 [ 178.522675][ T8697] udp_send_skb.isra.0+0x6d5/0x11b0 [ 178.527856][ T8697] udp_sendmsg+0x1e8f/0x2810 [ 178.532429][ T8697] inet_sendmsg+0x9e/0xe0 [ 178.536740][ T8697] sock_sendmsg+0xd7/0x130 [ 178.541155][ T8697] kernel_sendmsg+0x44/0x50 [ 178.545749][ T8697] rxrpc_send_data_packet+0x10cb/0x36b0 [ 178.551379][ T8697] rxrpc_send_data+0x1097/0x4130 [ 178.556310][ T8697] rxrpc_do_sendmsg+0xb8e/0x1d5f [ 178.561235][ T8697] rxrpc_sendmsg+0x4d6/0x5f0 [ 178.565818][ T8697] sock_sendmsg+0xd7/0x130 [ 178.570217][ T8697] ___sys_sendmsg+0x3e2/0x920 [ 178.574968][ T8697] __sys_sendmmsg+0x1bf/0x4d0 [ 178.580411][ T8697] __x64_sys_sendmmsg+0x9d/0x100 [ 178.585336][ T8697] do_syscall_64+0xfa/0x760 [ 178.590020][ T8697] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.595898][ T8697] [ 178.598227][ T8697] The buggy address belongs to the object at ffff8880979b3600 [ 178.598227][ T8697] which belongs to the cache kmalloc-128 of size 128 [ 178.612311][ T8697] The buggy address is located 4 bytes inside of [ 178.612311][ T8697] 128-byte region [ffff8880979b3600, ffff8880979b3680) [ 178.625479][ T8697] The buggy address belongs to the page: [ 178.631186][ T8697] page:ffffea00025e6cc0 refcount:1 mapcount:0 mapping:ffff8880aa400700 index:0x0 [ 178.640376][ T8697] flags: 0x1fffc0000000200(slab) [ 178.645323][ T8697] raw: 01fffc0000000200 ffffea0002635148 ffffea00027ec348 ffff8880aa400700 [ 178.653892][ T8697] raw: 0000000000000000 ffff8880979b3000 0000000100000010 0000000000000000 [ 178.662507][ T8697] page dumped because: kasan: bad access detected [ 178.668896][ T8697] [ 178.671236][ T8697] Memory state around the buggy address: [ 178.676868][ T8697] ffff8880979b3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 178.685000][ T8697] ffff8880979b3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.693047][ T8697] >ffff8880979b3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 178.701089][ T8697] ^ [ 178.705164][ T8697] ffff8880979b3680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 178.713337][ T8697] ffff8880979b3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 178.721394][ T8697] ================================================================== [ 178.729451][ T8697] Disabling lock debugging due to kernel taint [ 178.741230][ T8697] Kernel panic - not syncing: panic_on_warn set ... [ 178.748100][ T8697] CPU: 1 PID: 8697 Comm: syz-executor.1 Tainted: G B 5.4.0-rc4-next-20191025 #0 [ 178.758739][ T8697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.768916][ T8697] Call Trace: [ 178.772198][ T8697] dump_stack+0x172/0x1f0 [ 178.776626][ T8697] panic+0x2e3/0x75c [ 178.780543][ T8697] ? add_taint.cold+0x16/0x16 [ 178.785227][ T8697] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 178.791209][ T8697] ? preempt_schedule+0x4b/0x60 [ 178.796354][ T8697] ? ___preempt_schedule+0x16/0x18 [ 178.801526][ T8697] ? trace_hardirqs_on+0x5e/0x240 [ 178.806905][ T8697] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 178.812897][ T8697] end_report+0x47/0x4f [ 178.817042][ T8697] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 178.823101][ T8697] __kasan_report.cold+0xe/0x41 [ 178.827936][ T8697] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 178.834042][ T8697] kasan_report+0x12/0x20 [ 178.838369][ T8697] __asan_report_load1_noabort+0x14/0x20 [ 178.844012][ T8697] nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 178.849810][ T8697] ? nf_ct_expect_unregister_notifier+0x140/0x140 [ 178.856211][ T8697] nf_confirm+0x3d8/0x4d0 [ 178.860790][ T8697] ipv4_confirm+0x14c/0x240 [ 178.865386][ T8697] nf_hook_slow+0xbc/0x1e0 [ 178.869788][ T8697] ip_output+0x40d/0x670 [ 178.874010][ T8697] ? ip_mc_output+0xf60/0xf60 [ 178.878692][ T8697] ? __ip_finish_output+0xbd0/0xbd0 [ 178.884155][ T8697] ? __this_cpu_preempt_check+0x35/0x190 [ 178.889864][ T8697] ? retint_kernel+0x2b/0x2b [ 178.895325][ T8697] ip_local_out+0xbb/0x1b0 [ 178.899742][ T8697] ip_send_skb+0x42/0xf0 [ 178.903997][ T8697] udp_send_skb.isra.0+0x6d5/0x11b0 [ 178.909715][ T8697] ? xfrm_lookup_route+0x5b/0x1e0 [ 178.914955][ T8697] udp_sendmsg+0x1e8f/0x2810 [ 178.919651][ T8697] ? mark_lock+0xc2/0x1220 [ 178.924204][ T8697] ? ip_reply_glue_bits+0xc0/0xc0 [ 178.929472][ T8697] ? udp_unicast_rcv_skb.isra.0+0x360/0x360 [ 178.935480][ T8697] ? lockdep_hardirqs_on+0x421/0x5e0 [ 178.940755][ T8697] ? retint_kernel+0x2b/0x2b [ 178.945327][ T8697] ? __kasan_check_read+0x11/0x20 [ 178.950342][ T8697] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 178.955994][ T8697] ? lockdep_hardirqs_on+0x421/0x5e0 [ 178.961274][ T8697] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 178.966836][ T8697] ? __this_cpu_preempt_check+0x35/0x190 [ 178.972477][ T8697] ? retint_kernel+0x2b/0x2b [ 178.977078][ T8697] inet_sendmsg+0x9e/0xe0 [ 178.981409][ T8697] ? inet_sendmsg+0x9e/0xe0 [ 178.985897][ T8697] ? inet_send_prepare+0x4e0/0x4e0 [ 178.991007][ T8697] sock_sendmsg+0xd7/0x130 [ 178.996299][ T8697] kernel_sendmsg+0x44/0x50 [ 179.000805][ T8697] rxrpc_send_data_packet+0x10cb/0x36b0 [ 179.006359][ T8697] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.011822][ T8697] ? rxrpc_send_abort_packet+0xe70/0xe70 [ 179.017976][ T8697] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 179.024123][ T8697] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 179.029663][ T8697] ? rxrpc_get_connection+0xa3/0x380 [ 179.035042][ T8697] rxrpc_send_data+0x1097/0x4130 [ 179.039972][ T8697] ? rxrpc_send_data+0x1097/0x4130 [ 179.045246][ T8697] ? __kasan_check_read+0x11/0x20 [ 179.050257][ T8697] ? mark_held_locks+0xa4/0xf0 [ 179.055021][ T8697] ? rxrpc_kernel_abort_call+0x8b0/0x8b0 [ 179.060645][ T8697] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.066271][ T8697] ? __this_cpu_preempt_check+0x35/0x190 [ 179.071885][ T8697] ? retint_kernel+0x2b/0x2b [ 179.076463][ T8697] rxrpc_do_sendmsg+0xb8e/0x1d5f [ 179.081558][ T8697] ? lockdep_hardirqs_on+0x421/0x5e0 [ 179.086823][ T8697] ? trace_hardirqs_on+0x1f1/0x240 [ 179.092032][ T8697] ? rxrpc_kernel_send_data+0x4e0/0x4e0 [ 179.097588][ T8697] ? __this_cpu_preempt_check+0x35/0x190 [ 179.103388][ T8697] ? retint_kernel+0x2b/0x2b [ 179.107967][ T8697] rxrpc_sendmsg+0x4d6/0x5f0 [ 179.112557][ T8697] ? rxrpc_kernel_probe_life+0x40/0x40 [ 179.118008][ T8697] sock_sendmsg+0xd7/0x130 [ 179.122421][ T8697] ___sys_sendmsg+0x3e2/0x920 [ 179.127254][ T8697] ? copy_msghdr_from_user+0x440/0x440 [ 179.132696][ T8697] ? lock_downgrade+0x920/0x920 [ 179.137670][ T8697] ? rcu_read_lock_held+0x9c/0xb0 [ 179.142679][ T8697] ? __kasan_check_read+0x11/0x20 [ 179.147686][ T8697] ? __fget+0x37f/0x550 [ 179.151831][ T8697] ? ksys_dup3+0x3e0/0x3e0 [ 179.156260][ T8697] ? __lock_acquire+0x16f2/0x4a00 [ 179.161289][ T8697] ? __this_cpu_preempt_check+0x35/0x190 [ 179.167105][ T8697] ? __fget_light+0x1a9/0x230 [ 179.171800][ T8697] ? __fdget+0x1b/0x20 [ 179.175851][ T8697] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 179.182079][ T8697] ? sockfd_lookup_light+0xcb/0x180 [ 179.187259][ T8697] __sys_sendmmsg+0x1bf/0x4d0 [ 179.191917][ T8697] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 179.196932][ T8697] ? _copy_to_user+0x118/0x160 [ 179.201767][ T8697] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 179.207995][ T8697] ? put_timespec64+0xda/0x140 [ 179.212739][ T8697] ? nsecs_to_jiffies+0x30/0x30 [ 179.217667][ T8697] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.223112][ T8697] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 179.228555][ T8697] ? do_syscall_64+0x26/0x760 [ 179.233240][ T8697] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.239300][ T8697] ? do_syscall_64+0x26/0x760 [ 179.243992][ T8697] __x64_sys_sendmmsg+0x9d/0x100 [ 179.248913][ T8697] do_syscall_64+0xfa/0x760 [ 179.253440][ T8697] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.259339][ T8697] RIP: 0033:0x459f39 [ 179.263233][ T8697] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 179.283738][ T8697] RSP: 002b:00007f954174fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 179.292236][ T8697] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459f39 [ 179.300197][ T8697] RDX: 0000000000000001 RSI: 0000000020005c00 RDI: 0000000000000004 [ 179.308170][ T8697] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 179.316135][ T8697] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f95417506d4 [ 179.324197][ T8697] R13: 00000000004c7b70 R14: 00000000004ddaa8 R15: 00000000ffffffff [ 179.333886][ T8697] Kernel Offset: disabled [ 179.338238][ T8697] Rebooting in 86400 seconds..