[ 26.950834] audit: type=1800 audit(1565730304.026:22): pid=6904 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 41.523203] IPVS: ftp: loaded support on port[0] = 21 [ 42.054499] can: request_module (can-proto-0) failed. [ 43.211594] can: request_module (can-proto-0) failed. Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts. 2019/08/13 21:05:27 parsed 1 programs 2019/08/13 21:05:28 executed programs: 0 [ 51.579209] IPVS: ftp: loaded support on port[0] = 21 [ 51.592725] IPVS: ftp: loaded support on port[0] = 21 [ 51.627129] IPVS: ftp: loaded support on port[0] = 21 [ 51.637062] IPVS: ftp: loaded support on port[0] = 21 [ 51.645060] IPVS: ftp: loaded support on port[0] = 21 [ 51.660761] IPVS: ftp: loaded support on port[0] = 21 [ 51.747367] chnl_net:caif_netlink_parms(): no params data found [ 51.872981] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.880186] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.887989] device bridge_slave_0 entered promiscuous mode [ 51.894958] chnl_net:caif_netlink_parms(): no params data found [ 51.929503] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.936105] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.943098] device bridge_slave_1 entered promiscuous mode [ 51.955475] chnl_net:caif_netlink_parms(): no params data found [ 51.997696] chnl_net:caif_netlink_parms(): no params data found [ 52.005349] chnl_net:caif_netlink_parms(): no params data found [ 52.023910] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.055644] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.098866] team0: Port device team_slave_0 added [ 52.108343] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.114699] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.122787] device bridge_slave_0 entered promiscuous mode [ 52.133133] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.139624] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.146863] device bridge_slave_1 entered promiscuous mode [ 52.158893] team0: Port device team_slave_1 added [ 52.177254] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.183615] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.190985] device bridge_slave_0 entered promiscuous mode [ 52.198236] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.204667] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.212180] device bridge_slave_0 entered promiscuous mode [ 52.226417] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.236164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.249282] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.256025] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.263699] device bridge_slave_0 entered promiscuous mode [ 52.270206] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.276827] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.284318] device bridge_slave_1 entered promiscuous mode [ 52.299094] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.305449] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.313637] device bridge_slave_1 entered promiscuous mode [ 52.342946] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.349875] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.357184] device bridge_slave_1 entered promiscuous mode [ 52.366859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.381728] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.427955] device hsr_slave_0 entered promiscuous mode [ 52.467911] device hsr_slave_1 entered promiscuous mode [ 52.537673] chnl_net:caif_netlink_parms(): no params data found [ 52.547799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.558599] team0: Port device team_slave_0 added [ 52.564456] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.579503] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.593266] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.619627] team0: Port device team_slave_1 added [ 52.677769] device hsr_slave_0 entered promiscuous mode [ 52.716033] device hsr_slave_1 entered promiscuous mode [ 52.765742] debugfs: Directory 'hsr0' with parent '/' already present! [ 52.774184] team0: Port device team_slave_0 added [ 52.799867] team0: Port device team_slave_0 added [ 52.811823] team0: Port device team_slave_1 added [ 52.829337] team0: Port device team_slave_0 added [ 52.835406] team0: Port device team_slave_1 added [ 52.907552] device hsr_slave_0 entered promiscuous mode [ 52.957726] device hsr_slave_1 entered promiscuous mode [ 53.015716] debugfs: Directory 'hsr0' with parent '/' already present! [ 53.028075] team0: Port device team_slave_1 added [ 53.079880] device hsr_slave_0 entered promiscuous mode [ 53.126195] device hsr_slave_1 entered promiscuous mode [ 53.165795] debugfs: Directory 'hsr0' with parent '/' already present! [ 53.190067] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.197827] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.204670] device bridge_slave_0 entered promiscuous mode [ 53.215187] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.221645] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.228626] device bridge_slave_1 entered promiscuous mode [ 53.245177] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.268451] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.293167] team0: Port device team_slave_0 added [ 53.329276] device hsr_slave_0 entered promiscuous mode [ 53.386008] device hsr_slave_1 entered promiscuous mode [ 53.425746] debugfs: Directory 'hsr0' with parent '/' already present! [ 53.436342] team0: Port device team_slave_1 added [ 53.491041] device hsr_slave_0 entered promiscuous mode [ 53.546458] device hsr_slave_1 entered promiscuous mode [ 53.605799] debugfs: Directory 'hsr0' with parent '/' already present! [ 53.650924] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.686006] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.692882] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.699936] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.706723] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.730132] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.741845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.778508] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.787919] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.795207] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.803836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.812366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.842652] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.860182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.870002] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.879037] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.885680] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.892649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.900772] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.908677] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.915010] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.922371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.930574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.938731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.946994] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.954615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.962405] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.969983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.977688] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.985072] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.992839] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.000509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.010748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.017781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.024737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.032056] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.039638] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.057131] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.069807] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.076786] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.093605] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.100125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.108478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.116321] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.122715] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.130514] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.144001] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.152987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.161699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.170118] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.176512] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.183539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.190619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.197850] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.205763] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.213338] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.219882] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.234605] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.244485] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.256732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.263954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.271250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.278402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.287211] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.296292] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.302670] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.309524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.317570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.325461] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.333621] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.340138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.350113] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.372030] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.387669] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.394925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.403352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.412506] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.418924] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.426352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.434279] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.441978] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.448351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.455371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.463522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.471493] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.477984] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.484723] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.493755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.501549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.509607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.517357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.525018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.533016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.539925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.547854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.555780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.564405] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.571430] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.594538] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.613279] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.630542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.639251] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.647346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.658566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.667105] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.674593] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.682467] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.690444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.698434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.707039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.714659] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.722952] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.730598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.751475] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.761497] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.773650] Started in network mode [ 54.778306] Own node identity 7f000001, cluster identity 4711 [ 54.786861] check_preemption_disabled: 8 callbacks suppressed [ 54.786869] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor2/7167 [ 54.801877] caller is dst_cache_get+0x33/0xa0 [ 54.806433] CPU: 0 PID: 7167 Comm: syz-executor2 Not tainted 5.3.0-rc4+ #1 [ 54.813543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.823077] Call Trace: [ 54.825663] dump_stack+0x113/0x167 [ 54.829332] debug_smp_processor_id.cold.2+0x84/0x97 [ 54.834446] dst_cache_get+0x33/0xa0 [ 54.838170] tipc_udp_xmit.isra.15+0xb9/0xc60 [ 54.842674] ? tipc_udp_addr2str+0x150/0x150 [ 54.847166] ? __kasan_check_read+0x11/0x20 [ 54.851490] ? __lock_acquire+0x96a/0x4b70 [ 54.855715] ? find_held_lock+0x36/0x1d0 [ 54.859827] tipc_udp_send_msg+0x31e/0x3d0 [ 54.864078] tipc_bearer_xmit_skb+0x12c/0x290 [ 54.868567] tipc_enable_bearer+0x7a6/0xab0 [ 54.872880] ? tipc_bearer_xmit_skb+0x290/0x290 [ 54.877561] ? __nla_validate_parse+0xa1/0x1d90 [ 54.882229] ? rtnl_lock+0x12/0x20 [ 54.885786] __tipc_nl_bearer_enable+0x265/0x390 [ 54.890536] ? __tipc_nl_bearer_enable+0x265/0x390 [ 54.895554] ? memset+0x31/0x40 [ 54.898944] ? tipc_nl_bearer_disable+0x30/0x30 [ 54.903610] ? __nla_validate_parse+0xa1/0x1d90 [ 54.908281] ? nla_memcpy+0xa0/0xa0 [ 54.912040] tipc_nl_bearer_enable+0x1d/0x30 [ 54.916449] genl_family_rcv_msg+0x5d5/0x1160 [ 54.921068] ? genl_unregister_family+0x6d0/0x6d0 [ 54.925907] ? netdev_core_pick_tx+0x2a0/0x2a0 [ 54.930490] ? cache_grow_end+0x10/0x190 [ 54.934658] ? lock_downgrade+0x900/0x900 [ 54.938806] ? __kasan_check_write+0x14/0x20 [ 54.943199] ? do_raw_spin_lock+0x123/0x2d0 [ 54.947796] genl_rcv_msg+0xa7/0x140 [ 54.951597] netlink_rcv_skb+0x13f/0x380 [ 54.955662] ? genl_family_rcv_msg+0x1160/0x1160 [ 54.960406] ? netlink_ack+0x990/0x990 [ 54.964306] ? netlink_deliver_tap+0x182/0xad0 [ 54.968900] genl_rcv+0x23/0x40 [ 54.972169] netlink_unicast+0x444/0x640 [ 54.976226] ? netlink_attachskb+0x6f0/0x6f0 [ 54.980621] ? _copy_from_iter_full+0x19e/0x7e0 [ 54.985281] ? __kasan_check_read+0x11/0x20 [ 54.989591] ? __check_object_size+0x1fe/0x30c [ 54.994211] netlink_sendmsg+0x75d/0xc40 [ 54.998498] ? netlink_unicast+0x640/0x640 [ 55.002721] ? apparmor_socket_sendmsg+0x1b/0x20 [ 55.007492] ? netlink_unicast+0x640/0x640 [ 55.011723] sock_sendmsg+0xe6/0x110 [ 55.015645] ___sys_sendmsg+0x658/0x980 [ 55.019650] ? copy_msghdr_from_user+0x420/0x420 [ 55.024401] ? lock_downgrade+0x900/0x900 [ 55.028565] ? __kasan_check_read+0x11/0x20 [ 55.032878] ? __fget+0x2b1/0x420 [ 55.036352] ? ksys_dup3+0x2e0/0x2e0 [ 55.040056] ? __might_fault+0xf1/0x1b0 [ 55.044013] ? __fget_light+0x179/0x1f0 [ 55.048291] ? lock_acquire+0x194/0x410 [ 55.052266] ? __fdget+0xe/0x10 [ 55.055687] __sys_sendmsg+0xd9/0x180 [ 55.059493] ? __sys_sendmsg_sock+0xb0/0xb0 [ 55.063913] ? __kasan_check_read+0x11/0x20 [ 55.068325] ? _copy_to_user+0xcb/0xf0 [ 55.072209] ? put_timespec64+0xa9/0x100 [ 55.076348] ? nsecs_to_jiffies+0x20/0x20 [ 55.080496] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.085863] __x64_sys_sendmsg+0x73/0xb0 [ 55.089916] do_syscall_64+0xd6/0x550 [ 55.093704] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.098889] RIP: 0033:0x457f89 [ 55.102063] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.121040] RSP: 002b:00007fe8bf08fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.128768] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f89 [ 55.136046] RDX: 0000000000000004 RSI: 0000000020000000 RDI: 0000000000000003 [ 55.143453] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 55.150719] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe8bf0906d4 [ 55.157998] R13: 00000000004c5252 R14: 00000000004d8f40 R15: 00000000ffffffff [ 55.169901] Enabled bearer , priority 10 [ 55.175695] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.187017] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.201914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.210084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.218116] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.225966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.233826] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.250880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.259653] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.267265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.275041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.283332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.291270] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.297784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.304530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.312642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.321020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.328846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.337628] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.344487] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.352304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.368088] Enabling of bearer rejected, already enabled [ 55.382906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.397898] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.406658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.414770] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.422697] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.429285] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.436682] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.449544] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.466442] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.473634] Enabling of bearer rejected, already enabled [ 55.480739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.492964] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.500968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.512002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.522889] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.534607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.561665] Enabling of bearer rejected, already enabled [ 55.568532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.580804] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.590475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.599167] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.607739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.615443] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.623300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.631312] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.639108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.647473] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.656067] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.685504] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.702032] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.712442] Enabling of bearer rejected, already enabled [ 55.730086] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.750510] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.757986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.770972] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.791854] Started in network mode [ 55.796107] Own node identity 7f000001, cluster identity 4711 [ 55.803742] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor4/7182 [ 55.814184] caller is dst_cache_get+0x33/0xa0 [ 55.819405] CPU: 1 PID: 7182 Comm: syz-executor4 Not tainted 5.3.0-rc4+ #1 [ 55.826449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.835933] Call Trace: [ 55.838638] dump_stack+0x113/0x167 [ 55.842268] debug_smp_processor_id.cold.2+0x84/0x97 [ 55.847501] dst_cache_get+0x33/0xa0 [ 55.851219] tipc_udp_xmit.isra.15+0xb9/0xc60 [ 55.855713] ? tipc_udp_addr2str+0x150/0x150 [ 55.860113] ? __kasan_check_read+0x11/0x20 [ 55.864435] ? __lock_acquire+0x96a/0x4b70 [ 55.868656] ? find_held_lock+0x36/0x1d0 [ 55.872741] tipc_udp_send_msg+0x31e/0x3d0 [ 55.876973] tipc_bearer_xmit_skb+0x12c/0x290 [ 55.881457] tipc_enable_bearer+0x7a6/0xab0 [ 55.885784] ? tipc_bearer_xmit_skb+0x290/0x290 [ 55.890466] ? __nla_validate_parse+0xa1/0x1d90 [ 55.895244] ? rtnl_lock+0x12/0x20 [ 55.898787] __tipc_nl_bearer_enable+0x265/0x390 [ 55.903543] ? __tipc_nl_bearer_enable+0x265/0x390 [ 55.908466] ? memset+0x31/0x40 [ 55.911765] ? tipc_nl_bearer_disable+0x30/0x30 [ 55.916509] ? __nla_validate_parse+0xa1/0x1d90 [ 55.921240] ? nla_memcpy+0xa0/0xa0 [ 55.924882] tipc_nl_bearer_enable+0x1d/0x30 [ 55.929293] genl_family_rcv_msg+0x5d5/0x1160 [ 55.933803] ? genl_unregister_family+0x6d0/0x6d0 [ 55.938638] ? netdev_core_pick_tx+0x2a0/0x2a0 [ 55.943212] ? __kasan_check_read+0x11/0x20 [ 55.947530] ? __lock_acquire+0x96a/0x4b70 [ 55.951766] genl_rcv_msg+0xa7/0x140 [ 55.955797] netlink_rcv_skb+0x13f/0x380 [ 55.959868] ? genl_family_rcv_msg+0x1160/0x1160 [ 55.964616] ? netlink_ack+0x990/0x990 [ 55.968490] ? netlink_deliver_tap+0x182/0xad0 [ 55.973081] genl_rcv+0x23/0x40 [ 55.976346] netlink_unicast+0x444/0x640 [ 55.980445] ? netlink_attachskb+0x6f0/0x6f0 [ 55.984978] ? _copy_from_iter_full+0x19e/0x7e0 [ 55.989641] ? __kasan_check_read+0x11/0x20 [ 55.993951] ? __check_object_size+0x1fe/0x30c [ 55.998677] netlink_sendmsg+0x75d/0xc40 [ 56.002739] ? netlink_unicast+0x640/0x640 [ 56.006982] ? apparmor_socket_sendmsg+0x1b/0x20 [ 56.012014] ? netlink_unicast+0x640/0x640 [ 56.016249] sock_sendmsg+0xe6/0x110 [ 56.019956] ___sys_sendmsg+0x658/0x980 [ 56.023929] ? copy_msghdr_from_user+0x420/0x420 [ 56.028844] ? lock_downgrade+0x900/0x900 [ 56.032996] ? __kasan_check_read+0x11/0x20 [ 56.037321] ? __fget+0x2b1/0x420 [ 56.040887] ? ksys_dup3+0x2e0/0x2e0 [ 56.044593] ? __might_fault+0xf1/0x1b0 [ 56.048560] ? __fget_light+0x179/0x1f0 [ 56.052523] ? lock_acquire+0x194/0x410 [ 56.056497] ? __fdget+0xe/0x10 [ 56.059801] __sys_sendmsg+0xd9/0x180 [ 56.063596] ? __sys_sendmsg_sock+0xb0/0xb0 [ 56.067993] ? __kasan_check_read+0x11/0x20 [ 56.072303] ? _copy_to_user+0xcb/0xf0 [ 56.076181] ? put_timespec64+0xa9/0x100 [ 56.080234] ? nsecs_to_jiffies+0x20/0x20 [ 56.084409] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.089788] __x64_sys_sendmsg+0x73/0xb0 [ 56.093838] do_syscall_64+0xd6/0x550 [ 56.097627] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.102803] RIP: 0033:0x457f89 [ 56.105989] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.125325] RSP: 002b:00007fad985d9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.133763] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f89 [ 56.141208] RDX: 0000000000000004 RSI: 0000000020000000 RDI: 0000000000000003 [ 56.148481] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 56.156094] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad985da6d4 [ 56.163556] R13: 00000000004c5252 R14: 00000000004d8f40 R15: 00000000ffffffff [ 56.174129] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor4/7182 [ 56.179606] 32-bit node address hash set to 100007f [ 56.183727] caller is dst_cache_set_ip4+0x97/0x2dc [ 56.194215] CPU: 1 PID: 7182 Comm: syz-executor4 Not tainted 5.3.0-rc4+ #1 [ 56.201351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.210813] Call Trace: [ 56.213406] dump_stack+0x113/0x167 [ 56.217057] debug_smp_processor_id.cold.2+0x84/0x97 [ 56.222264] dst_cache_set_ip4+0x97/0x2dc [ 56.226612] ? dst_cache_get_ip6+0x1b0/0x1b0 [ 56.231021] ? xfrm_lookup_route+0x1f/0x170 [ 56.235336] tipc_udp_xmit.isra.15+0x7c2/0xc60 [ 56.239977] ? tipc_udp_addr2str+0x150/0x150 [ 56.244488] ? __lock_acquire+0x96a/0x4b70 [ 56.248950] tipc_udp_send_msg+0x31e/0x3d0 [ 56.253187] tipc_bearer_xmit_skb+0x12c/0x290 [ 56.257696] tipc_enable_bearer+0x7a6/0xab0 [ 56.262016] ? tipc_bearer_xmit_skb+0x290/0x290 [ 56.266711] ? __nla_validate_parse+0xa1/0x1d90 [ 56.271478] ? rtnl_lock+0x12/0x20 [ 56.275316] __tipc_nl_bearer_enable+0x265/0x390 [ 56.280526] ? __tipc_nl_bearer_enable+0x265/0x390 [ 56.286179] ? memset+0x31/0x40 [ 56.289583] ? tipc_nl_bearer_disable+0x30/0x30 [ 56.294375] ? __nla_validate_parse+0xa1/0x1d90 [ 56.299040] ? nla_memcpy+0xa0/0xa0 [ 56.302665] tipc_nl_bearer_enable+0x1d/0x30 [ 56.307055] genl_family_rcv_msg+0x5d5/0x1160 [ 56.311534] ? genl_unregister_family+0x6d0/0x6d0 [ 56.316990] ? netdev_core_pick_tx+0x2a0/0x2a0 [ 56.321595] ? __kasan_check_read+0x11/0x20 [ 56.325926] ? __lock_acquire+0x96a/0x4b70 [ 56.330384] genl_rcv_msg+0xa7/0x140 [ 56.334118] netlink_rcv_skb+0x13f/0x380 [ 56.338217] ? genl_family_rcv_msg+0x1160/0x1160 [ 56.342971] ? netlink_ack+0x990/0x990 [ 56.347030] ? netlink_deliver_tap+0x182/0xad0 [ 56.351618] genl_rcv+0x23/0x40 [ 56.354978] netlink_unicast+0x444/0x640 [ 56.359028] ? netlink_attachskb+0x6f0/0x6f0 [ 56.363517] ? _copy_from_iter_full+0x19e/0x7e0 [ 56.368270] ? __kasan_check_read+0x11/0x20 [ 56.372599] ? __check_object_size+0x1fe/0x30c [ 56.377188] netlink_sendmsg+0x75d/0xc40 [ 56.381243] ? netlink_unicast+0x640/0x640 [ 56.385498] ? apparmor_socket_sendmsg+0x1b/0x20 [ 56.390287] ? netlink_unicast+0x640/0x640 [ 56.394939] sock_sendmsg+0xe6/0x110 [ 56.399085] ___sys_sendmsg+0x658/0x980 [ 56.403150] ? copy_msghdr_from_user+0x420/0x420 [ 56.407911] ? lock_downgrade+0x900/0x900 [ 56.412299] ? __kasan_check_read+0x11/0x20 [ 56.417219] ? __fget+0x2b1/0x420 [ 56.420664] ? ksys_dup3+0x2e0/0x2e0 [ 56.424462] ? __might_fault+0xf1/0x1b0 [ 56.428519] ? __fget_light+0x179/0x1f0 [ 56.432897] ? lock_acquire+0x194/0x410 [ 56.436998] ? __fdget+0xe/0x10 [ 56.440345] __sys_sendmsg+0xd9/0x180 [ 56.444180] ? __sys_sendmsg_sock+0xb0/0xb0 [ 56.448494] ? __kasan_check_read+0x11/0x20 [ 56.452827] ? _copy_to_user+0xcb/0xf0 [ 56.456822] ? put_timespec64+0xa9/0x100 [ 56.460898] ? nsecs_to_jiffies+0x20/0x20 [ 56.465048] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.470421] __x64_sys_sendmsg+0x73/0xb0 [ 56.474501] do_syscall_64+0xd6/0x550 [ 56.478317] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.483648] RIP: 0033:0x457f89 [ 56.486912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.506320] RSP: 002b:00007fad985d9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.514183] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f89 [ 56.521528] RDX: 0000000000000004 RSI: 0000000020000000 RDI: 0000000000000003 [ 56.528808] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 56.536076] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad985da6d4 [ 56.543448] R13: 00000000004c5252 R14: 00000000004d8f40 R15: 00000000ffffffff [ 56.551521] ------------[ cut here ]------------ [ 56.553789] Enabled bearer , priority 10 [ 56.556567] WARNING: CPU: 1 PID: 16 at include/net/dst.h:228 dst_hold.part.1+0x10/0x14 [ 56.556575] Kernel panic - not syncing: panic_on_warn set ... [ 56.556582] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.3.0-rc4+ #1 [ 56.556585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.556588] Call Trace: [ 56.556596] dump_stack+0x113/0x167 [ 56.556604] ? dst_hold.part.1+0x10/0x14 [ 56.556611] panic+0x223/0x4ee [ 56.556617] ? add_taint.cold.7+0x11/0x11 [ 56.556631] __warn.cold.10+0x1b/0x45 [ 56.556636] ? dst_hold.part.1+0x10/0x14 [ 56.556641] report_bug+0x1a4/0x200 [ 56.556650] do_error_trap+0x11b/0x200 [ 56.556658] do_invalid_op+0x36/0x40 [ 56.556662] ? dst_hold.part.1+0x10/0x14 [ 56.556668] invalid_op+0x23/0x30 [ 56.556672] RIP: 0010:dst_hold.part.1+0x10/0x14 [ 56.556683] Code: 6a 1f 57 fc e9 1f fe ff ff 48 8b bd 60 ff ff ff e8 f9 1f 57 fc e9 1a ff ff ff 55 48 c7 c7 a0 c3 98 87 48 89 e5 e8 33 de 10 fc <0f> 0b 5d c3 48 8d 7e 30 55 48 b8 00 00 00 00 00 fc ff df 48 89 fa [ 56.556685] RSP: 0018:ffff8880a9907788 EFLAGS: 00010282 [ 56.556690] RAX: 0000000000000024 RBX: 1ffff11015320ef7 RCX: 0000000000000000 [ 56.556693] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff89d8f180 [ 56.556696] RBP: ffff8880a9907788 R08: ffffed1015d660d1 R09: ffffed1015d660d1 [ 56.556699] R10: ffffed1015d660d0 R11: ffff8880aeb30687 R12: ffff8880a9907818 [ 56.556702] R13: ffff88809a7b4640 R14: ffffe8ffffdbcc48 R15: ffff88809a7b4600 [ 56.556714] ? dst_hold.part.1+0x10/0x14 [ 56.556719] dst_cache_per_cpu_get.isra.3+0x20d/0x420 [ 56.556726] ? dst_cache_set_ip6+0x620/0x620 [ 56.556733] ? __kasan_kmalloc.constprop.9+0xc7/0xd0 [ 56.556738] ? kmem_cache_alloc+0x121/0x750 [ 56.556744] ? skb_clone+0x10e/0x310 [ 56.556753] ? tipc_disc_timeout+0x6db/0xae0 [ 56.556758] ? call_timer_fn+0x16c/0x580 [ 56.556762] ? run_timer_softirq+0xd8b/0x13c0 [ 56.556767] ? __do_softirq+0x268/0x9b4 [ 56.556775] dst_cache_get+0x69/0xa0 [ 56.556783] tipc_udp_xmit.isra.15+0xb9/0xc60 [ 56.556792] ? tipc_udp_addr2str+0x150/0x150 [ 56.556797] ? __kasan_check_read+0x11/0x20 [ 56.556803] ? __lock_acquire+0x96a/0x4b70 [ 56.556814] ? find_held_lock+0x36/0x1d0 [ 56.556831] tipc_udp_send_msg+0x31e/0x3d0 [ 56.556843] tipc_bearer_xmit_skb+0x12c/0x290 [ 56.556851] tipc_disc_timeout+0x729/0xae0 [ 56.556855] ? __kasan_check_write+0x14/0x20 [ 56.556863] ? tipc_disc_msg_xmit.isra.19+0x180/0x180 [ 56.556878] ? tipc_disc_msg_xmit.isra.19+0x180/0x180 [ 56.556882] call_timer_fn+0x16c/0x580 [ 56.556889] ? debug_object_deactivate+0x2c4/0x3a0 [ 56.556894] ? tipc_disc_msg_xmit.isra.19+0x180/0x180 [ 56.556900] ? msleep_interruptible+0xf0/0xf0 [ 56.556908] ? _raw_spin_unlock_irq+0x27/0x80 [ 56.556915] ? trace_hardirqs_on+0x28/0x1b0 [ 56.556919] ? __kasan_check_read+0x11/0x20 [ 56.556927] ? tipc_disc_msg_xmit.isra.19+0x180/0x180 [ 56.556932] run_timer_softirq+0xd8b/0x13c0 [ 56.556937] ? _raw_spin_unlock_irq+0x27/0x80 [ 56.556946] ? add_timer+0x730/0x730 [ 56.556953] ? kvm_clock_read+0x18/0x30 [ 56.556959] ? kvm_sched_clock_read+0x9/0x20 [ 56.556965] ? sched_clock+0x31/0x40 [ 56.556970] ? __do_softirq+0x1f9/0x9b4 [ 56.556984] __do_softirq+0x268/0x9b4 [ 56.556996] ? takeover_tasklets+0x820/0x820 [ 56.557003] run_ksoftirqd+0x94/0x100 [ 56.557009] smpboot_thread_fn+0x56b/0x8c0 [ 56.557014] ? __kasan_check_read+0x11/0x20 [ 56.557020] ? smpboot_unregister_percpu_thread+0x180/0x180 [ 56.557026] ? __kasan_check_read+0x11/0x20 [ 56.557032] ? __kthread_parkme+0xc8/0x1a0 [ 56.557036] ? __kasan_check_read+0x11/0x20 [ 56.557043] kthread+0x334/0x3f0 [ 56.557047] ? smpboot_unregister_percpu_thread+0x180/0x180 [ 56.557051] ? kthread_cancel_delayed_work_sync+0x10/0x10 [ 56.557058] ret_from_fork+0x3a/0x50 [ 56.560217] Kernel Offset: disabled [ 56.931976] Rebooting in 86400 seconds..