Warning: Permanently added '10.128.0.149' (ECDSA) to the list of known hosts. 2020/01/08 18:01:31 parsed 1 programs 2020/01/08 18:01:33 executed programs: 0 syzkaller login: [ 104.966265][ T9604] IPVS: ftp: loaded support on port[0] = 21 [ 105.033513][ T9604] chnl_net:caif_netlink_parms(): no params data found [ 105.065308][ T9604] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.072870][ T9604] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.080555][ T9604] device bridge_slave_0 entered promiscuous mode [ 105.089627][ T9604] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.096816][ T9604] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.104991][ T9604] device bridge_slave_1 entered promiscuous mode [ 105.122975][ T9604] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.134015][ T9604] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.153482][ T9604] team0: Port device team_slave_0 added [ 105.161575][ T9604] team0: Port device team_slave_1 added [ 105.235294][ T9604] device hsr_slave_0 entered promiscuous mode [ 105.283034][ T9604] device hsr_slave_1 entered promiscuous mode [ 105.388274][ T9604] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 105.455797][ T9604] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 105.505262][ T9604] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 105.555779][ T9604] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 105.636672][ T9604] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.644173][ T9604] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.652061][ T9604] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.659194][ T9604] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.701794][ T9604] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.715713][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 105.726260][ T2813] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.734602][ T2813] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.742532][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 105.757217][ T9604] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.768912][ T2674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 105.778249][ T2674] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.785624][ T2674] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.803411][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 105.812406][ T2813] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.819549][ T2813] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.830751][ T2674] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 105.841060][ T2674] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 105.854237][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 105.870213][ T9604] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 105.881244][ T9604] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 105.894376][ T2815] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 105.903893][ T2815] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 105.913986][ T2815] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 105.930274][ T2674] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 105.937785][ T2674] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 105.950141][ T9604] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.970427][ T2815] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 105.990380][ T2674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 105.998760][ T2674] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 106.007130][ T2674] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 106.017711][ T9604] device veth0_vlan entered promiscuous mode [ 106.030183][ T9604] device veth1_vlan entered promiscuous mode [ 106.194159][ T9609] [ 106.196576][ T9609] ===================================== [ 106.202333][ T9609] WARNING: bad unlock balance detected! [ 106.207856][ T9609] 5.5.0-rc5-syzkaller #0 Not tainted [ 106.213122][ T9609] ------------------------------------- [ 106.218654][ T9609] syz-executor.0/9609 is trying to release lock (sk_lock-AF_INET) at: [ 106.226820][ T9609] [] gtp_encap_enable_socket+0x146/0x400 [ 106.234102][ T9609] but there are no more locks to release! [ 106.239813][ T9609] [ 106.239813][ T9609] other info that might help us debug this: [ 106.247942][ T9609] 2 locks held by syz-executor.0/9609: [ 106.253388][ T9609] #0: ffffffff8a4d5ac0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x405/0xaf0 [ 106.262230][ T9609] #1: ffff8880a2f2cc20 (slock-AF_INET){+.-.}, at: release_sock+0x20/0x1c0 [ 106.270808][ T9609] [ 106.270808][ T9609] stack backtrace: [ 106.277674][ T9609] CPU: 0 PID: 9609 Comm: syz-executor.0 Not tainted 5.5.0-rc5-syzkaller #0 [ 106.287152][ T9609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 106.297200][ T9609] Call Trace: [ 106.300472][ T9609] dump_stack+0x197/0x210 [ 106.304779][ T9609] ? gtp_encap_enable_socket+0x146/0x400 [ 106.310416][ T9609] print_unlock_imbalance_bug.cold+0x114/0x123 [ 106.316612][ T9609] ? gtp_encap_enable_socket+0x146/0x400 [ 106.322336][ T9609] lock_release+0x5f2/0x960 [ 106.326851][ T9609] ? __kasan_check_write+0x14/0x20 [ 106.332121][ T9609] ? lock_downgrade+0x920/0x920 [ 106.337146][ T9609] ? lock_acquire+0x190/0x410 [ 106.341909][ T9609] ? release_sock+0x20/0x1c0 [ 106.346675][ T9609] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 106.352912][ T9609] ? tcp_release_cb+0x9e/0x3d0 [ 106.357788][ T9609] release_sock+0x17c/0x1c0 [ 106.362290][ T9609] gtp_encap_enable_socket+0x146/0x400 [ 106.367739][ T9609] ? gtp_find_pdp_by_link+0x480/0x480 [ 106.373102][ T9609] ? memset+0x32/0x40 [ 106.377086][ T9609] ? alloc_netdev_mqs+0xa22/0xde0 [ 106.382103][ T9609] gtp_newlink+0x9fc/0xc60 [ 106.386505][ T9609] ? rtnl_create_link+0x192/0xab0 [ 106.391517][ T9609] ? netlink_ns_capable+0x26/0x30 [ 106.396523][ T9609] ? gtp_genl_get_pdp+0x5c0/0x5c0 [ 106.401542][ T9609] __rtnl_newlink+0x109e/0x1790 [ 106.406409][ T9609] ? rtnl_link_unregister+0x250/0x250 [ 106.411785][ T9609] ? stack_depot_save+0x25a/0x450 [ 106.416819][ T9609] ? mark_held_locks+0xa4/0xf0 [ 106.421582][ T9609] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 106.427375][ T9609] ? stack_depot_save+0x25a/0x450 [ 106.432627][ T9609] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 106.438437][ T9609] ? lockdep_hardirqs_on+0x421/0x5e0 [ 106.443714][ T9609] ? trace_hardirqs_on+0x67/0x240 [ 106.448729][ T9609] ? _raw_spin_unlock_irqrestore+0x9f/0xe0 [ 106.454532][ T9609] ? stack_depot_save+0x25a/0x450 [ 106.459554][ T9609] ? save_stack+0x5c/0x90 [ 106.463982][ T9609] ? save_stack+0x23/0x90 [ 106.468326][ T9609] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 106.474217][ T9609] ? kasan_kmalloc+0x9/0x10 [ 106.478749][ T9609] ? kmem_cache_alloc_trace+0x158/0x790 [ 106.484318][ T9609] ? rtnl_newlink+0x4b/0xa0 [ 106.488971][ T9609] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 106.494554][ T9609] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 106.500668][ T9609] rtnl_newlink+0x69/0xa0 [ 106.504987][ T9609] ? __rtnl_newlink+0x1790/0x1790 [ 106.510093][ T9609] rtnetlink_rcv_msg+0x45e/0xaf0 [ 106.515045][ T9609] ? rtnl_bridge_getlink+0x910/0x910 [ 106.520409][ T9609] ? netlink_deliver_tap+0x228/0xbe0 [ 106.525966][ T9609] ? find_held_lock+0x35/0x130 [ 106.530740][ T9609] netlink_rcv_skb+0x177/0x450 [ 106.535519][ T9609] ? rtnl_bridge_getlink+0x910/0x910 [ 106.540837][ T9609] ? netlink_ack+0xb50/0xb50 [ 106.545666][ T9609] ? __kasan_check_read+0x11/0x20 [ 106.550682][ T9609] ? netlink_deliver_tap+0x24a/0xbe0 [ 106.556118][ T9609] rtnetlink_rcv+0x1d/0x30 [ 106.560520][ T9609] netlink_unicast+0x58c/0x7d0 [ 106.565318][ T9609] ? netlink_attachskb+0x870/0x870 [ 106.570426][ T9609] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 106.576217][ T9609] ? __check_object_size+0x3d/0x437 [ 106.581579][ T9609] netlink_sendmsg+0x91c/0xea0 [ 106.586331][ T9609] ? netlink_unicast+0x7d0/0x7d0 [ 106.591441][ T9609] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 106.596982][ T9609] ? apparmor_socket_sendmsg+0x2a/0x30 [ 106.602437][ T9609] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.608688][ T9609] ? security_socket_sendmsg+0x8d/0xc0 [ 106.616770][ T9609] ? netlink_unicast+0x7d0/0x7d0 [ 106.621840][ T9609] sock_sendmsg+0xd7/0x130 [ 106.626245][ T9609] ____sys_sendmsg+0x753/0x880 [ 106.631156][ T9609] ? kernel_sendmsg+0x50/0x50 [ 106.635933][ T9609] ? find_held_lock+0x35/0x130 [ 106.640704][ T9609] ___sys_sendmsg+0x100/0x170 [ 106.645564][ T9609] ? sendmsg_copy_msghdr+0x70/0x70 [ 106.650686][ T9609] ? __kasan_check_read+0x11/0x20 [ 106.655829][ T9609] ? __fget+0x37f/0x550 [ 106.659974][ T9609] ? ksys_dup3+0x3e0/0x3e0 [ 106.664389][ T9609] ? __fget_light+0x1a9/0x230 [ 106.669053][ T9609] ? __fdget+0x1b/0x20 [ 106.673226][ T9609] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 106.679470][ T9609] __sys_sendmsg+0x105/0x1d0 [ 106.684047][ T9609] ? __sys_sendmsg_sock+0xc0/0xc0 [ 106.689167][ T9609] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 106.694697][ T9609] ? do_fast_syscall_32+0xd1/0xe16 [ 106.700395][ T9609] ? entry_SYSENTER_compat+0x70/0x7f [ 106.705686][ T9609] ? do_fast_syscall_32+0xd1/0xe16 [ 106.710877][ T9609] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 106.716317][ T9609] do_fast_syscall_32+0x27b/0xe16 [ 106.721320][ T9609] entry_SYSENTER_compat+0x70/0x7f [ 106.726674][ T9609] RIP: 0023:0xf7f8ea39 [ 106.730733][ T9609] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 106.750776][ T9609] RSP: 002b:00000000f7f690cc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 106.759171][ T9609] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000180 [ 106.767207][ T9609] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 106.775167][ T9609] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 106.783116][ T9609] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 106.791065][ T9609] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 106.803981][ T9608] kasan: CONFIG_KASAN_INLINE enabled [ 106.809365][ T9608] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 106.817667][ T9608] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 106.824619][ T9608] CPU: 1 PID: 9608 Comm: syz-executor.0 Not tainted 5.5.0-rc5-syzkaller #0 [ 106.833196][ T9608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 106.843285][ T9608] RIP: 0010:__list_del_entry_valid+0x85/0xf5 [ 106.849509][ T9608] Code: 0f 84 e1 00 00 00 48 b8 22 01 00 00 00 00 ad de 49 39 c4 0f 84 e2 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 53 49 8b 14 24 4c 39 f2 0f 85 99 00 00 00 49 8d 7d [ 106.869094][ T9608] RSP: 0018:ffffc90001ff7758 EFLAGS: 00010246 [ 106.875142][ T9608] RAX: dffffc0000000000 RBX: ffff8880a2f2cb80 RCX: ffffffff869a2501 [ 106.883095][ T9608] RDX: 0000000000000000 RSI: ffffffff869a2556 RDI: ffff888099cbc360 [ 106.891072][ T9608] RBP: ffffc90001ff7770 R08: ffff8880a8f2e040 R09: fffffbfff14f70c1 [ 106.899044][ T9608] R10: fffffbfff14f70c0 R11: ffffffff8a7b8607 R12: 0000000000000000 [ 106.907009][ T9608] R13: 0000000000000000 R14: ffff888099cbc358 R15: ffff8880a2f2d370 [ 106.914998][ T9608] FS: 0000000000000000(0000) GS:ffff8880ae900000(0063) knlGS:00000000f7f8ab40 [ 106.923928][ T9608] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 106.930497][ T9608] CR2: 0000000020e68000 CR3: 000000008bb9f000 CR4: 00000000001406e0 [ 106.938681][ T9608] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 106.946646][ T9608] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 106.954697][ T9608] Call Trace: [ 106.957982][ T9608] tcp_update_skb_after_send+0xca/0x400 [ 106.963520][ T9608] __tcp_transmit_skb+0x1b16/0x38f0 [ 106.968708][ T9608] ? __tcp_select_window+0x8b0/0x8b0 [ 106.974164][ T9608] ? trace_hardirqs_on+0x67/0x240 [ 106.979312][ T9608] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 106.985040][ T9608] tcp_write_xmit+0xf91/0x5b50 [ 106.989799][ T9608] ? __kasan_check_read+0x11/0x20 [ 106.994840][ T9608] __tcp_push_pending_frames+0xb4/0x350 [ 107.000378][ T9608] tcp_push+0x492/0x700 [ 107.004513][ T9608] ? __check_object_size+0x3d/0x437 [ 107.009692][ T9608] tcp_sendmsg_locked+0x169d/0x3470 [ 107.014887][ T9608] ? tcp_sendpage+0x60/0x60 [ 107.019369][ T9608] ? trace_hardirqs_on+0x67/0x240 [ 107.024375][ T9608] ? lock_sock_nested+0x9a/0x120 [ 107.029304][ T9608] ? __local_bh_enable_ip+0x15a/0x270 [ 107.034658][ T9608] tcp_sendmsg+0x30/0x50 [ 107.038880][ T9608] inet_sendmsg+0x9e/0xe0 [ 107.043214][ T9608] ? inet_send_prepare+0x4e0/0x4e0 [ 107.048310][ T9608] sock_sendmsg+0xd7/0x130 [ 107.052711][ T9608] __sys_sendto+0x262/0x380 [ 107.057196][ T9608] ? __ia32_sys_getpeername+0xb0/0xb0 [ 107.062639][ T9608] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 107.068888][ T9608] ? put_old_timespec32+0x113/0x200 [ 107.074849][ T9608] ? get_old_timespec32+0x200/0x200 [ 107.080054][ T9608] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.086375][ T9608] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 107.091827][ T9608] ? do_fast_syscall_32+0xd1/0xe16 [ 107.096921][ T9608] ? entry_SYSENTER_compat+0x70/0x7f [ 107.102202][ T9608] __ia32_sys_sendto+0xdf/0x1a0 [ 107.107046][ T9608] do_fast_syscall_32+0x27b/0xe16 [ 107.112164][ T9608] entry_SYSENTER_compat+0x70/0x7f [ 107.117434][ T9608] RIP: 0023:0xf7f8ea39 [ 107.121503][ T9608] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 107.141185][ T9608] RSP: 002b:00000000f7f8a0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 107.149583][ T9608] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200012c0 [ 107.157535][ T9608] RDX: 000000000000fe6a RSI: 0000000000000011 RDI: 0000000000000000 [ 107.165497][ T9608] RBP: 0000000000000027 R08: 0000000000000000 R09: 0000000000000000 [ 107.173447][ T9608] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 107.182275][ T9608] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 107.190232][ T9608] Modules linked in: [ 107.196758][ T9608] ---[ end trace 9c25eac8f186affc ]--- [ 107.202232][ T9608] RIP: 0010:__list_del_entry_valid+0x85/0xf5 [ 107.208329][ T9608] Code: 0f 84 e1 00 00 00 48 b8 22 01 00 00 00 00 ad de 49 39 c4 0f 84 e2 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 53 49 8b 14 24 4c 39 f2 0f 85 99 00 00 00 49 8d 7d [ 107.228089][ T9608] RSP: 0018:ffffc90001ff7758 EFLAGS: 00010246 [ 107.234190][ T9608] RAX: dffffc0000000000 RBX: ffff8880a2f2cb80 RCX: ffffffff869a2501 [ 107.242168][ T9608] RDX: 0000000000000000 RSI: ffffffff869a2556 RDI: ffff888099cbc360 [ 107.250571][ T9608] RBP: ffffc90001ff7770 R08: ffff8880a8f2e040 R09: fffffbfff14f70c1 [ 107.258581][ T9608] R10: fffffbfff14f70c0 R11: ffffffff8a7b8607 R12: 0000000000000000 [ 107.266615][ T9608] R13: 0000000000000000 R14: ffff888099cbc358 R15: ffff8880a2f2d370 [ 107.274618][ T9608] FS: 0000000000000000(0000) GS:ffff8880ae900000(0063) knlGS:00000000f7f8ab40 [ 107.283805][ T9608] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 107.290390][ T9608] CR2: 0000000020e68000 CR3: 000000008bb9f000 CR4: 00000000001406e0 [ 107.299889][ T9608] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 107.308123][ T9608] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 107.316338][ T9608] Kernel panic - not syncing: Fatal exception [ 107.324041][ T9608] Kernel Offset: disabled [ 107.328396][ T9608] Rebooting in 86400 seconds..