[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.057900] random: sshd: uninitialized urandom read (32 bytes read) [ 34.293964] kauditd_printk_skb: 9 callbacks suppressed [ 34.293972] audit: type=1400 audit(1568539139.961:35): avc: denied { map } for pid=6797 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 34.336272] random: sshd: uninitialized urandom read (32 bytes read) [ 34.932988] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.21' (ECDSA) to the list of known hosts. [ 40.403551] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/15 09:19:06 fuzzer started [ 40.596710] audit: type=1400 audit(1568539146.261:36): avc: denied { map } for pid=6807 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16480 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 41.186801] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/15 09:19:07 dialing manager at 10.128.0.105:34685 2019/09/15 09:19:07 syscalls: 2466 2019/09/15 09:19:07 code coverage: enabled 2019/09/15 09:19:07 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/15 09:19:07 extra coverage: extra coverage is not supported by the kernel 2019/09/15 09:19:07 setuid sandbox: enabled 2019/09/15 09:19:07 namespace sandbox: enabled 2019/09/15 09:19:07 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/15 09:19:07 fault injection: enabled 2019/09/15 09:19:07 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/15 09:19:07 net packet injection: enabled 2019/09/15 09:19:07 net device setup: enabled [ 43.017752] random: crng init done 09:20:46 executing program 5: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000009c0)={0x14, 0x2d, 0x7, 0x0, 0x0, {0x3801, 0x3}}, 0x14}}, 0x0) r0 = socket(0x10, 0x80002, 0x8000000010) sendmmsg$alg(r0, &(0x7f0000000080), 0x492492492492751, 0x0) 09:20:46 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x8, &(0x7f00000001c0)=0xfffffffffffffffe, 0x4) sendto$inet6(r1, 0x0, 0xfffffffffffffff1, 0x20000003, &(0x7f0000b63fe4)={0xa, 0x4e22}, 0x1c) r2 = socket$unix(0x1, 0x2, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendto$inet6(r1, &(0x7f0000000780)="f80fbd5da1b3c0f09d3d94815745711bc76fe5db01b2fc2212e65d8952d0e6c6a78d9f733c0b2e6e682851541ccb5deb7457e151cc1b5b5f36b48923af79e3e31d74d21dc9276ec6f239daf8840b23b84d41ef4054d550e46cfccfc13cb3a98b0115acdeb9a444078b26402b41c98ab137b29323385056b60a526b3761a836df03793a0d70bc210cdffb72830619e25a176e9093cd2f7638c729ff1729c356aa239337240d338a81f3518edc86ef1b5c6cd42d1cb29af9759c30b7c23ffae4fecf251357f1393e3a0323f95bd74bbf0ef60ffaf5f145b6f799b8b78adeefd3fdd5e5c640aeef43a440e9ff23509a446d6fa8496d4d073d1b98352d9ad48c32cc08b80ddf39dd47ed07b16dc93e526db098de8a840c9c65cbdbae98c40da0ef48e76429d4a74a2b228bfba5ed2eaf754154621255f65595ffaa1ae75d0dbc34502d79c49efd77849986e5dc12189002f11145da3d56c1ce8cac370b43b3cee8e8065e18dbb19fcd57d51c44f54f94f17368586f53dbaf3be6e5aba47cccac708235c3d6f75e18d397fd167aee63522153e59d14fc28996fae0c2ee0a6c582146530547829808681f6f631ece598d63118a08a4550534ac8ad228c05182eb2fee2a304b6d27db943307578e78c68b2b3889abf3158ec7fd4603aa7a6b601769724e669c4a3dc74afaeba1ed37b00ec985b1553e3452de574312e12114412bbefa6b1ac9d613fe505421f835f8c3a17aa04f20be028c321f176", 0x218, 0x8000, 0x0, 0x0) close(r1) 09:20:46 executing program 3: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x2, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)) socket$inet(0x2, 0x5, 0xffffffffffffff00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x2000, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x484, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffff9c, &(0x7f0000008880)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000240)=""/62, 0x3e}], 0x1}}], 0x1, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000280)='mountinfo\x00') preadv(r1, &(0x7f0000000480), 0x10000000000000e1, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) write$UHID_INPUT(r0, &(0x7f0000000140)={0x8, "b205bbbff2ff91f54a27b5c40acfad2b5c46ad34ad7e052f1156fa05420e90aebf01d8699515701c35be87c897bc318e898c2be863c50651711c8b24384459caa4039f32a320e90b741496d5ef71533ee82683fa3c91459c930e0aae5813f471bcac66ef914ec8c03f7adfcc156e8408927d0b98e9384f2827b73bc31ed38d897439293fe19a984098e61ecdc9cdbecee1f885d225f8e6172e6223e63b4d1b865306beab622de45d9c7bdd82e5e98a1a6e0f5c1aa8e0d126a136af8c6a59a83b1713a1c11639aab1a87541b6773d33e60022fd8889c273f186481663ebb12726840375dae2dd7e30d2c8fa77c8f7398d8d1c23b2a0767f3ee58104fa4ea0d0f5ef2ba55e79da18e6699b70060ae71576b90ace97cd1f2f823e6e592cd65deab76508d670b70e94ca29a30a06406fc977a190111a62e4b4368dd39345a8904f2a8cab5af46d3874ad40dd8e8156ae09414b623c2e9c68090df3b090892f102eeb8d5f37ec999cc5204bfd00d7a4723ae0a36e48a73488c747d86a604666447974e3a643c6eb50480d5b079db288b352d1b017e1cdcd5a18fd8758e4ee8e4a37b35294ec421ff49b5e626375ab8d4f1e02bbc6103bce2a136d010df6770d618405a90c2fc3c95796875c7bc1bbb33ef63d27cb6962ea98c5641fd9fa711e0acc536ac64d549b49463c46e1184e888ed926d6473952782271ec967815afd1f30dc23827a7c8c69feee35d0cd83a7a4b8a39df4d02a266c8ae78acde22fc7dd0187d99cb80656df325e158e38723076ed962817e444cf0fc653b84cf1193fd79090e8b24968767da2ede9ba0f07b82ca40da16de86ad7c74e64739546003c73e71bc4606222f2e2d5e5334a8759a58dc3c8b323a94e56b9fcbd777450342e53420f9e17cd7ddbca4a4fd055f32f70398d303000f8ea78cf2a2b92ae62cd6f7e17df6d44f4a85eeb7658c111d2ed35fe18920dad58f28d364902e6d6d11cebe82c0dbaf21b6a28997ea52e8e0da0ce591691782b5a519fb1980bd3f973fe08e41c76a77510a4afd83d95d4b3ea7c43fdcd8ae4cf098734c8261759f69c8539ba4152c2d94f39b7f5c800d6873fbfb995b0e7cd195424fa997c68f190c9843932387a14d810e18dc117a57eded949a3ab1b618a097540928e0e4ac2a6e4773d52e945e65f658262a6e2d37047e47d98b3606962bafd736fde619135fa09b3e1b52c03005bb3cff88945a4fe3aa5b6beaddb42ac6159def4e5eb09cc28ed44cf74394a29409ab4bf4ff69f57b814b43b1aeacc28af39739c271db31d198a5db8752c25faf5b03fbdf009fe297b86882840122c859117de6edf8c5583da1a75de48ecc167f11c228c59985db2c6d44b640f9636449f7c8ea2a51dec2bc482741505f064dbdc67b91694427dbc5dc4ac793e1127782581ed8a4168060b62f2c350e77902b423832b867e7e0c3d8141456a2baa7d0f23ed0c1c692ca811b5fea085c1e61b78801590ca73f1f220bdbc84c818960af6cb7e3f9b1a1759a31e75fb2a4060421deeeebef536e1d2a8d42bccf01ae556aa69f49d1499b5bc3b0192e18cc98f83fbed2779dd6ecc9761f38da158aa68c9f7d075ea3c8370c062d05a6d83b035b4df5477a0ae37440087f49b2dbbad1a51621d8559b475a3aeec58c1449bdbbbd38e6217bfe14f15077d2c11327a6c82cd83d35087f70c648d836f8bc2fc0f6bd69cf7b41ab134b4bfa00b33cff3a2119fe5013f72dc79070fc212faf2aeb61f345e021d5858fcf4fe322ef402ad92363075c4c6d07830cfe51c2f1b241a811d7e7c6ccdd0d900aa2927de4038c1797976a00d161051df7164d30eae2d3d8629656f2a8e15959b0e5b361f66bd09ac635e46c2d1a552528fd5eb94abb578d49f4d7007701e07c8affc0d8d8ac9f8f7db4511177613872b4e3bc945595587317db82ff993bc92ec9a9c337ab15c874db14cad4012221359c7ce383b87c6d381247da218c1f3bb4438efaf4c29fe089f21bfbe54a51a2ebc7206a76c6bd870a4f300b0c7aff7f0974923e6d0c65a07fc352e8e7be5779e52d04b0176d002f7a66f932947a359114ca162c839163a70c7521847e6c6b9009c4e80e89d5003343cfc3ad07fb5eeb2c3086ec7d6d7361d997237d39785b98f76a00207bc7cac77d9c83136260474d0822ef950a2a743742cbda30f944b2ca055562e0342442e71be3ae177bc2f9269fa2d342ba75a122cc3cc6e04dbb930cab3773a1fb8837bc30a013f3aae8bf84994d03c33b04114f38a0c0772f1e50a6f7fdeab5f0050eba161fa8f789432fc91f5277bcd0a8ab38121ae8cdc1cf5b015cf84ac52222b471e6d5929dcc2e0dc96155be87be4c05fdf799c1b4910485d1dc29ddc0e2547544e78e13faead03aa41008f2aeac3395bf365fbad6aa564b481a643842589c253238780310bb5f5b2d65afa324e8f1838ad507067739f31dfdc821d144312a6a9eaa67c316cbf9774e0449cd67573bb0bb05e8e5e4855c97a646671e4b7892b6301d97cf099eb4766f8947e1d3e28fef7090aa74c1496be0b71351fb268dc659352d0035a9ac3af0c6165150639470247c0934e2fe2b73f0c1b7109ef5726aa08c83bf81a701234022dbfa1b96903bb311e094a8703f18f04290979ec6b5ee45ba60108887430d2be0b1998f689af4922552ae89a9c8eb494cc036a0a8a6b27c849ba970da76a229b4b141abacbb8df24e371bb9ffcbe68333f15fb478d17aa39346ec70c12c93e5015bdbeab6988ef304c29cdf24714c09ac58f4c48604428b08d611e2ba6fe51f7911c3286fee6d649a0d4d43d712dd8091cae19227dd645fbc9c1ce12703592ed140571bc606d10af390c663a8611c9b621625b4432d15c3bb0a35f4f25e84dca01bd8a68c58de3236f46f80b7c7f62d5b9c8df7f940e2be6ad78adc093b7efcf582297d7eb8f06e66ab4e84b41618cafa8bfe5fd93894a4684bcce2e9fa895f1cf23dfc1b62e6cc7924a63dba1f5dbb388ddc1a975d5b0330ad63a70ad18665f965802da8f02a2588863b4181ccf6d83036137ac48ddcdcad0900c6056cc212e9ee94795b1e47d549c06189be9509afd4ec25e2a734f34923ef4b0e64e88a6b1c80f523ef7ce3c9dc340763a0e07c3adcfe4691dbbca7490a246b936868a11528fed0b0952fb07b9e23bfdfa38acbe67c725b884a91a3df4a70a0eb0f0520a6e2e688685173e26256555dd1732c882a0bfb1e17fe1a7c16f281a3c04d799bc0ac6b08d46177c3d4f91ac50b9f48aacdf605531bfe287d106baff7803b162324920a40b2e0ebc46c9371dd0115fc597cc516546dafa8228f18ce6e654fad8d66cf435866b714e94fa95130b168469130a583118975ae1917e910f4b0dc6e96cc44806faffd264dcc94da2225f176b13e794a60a6ba6f4a5f5388bbe4edbcbcbdee8287770e34b258e5e2ebfff1795c84caf98d89ecc5bed4580941098be2d62c8acf07bb73e2e80429b897bb4e7cd9cdfcb41fbbd8ddc29d2aecbc8fa7ad0c5deb768eae2bcf4ecd9bb9ae145c54b2eed55f9f795747ac34164793995646b47f98bd1d0744d884f2176629a0b6f6885398419a013acb1675a942c61ffd06118a86e7e6d4b08d0e80d88f60c83299824719a02f8fd8a402ccaa0bfc807b856823deba2dc2096c8c171eb9f2cf921897b4ee749d678f454a8009b05304046e2b2abc1c321a7480b3151fde3117c66c48f07df4f89c94ccd7a45ade452310ed23324b7d2a9de153e0500c5890ab78d39cf269d27868f0dfe4b8a31eb72c606f73a6c1a2c7df5eabddb10ba20c70fa0587b649ede160afa3d81aa4b1c4d5fa7ad8797607f6a9ecd29237f9ff47fc29e99d0fb967ea9e19cfe618b28d60a28cd5e2d2327ce1c7ac02034a24652d3e5b9e853d94fff1523c07abfbd69c7fb3811f669bdd69d8fa979e1df5f578d1522f60f5896bbda0c53c3722a8e162758e884161a5d48e648a7d1d94f3a9b0a667007a41ee89cc78c19058d618a54423c930d4afab46e951c4be891fa1ef6aeba00a466ce4953a437854ad4cd687bea402d5b2bf799b77dceeda72a8a1d66781c6308d993626da343035f097a697c39f7f90622df55b85c9591357a0d1be1feae56bbaba1a389f9828c55e644b0003d9ccc29bf72ffca9855953b44c7829811fcd28baeb38bd15107688813af67f79085c1d886c57faa154987598f2826bd5622c1b8cab7dfd87906b5706ea7b48edaf236abfb5e2902817e7c4669c7af3d5b251183e135b1c92239c37f76257d3e04a1bfb175c74bf1b760087ee6090ddc19b702cdea330946af3c4c0557375fe37815d34068c8058727914a8243c4b60791ec30b610e5d5af3493d6840bbbfdf663f4d150cd72c65177ba491de2571d153597f1de2c2840ae563a80c6abd35e9830341e7bec605a1b3418850d89f633cb15e5bf85e0657bb357817baf1e851e49d877ecd42171f1e0cafe5bd43717035f88cd11913a946968b15a1fd15244bdcbba0666ad4dd98d46562a29551768204f2d36be45a50e6a39a10159f9d3555287d85243b54e4a855ef2f84f73b975ad4b190cfc86679ea4cf23de8644d3d4d61b1f8721a3ebef7fb272471bf3756f6d4d99927f707b11eb5089107c6a91e3f99aa0113c08be5d4fee472814714a86df9e050452182cda562a07c25a360080442a29695eb05581a388b13df97528c6c754633aa46d21646e8421192e38e3deed9c01caa98ed3440da3bbbf6406b8bdf240da49aec9b496c2b566ab7ac3cdafb0d5007da9f847e9feee3dffa472960b3adbbd633a2dc4731c342787ebf728081c5b140e79c5a03dbe620c0f6344ee491018a0487f80e31a1eb96cd403d945b16b458c1bca5c8beef30e74fd32a1db714b5c75baaacd6b873d218deb64fe127fe41a9f5a81ea4d4eb5d8088eb87473e0cbdaa43b6b2d58a0b83892065758ee22e1e74312131f55bd46f154c5040041efb6d4b96642dd459f6969350e9d0238356faada55cc3ee36aec83a62e4bc122148c0b8782acdacc4a2ea0e5bfa03820a27e7013c6ecd8ed9c846b638f2be96e374daa5cfb221968255a1c9f66ae581ced55a24699e6afcb4a66fff29d5f97f0931c38c1135e9ac4851d3fdd8f2eda2c35ebf6e299fb2480f0888a256f2a60ccdb8bca9c034b943b5130ae1a89f4fbb9f5feb2f180a3a2f5da0a43c5620a3fbbee0fbe4744b49abb85dcf2f5e2836f00ec4f741d81a93d03b96b8673b5f1f62052d6a0dd8df9f684dc9d593905c3ee853a097b909436972dc5a2614a02e8fef4464b0a004ee0625fc8f21d69742dc6f9822a9442911f8caf4a917326edda8e6fe1726aa454b35db3cf16085b64a66644ffbb70db101380a6c2d5cf836e53a47a68849cd198ab613d5d948d94f0182f2684ac546ddb37eb25419911a9352369adddfd977d005d4477825ba839f9c3ffbe34426d218e9f1e08d7d7dc53bb5a23c78a2aef44c61a51b1b69ae0007ef7f18bfa2dcc59fd1c1ce804735467f20079510bc3e10b44a2280ed72a904c8fa53af11105a523eab39115dee9e1dc140f2dc2714a51eda5fdc507546e2b5ce39afe0ea98a1178f0d387eec93998b269e94c2cf33d19cdcc4b5dd3c67ed231fe79bf95d137d71e777641d073cadb58dd8869f9c015b6eecab20b1a49f9c9f9360a10f700a16f088a1490a01e2b0e1cccc91c0019aadaecb21202a6be03fe573ab7203fdb270e867eb13f4ca6cd9b058e1671d7905c313b85ed8f17e3f463bae86c76246e8313e76382e", 0x1000}, 0x1006) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000040)) 09:20:46 executing program 1: bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @dev}, 0x10) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) r1 = memfd_create(&(0x7f0000000080)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pwritev(r1, &(0x7f0000000340), 0x0, 0x1081806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket(0x10, 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xd394, 0x0, 0x0, 0x0, 0x0, "7001e0f57c8cf6270b24e415e96042aae51d871554c11cd59cc8fb47081025bad6b39d778066f9d1ac8a570e3a42f70a7c0f30f66157a96aae15813f0dceb297", "a8a4cd01e527e6fd3de45387da0200000000000000e89046e6033a61edb75c8d51c05dfaf7f4fdb16e0cdaa4276939a341033400", "7b8ddcc0c891591c4116893616105829576914e70bfed06d00f97c97644ab8a7", [0x1]}) sendfile(r0, r0, 0x0, 0x2000005) 09:20:46 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") mincore(&(0x7f0000000000/0x400000)=nil, 0x400000, &(0x7f0000000140)=""/177) 09:20:46 executing program 4: mkdir(&(0x7f0000000140)='./control\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_TIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) [ 140.603854] audit: type=1400 audit(1568539246.271:37): avc: denied { map } for pid=6807 comm="syz-fuzzer" path="/root/syzkaller-shm248297381" dev="sda1" ino=2233 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 140.661080] audit: type=1400 audit(1568539246.281:38): avc: denied { map } for pid=6826 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13761 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 141.001351] IPVS: ftp: loaded support on port[0] = 21 [ 141.871516] IPVS: ftp: loaded support on port[0] = 21 [ 141.888344] chnl_net:caif_netlink_parms(): no params data found [ 141.937536] IPVS: ftp: loaded support on port[0] = 21 [ 141.952743] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.959140] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.966237] device bridge_slave_0 entered promiscuous mode [ 141.988600] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.995549] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.002803] device bridge_slave_1 entered promiscuous mode [ 142.036797] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 142.046372] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 142.071307] chnl_net:caif_netlink_parms(): no params data found [ 142.082611] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 142.089845] team0: Port device team_slave_0 added [ 142.104222] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 142.111373] team0: Port device team_slave_1 added [ 142.118753] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 142.126175] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 142.144382] IPVS: ftp: loaded support on port[0] = 21 [ 142.202678] device hsr_slave_0 entered promiscuous mode [ 142.250343] device hsr_slave_1 entered promiscuous mode [ 142.294689] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 142.308985] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 142.316784] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.324188] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.331665] device bridge_slave_0 entered promiscuous mode [ 142.338227] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.344657] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.351743] device bridge_slave_1 entered promiscuous mode [ 142.371689] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 142.388214] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 142.442745] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 142.449799] team0: Port device team_slave_0 added [ 142.457770] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 142.464931] team0: Port device team_slave_1 added [ 142.473698] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 142.481019] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 142.503550] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.509968] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.516835] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.523188] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.533184] chnl_net:caif_netlink_parms(): no params data found [ 142.592005] device hsr_slave_0 entered promiscuous mode [ 142.630437] device hsr_slave_1 entered promiscuous mode [ 142.670914] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 142.685457] IPVS: ftp: loaded support on port[0] = 21 [ 142.693715] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 142.757609] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.764043] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.770631] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.776971] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.808103] chnl_net:caif_netlink_parms(): no params data found [ 142.847952] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.854698] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.862200] device bridge_slave_0 entered promiscuous mode [ 142.868964] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.875665] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.883054] device bridge_slave_1 entered promiscuous mode [ 142.893453] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.911084] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.918430] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.925179] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.959916] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 142.981478] IPVS: ftp: loaded support on port[0] = 21 [ 142.986505] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.998140] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 143.006299] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.013279] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.020262] device bridge_slave_0 entered promiscuous mode [ 143.033943] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 143.056536] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.063978] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.072709] device bridge_slave_1 entered promiscuous mode [ 143.087469] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 143.097043] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 143.104398] team0: Port device team_slave_0 added [ 143.121883] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 143.129235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 143.142004] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 143.148074] 8021q: adding VLAN 0 to HW filter on device team0 [ 143.155281] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 143.164410] team0: Port device team_slave_1 added [ 143.171205] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 143.212916] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 143.224412] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 143.240317] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 143.247496] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 143.263833] chnl_net:caif_netlink_parms(): no params data found [ 143.277027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 143.285078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 143.294580] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.300961] bridge0: port 1(bridge_slave_0) entered forwarding state [ 143.316632] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 143.382150] device hsr_slave_0 entered promiscuous mode [ 143.420335] device hsr_slave_1 entered promiscuous mode [ 143.461201] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 143.468220] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 143.481370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 143.489218] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 143.498788] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.505609] bridge0: port 2(bridge_slave_1) entered forwarding state [ 143.514713] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 143.526056] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 143.537514] team0: Port device team_slave_0 added [ 143.542890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 143.557382] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 143.567824] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 143.575354] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 143.582943] team0: Port device team_slave_1 added [ 143.595140] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 143.603499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 143.611622] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 143.619310] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 143.627940] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 143.649685] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 143.660202] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 143.668362] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 143.678370] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.686082] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.693131] device bridge_slave_0 entered promiscuous mode [ 143.699901] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 143.707777] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 143.719894] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.728595] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 143.741955] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.748301] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.755674] device bridge_slave_1 entered promiscuous mode [ 143.776504] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 143.784174] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 143.794184] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 143.853633] device hsr_slave_0 entered promiscuous mode [ 143.890370] device hsr_slave_1 entered promiscuous mode [ 143.970843] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 143.978588] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 143.992089] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 144.020398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 144.027989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 144.037402] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 144.043631] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 144.054677] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 144.063163] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 144.072928] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 144.104752] chnl_net:caif_netlink_parms(): no params data found [ 144.127486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 144.135182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 144.143987] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 144.150429] 8021q: adding VLAN 0 to HW filter on device team0 [ 144.156793] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 144.175486] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 144.183494] team0: Port device team_slave_0 added [ 144.189110] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 144.196531] team0: Port device team_slave_1 added [ 144.204582] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 144.214479] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 144.226487] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 144.234233] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 144.242662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 144.250492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 144.260887] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.267226] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.278514] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 144.311907] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.321423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 144.329262] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 144.337131] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.343755] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.352682] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 144.359600] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.370532] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.377674] device bridge_slave_0 entered promiscuous mode [ 144.434255] device hsr_slave_0 entered promiscuous mode [ 144.470574] device hsr_slave_1 entered promiscuous mode [ 144.512358] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 144.518986] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 144.527136] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 144.538588] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.546009] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.553305] device bridge_slave_1 entered promiscuous mode [ 144.559843] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 144.569063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 144.579355] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 144.596584] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 144.606391] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 144.613600] 8021q: adding VLAN 0 to HW filter on device team0 [ 144.619656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 144.627841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 144.635348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 144.645873] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 144.662905] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 144.677656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 144.686103] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 144.693925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 144.702061] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 144.709653] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.716051] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.723328] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 144.734732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 144.744480] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 144.753913] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 144.764430] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 144.773395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 144.781233] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 144.788929] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 144.798092] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 144.806373] bridge0: port 2(bridge_slave_1) entered blocking state 09:20:50 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000100)={@empty}, 0x20) [ 144.812778] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.819483] audit: type=1400 audit(1568539250.481:39): avc: denied { create } for pid=6862 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 144.847147] audit: type=1400 audit(1568539250.481:40): avc: denied { write } for pid=6862 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 144.871266] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 144.892427] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 144.902060] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 144.909820] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 144.920281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 144.928175] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 144.935650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 144.943930] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 144.951329] team0: Port device team_slave_0 added 09:20:50 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [], 0xf}, 0x3}, 0x1c) 09:20:50 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=@newtclass={0x2c, 0x28, 0xc15, 0x0, 0x0, {}, [@TCA_RATE={0x8}]}, 0x2c}}, 0x0) [ 144.964626] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 144.986967] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 144.993933] audit: type=1400 audit(1568539250.651:41): avc: denied { node_bind } for pid=6867 comm="syz-executor.5" saddr=fe80::f scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 [ 145.021113] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 145.028176] team0: Port device team_slave_1 added [ 145.033980] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 145.043716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 145.051791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 09:20:50 executing program 5: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x401a812, r0, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x163, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000100)=0x6, 0x4) sendto$inet(r1, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27) [ 145.059215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 145.069592] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 145.077197] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 145.084012] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 145.091469] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 145.121437] 8021q: adding VLAN 0 to HW filter on device bond0 [ 145.127975] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 145.140105] ================================================================== [ 145.147747] BUG: KASAN: use-after-free in tcp_init_tso_segs+0x1ae/0x200 [ 145.154586] Read of size 2 at addr ffff888091abe370 by task syz-executor.5/6874 [ 145.162011] [ 145.163622] CPU: 1 PID: 6874 Comm: syz-executor.5 Not tainted 4.14.143 #0 [ 145.170880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 145.180977] Call Trace: [ 145.183560] dump_stack+0x138/0x197 [ 145.187181] ? tcp_init_tso_segs+0x1ae/0x200 [ 145.191598] print_address_description.cold+0x7c/0x1dc [ 145.197047] ? tcp_init_tso_segs+0x1ae/0x200 [ 145.201536] kasan_report.cold+0xa9/0x2af [ 145.205668] __asan_report_load2_noabort+0x14/0x20 [ 145.210580] tcp_init_tso_segs+0x1ae/0x200 [ 145.214912] ? tcp_tso_segs+0x7d/0x1c0 [ 145.219081] tcp_write_xmit+0x15e/0x4960 [ 145.223132] ? debug_check_no_obj_freed+0x2aa/0x7b7 [ 145.228400] ? skb_free_head+0x8b/0xb0 [ 145.232306] ? check_preemption_disabled+0x3c/0x250 [ 145.237323] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 145.242786] __tcp_push_pending_frames+0xa6/0x260 [ 145.247621] tcp_push+0x415/0x610 [ 145.251062] tcp_sendmsg_locked+0x2307/0x3200 [ 145.255564] ? tcp_sendpage+0x60/0x60 [ 145.259360] ? trace_hardirqs_on_caller+0x400/0x590 [ 145.264367] ? trace_hardirqs_on+0xd/0x10 [ 145.268515] tcp_sendmsg+0x30/0x50 [ 145.272041] inet_sendmsg+0x122/0x500 [ 145.276004] ? inet_recvmsg+0x500/0x500 [ 145.279962] sock_sendmsg+0xce/0x110 [ 145.283669] SYSC_sendto+0x206/0x310 [ 145.287378] ? SYSC_connect+0x2d0/0x2d0 [ 145.291353] ? kasan_check_read+0x11/0x20 [ 145.295485] ? _copy_to_user+0x87/0xd0 [ 145.299359] ? put_timespec64+0xb4/0x100 [ 145.303571] ? nsecs_to_jiffies+0x30/0x30 [ 145.307729] ? SyS_clock_gettime+0xf8/0x180 [ 145.312217] SyS_sendto+0x40/0x50 [ 145.315655] ? SyS_getpeername+0x30/0x30 [ 145.319706] do_syscall_64+0x1e8/0x640 [ 145.323578] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 145.328417] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 145.333602] RIP: 0033:0x4598e9 [ 145.336804] RSP: 002b:00007f1d2e8e1c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 145.344597] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004598e9 [ 145.351871] RDX: 000000000000fe6a RSI: 00000000200012c0 RDI: 0000000000000004 [ 145.359130] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000027 [ 145.366520] R10: 0000000000000011 R11: 0000000000000246 R12: 00007f1d2e8e26d4 [ 145.373774] R13: 00000000004c7874 R14: 00000000004dd170 R15: 00000000ffffffff [ 145.381335] [ 145.382955] Allocated by task 6874: [ 145.386583] save_stack_trace+0x16/0x20 [ 145.390586] save_stack+0x45/0xd0 [ 145.394038] kasan_kmalloc+0xce/0xf0 [ 145.397808] kasan_slab_alloc+0xf/0x20 [ 145.401784] kmem_cache_alloc_node+0x144/0x780 [ 145.406358] __alloc_skb+0x9c/0x500 [ 145.409992] sk_stream_alloc_skb+0xb3/0x780 [ 145.414537] tcp_sendmsg_locked+0xf61/0x3200 [ 145.418953] tcp_sendmsg+0x30/0x50 [ 145.422481] inet_sendmsg+0x122/0x500 [ 145.426264] sock_sendmsg+0xce/0x110 [ 145.429980] SYSC_sendto+0x206/0x310 [ 145.433690] SyS_sendto+0x40/0x50 [ 145.437159] do_syscall_64+0x1e8/0x640 [ 145.441032] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 145.446212] [ 145.447825] Freed by task 6874: [ 145.451093] save_stack_trace+0x16/0x20 [ 145.455053] save_stack+0x45/0xd0 [ 145.458483] kasan_slab_free+0x75/0xc0 [ 145.462369] kmem_cache_free+0x83/0x2b0 [ 145.466441] kfree_skbmem+0x8d/0x120 [ 145.470144] __kfree_skb+0x1e/0x30 [ 145.473666] tcp_remove_empty_skb.part.0+0x231/0x2e0 [ 145.478927] tcp_sendmsg_locked+0x1ced/0x3200 [ 145.483493] tcp_sendmsg+0x30/0x50 [ 145.487026] inet_sendmsg+0x122/0x500 [ 145.490819] sock_sendmsg+0xce/0x110 [ 145.494515] SYSC_sendto+0x206/0x310 [ 145.498237] SyS_sendto+0x40/0x50 [ 145.501701] do_syscall_64+0x1e8/0x640 [ 145.505572] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 145.511011] [ 145.512635] The buggy address belongs to the object at ffff888091abe340 [ 145.512635] which belongs to the cache skbuff_fclone_cache of size 472 [ 145.526055] The buggy address is located 48 bytes inside of [ 145.526055] 472-byte region [ffff888091abe340, ffff888091abe518) [ 145.537952] The buggy address belongs to the page: [ 145.542880] page:ffffea000246af80 count:1 mapcount:0 mapping:ffff888091abe0c0 index:0x0 [ 145.551028] flags: 0x1fffc0000000100(slab) [ 145.555246] raw: 01fffc0000000100 ffff888091abe0c0 0000000000000000 0000000100000006 [ 145.563511] raw: ffffea00024bc0e0 ffff8880a9e80e48 ffff8880a9e81d80 0000000000000000 [ 145.571570] page dumped because: kasan: bad access detected [ 145.577277] [ 145.578882] Memory state around the buggy address: [ 145.583805] ffff888091abe200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 145.591148] ffff888091abe280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 145.598506] >ffff888091abe300: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 145.606034] ^ [ 145.613040] ffff888091abe380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 145.620405] ffff888091abe400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 145.627755] ================================================================== [ 145.635111] Disabling lock debugging due to kernel taint [ 145.643948] Kernel panic - not syncing: panic_on_warn set ... [ 145.643948] [ 145.644687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 145.651336] CPU: 0 PID: 6874 Comm: syz-executor.5 Tainted: G B 4.14.143 #0 [ 145.651341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 145.651344] Call Trace: [ 145.651361] dump_stack+0x138/0x197 [ 145.651376] ? tcp_init_tso_segs+0x1ae/0x200 [ 145.660364] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 145.666593] panic+0x1f2/0x426 [ 145.678037] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 145.678520] ? add_taint.cold+0x16/0x16 [ 145.684911] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 145.686526] ? ___preempt_schedule+0x16/0x18 [ 145.694401] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 145.696461] kasan_end_report+0x47/0x4f [ 145.703667] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 145.707584] kasan_report.cold+0x130/0x2af [ 145.714868] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 145.718644] __asan_report_load2_noabort+0x14/0x20 [ 145.732862] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 145.742958] tcp_init_tso_segs+0x1ae/0x200 [ 145.742965] ? tcp_tso_segs+0x7d/0x1c0 [ 145.742973] tcp_write_xmit+0x15e/0x4960 [ 145.742982] ? debug_check_no_obj_freed+0x2aa/0x7b7 [ 145.742993] ? skb_free_head+0x8b/0xb0 [ 145.751313] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.753300] ? check_preemption_disabled+0x3c/0x250 [ 145.758265] kobject: 'vlan0' (ffff888099d0d800): kobject_add_internal: parent: 'mesh', set: '' [ 145.764349] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 145.764362] __tcp_push_pending_frames+0xa6/0x260 [ 145.764370] tcp_push+0x415/0x610 [ 145.764379] tcp_sendmsg_locked+0x2307/0x3200 [ 145.764392] ? tcp_sendpage+0x60/0x60 [ 145.764404] ? trace_hardirqs_on_caller+0x400/0x590 [ 145.833030] ? trace_hardirqs_on+0xd/0x10 [ 145.837165] tcp_sendmsg+0x30/0x50 [ 145.840689] inet_sendmsg+0x122/0x500 [ 145.844482] ? inet_recvmsg+0x500/0x500 [ 145.848436] sock_sendmsg+0xce/0x110 [ 145.852133] SYSC_sendto+0x206/0x310 [ 145.855830] ? SYSC_connect+0x2d0/0x2d0 [ 145.859787] ? kasan_check_read+0x11/0x20 [ 145.863920] ? _copy_to_user+0x87/0xd0 [ 145.867816] ? put_timespec64+0xb4/0x100 [ 145.871867] ? nsecs_to_jiffies+0x30/0x30 [ 145.876007] ? SyS_clock_gettime+0xf8/0x180 [ 145.880315] SyS_sendto+0x40/0x50 [ 145.883881] ? SyS_getpeername+0x30/0x30 [ 145.887934] do_syscall_64+0x1e8/0x640 [ 145.891827] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 145.896657] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 145.901837] RIP: 0033:0x4598e9 [ 145.905039] RSP: 002b:00007f1d2e8e1c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 145.912841] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004598e9 [ 145.920118] RDX: 000000000000fe6a RSI: 00000000200012c0 RDI: 0000000000000004 [ 145.927391] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000027 [ 145.934822] R10: 0000000000000011 R11: 0000000000000246 R12: 00007f1d2e8e26d4 [ 145.942681] R13: 00000000004c7874 R14: 00000000004dd170 R15: 00000000ffffffff [ 145.951309] Kernel Offset: disabled [ 145.954946] Rebooting in 86400 seconds..