Warning: Permanently added '10.128.0.76' (ECDSA) to the list of known hosts. [ 53.912387] random: sshd: uninitialized urandom read (32 bytes read) 2019/04/18 03:18:45 fuzzer started [ 54.110104] audit: type=1400 audit(1555557525.614:36): avc: denied { map } for pid=7275 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 55.667662] random: cc1: uninitialized urandom read (8 bytes read) 2019/04/18 03:18:47 dialing manager at 10.128.0.105:36703 2019/04/18 03:18:47 syscalls: 2434 2019/04/18 03:18:47 code coverage: enabled 2019/04/18 03:18:47 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/04/18 03:18:47 extra coverage: extra coverage is not supported by the kernel 2019/04/18 03:18:47 setuid sandbox: enabled 2019/04/18 03:18:47 namespace sandbox: enabled 2019/04/18 03:18:47 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/18 03:18:47 fault injection: enabled 2019/04/18 03:18:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/18 03:18:47 net packet injection: enabled 2019/04/18 03:18:47 net device setup: enabled [ 57.628387] random: crng init done 03:20:32 executing program 5: memfd_create(0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCNXCL(r0, 0x540d) r1 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x20000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f0000000380)={@local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}}) syz_open_pts(0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000, 0x77a0100]}, @rand_addr="58c4c4a733d993a894f49491cb15d13e", @loopback}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000180)=0x1, 0x4) 03:20:32 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x8, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x5, 0x1, 0x18}]}, &(0x7f0000000000)='syzkaller\x00'}, 0x48) 03:20:32 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x8}, 0x37a) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@mpls_getroute={0x24, 0x1a, 0xffffff1f, 0x0, 0x0, {0x1e, 0x0, 0x0, 0x0, 0x0, 0xb655}, [@RTA_DST={0x8, 0x4, [{0x0, 0x0, 0x0, 0x6000}]}]}, 0x24}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) getgroups(0x3, &(0x7f0000000b80)=[0x0, 0xffffffffffffffff, 0x0]) getegid() syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:20:32 executing program 1: syz_open_procfs(0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f0000000240)={0x0, @aes128, 0x0, "27908f5e7377f1ee"}) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 03:20:32 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000380)=[@window={0x3, 0x0, 0x800}, @mss], 0x2037) getsockopt$sock_buf(r0, 0x1, 0x1a, 0x0, &(0x7f0000000140)) 03:20:32 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mincore(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0) [ 161.383240] audit: type=1400 audit(1555557632.894:37): avc: denied { map } for pid=7275 comm="syz-fuzzer" path="/root/syzkaller-shm035313000" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 161.430751] audit: type=1400 audit(1555557632.924:38): avc: denied { map } for pid=7291 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=2191 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 162.310201] IPVS: ftp: loaded support on port[0] = 21 [ 162.635886] IPVS: ftp: loaded support on port[0] = 21 [ 162.646168] chnl_net:caif_netlink_parms(): no params data found [ 162.709536] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.716384] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.723965] device bridge_slave_0 entered promiscuous mode [ 162.734128] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.741130] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.748053] device bridge_slave_1 entered promiscuous mode [ 162.767194] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 162.776945] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 162.805556] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 162.812743] team0: Port device team_slave_0 added [ 162.821611] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 162.828659] team0: Port device team_slave_1 added [ 162.843972] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 162.866325] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 162.873549] IPVS: ftp: loaded support on port[0] = 21 [ 162.953256] device hsr_slave_0 entered promiscuous mode [ 163.030443] device hsr_slave_1 entered promiscuous mode [ 163.073590] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 163.085157] chnl_net:caif_netlink_parms(): no params data found [ 163.093244] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 163.153594] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.160183] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.167013] device bridge_slave_0 entered promiscuous mode [ 163.176442] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.182927] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.190119] device bridge_slave_1 entered promiscuous mode [ 163.196830] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.203320] bridge0: port 2(bridge_slave_1) entered forwarding state [ 163.210320] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.216675] bridge0: port 1(bridge_slave_0) entered forwarding state [ 163.238157] IPVS: ftp: loaded support on port[0] = 21 [ 163.249432] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 163.259546] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 163.288579] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 163.295718] team0: Port device team_slave_0 added [ 163.302941] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 163.310621] team0: Port device team_slave_1 added [ 163.321296] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 163.339721] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 163.432199] device hsr_slave_0 entered promiscuous mode [ 163.470288] device hsr_slave_1 entered promiscuous mode [ 163.573093] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 163.586098] chnl_net:caif_netlink_parms(): no params data found [ 163.595363] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 163.686467] IPVS: ftp: loaded support on port[0] = 21 [ 163.703129] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.709501] bridge0: port 2(bridge_slave_1) entered forwarding state [ 163.716239] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.722634] bridge0: port 1(bridge_slave_0) entered forwarding state [ 163.740926] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.747868] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.755696] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.762464] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.802001] chnl_net:caif_netlink_parms(): no params data found [ 163.811916] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.818319] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.825853] device bridge_slave_0 entered promiscuous mode [ 163.836584] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.843185] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.850873] device bridge_slave_1 entered promiscuous mode [ 163.922994] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 163.945112] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.952528] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.959718] device bridge_slave_0 entered promiscuous mode [ 163.973653] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 163.985819] IPVS: ftp: loaded support on port[0] = 21 [ 164.005943] 8021q: adding VLAN 0 to HW filter on device bond0 [ 164.016567] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 164.023655] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.030154] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.037046] device bridge_slave_1 entered promiscuous mode [ 164.060369] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 164.067600] team0: Port device team_slave_0 added [ 164.074870] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 164.093534] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 164.102146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 164.109608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 164.117255] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 164.126502] team0: Port device team_slave_1 added [ 164.133544] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 164.151670] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 164.168837] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 164.177858] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 164.185730] 8021q: adding VLAN 0 to HW filter on device team0 [ 164.207846] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 164.215931] team0: Port device team_slave_0 added [ 164.250849] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 164.258171] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 164.265413] team0: Port device team_slave_1 added [ 164.296846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 164.310713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 164.318276] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.324674] bridge0: port 1(bridge_slave_0) entered forwarding state [ 164.335533] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 164.343921] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 164.358428] chnl_net:caif_netlink_parms(): no params data found [ 164.423608] device hsr_slave_0 entered promiscuous mode [ 164.470432] device hsr_slave_1 entered promiscuous mode [ 164.503000] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 164.511284] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 164.539310] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 164.551033] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 164.604014] device hsr_slave_0 entered promiscuous mode [ 164.640591] device hsr_slave_1 entered promiscuous mode [ 164.695984] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 164.705109] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 164.713057] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 164.720812] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.727169] bridge0: port 2(bridge_slave_1) entered forwarding state [ 164.734108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 164.751630] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 164.764086] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 164.787918] 8021q: adding VLAN 0 to HW filter on device bond0 [ 164.794180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 164.803131] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 164.810384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 164.818185] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 164.890390] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 164.899290] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 164.922704] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 164.928923] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.935910] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.942954] device bridge_slave_0 entered promiscuous mode [ 164.949620] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.957071] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.964077] device bridge_slave_1 entered promiscuous mode [ 164.988573] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 164.998107] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 165.005777] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 165.016800] chnl_net:caif_netlink_parms(): no params data found [ 165.036962] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 165.045654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 165.052771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 165.059597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 165.067367] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 165.078292] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 165.084704] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.099467] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 165.108719] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 165.135660] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 165.144265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 165.153406] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 165.161205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 165.168887] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 165.176787] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.183276] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.197031] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 165.233116] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 165.242822] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 165.262060] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 165.269133] team0: Port device team_slave_0 added [ 165.275823] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 165.284949] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 165.292934] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 165.307482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 165.315444] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 165.323259] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.329601] bridge0: port 2(bridge_slave_1) entered forwarding state [ 165.347265] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.354317] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 165.362286] team0: Port device team_slave_1 added [ 165.367844] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 165.375346] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.382459] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.389352] device bridge_slave_0 entered promiscuous mode [ 165.396276] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.403097] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.411164] device bridge_slave_1 entered promiscuous mode [ 165.434388] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 165.443269] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 165.451870] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 165.461283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 165.471701] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 165.498420] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 165.514955] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 165.523834] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 165.532023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 165.539649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 165.546624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 165.554110] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 165.561744] team0: Port device team_slave_0 added [ 165.574499] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 165.583023] team0: Port device team_slave_1 added [ 165.588584] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 165.596611] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 165.606712] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 165.612858] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.663898] device hsr_slave_0 entered promiscuous mode [ 165.700463] device hsr_slave_1 entered promiscuous mode [ 165.740762] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 165.755356] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.761875] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 165.771279] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 165.778407] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 165.791311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 165.798534] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 165.816265] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 165.823182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 165.831425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 165.838861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 165.846771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 165.854451] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.860828] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.867756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 165.874694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 165.881771] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 165.888609] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 165.910440] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 165.942235] device hsr_slave_0 entered promiscuous mode [ 165.980413] device hsr_slave_1 entered promiscuous mode [ 166.020897] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 166.028611] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 166.041974] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 166.054391] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 166.062857] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 166.068922] 8021q: adding VLAN 0 to HW filter on device team0 [ 166.081556] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 166.090824] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 166.098816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 166.108295] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 166.116149] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 166.124084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 166.132692] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.139090] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.164307] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 166.177233] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 166.184787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 166.193275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 166.201144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.208909] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.216879] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.223286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.230495] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 166.241683] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 166.255585] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 166.263555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 166.276935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 166.284866] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 166.293203] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.308858] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.326025] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 166.347178] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 166.355620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 166.363795] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 166.371689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 166.382734] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 166.388740] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 166.412981] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 166.424142] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 166.463255] hrtimer: interrupt took 34551 ns 03:20:38 executing program 5: r0 = socket$unix(0x1, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000000)=0x3ff, 0x4) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept(r1, 0x0, 0x0) sendto$inet6(r2, &(0x7f0000000780), 0xffffffffffffffe6, 0x0, 0x0, 0x0) [ 166.485858] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 166.493931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 166.501962] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 166.512733] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.533734] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 166.549698] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 166.559851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.566350] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 166.574327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 166.582075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 166.590471] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 166.599040] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 166.608716] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 166.619626] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 166.631309] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 166.638152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 166.645976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 166.654311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 166.661959] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 166.669407] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 166.680282] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 166.691477] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 166.698645] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 166.708173] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 166.716971] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 166.724658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 166.732158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 166.739761] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 166.747808] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 166.755906] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 166.767999] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 166.774196] 8021q: adding VLAN 0 to HW filter on device team0 [ 166.783454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 166.790934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 166.797737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 166.807785] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 166.815444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 166.823012] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 166.832945] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 166.839024] 8021q: adding VLAN 0 to HW filter on device team0 [ 166.851195] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 166.857233] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 166.869794] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 166.879000] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 166.886618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 166.897383] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 166.909678] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 166.927452] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 166.939688] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 166.947895] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 166.956996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.965629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.973456] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.979796] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.986845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 166.994730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.002439] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.008779] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.015858] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 167.023646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 167.031596] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.037951] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.045870] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 167.053159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 167.061622] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 167.067710] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 167.078531] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 167.093955] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.100675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 167.113678] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 167.128641] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 167.139642] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 167.146265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 167.154210] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.162103] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.168475] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.175733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 167.196494] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 167.204178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 167.219497] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 167.229185] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 167.238660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 167.247383] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.258455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 167.269860] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 167.288339] 8021q: adding VLAN 0 to HW filter on device batadv0 03:20:38 executing program 0: r0 = memfd_create(&(0x7f0000000300)='\x00', 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execveat(r0, &(0x7f0000000100)='\x00', 0x0, 0x0, 0x1100) syz_execute_func(&(0x7f00000000c0)="2e2ef34a0f2c91001000024b99c441896c5b038fa94094418e660f3a0c6fcbef2e03b200000000660fe9f5660f3829efc4617a6fa2fd000000c4e1c1e16ea1") [ 167.311387] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 167.330959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 167.338779] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 03:20:38 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") request_key(&(0x7f0000000080)='user\x00', &(0x7f0000000140)={'syz'}, 0x0, 0xfffffffffffffffc) [ 167.356092] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 167.366402] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 167.377034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 167.387596] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.412026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 167.426176] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 167.437656] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 167.447063] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 167.455603] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 167.463977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 167.476590] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.484702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 167.492584] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 167.507016] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready 03:20:39 executing program 5: r0 = socket$kcm(0x11, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000080)) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x14, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000100)=@caif=@rfm={0x25, 0x5, "8de06f55c742ae7c2bb7ed7767c245f6"}, 0x80, 0x0}, 0x0) 03:20:39 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x40, 0x0) close(r0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/11, 0xffffff22) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000002c0)) clone(0x3902001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TCSETX(r0, 0x5433, 0x0) [ 167.524732] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 167.554709] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 03:20:39 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$KDADDIO(r0, 0x4b34, 0x0) [ 167.573505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 167.596516] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 167.613239] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready 03:20:39 executing program 5: r0 = socket$kcm(0x11, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000080)) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x14, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000100)=@caif=@rfm={0x25, 0x5, "8de06f55c742ae7c2bb7ed7767c245f6"}, 0x80, 0x0}, 0x0) [ 167.639885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 167.648105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 167.660476] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 167.666594] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 167.703125] ================================================================== [ 167.710667] BUG: KASAN: use-after-free in erspan_build_header+0x392/0x3b0 [ 167.717714] Read of size 2 at addr ffff88807e866c8b by task syz-executor.5/7387 [ 167.725173] [ 167.726817] CPU: 1 PID: 7387 Comm: syz-executor.5 Not tainted 4.14.112 #2 [ 167.733806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.743170] Call Trace: [ 167.745771] dump_stack+0x138/0x19c [ 167.749408] ? erspan_build_header+0x392/0x3b0 [ 167.753996] print_address_description.cold+0x7c/0x1dc [ 167.759288] ? erspan_build_header+0x392/0x3b0 [ 167.763877] kasan_report.cold+0xaf/0x2b5 [ 167.768043] __asan_report_load_n_noabort+0xf/0x20 [ 167.772985] erspan_build_header+0x392/0x3b0 [ 167.777409] ? iptunnel_handle_offloads+0x2f3/0x500 [ 167.782433] erspan_xmit+0x3ec/0x11c0 [ 167.786248] ? __gre_xmit+0x890/0x890 [ 167.790054] ? lock_acquire+0x16f/0x430 [ 167.794034] ? packet_direct_xmit+0x345/0x640 [ 167.798610] packet_direct_xmit+0x438/0x640 [ 167.802963] packet_sendmsg+0x31e1/0x5990 [ 167.807116] ? trace_hardirqs_on_caller+0x400/0x590 [ 167.812139] ? _raw_spin_unlock_irq+0x5e/0x90 [ 167.816647] ? finish_task_switch+0x178/0x660 [ 167.821151] ? finish_task_switch+0x14d/0x660 [ 167.825656] ? __switch_to_asm+0x24/0x60 [ 167.829740] ? packet_notifier+0x770/0x770 [ 167.834021] ? trace_hardirqs_on_caller+0x400/0x590 [ 167.839060] ? security_socket_sendmsg+0x8f/0xc0 [ 167.843841] ? packet_notifier+0x770/0x770 [ 167.848088] sock_sendmsg+0xd0/0x110 [ 167.851890] ___sys_sendmsg+0x70c/0x850 [ 167.855884] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 167.860645] ? __fget+0x210/0x370 [ 167.864107] ? find_held_lock+0x35/0x130 [ 167.868180] ? __fget+0x210/0x370 [ 167.871643] ? lock_downgrade+0x6e0/0x6e0 [ 167.875797] ? __fget+0x237/0x370 [ 167.879269] ? __fdget+0x1b/0x20 [ 167.882638] ? sockfd_lookup_light+0xb4/0x160 [ 167.887135] __sys_sendmsg+0xb9/0x140 [ 167.890939] ? SyS_shutdown+0x180/0x180 [ 167.894913] ? put_timespec64+0xb4/0x100 [ 167.899011] ? SyS_clock_gettime+0xfd/0x190 [ 167.903339] SyS_sendmsg+0x2d/0x50 [ 167.906907] ? __sys_sendmsg+0x140/0x140 [ 167.910973] do_syscall_64+0x1eb/0x630 [ 167.914870] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 167.919729] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 167.924921] RIP: 0033:0x458c29 [ 167.928127] RSP: 002b:00007f01132b2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 167.935858] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 167.943395] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 167.950671] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 167.957947] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f01132b36d4 [ 167.965229] R13: 00000000004c64a3 R14: 00000000004dadd8 R15: 00000000ffffffff [ 167.972517] [ 167.974142] Allocated by task 17: [ 167.977598] save_stack_trace+0x16/0x20 [ 167.981572] save_stack+0x45/0xd0 [ 167.985021] kasan_kmalloc+0xce/0xf0 [ 167.988736] kasan_slab_alloc+0xf/0x20 [ 167.992625] kmem_cache_alloc+0x12e/0x780 [ 167.996779] skb_clone+0x129/0x310 [ 168.000326] packet_rcv_spkt+0x424/0x560 [ 168.004389] __netif_receive_skb_core+0x9be/0x2ac0 [ 168.009321] __netif_receive_skb+0x2c/0x1b0 [ 168.013644] netif_receive_skb_internal+0xe4/0x5a0 [ 168.018581] napi_gro_receive+0x2fb/0x410 [ 168.023014] receive_buf+0x532/0x3fd0 [ 168.026820] virtnet_poll+0x515/0xa6e [ 168.030633] net_rx_action+0x495/0xf80 [ 168.034520] __do_softirq+0x24e/0x9ae [ 168.038312] [ 168.039935] Freed by task 17: [ 168.043037] save_stack_trace+0x16/0x20 [ 168.047035] save_stack+0x45/0xd0 [ 168.050486] kasan_slab_free+0x75/0xc0 [ 168.054383] kmem_cache_free+0x83/0x2b0 [ 168.058374] kfree_skbmem+0xac/0x120 [ 168.062085] kfree_skb+0xbd/0x350 [ 168.065534] packet_rcv_spkt+0xd9/0x560 [ 168.069516] __netif_receive_skb_core+0x9be/0x2ac0 [ 168.074467] __netif_receive_skb+0x2c/0x1b0 [ 168.078794] netif_receive_skb_internal+0xe4/0x5a0 [ 168.083737] napi_gro_receive+0x2fb/0x410 [ 168.087905] receive_buf+0x532/0x3fd0 [ 168.091714] virtnet_poll+0x515/0xa6e [ 168.095531] net_rx_action+0x495/0xf80 [ 168.099424] __do_softirq+0x24e/0x9ae [ 168.103231] [ 168.104886] The buggy address belongs to the object at ffff88807e866c80 [ 168.104886] which belongs to the cache skbuff_head_cache of size 232 [ 168.118073] The buggy address is located 11 bytes inside of [ 168.118073] 232-byte region [ffff88807e866c80, ffff88807e866d68) [ 168.129867] The buggy address belongs to the page: [ 168.134808] page:ffffea0001fa1980 count:1 mapcount:0 mapping:ffff88807e866000 index:0x0 [ 168.142964] flags: 0x1fffc0000000100(slab) [ 168.147207] raw: 01fffc0000000100 ffff88807e866000 0000000000000000 000000010000000c [ 168.155108] raw: ffffea00023bd020 ffffea00028f6da0 ffff8880a9dd4d80 0000000000000000 [ 168.162988] page dumped because: kasan: bad access detected [ 168.168692] [ 168.170314] Memory state around the buggy address: [ 168.175249] ffff88807e866b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 168.182608] ffff88807e866c00: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 168.190144] >ffff88807e866c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 168.197963] ^ [ 168.201611] ffff88807e866d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 168.209059] ffff88807e866d80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 168.216417] ================================================================== [ 168.223797] Disabling lock debugging due to kernel taint [ 168.229358] Kernel panic - not syncing: panic_on_warn set ... [ 168.229358] [ 168.236847] CPU: 1 PID: 7387 Comm: syz-executor.5 Tainted: G B 4.14.112 #2 [ 168.244992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.254347] Call Trace: [ 168.256952] dump_stack+0x138/0x19c [ 168.260587] ? erspan_build_header+0x392/0x3b0 [ 168.265172] panic+0x1f2/0x438 [ 168.268370] ? add_taint.cold+0x16/0x16 [ 168.272353] kasan_end_report+0x47/0x4f [ 168.276327] kasan_report.cold+0x136/0x2b5 [ 168.285883] __asan_report_load_n_noabort+0xf/0x20 [ 168.291608] erspan_build_header+0x392/0x3b0 [ 168.292513] kobject: 'loop0' (ffff8880a497a660): kobject_uevent_env [ 168.296020] ? iptunnel_handle_offloads+0x2f3/0x500 [ 168.308910] erspan_xmit+0x3ec/0x11c0 [ 168.312721] ? __gre_xmit+0x890/0x890 [ 168.316529] ? lock_acquire+0x16f/0x430 [ 168.319185] kobject: 'loop0' (ffff8880a497a660): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 168.320503] ? packet_direct_xmit+0x345/0x640 [ 168.320518] packet_direct_xmit+0x438/0x640 [ 168.320529] packet_sendmsg+0x31e1/0x5990 [ 168.320542] ? trace_hardirqs_on_caller+0x400/0x590 [ 168.320554] ? _raw_spin_unlock_irq+0x5e/0x90 [ 168.320567] ? finish_task_switch+0x178/0x660 [ 168.334658] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 168.338823] ? finish_task_switch+0x14d/0x660 [ 168.338842] ? __switch_to_asm+0x24/0x60 [ 168.338861] ? packet_notifier+0x770/0x770 [ 168.384207] ? trace_hardirqs_on_caller+0x400/0x590 [ 168.389254] ? security_socket_sendmsg+0x8f/0xc0 [ 168.394018] ? packet_notifier+0x770/0x770 [ 168.398264] sock_sendmsg+0xd0/0x110 [ 168.401979] ___sys_sendmsg+0x70c/0x850 [ 168.405958] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 168.410932] ? __fget+0x210/0x370 [ 168.414561] ? find_held_lock+0x35/0x130 [ 168.418619] ? __fget+0x210/0x370 [ 168.422078] ? lock_downgrade+0x6e0/0x6e0 [ 168.426235] ? __fget+0x237/0x370 [ 168.429684] ? __fdget+0x1b/0x20 [ 168.433168] ? sockfd_lookup_light+0xb4/0x160 [ 168.437756] __sys_sendmsg+0xb9/0x140 [ 168.441556] ? SyS_shutdown+0x180/0x180 [ 168.445526] ? put_timespec64+0xb4/0x100 [ 168.449583] ? SyS_clock_gettime+0xfd/0x190 [ 168.453904] SyS_sendmsg+0x2d/0x50 [ 168.457438] ? __sys_sendmsg+0x140/0x140 [ 168.461494] do_syscall_64+0x1eb/0x630 [ 168.465382] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 168.470230] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 168.475413] RIP: 0033:0x458c29 [ 168.478597] RSP: 002b:00007f01132b2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 168.486298] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 168.493566] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 168.500837] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 168.508115] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f01132b36d4 [ 168.515386] R13: 00000000004c64a3 R14: 00000000004dadd8 R15: 00000000ffffffff [ 168.523361] Kernel Offset: disabled [ 168.526984] Rebooting in 86400 seconds..