Warning: Permanently added '10.128.0.222' (ECDSA) to the list of known hosts. 2019/10/23 00:36:40 fuzzer started 2019/10/23 00:36:41 dialing manager at 10.128.0.105:33369 2019/10/23 00:36:41 syscalls: 2524 2019/10/23 00:36:41 code coverage: enabled 2019/10/23 00:36:41 comparison tracing: enabled 2019/10/23 00:36:41 extra coverage: extra coverage is not supported by the kernel 2019/10/23 00:36:41 setuid sandbox: enabled 2019/10/23 00:36:41 namespace sandbox: enabled 2019/10/23 00:36:41 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/23 00:36:41 fault injection: enabled 2019/10/23 00:36:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/23 00:36:41 net packet injection: enabled 2019/10/23 00:36:41 net device setup: enabled 2019/10/23 00:36:41 concurrency sanitizer: enabled 00:36:45 executing program 0: syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x4) 00:36:46 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000280)='ramfs\x00', 0x800, 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x100000, 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', 0x0, 0x23080, 0x0) mount(&(0x7f0000000080), &(0x7f0000000380)='.', 0x0, 0x5010, 0x0) mount(&(0x7f0000000080), &(0x7f0000000140)='.', 0x0, 0x5110, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00') preadv(r0, &(0x7f0000000940)=[{&(0x7f0000000040)=""/42, 0x2a}, {&(0x7f00000008c0)=""/106, 0x5b}, {&(0x7f00000007c0)=""/242, 0xf2}, {&(0x7f0000001380)=""/239, 0xfc36}], 0xc7, 0xc00) syzkaller login: [ 49.551860][ T7225] IPVS: ftp: loaded support on port[0] = 21 [ 49.713382][ T7227] IPVS: ftp: loaded support on port[0] = 21 [ 49.738687][ T7225] chnl_net:caif_netlink_parms(): no params data found 00:36:46 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@loopback, @in=@broadcast, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@empty, 0x0, 0x3c}, 0x0, @in=@remote}}, 0xe8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) [ 49.816095][ T7225] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.824255][ T7225] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.832732][ T7225] device bridge_slave_0 entered promiscuous mode [ 49.851680][ T7225] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.858785][ T7225] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.868390][ T7225] device bridge_slave_1 entered promiscuous mode [ 49.963436][ T7225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 49.976013][ T7227] chnl_net:caif_netlink_parms(): no params data found [ 49.993645][ T7225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.029249][ T7225] team0: Port device team_slave_0 added [ 50.042282][ T7231] IPVS: ftp: loaded support on port[0] = 21 [ 50.046260][ T7225] team0: Port device team_slave_1 added [ 50.073490][ T7227] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.081477][ T7227] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.090809][ T7227] device bridge_slave_0 entered promiscuous mode 00:36:46 executing program 3: socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) sendto$unix(r3, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0) [ 50.182522][ T7225] device hsr_slave_0 entered promiscuous mode [ 50.221354][ T7225] device hsr_slave_1 entered promiscuous mode [ 50.301701][ T7227] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.308784][ T7227] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.330375][ T7227] device bridge_slave_1 entered promiscuous mode [ 50.388433][ T7225] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.395581][ T7225] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.402972][ T7225] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.410069][ T7225] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.429222][ T7233] IPVS: ftp: loaded support on port[0] = 21 [ 50.443060][ T7227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.469109][ T7227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 00:36:47 executing program 4: r0 = syz_open_dev$swradio(&(0x7f0000000140)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r0, 0x80045643, &(0x7f0000000000)={0x0, @raw_data="43553038966ad6665a58829547f4459bd30dbd0cbc20c3ae5cfcf9841bf9aef9737e1d534c8a23663fb565ef3e8951fb62feb03476ffc16672fe4f0cad18287a4e747ee1adb4ec7c59ccd65fcc0f78997a25e1c8548473196b7f0efa33a94bd2d2fd67979f982b10ff227c35b6384e72e051a109c77b4e2a139ae93abaac547869b173d6ba776981bda24b773478876cc51bb5ae649fcdc08107230bfbfb92d3d7d5a03d4eccc7c4d44d428c3e844055e72ff179ec28d517f753487dfd62b180fee148710b7394cd"}) [ 50.517409][ T7227] team0: Port device team_slave_0 added [ 50.527114][ T7227] team0: Port device team_slave_1 added [ 50.712398][ T7227] device hsr_slave_0 entered promiscuous mode [ 50.739810][ T7227] device hsr_slave_1 entered promiscuous mode 00:36:47 executing program 5: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/am_droprate\x00', 0x2, 0x0) ioctl$sock_ax25_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0xc0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x66de897b, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) sendto$inet(r1, &(0x7f0000000bc0)="3232ce2774e7a3797748648df71c7b4542839e347be35844e42ad67454cd5e140e0ab73493d6b6921681e5536dbc0f309747cc199a7f9a20d01e04d55fb1c26504e3e4738aac76780b5c2363a6dc4d10fe9adc2b363abf6981a31f6a58ef2103e7a145b11649eac6d4cc29a315faf899c2e35d08b1974199c08bf4798207b78d8dd89e727382318265acc85a4444869dfc22ba7fd79b455635a715fa1e705070e2857ef21a3076cdfc2c29b26547360add94ef9c349ae62f54e7a90e1aae762a11b2cc6bd720034fac41f1de628e05e4e609516a", 0xd4, 0x0, 0x0, 0x0) read(r1, &(0x7f0000000ac0)=""/245, 0x100000394) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x18, 0x0, &(0x7f00000002c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="39000000140081ae00d175040f62b04a2b546fc54c1960b89c40ebb373585806dbb7d553b4a400"/57, 0x39}], 0x172}, 0x0) getsockopt$SO_COOKIE(r2, 0x1, 0x39, &(0x7f0000000240), &(0x7f0000000300)=0x8) sendto$inet(r1, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) [ 50.810168][ T7227] debugfs: Directory 'hsr0' with parent '/' already present! [ 50.844639][ T7225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.858071][ T3499] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.881210][ T3499] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.891581][ T3499] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 50.938310][ T7234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.943530][ T7236] IPVS: ftp: loaded support on port[0] = 21 [ 50.960641][ T7234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.971222][ T7225] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.012641][ T7234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.022049][ T7234] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.030678][ T7234] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.037710][ T7234] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.052462][ T7231] chnl_net:caif_netlink_parms(): no params data found [ 51.110916][ T7234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.117020][ T7240] IPVS: ftp: loaded support on port[0] = 21 [ 51.120441][ T7234] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.133789][ T7234] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.140914][ T7234] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.181337][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.190877][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.200517][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.209362][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.219027][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.227788][ T7233] chnl_net:caif_netlink_parms(): no params data found [ 51.277228][ T7231] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.284405][ T7231] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.294965][ T7231] device bridge_slave_0 entered promiscuous mode [ 51.304766][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.313654][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.335960][ T7231] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.343213][ T7231] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.352342][ T7231] device bridge_slave_1 entered promiscuous mode [ 51.364344][ T7234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.373193][ T7234] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.381712][ T7234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.390251][ T7234] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.401600][ T7225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.440045][ T7227] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.451625][ T7233] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.458705][ T7233] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.466967][ T7233] device bridge_slave_0 entered promiscuous mode [ 51.481534][ T7231] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 51.497123][ T7231] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 51.508861][ T7233] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.516056][ T7233] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.523886][ T7233] device bridge_slave_1 entered promiscuous mode [ 51.588554][ T7236] chnl_net:caif_netlink_parms(): no params data found [ 51.606313][ T7231] team0: Port device team_slave_0 added [ 51.613653][ T7233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 51.626039][ T7227] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.643017][ T7231] team0: Port device team_slave_1 added [ 51.652431][ T7233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 51.663224][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.671193][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.681479][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.690776][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.699387][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.706656][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.715131][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.747188][ T7225] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.777067][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.786199][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.795336][ T3007] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.802525][ T3007] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.810726][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.834790][ T7233] team0: Port device team_slave_0 added [ 51.844184][ T7233] team0: Port device team_slave_1 added [ 51.865683][ T7234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.875325][ T7240] chnl_net:caif_netlink_parms(): no params data found [ 51.932313][ T7231] device hsr_slave_0 entered promiscuous mode [ 51.989929][ T7231] device hsr_slave_1 entered promiscuous mode [ 52.039585][ T7231] debugfs: Directory 'hsr0' with parent '/' already present! [ 52.053584][ T3499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.062997][ T3499] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.072258][ T3499] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.081105][ T7240] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.088184][ T7240] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.099983][ T7240] device bridge_slave_0 entered promiscuous mode [ 52.124570][ T7236] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.135060][ T7236] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.144210][ T7236] device bridge_slave_0 entered promiscuous mode [ 52.152747][ T7236] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.159899][ T7236] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.167897][ T7236] device bridge_slave_1 entered promiscuous mode [ 52.175184][ T7240] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.182384][ T7240] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.190264][ T7240] device bridge_slave_1 entered promiscuous mode [ 52.263022][ T7233] device hsr_slave_0 entered promiscuous mode [ 52.319963][ T7233] device hsr_slave_1 entered promiscuous mode [ 52.359629][ T7233] debugfs: Directory 'hsr0' with parent '/' already present! [ 52.371544][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.383393][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.413151][ T7234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.422149][ T7234] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.436059][ T7240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.450648][ T7240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 00:36:48 executing program 0: syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x4) [ 52.480783][ T7227] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.492324][ T7227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.538667][ T7236] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.559297][ T7236] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.579775][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 00:36:49 executing program 0: syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x4) [ 52.594722][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.629326][ T7227] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.636903][ T7240] ================================================================== [ 52.645007][ T7240] BUG: KCSAN: data-race in pcpu_alloc / pcpu_block_update_hint_alloc [ 52.653059][ T7240] [ 52.655384][ T7240] write to 0xffffffff86046740 of 4 bytes by task 7225 on cpu 0: [ 52.663018][ T7240] pcpu_block_update_hint_alloc+0x3f6/0x620 [ 52.668912][ T7240] pcpu_alloc_area+0x372/0x510 [ 52.673670][ T7240] pcpu_alloc+0x5b2/0xcf0 [ 52.677996][ T7240] __alloc_percpu+0x2e/0x40 [ 52.682501][ T7240] xt_percpu_counter_alloc+0x105/0x130 [ 52.687956][ T7240] find_check_entry.isra.0+0x64/0x590 [ 52.693318][ T7240] translate_table+0x7a5/0xcd0 [ 52.698075][ T7240] do_ip6t_set_ctl+0x219/0x311 [ 52.702834][ T7240] nf_setsockopt+0x6e/0xb0 [ 52.707249][ T7240] ipv6_setsockopt+0x119/0x130 [ 52.712013][ T7240] tcp_setsockopt+0x7c/0xc0 [ 52.716513][ T7240] sock_common_setsockopt+0x67/0x90 [ 52.721710][ T7240] __sys_setsockopt+0x1ce/0x370 [ 52.726583][ T7240] __x64_sys_setsockopt+0x70/0x90 [ 52.731592][ T7240] [ 52.733916][ T7240] read to 0xffffffff86046740 of 4 bytes by task 7240 on cpu 1: [ 52.741447][ T7240] pcpu_alloc+0x3b0/0xcf0 [ 52.745766][ T7240] __alloc_percpu+0x2e/0x40 [ 52.750255][ T7240] alloc_netdev_mqs+0xff/0x860 [ 52.755015][ T7240] rtnl_create_link+0x181/0x4f0 [ 52.759862][ T7240] veth_newlink+0x1be/0x620 [ 52.764364][ T7240] __rtnl_newlink+0xc89/0x1010 [ 52.769117][ T7240] rtnl_newlink+0x63/0x90 [ 52.773445][ T7240] rtnetlink_rcv_msg+0x1d3/0x500 [ 52.778375][ T7240] netlink_rcv_skb+0xb0/0x260 [ 52.783045][ T7240] rtnetlink_rcv+0x26/0x30 [ 52.787451][ T7240] netlink_unicast+0x354/0x430 [ 52.792206][ T7240] netlink_sendmsg+0x456/0x770 [ 52.796966][ T7240] sock_sendmsg+0x9f/0xc0 [ 52.801282][ T7240] [ 52.803596][ T7240] Reported by Kernel Concurrency Sanitizer on: [ 52.809744][ T7240] CPU: 1 PID: 7240 Comm: syz-executor.5 Not tainted 5.4.0-rc3+ #0 [ 52.817541][ T7240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.827588][ T7240] ================================================================== [ 52.835661][ T7240] Kernel panic - not syncing: panic_on_warn set ... 00:36:49 executing program 0: syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x4) 00:36:49 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000040), 0x8) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000500), &(0x7f0000000540)=0x4) [ 52.842241][ T7240] CPU: 1 PID: 7240 Comm: syz-executor.5 Not tainted 5.4.0-rc3+ #0 [ 52.850039][ T7240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.860445][ T7240] Call Trace: [ 52.863744][ T7240] dump_stack+0xf5/0x159 [ 52.867993][ T7240] panic+0x210/0x640 [ 52.871894][ T7240] ? netlink_rcv_skb+0xb0/0x260 [ 52.876742][ T7240] ? vprintk_func+0x8d/0x140 [ 52.881329][ T7240] kcsan_report.cold+0xc/0x10 [ 52.886018][ T7240] __kcsan_setup_watchpoint+0x32e/0x4a0 [ 52.891564][ T7240] __tsan_read4+0x2c/0x30 [ 52.895895][ T7240] pcpu_alloc+0x3b0/0xcf0 [ 52.900233][ T7240] __alloc_percpu+0x2e/0x40 [ 52.904735][ T7240] alloc_netdev_mqs+0xff/0x860 [ 52.909504][ T7240] ? __read_once_size+0xe0/0xe0 [ 52.914368][ T7240] ? __read_once_size+0xe0/0xe0 [ 52.919217][ T7240] rtnl_create_link+0x181/0x4f0 [ 52.924076][ T7240] veth_newlink+0x1be/0x620 [ 52.928614][ T7240] ? veth_poll_controller+0x20/0x20 [ 52.933811][ T7240] __rtnl_newlink+0xc89/0x1010 [ 52.938573][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 00:36:49 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000040), 0x8) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000500), &(0x7f0000000540)=0x4) [ 52.944292][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 52.949935][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 52.955576][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 52.961213][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 52.966845][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 52.972472][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 52.978109][ T7240] ? __rcu_read_unlock+0x66/0x3c0 [ 52.983129][ T7240] ? __tsan_write8+0x32/0x40 [ 52.987711][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 52.993360][ T7240] ? __rtnl_newlink+0x1010/0x1010 [ 52.998384][ T7240] rtnl_newlink+0x63/0x90 [ 53.002766][ T7240] rtnetlink_rcv_msg+0x1d3/0x500 [ 53.007705][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 53.013331][ T7240] ? __tsan_write4+0x32/0x40 [ 53.017928][ T7240] netlink_rcv_skb+0xb0/0x260 [ 53.022609][ T7240] ? rtnl_calcit.isra.0+0x220/0x220 [ 53.027805][ T7240] rtnetlink_rcv+0x26/0x30 [ 53.032218][ T7240] netlink_unicast+0x354/0x430 [ 53.036982][ T7240] netlink_sendmsg+0x456/0x770 00:36:49 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000040), 0x8) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000500), &(0x7f0000000540)=0x4) [ 53.042259][ T7240] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 53.047809][ T7240] ? netlink_unicast+0x430/0x430 [ 53.052746][ T7240] sock_sendmsg+0x9f/0xc0 [ 53.057069][ T7240] __sys_sendto+0x21f/0x320 [ 53.062630][ T7240] ? blkcg_maybe_throttle_current+0x472/0x610 [ 53.068698][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 53.074325][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 53.079956][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 53.085579][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 53.091217][ T7240] __x64_sys_sendto+0x89/0xb0 00:36:49 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000040), 0x8) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000500), &(0x7f0000000540)=0x4) [ 53.095903][ T7240] do_syscall_64+0xcc/0x370 [ 53.100407][ T7240] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 53.106292][ T7240] RIP: 0033:0x413b23 [ 53.110189][ T7240] Code: ff 0f 83 b0 19 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d ed 44 66 00 00 75 17 49 89 ca b8 2c 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 81 19 00 00 c3 48 83 ec 08 e8 87 fa ff ff [ 53.129780][ T7240] RSP: 002b:00007ffe39bafda8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 53.138247][ T7240] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000413b23 [ 53.146228][ T7240] RDX: 0000000000000068 RSI: 0000000000a71df0 RDI: 0000000000000003 [ 53.154201][ T7240] RBP: 0000000000000003 R08: 00007ffe39bafdb0 R09: 000000000000000c [ 53.162166][ T7240] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe39bb0170 [ 53.170137][ T7240] R13: 00007ffe39bafe38 R14: 00007ffe39baff00 R15: 00000000004beb20 [ 53.179318][ T7240] Kernel Offset: disabled [ 53.183638][ T7240] Rebooting in 86400 seconds..