Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. 2019/06/01 16:24:05 fuzzer started syzkaller login: [ 49.912673] kauditd_printk_skb: 5 callbacks suppressed [ 49.912687] audit: type=1400 audit(1559406245.098:36): avc: denied { map } for pid=7761 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/01 16:24:08 dialing manager at 10.128.0.105:38455 2019/06/01 16:24:08 syscalls: 2457 2019/06/01 16:24:08 code coverage: enabled 2019/06/01 16:24:08 comparison tracing: enabled 2019/06/01 16:24:08 extra coverage: extra coverage is not supported by the kernel 2019/06/01 16:24:08 setuid sandbox: enabled 2019/06/01 16:24:08 namespace sandbox: enabled 2019/06/01 16:24:08 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/01 16:24:08 fault injection: enabled 2019/06/01 16:24:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/01 16:24:08 net packet injection: enabled 2019/06/01 16:24:08 net device setup: enabled 16:24:18 executing program 0: setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @mcast1}, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}, 0x5c) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket(0x840000000002, 0x3, 0x200000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='erspan0\x00', 0x681) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r0, &(0x7f00000000c0), 0x5aa, 0x0, 0x0, 0x120) [ 63.039533] audit: type=1400 audit(1559406258.228:37): avc: denied { map } for pid=7780 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14961 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 16:24:18 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-aesni\x00'}, 0x58) [ 63.166187] IPVS: ftp: loaded support on port[0] = 21 [ 63.177867] NET: Registered protocol family 30 [ 63.182626] Failed to register TIPC socket type 16:24:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="02000000bf0100000000000000000000ba010000086e000021232948de042774602f36cddb4aa287b3b3312d91f7fbcd26167f6444b666b5023d6da31997c5864183bb5548c8d5210899d6b5b6d5efcd76ffd06e3e62e26c761a6047d17f3aed967ad2b9eaceeae2cb7df923371fd5e88cb2109310447fd0b311245765d6097e53a8c17cc048956f81eae779bb571cacac48a457bd4d0318be01a875d8a9d7039d2c88658fdc197346946806aca29bd51e448d160dee6cb1b7154b67078c77c404f67883fdeea217dddce5faf01620da79e102ffa9192e2b0b89fc559edd377d1ba0dce6baf4f99d80879756b350f508274acd1cd428d448cf820f4706031e75835813e13b954579822cabf5c49c204788c967997833ccbf197ef5fe6a6fa3b8cc8808fb8af13058263c1f576dad05236f15a8d4d9d46f05a2d510e430f553756fd3aae8cba7bac5f2ca2a3eb779f29b0a7fb6cffc073f9c9d76da64ca91814f1a08c83ab9c767b1f24c59ca4ef5e4e501d3e220cf8146"], 0x177}}, 0x0) syz_execute_func(&(0x7f0000000180)="f2af91930f0124eda133fa20430fbafce842f66188d0d4430fc7f314c1ab5be2f9660f3a0fae5e090000ba44d8d1b63ac4817d73d74ec482310d46f449f216c863fa43c4c2750ade1bdbae95c4e1a05d6b06aa420f383c02c401405c6bfd499768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5c") [ 63.413124] IPVS: ftp: loaded support on port[0] = 21 [ 63.430399] NET: Registered protocol family 30 [ 63.435042] Failed to register TIPC socket type [ 63.639013] IPVS: ftp: loaded support on port[0] = 21 [ 63.658238] NET: Registered protocol family 30 [ 63.662861] Failed to register TIPC socket type 16:24:19 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="02000000bf0100000000000000000000ba010000086e020021232948de042774602f36cddb4aa287b3b3315225099544f949e967e32d91f7cd26167f6444b666a5c2b5023d6da31997c5864183bb5548c8d5210899d6b5d3d5efcd76efd06e3e62e26c761a6047d17f3aed7bf0d2b9eaceeae2cb7df923371fd5e88cb2109310447fd0b31124446303fa5765d6097e53a8c17cc048956f81eae779bb571cacac48a457bd4d0318be01a875e806aca2"], 0xaf}}, 0x0) syz_execute_func(&(0x7f0000000180)="f2af91930f0124eda133fa20660fd3ca42f66188d0d4f818c1ab5be2f9660f3a0fae5e090000ba44d8d1c401f5ef1ac4817d73d74ec4a275bd153c78ab7749f216c863fa43c4c2750ade1bdbae95c4e1ee5d6b06aa420f383c02c401405c6bfdc402b504a60080000068d768f833c4a1cd61b3b23c0000ab26dbc1a1fe5ff6f6df0804f4c4efa59cc442abf58f104eb547288ba6452e000054c4431d3e660f6e7f3c") [ 64.211764] IPVS: ftp: loaded support on port[0] = 21 [ 64.241843] NET: Registered protocol family 30 [ 64.266552] Failed to register TIPC socket type 16:24:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x74, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x34, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_BEARER={0x20, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_REF={0x8}]}]}, 0x74}}, 0x0) syz_execute_func(&(0x7f0000000280)="f2af91930f0124eda133fa20430fbafce842f66188d027430fc7f314c1ab5bf9e2f9660f3a0fae735e090000baba3c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa11420f383c020201405c6bfd49d768d768f833fefbab6464660f38323c8fc481e5eb85ee000000a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") [ 64.749466] IPVS: ftp: loaded support on port[0] = 21 [ 64.779080] NET: Registered protocol family 30 [ 64.783735] Failed to register TIPC socket type 16:24:20 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="02000000bf0100000000000000000000ba0100000900000021232948de042774602f36cddb4aa287b3b317be090bf9921b6afe0b312d9203cd26a31997c5864183bb5548c8d5210899d6b5b6d5"], 0x4d}}, 0x0) syz_execute_func(&(0x7f0000000180)="f2af91930f0124eda133fa20430fbafce842f66188d0d4430fc7f3b7c1ab5be2f9660f3a0fae5e090000ba44d8d1b63ac4817d73d74ec482310d46f449f216c863fa43c4c2750ade1bdbae95c4e1a05d6b06aa420f383c02c401405c6bfd499768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5c") [ 65.423864] IPVS: ftp: loaded support on port[0] = 21 [ 65.441222] NET: Registered protocol family 30 [ 65.445838] Failed to register TIPC socket type [ 66.050070] chnl_net:caif_netlink_parms(): no params data found [ 66.449186] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.456033] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.508038] device bridge_slave_0 entered promiscuous mode [ 66.579268] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.585798] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.627813] device bridge_slave_1 entered promiscuous mode [ 67.160112] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 67.485226] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 68.077038] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.216990] team0: Port device team_slave_0 added [ 68.458907] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 68.601281] team0: Port device team_slave_1 added [ 68.934564] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 69.067980] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 69.675274] device hsr_slave_0 entered promiscuous mode [ 69.949579] device hsr_slave_1 entered promiscuous mode [ 70.091771] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 70.224036] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 70.455650] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 70.928553] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.108951] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 71.312000] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 71.399111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 71.408130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.528131] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 71.605999] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.767076] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 71.865502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.886212] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.977048] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.983639] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.138468] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 72.157476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.164827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.237678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.306573] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.313026] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.435200] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 72.487718] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 72.614241] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 72.668412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 72.750109] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 72.819850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 72.838762] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.923919] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 72.977670] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 72.985446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.077596] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.151904] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 73.234342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 73.245313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.324675] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 73.406986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 73.444601] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.511340] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 73.566544] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.698839] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 73.828273] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.924371] audit: type=1400 audit(1559406269.108:38): avc: denied { associate } for pid=7781 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 75.368390] [ 75.370080] ============================================ [ 75.375563] WARNING: possible recursive locking detected [ 75.381033] 4.19.47 #19 Not tainted [ 75.384760] -------------------------------------------- [ 75.390221] syz-executor.0/8271 is trying to acquire lock: [ 75.395847] 000000000277713c (_xmit_ETHER#2){+.-.}, at: sch_direct_xmit+0x2de/0xfa0 [ 75.403688] [ 75.403688] but task is already holding lock: [ 75.409674] 000000006d93c4d7 (_xmit_ETHER#2){+.-.}, at: sch_direct_xmit+0x2de/0xfa0 [ 75.417520] [ 75.417520] other info that might help us debug this: [ 75.424195] Possible unsafe locking scenario: [ 75.424195] [ 75.430263] CPU0 [ 75.432847] ---- [ 75.435522] lock(_xmit_ETHER#2); [ 75.439294] lock(_xmit_ETHER#2); [ 75.442851] [ 75.442851] *** DEADLOCK *** [ 75.442851] [ 75.448916] May be due to missing lock nesting notation [ 75.448916] [ 75.455854] 9 locks held by syz-executor.0/8271: [ 75.460625] #0: 00000000d16eb40f (rcu_read_lock_bh){....}, at: ip_finish_output2+0x2b0/0x1760 [ 75.469590] #1: 00000000d16eb40f (rcu_read_lock_bh){....}, at: __dev_queue_xmit+0x214/0x3010 [ 75.478295] #2: 0000000067133d5f (&(&sch->seqlock)->rlock){+...}, at: __dev_queue_xmit+0x28cf/0x3010 [ 75.487712] #3: 00000000ff114ac1 (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: dev_queue_xmit+0x18/0x20 [ 75.498530] #4: 000000006d93c4d7 (_xmit_ETHER#2){+.-.}, at: sch_direct_xmit+0x2de/0xfa0 [ 75.506895] #5: 00000000d16eb40f (rcu_read_lock_bh){....}, at: ip_finish_output2+0x2b0/0x1760 [ 75.515695] #6: 00000000d16eb40f (rcu_read_lock_bh){....}, at: __dev_queue_xmit+0x214/0x3010 [ 75.524411] #7: 000000006e2d0b56 (&(&sch->seqlock)->rlock){+...}, at: __dev_queue_xmit+0x28cf/0x3010 [ 75.533908] #8: 000000002f6d49b4 (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at: dev_queue_xmit+0x18/0x20 [ 75.544981] [ 75.544981] stack backtrace: [ 75.549537] CPU: 0 PID: 8271 Comm: syz-executor.0 Not tainted 4.19.47 #19 [ 75.556583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.565947] Call Trace: [ 75.568560] dump_stack+0x172/0x1f0 [ 75.572254] __lock_acquire.cold+0x135/0x4a1 [ 75.576711] ? kernel_text_address+0x73/0xf0 [ 75.581151] ? __kernel_text_address+0xd/0x40 [ 75.585670] ? mark_held_locks+0x100/0x100 [ 75.589930] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 75.595494] ? netif_skb_features+0x6d1/0xbb0 [ 75.600017] ? save_trace+0xe0/0x290 [ 75.603902] ? netdev_set_sb_channel+0xe0/0xe0 [ 75.608510] ? validate_xmit_xfrm+0x1f7/0xda0 [ 75.613030] lock_acquire+0x16f/0x3f0 [ 75.616849] ? sch_direct_xmit+0x2de/0xfa0 [ 75.621107] _raw_spin_lock+0x2f/0x40 [ 75.624923] ? sch_direct_xmit+0x2de/0xfa0 [ 75.629285] sch_direct_xmit+0x2de/0xfa0 [ 75.633397] ? pfifo_fast_enqueue+0x28c/0x430 [ 75.638195] ? find_held_lock+0x35/0x130 [ 75.642285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 75.647943] ? dev_watchdog+0x7f0/0x7f0 [ 75.651943] ? __lock_is_held+0xb6/0x140 [ 75.656240] __qdisc_run+0x57f/0x1960 [ 75.660085] ? dev_queue_xmit+0x18/0x20 [ 75.664085] __dev_queue_xmit+0x228d/0x3010 [ 75.668441] ? dev_queue_xmit+0x18/0x20 [ 75.672435] ? netdev_pick_tx+0x300/0x300 [ 75.676602] ? ip_finish_output2+0x870/0x1760 [ 75.681112] ? find_held_lock+0x35/0x130 [ 75.685192] ? ip_finish_output2+0x93d/0x1760 [ 75.689758] ? mark_held_locks+0xb1/0x100 [ 75.693951] dev_queue_xmit+0x18/0x20 [ 75.697774] ? dev_queue_xmit+0x18/0x20 [ 75.701764] neigh_resolve_output+0x5b7/0x980 [ 75.706286] ip_finish_output2+0x93d/0x1760 [ 75.710850] ? refcount_add_not_zero_checked+0x181/0x240 [ 75.716359] ? memcpy+0x46/0x50 [ 75.719666] ? ip_copy_metadata+0xcf0/0xcf0 [ 75.724026] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 75.729768] ip_do_fragment+0x933/0x2570 [ 75.733848] ? ip_do_fragment+0x933/0x2570 [ 75.738356] ? ip_copy_metadata+0xcf0/0xcf0 [ 75.742696] ip_fragment.constprop.0+0x176/0x240 [ 75.747475] ip_finish_output+0x5f8/0xd20 [ 75.751650] ip_mc_output+0x298/0xf70 [ 75.755506] ? __ip_queue_xmit+0x1be0/0x1be0 [ 75.760116] ? ip_idents_reserve+0x133/0x1d0 [ 75.764548] ? ip_fragment.constprop.0+0x240/0x240 [ 75.769500] ? __ip_select_ident+0x19b/0x2e0 [ 75.773944] ? rt_cpu_seq_start+0x200/0x200 [ 75.778319] ip_local_out+0xbb/0x1b0 [ 75.782179] iptunnel_xmit+0x5c5/0x9b0 [ 75.786186] ip_tunnel_xmit+0x1250/0x36ce [ 75.790375] ? ip_md_tunnel_xmit+0x1370/0x1370 [ 75.794980] ? depot_save_stack+0x1de/0x460 [ 75.799412] ? __lock_acquire+0x6eb/0x48f0 [ 75.803664] __gre_xmit+0x5e1/0x9a0 [ 75.807327] erspan_xmit+0xa26/0x2b50 [ 75.811283] ? ipgre_fill_info+0xf40/0xf40 [ 75.815736] ? __lock_is_held+0xb6/0x140 [ 75.819836] dev_hard_start_xmit+0x1a5/0x980 [ 75.824366] sch_direct_xmit+0x370/0xfa0 [ 75.828464] ? pfifo_fast_enqueue+0x28c/0x430 [ 75.832997] ? find_held_lock+0x35/0x130 [ 75.839477] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 75.845040] ? dev_watchdog+0x7f0/0x7f0 [ 75.849049] ? __lock_is_held+0xb6/0x140 [ 75.853136] __qdisc_run+0x57f/0x1960 [ 75.856959] ? dev_queue_xmit+0x18/0x20 [ 75.861036] __dev_queue_xmit+0x228d/0x3010 [ 75.865565] ? dev_queue_xmit+0x18/0x20 [ 75.869538] ? netdev_pick_tx+0x300/0x300 [ 75.873685] ? ip_finish_output2+0x870/0x1760 [ 75.879833] ? find_held_lock+0x35/0x130 [ 75.883905] ? ip_finish_output2+0x93d/0x1760 [ 75.888416] ? __local_bh_enable_ip+0x15a/0x270 [ 75.893080] ? _raw_write_unlock_bh+0x31/0x40 [ 75.897572] dev_queue_xmit+0x18/0x20 [ 75.901394] ? dev_queue_xmit+0x18/0x20 [ 75.905381] neigh_resolve_output+0x5b7/0x980 [ 75.910402] ip_finish_output2+0x93d/0x1760 [ 75.914717] ? kasan_check_write+0x14/0x20 [ 75.918948] ? ip_copy_metadata+0x7f5/0xcf0 [ 75.923259] ? ip_copy_metadata+0xcf0/0xcf0 [ 75.927574] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 75.933143] ip_do_fragment+0x1d8c/0x2570 [ 75.937575] ? ip_do_fragment+0x1d8c/0x2570 [ 75.941990] ? ip_copy_metadata+0xcf0/0xcf0 [ 75.946329] ip_fragment.constprop.0+0x176/0x240 [ 75.951086] ip_finish_output+0x5f8/0xd20 [ 75.955613] ip_mc_output+0x298/0xf70 [ 75.959421] ? __ip_queue_xmit+0x1be0/0x1be0 [ 75.963854] ? ip_fragment.constprop.0+0x240/0x240 [ 75.968787] ? ip_make_skb+0x1b1/0x2c0 [ 75.972676] ? ip_reply_glue_bits+0xc0/0xc0 [ 75.976987] ip_local_out+0xbb/0x1b0 [ 75.980689] ip_send_skb+0x42/0xf0 [ 75.984221] udp_send_skb.isra.0+0x6bb/0x11f0 [ 75.990328] ? xfrm_lookup_route+0x5b/0x1f0 [ 76.002945] udp_sendmsg+0x1e07/0x25f0 [ 76.006853] ? ip_reply_glue_bits+0xc0/0xc0 [ 76.011258] ? udp_push_pending_frames+0xf0/0xf0 [ 76.016347] ? __fget+0x340/0x540 [ 76.019983] ? find_held_lock+0x35/0x130 [ 76.024056] ? sock_has_perm+0x209/0x2a0 [ 76.028121] ? __fget+0x367/0x540 [ 76.031570] ? iterate_fd+0x360/0x360 [ 76.035362] inet_sendmsg+0x141/0x5d0 [ 76.039419] ? inet_sendmsg+0x141/0x5d0 [ 76.043385] ? ipip_gro_receive+0x100/0x100 [ 76.047805] sock_sendmsg+0xd7/0x130 [ 76.051606] __sys_sendto+0x262/0x380 [ 76.055402] ? __ia32_sys_getpeername+0xb0/0xb0 [ 76.060079] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 76.065610] ? put_timespec64+0xda/0x140 [ 76.069670] ? nsecs_to_jiffies+0x30/0x30 [ 76.073823] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 76.078594] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 76.083347] ? do_syscall_64+0x26/0x620 [ 76.087319] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.092674] __x64_sys_sendto+0xe1/0x1a0 [ 76.096725] do_syscall_64+0xfd/0x620 [ 76.100514] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.105950] RIP: 0033:0x459279 [ 76.109138] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 76.130841] RSP: 002b:00007f73bba6cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 76.138827] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459279 [ 76.146102] RDX: 00000000000005aa RSI: 00000000200000c0 RDI: 0000000000000003 [ 76.153378] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000120 [ 76.160635] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f73bba6d6d4 [ 76.167892] R13: 00000000004c6d91 R14: 00000000004dbc28 R15: 00000000ffffffff [ 77.053936] syz-executor.0 (8271) used greatest stack depth: 22432 bytes left 16:24:32 executing program 0: setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @mcast1}, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}, 0x5c) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket(0x840000000002, 0x3, 0x200000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='erspan0\x00', 0x681) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r0, &(0x7f00000000c0), 0x5aa, 0x0, 0x0, 0x120) [ 77.476782] kobject: 'loop0' (0000000021632b4c): kobject_uevent_env [ 77.736747] kobject: 'loop0' (0000000021632b4c): fill_kobj_path: path = '/devices/virtual/block/loop0' 16:24:33 executing program 0: setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @mcast1}, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}, 0x5c) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket(0x840000000002, 0x3, 0x200000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='erspan0\x00', 0x681) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r0, &(0x7f00000000c0), 0x5aa, 0x0, 0x0, 0x120) [ 78.230373] kobject: 'loop0' (0000000021632b4c): kobject_uevent_env [ 78.276442] kobject: 'loop0' (0000000021632b4c): fill_kobj_path: path = '/devices/virtual/block/loop0' 16:24:33 executing program 0: setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @mcast1}, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}, 0x5c) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket(0x840000000002, 0x3, 0x200000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='erspan0\x00', 0x681) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r0, &(0x7f00000000c0), 0x5aa, 0x0, 0x0, 0x120) [ 78.765665] kobject: 'loop0' (0000000021632b4c): kobject_uevent_env [ 78.786798] kobject: 'loop0' (0000000021632b4c): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 78.812477] IPVS: ftp: loaded support on port[0] = 21 [ 78.830905] IPVS: ftp: loaded support on port[0] = 21 [ 78.834483] NET: Registered protocol family 30 [ 78.846011] Failed to register TIPC socket type [ 78.851975] IPVS: ftp: loaded support on port[0] = 21 [ 78.854650] IPVS: ftp: loaded support on port[0] = 21 [ 78.858484] list_add double add: new=ffffffff892e7630, prev=ffffffff890f3140, next=ffffffff892e7630. [ 78.875741] ------------[ cut here ]------------ [ 78.880712] kernel BUG at lib/list_debug.c:29! [ 78.885998] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 78.891443] CPU: 0 PID: 8445 Comm: syz-executor.3 Not tainted 4.19.47 #19 [ 78.898395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.905946] kobject: 'loop0' (0000000021632b4c): kobject_uevent_env [ 78.907808] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 78.907821] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 78.907827] RSP: 0018:ffff88808791fb88 EFLAGS: 00010282 [ 78.907836] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 78.907842] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed1010f23f63 [ 78.907855] RBP: ffff88808791fba0 R08: 0000000000000058 R09: ffffed1015d03ee3 [ 78.914307] kobject: 'loop0' (0000000021632b4c): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 78.919479] R10: ffffed1015d03ee2 R11: ffff8880ae81f717 R12: ffffffff892e7630 [ 78.919486] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 78.919495] FS: 0000000001c8f940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 78.919501] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.919507] CR2: 0000000000a75e58 CR3: 000000007f673000 CR4: 00000000001406f0 [ 78.919517] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 78.919524] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 78.919532] Call Trace: [ 79.028872] ? mutex_lock_nested+0x16/0x20 [ 79.033374] proto_register+0x459/0x8e0 [ 79.037623] tipc_socket_init+0x1c/0x70 [ 79.041590] tipc_init_net+0x2ed/0x570 [ 79.045470] ? tipc_exit_net+0x40/0x40 [ 79.049389] ops_init+0xb3/0x410 [ 79.052757] setup_net+0x2d3/0x740 [ 79.056724] ? lock_acquire+0x16f/0x3f0 [ 79.060691] ? ops_init+0x410/0x410 [ 79.064305] copy_net_ns+0x1df/0x340 [ 79.068003] create_new_namespaces+0x400/0x7b0 [ 79.072576] unshare_nsproxy_namespaces+0xc2/0x200 [ 79.077500] ksys_unshare+0x440/0x980 [ 79.081306] ? walk_process_tree+0x2c0/0x2c0 [ 79.085734] ? _raw_spin_unlock_irq+0x5e/0x90 [ 79.090227] ? do_syscall_64+0x53d/0x620 [ 79.094276] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 79.101697] ? trace_hardirqs_off_caller+0x65/0x220 [ 79.106710] __x64_sys_unshare+0x31/0x40 [ 79.110765] do_syscall_64+0xfd/0x620 [ 79.114580] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.119754] RIP: 0033:0x45bd47 [ 79.122930] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 79.143280] RSP: 002b:00007ffcc3d777f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 79.150986] RAX: ffffffffffffffda RBX: 000000000075c9a8 RCX: 000000000045bd47 16:24:34 executing program 0: setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @mcast1}, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}, 0x5c) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket(0x840000000002, 0x3, 0x200000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='erspan0\x00', 0x681) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r0, &(0x7f00000000c0), 0x5aa, 0x0, 0x0, 0x120) [ 79.159764] RDX: 0000000000000000 RSI: 00007ffcc3d777a0 RDI: 0000000040000000 [ 79.167603] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 79.174861] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000075c9a8 [ 79.182114] R13: 00007ffcc3d77a68 R14: 0000000000000000 R15: 0000000000000000 [ 79.189535] Modules linked in: [ 79.193832] ---[ end trace a22065e820f89287 ]--- [ 79.203437] RIP: 0010:__list_add_valid.cold+0x26/0x3c 16:24:34 executing program 0: setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @mcast1}, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}, 0x5c) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket(0x840000000002, 0x3, 0x200000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='erspan0\x00', 0x681) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r0, &(0x7f00000000c0), 0x5aa, 0x0, 0x0, 0x120) [ 79.209179] Code: 56 ff ff ff 4c 89 e1 48 c7 c7 a0 ae 81 87 e8 d0 f3 30 fe 0f 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 af 81 87 e8 b9 f3 30 fe <0f> 0b 48 89 f1 48 c7 c7 60 af 81 87 4c 89 e6 e8 a5 f3 30 fe 0f 0b [ 79.230059] RSP: 0018:ffff88808791fb88 EFLAGS: 00010282 [ 79.236002] kobject: 'loop0' (0000000021632b4c): kobject_uevent_env [ 79.243052] RAX: 0000000000000058 RBX: ffffffff892e74a0 RCX: 0000000000000000 [ 79.252489] kobject: 'loop0' (0000000021632b4c): fill_kobj_path: path = '/devices/virtual/block/loop0' 16:24:34 executing program 0: setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @mcast1}, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}, 0x5c) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket(0x840000000002, 0x3, 0x200000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='erspan0\x00', 0x681) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r0, &(0x7f00000000c0), 0x5aa, 0x0, 0x0, 0x120) 16:24:34 executing program 0: setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @mcast1}, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}, 0x5c) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket(0x840000000002, 0x3, 0x200000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='erspan0\x00', 0x681) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r0, &(0x7f00000000c0), 0x5aa, 0x0, 0x0, 0x120) [ 79.255778] RDX: 0000000000000000 RSI: ffffffff81559f66 RDI: ffffed1010f23f63 [ 79.278268] RBP: ffff88808791fba0 R08: 0000000000000058 R09: ffffed1015d03ee3 [ 79.285716] R10: ffffed1015d03ee2 R11: ffff8880ae81f717 R12: ffffffff892e7630 [ 79.304594] kobject: 'loop0' (0000000021632b4c): kobject_uevent_env [ 79.311535] R13: ffffffff892e7630 R14: ffffffff892e7630 R15: ffffffff892e75d0 [ 79.319623] kobject: 'loop0' (0000000021632b4c): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 79.329957] FS: 0000000001c8f940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 79.342571] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.355767] CR2: 00007ffefcaf3f8c CR3: 000000007f673000 CR4: 00000000001406e0 [ 79.376507] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.383947] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.391689] Kernel panic - not syncing: Fatal exception [ 79.398327] Kernel Offset: disabled [ 79.401970] Rebooting in 86400 seconds..