Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 28.608703] audit: type=1400 audit(1588721842.871:8): avc: denied { execmem } for pid=6130 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 28.836203] IPVS: ftp: loaded support on port[0] = 21 [ 29.956114] can: request_module (can-proto-0) failed. [ 29.964718] can: request_module (can-proto-0) failed. [ 29.972707] can: request_module (can-proto-0) failed. [ 29.998573] audit: type=1400 audit(1588721844.262:9): avc: denied { create } for pid=6109 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. 2020/05/05 23:37:31 parsed 1 programs 2020/05/05 23:37:31 executed programs: 0 [ 37.435404] audit: type=1400 audit(1588721851.705:10): avc: denied { execmem } for pid=6251 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 37.662134] IPVS: ftp: loaded support on port[0] = 21 [ 38.465628] chnl_net:caif_netlink_parms(): no params data found [ 38.473726] IPVS: ftp: loaded support on port[0] = 21 [ 38.499102] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.506284] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.513660] device bridge_slave_0 entered promiscuous mode [ 38.520356] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.526834] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.534357] device bridge_slave_1 entered promiscuous mode [ 38.551355] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 38.560353] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 38.576676] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 38.583821] team0: Port device team_slave_0 added [ 38.589053] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 38.596316] team0: Port device team_slave_1 added [ 38.601609] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 38.608806] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 38.663250] device hsr_slave_0 entered promiscuous mode [ 38.711435] device hsr_slave_1 entered promiscuous mode [ 38.751697] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 38.759990] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 38.780464] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.786907] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.793823] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.800191] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.840526] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 38.846900] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.847971] IPVS: ftp: loaded support on port[0] = 21 [ 38.890824] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 38.903728] chnl_net:caif_netlink_parms(): no params data found [ 38.935756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.947065] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.955124] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.967792] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 38.975170] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.997131] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.005743] IPVS: ftp: loaded support on port[0] = 21 [ 39.005876] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.018337] device bridge_slave_0 entered promiscuous mode [ 39.026642] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.033153] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.040092] device bridge_slave_1 entered promiscuous mode [ 39.060269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.068287] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.074723] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.093278] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 39.147702] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.155916] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.162413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.173707] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 39.194171] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 39.202431] team0: Port device team_slave_0 added [ 39.208564] chnl_net:caif_netlink_parms(): no params data found [ 39.222302] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 39.229330] team0: Port device team_slave_1 added [ 39.236455] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 39.250217] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 39.273295] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.282554] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 39.332296] IPVS: ftp: loaded support on port[0] = 21 [ 39.344418] device hsr_slave_0 entered promiscuous mode [ 39.391286] device hsr_slave_1 entered promiscuous mode [ 39.431289] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 39.441125] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.452083] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 39.458313] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 39.466302] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.473936] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.481722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.489127] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 39.508053] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 39.527669] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 39.547471] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.556172] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.563689] device bridge_slave_0 entered promiscuous mode [ 39.570138] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 39.579622] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 39.601827] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.608180] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.616772] device bridge_slave_1 entered promiscuous mode [ 39.623761] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 39.630442] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 39.638580] IPVS: ftp: loaded support on port[0] = 21 [ 39.651649] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.733693] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 39.743604] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 39.753547] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 39.766244] chnl_net:caif_netlink_parms(): no params data found [ 39.795283] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 39.808403] team0: Port device team_slave_0 added [ 39.841301] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 39.848395] team0: Port device team_slave_1 added [ 39.874441] audit: type=1400 audit(1588721854.146:11): avc: denied { create } for pid=6846 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 [ 39.879078] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.914655] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 39.916325] FAULT_INJECTION: forcing a failure. [ 39.916325] name failslab, interval 1, probability 0, space 0, times 1 [ 39.926379] audit: type=1400 audit(1588721854.176:12): avc: denied { name_bind } for pid=6846 comm="syz-executor.2" src=20003 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 39.934703] CPU: 0 PID: 6847 Comm: syz-executor.2 Not tainted 4.14.179-syzkaller #0 [ 39.962384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.971737] Call Trace: [ 39.974321] dump_stack+0xf7/0x13b [ 39.977876] should_fail.cold.3+0x105/0x14b [ 39.982108] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.982191] should_failslab+0xba/0xf0 [ 39.988503] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.992353] kmem_cache_alloc_trace+0x4b/0x7a0 [ 39.992362] ? trace_hardirqs_off+0x10/0x10 [ 39.992371] dccp_ackvec_parsed_add+0x51/0x220 [ 39.992377] ccid2_hc_tx_parse_options+0x5b/0x80 [ 39.992384] dccp_parse_options+0x532/0xf20 [ 39.992395] dccp_rcv_established+0x23/0x70 [ 40.001628] device bridge_slave_0 entered promiscuous mode [ 40.003273] dccp_v4_do_rcv+0xfa/0x160 [ 40.003282] __release_sock+0x10b/0x340 [ 40.003291] release_sock+0x4f/0x180 [ 40.010018] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 40.012202] dccp_sendmsg+0x4ab/0xc70 [ 40.012210] ? import_iovec+0x96/0x420 [ 40.012218] ? dccp_getsockopt+0xd0/0xd0 [ 40.012227] ? copy_msghdr_from_user+0x201/0x3f0 [ 40.012237] inet_sendmsg+0x108/0x440 [ 40.012245] ? security_socket_sendmsg+0x6a/0xa0 [ 40.017518] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 40.021307] ? inet_recvmsg+0x640/0x640 [ 40.021313] sock_sendmsg+0xb5/0xf0 [ 40.021319] ___sys_sendmsg+0x282/0x920 [ 40.021325] ? trace_hardirqs_off+0x10/0x10 [ 40.021332] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 40.021341] ? trace_hardirqs_on+0x10/0x10 [ 40.021347] ? trace_hardirqs_off+0x10/0x10 [ 40.031509] audit: type=1400 audit(1588721854.176:13): avc: denied { node_bind } for pid=6846 comm="syz-executor.2" src=20003 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 [ 40.035249] ? __fget+0x1ad/0x2f0 [ 40.035256] ? lock_downgrade+0x7f0/0x7f0 [ 40.035263] ? find_held_lock+0x36/0x1d0 [ 40.043885] audit: type=1400 audit(1588721854.176:14): avc: denied { name_connect } for pid=6846 comm="syz-executor.2" dest=20003 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 40.048987] ? __might_fault+0xf1/0x1b0 [ 40.049004] __sys_sendmmsg+0x126/0x300 [ 40.059921] audit: type=1400 audit(1588721854.186:15): avc: denied { write } for pid=6846 comm="syz-executor.2" path="socket:[23440]" dev="sockfs" ino=23440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 [ 40.060722] ? SyS_sendmsg+0x20/0x20 [ 40.060740] ? __sb_end_write+0xa4/0xd0 [ 40.203578] ? mutex_unlock+0xd/0x10 [ 40.207274] ? SyS_write+0x1c5/0x250 [ 40.210971] ? do_syscall_64+0x4c/0x5b0 [ 40.214923] ? __sys_sendmmsg+0x300/0x300 [ 40.219045] SyS_sendmmsg+0xd/0x20 [ 40.222579] do_syscall_64+0x1c7/0x5b0 [ 40.226456] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.231293] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 40.236474] RIP: 0033:0x45a219 [ 40.239638] RSP: 002b:00007f9e1156cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 40.247320] RAX: ffffffffffffffda RBX: 00007f9e1156cc90 RCX: 000000000045a219 [ 40.254583] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 40.261843] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 40.269089] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9e1156d6d4 [ 40.276344] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 40.289020] dccp_parse_options: DCCP(ffff888095a60080): Option 38 (len=1) error=5 [ 40.316648] device hsr_slave_0 entered promiscuous mode [ 40.351182] device hsr_slave_1 entered promiscuous mode [ 40.401265] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 40.429012] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.435819] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.442907] device bridge_slave_1 entered promiscuous mode [ 40.454495] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 40.511744] chnl_net:caif_netlink_parms(): no params data found [ 40.523558] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 40.539844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.547167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.558935] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 40.566377] chnl_net:caif_netlink_parms(): no params data found [ 40.576046] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 40.586209] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 40.592921] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.613013] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 40.623113] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 40.632002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.639762] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.647515] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.653925] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.673263] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 40.680293] team0: Port device team_slave_0 added [ 40.691361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 40.711331] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 40.725232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.733253] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.741301] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.747646] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.755135] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 40.762817] team0: Port device team_slave_1 added [ 40.785981] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 40.795762] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 40.803454] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 40.810462] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.817337] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.824838] device bridge_slave_0 entered promiscuous mode [ 40.837208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 40.845097] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 40.856778] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 40.865315] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 40.873319] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.879663] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.887467] device bridge_slave_1 entered promiscuous mode [ 40.893888] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.900297] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.907509] device bridge_slave_0 entered promiscuous mode [ 40.914286] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.920782] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.927577] device bridge_slave_1 entered promiscuous mode [ 40.934272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 40.941983] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 40.949457] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 40.991301] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 40.999519] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 41.010987] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 41.043887] device hsr_slave_0 entered promiscuous mode [ 41.071330] device hsr_slave_1 entered promiscuous mode [ 41.133844] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 41.143219] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 41.154330] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 41.167924] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 41.177170] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 41.185134] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 41.193242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.201369] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.211127] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 41.221364] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 41.248819] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 41.256138] team0: Port device team_slave_0 added [ 41.262075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.269510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.279752] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 41.287291] team0: Port device team_slave_0 added [ 41.293214] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 41.300222] team0: Port device team_slave_1 added [ 41.307215] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 41.313613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 41.321047] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 41.329043] team0: Port device team_slave_1 added [ 41.334781] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 41.345779] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 41.356146] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 41.363711] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 41.388071] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 41.395784] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 41.443503] device hsr_slave_0 entered promiscuous mode [ 41.480832] device hsr_slave_1 entered promiscuous mode [ 41.523355] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 41.541751] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 41.549899] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 41.557242] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 41.565903] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.603790] device hsr_slave_0 entered promiscuous mode [ 41.641081] device hsr_slave_1 entered promiscuous mode [ 41.682066] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 41.693993] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 41.701461] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 41.708660] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 41.722045] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 41.729684] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.740801] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.747579] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.757647] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 41.765362] 8021q: adding VLAN 0 to HW filter on device team0 [ 41.774942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.784815] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 41.797771] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 41.805543] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 41.816874] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.827425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.835271] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.841742] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.849085] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 41.857518] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 41.866399] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 41.880703] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 41.888061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.896078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.904062] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.910394] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.917694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.925572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.966393] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 41.983776] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 41.989946] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.000102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 42.013204] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.031655] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.035407] FAULT_INJECTION: forcing a failure. [ 42.035407] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 42.049567] CPU: 1 PID: 7168 Comm: syz-executor.1 Not tainted 4.14.179-syzkaller #0 [ 42.057345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.066693] Call Trace: [ 42.069265] dump_stack+0xf7/0x13b [ 42.072821] should_fail.cold.3+0x105/0x14b [ 42.077233] __alloc_pages_nodemask+0x1d5/0x770 [ 42.081883] ? kasan_kmalloc+0xc7/0xe0 [ 42.085756] ? __alloc_pages_slowpath+0x2650/0x2650 [ 42.090757] ? memcpy+0x45/0x50 [ 42.094057] ? dccp_insert_fn_opt+0x1be/0x2c0 [ 42.098536] cache_grow_begin+0x80/0x3f0 [ 42.102619] kmem_cache_alloc+0x6b2/0x790 [ 42.106746] ? dccp_feat_clone_list+0x3c0/0x3c0 [ 42.111434] dccp_ackvec_update_records+0x25/0x3e0 [ 42.116366] dccp_insert_options+0x68e/0xb70 [ 42.120757] dccp_transmit_skb+0x194/0x1250 [ 42.125074] ? skb_unlink+0xeb/0x160 [ 42.128764] dccp_xmit_packet+0x1a6/0x580 [ 42.132909] dccp_write_xmit+0x125/0x180 [ 42.136948] dccp_sendmsg+0x556/0xc70 [ 42.140763] ? import_iovec+0x96/0x420 [ 42.144635] ? dccp_getsockopt+0xd0/0xd0 [ 42.148678] ? copy_msghdr_from_user+0x201/0x3f0 [ 42.153434] ? find_held_lock+0x36/0x1d0 [ 42.157481] inet_sendmsg+0x108/0x440 [ 42.161258] ? security_socket_sendmsg+0x6a/0xa0 [ 42.166005] ? inet_recvmsg+0x640/0x640 [ 42.169958] sock_sendmsg+0xb5/0xf0 [ 42.173563] ___sys_sendmsg+0x282/0x920 [ 42.177531] ? trace_hardirqs_off+0x10/0x10 [ 42.181849] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 42.186603] ? trace_hardirqs_on+0x10/0x10 [ 42.190822] ? trace_hardirqs_off+0x10/0x10 [ 42.195145] ? __fget+0x1ad/0x2f0 [ 42.198574] ? lock_downgrade+0x7f0/0x7f0 [ 42.202698] ? find_held_lock+0x36/0x1d0 [ 42.206738] ? __might_fault+0xf1/0x1b0 [ 42.210694] __sys_sendmmsg+0x126/0x300 [ 42.214661] ? SyS_sendmsg+0x20/0x20 [ 42.218550] ? __sb_end_write+0xa4/0xd0 [ 42.222524] ? mutex_unlock+0xd/0x10 [ 42.226215] ? SyS_write+0x1c5/0x250 [ 42.229912] ? do_syscall_64+0x4c/0x5b0 [ 42.233864] ? __sys_sendmmsg+0x300/0x300 [ 42.238002] SyS_sendmmsg+0xd/0x20 [ 42.241518] do_syscall_64+0x1c7/0x5b0 [ 42.245481] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.250318] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 42.255482] RIP: 0033:0x45a219 [ 42.258645] RSP: 002b:00007f6e1661cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 42.266328] RAX: ffffffffffffffda RBX: 00007f6e1661cc90 RCX: 000000000045a219 [ 42.273578] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 42.280827] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 42.288088] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e1661d6d4 [ 42.295334] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 42.311460] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 42.319303] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 42.344307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.353111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.361008] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.367345] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.374439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 42.384956] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 42.394339] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.403228] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 42.410185] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 42.417617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 42.423785] FAULT_INJECTION: forcing a failure. [ 42.423785] name failslab, interval 1, probability 0, space 0, times 0 [ 42.426200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.437561] CPU: 1 PID: 7174 Comm: syz-executor.1 Not tainted 4.14.179-syzkaller #0 [ 42.448170] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.451443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.451447] Call Trace: [ 42.451459] dump_stack+0xf7/0x13b [ 42.451469] should_fail.cold.3+0x105/0x14b [ 42.451479] should_failslab+0xba/0xf0 [ 42.451487] kmem_cache_alloc_trace+0x4b/0x7a0 [ 42.451495] ? trace_hardirqs_off+0x10/0x10 [ 42.451503] dccp_ackvec_parsed_add+0x51/0x220 [ 42.451509] ccid2_hc_tx_parse_options+0x5b/0x80 [ 42.457829] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.467164] dccp_parse_options+0x532/0xf20 [ 42.467175] dccp_rcv_established+0x23/0x70 [ 42.467181] dccp_v4_do_rcv+0xfa/0x160 [ 42.467189] __release_sock+0x10b/0x340 [ 42.467199] release_sock+0x4f/0x180 [ 42.477426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.477606] dccp_sendmsg+0x4ab/0xc70 [ 42.481870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.486030] ? import_iovec+0x96/0x420 [ 42.495111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 42.499650] ? dccp_getsockopt+0xd0/0xd0 [ 42.506576] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 42.510431] ? copy_msghdr_from_user+0x201/0x3f0 [ 42.510438] ? find_held_lock+0x36/0x1d0 [ 42.510449] inet_sendmsg+0x108/0x440 [ 42.510455] ? security_socket_sendmsg+0x6a/0xa0 [ 42.510460] ? inet_recvmsg+0x640/0x640 [ 42.510464] sock_sendmsg+0xb5/0xf0 [ 42.510469] ___sys_sendmsg+0x282/0x920 [ 42.510474] ? trace_hardirqs_off+0x10/0x10 [ 42.510480] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 42.510490] ? trace_hardirqs_on+0x10/0x10 [ 42.510495] ? trace_hardirqs_off+0x10/0x10 [ 42.510502] ? __fget+0x1ad/0x2f0 2020/05/05 23:37:36 executed programs: 10 [ 42.510508] ? lock_downgrade+0x7f0/0x7f0 [ 42.510514] ? find_held_lock+0x36/0x1d0 [ 42.510526] ? __might_fault+0xf1/0x1b0 [ 42.510541] __sys_sendmmsg+0x126/0x300 [ 42.510546] ? SyS_sendmsg+0x20/0x20 [ 42.510565] ? __sb_end_write+0xa4/0xd0 [ 42.510575] ? mutex_unlock+0xd/0x10 [ 42.510581] ? SyS_write+0x1c5/0x250 [ 42.510591] ? do_syscall_64+0x4c/0x5b0 [ 42.510597] ? __sys_sendmmsg+0x300/0x300 [ 42.510601] SyS_sendmmsg+0xd/0x20 [ 42.510606] do_syscall_64+0x1c7/0x5b0 [ 42.510610] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.510617] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 42.510622] RIP: 0033:0x45a219 [ 42.510625] RSP: 002b:00007f6e1661cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 42.510631] RAX: ffffffffffffffda RBX: 00007f6e1661cc90 RCX: 000000000045a219 [ 42.510635] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 42.510637] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 42.510640] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e1661d6d4 [ 42.510642] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 42.515845] dccp_parse_options: DCCP(ffff88808fee54c0): Option 38 (len=1) error=5 [ 42.520991] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 42.738255] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 42.748791] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.764368] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 42.776016] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.787923] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 42.797858] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 42.809760] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 42.818315] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 42.826351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 42.833984] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.842503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.850225] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.856657] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.863889] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 42.875642] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.884452] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 42.892981] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 42.902080] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 42.911937] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.918048] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 42.926383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 42.934627] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.942341] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.948677] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.955768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.963544] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.971888] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.978657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.986726] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 42.996487] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 43.005341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 43.013095] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.023370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 43.031085] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 43.039877] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 43.049148] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 43.055976] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.064958] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 43.073913] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 43.082074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 43.089629] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.097359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 43.105228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 43.112710] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.122233] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 43.129617] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 43.141135] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 43.148627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 43.156884] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.165087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.173162] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.181813] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.188152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.195442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 43.204027] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.213820] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 43.223478] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 43.233608] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 43.241068] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 43.247953] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 43.255885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.263439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.271642] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.279133] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.285555] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.295195] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 43.301865] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 43.309151] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 43.315786] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 43.326768] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 43.335986] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 43.345679] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 43.354040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 43.362279] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.369763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 43.377392] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.384979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 43.395714] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 43.405359] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 43.412679] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 43.420031] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.427889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 43.438812] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 43.446710] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 43.454541] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 43.462204] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 43.473800] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 43.481679] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 43.493206] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 43.499938] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 43.507358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 43.515889] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.526636] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 43.541170] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 43.551359] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 43.558320] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 43.575494] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 43.587418] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 43.603202] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 43.611477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 43.619117] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.628209] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 43.641270] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 43.649891] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 43.658824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 43.667330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.675056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 43.683435] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.694665] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 43.704020] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 43.710942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 43.718168] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 43.725494] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 43.737072] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 43.750136] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 43.758070] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 43.771155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 43.778189] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 43.800791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 43.823456] FAULT_INJECTION: forcing a failure. [ 43.823456] name failslab, interval 1, probability 0, space 0, times 0 [ 43.835714] CPU: 1 PID: 7211 Comm: syz-executor.5 Not tainted 4.14.179-syzkaller #0 [ 43.843519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.852874] Call Trace: [ 43.855510] dump_stack+0xf7/0x13b [ 43.859046] should_fail.cold.3+0x105/0x14b [ 43.863348] should_failslab+0xba/0xf0 [ 43.867213] kmem_cache_alloc_trace+0x4b/0x7a0 [ 43.871783] ? trace_hardirqs_off+0x10/0x10 [ 43.876120] dccp_ackvec_parsed_add+0x51/0x220 [ 43.880709] ccid2_hc_tx_parse_options+0x5b/0x80 [ 43.885458] dccp_parse_options+0x532/0xf20 [ 43.889773] dccp_rcv_established+0x23/0x70 [ 43.894086] dccp_v4_do_rcv+0xfa/0x160 [ 43.897960] __release_sock+0x10b/0x340 [ 43.901916] release_sock+0x4f/0x180 [ 43.905612] dccp_sendmsg+0x4ab/0xc70 [ 43.909398] ? import_iovec+0x96/0x420 [ 43.913274] ? dccp_getsockopt+0xd0/0xd0 [ 43.917322] ? copy_msghdr_from_user+0x201/0x3f0 [ 43.922057] ? find_held_lock+0x36/0x1d0 [ 43.926101] inet_sendmsg+0x108/0x440 [ 43.929878] ? security_socket_sendmsg+0x6a/0xa0 [ 43.934612] ? inet_recvmsg+0x640/0x640 [ 43.938563] sock_sendmsg+0xb5/0xf0 [ 43.942170] ___sys_sendmsg+0x282/0x920 [ 43.946122] ? trace_hardirqs_off+0x10/0x10 [ 43.950423] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 43.955175] ? trace_hardirqs_on+0x10/0x10 [ 43.959394] ? trace_hardirqs_off+0x10/0x10 [ 43.963709] ? __fget+0x1ad/0x2f0 [ 43.967143] ? lock_downgrade+0x7f0/0x7f0 [ 43.971281] ? find_held_lock+0x36/0x1d0 [ 43.975342] ? __might_fault+0xf1/0x1b0 [ 43.979385] __sys_sendmmsg+0x126/0x300 [ 43.983353] ? SyS_sendmsg+0x20/0x20 [ 43.987056] ? __sb_end_write+0xa4/0xd0 [ 43.991021] ? mutex_unlock+0xd/0x10 [ 43.994736] ? SyS_write+0x1c5/0x250 [ 43.998440] ? do_syscall_64+0x4c/0x5b0 [ 44.002396] ? __sys_sendmmsg+0x300/0x300 [ 44.006519] SyS_sendmmsg+0xd/0x20 [ 44.010035] do_syscall_64+0x1c7/0x5b0 [ 44.013905] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.018733] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.023900] RIP: 0033:0x45a219 [ 44.027080] RSP: 002b:00007f390e45fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 44.034875] RAX: ffffffffffffffda RBX: 00007f390e45fc90 RCX: 000000000045a219 [ 44.042137] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 44.049388] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 44.056640] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f390e4606d4 [ 44.063891] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 44.098679] dccp_parse_options: DCCP(ffff88808fee54c0): Option 38 (len=1) error=5 [ 44.210879] FAULT_INJECTION: forcing a failure. [ 44.210879] name failslab, interval 1, probability 0, space 0, times 0 [ 44.222828] CPU: 1 PID: 7221 Comm: syz-executor.3 Not tainted 4.14.179-syzkaller #0 [ 44.230625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.239993] Call Trace: [ 44.242568] dump_stack+0xf7/0x13b [ 44.246115] should_fail.cold.3+0x105/0x14b [ 44.250415] should_failslab+0xba/0xf0 [ 44.254279] kmem_cache_alloc_trace+0x4b/0x7a0 [ 44.258838] ? trace_hardirqs_off+0x10/0x10 [ 44.263145] dccp_ackvec_parsed_add+0x51/0x220 [ 44.267725] ccid2_hc_tx_parse_options+0x5b/0x80 [ 44.272462] dccp_parse_options+0x532/0xf20 [ 44.276765] dccp_rcv_established+0x23/0x70 [ 44.281065] dccp_v4_do_rcv+0xfa/0x160 [ 44.284957] __release_sock+0x10b/0x340 [ 44.288907] release_sock+0x4f/0x180 [ 44.292617] dccp_sendmsg+0x4ab/0xc70 [ 44.296397] ? import_iovec+0x96/0x420 [ 44.300276] ? dccp_getsockopt+0xd0/0xd0 [ 44.304322] ? copy_msghdr_from_user+0x201/0x3f0 [ 44.309057] ? find_held_lock+0x36/0x1d0 [ 44.313203] inet_sendmsg+0x108/0x440 [ 44.316984] ? security_socket_sendmsg+0x6a/0xa0 [ 44.321723] ? inet_recvmsg+0x640/0x640 [ 44.325698] sock_sendmsg+0xb5/0xf0 [ 44.329302] ___sys_sendmsg+0x282/0x920 [ 44.333254] ? trace_hardirqs_off+0x10/0x10 [ 44.337551] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 44.342292] ? trace_hardirqs_on+0x10/0x10 [ 44.346515] ? trace_hardirqs_off+0x10/0x10 [ 44.350821] ? __fget+0x1ad/0x2f0 [ 44.354279] ? lock_downgrade+0x7f0/0x7f0 [ 44.358405] ? find_held_lock+0x36/0x1d0 [ 44.362451] ? __might_fault+0xf1/0x1b0 [ 44.366452] __sys_sendmmsg+0x126/0x300 [ 44.370421] ? SyS_sendmsg+0x20/0x20 [ 44.374148] ? __sb_end_write+0xa4/0xd0 [ 44.378119] ? mutex_unlock+0xd/0x10 [ 44.381830] ? SyS_write+0x1c5/0x250 [ 44.385541] ? do_syscall_64+0x4c/0x5b0 [ 44.389508] ? __sys_sendmmsg+0x300/0x300 [ 44.393654] SyS_sendmmsg+0xd/0x20 [ 44.397189] do_syscall_64+0x1c7/0x5b0 [ 44.401181] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.406165] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.411332] RIP: 0033:0x45a219 [ 44.414505] RSP: 002b:00007f44424d9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 44.422197] RAX: ffffffffffffffda RBX: 00007f44424d9c90 RCX: 000000000045a219 [ 44.430239] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 44.437497] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 44.444748] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f44424da6d4 [ 44.451997] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 44.464035] dccp_parse_options: DCCP(ffff888095a60080): Option 38 (len=1) error=5 [ 45.335493] FAULT_INJECTION: forcing a failure. [ 45.335493] name failslab, interval 1, probability 0, space 0, times 0 [ 45.347173] CPU: 0 PID: 7238 Comm: syz-executor.0 Not tainted 4.14.179-syzkaller #0 [ 45.354986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.364336] Call Trace: [ 45.366929] dump_stack+0xf7/0x13b [ 45.370474] should_fail.cold.3+0x105/0x14b [ 45.374797] should_failslab+0xba/0xf0 [ 45.378687] kmem_cache_alloc_trace+0x4b/0x7a0 [ 45.383275] ? trace_hardirqs_off+0x10/0x10 [ 45.386554] FAULT_INJECTION: forcing a failure. [ 45.386554] name failslab, interval 1, probability 0, space 0, times 0 [ 45.387588] dccp_ackvec_parsed_add+0x51/0x220 [ 45.387595] ccid2_hc_tx_parse_options+0x5b/0x80 [ 45.387603] dccp_parse_options+0x532/0xf20 [ 45.412346] dccp_rcv_established+0x23/0x70 [ 45.416645] dccp_v4_do_rcv+0xfa/0x160 [ 45.420511] __release_sock+0x10b/0x340 [ 45.424465] release_sock+0x4f/0x180 [ 45.428154] dccp_sendmsg+0x4ab/0xc70 [ 45.431931] ? import_iovec+0x96/0x420 [ 45.435797] ? dccp_getsockopt+0xd0/0xd0 [ 45.439844] ? copy_msghdr_from_user+0x201/0x3f0 [ 45.444580] ? find_held_lock+0x36/0x1d0 [ 45.448625] inet_sendmsg+0x108/0x440 [ 45.452403] ? security_socket_sendmsg+0x6a/0xa0 [ 45.457135] ? inet_recvmsg+0x640/0x640 [ 45.461087] sock_sendmsg+0xb5/0xf0 [ 45.464689] ___sys_sendmsg+0x282/0x920 [ 45.468642] ? trace_hardirqs_off+0x10/0x10 [ 45.472941] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 45.477682] ? trace_hardirqs_on+0x10/0x10 [ 45.481895] ? trace_hardirqs_off+0x10/0x10 [ 45.486200] ? __fget+0x1ad/0x2f0 [ 45.489635] ? lock_downgrade+0x7f0/0x7f0 [ 45.493764] ? find_held_lock+0x36/0x1d0 [ 45.497902] ? __might_fault+0xf1/0x1b0 [ 45.501859] __sys_sendmmsg+0x126/0x300 [ 45.505809] ? SyS_sendmsg+0x20/0x20 [ 45.509515] ? __sb_end_write+0xa4/0xd0 [ 45.513471] ? mutex_unlock+0xd/0x10 [ 45.517160] ? SyS_write+0x1c5/0x250 [ 45.520855] ? do_syscall_64+0x4c/0x5b0 [ 45.524808] ? __sys_sendmmsg+0x300/0x300 [ 45.528930] SyS_sendmmsg+0xd/0x20 [ 45.532453] do_syscall_64+0x1c7/0x5b0 [ 45.536315] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.541136] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.546303] RIP: 0033:0x45a219 [ 45.549468] RSP: 002b:00007fb0eba78c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 45.557152] RAX: ffffffffffffffda RBX: 00007fb0eba78c90 RCX: 000000000045a219 [ 45.564404] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 45.571652] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 45.578900] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb0eba796d4 [ 45.586147] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 45.593407] CPU: 1 PID: 7242 Comm: syz-executor.4 Not tainted 4.14.179-syzkaller #0 [ 45.601206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.610556] Call Trace: [ 45.611892] dccp_parse_options: DCCP(ffff8880977de100): Option 38 (len=1) error=5 [ 45.613134] dump_stack+0xf7/0x13b [ 45.613145] should_fail.cold.3+0x105/0x14b [ 45.613155] should_failslab+0xba/0xf0 [ 45.632795] kmem_cache_alloc+0x47/0x790 [ 45.636854] ? dccp_feat_clone_list+0x3c0/0x3c0 [ 45.641525] dccp_ackvec_update_records+0x25/0x3e0 [ 45.646452] dccp_insert_options+0x68e/0xb70 [ 45.650867] dccp_transmit_skb+0x194/0x1250 [ 45.655360] ? skb_unlink+0xeb/0x160 [ 45.659334] dccp_xmit_packet+0x1a6/0x580 [ 45.663476] dccp_write_xmit+0x125/0x180 [ 45.667530] dccp_sendmsg+0x556/0xc70 [ 45.671316] ? import_iovec+0x96/0x420 [ 45.675207] ? dccp_getsockopt+0xd0/0xd0 [ 45.679254] ? copy_msghdr_from_user+0x201/0x3f0 [ 45.684002] ? find_held_lock+0x36/0x1d0 [ 45.688041] inet_sendmsg+0x108/0x440 [ 45.691834] ? security_socket_sendmsg+0x6a/0xa0 [ 45.696568] ? inet_recvmsg+0x640/0x640 [ 45.700527] sock_sendmsg+0xb5/0xf0 [ 45.704130] ___sys_sendmsg+0x282/0x920 [ 45.708088] ? trace_hardirqs_off+0x10/0x10 [ 45.712395] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 45.717204] ? trace_hardirqs_on+0x10/0x10 [ 45.721489] ? trace_hardirqs_off+0x10/0x10 [ 45.725898] ? __fget+0x1ad/0x2f0 [ 45.729365] ? lock_downgrade+0x7f0/0x7f0 [ 45.733503] ? find_held_lock+0x36/0x1d0 [ 45.737547] ? __might_fault+0xf1/0x1b0 [ 45.741651] __sys_sendmmsg+0x126/0x300 [ 45.745616] ? SyS_sendmsg+0x20/0x20 [ 45.749322] ? __sb_end_write+0xa4/0xd0 [ 45.753286] ? mutex_unlock+0xd/0x10 [ 45.757011] ? SyS_write+0x1c5/0x250 [ 45.760705] ? do_syscall_64+0x4c/0x5b0 [ 45.764670] ? __sys_sendmmsg+0x300/0x300 [ 45.768795] SyS_sendmmsg+0xd/0x20 [ 45.772318] do_syscall_64+0x1c7/0x5b0 [ 45.776198] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.781041] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.786211] RIP: 0033:0x45a219 [ 45.789378] RSP: 002b:00007f2caa678c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 45.797069] RAX: ffffffffffffffda RBX: 00007f2caa678c90 RCX: 000000000045a219 [ 45.804339] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 45.811589] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 45.818842] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2caa6796d4 [ 45.826109] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 45.878187] FAULT_INJECTION: forcing a failure. [ 45.878187] name failslab, interval 1, probability 0, space 0, times 0 [ 45.890413] CPU: 1 PID: 7258 Comm: syz-executor.4 Not tainted 4.14.179-syzkaller #0 [ 45.898222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.907572] Call Trace: [ 45.910158] dump_stack+0xf7/0x13b [ 45.913686] should_fail.cold.3+0x105/0x14b [ 45.918114] should_failslab+0xba/0xf0 [ 45.921992] kmem_cache_alloc_trace+0x4b/0x7a0 [ 45.926551] ? trace_hardirqs_off+0x10/0x10 [ 45.930859] dccp_ackvec_parsed_add+0x51/0x220 [ 45.935436] ccid2_hc_tx_parse_options+0x5b/0x80 [ 45.940199] dccp_parse_options+0x532/0xf20 [ 45.944533] dccp_rcv_established+0x23/0x70 [ 45.948854] dccp_v4_do_rcv+0xfa/0x160 [ 45.952727] __release_sock+0x10b/0x340 [ 45.956695] release_sock+0x4f/0x180 [ 45.960394] dccp_sendmsg+0x4ab/0xc70 [ 45.964176] ? import_iovec+0x96/0x420 [ 45.968047] ? dccp_getsockopt+0xd0/0xd0 [ 45.972097] ? copy_msghdr_from_user+0x201/0x3f0 [ 45.976842] ? find_held_lock+0x36/0x1d0 [ 45.980984] inet_sendmsg+0x108/0x440 [ 45.984769] ? security_socket_sendmsg+0x6a/0xa0 [ 45.989504] ? inet_recvmsg+0x640/0x640 [ 45.993460] sock_sendmsg+0xb5/0xf0 [ 45.997073] ___sys_sendmsg+0x282/0x920 [ 46.001035] ? trace_hardirqs_off+0x10/0x10 [ 46.005350] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 46.010091] ? trace_hardirqs_on+0x10/0x10 [ 46.014314] ? trace_hardirqs_off+0x10/0x10 [ 46.018734] ? __fget+0x1ad/0x2f0 [ 46.022179] ? lock_downgrade+0x7f0/0x7f0 [ 46.026319] ? find_held_lock+0x36/0x1d0 [ 46.030367] ? __might_fault+0xf1/0x1b0 [ 46.034330] __sys_sendmmsg+0x126/0x300 [ 46.038300] ? SyS_sendmsg+0x20/0x20 [ 46.041999] ? __sb_end_write+0xa4/0xd0 [ 46.045955] ? mutex_unlock+0xd/0x10 [ 46.049651] ? SyS_write+0x1c5/0x250 [ 46.053370] ? do_syscall_64+0x4c/0x5b0 [ 46.057336] ? __sys_sendmmsg+0x300/0x300 [ 46.061465] SyS_sendmmsg+0xd/0x20 [ 46.065015] do_syscall_64+0x1c7/0x5b0 [ 46.068879] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.073724] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 46.078897] RIP: 0033:0x45a219 [ 46.082065] RSP: 002b:00007f2caa678c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 46.089775] RAX: ffffffffffffffda RBX: 00007f2caa678c90 RCX: 000000000045a219 [ 46.097030] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 46.104293] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 46.111551] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2caa6796d4 [ 46.118836] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 46.128317] dccp_parse_options: DCCP(ffff88808fee4b00): Option 38 (len=1) error=5 2020/05/05 23:37:42 executed programs: 32 2020/05/05 23:37:47 executed programs: 69 2020/05/05 23:37:52 executed programs: 107 2020/05/05 23:37:57 executed programs: 146 2020/05/05 23:38:02 executed programs: 183 2020/05/05 23:38:07 executed programs: 221 2020/05/05 23:38:12 executed programs: 260 2020/05/05 23:38:17 executed programs: 297 2020/05/05 23:38:23 executed programs: 335 2020/05/05 23:38:28 executed programs: 374 2020/05/05 23:38:33 executed programs: 411 2020/05/05 23:38:38 executed programs: 448 [ 105.684788] FAULT_INJECTION: forcing a failure. [ 105.684788] name failslab, interval 1, probability 0, space 0, times 0 [ 105.696770] CPU: 1 PID: 9194 Comm: syz-executor.2 Not tainted 4.14.179-syzkaller #0 [ 105.704656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 105.714036] Call Trace: [ 105.716648] dump_stack+0xf7/0x13b [ 105.720169] should_fail.cold.3+0x105/0x14b [ 105.724549] should_failslab+0xba/0xf0 [ 105.728421] kmem_cache_alloc_trace+0x2ea/0x7a0 [ 105.733070] ? trace_hardirqs_off+0x10/0x10 [ 105.737431] dccp_feat_entry_new+0x140/0x360 [ 105.741818] dccp_feat_push_confirm+0x26/0x280 [ 105.746543] dccp_feat_parse_options+0xfe3/0x1a10 [ 105.751375] ? dccp_ackvec_parsed_add+0x51/0x220 [ 105.756203] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 105.762090] ? trace_hardirqs_off+0x10/0x10 [ 105.766415] ? dccp_ackvec_parsed_add+0x115/0x220 [ 105.771250] dccp_parse_options+0x840/0xf20 [ 105.775572] dccp_rcv_established+0x23/0x70 [ 105.779882] dccp_v4_do_rcv+0xfa/0x160 [ 105.783757] __release_sock+0x10b/0x340 [ 105.787710] release_sock+0x4f/0x180 [ 105.791417] dccp_sendmsg+0x4ab/0xc70 [ 105.795215] ? import_iovec+0x96/0x420 [ 105.799096] ? dccp_getsockopt+0xd0/0xd0 [ 105.803145] ? copy_msghdr_from_user+0x201/0x3f0 [ 105.807881] ? find_held_lock+0x36/0x1d0 [ 105.811926] inet_sendmsg+0x108/0x440 [ 105.815707] ? security_socket_sendmsg+0x6a/0xa0 [ 105.820437] ? inet_recvmsg+0x640/0x640 [ 105.824387] sock_sendmsg+0xb5/0xf0 [ 105.828006] ___sys_sendmsg+0x282/0x920 [ 105.831980] ? trace_hardirqs_off+0x10/0x10 [ 105.836285] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 105.841043] ? trace_hardirqs_on+0x10/0x10 [ 105.845309] ? trace_hardirqs_off+0x10/0x10 [ 105.849618] ? __fget+0x1ad/0x2f0 [ 105.853064] ? lock_downgrade+0x7f0/0x7f0 [ 105.857213] ? find_held_lock+0x36/0x1d0 [ 105.861270] ? __might_fault+0xf1/0x1b0 [ 105.865240] __sys_sendmmsg+0x126/0x300 [ 105.869191] ? SyS_sendmsg+0x20/0x20 [ 105.872888] ? __sb_end_write+0xa4/0xd0 [ 105.876848] ? mutex_unlock+0xd/0x10 [ 105.880546] ? SyS_write+0x1c5/0x250 [ 105.884302] ? do_syscall_64+0x4c/0x5b0 [ 105.888265] ? __sys_sendmmsg+0x300/0x300 [ 105.892397] SyS_sendmmsg+0xd/0x20 [ 105.895919] do_syscall_64+0x1c7/0x5b0 [ 105.899797] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 105.904622] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 105.909790] RIP: 0033:0x45a219 [ 105.912957] RSP: 002b:00007f9e1156cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 105.920663] RAX: ffffffffffffffda RBX: 00007f9e1156cc90 RCX: 000000000045a219 [ 105.927998] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 105.935247] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 105.942496] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9e1156d6d4 [ 105.949745] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 105.965431] dccp_parse_options: DCCP(ffff8880a52fb540): Option 32 (len=7) error=9 [ 105.973631] ================================================================== [ 105.981145] BUG: KASAN: use-after-free in ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 105.988591] Read of size 1 at addr ffff88809586e4dd by task syz-executor.2/9194 [ 105.996132] [ 105.997759] CPU: 1 PID: 9194 Comm: syz-executor.2 Not tainted 4.14.179-syzkaller #0 [ 106.005543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 106.014892] Call Trace: [ 106.016669] FAULT_INJECTION: forcing a failure. [ 106.016669] name failslab, interval 1, probability 0, space 0, times 0 [ 106.017473] dump_stack+0xf7/0x13b [ 106.017488] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 106.037269] print_address_description.cold.7+0x9/0x1c9 [ 106.042629] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 106.047739] kasan_report.cold.8+0x11a/0x2d3 [ 106.052150] __asan_report_load1_noabort+0x14/0x20 [ 106.057078] ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 106.062041] ? dccp_ackvec_clear_state+0x33e/0x7e0 [ 106.066966] ? rcu_read_lock_sched_held+0x108/0x120 [ 106.071986] dccp_deliver_input_to_ccids+0x19f/0x210 [ 106.077091] dccp_rcv_established+0x49/0x70 [ 106.081406] dccp_v4_do_rcv+0xfa/0x160 [ 106.085280] __release_sock+0x10b/0x340 [ 106.089254] release_sock+0x4f/0x180 [ 106.092962] dccp_sendmsg+0x4ab/0xc70 [ 106.096774] ? import_iovec+0x96/0x420 [ 106.100659] ? dccp_getsockopt+0xd0/0xd0 [ 106.104726] ? copy_msghdr_from_user+0x201/0x3f0 [ 106.109506] ? find_held_lock+0x36/0x1d0 [ 106.113556] inet_sendmsg+0x108/0x440 [ 106.117336] ? security_socket_sendmsg+0x6a/0xa0 [ 106.122093] ? inet_recvmsg+0x640/0x640 [ 106.126067] sock_sendmsg+0xb5/0xf0 [ 106.129689] ___sys_sendmsg+0x282/0x920 [ 106.133658] ? trace_hardirqs_off+0x10/0x10 [ 106.137359] FAULT_INJECTION: forcing a failure. [ 106.137359] name failslab, interval 1, probability 0, space 0, times 0 [ 106.137968] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 106.137980] ? trace_hardirqs_on+0x10/0x10 [ 106.137986] ? trace_hardirqs_off+0x10/0x10 [ 106.137995] ? __fget+0x1ad/0x2f0 [ 106.138001] ? lock_downgrade+0x7f0/0x7f0 [ 106.138008] ? find_held_lock+0x36/0x1d0 [ 106.138021] ? __might_fault+0xf1/0x1b0 [ 106.138036] __sys_sendmmsg+0x126/0x300 [ 106.138043] ? SyS_sendmsg+0x20/0x20 [ 106.185645] ? __sb_end_write+0xa4/0xd0 [ 106.189653] ? mutex_unlock+0xd/0x10 [ 106.193348] ? SyS_write+0x1c5/0x250 [ 106.197058] ? do_syscall_64+0x4c/0x5b0 [ 106.201011] ? __sys_sendmmsg+0x300/0x300 [ 106.205136] SyS_sendmmsg+0xd/0x20 [ 106.208747] do_syscall_64+0x1c7/0x5b0 [ 106.212681] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 106.217511] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 106.222676] RIP: 0033:0x45a219 [ 106.225840] RSP: 002b:00007f9e1156cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 106.233525] RAX: ffffffffffffffda RBX: 00007f9e1156cc90 RCX: 000000000045a219 [ 106.240953] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 106.248235] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 106.255510] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9e1156d6d4 [ 106.262756] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 106.270017] [ 106.270025] CPU: 0 PID: 9200 Comm: syz-executor.1 Not tainted 4.14.179-syzkaller #0 [ 106.271625] Allocated by task 9194: [ 106.279403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 106.283009] save_stack_trace+0x16/0x20 [ 106.292336] Call Trace: [ 106.296400] save_stack+0x43/0xd0 [ 106.298960] dump_stack+0xf7/0x13b [ 106.302381] kasan_kmalloc+0xc7/0xe0 [ 106.305897] should_fail.cold.3+0x105/0x14b [ 106.309583] __kmalloc_node_track_caller+0x50/0x70 [ 106.313879] should_failslab+0xba/0xf0 [ 106.318777] __kmalloc_reserve.isra.36+0x2c/0xc0 [ 106.318780] __alloc_skb+0xc1/0x500 [ 106.322644] kmem_cache_alloc_trace+0x2ea/0x7a0 [ 106.327385] dccp_send_ack+0xb3/0x340 [ 106.327390] ccid2_hc_rx_packet_recv+0xf9/0x170 [ 106.331017] ? trace_hardirqs_off+0x10/0x10 [ 106.335657] dccp_deliver_input_to_ccids+0xc5/0x210 [ 106.339433] dccp_feat_entry_new+0x140/0x360 [ 106.344069] dccp_rcv_established+0x49/0x70 [ 106.344074] dccp_v4_do_rcv+0xfa/0x160 [ 106.348373] dccp_feat_push_confirm+0x26/0x280 [ 106.353359] __sk_receive_skb+0x1d5/0x820 [ 106.357740] dccp_feat_parse_options+0xfe3/0x1a10 [ 106.362031] dccp_v4_rcv+0xc26/0x1bbf [ 106.365892] ? dccp_ackvec_parsed_add+0x51/0x220 [ 106.370446] ip_local_deliver_finish+0x230/0x9a0 [ 106.374567] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 106.379392] ip_local_deliver+0x1a0/0x410 [ 106.379396] ip_rcv_finish+0x70d/0x1950 [ 106.383172] ? trace_hardirqs_off+0x10/0x10 [ 106.387898] ip_rcv+0xb43/0x133d [ 106.387903] __netif_receive_skb_core+0x1d1a/0x2e40 [ 106.392632] ? dccp_ackvec_parsed_add+0x115/0x220 [ 106.398483] __netif_receive_skb+0x1f/0x1b0 [ 106.398487] process_backlog+0x1fc/0x710 [ 106.402613] dccp_parse_options+0x840/0xf20 [ 106.406558] net_rx_action+0x458/0xed0 [ 106.410862] dccp_rcv_established+0x23/0x70 [ 106.414196] __do_softirq+0x246/0x9b0 [ 106.419200] dccp_v4_do_rcv+0xfa/0x160 [ 106.424028] [ 106.428348] __release_sock+0x10b/0x340 [ 106.432391] Freed by task 9194: [ 106.436698] release_sock+0x4f/0x180 [ 106.440665] save_stack_trace+0x16/0x20 [ 106.444964] dccp_sendmsg+0x4ab/0xc70 [ 106.448731] save_stack+0x43/0xd0 [ 106.448736] kasan_slab_free+0x71/0xc0 [ 106.452614] ? import_iovec+0x96/0x420 [ 106.454214] kfree+0xcc/0x270 [ 106.458169] ? dccp_getsockopt+0xd0/0xd0 [ 106.461417] skb_free_head+0x74/0x90 [ 106.465108] ? copy_msghdr_from_user+0x201/0x3f0 [ 106.469049] skb_release_data+0x43b/0x790 [ 106.469053] skb_release_all+0x3d/0x50 [ 106.472828] ? find_held_lock+0x36/0x1d0 [ 106.476266] kfree_skb+0x8a/0x2b0 [ 106.480132] inet_sendmsg+0x108/0x440 [ 106.484011] dccp_v4_do_rcv+0x111/0x160 [ 106.487092] ? security_socket_sendmsg+0x6a/0xa0 [ 106.491993] __release_sock+0x10b/0x340 [ 106.495696] ? inet_recvmsg+0x640/0x640 [ 106.500424] release_sock+0x4f/0x180 [ 106.500429] dccp_sendmsg+0x4ab/0xc70 [ 106.504550] sock_sendmsg+0xb5/0xf0 [ 106.508410] inet_sendmsg+0x108/0x440 [ 106.512446] ___sys_sendmsg+0x282/0x920 [ 106.515866] sock_sendmsg+0xb5/0xf0 [ 106.515870] ___sys_sendmsg+0x282/0x920 [ 106.519653] ? trace_hardirqs_off+0x10/0x10 [ 106.519659] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 106.523617] __sys_sendmmsg+0x126/0x300 [ 106.523621] SyS_sendmmsg+0xd/0x20 [ 106.528356] ? trace_hardirqs_on+0x10/0x10 [ 106.532300] do_syscall_64+0x1c7/0x5b0 [ 106.532306] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 106.536268] ? trace_hardirqs_off+0x10/0x10 [ 106.539972] [ 106.539977] The buggy address belongs to the object at ffff88809586e040 [ 106.539977] which belongs to the cache kmalloc-2048 of size 2048 [ 106.543753] ? __fget+0x1ad/0x2f0 [ 106.547352] The buggy address is located 1181 bytes inside of [ 106.547352] 2048-byte region [ffff88809586e040, ffff88809586e840) [ 106.551151] ? lock_downgrade+0x7f0/0x7f0 [ 106.555092] The buggy address belongs to the page: [ 106.558821] ? find_held_lock+0x36/0x1d0 [ 106.562765] page:ffffea0002561b80 count:1 mapcount:0 mapping:ffff88809586e040 index:0x0 [ 106.567064] ? __might_fault+0xf1/0x1b0 [ 106.571787] compound_mapcount: 0 [ 106.575744] __sys_sendmmsg+0x126/0x300 [ 106.579249] flags: 0x1fffc0000008100(slab|head) [ 106.583458] ? SyS_sendmsg+0x20/0x20 [ 106.587318] raw: 01fffc0000008100 ffff88809586e040 0000000000000000 0000000100000003 [ 106.592495] ? __sb_end_write+0xa4/0xd0 [ 106.596780] raw: ffffea00025889a0 ffffea0002560820 ffff8880aa800c40 0000000000000000 [ 106.598387] ? mutex_unlock+0xd/0x10 [ 106.611184] page dumped because: kasan: bad access detected [ 106.611186] [ 106.614647] ? SyS_write+0x1c5/0x250 [ 106.626662] Memory state around the buggy address: [ 106.626666] ffff88809586e380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.630792] ? do_syscall_64+0x4c/0x5b0 [ 106.635689] ffff88809586e400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.639726] ? __sys_sendmmsg+0x300/0x300 [ 106.647838] >ffff88809586e480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.651804] SyS_sendmmsg+0xd/0x20 [ 106.655226] ^ [ 106.659173] do_syscall_64+0x1c7/0x5b0 [ 106.663810] ffff88809586e500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.667500] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 106.675351] ffff88809586e580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.679303] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 106.687152] ================================================================== [ 106.690842] RIP: 0033:0x45a219 [ 106.696536] Disabling lock debugging due to kernel taint [ 106.698146] RSP: 002b:00007f6e1661cc78 EFLAGS: 00000246 [ 106.746953] Kernel panic - not syncing: panic_on_warn set ... [ 106.746953] [ 106.750458] ORIG_RAX: 0000000000000133 [ 106.807667] RAX: ffffffffffffffda RBX: 00007f6e1661cc90 RCX: 000000000045a219 [ 106.814909] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 106.822239] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 106.829485] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e1661d6d4 [ 106.836749] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 106.844005] CPU: 1 PID: 9194 Comm: syz-executor.2 Tainted: G B 4.14.179-syzkaller #0 [ 106.853006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 106.862351] Call Trace: [ 106.864922] dump_stack+0xf7/0x13b [ 106.868437] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 106.873514] panic+0x1b0/0x358 [ 106.876687] ? add_taint.cold.5+0x11/0x11 [ 106.880819] ? ___preempt_schedule+0x16/0x18 [ 106.885223] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 106.890312] kasan_end_report+0x47/0x4f [ 106.894263] kasan_report.cold.8+0x76/0x2d3 [ 106.898577] __asan_report_load1_noabort+0x14/0x20 [ 106.903479] ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 106.908383] ? dccp_ackvec_clear_state+0x33e/0x7e0 [ 106.913289] ? rcu_read_lock_sched_held+0x108/0x120 [ 106.918281] dccp_deliver_input_to_ccids+0x19f/0x210 [ 106.923358] dccp_rcv_established+0x49/0x70 [ 106.927654] dccp_v4_do_rcv+0xfa/0x160 [ 106.931516] __release_sock+0x10b/0x340 [ 106.935465] release_sock+0x4f/0x180 [ 106.939168] dccp_sendmsg+0x4ab/0xc70 [ 106.944939] ? import_iovec+0x96/0x420 [ 106.948799] ? dccp_getsockopt+0xd0/0xd0 [ 106.952833] ? copy_msghdr_from_user+0x201/0x3f0 [ 106.957563] ? find_held_lock+0x36/0x1d0 [ 106.961599] inet_sendmsg+0x108/0x440 [ 106.965372] ? security_socket_sendmsg+0x6a/0xa0 [ 106.970113] ? inet_recvmsg+0x640/0x640 [ 106.974057] sock_sendmsg+0xb5/0xf0 [ 106.977656] ___sys_sendmsg+0x282/0x920 [ 106.981603] ? trace_hardirqs_off+0x10/0x10 [ 106.985914] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 106.990644] ? trace_hardirqs_on+0x10/0x10 [ 106.994868] ? trace_hardirqs_off+0x10/0x10 [ 106.999161] ? __fget+0x1ad/0x2f0 [ 107.002591] ? lock_downgrade+0x7f0/0x7f0 [ 107.006714] ? find_held_lock+0x36/0x1d0 [ 107.010748] ? __might_fault+0xf1/0x1b0 [ 107.014713] __sys_sendmmsg+0x126/0x300 [ 107.018681] ? SyS_sendmsg+0x20/0x20 [ 107.022373] ? __sb_end_write+0xa4/0xd0 [ 107.026323] ? mutex_unlock+0xd/0x10 [ 107.030034] ? SyS_write+0x1c5/0x250 [ 107.033723] ? do_syscall_64+0x4c/0x5b0 [ 107.037669] ? __sys_sendmmsg+0x300/0x300 [ 107.041792] SyS_sendmmsg+0xd/0x20 [ 107.045432] do_syscall_64+0x1c7/0x5b0 [ 107.049298] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 107.054125] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 107.059294] RIP: 0033:0x45a219 [ 107.062459] RSP: 002b:00007f9e1156cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 107.070140] RAX: ffffffffffffffda RBX: 00007f9e1156cc90 RCX: 000000000045a219 [ 107.077383] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 107.084628] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 107.091961] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9e1156d6d4 [ 107.099205] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 107.108133] Kernel Offset: disabled [ 107.111749] Rebooting in 86400 seconds..