[ 25.843979][ T26] audit: type=1800 audit(1566203356.131:22): pid=6939 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 39.546585][ T7106] IPVS: ftp: loaded support on port[0] = 21 [ 40.011427][ T7088] can: request_module (can-proto-0) failed. [ 41.057143][ T7088] can: request_module (can-proto-0) failed. Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. 2019/08/19 08:29:38 parsed 1 programs 2019/08/19 08:29:39 executed programs: 0 [ 49.357697][ T7181] IPVS: ftp: loaded support on port[0] = 21 [ 49.369508][ T7179] IPVS: ftp: loaded support on port[0] = 21 [ 49.389160][ T7182] IPVS: ftp: loaded support on port[0] = 21 [ 49.397925][ T7183] IPVS: ftp: loaded support on port[0] = 21 [ 49.409524][ T7186] IPVS: ftp: loaded support on port[0] = 21 [ 49.434905][ T7187] IPVS: ftp: loaded support on port[0] = 21 [ 49.596708][ T7181] chnl_net:caif_netlink_parms(): no params data found [ 49.612250][ T7186] chnl_net:caif_netlink_parms(): no params data found [ 49.672636][ T7186] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.681083][ T7186] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.689470][ T7186] device bridge_slave_0 entered promiscuous mode [ 49.697936][ T7181] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.705438][ T7181] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.713368][ T7181] device bridge_slave_0 entered promiscuous mode [ 49.721359][ T7181] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.728482][ T7181] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.736260][ T7181] device bridge_slave_1 entered promiscuous mode [ 49.760379][ T7186] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.767823][ T7186] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.775714][ T7186] device bridge_slave_1 entered promiscuous mode [ 49.802127][ T7179] chnl_net:caif_netlink_parms(): no params data found [ 49.839748][ T7183] chnl_net:caif_netlink_parms(): no params data found [ 49.861903][ T7181] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 49.873752][ T7181] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.891331][ T7186] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 49.931837][ T7186] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.950727][ T7182] chnl_net:caif_netlink_parms(): no params data found [ 49.961122][ T7181] team0: Port device team_slave_0 added [ 49.986956][ T7187] chnl_net:caif_netlink_parms(): no params data found [ 50.006310][ T7181] team0: Port device team_slave_1 added [ 50.012104][ T7183] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.019543][ T7183] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.027380][ T7183] device bridge_slave_0 entered promiscuous mode [ 50.041060][ T7183] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.048873][ T7183] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.057187][ T7183] device bridge_slave_1 entered promiscuous mode [ 50.081572][ T7186] team0: Port device team_slave_0 added [ 50.091614][ T7179] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.100416][ T7179] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.108574][ T7179] device bridge_slave_0 entered promiscuous mode [ 50.120587][ T7179] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.128437][ T7179] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.136769][ T7179] device bridge_slave_1 entered promiscuous mode [ 50.150598][ T7183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.161475][ T7186] team0: Port device team_slave_1 added [ 50.189281][ T7183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.213242][ T7183] team0: Port device team_slave_0 added [ 50.266660][ T7181] device hsr_slave_0 entered promiscuous mode [ 50.304357][ T7181] device hsr_slave_1 entered promiscuous mode [ 50.349334][ T7187] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.358229][ T7187] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.366122][ T7187] device bridge_slave_0 entered promiscuous mode [ 50.378696][ T7182] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.385997][ T7182] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.393730][ T7182] device bridge_slave_0 entered promiscuous mode [ 50.402724][ T7183] team0: Port device team_slave_1 added [ 50.419668][ T7187] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.427947][ T7187] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.436814][ T7187] device bridge_slave_1 entered promiscuous mode [ 50.446704][ T7179] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.456175][ T7182] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.463299][ T7182] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.474724][ T7182] device bridge_slave_1 entered promiscuous mode [ 50.510299][ T7187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.521369][ T7179] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.596497][ T7186] device hsr_slave_0 entered promiscuous mode [ 50.655472][ T7186] device hsr_slave_1 entered promiscuous mode [ 50.694167][ T7186] debugfs: Directory 'hsr0' with parent '/' already present! [ 50.703132][ T7181] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.722653][ T7181] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.736626][ T7181] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.744032][ T7181] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.788998][ T7183] device hsr_slave_0 entered promiscuous mode [ 50.854497][ T7183] device hsr_slave_1 entered promiscuous mode [ 50.944137][ T7183] debugfs: Directory 'hsr0' with parent '/' already present! [ 50.952999][ T7187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.963936][ T7182] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.977962][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.987399][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.020924][ T7182] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 51.031551][ T7179] team0: Port device team_slave_0 added [ 51.041119][ T7179] team0: Port device team_slave_1 added [ 51.071797][ T7187] team0: Port device team_slave_0 added [ 51.080009][ T7187] team0: Port device team_slave_1 added [ 51.099960][ T7182] team0: Port device team_slave_0 added [ 51.107297][ T7182] team0: Port device team_slave_1 added [ 51.155802][ T7187] device hsr_slave_0 entered promiscuous mode [ 51.194428][ T7187] device hsr_slave_1 entered promiscuous mode [ 51.264099][ T7187] debugfs: Directory 'hsr0' with parent '/' already present! [ 51.326502][ T7179] device hsr_slave_0 entered promiscuous mode [ 51.364449][ T7179] device hsr_slave_1 entered promiscuous mode [ 51.404273][ T7179] debugfs: Directory 'hsr0' with parent '/' already present! [ 51.466736][ T7182] device hsr_slave_0 entered promiscuous mode [ 51.504728][ T7182] device hsr_slave_1 entered promiscuous mode [ 51.544157][ T7182] debugfs: Directory 'hsr0' with parent '/' already present! [ 51.571788][ T7181] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.591813][ T7183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.626648][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.636375][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.648894][ T7181] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.659760][ T7183] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.671958][ T7189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.680968][ T7189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.708685][ T7186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.728057][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.738042][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.746732][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.753969][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.761499][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.770208][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.778630][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.785734][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.793222][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.801849][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.811275][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.818525][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.826149][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.834902][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.843328][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.853255][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.861949][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.871106][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.879741][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.887127][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.894928][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.904205][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.911986][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.938385][ T7186] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.949023][ T7187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.958802][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.967939][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.976648][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.987095][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.996897][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.005184][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.012802][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.037119][ T7187] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.053304][ T7183] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.070084][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.084615][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.094238][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.102953][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.112020][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.120097][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.128548][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.137486][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.146165][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.153670][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.161521][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.170508][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.179064][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.186137][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.194276][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.202864][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.211607][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.219377][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.242826][ T7181] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 52.260530][ T7181] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.280559][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.289621][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.298787][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.306605][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.314692][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.323620][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.332677][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.341680][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.350273][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.357477][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.365060][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.373380][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.381686][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.390483][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.399182][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.407854][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.416583][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.424930][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.433354][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.442273][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.450022][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.477346][ T7186] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.489910][ T7186] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.515953][ T7181] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.523111][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.534666][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.543475][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.552378][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.562113][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.571218][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.579971][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.588646][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.596980][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.606247][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.618901][ T7187] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.630633][ T7187] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.649780][ T7179] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.688399][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.697234][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.711254][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.719550][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 52.719621][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 52.741206][ T7182] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.747986][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 52.748025][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 52.766774][ T7206] Started in network mode [ 52.771366][ T7206] Own node identity ac1414aa, cluster identity 4711 [ 52.778186][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 52.778232][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 52.791598][ T7206] New replicast peer: 172.20.20.187 [ 52.800411][ T7206] check_preemption_disabled: 8 callbacks suppressed [ 52.800417][ T7206] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.3/7206 [ 52.817409][ T7206] caller is dst_cache_get+0x33/0xa0 [ 52.822810][ T7206] CPU: 0 PID: 7206 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #1 [ 52.824016][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 52.830592][ T7206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.830620][ T7206] Call Trace: [ 52.830638][ T7206] dump_stack+0x113/0x167 [ 52.830653][ T7206] debug_smp_processor_id.cold.2+0x84/0x97 [ 52.836553][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 52.846596][ T7206] dst_cache_get+0x33/0xa0 [ 52.846607][ T7206] tipc_udp_xmit.isra.15+0xb9/0xc60 [ 52.846615][ T7206] ? tipc_udp_addr2str+0x150/0x150 [ 52.846621][ T7206] ? __copy_skb_header+0x293/0x4b0 [ 52.846626][ T7206] ? __skb_checksum_complete+0x380/0x380 [ 52.846632][ T7206] ? netdev_alloc_frag+0x160/0x160 [ 52.846640][ T7206] ? find_held_lock+0x10/0x1d0 [ 52.846648][ T7206] ? skb_copy_header+0x16/0x2a0 [ 52.853943][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 52.854226][ T7206] ? __pskb_copy_fclone+0x4a9/0xc70 [ 52.854242][ T7206] tipc_udp_send_msg+0x229/0x3d0 [ 52.860141][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 52.865809][ T7206] tipc_bearer_xmit_skb+0x12c/0x290 [ 52.865816][ T7206] tipc_enable_bearer+0x7a6/0xab0 [ 52.865824][ T7206] ? tipc_bearer_xmit_skb+0x290/0x290 [ 52.865834][ T7206] ? __nla_validate_parse+0xa1/0x1d90 [ 52.865852][ T7206] ? rtnl_lock+0x12/0x20 [ 52.865863][ T7206] __tipc_nl_bearer_enable+0x265/0x390 [ 52.958076][ T7206] ? __tipc_nl_bearer_enable+0x265/0x390 [ 52.963704][ T7206] ? memset+0x31/0x40 [ 52.967685][ T7206] ? tipc_nl_bearer_disable+0x30/0x30 [ 52.973041][ T7206] ? __nla_validate_parse+0xa1/0x1d90 [ 52.978409][ T7206] ? nla_memcpy+0xa0/0xa0 [ 52.982843][ T7206] tipc_nl_bearer_enable+0x1d/0x30 [ 52.987970][ T7206] genl_family_rcv_msg+0x5d5/0x1150 [ 52.993163][ T7206] ? genl_unregister_family+0x6d0/0x6d0 [ 52.998698][ T7206] ? netdev_core_pick_tx+0x2a0/0x2a0 [ 53.004073][ T7206] ? __kasan_check_read+0x11/0x20 [ 53.009116][ T7206] ? __lock_acquire+0x96a/0x4b70 [ 53.014063][ T7206] genl_rcv_msg+0xa7/0x140 [ 53.018467][ T7206] netlink_rcv_skb+0x13f/0x380 [ 53.023316][ T7206] ? genl_family_rcv_msg+0x1150/0x1150 [ 53.028772][ T7206] ? netlink_ack+0x990/0x990 [ 53.033443][ T7206] ? netlink_deliver_tap+0x182/0xad0 [ 53.038704][ T7206] genl_rcv+0x23/0x40 [ 53.042690][ T7206] netlink_unicast+0x444/0x640 [ 53.047443][ T7206] ? netlink_attachskb+0x6f0/0x6f0 [ 53.052570][ T7206] ? _copy_from_iter_full+0x19e/0x7e0 [ 53.057930][ T7206] ? __kasan_check_read+0x11/0x20 [ 53.062960][ T7206] ? __check_object_size+0x1fe/0x30c [ 53.068233][ T7206] netlink_sendmsg+0x75d/0xc40 [ 53.073847][ T7206] ? netlink_unicast+0x640/0x640 [ 53.078964][ T7206] ? apparmor_socket_sendmsg+0x1b/0x20 [ 53.084927][ T7206] ? netlink_unicast+0x640/0x640 [ 53.089864][ T7206] sock_sendmsg+0xe6/0x110 [ 53.094270][ T7206] ___sys_sendmsg+0x658/0x980 [ 53.098957][ T7206] ? copy_msghdr_from_user+0x420/0x420 [ 53.104492][ T7206] ? lock_downgrade+0x900/0x900 [ 53.109343][ T7206] ? __kasan_check_read+0x11/0x20 [ 53.114361][ T7206] ? __fget+0x2b1/0x420 [ 53.118515][ T7206] ? ksys_dup3+0x2e0/0x2e0 [ 53.123021][ T7206] ? __might_fault+0xf1/0x1b0 [ 53.127693][ T7206] ? __fget_light+0x179/0x1f0 [ 53.132387][ T7206] ? lock_acquire+0x194/0x410 [ 53.137306][ T7206] ? __fdget+0xe/0x10 [ 53.141284][ T7206] __sys_sendmsg+0xd9/0x180 [ 53.145810][ T7206] ? __sys_sendmsg_sock+0xb0/0xb0 [ 53.150934][ T7206] ? __kasan_check_read+0x11/0x20 [ 53.156316][ T7206] ? _copy_to_user+0xcb/0xf0 [ 53.160894][ T7206] ? put_timespec64+0xa9/0x100 [ 53.165646][ T7206] ? nsecs_to_jiffies+0x20/0x20 [ 53.170488][ T7206] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.176719][ T7206] __x64_sys_sendmsg+0x73/0xb0 [ 53.181478][ T7206] do_syscall_64+0xd6/0x550 [ 53.186493][ T7206] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.192378][ T7206] RIP: 0033:0x458c29 [ 53.196257][ T7206] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.215849][ T7206] RSP: 002b:00007f94de184c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.224260][ T7206] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 53.232310][ T7206] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 000000000000000a [ 53.240387][ T7206] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 53.248480][ T7206] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f94de1856d4 [ 53.256638][ T7206] R13: 00000000004c62bc R14: 00000000004dab98 R15: 00000000ffffffff [ 53.267103][ T7206] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.3/7206 [ 53.275642][ T7211] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 53.276832][ T7206] caller is dst_cache_set_ip4+0x97/0x2dc [ 53.301409][ T7206] CPU: 1 PID: 7206 Comm: syz-executor.3 Not tainted 5.3.0-rc3+ #1 [ 53.309193][ T7206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.319513][ T7206] Call Trace: [ 53.322886][ T7206] dump_stack+0x113/0x167 [ 53.327197][ T7206] debug_smp_processor_id.cold.2+0x84/0x97 [ 53.333001][ T7206] dst_cache_set_ip4+0x97/0x2dc [ 53.337929][ T7206] ? dst_cache_get_ip6+0x1b0/0x1b0 [ 53.343195][ T7206] ? xfrm_lookup_route+0x1f/0x170 [ 53.348220][ T7206] tipc_udp_xmit.isra.15+0x7c2/0xc60 [ 53.353488][ T7206] ? tipc_udp_addr2str+0x150/0x150 [ 53.358665][ T7206] ? __copy_skb_header+0x293/0x4b0 [ 53.363752][ T7206] ? __skb_checksum_complete+0x380/0x380 [ 53.369799][ T7206] ? skb_copy_header+0x16/0x2a0 [ 53.374719][ T7206] ? __pskb_copy_fclone+0x4a9/0xc70 [ 53.379919][ T7206] tipc_udp_send_msg+0x229/0x3d0 [ 53.386408][ T7206] tipc_bearer_xmit_skb+0x12c/0x290 [ 53.391683][ T7206] tipc_enable_bearer+0x7a6/0xab0 [ 53.396775][ T7206] ? tipc_bearer_xmit_skb+0x290/0x290 [ 53.402130][ T7206] ? __nla_validate_parse+0xa1/0x1d90 [ 53.407839][ T7206] ? rtnl_lock+0x12/0x20 [ 53.412074][ T7206] __tipc_nl_bearer_enable+0x265/0x390 [ 53.417508][ T7206] ? __tipc_nl_bearer_enable+0x265/0x390 [ 53.423297][ T7206] ? memset+0x31/0x40 [ 53.427257][ T7206] ? tipc_nl_bearer_disable+0x30/0x30 [ 53.432606][ T7206] ? __nla_validate_parse+0xa1/0x1d90 [ 53.438054][ T7206] ? nla_memcpy+0xa0/0xa0 [ 53.442375][ T7206] tipc_nl_bearer_enable+0x1d/0x30 [ 53.447465][ T7206] genl_family_rcv_msg+0x5d5/0x1150 [ 53.452754][ T7206] ? genl_unregister_family+0x6d0/0x6d0 [ 53.458276][ T7206] ? netdev_core_pick_tx+0x2a0/0x2a0 [ 53.463542][ T7206] ? __kasan_check_read+0x11/0x20 [ 53.468559][ T7206] ? __lock_acquire+0x96a/0x4b70 [ 53.473493][ T7206] genl_rcv_msg+0xa7/0x140 [ 53.477976][ T7206] netlink_rcv_skb+0x13f/0x380 [ 53.482717][ T7206] ? genl_family_rcv_msg+0x1150/0x1150 [ 53.488164][ T7206] ? netlink_ack+0x990/0x990 [ 53.492741][ T7206] ? netlink_deliver_tap+0x182/0xad0 [ 53.498094][ T7206] genl_rcv+0x23/0x40 [ 53.502071][ T7206] netlink_unicast+0x444/0x640 [ 53.506922][ T7206] ? netlink_attachskb+0x6f0/0x6f0 [ 53.512022][ T7206] ? _copy_from_iter_full+0x19e/0x7e0 [ 53.517485][ T7206] ? __kasan_check_read+0x11/0x20 [ 53.522670][ T7206] ? __check_object_size+0x1fe/0x30c [ 53.528209][ T7206] netlink_sendmsg+0x75d/0xc40 [ 53.532963][ T7206] ? netlink_unicast+0x640/0x640 [ 53.537888][ T7206] ? apparmor_socket_sendmsg+0x1b/0x20 [ 53.543333][ T7206] ? netlink_unicast+0x640/0x640 [ 53.548769][ T7206] sock_sendmsg+0xe6/0x110 [ 53.553435][ T7206] ___sys_sendmsg+0x658/0x980 [ 53.558091][ T7206] ? copy_msghdr_from_user+0x420/0x420 [ 53.563529][ T7206] ? lock_downgrade+0x900/0x900 [ 53.568367][ T7206] ? __kasan_check_read+0x11/0x20 [ 53.573455][ T7206] ? __fget+0x2b1/0x420 [ 53.577586][ T7206] ? ksys_dup3+0x2e0/0x2e0 [ 53.582329][ T7206] ? __might_fault+0xf1/0x1b0 [ 53.586984][ T7206] ? __fget_light+0x179/0x1f0 [ 53.591647][ T7206] ? lock_acquire+0x194/0x410 [ 53.596301][ T7206] ? __fdget+0xe/0x10 [ 53.600273][ T7206] __sys_sendmsg+0xd9/0x180 [ 53.604752][ T7206] ? __sys_sendmsg_sock+0xb0/0xb0 [ 53.609763][ T7206] ? __kasan_check_read+0x11/0x20 [ 53.614781][ T7206] ? _copy_to_user+0xcb/0xf0 [ 53.619349][ T7206] ? put_timespec64+0xa9/0x100 [ 53.624089][ T7206] ? nsecs_to_jiffies+0x20/0x20 [ 53.629024][ T7206] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.635072][ T7206] __x64_sys_sendmsg+0x73/0xb0 [ 53.639839][ T7206] do_syscall_64+0xd6/0x550 [ 53.644340][ T7206] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.650295][ T7206] RIP: 0033:0x458c29 [ 53.654182][ T7206] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.673865][ T7206] RSP: 002b:00007f94de184c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.682518][ T7206] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 53.690477][ T7206] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 000000000000000a [ 53.698958][ T7206] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 53.707080][ T7206] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f94de1856d4 [ 53.715202][ T7206] R13: 00000000004c62bc R14: 00000000004dab98 R15: 00000000ffffffff [ 53.727854][ T7206] Enabled bearer , priority 10 [ 53.742116][ T7179] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.753106][ T7186] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.765713][ T7187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.782936][ T7182] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.798109][ T3763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.806713][ T3763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.819265][ T3763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.828080][ T3763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.883757][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.884437][ T2812] 32-bit node address hash set to aa1414ac [ 53.899739][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.912341][ T7193] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.920251][ T7193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.928599][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.938348][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.948101][ T7193] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.956113][ T7193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.964934][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.975079][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.983784][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.992621][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.002553][ T7193] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.009891][ T7193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.017840][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.027642][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.038856][ T7193] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.046607][ T7193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.055315][ T7193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.062097][ T7227] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 54.074785][ T7179] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.095080][ T7179] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.120112][ T7222] Started in network mode [ 54.133970][ T7222] Own node identity ac1414aa, cluster identity 4711 [ 54.146708][ T7222] New replicast peer: 172.20.20.187 [ 54.152266][ T7222] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/7222 [ 54.161889][ T7222] caller is dst_cache_get+0x33/0xa0 [ 54.167315][ T7222] CPU: 0 PID: 7222 Comm: syz-executor.0 Not tainted 5.3.0-rc3+ #1 [ 54.175108][ T7222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.185253][ T7222] Call Trace: [ 54.188553][ T7222] dump_stack+0x113/0x167 [ 54.192873][ T7222] debug_smp_processor_id.cold.2+0x84/0x97 [ 54.198707][ T7222] dst_cache_get+0x33/0xa0 [ 54.203363][ T7222] tipc_udp_xmit.isra.15+0xb9/0xc60 [ 54.208678][ T7222] ? tipc_udp_addr2str+0x150/0x150 [ 54.213893][ T7222] ? __copy_skb_header+0x293/0x4b0 [ 54.219021][ T7222] ? __skb_checksum_complete+0x380/0x380 [ 54.224754][ T7222] ? netdev_alloc_frag+0x160/0x160 [ 54.230053][ T7222] ? find_held_lock+0x10/0x1d0 [ 54.234903][ T7222] ? skb_copy_header+0x16/0x2a0 [ 54.239749][ T7222] ? __pskb_copy_fclone+0x4a9/0xc70 [ 54.244937][ T7222] tipc_udp_send_msg+0x229/0x3d0 [ 54.251062][ T7222] tipc_bearer_xmit_skb+0x12c/0x290 [ 54.256273][ T7222] tipc_enable_bearer+0x7a6/0xab0 [ 54.261310][ T7222] ? tipc_bearer_xmit_skb+0x290/0x290 [ 54.266905][ T7222] ? __nla_validate_parse+0xa1/0x1d90 [ 54.272385][ T7222] ? rtnl_lock+0x12/0x20 [ 54.277192][ T7222] __tipc_nl_bearer_enable+0x265/0x390 [ 54.282829][ T7222] ? __tipc_nl_bearer_enable+0x265/0x390 [ 54.288747][ T7222] ? memset+0x31/0x40 [ 54.292716][ T7222] ? tipc_nl_bearer_disable+0x30/0x30 [ 54.298263][ T7222] ? __nla_validate_parse+0xa1/0x1d90 [ 54.303747][ T7222] ? nla_memcpy+0xa0/0xa0 [ 54.308119][ T7222] tipc_nl_bearer_enable+0x1d/0x30 [ 54.313417][ T7222] genl_family_rcv_msg+0x5d5/0x1150 [ 54.318706][ T7222] ? genl_unregister_family+0x6d0/0x6d0 [ 54.324430][ T7222] ? netdev_core_pick_tx+0x2a0/0x2a0 [ 54.330309][ T7222] ? __kasan_check_read+0x11/0x20 [ 54.335753][ T7222] ? __lock_acquire+0x96a/0x4b70 [ 54.340708][ T7222] genl_rcv_msg+0xa7/0x140 [ 54.345276][ T7222] netlink_rcv_skb+0x13f/0x380 [ 54.350229][ T7222] ? genl_family_rcv_msg+0x1150/0x1150 [ 54.355842][ T7222] ? netlink_ack+0x990/0x990 [ 54.362408][ T7222] ? netlink_deliver_tap+0x182/0xad0 [ 54.367868][ T7222] genl_rcv+0x23/0x40 [ 54.371929][ T7222] netlink_unicast+0x444/0x640 [ 54.377209][ T7222] ? netlink_attachskb+0x6f0/0x6f0 [ 54.382392][ T7222] ? _copy_from_iter_full+0x19e/0x7e0 [ 54.387946][ T7222] ? __kasan_check_read+0x11/0x20 [ 54.392948][ T7222] ? __check_object_size+0x1fe/0x30c [ 54.398302][ T7222] netlink_sendmsg+0x75d/0xc40 [ 54.403312][ T7222] ? netlink_unicast+0x640/0x640 [ 54.408233][ T7222] ? apparmor_socket_sendmsg+0x1b/0x20 [ 54.413675][ T7222] ? netlink_unicast+0x640/0x640 [ 54.418599][ T7222] sock_sendmsg+0xe6/0x110 [ 54.422997][ T7222] ___sys_sendmsg+0x658/0x980 [ 54.427651][ T7222] ? copy_msghdr_from_user+0x420/0x420 [ 54.433090][ T7222] ? lock_downgrade+0x900/0x900 [ 54.437922][ T7222] ? __kasan_check_read+0x11/0x20 [ 54.442927][ T7222] ? __fget+0x2b1/0x420 [ 54.447063][ T7222] ? ksys_dup3+0x2e0/0x2e0 [ 54.451461][ T7222] ? __might_fault+0xf1/0x1b0 [ 54.456133][ T7222] ? __fget_light+0x179/0x1f0 [ 54.462330][ T7222] ? lock_acquire+0x194/0x410 [ 54.467253][ T7222] ? __fdget+0xe/0x10 [ 54.471217][ T7222] __sys_sendmsg+0xd9/0x180 [ 54.475710][ T7222] ? __sys_sendmsg_sock+0xb0/0xb0 [ 54.481073][ T7222] ? __kasan_check_read+0x11/0x20 [ 54.486185][ T7222] ? _copy_to_user+0xcb/0xf0 [ 54.490785][ T7222] ? put_timespec64+0xa9/0x100 [ 54.495874][ T7222] ? nsecs_to_jiffies+0x20/0x20 [ 54.500705][ T7222] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.506763][ T7222] __x64_sys_sendmsg+0x73/0xb0 [ 54.511518][ T7222] do_syscall_64+0xd6/0x550 [ 54.516001][ T7222] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.521875][ T7222] RIP: 0033:0x458c29 [ 54.525751][ T7222] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.545777][ T7222] RSP: 002b:00007f36dc272c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 54.554179][ T7222] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 54.564580][ T7222] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 000000000000000a [ 54.572554][ T7222] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 54.580697][ T7222] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36dc2736d4 [ 54.588655][ T7222] R13: 00000000004c62bc R14: 00000000004dab98 R15: 00000000ffffffff [ 54.612676][ T7222] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/7222 [ 54.631719][ T7222] caller is dst_cache_set_ip4+0x97/0x2dc [ 54.637972][ T7222] CPU: 1 PID: 7222 Comm: syz-executor.0 Not tainted 5.3.0-rc3+ #1 [ 54.649272][ T7222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.660753][ T7222] Call Trace: [ 54.664049][ T7222] dump_stack+0x113/0x167 [ 54.668366][ T7222] debug_smp_processor_id.cold.2+0x84/0x97 [ 54.674287][ T7222] dst_cache_set_ip4+0x97/0x2dc [ 54.679191][ T7222] ? dst_cache_get_ip6+0x1b0/0x1b0 [ 54.684480][ T7222] ? xfrm_lookup_route+0x1f/0x170 [ 54.689550][ T7222] tipc_udp_xmit.isra.15+0x7c2/0xc60 [ 54.694941][ T7222] ? tipc_udp_addr2str+0x150/0x150 [ 54.700048][ T7222] ? __copy_skb_header+0x293/0x4b0 [ 54.716501][ T7222] ? __skb_checksum_complete+0x380/0x380 [ 54.722309][ T7222] ? skb_copy_header+0x16/0x2a0 [ 54.727150][ T7222] ? __pskb_copy_fclone+0x4a9/0xc70 [ 54.732350][ T7222] tipc_udp_send_msg+0x229/0x3d0 [ 54.737393][ T7222] tipc_bearer_xmit_skb+0x12c/0x290 [ 54.742697][ T7222] tipc_enable_bearer+0x7a6/0xab0 [ 54.747918][ T7222] ? tipc_bearer_xmit_skb+0x290/0x290 [ 54.753414][ T7222] ? __nla_validate_parse+0xa1/0x1d90 [ 54.758805][ T7222] ? rtnl_lock+0x12/0x20 [ 54.763062][ T7222] __tipc_nl_bearer_enable+0x265/0x390 [ 54.768711][ T7222] ? __tipc_nl_bearer_enable+0x265/0x390 [ 54.774598][ T7222] ? memset+0x31/0x40 [ 54.778595][ T7222] ? tipc_nl_bearer_disable+0x30/0x30 [ 54.787490][ T7222] ? __nla_validate_parse+0xa1/0x1d90 [ 54.792883][ T7222] ? nla_memcpy+0xa0/0xa0 [ 54.797584][ T7222] tipc_nl_bearer_enable+0x1d/0x30 [ 54.802905][ T7222] genl_family_rcv_msg+0x5d5/0x1150 [ 54.808182][ T7222] ? genl_unregister_family+0x6d0/0x6d0 [ 54.813814][ T7222] ? netdev_core_pick_tx+0x2a0/0x2a0 [ 54.819108][ T7222] ? __kasan_check_read+0x11/0x20 [ 54.824344][ T7222] ? __lock_acquire+0x96a/0x4b70 [ 54.829923][ T7222] genl_rcv_msg+0xa7/0x140 [ 54.834324][ T7222] netlink_rcv_skb+0x13f/0x380 [ 54.839120][ T7222] ? genl_family_rcv_msg+0x1150/0x1150 [ 54.844554][ T7222] ? netlink_ack+0x990/0x990 [ 54.849134][ T7222] ? netlink_deliver_tap+0x182/0xad0 [ 54.854397][ T7222] genl_rcv+0x23/0x40 [ 54.858362][ T7222] netlink_unicast+0x444/0x640 [ 54.863101][ T7222] ? netlink_attachskb+0x6f0/0x6f0 [ 54.868189][ T7222] ? _copy_from_iter_full+0x19e/0x7e0 [ 54.873535][ T7222] ? __kasan_check_read+0x11/0x20 [ 54.878622][ T7222] ? __check_object_size+0x1fe/0x30c [ 54.883883][ T7222] netlink_sendmsg+0x75d/0xc40 [ 54.888720][ T7222] ? netlink_unicast+0x640/0x640 [ 54.893641][ T7222] ? apparmor_socket_sendmsg+0x1b/0x20 [ 54.899082][ T7222] ? netlink_unicast+0x640/0x640 [ 54.904001][ T7222] sock_sendmsg+0xe6/0x110 [ 54.908403][ T7222] ___sys_sendmsg+0x658/0x980 [ 54.913068][ T7222] ? copy_msghdr_from_user+0x420/0x420 [ 54.918521][ T7222] ? lock_downgrade+0x900/0x900 [ 54.923451][ T7222] ? __kasan_check_read+0x11/0x20 [ 54.928831][ T7222] ? __fget+0x2b1/0x420 [ 54.933060][ T7222] ? ksys_dup3+0x2e0/0x2e0 [ 54.937486][ T7222] ? __might_fault+0xf1/0x1b0 [ 54.942314][ T7222] ? __fget_light+0x179/0x1f0 [ 54.946976][ T7222] ? lock_acquire+0x194/0x410 [ 54.951725][ T7222] ? __fdget+0xe/0x10 [ 54.955706][ T7222] __sys_sendmsg+0xd9/0x180 [ 54.960294][ T7222] ? __sys_sendmsg_sock+0xb0/0xb0 [ 54.965303][ T7222] ? __kasan_check_read+0x11/0x20 [ 54.970302][ T7222] ? _copy_to_user+0xcb/0xf0 [ 54.975218][ T7222] ? put_timespec64+0xa9/0x100 [ 54.980044][ T7222] ? nsecs_to_jiffies+0x20/0x20 [ 54.985148][ T7222] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.991201][ T7222] __x64_sys_sendmsg+0x73/0xb0 [ 54.995953][ T7222] do_syscall_64+0xd6/0x550 [ 55.000605][ T7222] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.006559][ T7222] RIP: 0033:0x458c29 [ 55.010432][ T7222] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.030270][ T7222] RSP: 002b:00007f36dc272c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.038921][ T7222] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 55.048260][ T7222] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 000000000000000a [ 55.056907][ T7222] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 55.064983][ T7222] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f36dc2736d4 [ 55.073035][ T7222] R13: 00000000004c62bc R14: 00000000004dab98 R15: 00000000ffffffff [ 55.087960][ T7222] Enabled bearer , priority 10 [ 55.118430][ T3763] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.144906][ T3763] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.160543][ T3763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.169814][ T3763] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.179681][ T3763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.189222][ T3763] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.199756][ T3763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.211930][ T3763] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.220615][ T3763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.229569][ T3763] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.237677][ T7189] 32-bit node address hash set to aa1414ac [ 55.238126][ T3763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.255373][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.263226][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.271127][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.280076][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 2019/08/19 08:29:45 executed programs: 6 [ 55.291818][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.305411][ T7227] syz-executor.0 (7227) used greatest stack depth: 22000 bytes left [ 55.549871][ T7209] Enabling of bearer rejected, already enabled [ 55.570130][ T7179] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/08/19 08:29:46 result: hanged=false err=executor 1: exit status 67 failed to mkdir (errno 28) loop exited with status 67 failed to mkdir (errno 28) loop exited with status 67 [ 55.807775][ T7189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.819995][ T7189] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.829105][ T7189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.838676][ T7189] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 2019/08/19 08:29:46 result: hanged=false err=executor 4: exit status 67 failed to mkdir (errno 28) loop exited with status 67 failed to mkdir (errno 28) loop exited with status 67 2019/08/19 08:29:46 result: hanged=false err=failed to create temp dir: mkdir syzkaller-testdir593046149: no space left on device 2019/08/19 08:29:46 result: hanged=false err=failed to create temp dir: mkdir syzkaller-testdir051624992: no space left on device 2019/08/19 08:29:46 result: hanged=false err=failed to create temp dir: mkdir syzkaller-testdir901556479: no space left on device 2019/08/19 08:29:46 result: hanged=false err=failed to create temp dir: mkdir syzkaller-testdir947423826: no space left on device [ 56.072686][ T7248] Enabling of bearer rejected, already enabled [ 56.083154][ T7182] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.097147][ T7182] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.127245][ T7189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.139511][ T7189] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.194667][ T7255] IPVS: ftp: loaded support on port[0] = 21 [ 56.341759][ T7182] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.551084][ T7248] Enabling of bearer rejected, already enabled [ 56.583651][ T7267] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 56.946627][ T7279] Started in network mode [ 56.951009][ T7279] Own node identity ac1414aa, cluster identity 4711 [ 56.961324][ T7279] New replicast peer: 172.20.20.187 [ 56.969283][ T7279] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.5/7279 [ 56.974448][ T7282] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 56.979145][ T7279] caller is dst_cache_get+0x33/0xa0 [ 57.002776][ T7279] CPU: 1 PID: 7279 Comm: syz-executor.5 Not tainted 5.3.0-rc3+ #1 [ 57.010563][ T7279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.020663][ T7279] Call Trace: [ 57.023964][ T7279] dump_stack+0x113/0x167 [ 57.028313][ T7279] debug_smp_processor_id.cold.2+0x84/0x97 [ 57.034204][ T7279] dst_cache_get+0x33/0xa0 [ 57.038624][ T7279] tipc_udp_xmit.isra.15+0xb9/0xc60 [ 57.043896][ T7279] ? tipc_udp_addr2str+0x150/0x150 [ 57.049123][ T7279] ? __copy_skb_header+0x293/0x4b0 [ 57.054324][ T7279] ? __skb_checksum_complete+0x380/0x380 [ 57.060024][ T7279] ? netdev_alloc_frag+0x160/0x160 [ 57.065299][ T7279] ? find_held_lock+0x10/0x1d0 [ 57.070049][ T7279] ? skb_copy_header+0x16/0x2a0 [ 57.074882][ T7279] ? __pskb_copy_fclone+0x4a9/0xc70 [ 57.080093][ T7279] tipc_udp_send_msg+0x229/0x3d0 [ 57.085128][ T7279] tipc_bearer_xmit_skb+0x12c/0x290 [ 57.090375][ T7279] tipc_enable_bearer+0x7a6/0xab0 [ 57.095543][ T7279] ? tipc_bearer_xmit_skb+0x290/0x290 [ 57.101102][ T7279] ? __nla_validate_parse+0xa1/0x1d90 [ 57.106668][ T7279] ? rtnl_lock+0x12/0x20 [ 57.111057][ T7279] __tipc_nl_bearer_enable+0x265/0x390 [ 57.119200][ T7279] ? __tipc_nl_bearer_enable+0x265/0x390 [ 57.124823][ T7279] ? memset+0x31/0x40 [ 57.128869][ T7279] ? tipc_nl_bearer_disable+0x30/0x30 [ 57.134234][ T7279] ? __nla_validate_parse+0xa1/0x1d90 [ 57.139606][ T7279] ? nla_memcpy+0xa0/0xa0 [ 57.143992][ T7279] tipc_nl_bearer_enable+0x1d/0x30 [ 57.149096][ T7279] genl_family_rcv_msg+0x5d5/0x1150 [ 57.154296][ T7279] ? genl_unregister_family+0x6d0/0x6d0 [ 57.159858][ T7279] ? netdev_core_pick_tx+0x2a0/0x2a0 [ 57.165157][ T7279] ? __kasan_check_read+0x11/0x20 [ 57.170597][ T7279] ? __lock_acquire+0x96a/0x4b70 [ 57.175736][ T7279] genl_rcv_msg+0xa7/0x140 [ 57.180322][ T7279] netlink_rcv_skb+0x13f/0x380 [ 57.185341][ T7279] ? genl_family_rcv_msg+0x1150/0x1150 [ 57.190792][ T7279] ? netlink_ack+0x990/0x990 [ 57.195383][ T7279] ? netlink_deliver_tap+0x182/0xad0 [ 57.200674][ T7279] genl_rcv+0x23/0x40 [ 57.204669][ T7279] netlink_unicast+0x444/0x640 [ 57.209421][ T7279] ? netlink_attachskb+0x6f0/0x6f0 [ 57.214526][ T7279] ? _copy_from_iter_full+0x19e/0x7e0 [ 57.219889][ T7279] ? __kasan_check_read+0x11/0x20 [ 57.224914][ T7279] ? __check_object_size+0x1fe/0x30c [ 57.230274][ T7279] netlink_sendmsg+0x75d/0xc40 [ 57.235017][ T7279] ? netlink_unicast+0x640/0x640 [ 57.239941][ T7279] ? apparmor_socket_sendmsg+0x1b/0x20 [ 57.245414][ T7279] ? netlink_unicast+0x640/0x640 [ 57.250758][ T7279] sock_sendmsg+0xe6/0x110 [ 57.255197][ T7279] ___sys_sendmsg+0x658/0x980 [ 57.259900][ T7279] ? copy_msghdr_from_user+0x420/0x420 [ 57.265626][ T7279] ? lock_downgrade+0x900/0x900 [ 57.270593][ T7279] ? __kasan_check_read+0x11/0x20 [ 57.275616][ T7279] ? __fget+0x2b1/0x420 [ 57.280110][ T7279] ? ksys_dup3+0x2e0/0x2e0 [ 57.285021][ T7279] ? __might_fault+0xf1/0x1b0 [ 57.289701][ T7279] ? __fget_light+0x179/0x1f0 [ 57.294883][ T7279] ? lock_acquire+0x194/0x410 [ 57.299570][ T7279] ? __fdget+0xe/0x10 [ 57.304238][ T7279] __sys_sendmsg+0xd9/0x180 [ 57.309022][ T7279] ? __sys_sendmsg_sock+0xb0/0xb0 [ 57.314121][ T7279] ? __kasan_check_read+0x11/0x20 [ 57.319132][ T7279] ? _copy_to_user+0xcb/0xf0 [ 57.324251][ T7279] ? put_timespec64+0xa9/0x100 [ 57.329020][ T7279] ? nsecs_to_jiffies+0x20/0x20 [ 57.333897][ T7279] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.340178][ T7279] __x64_sys_sendmsg+0x73/0xb0 [ 57.344923][ T7279] do_syscall_64+0xd6/0x550 [ 57.349405][ T7279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.355373][ T7279] RIP: 0033:0x458c29 [ 57.359243][ T7279] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.379207][ T7279] RSP: 002b:00007f6668819c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 57.387604][ T7279] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 57.395690][ T7279] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 000000000000000a [ 57.404217][ T7279] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 57.412435][ T7279] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f666881a6d4 [ 57.420477][ T7279] R13: 00000000004c62bc R14: 00000000004dab98 R15: 00000000ffffffff [ 57.433497][ T7279] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.5/7279 [ 57.443259][ T7279] caller is dst_cache_set_ip4+0x97/0x2dc [ 57.449008][ T7279] CPU: 1 PID: 7279 Comm: syz-executor.5 Not tainted 5.3.0-rc3+ #1 [ 57.456803][ T7279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.466945][ T7279] Call Trace: [ 57.470232][ T7279] dump_stack+0x113/0x167 [ 57.474566][ T7279] debug_smp_processor_id.cold.2+0x84/0x97 [ 57.480369][ T7279] dst_cache_set_ip4+0x97/0x2dc [ 57.485229][ T7279] ? dst_cache_get_ip6+0x1b0/0x1b0 [ 57.490420][ T7279] ? xfrm_lookup_route+0x1f/0x170 [ 57.495539][ T7279] tipc_udp_xmit.isra.15+0x7c2/0xc60 [ 57.500817][ T7279] ? tipc_udp_addr2str+0x150/0x150 [ 57.505920][ T7279] ? __copy_skb_header+0x293/0x4b0 [ 57.511202][ T7279] ? __skb_checksum_complete+0x380/0x380 [ 57.516918][ T7279] ? skb_copy_header+0x16/0x2a0 [ 57.521760][ T7279] ? __pskb_copy_fclone+0x4a9/0xc70 [ 57.527049][ T7279] tipc_udp_send_msg+0x229/0x3d0 [ 57.531993][ T7279] tipc_bearer_xmit_skb+0x12c/0x290 [ 57.537188][ T7279] tipc_enable_bearer+0x7a6/0xab0 [ 57.542209][ T7279] ? tipc_bearer_xmit_skb+0x290/0x290 [ 57.547584][ T7279] ? __nla_validate_parse+0xa1/0x1d90 [ 57.553144][ T7279] ? rtnl_lock+0x12/0x20 [ 57.557381][ T7279] __tipc_nl_bearer_enable+0x265/0x390 [ 57.562827][ T7279] ? __tipc_nl_bearer_enable+0x265/0x390 [ 57.568453][ T7279] ? memset+0x31/0x40 [ 57.572598][ T7279] ? tipc_nl_bearer_disable+0x30/0x30 [ 57.578044][ T7279] ? __nla_validate_parse+0xa1/0x1d90 [ 57.583440][ T7279] ? nla_memcpy+0xa0/0xa0 [ 57.587790][ T7279] tipc_nl_bearer_enable+0x1d/0x30 [ 57.592891][ T7279] genl_family_rcv_msg+0x5d5/0x1150 [ 57.598084][ T7279] ? genl_unregister_family+0x6d0/0x6d0 [ 57.603623][ T7279] ? netdev_core_pick_tx+0x2a0/0x2a0 [ 57.608939][ T7279] ? __kasan_check_read+0x11/0x20 [ 57.613967][ T7279] ? __lock_acquire+0x96a/0x4b70 [ 57.618897][ T7279] genl_rcv_msg+0xa7/0x140 [ 57.623304][ T7279] netlink_rcv_skb+0x13f/0x380 [ 57.628047][ T7279] ? genl_family_rcv_msg+0x1150/0x1150 [ 57.633491][ T7279] ? netlink_ack+0x990/0x990 [ 57.640328][ T7279] ? netlink_deliver_tap+0x182/0xad0 [ 57.650032][ T7279] genl_rcv+0x23/0x40 [ 57.654003][ T7279] netlink_unicast+0x444/0x640 [ 57.658755][ T7279] ? netlink_attachskb+0x6f0/0x6f0 [ 57.663853][ T7279] ? _copy_from_iter_full+0x19e/0x7e0 [ 57.669494][ T7279] ? __kasan_check_read+0x11/0x20 [ 57.674526][ T7279] ? __check_object_size+0x1fe/0x30c [ 57.679799][ T7279] netlink_sendmsg+0x75d/0xc40 [ 57.684541][ T7279] ? netlink_unicast+0x640/0x640 [ 57.689464][ T7279] ? apparmor_socket_sendmsg+0x1b/0x20 [ 57.694955][ T7279] ? netlink_unicast+0x640/0x640 [ 57.699882][ T7279] sock_sendmsg+0xe6/0x110 [ 57.704286][ T7279] ___sys_sendmsg+0x658/0x980 [ 57.708948][ T7279] ? copy_msghdr_from_user+0x420/0x420 [ 57.714394][ T7279] ? lock_downgrade+0x900/0x900 [ 57.719229][ T7279] ? __kasan_check_read+0x11/0x20 [ 57.724321][ T7279] ? __fget+0x2b1/0x420 [ 57.728460][ T7279] ? ksys_dup3+0x2e0/0x2e0 [ 57.732859][ T7279] ? __might_fault+0xf1/0x1b0 [ 57.737530][ T7279] ? __fget_light+0x179/0x1f0 [ 57.742186][ T7279] ? lock_acquire+0x194/0x410 [ 57.746842][ T7279] ? __fdget+0xe/0x10 [ 57.750972][ T7279] __sys_sendmsg+0xd9/0x180 [ 57.755538][ T7279] ? __sys_sendmsg_sock+0xb0/0xb0 [ 57.760546][ T7279] ? __kasan_check_read+0x11/0x20 [ 57.765567][ T7279] ? _copy_to_user+0xcb/0xf0 [ 57.770172][ T7279] ? put_timespec64+0xa9/0x100 [ 57.774928][ T7279] ? nsecs_to_jiffies+0x20/0x20 [ 57.779765][ T7279] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.785819][ T7279] __x64_sys_sendmsg+0x73/0xb0 [ 57.790570][ T7279] do_syscall_64+0xd6/0x550 [ 57.795332][ T7279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.801674][ T7279] RIP: 0033:0x458c29 [ 57.805558][ T7279] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.825234][ T7279] RSP: 002b:00007f6668819c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 57.833666][ T7279] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 57.841624][ T7279] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 000000000000000a [ 57.849573][ T7279] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 57.857629][ T7279] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f666881a6d4 [ 57.865617][ T7279] R13: 00000000004c62bc R14: 00000000004dab98 R15: 00000000ffffffff [ 57.876741][ C1] net_ratelimit: 34 callbacks suppressed [ 57.876747][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 57.888263][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 57.905864][ T7279] Enabled bearer , priority 10 [ 58.014311][ T3763] 32-bit node address hash set to aa1414ac [ 58.074635][ T7267] Started in network mode [ 58.078987][ T7267] Own node identity ac1414aa, cluster identity 4711 [ 58.094308][ T7267] New replicast peer: 172.20.20.187 [ 58.099689][ T7267] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.2/7267 [ 58.109354][ T7267] caller is dst_cache_get+0x33/0xa0 [ 58.114746][ T7267] CPU: 1 PID: 7267 Comm: syz-executor.2 Not tainted 5.3.0-rc3+ #1 [ 58.122640][ T7267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.132700][ T7267] Call Trace: [ 58.136349][ T7267] dump_stack+0x113/0x167 [ 58.140686][ T7267] debug_smp_processor_id.cold.2+0x84/0x97 [ 58.146582][ T7267] dst_cache_get+0x33/0xa0 [ 58.151008][ T7267] tipc_udp_xmit.isra.15+0xb9/0xc60 [ 58.156212][ T7267] ? tipc_udp_addr2str+0x150/0x150 [ 58.161313][ T7267] ? __copy_skb_header+0x293/0x4b0 [ 58.166423][ T7267] ? __skb_checksum_complete+0x380/0x380 [ 58.172046][ T7267] ? netdev_alloc_frag+0x160/0x160 [ 58.177166][ T7267] ? find_held_lock+0x10/0x1d0 [ 58.181927][ T7267] ? skb_copy_header+0x16/0x2a0 [ 58.186771][ T7267] ? __pskb_copy_fclone+0x4a9/0xc70 [ 58.192058][ T7267] tipc_udp_send_msg+0x229/0x3d0 [ 58.197002][ T7267] tipc_bearer_xmit_skb+0x12c/0x290 [ 58.202195][ T7267] tipc_enable_bearer+0x7a6/0xab0 [ 58.207235][ T7267] ? tipc_bearer_xmit_skb+0x290/0x290 [ 58.212603][ T7267] ? __nla_validate_parse+0xa1/0x1d90 [ 58.217983][ T7267] ? rtnl_lock+0x12/0x20 [ 58.222259][ T7267] __tipc_nl_bearer_enable+0x265/0x390 [ 58.227720][ T7267] ? __tipc_nl_bearer_enable+0x265/0x390 [ 58.233349][ T7267] ? memset+0x31/0x40 [ 58.237326][ T7267] ? tipc_nl_bearer_disable+0x30/0x30 [ 58.242691][ T7267] ? __nla_validate_parse+0xa1/0x1d90 [ 58.248233][ T7267] ? nla_memcpy+0xa0/0xa0 [ 58.252565][ T7267] tipc_nl_bearer_enable+0x1d/0x30 [ 58.257669][ T7267] genl_family_rcv_msg+0x5d5/0x1150 [ 58.262859][ T7267] ? genl_unregister_family+0x6d0/0x6d0 [ 58.268400][ T7267] ? netdev_core_pick_tx+0x2a0/0x2a0 [ 58.273760][ T7267] ? __kasan_check_read+0x11/0x20 [ 58.278783][ T7267] ? __lock_acquire+0x96a/0x4b70 [ 58.283724][ T7267] genl_rcv_msg+0xa7/0x140 [ 58.288876][ T7267] netlink_rcv_skb+0x13f/0x380 [ 58.293732][ T7267] ? genl_family_rcv_msg+0x1150/0x1150 [ 58.299194][ T7267] ? netlink_ack+0x990/0x990 [ 58.303774][ T7267] ? netlink_deliver_tap+0x182/0xad0 [ 58.309054][ T7267] genl_rcv+0x23/0x40 [ 58.313038][ T7267] netlink_unicast+0x444/0x640 [ 58.317866][ T7267] ? netlink_attachskb+0x6f0/0x6f0 [ 58.322984][ T7267] ? _copy_from_iter_full+0x19e/0x7e0 [ 58.328452][ T7267] ? __kasan_check_read+0x11/0x20 [ 58.333466][ T7267] ? __check_object_size+0x1fe/0x30c [ 58.338753][ T7267] netlink_sendmsg+0x75d/0xc40 [ 58.343516][ T7267] ? netlink_unicast+0x640/0x640 [ 58.348451][ T7267] ? apparmor_socket_sendmsg+0x1b/0x20 [ 58.353905][ T7267] ? netlink_unicast+0x640/0x640 [ 58.358930][ T7267] sock_sendmsg+0xe6/0x110 [ 58.363342][ T7267] ___sys_sendmsg+0x658/0x980 [ 58.368112][ T7267] ? copy_msghdr_from_user+0x420/0x420 [ 58.373669][ T7267] ? lock_downgrade+0x900/0x900 [ 58.378529][ T7267] ? __kasan_check_read+0x11/0x20 [ 58.383537][ T7267] ? __fget+0x2b1/0x420 [ 58.387675][ T7267] ? ksys_dup3+0x2e0/0x2e0 [ 58.392103][ T7267] ? __might_fault+0xf1/0x1b0 [ 58.396777][ T7267] ? __fget_light+0x179/0x1f0 [ 58.402141][ T7267] ? lock_acquire+0x194/0x410 [ 58.406805][ T7267] ? __fdget+0xe/0x10 [ 58.410951][ T7267] __sys_sendmsg+0xd9/0x180 [ 58.415447][ T7267] ? __sys_sendmsg_sock+0xb0/0xb0 [ 58.420464][ T7267] ? __kasan_check_read+0x11/0x20 [ 58.425499][ T7267] ? _copy_to_user+0xcb/0xf0 [ 58.430214][ T7267] ? put_timespec64+0xa9/0x100 [ 58.435239][ T7267] ? nsecs_to_jiffies+0x20/0x20 [ 58.440173][ T7267] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.446780][ T7267] __x64_sys_sendmsg+0x73/0xb0 [ 58.451533][ T7267] do_syscall_64+0xd6/0x550 [ 58.456118][ T7267] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.462003][ T7267] RIP: 0033:0x458c29 [ 58.465884][ T7267] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.485756][ T7267] RSP: 002b:00007fea1780ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.494617][ T7267] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 58.502677][ T7267] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 000000000000000a [ 58.510629][ T7267] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 58.518596][ T7267] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea1780b6d4 [ 58.526556][ T7267] R13: 00000000004c62bc R14: 00000000004dab98 R15: 00000000ffffffff [ 58.536511][ T7267] Enabled bearer , priority 10 [ 58.928716][ T7304] Enabling of bearer rejected, already enabled [ 58.941726][ T7302] Enabling of bearer rejected, already enabled [ 58.958908][ T7255] chnl_net:caif_netlink_parms(): no params data found 2019/08/19 08:29:49 result: hanged=false err=executor 5: exit status 67 failed to mkdir (errno 28) loop exited with status 67 failed to mkdir (errno 28) loop exited with status 67 [ 59.061444][ T7306] IPVS: ftp: loaded support on port[0] = 21 [ 59.094349][ T3763] 32-bit node address hash set to aa1414ac [ 59.107853][ T7255] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.119198][ T7255] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.128673][ T7255] device bridge_slave_0 entered promiscuous mode [ 59.256204][ T7255] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.269333][ T7321] IPVS: ftp: loaded support on port[0] = 21 [ 59.275691][ T7255] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.290668][ T7255] device bridge_slave_1 entered promiscuous mode [ 59.320587][ T21] device bridge_slave_1 left promiscuous mode [ 59.351940][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.423360][ T21] device bridge_slave_0 left promiscuous mode [ 59.433256][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.454548][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 59.460432][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 59.466297][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 59.472093][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 59.478075][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 59.483876][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 59.934651][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 59.940700][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 61.524676][ T21] device hsr_slave_0 left promiscuous mode [ 61.564088][ T21] device hsr_slave_1 left promiscuous mode [ 61.616116][ T21] team0 (unregistering): Port device team_slave_1 removed [ 61.636988][ T21] team0 (unregistering): Port device team_slave_0 removed [ 61.662751][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 61.719824][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 61.838008][ T21] bond0 (unregistering): Released all slaves [ 61.970865][ T7302] Enabling of bearer rejected, already enabled [ 61.983292][ T7309] Enabling of bearer rejected, already enabled 2019/08/19 08:29:52 executed programs: 19 [ 62.019842][ T7255] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.059560][ T7255] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.099331][ T7308] Enabling of bearer rejected, already enabled [ 62.173402][ T7255] team0: Port device team_slave_0 added [ 62.211624][ T7355] Enabling of bearer rejected, already enabled [ 62.237112][ T7255] team0: Port device team_slave_1 added [ 62.366691][ T7255] device hsr_slave_0 entered promiscuous mode [ 62.420514][ T7255] device hsr_slave_1 entered promiscuous mode [ 62.504018][ T7255] debugfs: Directory 'hsr0' with parent '/' already present! [ 62.516749][ T7306] chnl_net:caif_netlink_parms(): no params data found [ 62.642075][ T7306] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.693982][ T7306] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.701945][ T7306] device bridge_slave_0 entered promiscuous mode [ 62.725690][ T7306] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.732848][ T7306] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.754803][ T7306] device bridge_slave_1 entered promiscuous mode [ 62.763256][ T7321] chnl_net:caif_netlink_parms(): no params data found