Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. 2020/06/05 00:01:28 parsed 1 programs 2020/06/05 00:01:29 executed programs: 0 [ 40.347378] audit: type=1400 audit(1591315289.085:10): avc: denied { execmem } for pid=6248 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 40.630046] IPVS: ftp: loaded support on port[0] = 21 [ 41.398150] IPVS: ftp: loaded support on port[0] = 21 [ 41.459556] chnl_net:caif_netlink_parms(): no params data found [ 41.503857] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.511040] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.518301] device bridge_slave_0 entered promiscuous mode [ 41.521493] IPVS: ftp: loaded support on port[0] = 21 [ 41.526117] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.535709] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.542976] device bridge_slave_1 entered promiscuous mode [ 41.580055] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 41.590600] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 41.638775] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 41.646187] team0: Port device team_slave_0 added [ 41.659000] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 41.666471] team0: Port device team_slave_1 added [ 41.677000] chnl_net:caif_netlink_parms(): no params data found [ 41.686349] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 41.695441] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 41.741725] device hsr_slave_0 entered promiscuous mode [ 41.778943] device hsr_slave_1 entered promiscuous mode [ 41.832199] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 41.841449] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 41.854461] IPVS: ftp: loaded support on port[0] = 21 [ 41.925268] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.932863] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.941409] device bridge_slave_0 entered promiscuous mode [ 41.950193] chnl_net:caif_netlink_parms(): no params data found [ 41.965028] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.971751] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.978822] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.985257] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.994551] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.001649] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.009584] device bridge_slave_1 entered promiscuous mode [ 42.061725] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.074289] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.087263] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.094139] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.102110] device bridge_slave_0 entered promiscuous mode [ 42.123425] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.130626] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.137518] device bridge_slave_1 entered promiscuous mode [ 42.145273] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.152744] team0: Port device team_slave_0 added [ 42.174198] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 42.182463] IPVS: ftp: loaded support on port[0] = 21 [ 42.182472] team0: Port device team_slave_1 added [ 42.199080] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 42.219229] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.229467] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 42.244523] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.321851] device hsr_slave_0 entered promiscuous mode [ 42.358882] device hsr_slave_1 entered promiscuous mode [ 42.398833] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.406701] team0: Port device team_slave_0 added [ 42.414221] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 42.422514] team0: Port device team_slave_1 added [ 42.451041] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 42.463471] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 42.473090] chnl_net:caif_netlink_parms(): no params data found [ 42.491622] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 42.501622] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 42.530951] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.550324] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.561448] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.582620] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.589457] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.597034] device bridge_slave_0 entered promiscuous mode [ 42.604896] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.611603] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.619085] device bridge_slave_1 entered promiscuous mode [ 42.672179] device hsr_slave_0 entered promiscuous mode [ 42.708624] device hsr_slave_1 entered promiscuous mode [ 42.740815] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 42.749204] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.755591] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 42.775903] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.786454] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.797079] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.813227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.821922] IPVS: ftp: loaded support on port[0] = 21 [ 42.822105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.837893] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 42.848415] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 42.854487] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.876005] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.883622] team0: Port device team_slave_0 added [ 42.890252] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 42.899799] team0: Port device team_slave_1 added [ 42.905472] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 42.917969] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 42.926779] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 42.934705] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 42.948996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.957003] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.965790] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.972676] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.051915] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 43.100494] device hsr_slave_0 entered promiscuous mode [ 43.138298] device hsr_slave_1 entered promiscuous mode [ 43.180791] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 43.189554] chnl_net:caif_netlink_parms(): no params data found [ 43.209240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.215792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.225143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.233616] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.240831] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.253608] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 43.266403] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 43.286632] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 43.295992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 43.323856] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 43.334135] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 43.350574] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 43.358269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.366438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.373814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 43.387380] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 43.393692] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.401498] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 43.410785] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.417128] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.424237] device bridge_slave_0 entered promiscuous mode [ 43.431006] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.437467] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.444856] device bridge_slave_1 entered promiscuous mode [ 43.455612] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 43.465595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 43.474228] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.482056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.490134] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.497926] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.504538] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.512466] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 43.519521] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 43.591831] chnl_net:caif_netlink_parms(): no params data found [ 43.617157] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 43.626755] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 43.640814] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.653804] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.662170] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 43.669878] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.677964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 43.686752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.697580] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 43.706151] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 43.725643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.733528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.741817] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.748230] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.755380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 43.762995] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.772316] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 43.794134] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 43.800855] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 43.807877] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 43.825465] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.832011] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.840251] team0: Port device team_slave_0 added [ 43.845750] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.853244] team0: Port device team_slave_1 added [ 43.859987] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 43.869357] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 43.883587] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.890714] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.897976] device bridge_slave_0 entered promiscuous mode [ 43.904621] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.911632] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.918967] device bridge_slave_1 entered promiscuous mode [ 43.925234] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.933512] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 43.941453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 43.949542] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.961204] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 43.972704] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 43.980756] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 43.994314] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.015596] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 44.023470] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.030428] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 44.037181] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 44.045685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 44.054982] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.074575] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.120193] device hsr_slave_0 entered promiscuous mode [ 44.177964] device hsr_slave_1 entered promiscuous mode [ 44.219637] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 44.227080] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 44.237866] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 44.249062] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 44.267156] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.275588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.283221] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.291404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.298671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.307311] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 44.318838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.330875] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.339735] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 44.346986] team0: Port device team_slave_0 added [ 44.353685] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.361953] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 44.368110] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.374865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.382786] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.391577] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 44.398586] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.411199] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 44.418702] team0: Port device team_slave_1 added [ 44.424389] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.434272] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 44.447318] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.462860] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.471327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.479003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.487186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.496290] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.504458] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.511042] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.521060] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 44.527304] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.536138] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.550440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.560883] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.620278] device hsr_slave_0 entered promiscuous mode [ 44.626451] audit: type=1400 audit(1591315293.367:11): avc: denied { create } for pid=7131 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 [ 44.636554] FAULT_INJECTION: forcing a failure. [ 44.636554] name failslab, interval 1, probability 0, space 0, times 1 [ 44.653909] audit: type=1400 audit(1591315293.367:12): avc: denied { name_bind } for pid=7131 comm="syz-executor.0" src=20003 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 44.659249] CPU: 1 PID: 7137 Comm: syz-executor.0 Not tainted 4.14.183-syzkaller #0 [ 44.686549] audit: type=1400 audit(1591315293.367:13): avc: denied { node_bind } for pid=7131 comm="syz-executor.0" src=20003 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 [ 44.689003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.689007] Call Trace: [ 44.689018] dump_stack+0xf7/0x13b [ 44.689027] should_fail.cold.3+0x105/0x14b [ 44.689037] should_failslab+0xba/0xf0 [ 44.689045] kmem_cache_alloc_trace+0x4b/0x7a0 [ 44.689053] ? trace_hardirqs_off+0x10/0x10 [ 44.689062] dccp_ackvec_parsed_add+0x51/0x220 [ 44.689072] ccid2_hc_tx_parse_options+0x5b/0x80 [ 44.689079] dccp_parse_options+0x532/0xf20 [ 44.689091] dccp_rcv_established+0x23/0x70 [ 44.717956] audit: type=1400 audit(1591315293.367:14): avc: denied { name_connect } for pid=7131 comm="syz-executor.0" dest=20003 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 44.721545] dccp_v4_do_rcv+0xfa/0x160 [ 44.721554] __release_sock+0x10b/0x340 [ 44.721563] release_sock+0x4f/0x180 [ 44.724638] audit: type=1400 audit(1591315293.367:15): avc: denied { write } for pid=7131 comm="syz-executor.0" path="socket:[25615]" dev="sockfs" ino=25615 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 [ 44.727878] dccp_sendmsg+0x4ab/0xc70 [ 44.727885] ? import_iovec+0x96/0x420 [ 44.727892] ? dccp_getsockopt+0xd0/0xd0 [ 44.727901] ? copy_msghdr_from_user+0x201/0x3f0 [ 44.727911] inet_sendmsg+0x108/0x440 [ 44.727918] ? security_socket_sendmsg+0x6a/0xa0 [ 44.727923] ? inet_recvmsg+0x640/0x640 [ 44.727927] sock_sendmsg+0xb5/0xf0 [ 44.727932] ___sys_sendmsg+0x282/0x920 [ 44.727939] ? trace_hardirqs_off+0x10/0x10 [ 44.727945] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 44.727954] ? trace_hardirqs_on+0x10/0x10 [ 44.727959] ? trace_hardirqs_off+0x10/0x10 [ 44.727967] ? __fget+0x1ad/0x2f0 [ 44.727972] ? lock_downgrade+0x7f0/0x7f0 [ 44.727978] ? find_held_lock+0x36/0x1d0 [ 44.727990] ? __might_fault+0xf1/0x1b0 [ 44.728005] __sys_sendmmsg+0x126/0x300 [ 44.901627] ? SyS_sendmsg+0x20/0x20 [ 44.905336] ? __sb_end_write+0xa4/0xd0 [ 44.909467] ? mutex_unlock+0xd/0x10 [ 44.913164] ? SyS_write+0x1c5/0x250 [ 44.916901] ? do_syscall_64+0x4c/0x5b0 [ 44.920865] ? __sys_sendmmsg+0x300/0x300 [ 44.925389] SyS_sendmmsg+0xd/0x20 [ 44.928910] do_syscall_64+0x1c7/0x5b0 [ 44.932795] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.937625] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 44.942818] RIP: 0033:0x45a219 [ 44.946003] RSP: 002b:00007f212b799c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 44.953707] RAX: ffffffffffffffda RBX: 00007f212b799c90 RCX: 000000000045a219 [ 44.961073] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 44.968410] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 44.975954] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f212b79a6d4 [ 44.983417] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 44.992965] dccp_parse_options: DCCP(ffff8880970380c0): Option 38 (len=1) error=5 [ 45.001532] device hsr_slave_1 entered promiscuous mode [ 45.052721] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 45.059952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.068459] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.075967] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.082454] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.090165] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.102945] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.111443] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 45.125095] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 45.140152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.154205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.163868] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.170630] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.181653] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.192104] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 45.202652] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.210925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 45.219275] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 45.226086] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 45.233416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.241554] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.250165] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.256705] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.266089] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 45.278971] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.289151] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.299830] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.308595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 45.316671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 45.327438] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 45.348019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 45.356075] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.364946] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.373863] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 45.388382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 45.397525] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 45.405518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 45.413698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.431293] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.439443] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 45.449694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 45.458313] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.465809] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.475036] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 45.483614] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 45.495994] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 45.504932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.513053] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.520696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 45.529188] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.539752] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 45.549365] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 45.558846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.565373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.573242] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.581316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.589695] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.599765] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 45.608125] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 45.616055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.623909] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.631966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.638928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.647229] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 45.653374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 45.664011] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 45.673116] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.681003] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 45.697858] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 45.704113] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 45.714013] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.733846] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 45.743857] FAULT_INJECTION: forcing a failure. [ 45.743857] name failslab, interval 1, probability 0, space 0, times 0 [ 45.752654] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 45.756044] CPU: 1 PID: 7150 Comm: syz-executor.2 Not tainted 4.14.183-syzkaller #0 [ 45.762389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.769384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.769388] Call Trace: [ 45.769401] dump_stack+0xf7/0x13b [ 45.769412] should_fail.cold.3+0x105/0x14b [ 45.769422] should_failslab+0xba/0xf0 [ 45.769429] kmem_cache_alloc_trace+0x4b/0x7a0 2020/06/05 00:01:34 executed programs: 7 [ 45.769438] ? trace_hardirqs_off+0x10/0x10 [ 45.769447] dccp_ackvec_parsed_add+0x51/0x220 [ 45.769454] ccid2_hc_tx_parse_options+0x5b/0x80 [ 45.769461] dccp_parse_options+0x532/0xf20 [ 45.769478] dccp_rcv_established+0x23/0x70 [ 45.769483] dccp_v4_do_rcv+0xfa/0x160 [ 45.769492] __release_sock+0x10b/0x340 [ 45.769502] release_sock+0x4f/0x180 [ 45.769508] dccp_sendmsg+0x4ab/0xc70 [ 45.769514] ? import_iovec+0x96/0x420 [ 45.769522] ? dccp_getsockopt+0xd0/0xd0 [ 45.769531] ? copy_msghdr_from_user+0x201/0x3f0 [ 45.769535] ? find_held_lock+0x36/0x1d0 [ 45.769544] inet_sendmsg+0x108/0x440 [ 45.769551] ? security_socket_sendmsg+0x6a/0xa0 [ 45.769556] ? inet_recvmsg+0x640/0x640 [ 45.769561] sock_sendmsg+0xb5/0xf0 [ 45.769567] ___sys_sendmsg+0x282/0x920 [ 45.769571] ? trace_hardirqs_off+0x10/0x10 [ 45.769577] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 45.769586] ? trace_hardirqs_on+0x10/0x10 [ 45.769591] ? trace_hardirqs_off+0x10/0x10 [ 45.769598] ? __fget+0x1ad/0x2f0 [ 45.769603] ? lock_downgrade+0x7f0/0x7f0 [ 45.769608] ? find_held_lock+0x36/0x1d0 [ 45.769618] ? __might_fault+0xf1/0x1b0 [ 45.769631] __sys_sendmmsg+0x126/0x300 [ 45.769637] ? SyS_sendmsg+0x20/0x20 [ 45.769653] ? __sb_end_write+0xa4/0xd0 [ 45.769660] ? mutex_unlock+0xd/0x10 [ 45.769667] ? SyS_write+0x1c5/0x250 [ 45.769677] ? do_syscall_64+0x4c/0x5b0 [ 45.769683] ? __sys_sendmmsg+0x300/0x300 [ 45.769688] SyS_sendmmsg+0xd/0x20 [ 45.769693] do_syscall_64+0x1c7/0x5b0 [ 45.769697] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.769707] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 45.769712] RIP: 0033:0x45a219 [ 45.769716] RSP: 002b:00007f8ae7a5ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 45.769723] RAX: ffffffffffffffda RBX: 00007f8ae7a5ac90 RCX: 000000000045a219 [ 45.769726] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 45.769729] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 45.769732] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8ae7a5b6d4 [ 45.769735] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 45.788959] dccp_parse_options: DCCP(ffff888091277500): Option 38 (len=1) error=5 [ 45.792794] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.032799] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.039203] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.046130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.053384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.063211] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.076064] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 46.083930] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 46.094312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.102563] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.110778] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.117437] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.125204] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 46.132397] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 46.143115] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.158096] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.164429] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.171968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.181913] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.190928] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 46.200338] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.208108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.216389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.225000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.233188] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.239870] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.247895] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 46.255488] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 46.267908] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.274993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 46.283431] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 46.293102] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 46.299995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.310420] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.318656] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.327133] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.335330] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 46.350176] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.357528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.365441] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.374735] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.381248] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.388629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.396512] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.406254] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.415267] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 46.428869] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 46.436602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.446360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.455555] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.464287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.473139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.483795] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.497302] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 46.503358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.524321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.537676] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 46.546562] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 46.561733] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 46.570537] FAULT_INJECTION: forcing a failure. [ 46.570537] name failslab, interval 1, probability 0, space 0, times 0 [ 46.570803] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 46.588844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.594543] CPU: 1 PID: 7176 Comm: syz-executor.4 Not tainted 4.14.183-syzkaller #0 [ 46.598194] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.604077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.611849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.621915] Call Trace: [ 46.621928] dump_stack+0xf7/0x13b [ 46.621937] should_fail.cold.3+0x105/0x14b [ 46.621946] should_failslab+0xba/0xf0 [ 46.621953] kmem_cache_alloc+0x47/0x790 [ 46.621960] ? dccp_feat_clone_list+0x3c0/0x3c0 [ 46.621969] dccp_ackvec_update_records+0x25/0x3e0 [ 46.621975] dccp_insert_options+0x68e/0xb70 [ 46.621986] dccp_transmit_skb+0x194/0x1250 [ 46.621993] ? skb_unlink+0xeb/0x160 [ 46.622001] dccp_xmit_packet+0x1a6/0x580 [ 46.622009] dccp_write_xmit+0x125/0x180 [ 46.622015] dccp_sendmsg+0x556/0xc70 [ 46.622020] ? import_iovec+0x96/0x420 [ 46.622030] ? dccp_getsockopt+0xd0/0xd0 [ 46.622040] ? copy_msghdr_from_user+0x201/0x3f0 [ 46.622046] ? find_held_lock+0x36/0x1d0 [ 46.622055] inet_sendmsg+0x108/0x440 [ 46.622063] ? security_socket_sendmsg+0x6a/0xa0 [ 46.622067] ? inet_recvmsg+0x640/0x640 [ 46.622071] sock_sendmsg+0xb5/0xf0 [ 46.622077] ___sys_sendmsg+0x282/0x920 [ 46.622082] ? trace_hardirqs_off+0x10/0x10 [ 46.622087] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 46.622095] ? trace_hardirqs_on+0x10/0x10 [ 46.622101] ? trace_hardirqs_off+0x10/0x10 [ 46.622108] ? __fget+0x1ad/0x2f0 [ 46.622112] ? lock_downgrade+0x7f0/0x7f0 [ 46.622118] ? find_held_lock+0x36/0x1d0 [ 46.622129] ? __might_fault+0xf1/0x1b0 [ 46.622141] __sys_sendmmsg+0x126/0x300 [ 46.622148] ? SyS_sendmsg+0x20/0x20 [ 46.622164] ? __sb_end_write+0xa4/0xd0 [ 46.640089] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.644086] ? mutex_unlock+0xd/0x10 [ 46.644094] ? SyS_write+0x1c5/0x250 [ 46.644105] ? do_syscall_64+0x4c/0x5b0 [ 46.648821] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 46.653357] ? __sys_sendmmsg+0x300/0x300 [ 46.653362] SyS_sendmmsg+0xd/0x20 [ 46.653368] do_syscall_64+0x1c7/0x5b0 [ 46.653374] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.661075] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 46.662723] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 46.662728] RIP: 0033:0x45a219 [ 46.662732] RSP: 002b:00007f1fc106cc78 EFLAGS: 00000246 [ 46.668534] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.670727] ORIG_RAX: 0000000000000133 [ 46.670732] RAX: ffffffffffffffda RBX: 00007f1fc106cc90 RCX: 000000000045a219 [ 46.670735] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 46.670738] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 46.670741] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1fc106d6d4 [ 46.670743] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 46.882194] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 46.914467] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.922980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.932196] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.943201] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 46.950662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.971603] FAULT_INJECTION: forcing a failure. [ 46.971603] name failslab, interval 1, probability 0, space 0, times 0 [ 46.987519] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.995492] CPU: 0 PID: 7193 Comm: syz-executor.4 Not tainted 4.14.183-syzkaller #0 [ 47.003535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.013239] Call Trace: [ 47.015826] dump_stack+0xf7/0x13b [ 47.019553] should_fail.cold.3+0x105/0x14b [ 47.023868] should_failslab+0xba/0xf0 [ 47.027749] kmem_cache_alloc_trace+0x4b/0x7a0 [ 47.032426] ? trace_hardirqs_off+0x10/0x10 [ 47.036738] dccp_ackvec_parsed_add+0x51/0x220 [ 47.041886] ccid2_hc_tx_parse_options+0x5b/0x80 [ 47.046819] dccp_parse_options+0x532/0xf20 [ 47.051132] dccp_rcv_established+0x23/0x70 [ 47.055540] dccp_v4_do_rcv+0xfa/0x160 [ 47.059408] __release_sock+0x10b/0x340 [ 47.063476] release_sock+0x4f/0x180 [ 47.068669] dccp_sendmsg+0x4ab/0xc70 [ 47.072469] ? import_iovec+0x96/0x420 [ 47.076548] ? dccp_getsockopt+0xd0/0xd0 [ 47.080597] ? copy_msghdr_from_user+0x201/0x3f0 [ 47.087092] ? find_held_lock+0x36/0x1d0 [ 47.091518] inet_sendmsg+0x108/0x440 [ 47.095437] ? security_socket_sendmsg+0x6a/0xa0 [ 47.100243] ? inet_recvmsg+0x640/0x640 [ 47.104237] sock_sendmsg+0xb5/0xf0 [ 47.108001] ___sys_sendmsg+0x282/0x920 [ 47.111968] ? trace_hardirqs_off+0x10/0x10 [ 47.116365] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 47.121439] ? trace_hardirqs_on+0x10/0x10 [ 47.125891] ? trace_hardirqs_off+0x10/0x10 [ 47.130222] ? __fget+0x1ad/0x2f0 [ 47.133664] ? lock_downgrade+0x7f0/0x7f0 [ 47.137807] ? find_held_lock+0x36/0x1d0 [ 47.141996] ? __might_fault+0xf1/0x1b0 [ 47.145968] __sys_sendmmsg+0x126/0x300 [ 47.149942] ? SyS_sendmsg+0x20/0x20 [ 47.153653] ? __sb_end_write+0xa4/0xd0 [ 47.157612] ? mutex_unlock+0xd/0x10 [ 47.161417] ? SyS_write+0x1c5/0x250 [ 47.165224] ? do_syscall_64+0x4c/0x5b0 [ 47.169196] ? __sys_sendmmsg+0x300/0x300 [ 47.174132] SyS_sendmmsg+0xd/0x20 [ 47.177775] do_syscall_64+0x1c7/0x5b0 [ 47.181643] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.186570] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 47.191864] RIP: 0033:0x45a219 [ 47.195030] RSP: 002b:00007f1fc106cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 47.202732] RAX: ffffffffffffffda RBX: 00007f1fc106cc90 RCX: 000000000045a219 [ 47.210035] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 47.217298] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 47.224867] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1fc106d6d4 [ 47.233079] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 47.257424] dccp_parse_options: DCCP(ffff888091276b40): Option 38 (len=1) error=5 [ 47.259168] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 47.291401] FAULT_INJECTION: forcing a failure. [ 47.291401] name failslab, interval 1, probability 0, space 0, times 0 [ 47.305130] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.314867] CPU: 0 PID: 7200 Comm: syz-executor.3 Not tainted 4.14.183-syzkaller #0 [ 47.322808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.328845] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 47.333222] Call Trace: [ 47.333236] dump_stack+0xf7/0x13b [ 47.333247] should_fail.cold.3+0x105/0x14b [ 47.333257] should_failslab+0xba/0xf0 [ 47.333265] kmem_cache_alloc_trace+0x4b/0x7a0 [ 47.333275] ? trace_hardirqs_off+0x10/0x10 [ 47.333284] dccp_ackvec_parsed_add+0x51/0x220 [ 47.333290] ccid2_hc_tx_parse_options+0x5b/0x80 [ 47.340999] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 47.341992] dccp_parse_options+0x532/0xf20 [ 47.342007] dccp_rcv_established+0x23/0x70 [ 47.342013] dccp_v4_do_rcv+0xfa/0x160 [ 47.342023] __release_sock+0x10b/0x340 [ 47.342033] release_sock+0x4f/0x180 [ 47.354885] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.358980] dccp_sendmsg+0x4ab/0xc70 [ 47.358988] ? import_iovec+0x96/0x420 [ 47.358998] ? dccp_getsockopt+0xd0/0xd0 [ 47.359009] ? copy_msghdr_from_user+0x201/0x3f0 [ 47.359016] ? find_held_lock+0x36/0x1d0 [ 47.359026] inet_sendmsg+0x108/0x440 [ 47.359033] ? security_socket_sendmsg+0x6a/0xa0 [ 47.359039] ? inet_recvmsg+0x640/0x640 [ 47.442280] sock_sendmsg+0xb5/0xf0 [ 47.445989] ___sys_sendmsg+0x282/0x920 [ 47.450240] ? trace_hardirqs_off+0x10/0x10 [ 47.454815] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 47.459737] ? trace_hardirqs_on+0x10/0x10 [ 47.464032] ? trace_hardirqs_off+0x10/0x10 [ 47.469159] ? __fget+0x1ad/0x2f0 [ 47.472918] ? lock_downgrade+0x7f0/0x7f0 [ 47.477243] ? find_held_lock+0x36/0x1d0 [ 47.481871] ? __might_fault+0xf1/0x1b0 [ 47.486070] __sys_sendmmsg+0x126/0x300 [ 47.490150] ? SyS_sendmsg+0x20/0x20 [ 47.494179] ? __sb_end_write+0xa4/0xd0 [ 47.498772] ? mutex_unlock+0xd/0x10 [ 47.503072] ? SyS_write+0x1c5/0x250 [ 47.506782] ? do_syscall_64+0x4c/0x5b0 [ 47.510771] ? __sys_sendmmsg+0x300/0x300 [ 47.515569] SyS_sendmmsg+0xd/0x20 [ 47.519280] do_syscall_64+0x1c7/0x5b0 [ 47.523369] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.529017] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 47.534439] RIP: 0033:0x45a219 [ 47.537657] RSP: 002b:00007fd9a5188c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 47.545675] RAX: ffffffffffffffda RBX: 00007fd9a5188c90 RCX: 000000000045a219 [ 47.553072] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 47.560445] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 47.567713] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd9a51896d4 [ 47.575254] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 47.597269] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 47.604032] dccp_parse_options: DCCP(ffff88808d673580): Option 38 (len=1) error=5 [ 47.629921] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 47.732102] FAULT_INJECTION: forcing a failure. [ 47.732102] name failslab, interval 1, probability 0, space 0, times 0 [ 47.745326] CPU: 0 PID: 7233 Comm: syz-executor.5 Not tainted 4.14.183-syzkaller #0 [ 47.753314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.763635] Call Trace: [ 47.766295] dump_stack+0xf7/0x13b [ 47.770109] should_fail.cold.3+0x105/0x14b [ 47.774685] should_failslab+0xba/0xf0 [ 47.778725] kmem_cache_alloc_trace+0x4b/0x7a0 [ 47.783391] ? trace_hardirqs_off+0x10/0x10 [ 47.788054] dccp_ackvec_parsed_add+0x51/0x220 [ 47.792851] ccid2_hc_tx_parse_options+0x5b/0x80 [ 47.797871] dccp_parse_options+0x532/0xf20 [ 47.802190] dccp_rcv_established+0x23/0x70 [ 47.806501] dccp_v4_do_rcv+0xfa/0x160 [ 47.810418] __release_sock+0x10b/0x340 [ 47.814495] release_sock+0x4f/0x180 [ 47.818194] dccp_sendmsg+0x4ab/0xc70 [ 47.824269] ? import_iovec+0x96/0x420 [ 47.828209] ? dccp_getsockopt+0xd0/0xd0 [ 47.832283] ? copy_msghdr_from_user+0x201/0x3f0 [ 47.837028] ? find_held_lock+0x36/0x1d0 [ 47.841087] inet_sendmsg+0x108/0x440 [ 47.844940] ? security_socket_sendmsg+0x6a/0xa0 [ 47.849901] ? inet_recvmsg+0x640/0x640 [ 47.853866] sock_sendmsg+0xb5/0xf0 [ 47.857485] ___sys_sendmsg+0x282/0x920 [ 47.861452] ? trace_hardirqs_off+0x10/0x10 [ 47.866112] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 47.870980] ? trace_hardirqs_on+0x10/0x10 [ 47.875222] ? trace_hardirqs_off+0x10/0x10 [ 47.879739] ? __fget+0x1ad/0x2f0 [ 47.883414] ? lock_downgrade+0x7f0/0x7f0 [ 47.888044] ? find_held_lock+0x36/0x1d0 [ 47.892514] ? __might_fault+0xf1/0x1b0 [ 47.896662] __sys_sendmmsg+0x126/0x300 [ 47.900630] ? SyS_sendmsg+0x20/0x20 [ 47.904695] ? __sb_end_write+0xa4/0xd0 [ 47.908974] ? mutex_unlock+0xd/0x10 [ 47.912988] ? SyS_write+0x1c5/0x250 [ 47.916880] ? do_syscall_64+0x4c/0x5b0 [ 47.920844] ? __sys_sendmmsg+0x300/0x300 [ 47.925166] SyS_sendmmsg+0xd/0x20 [ 47.928707] do_syscall_64+0x1c7/0x5b0 [ 47.932623] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.937887] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 47.943272] RIP: 0033:0x45a219 [ 47.946451] RSP: 002b:00007f2c920f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 47.954261] RAX: ffffffffffffffda RBX: 00007f2c920f1c90 RCX: 000000000045a219 [ 47.961518] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 47.968836] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 47.976501] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c920f26d4 [ 47.984226] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 47.997616] dccp_parse_options: DCCP(ffff88808d672bc0): Option 38 (len=1) error=5 [ 48.895201] FAULT_INJECTION: forcing a failure. [ 48.895201] name failslab, interval 1, probability 0, space 0, times 0 [ 48.907506] CPU: 0 PID: 7248 Comm: syz-executor.1 Not tainted 4.14.183-syzkaller #0 [ 48.915322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.924752] Call Trace: [ 48.927337] dump_stack+0xf7/0x13b [ 48.930870] should_fail.cold.3+0x105/0x14b [ 48.935181] should_failslab+0xba/0xf0 [ 48.939120] kmem_cache_alloc+0x47/0x790 [ 48.943832] ? dccp_feat_clone_list+0x3c0/0x3c0 [ 48.948506] dccp_ackvec_update_records+0x25/0x3e0 [ 48.953749] dccp_insert_options+0x68e/0xb70 [ 48.958244] dccp_transmit_skb+0x194/0x1250 [ 48.962560] ? skb_unlink+0xeb/0x160 [ 48.966408] dccp_xmit_packet+0x1a6/0x580 [ 48.970546] dccp_write_xmit+0x125/0x180 [ 48.974589] dccp_sendmsg+0x556/0xc70 [ 48.978381] ? import_iovec+0x96/0x420 [ 48.982251] ? dccp_getsockopt+0xd0/0xd0 [ 48.986315] ? copy_msghdr_from_user+0x201/0x3f0 [ 48.991057] ? find_held_lock+0x36/0x1d0 [ 48.995110] inet_sendmsg+0x108/0x440 [ 48.998892] ? security_socket_sendmsg+0x6a/0xa0 [ 49.003632] ? inet_recvmsg+0x640/0x640 [ 49.007590] sock_sendmsg+0xb5/0xf0 [ 49.011319] ___sys_sendmsg+0x282/0x920 [ 49.015369] ? trace_hardirqs_off+0x10/0x10 [ 49.019716] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 49.024482] ? trace_hardirqs_on+0x10/0x10 [ 49.028903] ? trace_hardirqs_off+0x10/0x10 [ 49.033234] ? __fget+0x1ad/0x2f0 [ 49.036873] ? lock_downgrade+0x7f0/0x7f0 [ 49.041735] ? find_held_lock+0x36/0x1d0 [ 49.046242] ? __might_fault+0xf1/0x1b0 [ 49.050229] __sys_sendmmsg+0x126/0x300 [ 49.054233] ? SyS_sendmsg+0x20/0x20 [ 49.057933] ? __sb_end_write+0xa4/0xd0 [ 49.061888] ? mutex_unlock+0xd/0x10 [ 49.065576] ? SyS_write+0x1c5/0x250 [ 49.069286] ? do_syscall_64+0x4c/0x5b0 [ 49.073448] ? __sys_sendmmsg+0x300/0x300 [ 49.077598] SyS_sendmmsg+0xd/0x20 [ 49.081129] do_syscall_64+0x1c7/0x5b0 [ 49.085007] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.090615] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 49.096164] RIP: 0033:0x45a219 [ 49.099334] RSP: 002b:00007f23d611cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 49.107234] RAX: ffffffffffffffda RBX: 00007f23d611cc90 RCX: 000000000045a219 [ 49.114508] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 49.121757] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 49.129469] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f23d611d6d4 [ 49.136778] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 49.190557] FAULT_INJECTION: forcing a failure. [ 49.190557] name failslab, interval 1, probability 0, space 0, times 0 [ 49.202353] CPU: 0 PID: 7258 Comm: syz-executor.1 Not tainted 4.14.183-syzkaller #0 [ 49.210821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.220201] Call Trace: [ 49.222785] dump_stack+0xf7/0x13b [ 49.226750] should_fail.cold.3+0x105/0x14b [ 49.231324] should_failslab+0xba/0xf0 [ 49.235306] kmem_cache_alloc_trace+0x4b/0x7a0 [ 49.239981] ? trace_hardirqs_off+0x10/0x10 [ 49.244698] dccp_ackvec_parsed_add+0x51/0x220 [ 49.249819] ccid2_hc_tx_parse_options+0x5b/0x80 [ 49.254629] dccp_parse_options+0x532/0xf20 [ 49.258955] dccp_rcv_established+0x23/0x70 [ 49.263284] dccp_v4_do_rcv+0xfa/0x160 [ 49.267614] __release_sock+0x10b/0x340 [ 49.271675] release_sock+0x4f/0x180 [ 49.275576] dccp_sendmsg+0x4ab/0xc70 [ 49.279383] ? import_iovec+0x96/0x420 [ 49.283275] ? dccp_getsockopt+0xd0/0xd0 [ 49.287331] ? copy_msghdr_from_user+0x201/0x3f0 [ 49.292074] ? find_held_lock+0x36/0x1d0 [ 49.296210] inet_sendmsg+0x108/0x440 [ 49.299996] ? security_socket_sendmsg+0x6a/0xa0 [ 49.304754] ? inet_recvmsg+0x640/0x640 [ 49.308837] sock_sendmsg+0xb5/0xf0 [ 49.312639] ___sys_sendmsg+0x282/0x920 [ 49.316605] ? trace_hardirqs_off+0x10/0x10 [ 49.320951] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 49.325750] ? trace_hardirqs_on+0x10/0x10 [ 49.330089] ? trace_hardirqs_off+0x10/0x10 [ 49.334411] ? __fget+0x1ad/0x2f0 [ 49.338035] ? lock_downgrade+0x7f0/0x7f0 [ 49.342255] ? find_held_lock+0x36/0x1d0 [ 49.346737] ? __might_fault+0xf1/0x1b0 [ 49.350830] __sys_sendmmsg+0x126/0x300 [ 49.354789] ? SyS_sendmsg+0x20/0x20 [ 49.358505] ? __sb_end_write+0xa4/0xd0 [ 49.362639] ? mutex_unlock+0xd/0x10 [ 49.366428] ? SyS_write+0x1c5/0x250 [ 49.370156] ? do_syscall_64+0x4c/0x5b0 [ 49.374120] ? __sys_sendmmsg+0x300/0x300 [ 49.378253] SyS_sendmmsg+0xd/0x20 [ 49.382044] do_syscall_64+0x1c7/0x5b0 [ 49.385943] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.390785] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 49.395979] RIP: 0033:0x45a219 [ 49.399177] RSP: 002b:00007f23d611cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 49.406867] RAX: ffffffffffffffda RBX: 00007f23d611cc90 RCX: 000000000045a219 [ 49.414127] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 49.421747] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 49.429005] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f23d611d6d4 [ 49.436804] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 49.457398] dccp_parse_options: DCCP(ffff888086867540): Option 38 (len=1) error=5 2020/06/05 00:01:39 executed programs: 34 2020/06/05 00:01:45 executed programs: 71 2020/06/05 00:01:50 executed programs: 112 2020/06/05 00:01:55 executed programs: 149 2020/06/05 00:02:00 executed programs: 188 2020/06/05 00:02:05 executed programs: 226 2020/06/05 00:02:11 executed programs: 263 2020/06/05 00:02:16 executed programs: 302 2020/06/05 00:02:21 executed programs: 341 2020/06/05 00:02:26 executed programs: 379 2020/06/05 00:02:31 executed programs: 418 [ 105.443818] FAULT_INJECTION: forcing a failure. [ 105.443818] name failslab, interval 1, probability 0, space 0, times 0 [ 105.455924] CPU: 0 PID: 9276 Comm: syz-executor.0 Not tainted 4.14.183-syzkaller #0 [ 105.464332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 105.473939] Call Trace: [ 105.476520] dump_stack+0xf7/0x13b [ 105.480140] should_fail.cold.3+0x105/0x14b [ 105.485349] should_failslab+0xba/0xf0 [ 105.489312] kmem_cache_alloc_trace+0x2ea/0x7a0 [ 105.494247] ? trace_hardirqs_off+0x10/0x10 [ 105.498559] dccp_feat_entry_new+0x140/0x360 [ 105.503188] dccp_feat_push_confirm+0x26/0x280 [ 105.507779] dccp_feat_parse_options+0xfe3/0x1a10 [ 105.512831] ? dccp_ackvec_parsed_add+0x51/0x220 [ 105.517930] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 105.524548] ? trace_hardirqs_off+0x10/0x10 [ 105.529111] ? dccp_ackvec_parsed_add+0x115/0x220 [ 105.534802] dccp_parse_options+0x840/0xf20 [ 105.539123] dccp_rcv_established+0x23/0x70 [ 105.543450] dccp_v4_do_rcv+0xfa/0x160 [ 105.547436] __release_sock+0x10b/0x340 [ 105.551420] release_sock+0x4f/0x180 [ 105.555217] dccp_sendmsg+0x4ab/0xc70 [ 105.559008] ? import_iovec+0x96/0x420 [ 105.562878] ? dccp_getsockopt+0xd0/0xd0 [ 105.566969] ? copy_msghdr_from_user+0x201/0x3f0 [ 105.571825] ? find_held_lock+0x36/0x1d0 [ 105.575876] inet_sendmsg+0x108/0x440 [ 105.579760] ? security_socket_sendmsg+0x6a/0xa0 [ 105.584505] ? inet_recvmsg+0x640/0x640 [ 105.588816] sock_sendmsg+0xb5/0xf0 [ 105.592554] ___sys_sendmsg+0x282/0x920 [ 105.596617] ? trace_hardirqs_off+0x10/0x10 [ 105.601308] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 105.606078] ? trace_hardirqs_on+0x10/0x10 [ 105.610729] ? trace_hardirqs_off+0x10/0x10 [ 105.615515] ? __fget+0x1ad/0x2f0 [ 105.619446] ? lock_downgrade+0x7f0/0x7f0 [ 105.623776] ? find_held_lock+0x36/0x1d0 [ 105.628159] ? __might_fault+0xf1/0x1b0 [ 105.632157] __sys_sendmmsg+0x126/0x300 [ 105.636134] ? SyS_sendmsg+0x20/0x20 [ 105.639984] ? __sb_end_write+0xa4/0xd0 [ 105.644071] ? mutex_unlock+0xd/0x10 [ 105.647792] ? SyS_write+0x1c5/0x250 [ 105.651665] ? do_syscall_64+0x4c/0x5b0 [ 105.655867] ? __sys_sendmmsg+0x300/0x300 [ 105.660129] SyS_sendmmsg+0xd/0x20 [ 105.663756] do_syscall_64+0x1c7/0x5b0 [ 105.667661] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 105.672686] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 105.677978] RIP: 0033:0x45a219 [ 105.681406] RSP: 002b:00007f212b7bac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 105.689564] RAX: ffffffffffffffda RBX: 00007f212b7bac90 RCX: 000000000045a219 [ 105.697415] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 105.705177] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 105.712861] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f212b7bb6d4 [ 105.720655] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 105.738384] dccp_parse_options: DCCP(ffff888091276180): Option 32 (len=7) error=9 [ 105.747028] ================================================================== [ 105.755465] BUG: KASAN: use-after-free in ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 105.762943] Read of size 1 at addr ffff8880a6f3d65d by task syz-executor.0/9276 [ 105.770563] [ 105.772197] CPU: 0 PID: 9276 Comm: syz-executor.0 Not tainted 4.14.183-syzkaller #0 [ 105.780082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 105.789557] Call Trace: [ 105.792146] dump_stack+0xf7/0x13b [ 105.795843] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 105.801193] print_address_description.cold.7+0x9/0x1c9 [ 105.807078] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 105.812307] kasan_report.cold.8+0x11a/0x2d3 [ 105.816705] __asan_report_load1_noabort+0x14/0x20 [ 105.821622] ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 105.826573] ? dccp_ackvec_clear_state+0x33e/0x7e0 [ 105.831569] ? rcu_read_lock_sched_held+0x108/0x120 [ 105.836710] dccp_deliver_input_to_ccids+0x19f/0x210 [ 105.842590] dccp_rcv_established+0x49/0x70 [ 105.846956] dccp_v4_do_rcv+0xfa/0x160 [ 105.851018] __release_sock+0x10b/0x340 [ 105.855108] release_sock+0x4f/0x180 [ 105.860036] dccp_sendmsg+0x4ab/0xc70 [ 105.864118] ? import_iovec+0x96/0x420 [ 105.868003] ? dccp_getsockopt+0xd0/0xd0 [ 105.872489] ? copy_msghdr_from_user+0x201/0x3f0 [ 105.879850] ? find_held_lock+0x36/0x1d0 [ 105.884080] inet_sendmsg+0x108/0x440 [ 105.888663] ? security_socket_sendmsg+0x6a/0xa0 [ 105.893429] ? inet_recvmsg+0x640/0x640 [ 105.897705] sock_sendmsg+0xb5/0xf0 [ 105.901445] ___sys_sendmsg+0x282/0x920 [ 105.905453] ? trace_hardirqs_off+0x10/0x10 [ 105.910079] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 105.915783] ? trace_hardirqs_on+0x10/0x10 [ 105.921055] ? trace_hardirqs_off+0x10/0x10 [ 105.925398] ? __fget+0x1ad/0x2f0 [ 105.928844] ? lock_downgrade+0x7f0/0x7f0 [ 105.932983] ? find_held_lock+0x36/0x1d0 [ 105.937131] ? __might_fault+0xf1/0x1b0 [ 105.941190] __sys_sendmmsg+0x126/0x300 [ 105.946112] ? SyS_sendmsg+0x20/0x20 [ 105.950002] ? __sb_end_write+0xa4/0xd0 [ 105.953977] ? mutex_unlock+0xd/0x10 [ 105.958215] ? SyS_write+0x1c5/0x250 [ 105.961913] ? do_syscall_64+0x4c/0x5b0 [ 105.966046] ? __sys_sendmmsg+0x300/0x300 [ 105.970288] SyS_sendmmsg+0xd/0x20 [ 105.974018] do_syscall_64+0x1c7/0x5b0 [ 105.978045] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 105.982877] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 105.989869] RIP: 0033:0x45a219 [ 105.994428] RSP: 002b:00007f212b7bac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 106.003017] RAX: ffffffffffffffda RBX: 00007f212b7bac90 RCX: 000000000045a219 [ 106.010296] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 106.017655] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 106.025220] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f212b7bb6d4 [ 106.032691] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 106.040099] [ 106.041747] Allocated by task 9276: [ 106.045414] save_stack_trace+0x16/0x20 [ 106.049464] save_stack+0x43/0xd0 [ 106.053096] kasan_kmalloc+0xc7/0xe0 [ 106.056796] __kmalloc_node_track_caller+0x50/0x70 [ 106.061731] __kmalloc_reserve.isra.36+0x2c/0xc0 [ 106.066790] __alloc_skb+0xc1/0x500 [ 106.070424] dccp_send_ack+0xb3/0x340 [ 106.074465] ccid2_hc_rx_packet_recv+0xf9/0x170 [ 106.079215] dccp_deliver_input_to_ccids+0xc5/0x210 [ 106.084594] dccp_rcv_established+0x49/0x70 [ 106.089301] dccp_v4_do_rcv+0xfa/0x160 [ 106.093465] __sk_receive_skb+0x1d5/0x820 [ 106.098052] dccp_v4_rcv+0xc26/0x1bbf [ 106.103168] ip_local_deliver_finish+0x230/0x9a0 [ 106.107910] ip_local_deliver+0x1a0/0x410 [ 106.112234] ip_rcv_finish+0x70d/0x1950 [ 106.116312] ip_rcv+0xb43/0x133d [ 106.120214] __netif_receive_skb_core+0x1d1a/0x2e40 [ 106.125476] __netif_receive_skb+0x1f/0x1b0 [ 106.130259] process_backlog+0x1fc/0x710 [ 106.134327] net_rx_action+0x458/0xed0 [ 106.138560] __do_softirq+0x246/0x9b0 [ 106.142798] [ 106.144420] Freed by task 9276: [ 106.148009] save_stack_trace+0x16/0x20 [ 106.152516] save_stack+0x43/0xd0 [ 106.156434] kasan_slab_free+0x71/0xc0 [ 106.160327] kfree+0xcc/0x270 [ 106.163441] skb_free_head+0x74/0x90 [ 106.167202] skb_release_data+0x43b/0x790 [ 106.172043] skb_release_all+0x3d/0x50 [ 106.175930] kfree_skb+0x8a/0x2b0 [ 106.179488] dccp_v4_do_rcv+0x111/0x160 [ 106.185733] __release_sock+0x10b/0x340 [ 106.190065] release_sock+0x4f/0x180 [ 106.193886] dccp_sendmsg+0x4ab/0xc70 [ 106.197962] inet_sendmsg+0x108/0x440 [ 106.201860] sock_sendmsg+0xb5/0xf0 [ 106.205548] ___sys_sendmsg+0x282/0x920 [ 106.209621] __sys_sendmmsg+0x126/0x300 [ 106.213698] SyS_sendmmsg+0xd/0x20 [ 106.217499] do_syscall_64+0x1c7/0x5b0 [ 106.221906] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 106.227453] [ 106.229091] The buggy address belongs to the object at ffff8880a6f3d1c0 [ 106.229091] which belongs to the cache kmalloc-2048 of size 2048 [ 106.242741] The buggy address is located 1181 bytes inside of [ 106.242741] 2048-byte region [ffff8880a6f3d1c0, ffff8880a6f3d9c0) [ 106.255410] The buggy address belongs to the page: [ 106.260812] page:ffffea00029bcf00 count:1 mapcount:0 mapping:ffff8880a6f3c0c0 index:0x0 compound_mapcount: 0 [ 106.271662] flags: 0x1fffc0000008100(slab|head) [ 106.276432] raw: 01fffc0000008100 ffff8880a6f3c0c0 0000000000000000 0000000100000003 [ 106.284299] raw: ffffea000235ef20 ffffea000286bca0 ffff8880aa800c40 0000000000000000 [ 106.293035] page dumped because: kasan: bad access detected [ 106.298870] [ 106.300592] Memory state around the buggy address: [ 106.306498] ffff8880a6f3d500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.313942] ffff8880a6f3d580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.321780] >ffff8880a6f3d600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.329494] ^ [ 106.336060] ffff8880a6f3d680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.345940] ffff8880a6f3d700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.354360] ================================================================== [ 106.362341] Disabling lock debugging due to kernel taint [ 106.369402] Kernel panic - not syncing: panic_on_warn set ... [ 106.369402] [ 106.376879] CPU: 0 PID: 9276 Comm: syz-executor.0 Tainted: G B 4.14.183-syzkaller #0 [ 106.386510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 106.396219] Call Trace: [ 106.398930] dump_stack+0xf7/0x13b [ 106.402599] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 106.408168] panic+0x1b0/0x358 [ 106.411610] ? add_taint.cold.5+0x11/0x11 [ 106.416003] ? ___preempt_schedule+0x16/0x18 [ 106.421018] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 106.426384] kasan_end_report+0x47/0x4f [ 106.430475] kasan_report.cold.8+0x76/0x2d3 [ 106.434807] __asan_report_load1_noabort+0x14/0x20 [ 106.439906] ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 106.445281] ? dccp_ackvec_clear_state+0x33e/0x7e0 [ 106.450467] ? rcu_read_lock_sched_held+0x108/0x120 [ 106.455890] dccp_deliver_input_to_ccids+0x19f/0x210 [ 106.461434] dccp_rcv_established+0x49/0x70 [ 106.466030] dccp_v4_do_rcv+0xfa/0x160 [ 106.470285] __release_sock+0x10b/0x340 [ 106.475649] release_sock+0x4f/0x180 [ 106.479366] dccp_sendmsg+0x4ab/0xc70 [ 106.483153] ? import_iovec+0x96/0x420 [ 106.487030] ? dccp_getsockopt+0xd0/0xd0 [ 106.491251] ? copy_msghdr_from_user+0x201/0x3f0 [ 106.496134] ? find_held_lock+0x36/0x1d0 [ 106.500410] inet_sendmsg+0x108/0x440 [ 106.504204] ? security_socket_sendmsg+0x6a/0xa0 [ 106.509384] ? inet_recvmsg+0x640/0x640 [ 106.513624] sock_sendmsg+0xb5/0xf0 [ 106.517246] ___sys_sendmsg+0x282/0x920 [ 106.521335] ? trace_hardirqs_off+0x10/0x10 [ 106.526294] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 106.531130] ? trace_hardirqs_on+0x10/0x10 [ 106.535694] ? trace_hardirqs_off+0x10/0x10 [ 106.540084] ? __fget+0x1ad/0x2f0 [ 106.543523] ? lock_downgrade+0x7f0/0x7f0 [ 106.548209] ? find_held_lock+0x36/0x1d0 [ 106.552822] ? __might_fault+0xf1/0x1b0 [ 106.556823] __sys_sendmmsg+0x126/0x300 [ 106.561009] ? SyS_sendmsg+0x20/0x20 [ 106.564731] ? __sb_end_write+0xa4/0xd0 [ 106.568889] ? mutex_unlock+0xd/0x10 [ 106.572625] ? SyS_write+0x1c5/0x250 [ 106.576363] ? do_syscall_64+0x4c/0x5b0 [ 106.580330] ? __sys_sendmmsg+0x300/0x300 [ 106.584474] SyS_sendmmsg+0xd/0x20 [ 106.588249] do_syscall_64+0x1c7/0x5b0 [ 106.593160] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 106.598012] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 106.603236] RIP: 0033:0x45a219 [ 106.606413] RSP: 002b:00007f212b7bac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 106.614184] RAX: ffffffffffffffda RBX: 00007f212b7bac90 RCX: 000000000045a219 [ 106.621548] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 106.628804] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 106.636654] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f212b7bb6d4 [ 106.643991] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 106.653519] Kernel Offset: disabled [ 106.657152] Rebooting in 86400 seconds..