[ 39.249791] audit: type=1400 audit(1578325772.227:40): avc: denied { create } for pid=6621 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 39.395366] random: sshd: uninitialized urandom read (32 bytes read) [ 40.098995] random: sshd: uninitialized urandom read (32 bytes read) [ 40.286337] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.61' (ECDSA) to the list of known hosts. 2020/01/06 15:49:39 parsed 1 programs 2020/01/06 15:49:39 executed programs: 0 [ 46.490879] IPVS: ftp: loaded support on port[0] = 21 [ 47.294750] chnl_net:caif_netlink_parms(): no params data found [ 47.302183] IPVS: ftp: loaded support on port[0] = 21 [ 47.345039] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.352001] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.359067] device bridge_slave_0 entered promiscuous mode [ 47.367600] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.374076] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.381008] device bridge_slave_1 entered promiscuous mode [ 47.401920] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 47.411897] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.429014] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.437255] IPVS: ftp: loaded support on port[0] = 21 [ 47.437448] team0: Port device team_slave_0 added [ 47.451484] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.458519] team0: Port device team_slave_1 added [ 47.464078] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.474863] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.542029] device hsr_slave_0 entered promiscuous mode [ 47.580256] device hsr_slave_1 entered promiscuous mode [ 47.662243] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 47.689489] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 47.712420] chnl_net:caif_netlink_parms(): no params data found [ 47.732576] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.739212] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.746333] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.752706] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.776722] IPVS: ftp: loaded support on port[0] = 21 [ 47.796509] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.803411] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.811008] device bridge_slave_0 entered promiscuous mode [ 47.819190] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.825604] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.833156] device bridge_slave_1 entered promiscuous mode [ 47.865507] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 47.874577] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.909112] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.916441] team0: Port device team_slave_0 added [ 47.924081] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.931126] IPVS: ftp: loaded support on port[0] = 21 [ 47.931317] team0: Port device team_slave_1 added [ 47.971976] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.978997] chnl_net:caif_netlink_parms(): no params data found [ 47.999412] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.030718] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 48.036882] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.049357] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 48.102864] device hsr_slave_0 entered promiscuous mode [ 48.180309] device hsr_slave_1 entered promiscuous mode [ 48.242301] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 48.251310] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 48.302449] chnl_net:caif_netlink_parms(): no params data found [ 48.311625] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.317993] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.325062] device bridge_slave_0 entered promiscuous mode [ 48.339141] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 48.345437] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.351819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.359869] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.366689] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.373658] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 48.385533] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.391988] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.398850] device bridge_slave_1 entered promiscuous mode [ 48.420360] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.429060] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.447350] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.455253] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 48.493539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.501432] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.508945] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.515325] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.534401] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.540979] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.547770] device bridge_slave_0 entered promiscuous mode [ 48.556566] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.563757] team0: Port device team_slave_0 added [ 48.569474] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.577624] IPVS: ftp: loaded support on port[0] = 21 [ 48.579433] team0: Port device team_slave_1 added [ 48.589137] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 48.597413] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.603898] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.612398] device bridge_slave_1 entered promiscuous mode [ 48.624128] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.631525] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.641570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.649633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.657363] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.663769] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.674410] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.688007] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.709232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.717507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.727289] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.792076] device hsr_slave_0 entered promiscuous mode [ 48.830584] device hsr_slave_1 entered promiscuous mode [ 48.891351] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.899173] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 48.908916] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 48.928307] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 48.935398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 48.943283] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.952634] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 49.009338] chnl_net:caif_netlink_parms(): no params data found [ 49.017844] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.024942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 49.032743] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.042107] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 49.058772] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.066047] team0: Port device team_slave_0 added [ 49.074989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.083143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.092891] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.099473] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 49.126670] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.134242] team0: Port device team_slave_1 added [ 49.143053] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.150575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.158022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.167323] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 49.173600] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.193706] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.204457] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 49.233931] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.250906] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 49.258485] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 49.272960] chnl_net:caif_netlink_parms(): no params data found [ 49.294466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.301476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.313725] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.320613] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.327453] device bridge_slave_0 entered promiscuous mode [ 49.334765] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.341248] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.348288] device bridge_slave_1 entered promiscuous mode [ 49.374887] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 49.383877] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 49.390550] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.396879] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 49.403768] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 49.452042] device hsr_slave_0 entered promiscuous mode [ 49.490284] device hsr_slave_1 entered promiscuous mode [ 49.532864] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.545869] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 49.554532] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 49.567055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.575364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.583287] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.589707] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.596923] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.607005] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.624419] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.634283] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 49.641919] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 49.663102] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.672550] team0: Port device team_slave_0 added [ 49.688731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.696542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.704433] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.710954] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.719459] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 49.726811] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.737705] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.745298] device bridge_slave_0 entered promiscuous mode [ 49.752429] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.758784] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.765743] device bridge_slave_1 entered promiscuous mode [ 49.773040] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.781041] team0: Port device team_slave_1 added [ 49.787640] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.795486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 49.805495] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.821336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.829101] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.836402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 49.845963] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 49.863664] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.874652] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 49.887457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 49.895740] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.904367] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 49.915642] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.926235] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.938241] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 49.944739] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.951865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 49.959422] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.967658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.974764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.996653] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.010296] team0: Port device team_slave_0 added [ 50.032311] device hsr_slave_0 entered promiscuous mode [ 50.056342] audit: type=1400 audit(1578325783.077:41): avc: denied { name_bind } for pid=6749 comm="syz-executor.1" src=20003 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 50.067534] FAULT_INJECTION: forcing a failure. [ 50.067534] name failslab, interval 1, probability 0, space 0, times 1 [ 50.079385] audit: type=1400 audit(1578325783.077:42): avc: denied { node_bind } for pid=6749 comm="syz-executor.1" src=20003 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 [ 50.095264] device hsr_slave_1 entered promiscuous mode [ 50.116766] audit: type=1400 audit(1578325783.077:43): avc: denied { name_connect } for pid=6749 comm="syz-executor.1" dest=20003 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 50.118552] CPU: 1 PID: 6752 Comm: syz-executor.1 Not tainted 4.14.162-syzkaller #0 [ 50.149085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.158543] Call Trace: [ 50.161120] dump_stack+0xf7/0x13b [ 50.164648] should_fail.cold.3+0x105/0x14b [ 50.169077] should_failslab+0xba/0xf0 [ 50.172953] kmem_cache_alloc_trace+0x4b/0x7a0 [ 50.177688] ? trace_hardirqs_off+0x10/0x10 [ 50.182060] dccp_ackvec_parsed_add+0x51/0x220 [ 50.186634] ccid2_hc_tx_parse_options+0x5b/0x80 [ 50.191587] dccp_parse_options+0x532/0xf20 [ 50.195913] dccp_rcv_established+0x23/0x70 [ 50.200235] dccp_v4_do_rcv+0xfa/0x160 [ 50.204112] __release_sock+0x10b/0x340 [ 50.208070] release_sock+0x4f/0x180 [ 50.211858] dccp_sendmsg+0x4ab/0xc70 [ 50.215645] ? sock_has_perm+0x1d6/0x2c0 [ 50.219838] ? dccp_getsockopt+0xd0/0xd0 [ 50.223895] ? copy_msghdr_from_user+0x201/0x3f0 [ 50.228638] inet_sendmsg+0x108/0x440 [ 50.232552] ? security_socket_sendmsg+0x6a/0xa0 [ 50.237354] ? inet_recvmsg+0x640/0x640 [ 50.241317] sock_sendmsg+0xb5/0xf0 [ 50.244929] ___sys_sendmsg+0x282/0x920 [ 50.248888] ? trace_hardirqs_off+0x10/0x10 [ 50.253194] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 50.257939] ? trace_hardirqs_on+0x10/0x10 [ 50.262157] ? trace_hardirqs_off+0x10/0x10 [ 50.266459] ? __fget+0x1ad/0x2f0 [ 50.269892] ? lock_downgrade+0x7f0/0x7f0 [ 50.274025] ? find_held_lock+0x36/0x1d0 [ 50.278072] ? __might_fault+0xf1/0x1b0 [ 50.282034] __sys_sendmmsg+0x126/0x300 [ 50.285993] ? SyS_sendmsg+0x20/0x20 [ 50.289696] ? __sb_end_write+0xa4/0xd0 [ 50.293655] ? mutex_unlock+0xd/0x10 [ 50.297583] ? SyS_write+0x1c5/0x250 [ 50.301286] ? do_syscall_64+0x4c/0x5b0 [ 50.305262] ? __sys_sendmmsg+0x300/0x300 [ 50.309393] SyS_sendmmsg+0xd/0x20 [ 50.313133] do_syscall_64+0x1c7/0x5b0 [ 50.317006] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 50.321905] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 50.327078] RIP: 0033:0x45a219 [ 50.330252] RSP: 002b:00007f2dc1531c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 50.337989] RAX: ffffffffffffffda RBX: 00007f2dc1531c90 RCX: 000000000045a219 [ 50.345274] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 50.352539] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 50.359798] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2dc15326d4 [ 50.367052] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 50.376329] dccp_parse_options: DCCP(ffff8880924860c0): Option 38 (len=1) error=5 [ 50.410614] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.417715] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.427773] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 50.437503] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.444689] team0: Port device team_slave_1 added [ 50.456190] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.463810] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.472984] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 50.479048] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.494285] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 50.502096] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.511802] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.529131] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.537899] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.544632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.552431] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.559825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.567606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.575412] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.581805] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.588579] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.632602] device hsr_slave_0 entered promiscuous mode [ 50.680345] device hsr_slave_1 entered promiscuous mode [ 50.732441] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.748845] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 50.755073] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.762897] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.769756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.779140] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.786919] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.793300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.801585] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 50.815122] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 50.822597] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.833867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.844179] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 50.855148] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 50.862682] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 50.869330] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 50.877009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.887585] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.898510] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.921581] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.931698] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.945040] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.951557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.959347] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.967260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.974909] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.982580] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.003137] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 51.015733] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.022614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.033217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.049544] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 51.063878] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.071917] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.079334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.093709] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.100338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.107116] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.117745] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 51.124156] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.133698] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.139776] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.148395] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.157388] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.172964] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.184695] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.193116] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.203954] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 51.210596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.218359] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.219663] FAULT_INJECTION: forcing a failure. [ 51.219663] name failslab, interval 1, probability 0, space 0, times 0 [ 51.230245] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.237319] CPU: 1 PID: 6765 Comm: syz-executor.4 Not tainted 4.14.162-syzkaller #0 [ 51.243322] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.251056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.251059] Call Trace: [ 51.251072] dump_stack+0xf7/0x13b [ 51.251082] should_fail.cold.3+0x105/0x14b [ 51.251091] should_failslab+0xba/0xf0 [ 51.251098] kmem_cache_alloc_trace+0x4b/0x7a0 [ 51.258337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.267098] ? trace_hardirqs_off+0x10/0x10 [ 51.267110] dccp_ackvec_parsed_add+0x51/0x220 [ 51.267117] ccid2_hc_tx_parse_options+0x5b/0x80 [ 51.267124] dccp_parse_options+0x532/0xf20 [ 51.267135] dccp_rcv_established+0x23/0x70 [ 51.267140] dccp_v4_do_rcv+0xfa/0x160 [ 51.267147] __release_sock+0x10b/0x340 [ 51.267156] release_sock+0x4f/0x180 [ 51.267161] dccp_sendmsg+0x4ab/0xc70 [ 51.267168] ? sock_has_perm+0x1d6/0x2c0 [ 51.270271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.273292] ? dccp_getsockopt+0xd0/0xd0 [ 51.273303] ? copy_msghdr_from_user+0x201/0x3f0 [ 51.273309] ? find_held_lock+0x36/0x1d0 [ 51.273319] inet_sendmsg+0x108/0x440 [ 51.279843] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.281510] ? security_socket_sendmsg+0x6a/0xa0 [ 51.281517] ? inet_recvmsg+0x640/0x640 [ 51.281524] sock_sendmsg+0xb5/0xf0 [ 51.281531] ___sys_sendmsg+0x282/0x920 [ 51.288580] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.292595] ? trace_hardirqs_off+0x10/0x10 2020/01/06 15:49:44 executed programs: 7 [ 51.292604] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 51.292613] ? trace_hardirqs_on+0x10/0x10 [ 51.292619] ? trace_hardirqs_off+0x10/0x10 [ 51.292627] ? __fget+0x1ad/0x2f0 [ 51.299264] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.301554] ? lock_downgrade+0x7f0/0x7f0 [ 51.301562] ? find_held_lock+0x36/0x1d0 [ 51.301574] ? __might_fault+0xf1/0x1b0 [ 51.301589] __sys_sendmmsg+0x126/0x300 [ 51.308496] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 51.310651] ? SyS_sendmsg+0x20/0x20 [ 51.310670] ? __sb_end_write+0xa4/0xd0 [ 51.310683] ? mutex_unlock+0xd/0x10 [ 51.310690] ? SyS_write+0x1c5/0x250 [ 51.317153] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 51.318945] ? do_syscall_64+0x4c/0x5b0 [ 51.318954] ? __sys_sendmmsg+0x300/0x300 [ 51.318958] SyS_sendmmsg+0xd/0x20 [ 51.318963] do_syscall_64+0x1c7/0x5b0 [ 51.318968] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.325255] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 51.326680] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 51.326685] RIP: 0033:0x45a219 [ 51.326690] RSP: 002b:00007feab4846c78 EFLAGS: 00000246 [ 51.332658] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 51.334527] ORIG_RAX: 0000000000000133 [ 51.334531] RAX: ffffffffffffffda RBX: 00007feab4846c90 RCX: 000000000045a219 [ 51.334535] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 51.334538] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 51.334541] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feab48476d4 [ 51.334544] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 51.432027] dccp_parse_options: DCCP(ffff8880924860c0): Option 38 (len=1) error=5 [ 51.461674] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.477277] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.485262] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.505323] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 51.585454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.593529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.602965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.611440] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.617903] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.625078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.632971] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.640800] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.648328] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.655929] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.663586] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.671645] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.679156] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.686645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.694193] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.701618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.708392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.715237] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 51.721927] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 51.728816] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.737780] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 51.744124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.754683] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.765182] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.771716] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.777911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.785719] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.793534] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.799997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.807156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.823951] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.833947] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.845365] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.853686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.862010] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.869640] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.876178] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.883175] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.891038] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.898555] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.904933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.912308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.920869] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.934138] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.944683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.953903] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.960303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.969363] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.978018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.986503] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 51.993809] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.006129] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.014257] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.021071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.029809] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.037833] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.045010] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.056002] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.065577] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.074686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.082842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.090807] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.098781] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.111039] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.126148] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.130488] FAULT_INJECTION: forcing a failure. [ 52.130488] name failslab, interval 1, probability 0, space 0, times 0 [ 52.136069] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.152650] CPU: 0 PID: 6784 Comm: syz-executor.5 Not tainted 4.14.162-syzkaller #0 [ 52.154405] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.160483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.160486] Call Trace: [ 52.160498] dump_stack+0xf7/0x13b [ 52.160508] should_fail.cold.3+0x105/0x14b [ 52.160517] should_failslab+0xba/0xf0 [ 52.160524] kmem_cache_alloc_trace+0x4b/0x7a0 [ 52.160532] ? trace_hardirqs_off+0x10/0x10 [ 52.160543] dccp_ackvec_parsed_add+0x51/0x220 [ 52.160550] ccid2_hc_tx_parse_options+0x5b/0x80 [ 52.160557] dccp_parse_options+0x532/0xf20 [ 52.160569] dccp_rcv_established+0x23/0x70 [ 52.160575] dccp_v4_do_rcv+0xfa/0x160 [ 52.160582] __release_sock+0x10b/0x340 [ 52.160592] release_sock+0x4f/0x180 [ 52.160598] dccp_sendmsg+0x4ab/0xc70 [ 52.160604] ? sock_has_perm+0x1d6/0x2c0 [ 52.160612] ? dccp_getsockopt+0xd0/0xd0 [ 52.160621] ? copy_msghdr_from_user+0x201/0x3f0 [ 52.160626] ? find_held_lock+0x36/0x1d0 [ 52.160635] inet_sendmsg+0x108/0x440 [ 52.160641] ? security_socket_sendmsg+0x6a/0xa0 [ 52.160646] ? inet_recvmsg+0x640/0x640 [ 52.160650] sock_sendmsg+0xb5/0xf0 [ 52.160656] ___sys_sendmsg+0x282/0x920 [ 52.160661] ? trace_hardirqs_off+0x10/0x10 [ 52.160666] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 52.160675] ? trace_hardirqs_on+0x10/0x10 [ 52.160681] ? trace_hardirqs_off+0x10/0x10 [ 52.160688] ? __fget+0x1ad/0x2f0 [ 52.176168] ? lock_downgrade+0x7f0/0x7f0 [ 52.176175] ? find_held_lock+0x36/0x1d0 [ 52.176187] ? __might_fault+0xf1/0x1b0 [ 52.176204] __sys_sendmmsg+0x126/0x300 [ 52.176210] ? SyS_sendmsg+0x20/0x20 [ 52.176226] ? __sb_end_write+0xa4/0xd0 [ 52.176235] ? mutex_unlock+0xd/0x10 [ 52.176240] ? SyS_write+0x1c5/0x250 [ 52.176250] ? do_syscall_64+0x4c/0x5b0 [ 52.176256] ? __sys_sendmmsg+0x300/0x300 [ 52.176260] SyS_sendmmsg+0xd/0x20 [ 52.176264] do_syscall_64+0x1c7/0x5b0 [ 52.176268] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.176277] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 52.179148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.182383] RIP: 0033:0x45a219 [ 52.182386] RSP: 002b:00007f77b460dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 52.182393] RAX: ffffffffffffffda RBX: 00007f77b460dc90 RCX: 000000000045a219 [ 52.182397] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 52.182400] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 52.182403] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f77b460e6d4 [ 52.182406] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 52.187275] dccp_parse_options: DCCP(ffff88808dd5c1c0): Option 38 (len=1) error=5 [ 52.191724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.205263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.218068] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.264715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.271811] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.317306] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.462297] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.469723] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.478553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.487758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.495594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.506519] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.517049] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.527806] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.535792] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.546371] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.557655] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.563886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.571002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.578392] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.598097] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 52.609328] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 52.618364] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.626415] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.634246] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.642068] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.653445] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.660325] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.667135] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.676189] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.782404] FAULT_INJECTION: forcing a failure. [ 52.782404] name failslab, interval 1, probability 0, space 0, times 0 [ 52.795783] CPU: 1 PID: 6815 Comm: syz-executor.3 Not tainted 4.14.162-syzkaller #0 [ 52.803603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.812976] Call Trace: [ 52.815595] dump_stack+0xf7/0x13b [ 52.819121] should_fail.cold.3+0x105/0x14b [ 52.824551] should_failslab+0xba/0xf0 [ 52.828421] kmem_cache_alloc_trace+0x2ea/0x7a0 [ 52.833080] ? trace_hardirqs_off+0x10/0x10 [ 52.837381] dccp_feat_entry_new+0x140/0x360 [ 52.841766] dccp_feat_push_confirm+0x26/0x280 [ 52.846325] dccp_feat_parse_options+0xfe3/0x1a10 [ 52.851144] ? dccp_ackvec_parsed_add+0x51/0x220 [ 52.855878] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 52.861738] ? trace_hardirqs_off+0x10/0x10 [ 52.866043] ? dccp_ackvec_parsed_add+0x115/0x220 [ 52.870872] dccp_parse_options+0x840/0xf20 [ 52.875177] dccp_rcv_established+0x23/0x70 [ 52.879484] dccp_v4_do_rcv+0xfa/0x160 [ 52.883349] __release_sock+0x10b/0x340 [ 52.887304] release_sock+0x4f/0x180 [ 52.891000] dccp_sendmsg+0x4ab/0xc70 [ 52.894778] ? sock_has_perm+0x1d6/0x2c0 [ 52.898826] ? dccp_getsockopt+0xd0/0xd0 [ 52.902874] ? copy_msghdr_from_user+0x201/0x3f0 [ 52.907610] ? find_held_lock+0x36/0x1d0 [ 52.911649] inet_sendmsg+0x108/0x440 [ 52.915426] ? security_socket_sendmsg+0x6a/0xa0 [ 52.920164] ? inet_recvmsg+0x640/0x640 [ 52.924143] sock_sendmsg+0xb5/0xf0 [ 52.927748] ___sys_sendmsg+0x282/0x920 [ 52.931701] ? trace_hardirqs_off+0x10/0x10 [ 52.935997] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 52.940742] ? trace_hardirqs_on+0x10/0x10 [ 52.944968] ? trace_hardirqs_off+0x10/0x10 [ 52.949269] ? __fget+0x1ad/0x2f0 [ 52.952700] ? lock_downgrade+0x7f0/0x7f0 [ 52.956830] ? find_held_lock+0x36/0x1d0 [ 52.960880] ? __might_fault+0xf1/0x1b0 [ 52.964848] __sys_sendmmsg+0x126/0x300 [ 52.968851] ? SyS_sendmsg+0x20/0x20 [ 52.972552] ? __sb_end_write+0xa4/0xd0 [ 52.976505] ? mutex_unlock+0xd/0x10 [ 52.980203] ? SyS_write+0x1c5/0x250 [ 52.983916] ? do_syscall_64+0x4c/0x5b0 [ 52.987879] ? __sys_sendmmsg+0x300/0x300 [ 52.992017] SyS_sendmmsg+0xd/0x20 [ 52.995537] do_syscall_64+0x1c7/0x5b0 [ 52.999411] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.004257] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 53.009428] RIP: 0033:0x45a219 [ 53.012642] RSP: 002b:00007f333f6fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 53.020340] RAX: ffffffffffffffda RBX: 00007f333f6fbc90 RCX: 000000000045a219 [ 53.027600] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 53.034861] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 53.042109] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f333f6fc6d4 [ 53.049400] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 53.086193] dccp_parse_options: DCCP(ffff88808f544b40): Option 32 (len=7) error=9 [ 53.094443] ================================================================== [ 53.101945] BUG: KASAN: use-after-free in ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 53.109385] Read of size 1 at addr ffff888094a5b99d by task syz-executor.3/6815 [ 53.116813] [ 53.116824] CPU: 1 PID: 6815 Comm: syz-executor.3 Not tainted 4.14.162-syzkaller #0 [ 53.116827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.116830] Call Trace: [ 53.116841] dump_stack+0xf7/0x13b [ 53.116850] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 53.116858] print_address_description.cold.7+0x9/0x1c9 [ 53.116864] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 53.126267] kasan_report.cold.8+0x11a/0x2d3 [ 53.126276] __asan_report_load1_noabort+0x14/0x20 [ 53.126284] ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 53.126294] ? dccp_ackvec_clear_state+0x33e/0x7e0 [ 53.126300] ? rcu_read_lock_sched_held+0x108/0x120 [ 53.126311] dccp_deliver_input_to_ccids+0x19f/0x210 [ 53.157280] dccp_rcv_established+0x49/0x70 [ 53.157288] dccp_v4_do_rcv+0xfa/0x160 [ 53.157296] __release_sock+0x10b/0x340 [ 53.157305] release_sock+0x4f/0x180 [ 53.166610] dccp_sendmsg+0x4ab/0xc70 [ 53.166616] ? sock_has_perm+0x1d6/0x2c0 [ 53.166625] ? dccp_getsockopt+0xd0/0xd0 [ 53.166635] ? copy_msghdr_from_user+0x201/0x3f0 [ 53.218940] ? find_held_lock+0x36/0x1d0 [ 53.223033] inet_sendmsg+0x108/0x440 [ 53.226815] ? security_socket_sendmsg+0x6a/0xa0 [ 53.231550] ? inet_recvmsg+0x640/0x640 [ 53.235506] sock_sendmsg+0xb5/0xf0 [ 53.239113] ___sys_sendmsg+0x282/0x920 [ 53.243068] ? trace_hardirqs_off+0x10/0x10 [ 53.247366] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 53.252115] ? trace_hardirqs_on+0x10/0x10 [ 53.256325] ? trace_hardirqs_off+0x10/0x10 [ 53.260622] ? __fget+0x1ad/0x2f0 [ 53.264053] ? lock_downgrade+0x7f0/0x7f0 [ 53.268179] ? find_held_lock+0x36/0x1d0 [ 53.272271] ? __might_fault+0xf1/0x1b0 [ 53.276227] __sys_sendmmsg+0x126/0x300 [ 53.280178] ? SyS_sendmsg+0x20/0x20 [ 53.283907] ? __sb_end_write+0xa4/0xd0 [ 53.287863] ? mutex_unlock+0xd/0x10 [ 53.291558] ? SyS_write+0x1c5/0x250 [ 53.295286] ? do_syscall_64+0x4c/0x5b0 [ 53.299244] ? __sys_sendmmsg+0x300/0x300 [ 53.303370] SyS_sendmmsg+0xd/0x20 [ 53.306889] do_syscall_64+0x1c7/0x5b0 [ 53.310804] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.315625] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 53.320789] RIP: 0033:0x45a219 [ 53.323970] RSP: 002b:00007f333f6fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 53.331699] RAX: ffffffffffffffda RBX: 00007f333f6fbc90 RCX: 000000000045a219 [ 53.338946] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 53.346195] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 53.353455] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f333f6fc6d4 [ 53.360700] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 53.367983] [ 53.369587] Allocated by task 6815: [ 53.373193] save_stack_trace+0x16/0x20 [ 53.377142] save_stack+0x43/0xd0 [ 53.380575] kasan_kmalloc+0xc7/0xe0 [ 53.384269] __kmalloc_node_track_caller+0x50/0x70 [ 53.389215] __kmalloc_reserve.isra.36+0x2c/0xc0 [ 53.393989] __alloc_skb+0xc1/0x500 [ 53.397600] dccp_send_ack+0xb3/0x340 [ 53.401424] ccid2_hc_rx_packet_recv+0xf9/0x170 [ 53.406066] dccp_deliver_input_to_ccids+0xc5/0x210 [ 53.411057] dccp_rcv_established+0x49/0x70 [ 53.415395] dccp_v4_do_rcv+0xfa/0x160 [ 53.419300] __sk_receive_skb+0x1d5/0x820 [ 53.423426] dccp_v4_rcv+0xc26/0x1bbf [ 53.427201] ip_local_deliver_finish+0x230/0x9a0 [ 53.431933] ip_local_deliver+0x1a0/0x410 [ 53.436069] ip_rcv_finish+0x70d/0x1950 [ 53.440040] ip_rcv+0xb43/0x133d [ 53.443426] __netif_receive_skb_core+0x1d1a/0x2e40 [ 53.448418] __netif_receive_skb+0x1f/0x1b0 [ 53.452721] process_backlog+0x1fc/0x710 [ 53.456757] net_rx_action+0x458/0xed0 [ 53.460620] __do_softirq+0x246/0x9b0 [ 53.464400] [ 53.466005] Freed by task 6815: [ 53.469294] save_stack_trace+0x16/0x20 [ 53.473243] save_stack+0x43/0xd0 [ 53.476671] kasan_slab_free+0x71/0xc0 [ 53.480572] kfree+0xcc/0x270 [ 53.483652] skb_free_head+0x74/0x90 [ 53.487341] skb_release_data+0x43b/0x790 [ 53.491514] skb_release_all+0x3d/0x50 [ 53.495378] kfree_skb+0x8a/0x2b0 [ 53.498805] dccp_v4_do_rcv+0x111/0x160 [ 53.502752] __release_sock+0x10b/0x340 [ 53.506699] release_sock+0x4f/0x180 [ 53.510423] dccp_sendmsg+0x4ab/0xc70 [ 53.514289] inet_sendmsg+0x108/0x440 [ 53.518065] sock_sendmsg+0xb5/0xf0 [ 53.521684] ___sys_sendmsg+0x282/0x920 [ 53.525631] __sys_sendmmsg+0x126/0x300 [ 53.529591] SyS_sendmmsg+0xd/0x20 [ 53.533107] do_syscall_64+0x1c7/0x5b0 [ 53.536975] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 53.542141] [ 53.543781] The buggy address belongs to the object at ffff888094a5b500 [ 53.543781] which belongs to the cache kmalloc-2048 of size 2048 [ 53.556585] The buggy address is located 1181 bytes inside of [ 53.556585] 2048-byte region [ffff888094a5b500, ffff888094a5bd00) [ 53.568631] The buggy address belongs to the page: [ 53.573544] page:ffffea0002529680 count:1 mapcount:0 mapping:ffff888094a5a400 index:0x0 compound_mapcount: 0 [ 53.583526] flags: 0x1fffc0000008100(slab|head) [ 53.588179] raw: 01fffc0000008100 ffff888094a5a400 0000000000000000 0000000100000003 [ 53.596035] raw: ffffea0002533ba0 ffffea00025297a0 ffff8880aa800c40 0000000000000000 [ 53.603889] page dumped because: kasan: bad access detected [ 53.609583] [ 53.611186] Memory state around the buggy address: [ 53.616090] ffff888094a5b880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.623431] ffff888094a5b900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.630762] >ffff888094a5b980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.638096] ^ [ 53.642216] ffff888094a5ba00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.649549] ffff888094a5ba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.656883] ================================================================== [ 53.664217] Disabling lock debugging due to kernel taint [ 53.680156] Kernel panic - not syncing: panic_on_warn set ... [ 53.680156] [ 53.687554] CPU: 1 PID: 6815 Comm: syz-executor.3 Tainted: G B 4.14.162-syzkaller #0 [ 53.696549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.705880] Call Trace: [ 53.708483] dump_stack+0xf7/0x13b [ 53.712020] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 53.717097] panic+0x1b0/0x358 [ 53.720273] ? add_taint.cold.5+0x11/0x11 [ 53.724405] ? ___preempt_schedule+0x16/0x18 [ 53.728808] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 53.733896] kasan_end_report+0x47/0x4f [ 53.737847] kasan_report.cold.8+0x76/0x2d3 [ 53.742146] __asan_report_load1_noabort+0x14/0x20 [ 53.747061] ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 53.751970] ? dccp_ackvec_clear_state+0x33e/0x7e0 [ 53.756877] ? rcu_read_lock_sched_held+0x108/0x120 [ 53.761871] dccp_deliver_input_to_ccids+0x19f/0x210 [ 53.766948] dccp_rcv_established+0x49/0x70 [ 53.771247] dccp_v4_do_rcv+0xfa/0x160 [ 53.775142] __release_sock+0x10b/0x340 [ 53.779094] release_sock+0x4f/0x180 [ 53.782781] dccp_sendmsg+0x4ab/0xc70 [ 53.786560] ? sock_has_perm+0x1d6/0x2c0 [ 53.790600] ? dccp_getsockopt+0xd0/0xd0 [ 53.794649] ? copy_msghdr_from_user+0x201/0x3f0 [ 53.799383] ? find_held_lock+0x36/0x1d0 [ 53.803419] inet_sendmsg+0x108/0x440 [ 53.807193] ? security_socket_sendmsg+0x6a/0xa0 [ 53.811960] ? inet_recvmsg+0x640/0x640 [ 53.815906] sock_sendmsg+0xb5/0xf0 [ 53.819507] ___sys_sendmsg+0x282/0x920 [ 53.823455] ? trace_hardirqs_off+0x10/0x10 [ 53.827748] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 53.832479] ? trace_hardirqs_on+0x10/0x10 [ 53.836686] ? trace_hardirqs_off+0x10/0x10 [ 53.840979] ? __fget+0x1ad/0x2f0 [ 53.844403] ? lock_downgrade+0x7f0/0x7f0 [ 53.848525] ? find_held_lock+0x36/0x1d0 [ 53.852577] ? __might_fault+0xf1/0x1b0 [ 53.856526] __sys_sendmmsg+0x126/0x300 [ 53.860479] ? SyS_sendmsg+0x20/0x20 [ 53.864170] ? __sb_end_write+0xa4/0xd0 [ 53.868121] ? mutex_unlock+0xd/0x10 [ 53.871817] ? SyS_write+0x1c5/0x250 [ 53.875508] ? do_syscall_64+0x4c/0x5b0 [ 53.879466] ? __sys_sendmmsg+0x300/0x300 [ 53.883584] SyS_sendmmsg+0xd/0x20 [ 53.887100] do_syscall_64+0x1c7/0x5b0 [ 53.890957] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.895774] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 53.900947] RIP: 0033:0x45a219 [ 53.904129] RSP: 002b:00007f333f6fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 53.911811] RAX: ffffffffffffffda RBX: 00007f333f6fbc90 RCX: 000000000045a219 [ 53.919056] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 53.926310] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 53.933555] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f333f6fc6d4 [ 53.940797] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 53.949319] Kernel Offset: disabled [ 53.952933] Rebooting in 86400 seconds..