Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 32.716623] audit: type=1400 audit(1586689053.178:9): avc: denied { execmem } for pid=6227 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 32.736707] IPVS: ftp: loaded support on port[0] = 21 [ 33.149641] can: request_module (can-proto-0) failed. [ 34.184297] can: request_module (can-proto-0) failed. [ 34.193022] can: request_module (can-proto-0) failed. [ 34.219712] audit: type=1400 audit(1586689054.688:10): avc: denied { create } for pid=6206 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 Warning: Permanently added '10.128.15.202' (ECDSA) to the list of known hosts. 2020/04/12 10:57:41 parsed 1 programs 2020/04/12 10:57:42 executed programs: 0 [ 42.016955] audit: type=1400 audit(1586689062.492:11): avc: denied { execmem } for pid=6353 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 42.060870] IPVS: ftp: loaded support on port[0] = 21 [ 42.066815] IPVS: ftp: loaded support on port[0] = 21 [ 42.114481] IPVS: ftp: loaded support on port[0] = 21 [ 42.152841] IPVS: ftp: loaded support on port[0] = 21 [ 42.171114] IPVS: ftp: loaded support on port[0] = 21 [ 42.194833] IPVS: ftp: loaded support on port[0] = 21 [ 42.280105] chnl_net:caif_netlink_parms(): no params data found [ 42.326213] chnl_net:caif_netlink_parms(): no params data found [ 42.381993] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.389528] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.397991] device bridge_slave_0 entered promiscuous mode [ 42.407124] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.413619] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.420488] device bridge_slave_1 entered promiscuous mode [ 42.504770] chnl_net:caif_netlink_parms(): no params data found [ 42.531370] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.542108] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.550620] device bridge_slave_0 entered promiscuous mode [ 42.558133] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.564893] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.571847] device bridge_slave_1 entered promiscuous mode [ 42.583655] chnl_net:caif_netlink_parms(): no params data found [ 42.595311] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.620953] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.633158] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.649614] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.766866] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.774362] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.781789] device bridge_slave_0 entered promiscuous mode [ 42.792102] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.802219] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.809691] device bridge_slave_1 entered promiscuous mode [ 42.817380] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.825480] team0: Port device team_slave_0 added [ 42.832460] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 42.839810] team0: Port device team_slave_1 added [ 42.846779] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 42.856074] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.864092] team0: Port device team_slave_0 added [ 42.872778] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 42.884900] team0: Port device team_slave_1 added [ 42.893442] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 42.902408] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 42.911912] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 42.919843] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.926614] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.933793] device bridge_slave_0 entered promiscuous mode [ 42.944314] chnl_net:caif_netlink_parms(): no params data found [ 42.952099] chnl_net:caif_netlink_parms(): no params data found [ 42.969029] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.975593] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.982375] device bridge_slave_1 entered promiscuous mode [ 42.990213] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.019776] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.066257] device hsr_slave_0 entered promiscuous mode [ 43.113543] device hsr_slave_1 entered promiscuous mode [ 43.224987] device hsr_slave_0 entered promiscuous mode [ 43.263645] device hsr_slave_1 entered promiscuous mode [ 43.326948] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 43.347147] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 43.363583] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.371393] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 43.386919] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.395353] team0: Port device team_slave_0 added [ 43.404715] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 43.422765] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.439910] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 43.447462] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.456584] team0: Port device team_slave_1 added [ 43.461604] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.468836] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.478732] device bridge_slave_0 entered promiscuous mode [ 43.485818] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.492155] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.500140] device bridge_slave_1 entered promiscuous mode [ 43.510232] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.519354] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.527315] device bridge_slave_0 entered promiscuous mode [ 43.535078] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.556079] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 43.564525] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.570919] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.578663] device bridge_slave_1 entered promiscuous mode [ 43.596246] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.607761] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.615908] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.624365] team0: Port device team_slave_0 added [ 43.632866] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.641054] team0: Port device team_slave_1 added [ 43.649628] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.667420] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.682415] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.696828] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.704784] team0: Port device team_slave_0 added [ 43.745579] device hsr_slave_0 entered promiscuous mode [ 43.783271] device hsr_slave_1 entered promiscuous mode [ 43.823470] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 43.830690] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 43.843294] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.850542] team0: Port device team_slave_0 added [ 43.857236] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.865382] team0: Port device team_slave_1 added [ 43.879831] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 43.886870] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 43.894725] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.901952] team0: Port device team_slave_1 added [ 43.908408] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.916153] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.924527] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 43.974719] device hsr_slave_0 entered promiscuous mode [ 44.013289] device hsr_slave_1 entered promiscuous mode [ 44.053565] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.060761] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.071542] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.115697] device hsr_slave_0 entered promiscuous mode [ 44.163196] device hsr_slave_1 entered promiscuous mode [ 44.223561] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.287245] device hsr_slave_0 entered promiscuous mode [ 44.323345] device hsr_slave_1 entered promiscuous mode [ 44.383303] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.390165] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.398287] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.415481] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.432275] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.445479] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.454130] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.465149] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 44.477829] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.487992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.496444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.505466] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 44.511535] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.520203] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.544607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.553122] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.560880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.569122] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.575642] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.585175] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 44.594788] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.607580] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.613933] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.621598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.629682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.637496] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.643902] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.653313] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 44.661737] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 44.681829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 44.689862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 44.700306] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 44.714726] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.724366] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 44.732069] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 44.739078] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.747057] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 44.755231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 44.763618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.770619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.780261] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 44.793366] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.801310] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 44.810859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 44.819118] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.834621] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 44.844300] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 44.853134] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 44.859404] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 44.872850] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 44.883747] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 44.891163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.899311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.907407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.915478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.923538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.930426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.938114] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.946290] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.956660] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 44.963696] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.973201] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.981026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.989190] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.997805] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.004215] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.011556] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.024843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.032097] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.042289] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 45.050850] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 45.059243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.068039] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.075931] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.082265] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.089854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.098948] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.107369] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 45.115391] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.124310] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 45.133972] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 45.141272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.151459] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.159478] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.165903] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.173289] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 45.180131] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 45.187418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.195704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.203403] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.209800] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.216697] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.223695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.232424] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.245421] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 45.254249] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.268753] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 45.275714] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.281854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 45.290383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.298129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.307453] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 45.320588] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.342918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 45.359389] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.369255] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 45.369386] audit: type=1400 audit(1586689065.843:12): avc: denied { create } for pid=7253 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 [ 45.384954] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.404291] audit: type=1400 audit(1586689065.873:13): avc: denied { name_bind } for pid=7253 comm="syz-executor.3" src=20003 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 45.407687] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.437350] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 45.438664] FAULT_INJECTION: forcing a failure. [ 45.438664] name failslab, interval 1, probability 0, space 0, times 1 [ 45.447101] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 45.465211] audit: type=1400 audit(1586689065.873:14): avc: denied { node_bind } for pid=7253 comm="syz-executor.3" src=20003 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 [ 45.466293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.487127] CPU: 1 PID: 7254 Comm: syz-executor.3 Not tainted 4.19.114-syzkaller #0 [ 45.498722] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.501620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.501623] Call Trace: [ 45.501637] dump_stack+0x123/0x177 [ 45.501649] should_fail.cold.4+0x5/0x13 [ 45.501657] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 45.509458] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.518289] __should_failslab+0xba/0xf0 [ 45.518298] should_failslab+0x9/0x14 [ 45.518303] kmem_cache_alloc_trace+0x4b/0x740 [ 45.518315] dccp_ackvec_parsed_add+0x51/0x220 [ 45.518322] ccid2_hc_tx_parse_options+0x5b/0x80 [ 45.518329] dccp_parse_options+0x532/0xf20 [ 45.518342] dccp_rcv_established+0x23/0x70 [ 45.518348] dccp_v4_do_rcv+0xfa/0x160 [ 45.518354] __release_sock+0x107/0x360 [ 45.518364] release_sock+0x4f/0x180 [ 45.520995] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.524610] dccp_sendmsg+0x4f6/0xe20 [ 45.524618] ? import_iovec+0x9f/0x440 [ 45.524626] ? dccp_getsockopt+0xd0/0xd0 [ 45.524637] ? copy_msghdr_from_user+0x20b/0x3e0 [ 45.524645] inet_sendmsg+0x108/0x440 [ 45.524651] ? security_socket_sendmsg+0x4a/0x90 [ 45.524656] ? ipip_gro_receive+0xf0/0xf0 [ 45.524661] sock_sendmsg+0xb5/0xf0 [ 45.529314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 45.533822] ___sys_sendmsg+0x28e/0x950 [ 45.533829] ? find_held_lock+0x36/0x1d0 [ 45.533837] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 45.533842] ? mark_held_locks+0x130/0x130 [ 45.533847] ? lock_downgrade+0x860/0x860 [ 45.533855] ? kasan_check_read+0x11/0x20 [ 45.533872] ? find_held_lock+0x36/0x1d0 [ 45.533882] ? __might_fault+0xf1/0x1b0 [ 45.533896] __sys_sendmmsg+0x160/0x370 [ 45.533904] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 45.541006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 45.544296] ? kasan_check_write+0x14/0x20 [ 45.544304] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 45.544317] ? __sb_end_write+0xa4/0xd0 [ 45.544324] ? kasan_check_write+0x14/0x20 [ 45.544328] ? fput+0x18/0x120 [ 45.544333] ? ksys_write+0x1ce/0x260 [ 45.544337] ? do_sys_open+0x16e/0x350 [ 45.544345] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 45.544353] ? do_syscall_64+0x21/0x4e0 [ 45.548996] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.552802] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.552812] __x64_sys_sendmmsg+0x98/0x100 [ 45.552821] do_syscall_64+0xd0/0x4e0 [ 45.552828] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.552834] RIP: 0033:0x45a219 [ 45.552840] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 45.552843] RSP: 002b:00007f7b27871c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 45.552849] RAX: ffffffffffffffda RBX: 00007f7b27871c90 RCX: 000000000045a219 [ 45.552852] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 45.552854] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 45.552857] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b278726d4 [ 45.552860] R13: 00000000004c7fba R14: 00000000004de3e8 R15: 0000000000000006 [ 45.583933] dccp_parse_options: DCCP(00000000ba66f647): Option 38 (len=1) error=5 [ 45.595213] audit: type=1400 audit(1586689065.873:15): avc: denied { name_connect } for pid=7253 comm="syz-executor.3" dest=20003 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 45.840279] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.849760] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.861060] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 45.868307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.877058] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.884914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.893777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.901289] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.907731] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.915307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.923376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.930933] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.937312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.944264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 45.951894] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.960310] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 45.969041] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.978344] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 45.986037] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 45.993382] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 46.000390] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.008603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.016515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.023848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.030772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.038452] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.046973] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.056616] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 46.070105] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.076397] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.082983] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.090740] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.101342] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.107765] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.114853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.122645] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.130365] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.138778] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.146582] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 46.154743] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 46.164940] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.173872] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.181471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.189123] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.196901] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.204765] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.213479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.221850] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 46.228604] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.240241] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.251727] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 46.259941] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.271905] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.279468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.290012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.297962] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.305687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.313689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.321355] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.327850] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.334673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.342635] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.350209] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.357158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.366010] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 46.375973] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 46.384358] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 46.394110] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 46.400988] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.410040] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.417473] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 46.425351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.433739] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.441331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.451588] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.461563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.469660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.477558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.487532] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 46.503621] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 46.513994] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.521659] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 46.535824] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.543533] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.550399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.558893] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.567073] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 46.574560] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 46.581259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.589372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.597174] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.606850] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 46.619198] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 46.629743] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 46.638097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.646076] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.654122] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.661501] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.669618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.679722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.694800] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 46.704700] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 46.712971] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 46.719264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.732797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.740348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.759743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.770280] FAULT_INJECTION: forcing a failure. [ 46.770280] name failslab, interval 1, probability 0, space 0, times 0 [ 46.770709] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.791057] CPU: 0 PID: 7273 Comm: syz-executor.2 Not tainted 4.19.114-syzkaller #0 [ 46.791844] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 46.798869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.798872] Call Trace: [ 46.798884] dump_stack+0x123/0x177 [ 46.798896] should_fail.cold.4+0x5/0x13 [ 46.798903] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 46.798917] __should_failslab+0xba/0xf0 [ 46.798923] should_failslab+0x9/0x14 [ 46.798928] kmem_cache_alloc_trace+0x4b/0x740 [ 46.798939] dccp_ackvec_parsed_add+0x51/0x220 [ 46.798945] ccid2_hc_tx_parse_options+0x5b/0x80 [ 46.798952] dccp_parse_options+0x532/0xf20 [ 46.798966] dccp_rcv_established+0x23/0x70 [ 46.798973] dccp_v4_do_rcv+0xfa/0x160 [ 46.798981] __release_sock+0x107/0x360 [ 46.798990] release_sock+0x4f/0x180 [ 46.798996] dccp_sendmsg+0x4f6/0xe20 [ 46.799002] ? import_iovec+0x9f/0x440 [ 46.799010] ? dccp_getsockopt+0xd0/0xd0 [ 46.799021] ? copy_msghdr_from_user+0x20b/0x3e0 [ 46.799029] inet_sendmsg+0x108/0x440 [ 46.799035] ? security_socket_sendmsg+0x4a/0x90 [ 46.799039] ? ipip_gro_receive+0xf0/0xf0 [ 46.799044] sock_sendmsg+0xb5/0xf0 [ 46.799051] ___sys_sendmsg+0x28e/0x950 [ 46.799057] ? find_held_lock+0x36/0x1d0 [ 46.799064] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 46.799070] ? mark_held_locks+0x130/0x130 [ 46.799074] ? lock_downgrade+0x860/0x860 [ 46.799081] ? kasan_check_read+0x11/0x20 [ 46.799091] ? find_held_lock+0x36/0x1d0 [ 46.799102] ? __might_fault+0xf1/0x1b0 [ 46.799120] __sys_sendmmsg+0x160/0x370 [ 46.799128] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 46.799139] ? kasan_check_write+0x14/0x20 [ 46.799146] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 46.799159] ? __sb_end_write+0xa4/0xd0 [ 46.799165] ? kasan_check_write+0x14/0x20 [ 46.799169] ? fput+0x18/0x120 [ 46.799175] ? ksys_write+0x1ce/0x260 [ 46.799178] ? do_sys_open+0x16e/0x350 [ 46.799187] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 46.799193] ? do_syscall_64+0x21/0x4e0 [ 46.799200] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.799209] __x64_sys_sendmmsg+0x98/0x100 [ 46.799216] do_syscall_64+0xd0/0x4e0 [ 46.799224] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.799230] RIP: 0033:0x45a219 [ 46.799235] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 46.799239] RSP: 002b:00007f2fce7d2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 46.799245] RAX: ffffffffffffffda RBX: 00007f2fce7d2c90 RCX: 000000000045a219 [ 46.799248] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 46.799250] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 46.799253] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2fce7d36d4 [ 46.799255] R13: 00000000004c7fba R14: 00000000004de3e8 R15: 0000000000000006 [ 46.805561] dccp_parse_options: DCCP(00000000c1a74091): Option 38 (len=1) error=5 [ 46.846123] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.088415] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 47.094600] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.105538] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 47.115494] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.125722] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.135388] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 47.146285] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 47.157417] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.164340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.173437] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.181064] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 47.189173] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.197143] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 47.204300] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 47.214074] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready 2020/04/12 10:57:47 executed programs: 9 [ 47.225295] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.235667] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 47.241818] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.263587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 47.271078] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.281743] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 47.293876] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 47.318416] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 47.345642] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 47.353944] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 47.361147] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 47.372749] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 47.380263] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 47.388162] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 47.396013] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 47.406740] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 47.417523] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 47.421705] FAULT_INJECTION: forcing a failure. [ 47.421705] name failslab, interval 1, probability 0, space 0, times 0 [ 47.427560] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.442734] CPU: 0 PID: 7294 Comm: syz-executor.5 Not tainted 4.19.114-syzkaller #0 [ 47.451416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.460771] Call Trace: [ 47.463361] dump_stack+0x123/0x177 [ 47.466998] should_fail.cold.4+0x5/0x13 [ 47.471075] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 47.476189] ? lock_downgrade+0x860/0x860 [ 47.480341] __should_failslab+0xba/0xf0 [ 47.484403] should_failslab+0x9/0x14 [ 47.488182] kmem_cache_alloc_trace+0x2d4/0x740 [ 47.492841] ? debug_object_activate+0x327/0x4e0 [ 47.497598] ? lock_downgrade+0x860/0x860 [ 47.501746] dccp_feat_entry_new+0x140/0x360 [ 47.506328] dccp_feat_push_confirm+0x26/0x280 [ 47.510921] dccp_feat_parse_options+0xf99/0x1a20 [ 47.515766] ? dccp_ackvec_parsed_add+0x51/0x220 [ 47.518801] FAULT_INJECTION: forcing a failure. [ 47.518801] name failslab, interval 1, probability 0, space 0, times 0 [ 47.520527] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 47.520539] ? dccp_ackvec_parsed_add+0x115/0x220 [ 47.520548] dccp_parse_options+0x840/0xf20 [ 47.520561] dccp_rcv_established+0x23/0x70 [ 47.551188] dccp_v4_do_rcv+0xfa/0x160 [ 47.555079] __release_sock+0x107/0x360 [ 47.559041] release_sock+0x4f/0x180 [ 47.562745] dccp_sendmsg+0x4f6/0xe20 [ 47.566539] ? import_iovec+0x9f/0x440 [ 47.570432] ? dccp_getsockopt+0xd0/0xd0 [ 47.574495] ? copy_msghdr_from_user+0x20b/0x3e0 [ 47.579242] inet_sendmsg+0x108/0x440 [ 47.583031] ? security_socket_sendmsg+0x4a/0x90 [ 47.587858] ? ipip_gro_receive+0xf0/0xf0 [ 47.592006] sock_sendmsg+0xb5/0xf0 [ 47.595623] ___sys_sendmsg+0x28e/0x950 [ 47.599592] ? find_held_lock+0x36/0x1d0 [ 47.603638] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 47.608375] ? mark_held_locks+0x130/0x130 [ 47.612591] ? lock_downgrade+0x860/0x860 [ 47.616725] ? kasan_check_read+0x11/0x20 [ 47.620872] ? find_held_lock+0x36/0x1d0 [ 47.624916] ? __might_fault+0xf1/0x1b0 [ 47.628894] __sys_sendmmsg+0x160/0x370 [ 47.632858] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 47.637175] ? kasan_check_write+0x14/0x20 [ 47.641392] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 47.644413] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.646228] ? __sb_end_write+0xa4/0xd0 [ 47.656250] ? kasan_check_write+0x14/0x20 [ 47.660472] ? fput+0x18/0x120 [ 47.663661] ? ksys_write+0x1ce/0x260 [ 47.667486] ? do_sys_open+0x16e/0x350 [ 47.671370] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 47.677169] ? do_syscall_64+0x21/0x4e0 [ 47.681143] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.686512] __x64_sys_sendmmsg+0x98/0x100 [ 47.690742] do_syscall_64+0xd0/0x4e0 [ 47.694548] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.699735] RIP: 0033:0x45a219 [ 47.702919] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 47.721838] RSP: 002b:00007ff56a948c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 47.729546] RAX: ffffffffffffffda RBX: 00007ff56a948c90 RCX: 000000000045a219 [ 47.736840] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 47.744586] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 47.751860] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff56a9496d4 [ 47.759145] R13: 00000000004c7fba R14: 00000000004de3e8 R15: 0000000000000006 [ 47.772024] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.792275] CPU: 1 PID: 7300 Comm: syz-executor.0 Not tainted 4.19.114-syzkaller #0 [ 47.800106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.808407] dccp_parse_options: DCCP(00000000ba66f647): Option 32 (len=7) error=9 [ 47.809455] Call Trace: [ 47.809468] dump_stack+0x123/0x177 [ 47.809480] should_fail.cold.4+0x5/0x13 [ 47.817720] ================================================================== [ 47.819662] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 47.819677] __should_failslab+0xba/0xf0 [ 47.823349] BUG: KASAN: use-after-free in ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 47.823355] Read of size 1 at addr ffff888091ad0522 by task syz-executor.5/7294 [ 47.827403] should_failslab+0x9/0x14 [ 47.834736] [ 47.865123] kmem_cache_alloc_trace+0x4b/0x740 [ 47.869703] dccp_ackvec_parsed_add+0x51/0x220 [ 47.874455] ccid2_hc_tx_parse_options+0x5b/0x80 [ 47.879194] dccp_parse_options+0x532/0xf20 [ 47.883501] dccp_rcv_established+0x23/0x70 [ 47.887814] dccp_v4_do_rcv+0xfa/0x160 [ 47.891693] __release_sock+0x107/0x360 [ 47.895662] release_sock+0x4f/0x180 [ 47.899369] dccp_sendmsg+0x4f6/0xe20 [ 47.903151] ? import_iovec+0x9f/0x440 [ 47.907022] ? dccp_getsockopt+0xd0/0xd0 [ 47.912726] ? copy_msghdr_from_user+0x20b/0x3e0 [ 47.917472] inet_sendmsg+0x108/0x440 [ 47.921253] ? security_socket_sendmsg+0x4a/0x90 [ 47.925996] ? ipip_gro_receive+0xf0/0xf0 [ 47.930307] sock_sendmsg+0xb5/0xf0 [ 47.933940] ___sys_sendmsg+0x28e/0x950 [ 47.938084] ? find_held_lock+0x36/0x1d0 [ 47.942561] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 47.947308] ? mark_held_locks+0x130/0x130 [ 47.951535] ? lock_downgrade+0x860/0x860 [ 47.956014] ? kasan_check_read+0x11/0x20 [ 47.960243] ? find_held_lock+0x36/0x1d0 [ 47.964591] ? __might_fault+0xf1/0x1b0 [ 47.968564] __sys_sendmmsg+0x160/0x370 [ 47.972746] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 47.977065] ? kasan_check_write+0x14/0x20 [ 47.981304] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 47.986167] ? __sb_end_write+0xa4/0xd0 [ 47.990168] ? kasan_check_write+0x14/0x20 [ 47.994388] ? fput+0x18/0x120 [ 47.997565] ? ksys_write+0x1ce/0x260 [ 48.001358] ? do_sys_open+0x16e/0x350 [ 48.005351] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 48.010100] ? do_syscall_64+0x21/0x4e0 [ 48.014213] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.019583] __x64_sys_sendmmsg+0x98/0x100 [ 48.023810] do_syscall_64+0xd0/0x4e0 [ 48.027611] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.032795] RIP: 0033:0x45a219 [ 48.035969] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.054853] RSP: 002b:00007f0b1192fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 48.062551] RAX: ffffffffffffffda RBX: 00007f0b1192fc90 RCX: 000000000045a219 [ 48.070239] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 48.077664] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 48.084914] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0b119306d4 [ 48.092163] R13: 00000000004c7fba R14: 00000000004de3e8 R15: 0000000000000006 [ 48.099449] CPU: 0 PID: 7294 Comm: syz-executor.5 Not tainted 4.19.114-syzkaller #0 [ 48.107249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.116601] Call Trace: [ 48.119187] dump_stack+0x123/0x177 [ 48.124756] print_address_description.cold.8+0x9/0x1ff [ 48.130148] kasan_report.cold.9+0x242/0x309 [ 48.134561] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 48.140048] __asan_report_load1_noabort+0x14/0x20 [ 48.145104] ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 48.150256] ? dccp_ackvec_clear_state+0x33e/0x7e0 [ 48.155192] ? rcu_read_lock_sched_held+0x108/0x120 [ 48.160221] dccp_deliver_input_to_ccids+0x19f/0x210 [ 48.165597] dccp_rcv_established+0x49/0x70 [ 48.169925] dccp_v4_do_rcv+0xfa/0x160 [ 48.173813] __release_sock+0x107/0x360 [ 48.182681] release_sock+0x4f/0x180 [ 48.186404] dccp_sendmsg+0x4f6/0xe20 [ 48.190206] ? import_iovec+0x9f/0x440 [ 48.194099] ? dccp_getsockopt+0xd0/0xd0 [ 48.198165] ? copy_msghdr_from_user+0x20b/0x3e0 [ 48.202930] inet_sendmsg+0x108/0x440 [ 48.206734] ? security_socket_sendmsg+0x4a/0x90 [ 48.211499] ? ipip_gro_receive+0xf0/0xf0 [ 48.215651] sock_sendmsg+0xb5/0xf0 [ 48.219279] ___sys_sendmsg+0x28e/0x950 [ 48.223259] ? find_held_lock+0x36/0x1d0 [ 48.228626] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 48.233521] ? mark_held_locks+0x130/0x130 [ 48.236460] dccp_parse_options: DCCP(00000000433cb479): Option 38 (len=1) error=5 [ 48.237752] ? lock_downgrade+0x860/0x860 [ 48.237762] ? kasan_check_read+0x11/0x20 [ 48.237773] ? find_held_lock+0x36/0x1d0 [ 48.237785] ? __might_fault+0xf1/0x1b0 [ 48.237804] __sys_sendmmsg+0x160/0x370 [ 48.237819] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 48.237829] ? kasan_check_write+0x14/0x20 [ 48.237836] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 48.237848] ? __sb_end_write+0xa4/0xd0 [ 48.270440] FAULT_INJECTION: forcing a failure. [ 48.270440] name failslab, interval 1, probability 0, space 0, times 0 [ 48.270584] ? kasan_check_write+0x14/0x20 [ 48.299080] ? fput+0x18/0x120 [ 48.302272] ? ksys_write+0x1ce/0x260 [ 48.306068] ? do_sys_open+0x16e/0x350 [ 48.309951] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 48.314696] ? do_syscall_64+0x21/0x4e0 [ 48.318658] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.324008] __x64_sys_sendmmsg+0x98/0x100 [ 48.328223] do_syscall_64+0xd0/0x4e0 [ 48.332006] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.337180] RIP: 0033:0x45a219 [ 48.340367] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.359276] RSP: 002b:00007ff56a948c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 48.366978] RAX: ffffffffffffffda RBX: 00007ff56a948c90 RCX: 000000000045a219 [ 48.374250] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 48.381517] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 48.388783] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff56a9496d4 [ 48.396042] R13: 00000000004c7fba R14: 00000000004de3e8 R15: 0000000000000006 [ 48.403308] [ 48.403312] CPU: 1 PID: 7316 Comm: syz-executor.1 Not tainted 4.19.114-syzkaller #0 [ 48.403317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.404920] Allocated by task 7294: [ 48.412738] Call Trace: [ 48.412752] dump_stack+0x123/0x177 [ 48.422124] save_stack+0x43/0xd0 [ 48.425752] should_fail.cold.4+0x5/0x13 [ 48.428304] kasan_kmalloc+0xc7/0xe0 [ 48.428309] __kmalloc_node_track_caller+0x50/0x70 [ 48.431916] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 48.435341] __kmalloc_reserve.isra.39+0x2c/0xc0 [ 48.435346] __alloc_skb+0xd7/0x580 [ 48.439392] __should_failslab+0xba/0xf0 [ 48.443083] dccp_send_ack+0xb3/0x340 [ 48.443088] ccid2_hc_rx_packet_recv+0xf9/0x170 [ 48.448012] should_failslab+0x9/0x14 [ 48.453089] dccp_deliver_input_to_ccids+0xc5/0x210 [ 48.457829] kmem_cache_alloc_trace+0x4b/0x740 [ 48.461432] dccp_rcv_established+0x49/0x70 [ 48.461437] dccp_v4_do_rcv+0xfa/0x160 [ 48.465490] dccp_ackvec_parsed_add+0x51/0x220 [ 48.469260] __sk_receive_skb+0x2a2/0x9a0 [ 48.469264] dccp_v4_rcv+0xbcd/0x1bbd [ 48.473913] ccid2_hc_tx_parse_options+0x5b/0x80 [ 48.477698] ip_local_deliver_finish+0x235/0x9f0 [ 48.477703] ip_local_deliver+0x2f7/0x440 [ 48.482700] dccp_parse_options+0x532/0xf20 [ 48.487778] ip_rcv_finish+0x166/0x270 [ 48.492083] dccp_rcv_established+0x23/0x70 [ 48.495938] ip_rcv+0xcb/0x2e0 [ 48.500495] dccp_v4_do_rcv+0xfa/0x160 [ 48.504624] __netif_receive_skb_one_core+0xe9/0x170 [ 48.504628] __netif_receive_skb+0x1f/0x1b0 [ 48.508407] __release_sock+0x107/0x360 [ 48.513138] process_backlog+0x1ca/0x6d0 [ 48.517981] release_sock+0x4f/0x180 [ 48.522105] net_rx_action+0x470/0xe20 [ 48.522110] __do_softirq+0x260/0x92d [ 48.526408] dccp_sendmsg+0x4f6/0xe20 [ 48.530266] [ 48.534570] ? import_iovec+0x9f/0x440 [ 48.537737] Freed by task 7294: [ 48.541621] ? dccp_getsockopt+0xd0/0xd0 [ 48.546696] save_stack+0x43/0xd0 [ 48.551002] ? copy_msghdr_from_user+0x20b/0x3e0 [ 48.554946] __kasan_slab_free+0x102/0x150 [ 48.558987] inet_sendmsg+0x108/0x440 [ 48.562844] kasan_slab_free+0xe/0x10 [ 48.562851] kfree+0xcf/0x220 [ 48.566729] ? security_socket_sendmsg+0x4a/0x90 [ 48.566739] ? ipip_gro_receive+0xf0/0xf0 [ 48.570529] skb_free_head+0x74/0x90 [ 48.570536] skb_release_data+0x481/0x6c0 [ 48.574328] sock_sendmsg+0xb5/0xf0 [ 48.575934] skb_release_all+0x3d/0x50 [ 48.579815] ___sys_sendmsg+0x28e/0x950 [ 48.583077] kfree_skb+0x97/0x270 [ 48.587120] ? find_held_lock+0x36/0x1d0 [ 48.590549] dccp_v4_do_rcv+0x111/0x160 [ 48.595978] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 48.600205] __release_sock+0x107/0x360 [ 48.600209] release_sock+0x4f/0x180 [ 48.603992] ? mark_held_locks+0x130/0x130 [ 48.607778] dccp_sendmsg+0x4f6/0xe20 [ 48.610871] ? lock_downgrade+0x860/0x860 [ 48.615708] inet_sendmsg+0x108/0x440 [ 48.615717] sock_sendmsg+0xb5/0xf0 [ 48.619861] ? kasan_check_read+0x11/0x20 [ 48.623558] ___sys_sendmsg+0x28e/0x950 [ 48.623564] __sys_sendmmsg+0x160/0x370 [ 48.627699] ? find_held_lock+0x36/0x1d0 [ 48.631312] __x64_sys_sendmmsg+0x98/0x100 [ 48.631322] do_syscall_64+0xd0/0x4e0 [ 48.635643] ? __might_fault+0xf1/0x1b0 [ 48.639611] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.639615] [ 48.643070] __sys_sendmmsg+0x160/0x370 [ 48.647094] The buggy address belongs to the object at ffff888091ad0080 [ 48.647094] which belongs to the cache kmalloc-2048 of size 2048 [ 48.651053] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 48.655781] The buggy address is located 1186 bytes inside of [ 48.655781] 2048-byte region [ffff888091ad0080, ffff888091ad0880) [ 48.659740] ? kasan_check_write+0x14/0x20 [ 48.663422] The buggy address belongs to the page: [ 48.667636] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 48.671425] page:ffffea000246b400 count:1 mapcount:0 mapping:ffff88812c35ec40 index:0x0 compound_mapcount: 0 [ 48.675560] ? __sb_end_write+0xa4/0xd0 [ 48.679326] flags: 0x1fffc0000008100(slab|head) [ 48.682933] ? kasan_check_write+0x14/0x20 [ 48.687067] raw: 01fffc0000008100 ffffea0002532a88 ffffea000246b508 ffff88812c35ec40 [ 48.691017] ? fput+0x18/0x120 [ 48.694965] raw: 0000000000000000 ffff888091ad0080 0000000100000003 0000000000000000 [ 48.699003] ? ksys_write+0x1ce/0x260 [ 48.703220] page dumped because: kasan: bad access detected [ 48.703222] [ 48.707004] ? do_sys_open+0x16e/0x350 [ 48.710948] Memory state around the buggy address: [ 48.710954] ffff888091ad0400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.716228] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 48.717845] ffff888091ad0480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.721803] ? do_syscall_64+0x21/0x4e0 [ 48.734621] >ffff888091ad0500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.738924] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.750942] ^ [ 48.750946] ffff888091ad0580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.755165] __x64_sys_sendmmsg+0x98/0x100 [ 48.760064] ffff888091ad0600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.764889] do_syscall_64+0xd0/0x4e0 [ 48.774843] ================================================================== [ 48.778803] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.783440] Disabling lock debugging due to kernel taint [ 48.787655] RIP: 0033:0x45a219 [ 48.808181] FAULT_INJECTION: forcing a failure. [ 48.808181] name failslab, interval 1, probability 0, space 0, times 0 [ 48.810340] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.941457] RSP: 002b:00007ff1d5a2ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 48.949142] RAX: ffffffffffffffda RBX: 00007ff1d5a2ec90 RCX: 000000000045a219 [ 48.956914] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 48.964172] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 48.971423] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff1d5a2f6d4 [ 48.978679] R13: 00000000004c7fba R14: 00000000004de3e8 R15: 0000000000000006 [ 48.986117] CPU: 0 PID: 7313 Comm: syz-executor.4 Tainted: G B 4.19.114-syzkaller #0 [ 48.995310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.004786] Call Trace: [ 49.007368] dump_stack+0x123/0x177 [ 49.010999] should_fail.cold.4+0x5/0x13 [ 49.015056] ? _raw_spin_unlock_irqrestore+0x63/0xd0 [ 49.020156] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 49.025377] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 49.030484] __should_failslab+0xba/0xf0 [ 49.036025] should_failslab+0x9/0x14 [ 49.039822] kmem_cache_alloc_trace+0x4b/0x740 [ 49.044402] ? trace_hardirqs_on+0x28/0x190 [ 49.048838] dccp_ackvec_parsed_add+0x51/0x220 [ 49.053426] ccid2_hc_tx_parse_options+0x5b/0x80 [ 49.058218] dccp_parse_options+0x532/0xf20 [ 49.062538] ? reqsk_fastopen_remove+0x500/0x500 [ 49.067299] dccp_rcv_established+0x23/0x70 [ 49.071651] dccp_v4_do_rcv+0xfa/0x160 [ 49.075539] __release_sock+0x107/0x360 [ 49.079514] release_sock+0x4f/0x180 [ 49.083221] dccp_sendmsg+0x4f6/0xe20 [ 49.087015] ? import_iovec+0x9f/0x440 [ 49.090897] ? dccp_getsockopt+0xd0/0xd0 [ 49.094987] ? copy_msghdr_from_user+0x20b/0x3e0 [ 49.099738] inet_sendmsg+0x108/0x440 [ 49.103711] ? security_socket_sendmsg+0x4a/0x90 [ 49.108462] ? ipip_gro_receive+0xf0/0xf0 [ 49.112607] sock_sendmsg+0xb5/0xf0 [ 49.116233] ___sys_sendmsg+0x28e/0x950 [ 49.117730] Kernel panic - not syncing: panic_on_warn set ... [ 49.117730] [ 49.120209] ? lock_downgrade+0x860/0x860 [ 49.135516] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 49.140251] ? mark_held_locks+0x130/0x130 [ 49.144464] ? lock_downgrade+0x860/0x860 [ 49.148593] ? __fget+0x9f/0x400 [ 49.151947] ? __fget+0x295/0x400 [ 49.155378] ? ksys_dup3+0x2e0/0x2e0 [ 49.159071] ? __might_fault+0xf1/0x1b0 [ 49.163031] ? lock_downgrade+0x860/0x860 [ 49.167156] ? __might_fault+0xc6/0x1b0 [ 49.171109] __sys_sendmmsg+0x160/0x370 [ 49.175064] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 49.179363] ? kasan_check_write+0x14/0x20 [ 49.183576] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 49.188399] ? __sb_end_write+0xa4/0xd0 [ 49.192351] ? kasan_check_write+0x14/0x20 [ 49.196667] ? fput+0x18/0x120 [ 49.199858] ? ksys_write+0x1ce/0x260 [ 49.203632] ? do_sys_open+0x16e/0x350 [ 49.207514] ? __ia32_sys_read+0xa0/0xa0 [ 49.211579] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.216422] __x64_sys_sendmmsg+0x98/0x100 [ 49.220647] do_syscall_64+0xd0/0x4e0 [ 49.224445] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.229614] RIP: 0033:0x45a219 [ 49.232810] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 49.251698] RSP: 002b:00007fbcd3098c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 49.259392] RAX: ffffffffffffffda RBX: 00007fbcd3098c90 RCX: 000000000045a219 [ 49.266643] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 49.273898] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 49.281232] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbcd30996d4 [ 49.288488] R13: 00000000004c7fba R14: 00000000004de3e8 R15: 0000000000000006 [ 49.295748] CPU: 1 PID: 7294 Comm: syz-executor.5 Tainted: G B 4.19.114-syzkaller #0 [ 49.304937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.308262] dccp_parse_options: DCCP(0000000097335f6d): Option 38 (len=1) error=5 [ 49.314290] Call Trace: [ 49.314303] dump_stack+0x123/0x177 [ 49.314309] panic+0x1cd/0x375 [ 49.314313] ? __warn_printk+0xd6/0xd6 [ 49.314320] ? ___preempt_schedule+0x16/0x18 [ 49.314331] kasan_end_report+0x47/0x4f [ 49.323302] dccp_parse_options: DCCP(00000000cfa2cf89): Option 38 (len=1) error=5 [ 49.324552] kasan_report.cold.9+0x76/0x309 [ 49.355580] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 49.360661] __asan_report_load1_noabort+0x14/0x20 [ 49.365568] ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 49.370528] ? dccp_ackvec_clear_state+0x33e/0x7e0 [ 49.375438] ? rcu_read_lock_sched_held+0x108/0x120 [ 49.380432] dccp_deliver_input_to_ccids+0x19f/0x210 [ 49.385511] dccp_rcv_established+0x49/0x70 [ 49.389816] dccp_v4_do_rcv+0xfa/0x160 [ 49.393679] __release_sock+0x107/0x360 [ 49.397626] release_sock+0x4f/0x180 [ 49.401331] dccp_sendmsg+0x4f6/0xe20 [ 49.405111] ? import_iovec+0x9f/0x440 [ 49.408972] ? dccp_getsockopt+0xd0/0xd0 [ 49.413030] ? copy_msghdr_from_user+0x20b/0x3e0 [ 49.417760] inet_sendmsg+0x108/0x440 [ 49.421533] ? security_socket_sendmsg+0x4a/0x90 [ 49.426262] ? ipip_gro_receive+0xf0/0xf0 [ 49.430381] sock_sendmsg+0xb5/0xf0 [ 49.433980] ___sys_sendmsg+0x28e/0x950 [ 49.437929] ? find_held_lock+0x36/0x1d0 [ 49.441963] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 49.446701] ? mark_held_locks+0x130/0x130 [ 49.450909] ? lock_downgrade+0x860/0x860 [ 49.455031] ? kasan_check_read+0x11/0x20 [ 49.459162] ? find_held_lock+0x36/0x1d0 [ 49.463201] ? __might_fault+0xf1/0x1b0 [ 49.467166] __sys_sendmmsg+0x160/0x370 [ 49.471114] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 49.475412] ? kasan_check_write+0x14/0x20 [ 49.479636] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 49.484494] ? __sb_end_write+0xa4/0xd0 [ 49.488511] ? kasan_check_write+0x14/0x20 [ 49.492814] ? fput+0x18/0x120 [ 49.495985] ? ksys_write+0x1ce/0x260 [ 49.499770] ? do_sys_open+0x16e/0x350 [ 49.503649] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 49.509165] ? do_syscall_64+0x21/0x4e0 [ 49.513272] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.518628] __x64_sys_sendmmsg+0x98/0x100 [ 49.522855] do_syscall_64+0xd0/0x4e0 [ 49.526652] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.531817] RIP: 0033:0x45a219 [ 49.534988] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 49.554302] RSP: 002b:00007ff56a948c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 49.561987] RAX: ffffffffffffffda RBX: 00007ff56a948c90 RCX: 000000000045a219 [ 49.569248] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 49.576501] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 49.583746] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff56a9496d4 [ 49.591002] R13: 00000000004c7fba R14: 00000000004de3e8 R15: 0000000000000006 [ 49.599546] Kernel Offset: disabled [ 49.603404] Rebooting in 86400 seconds..