syzkaller login: [ 34.451344] kauditd_printk_skb: 9 callbacks suppressed [ 34.451350] audit: type=1400 audit(1581501895.224:35): avc: denied { map } for pid=6985 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 43.593685] audit: type=1400 audit(1581501904.364:36): avc: denied { map } for pid=6996 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16480 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 44.240802] IPVS: ftp: loaded support on port[0] = 21 [ 44.637132] can: request_module (can-proto-0) failed. [ 45.686820] can: request_module (can-proto-0) failed. [ 45.695388] can: request_module (can-proto-0) failed. [ 45.850692] audit: type=1400 audit(1581501906.624:37): avc: denied { create } for pid=6996 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 45.874251] audit: type=1400 audit(1581501906.624:38): avc: denied { create } for pid=6996 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 45.898149] audit: type=1400 audit(1581501906.624:39): avc: denied { create } for pid=6996 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts. 2020/02/12 10:05:13 parsed 1 programs 2020/02/12 10:05:13 executed programs: 0 [ 53.137009] IPVS: ftp: loaded support on port[0] = 21 [ 53.184732] IPVS: ftp: loaded support on port[0] = 21 [ 53.227698] IPVS: ftp: loaded support on port[0] = 21 [ 53.227780] IPVS: ftp: loaded support on port[0] = 21 [ 53.235323] chnl_net:caif_netlink_parms(): no params data found [ 53.256961] IPVS: ftp: loaded support on port[0] = 21 [ 53.274445] IPVS: ftp: loaded support on port[0] = 21 [ 53.373614] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.380223] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.387059] device bridge_slave_0 entered promiscuous mode [ 53.395639] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.402268] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.409519] device bridge_slave_1 entered promiscuous mode [ 53.428801] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.438726] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.470813] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.478175] team0: Port device team_slave_0 added [ 53.493858] chnl_net:caif_netlink_parms(): no params data found [ 53.505835] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.513246] team0: Port device team_slave_1 added [ 53.518540] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.525683] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.609870] device hsr_slave_0 entered promiscuous mode [ 53.688577] device hsr_slave_1 entered promiscuous mode [ 53.787209] chnl_net:caif_netlink_parms(): no params data found [ 53.805511] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 53.842788] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 53.861968] chnl_net:caif_netlink_parms(): no params data found [ 53.870592] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.877056] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.884311] device bridge_slave_0 entered promiscuous mode [ 53.894745] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.901220] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.908121] device bridge_slave_1 entered promiscuous mode [ 53.924006] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.930708] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.937572] device bridge_slave_0 entered promiscuous mode [ 53.948116] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.954802] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.961997] device bridge_slave_1 entered promiscuous mode [ 53.968153] chnl_net:caif_netlink_parms(): no params data found [ 54.012003] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.020471] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.026941] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.034044] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.040761] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.071780] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.087420] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.094851] team0: Port device team_slave_0 added [ 54.101518] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.110816] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.117167] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.124190] device bridge_slave_0 entered promiscuous mode [ 54.132525] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.138884] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.145996] device bridge_slave_1 entered promiscuous mode [ 54.159280] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.166476] team0: Port device team_slave_1 added [ 54.173864] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.181821] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.194681] chnl_net:caif_netlink_parms(): no params data found [ 54.203720] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.210185] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.217007] device bridge_slave_0 entered promiscuous mode [ 54.223551] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.248091] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.256577] team0: Port device team_slave_0 added [ 54.262319] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.269515] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.276541] device bridge_slave_1 entered promiscuous mode [ 54.291589] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.303442] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.313285] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.321556] team0: Port device team_slave_1 added [ 54.327395] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.370667] device hsr_slave_0 entered promiscuous mode [ 54.418566] device hsr_slave_1 entered promiscuous mode [ 54.459964] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.466961] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.481653] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.498751] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.514197] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.521275] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.532710] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.546934] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.553398] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.560605] device bridge_slave_0 entered promiscuous mode [ 54.568627] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.575784] team0: Port device team_slave_0 added [ 54.593543] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.601088] team0: Port device team_slave_0 added [ 54.607081] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.616953] team0: Port device team_slave_1 added [ 54.622496] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.629261] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.636151] device bridge_slave_1 entered promiscuous mode [ 54.642748] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.650249] team0: Port device team_slave_1 added [ 54.689765] device hsr_slave_0 entered promiscuous mode [ 54.728697] device hsr_slave_1 entered promiscuous mode [ 54.799004] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.810565] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.823712] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.831142] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.842685] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.849476] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.866750] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.875042] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.940909] device hsr_slave_0 entered promiscuous mode [ 54.988596] device hsr_slave_1 entered promiscuous mode [ 55.029144] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.089783] device hsr_slave_0 entered promiscuous mode [ 55.148570] device hsr_slave_1 entered promiscuous mode [ 55.189340] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.212884] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.220523] team0: Port device team_slave_0 added [ 55.225777] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.233010] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.241713] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.249740] team0: Port device team_slave_1 added [ 55.259532] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.267436] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.277508] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.285026] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.307021] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.350116] device hsr_slave_0 entered promiscuous mode [ 55.388608] device hsr_slave_1 entered promiscuous mode [ 55.449136] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.456213] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.467822] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.475935] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.487238] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.514420] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.526459] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.543388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.551400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.564274] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.572402] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.588693] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.594961] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.603453] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.613649] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.623626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.631796] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.639483] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.645844] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.652807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.661277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.668900] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.675293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.692283] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.708171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.716033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.725888] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.740246] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.746363] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.757312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.774628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.783737] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.800004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.807732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.816077] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.822779] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.831532] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.842246] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 55.851082] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.859748] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.868793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.875831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.883745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.891612] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.897944] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.905273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.913206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.920465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.929250] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.938052] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 55.947062] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 55.958334] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.965420] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.972727] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.981281] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.988946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.996692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.005233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.013112] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.020782] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.030523] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.038042] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.047442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.055606] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.063580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.071452] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.080553] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.091701] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.101919] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.110469] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 56.117867] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.124928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.132979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.140784] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.147806] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.155187] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.162560] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.169622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.177160] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.185086] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.196044] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.204373] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.212758] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.221189] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.227259] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.235825] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.244531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.252580] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.261110] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.269311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.277052] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.283642] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.291901] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.303208] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.313568] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.322556] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.329963] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 56.337569] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.349792] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.356828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.365016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.372609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.380577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.387771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.394863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.402809] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.410492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.417305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.424338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.432253] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.440073] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.446417] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.453621] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.463104] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.469518] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.478158] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 56.489310] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.495510] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.504939] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.511363] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.523331] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 56.529823] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.539171] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.547960] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.556365] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.565039] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.579574] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.586989] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 56.593527] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.603792] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.612076] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.618579] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.625667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.633726] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.641341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.650358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.657716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.665799] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.673423] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.679797] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.686641] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.693412] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.700898] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.707816] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.716372] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.725833] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.736362] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.745582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.753656] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.762141] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.768527] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.775348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.783932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.791598] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.797948] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.804990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.812767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.820373] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.826706] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.835991] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.848222] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.856753] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.864967] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.873923] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.881503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.889581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.897145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.904916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.912962] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.922654] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 56.932302] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.945305] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 56.952958] audit: type=1400 audit(1581501917.724:40): avc: denied { associate } for pid=7091 comm="syz-executor.2" name="syz2" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 56.975331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.988099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.996039] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.007986] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 57.016919] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 57.025639] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 57.035835] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 57.046677] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 57.053159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.062293] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 57.075733] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 57.082666] audit: type=1400 audit(1581501917.854:41): avc: denied { name_bind } for pid=7114 comm="syz-executor.2" src=20003 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 57.083678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.111186] audit: type=1400 audit(1581501917.854:42): avc: denied { node_bind } for pid=7114 comm="syz-executor.2" src=20003 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 [ 57.120118] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.145458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.145677] audit: type=1400 audit(1581501917.854:43): avc: denied { name_connect } for pid=7114 comm="syz-executor.2" dest=20003 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 57.154202] FAULT_INJECTION: forcing a failure. [ 57.154202] name failslab, interval 1, probability 0, space 0, times 1 [ 57.188216] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.189445] CPU: 0 PID: 7115 Comm: syz-executor.2 Not tainted 4.19.103-syzkaller #0 [ 57.195770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 57.203032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.203037] Call Trace: [ 57.203050] dump_stack+0x123/0x177 [ 57.203062] should_fail.cold.4+0x5/0x13 [ 57.203070] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 57.203084] __should_failslab+0xba/0xf0 [ 57.203091] should_failslab+0x9/0x14 [ 57.203095] kmem_cache_alloc_trace+0x4b/0x740 [ 57.203107] dccp_ackvec_parsed_add+0x51/0x220 [ 57.203116] ccid2_hc_tx_parse_options+0x5b/0x80 [ 57.203123] dccp_parse_options+0x532/0xf20 [ 57.210981] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.219768] dccp_rcv_established+0x23/0x70 [ 57.219776] dccp_v4_do_rcv+0xfa/0x160 [ 57.219784] __release_sock+0x107/0x360 [ 57.219793] release_sock+0x4f/0x180 [ 57.219799] dccp_sendmsg+0x4f6/0xe20 [ 57.219806] ? sock_has_perm+0x1e2/0x2e0 [ 57.219815] ? dccp_getsockopt+0xd0/0xd0 [ 57.219827] ? copy_msghdr_from_user+0x20b/0x3e0 [ 57.219837] inet_sendmsg+0x108/0x440 [ 57.219843] ? security_socket_sendmsg+0x4a/0x90 [ 57.219849] ? ipip_gro_receive+0xf0/0xf0 [ 57.219853] sock_sendmsg+0xb5/0xf0 [ 57.219860] ___sys_sendmsg+0x28e/0x950 [ 57.219867] ? find_held_lock+0x36/0x1d0 [ 57.219872] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 57.219877] ? mark_held_locks+0x130/0x130 [ 57.219882] ? lock_downgrade+0x860/0x860 [ 57.219889] ? kasan_check_read+0x11/0x20 [ 57.219899] ? find_held_lock+0x36/0x1d0 [ 57.219908] ? __might_fault+0xf1/0x1b0 [ 57.219925] __sys_sendmmsg+0x160/0x370 [ 57.219934] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 57.219942] ? kasan_check_write+0x14/0x20 [ 57.219948] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 57.219960] ? __sb_end_write+0xa4/0xd0 [ 57.219966] ? kasan_check_write+0x14/0x20 [ 57.219971] ? fput+0x18/0x120 [ 57.219976] ? ksys_write+0x1ce/0x260 [ 57.219980] ? do_sys_open+0x16e/0x350 [ 57.219989] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 57.219995] ? do_syscall_64+0x21/0x4e0 [ 57.220002] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.220010] __x64_sys_sendmmsg+0x98/0x100 [ 57.220016] do_syscall_64+0xd0/0x4e0 [ 57.220023] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.220029] RIP: 0033:0x45a219 [ 57.220038] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.223091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.226233] RSP: 002b:00007fbafc2bbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 57.230959] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.235397] RAX: ffffffffffffffda RBX: 00007fbafc2bbc90 RCX: 000000000045a219 [ 57.235401] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 57.235404] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 57.235406] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbafc2bc6d4 [ 57.235409] R13: 00000000004c7fba R14: 00000000004de3e8 R15: 0000000000000006 [ 57.244586] dccp_parse_options: DCCP(00000000c82913e4): Option 38 (len=1) error=5 [ 57.250888] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 57.513468] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 57.527489] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 57.536501] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 57.544041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 57.551823] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.559410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 57.566970] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.575159] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 57.582496] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 57.592712] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 57.600643] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 57.609069] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 57.617221] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 57.624641] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 57.631386] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 57.638094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.645642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.653172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.661005] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.670440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.677856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.694610] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 57.704310] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 57.712771] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 57.719349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.727235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.737367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.745229] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.755729] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.762875] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 57.774458] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 57.783056] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 57.789465] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.797406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.805686] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.813327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.820922] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.830147] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 57.836206] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.846217] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 57.856656] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 57.866199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.876539] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.885042] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 57.891867] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 57.901620] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 57.907644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.919302] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 57.955457] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.967628] FAULT_INJECTION: forcing a failure. [ 57.967628] name failslab, interval 1, probability 0, space 0, times 0 [ 57.971840] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 57.991448] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 57.994211] CPU: 1 PID: 7127 Comm: syz-executor.0 Not tainted 4.19.103-syzkaller #0 [ 57.997940] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.005445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.005448] Call Trace: [ 58.005462] dump_stack+0x123/0x177 [ 58.005473] should_fail.cold.4+0x5/0x13 [ 58.005481] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 58.005488] ? lock_downgrade+0x860/0x860 [ 58.005499] __should_failslab+0xba/0xf0 [ 58.005506] should_failslab+0x9/0x14 [ 58.005510] kmem_cache_alloc_trace+0x2d4/0x740 [ 58.005518] ? debug_object_activate+0x327/0x4e0 [ 58.005523] ? lock_downgrade+0x860/0x860 [ 58.005534] dccp_feat_entry_new+0x140/0x360 [ 58.013275] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.021603] dccp_feat_push_confirm+0x26/0x280 [ 58.021611] dccp_feat_parse_options+0xf99/0x1a20 [ 58.021617] ? dccp_ackvec_parsed_add+0x51/0x220 [ 58.021625] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 58.021635] ? dccp_ackvec_parsed_add+0x115/0x220 [ 58.021643] dccp_parse_options+0x840/0xf20 2020/02/12 10:05:18 executed programs: 7 [ 58.021657] dccp_rcv_established+0x23/0x70 [ 58.021663] dccp_v4_do_rcv+0xfa/0x160 [ 58.021673] __release_sock+0x107/0x360 [ 58.026242] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 58.027882] release_sock+0x4f/0x180 [ 58.033804] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 58.037170] dccp_sendmsg+0x4f6/0xe20 [ 58.037179] ? sock_has_perm+0x1e2/0x2e0 [ 58.037194] ? dccp_getsockopt+0xd0/0xd0 [ 58.037205] ? copy_msghdr_from_user+0x20b/0x3e0 [ 58.046227] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.049367] inet_sendmsg+0x108/0x440 [ 58.049376] ? security_socket_sendmsg+0x4a/0x90 [ 58.049383] ? ipip_gro_receive+0xf0/0xf0 [ 58.049389] sock_sendmsg+0xb5/0xf0 [ 58.049396] ___sys_sendmsg+0x28e/0x950 [ 58.049403] ? find_held_lock+0x36/0x1d0 [ 58.049409] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 58.049415] ? mark_held_locks+0x130/0x130 [ 58.049422] ? lock_downgrade+0x860/0x860 [ 58.092872] FAULT_INJECTION: forcing a failure. [ 58.092872] name failslab, interval 1, probability 0, space 0, times 0 [ 58.094079] ? kasan_check_read+0x11/0x20 [ 58.094093] ? find_held_lock+0x36/0x1d0 [ 58.211163] ? __might_fault+0xf1/0x1b0 [ 58.215134] __sys_sendmmsg+0x160/0x370 [ 58.219111] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 58.223425] ? kasan_check_write+0x14/0x20 [ 58.227662] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 58.232519] ? __sb_end_write+0xa4/0xd0 [ 58.236485] ? kasan_check_write+0x14/0x20 [ 58.240723] ? fput+0x18/0x120 [ 58.243910] ? ksys_write+0x1ce/0x260 [ 58.247703] ? do_sys_open+0x16e/0x350 [ 58.251593] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 58.256355] ? do_syscall_64+0x21/0x4e0 [ 58.260320] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.265684] __x64_sys_sendmmsg+0x98/0x100 [ 58.269913] do_syscall_64+0xd0/0x4e0 [ 58.273720] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.278895] RIP: 0033:0x45a219 [ 58.282075] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.300965] RSP: 002b:00007f7186efdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 58.308659] RAX: ffffffffffffffda RBX: 00007f7186efdc90 RCX: 000000000045a219 [ 58.315920] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 58.323181] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 58.330464] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7186efe6d4 [ 58.337724] R13: 00000000004c7fba R14: 00000000004de3e8 R15: 0000000000000006 [ 58.345115] CPU: 0 PID: 7131 Comm: syz-executor.4 Not tainted 4.19.103-syzkaller #0 [ 58.352914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.363046] Call Trace: [ 58.365634] dump_stack+0x123/0x177 [ 58.369271] should_fail.cold.4+0x5/0x13 [ 58.373337] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 58.378528] ? lock_downgrade+0x860/0x860 [ 58.381834] dccp_parse_options: DCCP(00000000129d0ac2): Option 32 (len=7) error=9 [ 58.382691] __should_failslab+0xba/0xf0 [ 58.391247] ================================================================== [ 58.394375] should_failslab+0x9/0x14 [ 58.394383] kmem_cache_alloc_trace+0x2d4/0x740 [ 58.401850] BUG: KASAN: use-after-free in ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 58.401857] Read of size 1 at addr ffff888093be6562 by task syz-executor.0/7127 [ 58.405735] ? debug_object_activate+0x327/0x4e0 [ 58.410417] [ 58.431689] ? lock_downgrade+0x860/0x860 [ 58.435843] dccp_feat_entry_new+0x140/0x360 [ 58.440371] dccp_feat_push_confirm+0x26/0x280 [ 58.445245] dccp_feat_parse_options+0xf99/0x1a20 [ 58.450304] ? dccp_ackvec_parsed_add+0x51/0x220 [ 58.455055] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 58.460941] ? dccp_ackvec_parsed_add+0x115/0x220 [ 58.465784] dccp_parse_options+0x840/0xf20 [ 58.470097] dccp_rcv_established+0x23/0x70 [ 58.474411] dccp_v4_do_rcv+0xfa/0x160 [ 58.478307] __release_sock+0x107/0x360 [ 58.482282] release_sock+0x4f/0x180 [ 58.485991] dccp_sendmsg+0x4f6/0xe20 [ 58.489801] ? sock_has_perm+0x1e2/0x2e0 [ 58.493874] ? dccp_getsockopt+0xd0/0xd0 [ 58.497926] ? copy_msghdr_from_user+0x20b/0x3e0 [ 58.502776] inet_sendmsg+0x108/0x440 [ 58.506583] ? security_socket_sendmsg+0x4a/0x90 [ 58.511528] ? ipip_gro_receive+0xf0/0xf0 [ 58.515673] sock_sendmsg+0xb5/0xf0 [ 58.519284] ___sys_sendmsg+0x28e/0x950 [ 58.523248] ? find_held_lock+0x36/0x1d0 [ 58.527315] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 58.532068] ? mark_held_locks+0x130/0x130 [ 58.536302] ? lock_downgrade+0x860/0x860 [ 58.540442] ? kasan_check_read+0x11/0x20 [ 58.544641] ? find_held_lock+0x36/0x1d0 [ 58.548793] ? __might_fault+0xf1/0x1b0 [ 58.552773] __sys_sendmmsg+0x160/0x370 [ 58.556746] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 58.561082] ? kasan_check_write+0x14/0x20 [ 58.565305] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 58.570189] ? __sb_end_write+0xa4/0xd0 [ 58.574164] ? kasan_check_write+0x14/0x20 [ 58.578398] ? fput+0x18/0x120 [ 58.581576] ? ksys_write+0x1ce/0x260 [ 58.585367] ? do_sys_open+0x16e/0x350 [ 58.589254] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 58.594010] ? do_syscall_64+0x21/0x4e0 [ 58.597993] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.603353] __x64_sys_sendmmsg+0x98/0x100 [ 58.607582] do_syscall_64+0xd0/0x4e0 [ 58.611372] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.616551] RIP: 0033:0x45a219 [ 58.619752] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.638664] RSP: 002b:00007f0022993c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 58.646451] RAX: ffffffffffffffda RBX: 00007f0022993c90 RCX: 000000000045a219 [ 58.653736] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 58.661100] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 58.668378] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f00229946d4 [ 58.675761] R13: 00000000004c7fba R14: 00000000004de3e8 R15: 0000000000000006 [ 58.683039] CPU: 1 PID: 7127 Comm: syz-executor.0 Not tainted 4.19.103-syzkaller #0 [ 58.690840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.699246] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 58.700190] Call Trace: [ 58.708921] dump_stack+0x123/0x177 [ 58.709413] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.712555] print_address_description.cold.8+0x9/0x1ff [ 58.712563] kasan_report.cold.9+0x242/0x309 [ 58.712569] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 58.712578] __asan_report_load1_noabort+0x14/0x20 [ 58.726555] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.728908] ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 58.728918] ? dccp_ackvec_clear_state+0x33e/0x7e0 [ 58.728924] ? rcu_read_lock_sched_held+0x108/0x120 [ 58.728938] dccp_deliver_input_to_ccids+0x19f/0x210 [ 58.728945] dccp_rcv_established+0x49/0x70 [ 58.728951] dccp_v4_do_rcv+0xfa/0x160 [ 58.728958] __release_sock+0x107/0x360 [ 58.728967] release_sock+0x4f/0x180 [ 58.738216] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.738977] dccp_sendmsg+0x4f6/0xe20 [ 58.738986] ? sock_has_perm+0x1e2/0x2e0 [ 58.738995] ? dccp_getsockopt+0xd0/0xd0 [ 58.739006] ? copy_msghdr_from_user+0x20b/0x3e0 [ 58.739017] inet_sendmsg+0x108/0x440 [ 58.755128] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.755427] ? security_socket_sendmsg+0x4a/0x90 [ 58.762460] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.765675] ? ipip_gro_receive+0xf0/0xf0 [ 58.774310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.777813] sock_sendmsg+0xb5/0xf0 [ 58.839892] ___sys_sendmsg+0x28e/0x950 [ 58.843869] ? find_held_lock+0x36/0x1d0 [ 58.847932] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 58.852799] ? mark_held_locks+0x130/0x130 [ 58.857035] ? lock_downgrade+0x860/0x860 [ 58.861189] ? kasan_check_read+0x11/0x20 [ 58.865345] ? find_held_lock+0x36/0x1d0 [ 58.869412] ? __might_fault+0xf1/0x1b0 [ 58.873396] __sys_sendmmsg+0x160/0x370 [ 58.877374] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 58.878650] FAULT_INJECTION: forcing a failure. [ 58.878650] name failslab, interval 1, probability 0, space 0, times 0 [ 58.881695] ? kasan_check_write+0x14/0x20 [ 58.881702] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 58.881715] ? __sb_end_write+0xa4/0xd0 [ 58.899198] FAULT_INJECTION: forcing a failure. [ 58.899198] name failslab, interval 1, probability 0, space 0, times 0 [ 58.902397] ? kasan_check_write+0x14/0x20 [ 58.902403] ? fput+0x18/0x120 [ 58.902409] ? ksys_write+0x1ce/0x260 [ 58.902415] ? do_sys_open+0x16e/0x350 [ 58.933479] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 58.938234] ? do_syscall_64+0x21/0x4e0 [ 58.942204] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.947557] __x64_sys_sendmmsg+0x98/0x100 [ 58.951781] do_syscall_64+0xd0/0x4e0 [ 58.955573] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.960756] RIP: 0033:0x45a219 [ 58.963936] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.982913] RSP: 002b:00007f7186efdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 58.990710] RAX: ffffffffffffffda RBX: 00007f7186efdc90 RCX: 000000000045a219 [ 58.997971] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 59.005233] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 59.012520] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7186efe6d4 [ 59.019787] R13: 00000000004c7fba R14: 00000000004de3e8 R15: 0000000000000006 [ 59.027061] [ 59.027066] CPU: 0 PID: 7146 Comm: syz-executor.1 Not tainted 4.19.103-syzkaller #0 [ 59.027071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.028678] Allocated by task 7127: [ 59.036464] Call Trace: [ 59.036477] dump_stack+0x123/0x177 [ 59.045825] save_stack+0x43/0xd0 [ 59.049452] should_fail.cold.4+0x5/0x13 [ 59.052014] kasan_kmalloc+0xc7/0xe0 [ 59.055624] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 59.059181] __kmalloc_node_track_caller+0x50/0x70 [ 59.059189] __kmalloc_reserve.isra.39+0x2c/0xc0 [ 59.063279] __should_failslab+0xba/0xf0 [ 59.066963] __alloc_skb+0xd7/0x580 [ 59.066970] dccp_send_ack+0xb3/0x340 [ 59.072068] should_failslab+0x9/0x14 [ 59.076987] ccid2_hc_rx_packet_recv+0xf9/0x170 [ 59.076995] dccp_deliver_input_to_ccids+0xc5/0x210 [ 59.081743] kmem_cache_alloc_trace+0x4b/0x740 [ 59.085782] dccp_rcv_established+0x49/0x70 [ 59.085786] dccp_v4_do_rcv+0xfa/0x160 [ 59.089399] dccp_ackvec_parsed_add+0x51/0x220 [ 59.093183] __sk_receive_skb+0x2a2/0x9a0 [ 59.093190] dccp_v4_rcv+0xbcd/0x1bbd [ 59.096981] ccid2_hc_tx_parse_options+0x5b/0x80 [ 59.101648] ip_local_deliver_finish+0x235/0x9f0 [ 59.101654] ip_local_deliver+0x2f7/0x440 [ 59.106678] dccp_parse_options+0x532/0xf20 [ 59.111250] ip_rcv_finish+0x166/0x270 [ 59.111257] ip_rcv+0xcb/0x2e0 [ 59.115591] dccp_rcv_established+0x23/0x70 [ 59.119454] __netif_receive_skb_one_core+0xe9/0x170 [ 59.124025] dccp_v4_do_rcv+0xfa/0x160 [ 59.128210] __netif_receive_skb+0x1f/0x1b0 [ 59.132125] __release_sock+0x107/0x360 [ 59.136864] process_backlog+0x1ca/0x6d0 [ 59.136870] net_rx_action+0x470/0xe20 [ 59.141615] release_sock+0x4f/0x180 [ 59.145742] __do_softirq+0x260/0x92d [ 59.145825] [ 59.150097] dccp_sendmsg+0x4f6/0xe20 [ 59.154083] Freed by task 7127: [ 59.154092] save_stack+0x43/0xd0 [ 59.157278] ? sock_has_perm+0x1e2/0x2e0 [ 59.161670] __kasan_slab_free+0x102/0x150 [ 59.166765] ? dccp_getsockopt+0xd0/0xd0 [ 59.170678] kasan_slab_free+0xe/0x10 [ 59.170685] kfree+0xcf/0x220 [ 59.175010] ? copy_msghdr_from_user+0x20b/0x3e0 [ 59.179058] skb_free_head+0x74/0x90 [ 59.183114] inet_sendmsg+0x108/0x440 [ 59.186979] skb_release_data+0x481/0x6c0 [ 59.190697] ? security_socket_sendmsg+0x4a/0x90 [ 59.194477] skb_release_all+0x3d/0x50 [ 59.196090] ? ipip_gro_receive+0xf0/0xf0 [ 59.199866] kfree_skb+0x97/0x270 [ 59.199873] dccp_v4_do_rcv+0x111/0x160 [ 59.203153] sock_sendmsg+0xb5/0xf0 [ 59.206589] __release_sock+0x107/0x360 [ 59.210636] ___sys_sendmsg+0x28e/0x950 [ 59.214855] release_sock+0x4f/0x180 [ 59.214864] dccp_sendmsg+0x4f6/0xe20 [ 59.218917] ? find_held_lock+0x36/0x1d0 [ 59.222722] inet_sendmsg+0x108/0x440 [ 59.222729] sock_sendmsg+0xb5/0xf0 [ 59.225822] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 59.230555] ___sys_sendmsg+0x28e/0x950 [ 59.234261] ? mark_held_locks+0x130/0x130 [ 59.238042] __sys_sendmmsg+0x160/0x370 [ 59.242541] ? lock_downgrade+0x860/0x860 [ 59.247286] __x64_sys_sendmmsg+0x98/0x100 [ 59.251271] ? kasan_check_read+0x11/0x20 [ 59.255424] do_syscall_64+0xd0/0x4e0 [ 59.258867] ? find_held_lock+0x36/0x1d0 [ 59.262834] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.266452] ? __might_fault+0xf1/0x1b0 [ 59.270405] [ 59.274400] __sys_sendmmsg+0x160/0x370 [ 59.278127] The buggy address belongs to the object at ffff888093be60c0 [ 59.278127] which belongs to the cache kmalloc-2048 of size 2048 [ 59.278132] The buggy address is located 1186 bytes inside of [ 59.278132] 2048-byte region [ffff888093be60c0, ffff888093be68c0) [ 59.278134] The buggy address belongs to the page: [ 59.278140] page:ffffea00024ef980 count:1 mapcount:0 mapping:ffff88812c35ec40 index:0x0 compound_mapcount: 0 [ 59.281968] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 59.286005] flags: 0x1fffc0000008100(slab|head) [ 59.289810] ? kasan_check_write+0x14/0x20 [ 59.293421] raw: 01fffc0000008100 ffffea000252d388 ffffea00027bc408 ffff88812c35ec40 [ 59.298170] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 59.302125] raw: 0000000000000000 ffff888093be60c0 0000000100000003 0000000000000000 [ 59.306366] ? __sb_end_write+0xa4/0xd0 [ 59.310317] page dumped because: kasan: bad access detected [ 59.314451] ? kasan_check_write+0x14/0x20 [ 59.318770] [ 59.322916] ? fput+0x18/0x120 [ 59.326690] Memory state around the buggy address: [ 59.326697] ffff888093be6400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.330752] ? ksys_write+0x1ce/0x260 [ 59.335924] ffff888093be6480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.339888] ? do_sys_open+0x16e/0x350 [ 59.341501] >ffff888093be6500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.345471] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 59.358286] ^ [ 59.370336] ? do_syscall_64+0x21/0x4e0 [ 59.375250] ffff888093be6580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.385218] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.389541] ffff888093be6600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.394212] __x64_sys_sendmmsg+0x98/0x100 [ 59.398437] ================================================================== [ 59.406326] do_syscall_64+0xd0/0x4e0 [ 59.411163] Disabling lock debugging due to kernel taint [ 59.419051] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.473043] Kernel panic - not syncing: panic_on_warn set ... [ 59.473043] [ 59.477081] RIP: 0033:0x45a219 [ 59.545359] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.564356] RSP: 002b:00007f48d5edbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 59.572053] RAX: ffffffffffffffda RBX: 00007f48d5edbc90 RCX: 000000000045a219 [ 59.579318] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 59.586581] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 59.593891] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f48d5edc6d4 [ 59.601174] R13: 00000000004c7fba R14: 00000000004de3e8 R15: 0000000000000006 [ 59.608440] CPU: 1 PID: 7127 Comm: syz-executor.0 Tainted: G B 4.19.103-syzkaller #0 [ 59.617621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.626979] Call Trace: [ 59.629563] dump_stack+0x123/0x177 [ 59.633214] panic+0x1cd/0x375 [ 59.636491] ? __warn_printk+0xd6/0xd6 [ 59.640374] ? ___preempt_schedule+0x16/0x18 [ 59.644800] kasan_end_report+0x47/0x4f [ 59.648765] kasan_report.cold.9+0x76/0x309 [ 59.653077] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 59.658202] __asan_report_load1_noabort+0x14/0x20 [ 59.663198] ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 59.668122] ? dccp_ackvec_clear_state+0x33e/0x7e0 [ 59.673048] ? rcu_read_lock_sched_held+0x108/0x120 [ 59.678058] dccp_deliver_input_to_ccids+0x19f/0x210 [ 59.683153] dccp_rcv_established+0x49/0x70 [ 59.687467] dccp_v4_do_rcv+0xfa/0x160 [ 59.691342] __release_sock+0x107/0x360 [ 59.695311] release_sock+0x4f/0x180 [ 59.699016] dccp_sendmsg+0x4f6/0xe20 [ 59.702804] ? sock_has_perm+0x1e2/0x2e0 [ 59.706973] ? dccp_getsockopt+0xd0/0xd0 [ 59.711020] ? copy_msghdr_from_user+0x20b/0x3e0 [ 59.715766] inet_sendmsg+0x108/0x440 [ 59.719551] ? security_socket_sendmsg+0x4a/0x90 [ 59.724382] ? ipip_gro_receive+0xf0/0xf0 [ 59.728539] sock_sendmsg+0xb5/0xf0 [ 59.732159] ___sys_sendmsg+0x28e/0x950 [ 59.736145] ? find_held_lock+0x36/0x1d0 [ 59.740205] ? copy_msghdr_from_user+0x3e0/0x3e0 [ 59.744945] ? mark_held_locks+0x130/0x130 [ 59.749181] ? lock_downgrade+0x860/0x860 [ 59.753328] ? kasan_check_read+0x11/0x20 [ 59.757471] ? find_held_lock+0x36/0x1d0 [ 59.761525] ? __might_fault+0xf1/0x1b0 [ 59.765490] __sys_sendmmsg+0x160/0x370 [ 59.769462] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 59.773775] ? kasan_check_write+0x14/0x20 [ 59.778002] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 59.782833] ? __sb_end_write+0xa4/0xd0 [ 59.786794] ? kasan_check_write+0x14/0x20 [ 59.791023] ? fput+0x18/0x120 [ 59.794209] ? ksys_write+0x1ce/0x260 [ 59.797997] ? do_sys_open+0x16e/0x350 [ 59.801882] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 59.806629] ? do_syscall_64+0x21/0x4e0 [ 59.810593] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.815952] __x64_sys_sendmmsg+0x98/0x100 [ 59.820177] do_syscall_64+0xd0/0x4e0 [ 59.823981] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.829167] RIP: 0033:0x45a219 [ 59.832345] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.851241] RSP: 002b:00007f7186efdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 59.858936] RAX: ffffffffffffffda RBX: 00007f7186efdc90 RCX: 000000000045a219 [ 59.866191] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 59.868341] dccp_parse_options: DCCP(00000000c82913e4): Option 32 (len=7) error=9 [ 59.873448] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 59.873450] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7186efe6d4 [ 59.873453] R13: 00000000004c7fba R14: 00000000004de3e8 R15: 0000000000000006 [ 59.874928] Kernel Offset: disabled [ 59.907995] Rebooting in 86400 seconds..