Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 27.564250] audit: type=1400 audit(1586127312.008:8): avc: denied { execmem } for pid=6128 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 27.790761] IPVS: ftp: loaded support on port[0] = 21 [ 28.918435] can: request_module (can-proto-0) failed. [ 28.927621] can: request_module (can-proto-0) failed. [ 28.936304] can: request_module (can-proto-0) failed. [ 28.961694] audit: type=1400 audit(1586127313.399:9): avc: denied { create } for pid=6107 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 Warning: Permanently added '10.128.0.78' (ECDSA) to the list of known hosts. 2020/04/05 22:55:20 parsed 1 programs 2020/04/05 22:55:20 executed programs: 0 [ 36.319488] audit: type=1400 audit(1586127320.764:10): avc: denied { execmem } for pid=6249 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 36.575038] IPVS: ftp: loaded support on port[0] = 21 [ 37.342089] IPVS: ftp: loaded support on port[0] = 21 [ 37.403477] chnl_net:caif_netlink_parms(): no params data found [ 37.446234] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.453267] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.460700] device bridge_slave_0 entered promiscuous mode [ 37.468185] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.475810] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.476816] IPVS: ftp: loaded support on port[0] = 21 [ 37.482824] device bridge_slave_1 entered promiscuous mode [ 37.503374] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 37.512113] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 37.537882] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 37.545624] team0: Port device team_slave_0 added [ 37.552930] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 37.560940] team0: Port device team_slave_1 added [ 37.574055] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 37.585093] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 37.686251] device hsr_slave_0 entered promiscuous mode [ 37.714059] device hsr_slave_1 entered promiscuous mode [ 37.766606] chnl_net:caif_netlink_parms(): no params data found [ 37.775494] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 37.793371] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 37.835673] IPVS: ftp: loaded support on port[0] = 21 [ 37.868054] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.875259] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.882117] device bridge_slave_0 entered promiscuous mode [ 37.891127] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.898688] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.906097] device bridge_slave_1 entered promiscuous mode [ 37.919681] chnl_net:caif_netlink_parms(): no params data found [ 37.935718] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.942411] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.949362] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.955796] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.983353] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 38.007365] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 38.007889] IPVS: ftp: loaded support on port[0] = 21 [ 38.053713] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.060259] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.068516] device bridge_slave_0 entered promiscuous mode [ 38.075671] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 38.082665] team0: Port device team_slave_0 added [ 38.090972] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 38.098031] team0: Port device team_slave_1 added [ 38.103259] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 38.112363] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.118902] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.126003] device bridge_slave_1 entered promiscuous mode [ 38.143997] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 38.216041] device hsr_slave_0 entered promiscuous mode [ 38.253750] device hsr_slave_1 entered promiscuous mode [ 38.293994] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 38.301567] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 38.308466] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.315859] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 38.333200] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 38.341781] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 38.387150] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 38.415163] chnl_net:caif_netlink_parms(): no params data found [ 38.430801] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 38.438397] team0: Port device team_slave_0 added [ 38.451560] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 38.459166] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.468310] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 38.476017] team0: Port device team_slave_1 added [ 38.481303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.489819] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.507075] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.514160] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 38.529627] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 38.542560] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 38.550302] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 38.550868] IPVS: ftp: loaded support on port[0] = 21 [ 38.562790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.570669] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.579835] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.586285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.594308] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 38.646072] device hsr_slave_0 entered promiscuous mode [ 38.673542] device hsr_slave_1 entered promiscuous mode [ 38.714084] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 38.739096] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.745533] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.752322] device bridge_slave_0 entered promiscuous mode [ 38.776978] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 38.784348] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 38.791500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.799251] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.807122] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.813690] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.835412] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.841778] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.850267] device bridge_slave_1 entered promiscuous mode [ 38.876382] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 38.885919] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 38.899753] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 38.917809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 38.926112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 38.934708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 38.942200] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.951114] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 38.967564] chnl_net:caif_netlink_parms(): no params data found [ 38.979154] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 38.993956] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 39.001717] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 39.014728] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 39.022646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 39.030645] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.038285] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.045934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.058756] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 39.070117] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 39.084936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.092417] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.101872] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 39.108480] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 39.186083] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 39.194717] team0: Port device team_slave_0 added [ 39.214106] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.220536] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.228118] device bridge_slave_0 entered promiscuous mode [ 39.236041] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 39.244832] team0: Port device team_slave_1 added [ 39.253505] chnl_net:caif_netlink_parms(): no params data found [ 39.262919] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 39.269720] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.276506] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.283880] device bridge_slave_1 entered promiscuous mode [ 39.290224] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 39.299419] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 39.365567] device hsr_slave_0 entered promiscuous mode [ 39.403597] device hsr_slave_1 entered promiscuous mode [ 39.453544] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 39.460747] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 39.468408] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.492041] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 39.502362] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 39.509507] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 39.520136] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.528665] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 39.537615] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 39.558073] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.565119] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.571925] device bridge_slave_0 entered promiscuous mode [ 39.579575] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 39.602143] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 39.610097] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.618209] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.628636] device bridge_slave_1 entered promiscuous mode [ 39.647109] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.654425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.661841] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 39.669710] team0: Port device team_slave_0 added [ 39.675454] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 39.682517] team0: Port device team_slave_1 added [ 39.703560] audit: type=1400 audit(1586127324.155:11): avc: denied { create } for pid=7108 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 [ 39.704030] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 39.737574] FAULT_INJECTION: forcing a failure. [ 39.737574] name failslab, interval 1, probability 0, space 0, times 1 [ 39.741848] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.750141] audit: type=1400 audit(1586127324.175:12): avc: denied { name_bind } for pid=7108 comm="syz-executor.2" src=20003 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 39.762249] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 39.776600] CPU: 0 PID: 7109 Comm: syz-executor.2 Not tainted 4.14.175-syzkaller #0 [ 39.789446] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 39.790282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.802055] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.807162] Call Trace: [ 39.807176] dump_stack+0xf7/0x13b [ 39.807186] should_fail.cold.3+0x105/0x14b [ 39.807195] should_failslab+0xba/0xf0 [ 39.807203] kmem_cache_alloc_trace+0x4b/0x7a0 [ 39.807212] ? trace_hardirqs_off+0x10/0x10 [ 39.807221] dccp_ackvec_parsed_add+0x51/0x220 [ 39.807227] ccid2_hc_tx_parse_options+0x5b/0x80 [ 39.807235] dccp_parse_options+0x532/0xf20 [ 39.807253] dccp_rcv_established+0x23/0x70 [ 39.807259] dccp_v4_do_rcv+0xfa/0x160 [ 39.807268] __release_sock+0x10b/0x340 [ 39.807277] release_sock+0x4f/0x180 [ 39.807284] dccp_sendmsg+0x4ab/0xc70 [ 39.824136] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 39.827454] ? import_iovec+0x96/0x420 [ 39.827469] ? dccp_getsockopt+0xd0/0xd0 [ 39.839561] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 39.840936] ? copy_msghdr_from_user+0x201/0x3f0 [ 39.840947] inet_sendmsg+0x108/0x440 [ 39.848315] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 39.850273] ? security_socket_sendmsg+0x6a/0xa0 [ 39.850282] ? inet_recvmsg+0x640/0x640 [ 39.850288] sock_sendmsg+0xb5/0xf0 [ 39.850294] ___sys_sendmsg+0x282/0x920 [ 39.860344] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.862437] ? trace_hardirqs_off+0x10/0x10 [ 39.862446] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 39.862454] ? trace_hardirqs_on+0x10/0x10 [ 39.867828] audit: type=1400 audit(1586127324.175:13): avc: denied { node_bind } for pid=7108 comm="syz-executor.2" src=20003 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 [ 39.869972] ? trace_hardirqs_off+0x10/0x10 [ 39.869981] ? __fget+0x1ad/0x2f0 [ 39.869987] ? lock_downgrade+0x7f0/0x7f0 [ 39.883060] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 39.884205] ? find_held_lock+0x36/0x1d0 [ 39.884217] ? __might_fault+0xf1/0x1b0 [ 39.892337] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 39.895004] __sys_sendmmsg+0x126/0x300 [ 39.895011] ? SyS_sendmsg+0x20/0x20 [ 39.895029] ? __sb_end_write+0xa4/0xd0 [ 39.895038] ? mutex_unlock+0xd/0x10 [ 39.895044] ? SyS_write+0x1c5/0x250 [ 39.895054] ? do_syscall_64+0x4c/0x5b0 [ 39.895060] ? __sys_sendmmsg+0x300/0x300 [ 39.895065] SyS_sendmmsg+0xd/0x20 [ 39.895069] do_syscall_64+0x1c7/0x5b0 [ 39.895074] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.895083] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 39.895088] RIP: 0033:0x45a219 [ 39.895091] RSP: 002b:00007f18f8d13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 39.895097] RAX: ffffffffffffffda RBX: 00007f18f8d13c90 RCX: 000000000045a219 [ 39.895100] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 39.895103] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 39.895106] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18f8d146d4 [ 39.895109] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 39.983588] audit: type=1400 audit(1586127324.175:14): avc: denied { name_connect } for pid=7108 comm="syz-executor.2" dest=20003 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 40.016635] dccp_parse_options: DCCP(ffff8880982d0100): Option 38 (len=1) error=5 [ 40.019986] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 40.097499] audit: type=1400 audit(1586127324.185:15): avc: denied { write } for pid=7108 comm="syz-executor.2" path="socket:[23347]" dev="sockfs" ino=23347 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 [ 40.112194] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 40.168934] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 40.177773] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 40.186396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.193316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.200279] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.208116] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.216992] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.223390] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.230218] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.238009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.246086] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.252419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.259325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.267137] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.274784] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.281120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.289226] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 40.307963] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 40.321763] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 40.329413] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 40.338641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 40.346996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.355248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.363094] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.369507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.378260] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 40.425735] device hsr_slave_0 entered promiscuous mode [ 40.463045] device hsr_slave_1 entered promiscuous mode [ 40.503259] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 40.511692] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 40.523953] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 40.531007] team0: Port device team_slave_0 added [ 40.537223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 40.545424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 40.555307] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 40.562540] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 40.571859] team0: Port device team_slave_1 added [ 40.577722] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 40.588395] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 40.597010] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 40.605633] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 40.614046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 40.621635] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 40.630118] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 40.638452] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 40.649118] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 40.671737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 40.679456] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 40.690758] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 40.725211] device hsr_slave_0 entered promiscuous mode [ 40.762723] device hsr_slave_1 entered promiscuous mode [ 40.823807] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 40.833870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 40.841552] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 40.849310] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 40.857290] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 40.866310] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 40.874874] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 40.892779] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 40.900402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 40.910102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.918906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 40.926446] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.934836] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 40.942563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 40.950084] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 40.960556] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 40.966904] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 40.988515] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 40.999069] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 41.008444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.016934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.024533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.032096] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.046609] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 41.055223] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 41.061305] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 41.072854] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 41.095588] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 41.108528] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 41.114862] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 41.121771] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 41.134069] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.142129] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 41.152074] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 41.159392] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 41.171026] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.179371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.187045] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.194287] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 41.200927] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 41.210682] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 41.217513] 8021q: adding VLAN 0 to HW filter on device team0 [ 41.225380] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.233304] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 41.240886] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 41.255778] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 41.266411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.273708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.280552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.288713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.296551] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.303043] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.310547] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 41.326169] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.333834] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 41.339914] 8021q: adding VLAN 0 to HW filter on device team0 [ 41.350090] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 41.361907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.370341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.393271] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.399642] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.418946] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 41.427959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.437911] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 41.448463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.456969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.461090] FAULT_INJECTION: forcing a failure. [ 41.461090] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 41.465546] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.476045] CPU: 1 PID: 7162 Comm: syz-executor.0 Not tainted 4.14.175-syzkaller #0 [ 41.476049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.476051] Call Trace: [ 41.476065] dump_stack+0xf7/0x13b [ 41.476075] should_fail.cold.3+0x105/0x14b [ 41.476083] __alloc_pages_nodemask+0x1d5/0x770 [ 41.476090] ? kasan_kmalloc+0xc7/0xe0 [ 41.476095] ? __alloc_pages_slowpath+0x2650/0x2650 [ 41.482461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.490203] ? memcpy+0x45/0x50 [ 41.502773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 41.505676] ? dccp_insert_fn_opt+0x1be/0x2c0 [ 41.510522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 41.514631] cache_grow_begin+0x80/0x3f0 [ 41.514640] kmem_cache_alloc+0x6b2/0x790 [ 41.514647] ? dccp_feat_clone_list+0x3c0/0x3c0 [ 41.514655] dccp_ackvec_update_records+0x25/0x3e0 [ 41.514661] dccp_insert_options+0x68e/0xb70 [ 41.514671] dccp_transmit_skb+0x194/0x1250 [ 41.514679] ? skb_unlink+0xeb/0x160 [ 41.581768] dccp_xmit_packet+0x1a6/0x580 [ 41.585897] dccp_write_xmit+0x125/0x180 [ 41.589936] dccp_sendmsg+0x556/0xc70 [ 41.593725] ? import_iovec+0x96/0x420 [ 41.597590] ? dccp_getsockopt+0xd0/0xd0 [ 41.601636] ? copy_msghdr_from_user+0x201/0x3f0 [ 41.606384] ? find_held_lock+0x36/0x1d0 [ 41.610424] inet_sendmsg+0x108/0x440 [ 41.614209] ? security_socket_sendmsg+0x6a/0xa0 [ 41.618955] ? inet_recvmsg+0x640/0x640 [ 41.622914] sock_sendmsg+0xb5/0xf0 [ 41.626534] ___sys_sendmsg+0x282/0x920 [ 41.630484] ? trace_hardirqs_off+0x10/0x10 [ 41.634779] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 41.639511] ? trace_hardirqs_on+0x10/0x10 [ 41.643720] ? trace_hardirqs_off+0x10/0x10 [ 41.648017] ? __fget+0x1ad/0x2f0 [ 41.651442] ? lock_downgrade+0x7f0/0x7f0 [ 41.655574] ? find_held_lock+0x36/0x1d0 [ 41.659614] ? __might_fault+0xf1/0x1b0 [ 41.663568] __sys_sendmmsg+0x126/0x300 [ 41.667516] ? SyS_sendmsg+0x20/0x20 [ 41.671234] ? __sb_end_write+0xa4/0xd0 [ 41.675188] ? mutex_unlock+0xd/0x10 [ 41.678901] ? SyS_write+0x1c5/0x250 [ 41.682602] ? do_syscall_64+0x4c/0x5b0 [ 41.686560] ? __sys_sendmmsg+0x300/0x300 [ 41.690840] SyS_sendmmsg+0xd/0x20 [ 41.694365] do_syscall_64+0x1c7/0x5b0 [ 41.698229] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.703060] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 41.708241] RIP: 0033:0x45a219 [ 41.711408] RSP: 002b:00007f120300dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 41.719533] RAX: ffffffffffffffda RBX: 00007f120300dc90 RCX: 000000000045a219 [ 41.726788] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 41.734042] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 41.741287] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f120300e6d4 2020/04/05 22:55:26 executed programs: 8 [ 41.748534] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 41.767752] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 41.796837] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 41.812554] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 41.820032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.832496] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.840110] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.846501] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.856008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 41.866775] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 41.876875] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 41.886664] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 41.891372] FAULT_INJECTION: forcing a failure. [ 41.891372] name failslab, interval 1, probability 0, space 0, times 0 [ 41.895063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 41.912516] CPU: 1 PID: 7172 Comm: syz-executor.0 Not tainted 4.14.175-syzkaller #0 [ 41.916422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 41.920316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.920320] Call Trace: [ 41.920333] dump_stack+0xf7/0x13b [ 41.920344] should_fail.cold.3+0x105/0x14b [ 41.920355] should_failslab+0xba/0xf0 [ 41.928094] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 41.936862] kmem_cache_alloc_trace+0x4b/0x7a0 [ 41.936872] ? trace_hardirqs_off+0x10/0x10 [ 41.936881] dccp_ackvec_parsed_add+0x51/0x220 [ 41.936887] ccid2_hc_tx_parse_options+0x5b/0x80 [ 41.936895] dccp_parse_options+0x532/0xf20 [ 41.936907] dccp_rcv_established+0x23/0x70 [ 41.936912] dccp_v4_do_rcv+0xfa/0x160 [ 41.936920] __release_sock+0x10b/0x340 [ 41.936929] release_sock+0x4f/0x180 [ 41.944632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.947327] dccp_sendmsg+0x4ab/0xc70 [ 41.947335] ? import_iovec+0x96/0x420 [ 41.947344] ? dccp_getsockopt+0xd0/0xd0 [ 41.951572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.958300] ? copy_msghdr_from_user+0x201/0x3f0 [ 41.958307] ? find_held_lock+0x36/0x1d0 [ 41.958317] inet_sendmsg+0x108/0x440 [ 41.958324] ? security_socket_sendmsg+0x6a/0xa0 [ 41.958329] ? inet_recvmsg+0x640/0x640 [ 41.958333] sock_sendmsg+0xb5/0xf0 [ 41.958338] ___sys_sendmsg+0x282/0x920 [ 41.958344] ? trace_hardirqs_off+0x10/0x10 [ 41.958351] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 41.958360] ? trace_hardirqs_on+0x10/0x10 [ 41.958365] ? trace_hardirqs_off+0x10/0x10 [ 41.970135] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 41.971799] ? __fget+0x1ad/0x2f0 [ 41.979896] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 41.980842] ? lock_downgrade+0x7f0/0x7f0 [ 41.988561] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 41.989017] ? find_held_lock+0x36/0x1d0 [ 41.989030] ? __might_fault+0xf1/0x1b0 [ 41.989045] __sys_sendmmsg+0x126/0x300 [ 41.996586] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 41.996706] ? SyS_sendmsg+0x20/0x20 [ 41.996726] ? __sb_end_write+0xa4/0xd0 [ 42.006056] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 42.006995] ? mutex_unlock+0xd/0x10 [ 42.007004] ? SyS_write+0x1c5/0x250 [ 42.007014] ? do_syscall_64+0x4c/0x5b0 [ 42.007021] ? __sys_sendmmsg+0x300/0x300 [ 42.007026] SyS_sendmmsg+0xd/0x20 [ 42.007032] do_syscall_64+0x1c7/0x5b0 [ 42.007037] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.007047] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 42.011031] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 42.015033] RIP: 0033:0x45a219 [ 42.015036] RSP: 002b:00007f120300dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 42.015042] RAX: ffffffffffffffda RBX: 00007f120300dc90 RCX: 000000000045a219 [ 42.015045] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 42.015047] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 42.015050] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f120300e6d4 [ 42.015052] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 42.062788] dccp_parse_options: DCCP(ffff8880959ee0c0): Option 38 (len=1) error=5 [ 42.076582] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 42.250138] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 42.256675] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.263370] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 42.270684] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 42.286465] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 42.296431] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 42.306103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.314090] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.321872] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.329347] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.338767] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 42.341608] FAULT_INJECTION: forcing a failure. [ 42.341608] name failslab, interval 1, probability 0, space 0, times 0 [ 42.349897] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 42.362422] CPU: 1 PID: 7187 Comm: syz-executor.1 Not tainted 4.14.175-syzkaller #0 [ 42.364715] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 42.370925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.380595] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 42.386394] Call Trace: [ 42.386408] dump_stack+0xf7/0x13b [ 42.386419] should_fail.cold.3+0x105/0x14b [ 42.386427] should_failslab+0xba/0xf0 [ 42.386437] kmem_cache_alloc_trace+0x4b/0x7a0 [ 42.411481] ? trace_hardirqs_off+0x10/0x10 [ 42.415799] dccp_ackvec_parsed_add+0x51/0x220 [ 42.420361] ccid2_hc_tx_parse_options+0x5b/0x80 [ 42.425112] dccp_parse_options+0x532/0xf20 [ 42.429429] dccp_rcv_established+0x23/0x70 [ 42.433745] dccp_v4_do_rcv+0xfa/0x160 [ 42.437628] __release_sock+0x10b/0x340 [ 42.441603] release_sock+0x4f/0x180 [ 42.445307] dccp_sendmsg+0x4ab/0xc70 [ 42.449090] ? import_iovec+0x96/0x420 [ 42.452964] ? dccp_getsockopt+0xd0/0xd0 [ 42.457001] ? copy_msghdr_from_user+0x201/0x3f0 [ 42.461733] ? find_held_lock+0x36/0x1d0 [ 42.465780] inet_sendmsg+0x108/0x440 [ 42.469558] ? security_socket_sendmsg+0x6a/0xa0 [ 42.474295] ? inet_recvmsg+0x640/0x640 [ 42.478247] sock_sendmsg+0xb5/0xf0 [ 42.481852] ___sys_sendmsg+0x282/0x920 [ 42.485805] ? trace_hardirqs_off+0x10/0x10 [ 42.490115] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 42.494847] ? trace_hardirqs_on+0x10/0x10 [ 42.499062] ? trace_hardirqs_off+0x10/0x10 [ 42.503370] ? __fget+0x1ad/0x2f0 [ 42.506806] ? lock_downgrade+0x7f0/0x7f0 [ 42.510931] ? find_held_lock+0x36/0x1d0 [ 42.514971] ? __might_fault+0xf1/0x1b0 [ 42.518926] __sys_sendmmsg+0x126/0x300 [ 42.522875] ? SyS_sendmsg+0x20/0x20 [ 42.526581] ? __sb_end_write+0xa4/0xd0 [ 42.530536] ? mutex_unlock+0xd/0x10 [ 42.534240] ? SyS_write+0x1c5/0x250 [ 42.537933] ? do_syscall_64+0x4c/0x5b0 [ 42.541898] ? __sys_sendmmsg+0x300/0x300 [ 42.546025] SyS_sendmmsg+0xd/0x20 [ 42.549554] do_syscall_64+0x1c7/0x5b0 [ 42.553559] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.558453] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 42.563724] RIP: 0033:0x45a219 [ 42.566902] RSP: 002b:00007f3d9b928c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 42.574593] RAX: ffffffffffffffda RBX: 00007f3d9b928c90 RCX: 000000000045a219 [ 42.581945] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 42.589203] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 42.596450] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d9b9296d4 [ 42.603714] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 42.622363] dccp_parse_options: DCCP(ffff8880982d0ac0): Option 38 (len=1) error=5 [ 42.629255] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 42.661521] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 42.669912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 42.682607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 42.690395] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 42.698087] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 42.705256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.713626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.721302] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.727723] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.736693] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 42.748591] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 42.756606] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 42.763992] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 42.771075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 42.781572] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 42.794450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.802796] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.811523] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 42.820481] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 42.832717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 42.840520] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.850298] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.856976] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.861319] FAULT_INJECTION: forcing a failure. [ 42.861319] name failslab, interval 1, probability 0, space 0, times 0 [ 42.864866] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.880734] CPU: 0 PID: 7207 Comm: syz-executor.3 Not tainted 4.14.175-syzkaller #0 [ 42.883855] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.890459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.906797] Call Trace: [ 42.909387] dump_stack+0xf7/0x13b [ 42.912921] should_fail.cold.3+0x105/0x14b [ 42.913432] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 42.917259] should_failslab+0xba/0xf0 [ 42.926379] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 42.927885] kmem_cache_alloc_trace+0x4b/0x7a0 [ 42.939189] ? trace_hardirqs_off+0x10/0x10 [ 42.939967] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 42.943502] dccp_ackvec_parsed_add+0x51/0x220 [ 42.943508] ccid2_hc_tx_parse_options+0x5b/0x80 [ 42.943516] dccp_parse_options+0x532/0xf20 [ 42.943527] dccp_rcv_established+0x23/0x70 [ 42.943532] dccp_v4_do_rcv+0xfa/0x160 [ 42.943541] __release_sock+0x10b/0x340 [ 42.943550] release_sock+0x4f/0x180 [ 42.943556] dccp_sendmsg+0x4ab/0xc70 [ 42.943563] ? import_iovec+0x96/0x420 [ 42.943571] ? dccp_getsockopt+0xd0/0xd0 [ 42.943580] ? copy_msghdr_from_user+0x201/0x3f0 [ 42.943586] ? find_held_lock+0x36/0x1d0 [ 42.943596] inet_sendmsg+0x108/0x440 [ 42.958760] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 42.959638] ? security_socket_sendmsg+0x6a/0xa0 [ 42.966137] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 42.968243] ? inet_recvmsg+0x640/0x640 [ 42.975641] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 42.976071] sock_sendmsg+0xb5/0xf0 [ 42.980969] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 42.983554] ___sys_sendmsg+0x282/0x920 [ 42.983562] ? trace_hardirqs_off+0x10/0x10 [ 42.983568] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 42.983576] ? trace_hardirqs_on+0x10/0x10 [ 42.983581] ? trace_hardirqs_off+0x10/0x10 [ 42.983589] ? __fget+0x1ad/0x2f0 [ 42.983594] ? lock_downgrade+0x7f0/0x7f0 [ 42.983600] ? find_held_lock+0x36/0x1d0 [ 42.983611] ? __might_fault+0xf1/0x1b0 [ 42.983624] __sys_sendmmsg+0x126/0x300 [ 42.983629] ? SyS_sendmsg+0x20/0x20 [ 42.983648] ? __sb_end_write+0xa4/0xd0 [ 42.983657] ? mutex_unlock+0xd/0x10 [ 42.983662] ? SyS_write+0x1c5/0x250 [ 42.983673] ? do_syscall_64+0x4c/0x5b0 [ 42.983679] ? __sys_sendmmsg+0x300/0x300 [ 42.983683] SyS_sendmmsg+0xd/0x20 [ 42.983688] do_syscall_64+0x1c7/0x5b0 [ 42.983692] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.983700] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 42.983705] RIP: 0033:0x45a219 [ 42.983708] RSP: 002b:00007ff5a64f4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 42.983714] RAX: ffffffffffffffda RBX: 00007ff5a64f4c90 RCX: 000000000045a219 [ 42.983717] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 42.983719] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 42.983722] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff5a64f56d4 [ 42.983724] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 43.081192] dccp_parse_options: DCCP(ffff88808e7c4180): Option 38 (len=1) error=5 [ 43.135204] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 43.209466] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 43.223254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 43.230860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 43.241055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 43.249468] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.257418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 43.265725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.273773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 43.281157] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.288913] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 43.296462] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.304098] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 43.310985] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 43.322834] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 43.328869] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 43.348297] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 43.356637] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 43.367086] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 43.374284] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 43.386017] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 43.394810] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 43.401266] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 43.408462] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 43.417775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 43.427721] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.395695] FAULT_INJECTION: forcing a failure. [ 44.395695] name failslab, interval 1, probability 0, space 0, times 0 [ 44.407170] CPU: 1 PID: 7248 Comm: syz-executor.5 Not tainted 4.14.175-syzkaller #0 [ 44.414957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.424401] Call Trace: [ 44.426971] dump_stack+0xf7/0x13b [ 44.430493] should_fail.cold.3+0x105/0x14b [ 44.434796] should_failslab+0xba/0xf0 [ 44.438665] kmem_cache_alloc_trace+0x4b/0x7a0 [ 44.443229] ? trace_hardirqs_off+0x10/0x10 [ 44.447556] dccp_ackvec_parsed_add+0x51/0x220 [ 44.452115] ccid2_hc_tx_parse_options+0x5b/0x80 [ 44.456862] dccp_parse_options+0x532/0xf20 [ 44.461172] dccp_rcv_established+0x23/0x70 [ 44.465486] dccp_v4_do_rcv+0xfa/0x160 [ 44.469360] __release_sock+0x10b/0x340 [ 44.473313] release_sock+0x4f/0x180 [ 44.477009] dccp_sendmsg+0x4ab/0xc70 [ 44.480804] ? import_iovec+0x96/0x420 [ 44.484670] ? dccp_getsockopt+0xd0/0xd0 [ 44.488708] ? copy_msghdr_from_user+0x201/0x3f0 [ 44.493440] ? find_held_lock+0x36/0x1d0 [ 44.497479] inet_sendmsg+0x108/0x440 [ 44.501258] ? security_socket_sendmsg+0x6a/0xa0 [ 44.505990] ? inet_recvmsg+0x640/0x640 [ 44.509938] sock_sendmsg+0xb5/0xf0 [ 44.513553] ___sys_sendmsg+0x282/0x920 [ 44.517518] ? trace_hardirqs_off+0x10/0x10 [ 44.521830] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 44.526567] ? trace_hardirqs_on+0x10/0x10 [ 44.530789] ? trace_hardirqs_off+0x10/0x10 [ 44.535165] ? __fget+0x1ad/0x2f0 [ 44.538708] ? lock_downgrade+0x7f0/0x7f0 [ 44.542850] ? find_held_lock+0x36/0x1d0 [ 44.546902] ? __might_fault+0xf1/0x1b0 [ 44.550867] __sys_sendmmsg+0x126/0x300 [ 44.554823] ? SyS_sendmsg+0x20/0x20 [ 44.558524] ? __sb_end_write+0xa4/0xd0 [ 44.562484] ? mutex_unlock+0xd/0x10 [ 44.566176] ? SyS_write+0x1c5/0x250 [ 44.569877] ? do_syscall_64+0x4c/0x5b0 [ 44.573842] ? __sys_sendmmsg+0x300/0x300 [ 44.577979] SyS_sendmmsg+0xd/0x20 [ 44.581495] do_syscall_64+0x1c7/0x5b0 [ 44.585359] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.590190] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 44.595360] RIP: 0033:0x45a219 [ 44.598525] RSP: 002b:00007f4d463cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 44.606219] RAX: ffffffffffffffda RBX: 00007f4d463cbc90 RCX: 000000000045a219 [ 44.613468] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 44.621670] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 44.628918] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4d463cc6d4 [ 44.636184] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 44.647151] dccp_parse_options: DCCP(ffff88808e7c5500): Option 38 (len=1) error=5 [ 44.806859] FAULT_INJECTION: forcing a failure. [ 44.806859] name failslab, interval 1, probability 0, space 0, times 0 [ 44.818267] CPU: 0 PID: 7254 Comm: syz-executor.4 Not tainted 4.14.175-syzkaller #0 [ 44.826061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.835513] Call Trace: [ 44.838089] dump_stack+0xf7/0x13b [ 44.841616] should_fail.cold.3+0x105/0x14b [ 44.846004] should_failslab+0xba/0xf0 [ 44.849884] kmem_cache_alloc_trace+0x4b/0x7a0 [ 44.854462] ? trace_hardirqs_off+0x10/0x10 [ 44.858781] dccp_ackvec_parsed_add+0x51/0x220 [ 44.863349] ccid2_hc_tx_parse_options+0x5b/0x80 [ 44.868908] dccp_parse_options+0x532/0xf20 [ 44.873228] dccp_rcv_established+0x23/0x70 [ 44.877567] dccp_v4_do_rcv+0xfa/0x160 [ 44.881439] __release_sock+0x10b/0x340 [ 44.885394] release_sock+0x4f/0x180 [ 44.889103] dccp_sendmsg+0x4ab/0xc70 [ 44.892894] ? import_iovec+0x96/0x420 [ 44.896901] ? dccp_getsockopt+0xd0/0xd0 [ 44.900962] ? copy_msghdr_from_user+0x201/0x3f0 [ 44.905729] ? find_held_lock+0x36/0x1d0 [ 44.909786] inet_sendmsg+0x108/0x440 [ 44.913572] ? security_socket_sendmsg+0x6a/0xa0 [ 44.918321] ? inet_recvmsg+0x640/0x640 [ 44.922278] sock_sendmsg+0xb5/0xf0 [ 44.925882] ___sys_sendmsg+0x282/0x920 [ 44.929837] ? trace_hardirqs_off+0x10/0x10 [ 44.934153] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 44.938905] ? trace_hardirqs_on+0x10/0x10 [ 44.943119] ? trace_hardirqs_off+0x10/0x10 [ 44.947425] ? __fget+0x1ad/0x2f0 [ 44.950854] ? lock_downgrade+0x7f0/0x7f0 [ 44.954988] ? find_held_lock+0x36/0x1d0 [ 44.959029] ? __might_fault+0xf1/0x1b0 [ 44.962987] __sys_sendmmsg+0x126/0x300 [ 44.966949] ? SyS_sendmsg+0x20/0x20 [ 44.970657] ? __sb_end_write+0xa4/0xd0 [ 44.974614] ? mutex_unlock+0xd/0x10 [ 44.978307] ? SyS_write+0x1c5/0x250 [ 44.982000] ? do_syscall_64+0x4c/0x5b0 [ 44.985950] ? __sys_sendmmsg+0x300/0x300 [ 44.990079] SyS_sendmmsg+0xd/0x20 [ 44.993602] do_syscall_64+0x1c7/0x5b0 [ 44.997490] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.002319] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.007499] RIP: 0033:0x45a219 [ 45.010676] RSP: 002b:00007f445ef12c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 45.018368] RAX: ffffffffffffffda RBX: 00007f445ef12c90 RCX: 000000000045a219 [ 45.025619] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 45.033030] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 45.040292] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f445ef136d4 [ 45.047705] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 45.059864] dccp_parse_options: DCCP(ffff8880916874c0): Option 38 (len=1) error=5 2020/04/05 22:55:31 executed programs: 34 2020/04/05 22:55:37 executed programs: 76 2020/04/05 22:55:42 executed programs: 115 2020/04/05 22:55:48 executed programs: 154 2020/04/05 22:55:53 executed programs: 193 2020/04/05 22:55:58 executed programs: 232 2020/04/05 22:56:03 executed programs: 270 2020/04/05 22:56:09 executed programs: 310 2020/04/05 22:56:14 executed programs: 349 2020/04/05 22:56:19 executed programs: 388 2020/04/05 22:56:24 executed programs: 427 [ 100.513714] FAULT_INJECTION: forcing a failure. [ 100.513714] name failslab, interval 1, probability 0, space 0, times 0 [ 100.525171] CPU: 0 PID: 9175 Comm: syz-executor.2 Not tainted 4.14.175-syzkaller #0 [ 100.532970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 100.542330] Call Trace: [ 100.544921] dump_stack+0xf7/0x13b [ 100.548465] should_fail.cold.3+0x105/0x14b [ 100.552814] should_failslab+0xba/0xf0 [ 100.556704] kmem_cache_alloc_trace+0x2ea/0x7a0 [ 100.561376] ? trace_hardirqs_off+0x10/0x10 [ 100.565702] dccp_feat_entry_new+0x140/0x360 [ 100.570119] dccp_feat_push_confirm+0x26/0x280 [ 100.574711] dccp_feat_parse_options+0xfe3/0x1a10 [ 100.579554] ? dccp_ackvec_parsed_add+0x51/0x220 [ 100.584429] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 100.590379] ? trace_hardirqs_off+0x10/0x10 [ 100.594690] ? dccp_ackvec_parsed_add+0x115/0x220 [ 100.599538] dccp_parse_options+0x840/0xf20 [ 100.603842] dccp_rcv_established+0x23/0x70 [ 100.608143] dccp_v4_do_rcv+0xfa/0x160 [ 100.612023] __release_sock+0x10b/0x340 [ 100.615992] release_sock+0x4f/0x180 [ 100.619695] dccp_sendmsg+0x4ab/0xc70 [ 100.623477] ? import_iovec+0x96/0x420 [ 100.627356] ? dccp_getsockopt+0xd0/0xd0 [ 100.631400] ? copy_msghdr_from_user+0x201/0x3f0 [ 100.636144] ? find_held_lock+0x36/0x1d0 [ 100.640188] inet_sendmsg+0x108/0x440 [ 100.643966] ? security_socket_sendmsg+0x6a/0xa0 [ 100.648911] ? inet_recvmsg+0x640/0x640 [ 100.652881] sock_sendmsg+0xb5/0xf0 [ 100.656496] ___sys_sendmsg+0x282/0x920 [ 100.660466] ? trace_hardirqs_off+0x10/0x10 [ 100.664834] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 100.669572] ? trace_hardirqs_on+0x10/0x10 [ 100.673792] ? trace_hardirqs_off+0x10/0x10 [ 100.678103] ? __fget+0x1ad/0x2f0 [ 100.681536] ? lock_downgrade+0x7f0/0x7f0 [ 100.685667] ? find_held_lock+0x36/0x1d0 [ 100.689716] ? __might_fault+0xf1/0x1b0 [ 100.693684] __sys_sendmmsg+0x126/0x300 [ 100.697646] ? SyS_sendmsg+0x20/0x20 [ 100.701357] ? __sb_end_write+0xa4/0xd0 [ 100.705321] ? mutex_unlock+0xd/0x10 [ 100.709020] ? SyS_write+0x1c5/0x250 [ 100.712726] ? do_syscall_64+0x4c/0x5b0 [ 100.716696] ? __sys_sendmmsg+0x300/0x300 [ 100.720822] SyS_sendmmsg+0xd/0x20 [ 100.724340] do_syscall_64+0x1c7/0x5b0 [ 100.728215] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 100.733046] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 100.738244] RIP: 0033:0x45a219 [ 100.741424] RSP: 002b:00007f18f8d13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 100.749127] RAX: ffffffffffffffda RBX: 00007f18f8d13c90 RCX: 000000000045a219 [ 100.756378] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 100.763625] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 100.770871] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18f8d146d4 [ 100.778117] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 100.788061] dccp_parse_options: DCCP(ffff888082f3ca00): Option 32 (len=7) error=9 [ 100.796497] ================================================================== [ 100.803958] BUG: KASAN: use-after-free in ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 100.811382] Read of size 1 at addr ffff888093ae50dd by task syz-executor.2/9175 [ 100.818903] [ 100.820527] CPU: 0 PID: 9175 Comm: syz-executor.2 Not tainted 4.14.175-syzkaller #0 [ 100.828314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 100.837660] Call Trace: [ 100.840238] dump_stack+0xf7/0x13b [ 100.843766] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 100.848854] print_address_description.cold.7+0x9/0x1c9 [ 100.854210] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 100.859292] kasan_report.cold.8+0x11a/0x2d3 [ 100.863679] __asan_report_load1_noabort+0x14/0x20 [ 100.868584] ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 100.873498] ? dccp_ackvec_clear_state+0x33e/0x7e0 [ 100.878406] ? rcu_read_lock_sched_held+0x108/0x120 [ 100.883408] dccp_deliver_input_to_ccids+0x19f/0x210 [ 100.888491] dccp_rcv_established+0x49/0x70 [ 100.892795] dccp_v4_do_rcv+0xfa/0x160 [ 100.897182] __release_sock+0x10b/0x340 [ 100.901137] release_sock+0x4f/0x180 [ 100.904830] dccp_sendmsg+0x4ab/0xc70 [ 100.908613] ? import_iovec+0x96/0x420 [ 100.912480] ? dccp_getsockopt+0xd0/0xd0 [ 100.916520] ? copy_msghdr_from_user+0x201/0x3f0 [ 100.921252] ? find_held_lock+0x36/0x1d0 [ 100.925292] inet_sendmsg+0x108/0x440 [ 100.929068] ? security_socket_sendmsg+0x6a/0xa0 [ 100.933803] ? inet_recvmsg+0x640/0x640 [ 100.937753] sock_sendmsg+0xb5/0xf0 [ 100.941359] ___sys_sendmsg+0x282/0x920 [ 100.945314] ? trace_hardirqs_off+0x10/0x10 [ 100.949615] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 100.954356] ? trace_hardirqs_on+0x10/0x10 [ 100.958582] ? trace_hardirqs_off+0x10/0x10 [ 100.963010] ? __fget+0x1ad/0x2f0 [ 100.966453] ? lock_downgrade+0x7f0/0x7f0 [ 100.970602] ? find_held_lock+0x36/0x1d0 [ 100.974669] ? __might_fault+0xf1/0x1b0 [ 100.978632] __sys_sendmmsg+0x126/0x300 [ 100.982651] ? SyS_sendmsg+0x20/0x20 [ 100.986374] ? __sb_end_write+0xa4/0xd0 [ 100.990337] ? mutex_unlock+0xd/0x10 [ 100.994044] ? SyS_write+0x1c5/0x250 [ 100.997931] ? do_syscall_64+0x4c/0x5b0 [ 101.001887] ? __sys_sendmmsg+0x300/0x300 [ 101.006020] SyS_sendmmsg+0xd/0x20 [ 101.009543] do_syscall_64+0x1c7/0x5b0 [ 101.013424] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 101.018246] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 101.023423] RIP: 0033:0x45a219 [ 101.026592] RSP: 002b:00007f18f8d13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 101.034287] RAX: ffffffffffffffda RBX: 00007f18f8d13c90 RCX: 000000000045a219 [ 101.041547] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 101.048818] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 101.056069] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18f8d146d4 [ 101.063338] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 101.070599] [ 101.072210] Allocated by task 9175: [ 101.075815] save_stack_trace+0x16/0x20 [ 101.079768] save_stack+0x43/0xd0 [ 101.083195] kasan_kmalloc+0xc7/0xe0 [ 101.086886] __kmalloc_node_track_caller+0x50/0x70 [ 101.091793] __kmalloc_reserve.isra.36+0x2c/0xc0 [ 101.096535] __alloc_skb+0xc1/0x500 [ 101.100188] dccp_send_ack+0xb3/0x340 [ 101.103965] ccid2_hc_rx_packet_recv+0xf9/0x170 [ 101.108628] dccp_deliver_input_to_ccids+0xc5/0x210 [ 101.113636] dccp_rcv_established+0x49/0x70 [ 101.119003] dccp_v4_do_rcv+0xfa/0x160 [ 101.122873] __sk_receive_skb+0x1d5/0x820 [ 101.127000] dccp_v4_rcv+0xc26/0x1bbf [ 101.130781] ip_local_deliver_finish+0x230/0x9a0 [ 101.135515] ip_local_deliver+0x1a0/0x410 [ 101.139656] ip_rcv_finish+0x70d/0x1950 [ 101.143621] ip_rcv+0xb43/0x133d [ 101.146969] __netif_receive_skb_core+0x1d1a/0x2e40 [ 101.151961] __netif_receive_skb+0x1f/0x1b0 [ 101.156258] process_backlog+0x1fc/0x710 [ 101.160295] net_rx_action+0x458/0xed0 [ 101.164173] __do_softirq+0x246/0x9b0 [ 101.167952] [ 101.169560] Freed by task 9175: [ 101.172821] save_stack_trace+0x16/0x20 [ 101.176769] save_stack+0x43/0xd0 [ 101.180227] kasan_slab_free+0x71/0xc0 [ 101.184091] kfree+0xcc/0x270 [ 101.187173] skb_free_head+0x74/0x90 [ 101.190865] skb_release_data+0x43b/0x790 [ 101.194999] skb_release_all+0x3d/0x50 [ 101.198861] kfree_skb+0x8a/0x2b0 [ 101.202299] dccp_v4_do_rcv+0x111/0x160 [ 101.206248] __release_sock+0x10b/0x340 [ 101.210208] release_sock+0x4f/0x180 [ 101.213901] dccp_sendmsg+0x4ab/0xc70 [ 101.217677] inet_sendmsg+0x108/0x440 [ 101.221454] sock_sendmsg+0xb5/0xf0 [ 101.225056] ___sys_sendmsg+0x282/0x920 [ 101.229032] __sys_sendmmsg+0x126/0x300 [ 101.233000] SyS_sendmmsg+0xd/0x20 [ 101.236523] do_syscall_64+0x1c7/0x5b0 [ 101.240390] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 101.245569] [ 101.247188] The buggy address belongs to the object at ffff888093ae4c40 [ 101.247188] which belongs to the cache kmalloc-2048 of size 2048 [ 101.260006] The buggy address is located 1181 bytes inside of [ 101.260006] 2048-byte region [ffff888093ae4c40, ffff888093ae5440) [ 101.272050] The buggy address belongs to the page: [ 101.276964] page:ffffea00024eb900 count:1 mapcount:0 mapping:ffff888093ae43c0 index:0x0 compound_mapcount: 0 [ 101.286996] flags: 0x1fffc0000008100(slab|head) [ 101.291644] raw: 01fffc0000008100 ffff888093ae43c0 0000000000000000 0000000100000003 [ 101.299501] raw: ffffea00024eb1a0 ffffea00025290a0 ffff8880aa800c40 0000000000000000 [ 101.307358] page dumped because: kasan: bad access detected [ 101.313077] [ 101.314680] Memory state around the buggy address: [ 101.319582] ffff888093ae4f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 101.326915] ffff888093ae5000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 101.334288] >ffff888093ae5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 101.341631] ^ [ 101.347843] ffff888093ae5100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 101.356245] ffff888093ae5180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 101.363580] ================================================================== [ 101.370915] Disabling lock debugging due to kernel taint [ 101.382415] Kernel panic - not syncing: panic_on_warn set ... [ 101.382415] [ 101.389800] CPU: 0 PID: 9175 Comm: syz-executor.2 Tainted: G B 4.14.175-syzkaller #0 [ 101.398811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 101.408162] Call Trace: [ 101.410748] dump_stack+0xf7/0x13b [ 101.414281] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 101.419378] panic+0x1b0/0x358 [ 101.422564] ? add_taint.cold.5+0x11/0x11 [ 101.426708] ? ___preempt_schedule+0x16/0x18 [ 101.431130] ? ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 101.436228] kasan_end_report+0x47/0x4f [ 101.440216] kasan_report.cold.8+0x76/0x2d3 [ 101.444531] __asan_report_load1_noabort+0x14/0x20 [ 101.449464] ccid2_hc_tx_packet_recv+0x1edd/0x21d3 [ 101.454388] ? dccp_ackvec_clear_state+0x33e/0x7e0 [ 101.459490] ? rcu_read_lock_sched_held+0x108/0x120 [ 101.464505] dccp_deliver_input_to_ccids+0x19f/0x210 [ 101.469603] dccp_rcv_established+0x49/0x70 [ 101.473918] dccp_v4_do_rcv+0xfa/0x160 [ 101.477873] __release_sock+0x10b/0x340 [ 101.481823] release_sock+0x4f/0x180 [ 101.485524] dccp_sendmsg+0x4ab/0xc70 [ 101.489315] ? import_iovec+0x96/0x420 [ 101.493283] ? dccp_getsockopt+0xd0/0xd0 [ 101.497337] ? copy_msghdr_from_user+0x201/0x3f0 [ 101.502089] ? find_held_lock+0x36/0x1d0 [ 101.506143] inet_sendmsg+0x108/0x440 [ 101.509938] ? security_socket_sendmsg+0x6a/0xa0 [ 101.514814] ? inet_recvmsg+0x640/0x640 [ 101.518787] sock_sendmsg+0xb5/0xf0 [ 101.522409] ___sys_sendmsg+0x282/0x920 [ 101.526378] ? trace_hardirqs_off+0x10/0x10 [ 101.530741] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 101.535483] ? trace_hardirqs_on+0x10/0x10 [ 101.539694] ? trace_hardirqs_off+0x10/0x10 [ 101.544056] ? __fget+0x1ad/0x2f0 [ 101.547540] ? lock_downgrade+0x7f0/0x7f0 [ 101.551678] ? find_held_lock+0x36/0x1d0 [ 101.555729] ? __might_fault+0xf1/0x1b0 [ 101.559700] __sys_sendmmsg+0x126/0x300 [ 101.563661] ? SyS_sendmsg+0x20/0x20 [ 101.567361] ? __sb_end_write+0xa4/0xd0 [ 101.571315] ? mutex_unlock+0xd/0x10 [ 101.575010] ? SyS_write+0x1c5/0x250 [ 101.578751] ? do_syscall_64+0x4c/0x5b0 [ 101.582710] ? __sys_sendmmsg+0x300/0x300 [ 101.586849] SyS_sendmmsg+0xd/0x20 [ 101.590370] do_syscall_64+0x1c7/0x5b0 [ 101.594234] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 101.599057] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 101.604224] RIP: 0033:0x45a219 [ 101.607542] RSP: 002b:00007f18f8d13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 101.615228] RAX: ffffffffffffffda RBX: 00007f18f8d13c90 RCX: 000000000045a219 [ 101.622484] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000006 [ 101.629743] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 101.637096] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f18f8d146d4 [ 101.644345] R13: 00000000004c7f9d R14: 00000000004de3c8 R15: 0000000000000007 [ 101.653026] Kernel Offset: disabled [ 101.656645] Rebooting in 86400 seconds..