Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 38.679675] kauditd_printk_skb: 11 callbacks suppressed [ 38.685708] audit: type=1400 audit(1573977448.887:35): avc: denied { map } for pid=6816 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 45.018615] audit: type=1400 audit(1573977455.226:36): avc: denied { map } for pid=6825 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 45.578095] audit: type=1400 audit(1573977455.785:37): avc: denied { map } for pid=6825 comm="syz-fuzzer" path="/root/syzkaller-shm062418167" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 45.591997] IPVS: ftp: loaded support on port[0] = 21 [ 46.072173] audit: type=1400 audit(1573977456.279:38): avc: denied { create } for pid=6825 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 46.096439] audit: type=1400 audit(1573977456.280:39): avc: denied { create } for pid=6825 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 46.120912] audit: type=1400 audit(1573977456.280:40): avc: denied { create } for pid=6825 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 Warning: Permanently added '10.128.15.210' (ECDSA) to the list of known hosts. 2019/11/17 07:57:43 parsed 1 programs 2019/11/17 07:57:43 executed programs: 0 [ 53.145539] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready [ 53.154058] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready [ 53.164817] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready [ 53.173818] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready [ 53.176711] IPVS: ftp: loaded support on port[0] = 21 [ 53.186927] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready [ 53.193950] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready [ 53.219283] IPVS: ftp: loaded support on port[0] = 21 [ 53.267285] chnl_net:caif_netlink_parms(): no params data found [ 53.279539] IPVS: ftp: loaded support on port[0] = 21 [ 53.319421] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.326730] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.333871] device bridge_slave_0 entered promiscuous mode [ 53.362685] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.369041] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.376158] device bridge_slave_1 entered promiscuous mode [ 53.387733] chnl_net:caif_netlink_parms(): no params data found [ 53.409256] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.424345] IPVS: ftp: loaded support on port[0] = 21 [ 53.438332] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.483364] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.489797] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.496822] device bridge_slave_0 entered promiscuous mode [ 53.504306] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.511695] team0: Port device team_slave_0 added [ 53.519041] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.526009] team0: Port device team_slave_1 added [ 53.535178] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.541746] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.548602] device bridge_slave_1 entered promiscuous mode [ 53.555232] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.562714] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.617982] chnl_net:caif_netlink_parms(): no params data found [ 53.661823] device hsr_slave_0 entered promiscuous mode [ 53.740213] device hsr_slave_1 entered promiscuous mode [ 53.780626] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 53.788078] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.801750] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 53.812446] IPVS: ftp: loaded support on port[0] = 21 [ 53.815547] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.848057] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.855333] team0: Port device team_slave_0 added [ 53.861709] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.868656] team0: Port device team_slave_1 added [ 53.874111] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.881794] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.912688] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.919107] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.926099] device bridge_slave_0 entered promiscuous mode [ 53.932928] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.939281] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.946398] device bridge_slave_1 entered promiscuous mode [ 53.962247] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.968707] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.975761] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.982158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.052867] device hsr_slave_0 entered promiscuous mode [ 54.090366] device hsr_slave_1 entered promiscuous mode [ 54.133438] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.141043] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.168821] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.187298] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.208484] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.215689] team0: Port device team_slave_0 added [ 54.220972] chnl_net:caif_netlink_parms(): no params data found [ 54.229560] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.236902] team0: Port device team_slave_1 added [ 54.251377] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.253389] IPVS: ftp: loaded support on port[0] = 21 [ 54.263011] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.269628] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.276042] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.314238] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.342415] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.350767] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.358268] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.366772] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.378424] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.424383] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.478307] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.485178] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.492878] device bridge_slave_0 entered promiscuous mode [ 54.533380] device hsr_slave_0 entered promiscuous mode [ 54.570403] device hsr_slave_1 entered promiscuous mode [ 54.611732] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.635882] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.642656] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.649770] device bridge_slave_1 entered promiscuous mode [ 54.664017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.672652] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.681555] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 54.687641] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.707539] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.714223] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.729598] chnl_net:caif_netlink_parms(): no params data found [ 54.741392] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.755045] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.772235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.779892] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.786296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.793601] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.801396] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.807747] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.815444] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.823263] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.831174] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.844423] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.859877] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.870264] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.884859] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 54.898729] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 54.905495] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.933574] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.941771] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.950499] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.958056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.965646] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.000750] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.007887] team0: Port device team_slave_0 added [ 55.014314] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.023002] team0: Port device team_slave_1 added [ 55.028778] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.037293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.045700] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.052356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.064451] chnl_net:caif_netlink_parms(): no params data found [ 55.087265] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.100422] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.108076] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.114490] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.152610] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.203425] device hsr_slave_0 entered promiscuous mode [ 55.240390] device hsr_slave_1 entered promiscuous mode [ 55.290986] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.298569] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.325425] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.334043] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.344857] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.351615] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.358562] device bridge_slave_0 entered promiscuous mode [ 55.375461] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.385779] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.394245] device bridge_slave_1 entered promiscuous mode [ 55.401066] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.407445] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.415016] device bridge_slave_0 entered promiscuous mode [ 55.421945] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.428296] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.435908] device bridge_slave_1 entered promiscuous mode [ 55.445549] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.455775] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.466634] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 55.473417] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.483754] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.491502] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.499556] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.526008] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.555507] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.586444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.603160] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.613471] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.631956] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.645872] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.659944] audit: type=1400 audit(1573977465.867:41): avc: denied { associate } for pid=6924 comm="syz-executor.4" name="syz4" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 55.664040] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.691996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.695633] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.695639] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.724594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.724909] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.724934] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.725274] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.729333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.729621] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.729645] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.738363] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.738740] team0: Port device team_slave_0 added [ 55.739510] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.739848] team0: Port device team_slave_1 added [ 55.740827] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.741331] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.741705] team0: Port device team_slave_0 added [ 55.745543] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.756748] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.757118] team0: Port device team_slave_1 added [ 55.757712] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.758101] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.800733] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.801245] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.801671] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.802201] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.847320] FAULT_INJECTION: forcing a failure. [ 55.847320] name failslab, interval 1, probability 0, space 0, times 1 [ 55.847334] CPU: 0 PID: 7003 Comm: syz-executor.4 Not tainted 4.13.0-rc4+ #0 [ 55.847336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.847339] Call Trace: [ 55.847350] dump_stack+0x145/0x1e1 [ 55.847355] ? arch_local_irq_restore+0x43/0x43 [ 55.847362] ? trace_hardirqs_off+0x10/0x10 [ 55.847366] ? find_held_lock+0x36/0x1c0 [ 55.847375] should_fail.cold.4+0x5/0x15 [ 55.847380] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 55.847383] ? lock_downgrade+0x830/0x830 [ 55.847390] ? print_usage_bug+0xc0/0xc0 [ 55.847398] ? mod_timer+0x65e/0xfd0 [ 55.847402] ? lock_downgrade+0x830/0x830 [ 55.847412] ? debug_check_no_locks_freed+0x310/0x310 [ 55.847419] ? trace_hardirqs_on_caller+0x40c/0x580 [ 55.847426] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 55.847430] ? trace_hardirqs_off+0x10/0x10 [ 55.847439] should_failslab+0xba/0xf0 [ 55.847446] kmem_cache_alloc_trace+0x44/0x7a0 [ 55.847449] ? mod_timer_pending+0xfa0/0xfa0 [ 55.847456] ? debug_smp_processor_id+0x17/0x20 [ 55.847462] ? rcu_is_watching+0x61/0x170 [ 55.847472] dccp_ackvec_parsed_add+0xa2/0x360 [ 55.847477] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 55.847488] ccid2_hc_tx_parse_options+0x5b/0x80 [ 55.847493] dccp_parse_options+0x523/0xf90 [ 55.847506] dccp_rcv_established+0x23/0x70 [ 55.847511] dccp_v4_do_rcv+0xfa/0x160 [ 55.847519] __release_sock+0x10b/0x330 [ 55.847527] release_sock+0x9a/0x270 [ 55.847531] ? __release_sock+0x330/0x330 [ 55.847535] ? dccp_qpolicy_top+0x67/0x80 [ 55.847539] ? dccp_write_xmit+0x3b/0x180 [ 55.847544] dccp_sendmsg+0x57f/0xda0 [ 55.847548] ? lock_release+0x960/0x960 [ 55.847555] ? check_same_owner+0x320/0x320 [ 55.847561] ? dccp_getsockopt+0xd0/0xd0 [ 55.847567] ? sock_has_perm+0x278/0x420 [ 55.847572] ? selinux_tun_dev_create+0xc0/0xc0 [ 55.847578] ? dup_iter+0x1d2/0x250 [ 55.847589] inet_sendmsg+0x148/0x5a0 [ 55.847595] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 55.847599] ? rcu_pm_notify+0xc0/0xc0 [ 55.847602] ? inet_recvmsg+0x790/0x790 [ 55.847607] ? selinux_socket_sendmsg+0x31/0x40 [ 55.847611] ? security_socket_sendmsg+0x6a/0xa0 [ 55.847615] ? inet_recvmsg+0x790/0x790 [ 55.847619] sock_sendmsg+0xb5/0xf0 [ 55.847624] ___sys_sendmsg+0x2a7/0x9a0 [ 55.847632] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 55.847637] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 55.847644] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 55.847649] ? find_held_lock+0x36/0x1c0 [ 55.847663] ? __might_fault+0xf1/0x1b0 [ 55.847667] ? lock_downgrade+0x830/0x830 [ 55.847680] ? check_same_owner+0x320/0x320 [ 55.847684] ? __might_sleep+0x93/0xb0 [ 55.847693] __sys_sendmmsg+0x1ae/0x590 [ 55.847701] ? SyS_sendmsg+0x20/0x20 [ 55.847708] ? __lock_is_held+0xb5/0x140 [ 55.847712] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 55.847727] ? __sb_end_write+0xa4/0xd0 [ 55.847735] ? mutex_unlock+0xd/0x10 [ 55.847740] ? __f_unlock_pos+0xd/0x10 [ 55.847744] ? SyS_write+0x199/0x240 [ 55.847750] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 55.847756] ? trace_hardirqs_on_caller+0x40c/0x580 [ 55.847764] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 55.847770] SyS_sendmmsg+0xd/0x20 [ 55.847774] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 55.847779] RIP: 0033:0x45a219 [ 55.847782] RSP: 002b:00007fcc00097c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 55.847788] RAX: ffffffffffffffda RBX: 00007fcc00097c90 RCX: 000000000045a219 [ 55.847790] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 55.847793] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 55.847795] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcc000986d4 [ 55.847798] R13: 00000000004c983c R14: 00000000004e1358 R15: 00000000ffffffff [ 55.848080] dccp_parse_options: DCCP(ffff88011aceb4c0): Option 38 (len=1) error=5 [ 55.856115] kobject: 'loop4' (ffff880125ed76a0): kobject_uevent_env [ 55.856145] kobject: 'loop4' (ffff880125ed76a0): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 55.870351] kobject: 'hsr0' (ffff880114322cf0): kobject_add_internal: parent: 'net', set: 'devices' [ 55.871179] kobject: 'hsr0' (ffff880114322cf0): kobject_uevent_env [ 55.871203] kobject: 'hsr0' (ffff880114322cf0): fill_kobj_path: path = '/devices/virtual/net/hsr0' [ 55.871466] kobject: 'queues' (ffff880119e65c48): kobject_add_internal: parent: 'hsr0', set: '' [ 55.871481] kobject: 'queues' (ffff880119e65c48): kobject_uevent_env [ 55.871484] kobject: 'queues' (ffff880119e65c48): kobject_uevent_env: filter function caused the event to drop! [ 55.871499] kobject: 'rx-0' (ffff880119cfd550): kobject_add_internal: parent: 'queues', set: 'queues' [ 55.871547] kobject: 'rx-0' (ffff880119cfd550): kobject_uevent_env [ 55.871570] kobject: 'rx-0' (ffff880119cfd550): fill_kobj_path: path = '/devices/virtual/net/hsr0/queues/rx-0' [ 55.871832] kobject: 'tx-0' (ffff880112d9a518): kobject_add_internal: parent: 'queues', set: 'queues' [ 55.871974] kobject: 'tx-0' (ffff880112d9a518): kobject_uevent_env [ 55.872001] kobject: 'tx-0' (ffff880112d9a518): fill_kobj_path: path = '/devices/virtual/net/hsr0/queues/tx-0' [ 55.872883] kobject: 'batman_adv' (ffff880116a34980): kobject_add_internal: parent: 'hsr0', set: '' [ 55.873073] device hsr_slave_0 entered promiscuous mode [ 55.903155] device hsr_slave_1 entered promiscuous mode [ 55.907950] FAULT_INJECTION: forcing a failure. [ 55.907950] name failslab, interval 1, probability 0, space 0, times 0 [ 55.907958] CPU: 0 PID: 7012 Comm: syz-executor.3 Not tainted 4.13.0-rc4+ #0 [ 55.907960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.907963] Call Trace: [ 55.907982] dump_stack+0x145/0x1e1 [ 55.907989] ? arch_local_irq_restore+0x43/0x43 [ 55.907997] ? trace_hardirqs_off+0x10/0x10 [ 55.908002] ? find_held_lock+0x36/0x1c0 [ 55.908010] should_fail.cold.4+0x5/0x15 [ 55.908016] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 55.908019] ? lock_downgrade+0x830/0x830 [ 55.908028] ? print_usage_bug+0xc0/0xc0 [ 55.908038] ? mod_timer+0x65e/0xfd0 [ 55.908042] ? lock_downgrade+0x830/0x830 [ 55.908053] ? debug_check_no_locks_freed+0x310/0x310 [ 55.908060] ? trace_hardirqs_on_caller+0x40c/0x580 [ 55.908069] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 55.908074] ? trace_hardirqs_off+0x10/0x10 [ 55.908082] should_failslab+0xba/0xf0 [ 55.908088] kmem_cache_alloc_trace+0x44/0x7a0 [ 55.908092] ? mod_timer_pending+0xfa0/0xfa0 [ 55.908097] ? debug_smp_processor_id+0x17/0x20 [ 55.908101] ? rcu_is_watching+0x61/0x170 [ 55.908111] dccp_ackvec_parsed_add+0xa2/0x360 [ 55.908117] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 55.908127] ccid2_hc_tx_parse_options+0x5b/0x80 [ 55.908132] dccp_parse_options+0x523/0xf90 [ 55.908143] dccp_rcv_established+0x23/0x70 [ 55.908148] dccp_v4_do_rcv+0xfa/0x160 [ 55.908155] __release_sock+0x10b/0x330 [ 55.908164] release_sock+0x9a/0x270 [ 55.908169] ? __release_sock+0x330/0x330 [ 55.908173] ? dccp_qpolicy_top+0x67/0x80 [ 55.908178] ? dccp_write_xmit+0x3b/0x180 [ 55.908184] dccp_sendmsg+0x57f/0xda0 [ 55.908187] ? lock_release+0x960/0x960 [ 55.908196] ? check_same_owner+0x320/0x320 [ 55.908203] ? dccp_getsockopt+0xd0/0xd0 [ 55.908208] ? sock_has_perm+0x278/0x420 [ 55.908214] ? selinux_tun_dev_create+0xc0/0xc0 [ 55.908219] ? dup_iter+0x1d2/0x250 [ 55.908231] inet_sendmsg+0x148/0x5a0 [ 55.908236] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 55.908239] ? rcu_pm_notify+0xc0/0xc0 [ 55.908243] ? inet_recvmsg+0x790/0x790 [ 55.908249] ? selinux_socket_sendmsg+0x31/0x40 [ 55.908253] ? security_socket_sendmsg+0x6a/0xa0 [ 55.908257] ? inet_recvmsg+0x790/0x790 [ 55.908261] sock_sendmsg+0xb5/0xf0 [ 55.908267] ___sys_sendmsg+0x2a7/0x9a0 [ 55.908275] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 55.908281] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 55.908287] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 55.908293] ? find_held_lock+0x36/0x1c0 [ 55.908305] ? __might_fault+0xf1/0x1b0 [ 55.908309] ? lock_downgrade+0x830/0x830 [ 55.908322] ? check_same_owner+0x320/0x320 [ 55.908326] ? __might_sleep+0x93/0xb0 [ 55.908335] __sys_sendmmsg+0x1ae/0x590 [ 55.908344] ? SyS_sendmsg+0x20/0x20 [ 55.908350] ? __lock_is_held+0xb5/0x140 [ 55.908354] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 55.908368] ? __sb_end_write+0xa4/0xd0 [ 55.908374] ? mutex_unlock+0xd/0x10 [ 55.908379] ? __f_unlock_pos+0xd/0x10 [ 55.908383] ? SyS_write+0x199/0x240 [ 55.908388] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 55.908393] ? trace_hardirqs_on_caller+0x40c/0x580 [ 55.908400] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 55.908407] SyS_sendmmsg+0xd/0x20 [ 55.908411] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 55.908416] RIP: 0033:0x45a219 [ 55.908419] RSP: 002b:00007fcfeee14c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 55.908424] RAX: ffffffffffffffda RBX: 00007fcfeee14c90 RCX: 000000000045a219 [ 55.908427] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 55.908429] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 55.908432] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcfeee156d4 [ 55.908434] R13: 00000000004c983c R14: 00000000004e1358 R15: 00000000ffffffff [ 55.908452] dccp_parse_options: DCCP(ffff88011aceb4c0): Option 38 (len=1) error=5 [ 55.923367] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.923690] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.937855] kobject: 'loop3' (ffff880125e5b620): kobject_uevent_env [ 55.937880] kobject: 'loop3' (ffff880125e5b620): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 55.948835] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.950872] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.954621] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.956954] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.990605] kobject: 'hsr0' (ffff880113fa06f0): kobject_add_internal: parent: 'net', set: 'devices' [ 55.991427] kobject: 'hsr0' (ffff880113fa06f0): kobject_uevent_env [ 55.991451] kobject: 'hsr0' (ffff880113fa06f0): fill_kobj_path: path = '/devices/virtual/net/hsr0' [ 55.991749] kobject: 'queues' (ffff880116934b48): kobject_add_internal: parent: 'hsr0', set: '' [ 55.991764] kobject: 'queues' (ffff880116934b48): kobject_uevent_env [ 55.991767] kobject: 'queues' (ffff880116934b48): kobject_uevent_env: filter function caused the event to drop! [ 55.991779] kobject: 'rx-0' (ffff88011bcb1f10): kobject_add_internal: parent: 'queues', set: 'queues' [ 55.991819] kobject: 'rx-0' (ffff88011bcb1f10): kobject_uevent_env [ 55.991839] kobject: 'rx-0' (ffff88011bcb1f10): fill_kobj_path: path = '/devices/virtual/net/hsr0/queues/rx-0' [ 55.992094] kobject: 'tx-0' (ffff88011416f318): kobject_add_internal: parent: 'queues', set: 'queues' [ 55.992235] kobject: 'tx-0' (ffff88011416f318): kobject_uevent_env [ 55.992256] kobject: 'tx-0' (ffff88011416f318): fill_kobj_path: path = '/devices/virtual/net/hsr0/queues/tx-0' [ 55.993113] kobject: 'batman_adv' (ffff880116dd2200): kobject_add_internal: parent: 'hsr0', set: '' [ 55.993300] device hsr_slave_0 entered promiscuous mode [ 56.020923] device hsr_slave_1 entered promiscuous mode [ 56.061225] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.061514] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.069237] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.083613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.092007] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.095436] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.095441] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.114755] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.115039] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.115061] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.115439] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.115655] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.115676] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.116113] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.167448] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.167895] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.176480] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.191638] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.199813] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.232288] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.232343] kobject: 'vlan0' (ffff88010cad9480): kobject_add_internal: parent: 'mesh', set: '' [ 56.283370] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.286736] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.299555] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.299611] kobject: 'vlan0' (ffff880114278880): kobject_add_internal: parent: 'mesh', set: '' [ 56.306038] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.318351] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.318357] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.328072] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.328337] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.328361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.328788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.337395] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.337661] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.337686] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.342138] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.345283] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.363637] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.374578] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.374584] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.383759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.384227] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.387434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.387691] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.387724] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.388097] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.402268] kobject: 'loop0' (ffff880125d8ec20): kobject_uevent_env [ 56.402296] kobject: 'loop0' (ffff880125d8ec20): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 56.402766] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.416613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.416917] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.416959] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.419753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.431988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.449589] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.449979] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.466916] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.474561] kobject: 'loop1' (ffff880125dacca0): kobject_uevent_env [ 56.474587] kobject: 'loop1' (ffff880125dacca0): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 56.489864] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.503544] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.506393] FAULT_INJECTION: forcing a failure. [ 56.506393] name failslab, interval 1, probability 0, space 0, times 0 [ 56.506400] CPU: 1 PID: 7066 Comm: syz-executor.0 Not tainted 4.13.0-rc4+ #0 [ 56.506403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.506405] Call Trace: [ 56.506417] dump_stack+0x145/0x1e1 [ 56.506424] ? arch_local_irq_restore+0x43/0x43 [ 56.506434] ? find_held_lock+0x36/0x1c0 [ 56.506451] should_fail.cold.4+0x5/0x15 [ 56.506457] ? fault_create_debugfs_attr+0x1a0/0x1a0 [ 56.506466] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 56.506473] ? rcu_is_watching+0x61/0x170 [ 56.506479] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 56.506489] ? __lock_is_held+0xb5/0x140 [ 56.506502] ? depot_save_stack+0x12b/0x423 [ 56.506512] ? check_same_owner+0x320/0x320 [ 56.506519] ? mark_held_locks+0xc7/0x130 [ 56.506531] should_failslab+0xba/0xf0 [ 56.506539] kmem_cache_alloc_trace+0x2e3/0x7a0 [ 56.506548] ? sock_sendmsg+0xb5/0xf0 [ 56.506551] ? ___sys_sendmsg+0x2a7/0x9a0 [ 56.506556] ? __sys_sendmmsg+0x1ae/0x590 [ 56.506559] ? SyS_sendmmsg+0xd/0x20 [ 56.506568] ? entry_SYSCALL_64_fastpath+0x23/0xc2 [ 56.506580] dccp_feat_entry_new+0x1a4/0x4f0 [ 56.506587] ? dccp_feat_nn_get+0x310/0x310 [ 56.506598] dccp_feat_push_confirm+0x26/0x280 [ 56.506605] dccp_feat_parse_options+0x10e5/0x1d90 [ 56.506609] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 56.506617] ? dccp_feat_server_ccid_dependencies+0x1f0/0x1f0 [ 56.506623] ? dccp_ackvec_parsed_add+0xa2/0x360 [ 56.506627] ? rcu_read_lock_sched_held+0x108/0x120 [ 56.506631] ? kmem_cache_alloc_trace+0x637/0x7a0 [ 56.506637] ? mod_timer_pending+0xfa0/0xfa0 [ 56.506645] ? debug_smp_processor_id+0x17/0x20 [ 56.506649] ? rcu_is_watching+0x61/0x170 [ 56.506657] ? dccp_ackvec_parsed_add+0x180/0x360 [ 56.506663] ? dccp_ackvec_purge_records+0x1d0/0x1d0 [ 56.506676] dccp_parse_options+0x830/0xf90 [ 56.506689] dccp_rcv_established+0x23/0x70 [ 56.506695] dccp_v4_do_rcv+0xfa/0x160 [ 56.506702] __release_sock+0x10b/0x330 [ 56.506711] release_sock+0x9a/0x270 [ 56.506716] ? __release_sock+0x330/0x330 [ 56.506721] ? dccp_qpolicy_top+0x67/0x80 [ 56.506726] ? dccp_write_xmit+0x3b/0x180 [ 56.506732] dccp_sendmsg+0x57f/0xda0 [ 56.506736] ? lock_release+0x960/0x960 [ 56.506740] ? check_same_owner+0x320/0x320 [ 56.506747] ? dccp_getsockopt+0xd0/0xd0 [ 56.506754] ? sock_has_perm+0x278/0x420 [ 56.506760] ? selinux_tun_dev_create+0xc0/0xc0 [ 56.506768] ? dup_iter+0x1d2/0x250 [ 56.506781] inet_sendmsg+0x148/0x5a0 [ 56.506785] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 56.506788] ? rcu_pm_notify+0xc0/0xc0 [ 56.506793] ? inet_recvmsg+0x790/0x790 [ 56.506798] ? selinux_socket_sendmsg+0x31/0x40 [ 56.506802] ? security_socket_sendmsg+0x6a/0xa0 [ 56.506807] ? inet_recvmsg+0x790/0x790 [ 56.506811] sock_sendmsg+0xb5/0xf0 [ 56.506817] ___sys_sendmsg+0x2a7/0x9a0 [ 56.506827] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 56.506833] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 56.506839] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 56.506846] ? find_held_lock+0x36/0x1c0 [ 56.506860] ? __might_fault+0xf1/0x1b0 [ 56.506866] ? lock_downgrade+0x830/0x830 [ 56.506880] ? check_same_owner+0x320/0x320 [ 56.506885] ? __might_sleep+0x93/0xb0 [ 56.506895] __sys_sendmmsg+0x1ae/0x590 [ 56.506904] ? SyS_sendmsg+0x20/0x20 [ 56.506911] ? __lock_is_held+0xb5/0x140 [ 56.506915] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 56.506934] ? __sb_end_write+0xa4/0xd0 [ 56.506941] ? mutex_unlock+0xd/0x10 [ 56.506947] ? __f_unlock_pos+0xd/0x10 [ 56.506951] ? SyS_write+0x199/0x240 [ 56.506955] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 56.506961] ? trace_hardirqs_on_caller+0x40c/0x580 [ 56.506970] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 56.506977] SyS_sendmmsg+0xd/0x20 [ 56.506982] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 56.506987] RIP: 0033:0x45a219 [ 56.506990] RSP: 002b:00007ffa5310ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 56.506996] RAX: ffffffffffffffda RBX: 00007ffa5310ec90 RCX: 000000000045a219 [ 56.506999] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 56.507001] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 56.507004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.507006] R13: 00007ffc4f00e80f R14: 00007ffa5310f9c0 R15: 000000000075bfd4 [ 56.513199] dccp_parse_options: DCCP(ffff880107c20ac0): Option 32 (len=7) error=9 [ 56.513717] ================================================================== [ 56.513734] BUG: KASAN: use-after-free in ccid2_hc_tx_packet_recv+0x281e/0x288f [ 56.513737] Read of size 1 at addr ffff88011eed6da2 by task syz-executor.0/7066 [ 56.513739] [ 56.513744] CPU: 1 PID: 7066 Comm: syz-executor.0 Not tainted 4.13.0-rc4+ #0 [ 56.513747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.513749] Call Trace: [ 56.513756] dump_stack+0x145/0x1e1 [ 56.513762] ? arch_local_irq_restore+0x43/0x43 [ 56.513769] ? printk+0x91/0xab [ 56.513774] ? log_store.cold.31+0x22/0x22 [ 56.513779] ? sock_sendmsg+0xb5/0xf0 [ 56.513786] ? ccid2_hc_tx_packet_recv+0x281e/0x288f [ 56.513793] print_address_description.cold.7+0x9/0x1c9 [ 56.513797] ? ccid2_hc_tx_packet_recv+0x281e/0x288f [ 56.513801] kasan_report.cold.8+0x121/0x2da [ 56.513807] __asan_report_load1_noabort+0x14/0x20 [ 56.513811] ccid2_hc_tx_packet_recv+0x281e/0x288f [ 56.513822] ? __lock_is_held+0xb5/0x140 [ 56.513827] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 56.513837] ? ccid2_hc_tx_rto_expire+0x630/0x630 [ 56.513844] ? kmem_cache_free+0x25f/0x2d0 [ 56.513851] ? dccp_ackvec_clear_state+0x3c0/0x8f0 [ 56.513854] ? memset+0x31/0x40 [ 56.513862] ? dccp_ackvec_input+0x2d2/0x4a0 [ 56.513868] dccp_deliver_input_to_ccids+0x19f/0x210 [ 56.513873] dccp_rcv_established+0x49/0x70 [ 56.513878] dccp_v4_do_rcv+0xfa/0x160 [ 56.513885] __release_sock+0x10b/0x330 [ 56.513895] release_sock+0x9a/0x270 [ 56.513900] ? __release_sock+0x330/0x330 [ 56.513905] ? dccp_qpolicy_top+0x67/0x80 [ 56.513910] ? dccp_write_xmit+0x3b/0x180 [ 56.513916] dccp_sendmsg+0x57f/0xda0 [ 56.513920] ? lock_release+0x960/0x960 [ 56.513925] ? check_same_owner+0x320/0x320 [ 56.513932] ? dccp_getsockopt+0xd0/0xd0 [ 56.513937] ? sock_has_perm+0x278/0x420 [ 56.513943] ? selinux_tun_dev_create+0xc0/0xc0 [ 56.513948] ? dup_iter+0x1d2/0x250 [ 56.513960] inet_sendmsg+0x148/0x5a0 [ 56.513964] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 56.513967] ? rcu_pm_notify+0xc0/0xc0 [ 56.513972] ? inet_recvmsg+0x790/0x790 [ 56.513977] ? selinux_socket_sendmsg+0x31/0x40 [ 56.513981] ? security_socket_sendmsg+0x6a/0xa0 [ 56.513986] ? inet_recvmsg+0x790/0x790 [ 56.513990] sock_sendmsg+0xb5/0xf0 [ 56.513995] ___sys_sendmsg+0x2a7/0x9a0 [ 56.514004] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 56.514009] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 56.514016] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 56.514022] ? find_held_lock+0x36/0x1c0 [ 56.514033] ? __might_fault+0xf1/0x1b0 [ 56.514037] ? lock_downgrade+0x830/0x830 [ 56.514050] ? check_same_owner+0x320/0x320 [ 56.514055] ? __might_sleep+0x93/0xb0 [ 56.514064] __sys_sendmmsg+0x1ae/0x590 [ 56.514072] ? SyS_sendmsg+0x20/0x20 [ 56.514078] ? __lock_is_held+0xb5/0x140 [ 56.514081] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 56.514093] ? __sb_end_write+0xa4/0xd0 [ 56.514100] ? mutex_unlock+0xd/0x10 [ 56.514105] ? __f_unlock_pos+0xd/0x10 [ 56.514109] ? SyS_write+0x199/0x240 [ 56.514114] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 56.514119] ? trace_hardirqs_on_caller+0x40c/0x580 [ 56.514126] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 56.514133] SyS_sendmmsg+0xd/0x20 [ 56.514137] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 56.514142] RIP: 0033:0x45a219 [ 56.514145] RSP: 002b:00007ffa5310ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 56.514150] RAX: ffffffffffffffda RBX: 00007ffa5310ec90 RCX: 000000000045a219 [ 56.514153] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 56.514155] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 56.514158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.514161] R13: 00007ffc4f00e80f R14: 00007ffa5310f9c0 R15: 000000000075bfd4 [ 56.514173] [ 56.514176] Allocated by task 7066: [ 56.514184] save_stack_trace+0x16/0x20 [ 56.514186] save_stack+0x43/0xd0 [ 56.514189] kasan_kmalloc+0xc7/0xe0 [ 56.514201] __kmalloc_node_track_caller+0x47/0x70 [ 56.514205] __kmalloc_reserve.isra.37+0x2c/0xb0 [ 56.514213] __alloc_skb+0x10c/0x6f0 [ 56.514216] dccp_send_ack+0xb3/0x340 [ 56.514220] ccid2_hc_rx_packet_recv+0xf9/0x170 [ 56.514223] dccp_deliver_input_to_ccids+0xc5/0x210 [ 56.514226] dccp_rcv_established+0x49/0x70 [ 56.514230] dccp_v4_do_rcv+0xfa/0x160 [ 56.514233] __sk_receive_skb+0x295/0xac0 [ 56.514237] dccp_v4_rcv+0xde1/0x2163 [ 56.514242] ip_local_deliver_finish+0x288/0xa70 [ 56.514246] ip_local_deliver+0x1b1/0x690 [ 56.514249] ip_rcv_finish+0x940/0x20f0 [ 56.514252] ip_rcv+0xbb8/0x1924 [ 56.514256] __netif_receive_skb_core+0x2140/0x3500 [ 56.514259] __netif_receive_skb+0x1f/0x1a0 [ 56.514262] process_backlog+0x1fc/0x710 [ 56.514265] net_rx_action+0x72d/0x1800 [ 56.514269] __do_softirq+0x300/0xb35 [ 56.514270] [ 56.514272] Freed by task 7066: [ 56.514276] save_stack_trace+0x16/0x20 [ 56.514279] save_stack+0x43/0xd0 [ 56.514281] kasan_slab_free+0x71/0xc0 [ 56.514284] kfree+0xcc/0x270 [ 56.514288] skb_free_head+0x74/0x90 [ 56.514292] skb_release_data+0x549/0x840 [ 56.514296] skb_release_all+0x3d/0x50 [ 56.514299] kfree_skb+0x13d/0x4f0 [ 56.514302] dccp_v4_do_rcv+0x111/0x160 [ 56.514305] __release_sock+0x10b/0x330 [ 56.514308] release_sock+0x9a/0x270 [ 56.514310] dccp_sendmsg+0x57f/0xda0 [ 56.514313] inet_sendmsg+0x148/0x5a0 [ 56.514317] sock_sendmsg+0xb5/0xf0 [ 56.514320] ___sys_sendmsg+0x2a7/0x9a0 [ 56.514324] __sys_sendmmsg+0x1ae/0x590 [ 56.514327] SyS_sendmmsg+0xd/0x20 [ 56.514331] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 56.514332] [ 56.514336] The buggy address belongs to the object at ffff88011eed6900 [ 56.514336] which belongs to the cache kmalloc-2048 of size 2048 [ 56.514340] The buggy address is located 1186 bytes inside of [ 56.514340] 2048-byte region [ffff88011eed6900, ffff88011eed7100) [ 56.514342] The buggy address belongs to the page: [ 56.514345] page:ffffea00047bb580 count:1 mapcount:0 mapping:ffff88011eed6080 index:0x0 compound_mapcount: 0 [ 56.514352] flags: 0x2fffc0000008100(slab|head) [ 56.514358] raw: 02fffc0000008100 ffff88011eed6080 0000000000000000 0000000100000003 [ 56.514361] raw: ffffea00047b8f20 ffffea00047bd420 ffff88012bc00c40 0000000000000000 [ 56.514363] page dumped because: kasan: bad access detected [ 56.514365] [ 56.514366] Memory state around the buggy address: [ 56.514369] ffff88011eed6c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.514371] ffff88011eed6d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.514374] >ffff88011eed6d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.514375] ^ [ 56.514378] ffff88011eed6e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.514380] ffff88011eed6e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.514382] ================================================================== [ 56.514384] Disabling lock debugging due to kernel taint [ 56.515616] Kernel panic - not syncing: panic_on_warn set ... [ 56.515616] [ 56.515621] CPU: 1 PID: 7066 Comm: syz-executor.0 Tainted: G B 4.13.0-rc4+ #0 [ 56.515623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.515625] Call Trace: [ 56.515632] dump_stack+0x145/0x1e1 [ 56.515637] ? arch_local_irq_restore+0x43/0x43 [ 56.515645] ? ccid2_hc_tx_packet_recv+0x281e/0x288f [ 56.515650] panic+0x1a9/0x34e [ 56.515654] ? add_taint.cold.5+0x11/0x11 [ 56.515660] ? ___preempt_schedule+0x16/0x18 [ 56.515666] ? ccid2_hc_tx_packet_recv+0x281e/0x288f [ 56.515671] kasan_end_report+0x47/0x4f [ 56.515674] kasan_report.cold.8+0x76/0x2da [ 56.515678] __asan_report_load1_noabort+0x14/0x20 [ 56.515682] ccid2_hc_tx_packet_recv+0x281e/0x288f [ 56.515689] ? __lock_is_held+0xb5/0x140 [ 56.515693] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 56.515699] ? ccid2_hc_tx_rto_expire+0x630/0x630 [ 56.515705] ? kmem_cache_free+0x25f/0x2d0 [ 56.515709] ? dccp_ackvec_clear_state+0x3c0/0x8f0 [ 56.515711] ? memset+0x31/0x40 [ 56.515717] ? dccp_ackvec_input+0x2d2/0x4a0 [ 56.515721] dccp_deliver_input_to_ccids+0x19f/0x210 [ 56.515725] dccp_rcv_established+0x49/0x70 [ 56.515729] dccp_v4_do_rcv+0xfa/0x160 [ 56.515734] __release_sock+0x10b/0x330 [ 56.515741] release_sock+0x9a/0x270 [ 56.515745] ? __release_sock+0x330/0x330 [ 56.515749] ? dccp_qpolicy_top+0x67/0x80 [ 56.515752] ? dccp_write_xmit+0x3b/0x180 [ 56.515757] dccp_sendmsg+0x57f/0xda0 [ 56.515760] ? lock_release+0x960/0x960 [ 56.515764] ? check_same_owner+0x320/0x320 [ 56.515769] ? dccp_getsockopt+0xd0/0xd0 [ 56.515773] ? sock_has_perm+0x278/0x420 [ 56.515777] ? selinux_tun_dev_create+0xc0/0xc0 [ 56.515781] ? dup_iter+0x1d2/0x250 [ 56.515789] inet_sendmsg+0x148/0x5a0 [ 56.515794] ? copy_msghdr_from_user+0x2f4/0x5b0 [ 56.515797] ? rcu_pm_notify+0xc0/0xc0 [ 56.515799] ? inet_recvmsg+0x790/0x790 [ 56.515803] ? selinux_socket_sendmsg+0x31/0x40 [ 56.515807] ? security_socket_sendmsg+0x6a/0xa0 [ 56.515810] ? inet_recvmsg+0x790/0x790 [ 56.515814] sock_sendmsg+0xb5/0xf0 [ 56.515818] ___sys_sendmsg+0x2a7/0x9a0 [ 56.515824] ? copy_msghdr_from_user+0x5b0/0x5b0 [ 56.515828] ? __fsnotify_update_child_dentry_flags.part.2+0x280/0x280 [ 56.515832] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 56.515837] ? find_held_lock+0x36/0x1c0 [ 56.515845] ? __might_fault+0xf1/0x1b0 [ 56.515848] ? lock_downgrade+0x830/0x830 [ 56.515857] ? check_same_owner+0x320/0x320 [ 56.515861] ? __might_sleep+0x93/0xb0 [ 56.515868] __sys_sendmmsg+0x1ae/0x590 [ 56.515874] ? SyS_sendmsg+0x20/0x20 [ 56.515879] ? __lock_is_held+0xb5/0x140 [ 56.515882] ? rcu_dynticks_eqs_exit+0x70/0x70 [ 56.515892] ? __sb_end_write+0xa4/0xd0 [ 56.515897] ? mutex_unlock+0xd/0x10 [ 56.515900] ? __f_unlock_pos+0xd/0x10 [ 56.515903] ? SyS_write+0x199/0x240 [ 56.515908] ? entry_SYSCALL_64_fastpath+0x5/0xc2 [ 56.515912] ? trace_hardirqs_on_caller+0x40c/0x580 [ 56.515916] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 56.515920] SyS_sendmmsg+0xd/0x20 [ 56.515924] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 56.515927] RIP: 0033:0x45a219 [ 56.515929] RSP: 002b:00007ffa5310ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 56.515933] RAX: ffffffffffffffda RBX: 00007ffa5310ec90 RCX: 000000000045a219 [ 56.515935] RDX: 04000000000001e6 RSI: 0000000020000c00 RDI: 0000000000000005 [ 56.515937] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 56.515939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.515941] R13: 00007ffc4f00e80f R14: 00007ffa5310f9c0 R15: 000000000075bfd4 [ 56.517375] Kernel Offset: disabled [ 59.109100] Rebooting in 86400 seconds..