[ 42.062730] audit: type=1800 audit(1548596642.542:25): pid=7923 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 42.090927] audit: type=1800 audit(1548596642.552:26): pid=7923 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 42.132849] audit: type=1800 audit(1548596642.552:27): pid=7923 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.6' (ECDSA) to the list of known hosts. 2019/01/27 13:44:10 fuzzer started 2019/01/27 13:44:13 dialing manager at 10.128.0.26:39951 2019/01/27 13:44:13 syscalls: 1 2019/01/27 13:44:13 code coverage: enabled 2019/01/27 13:44:13 comparison tracing: enabled 2019/01/27 13:44:13 extra coverage: extra coverage is not supported by the kernel 2019/01/27 13:44:13 setuid sandbox: enabled 2019/01/27 13:44:13 namespace sandbox: enabled 2019/01/27 13:44:13 Android sandbox: /sys/fs/selinux/policy does not exist 2019/01/27 13:44:13 fault injection: enabled 2019/01/27 13:44:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/01/27 13:44:13 net packet injection: enabled 2019/01/27 13:44:13 net device setup: enabled 13:47:12 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x82, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000040)={{{@in=@multicast2, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@broadcast}}, &(0x7f0000000140)=0xe8) ioctl$EVIOCSABS3F(r0, 0x401845ff, &(0x7f0000000180)={0x466, 0x997, 0x3, 0x0, 0x7fffffff, 0xf37}) fchdir(r0) ioctl$TCXONC(r0, 0x540a, 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'veth0\x00', r1}) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x484e) ioctl$PPPIOCDISCONN(r0, 0x7439) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000200)=@req={0x100, 0x4, 0x8000, 0x7}, 0x10) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/autofs\x00', 0x0, 0x0) get_mempolicy(&(0x7f0000000280), &(0x7f00000002c0), 0x7, &(0x7f0000ffc000/0x3000)=nil, 0x1) ioctl$SG_SET_TIMEOUT(r0, 0x2201, &(0x7f0000000300)=0x3) fstat(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) chown(&(0x7f0000000340)='./file0\x00', r2, r4) ioctl$SG_GET_LOW_DMA(r0, 0x227a, &(0x7f0000000400)) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000440)={0x28, 0x2, 0x0, {0x0, 0x2, 0xff}}, 0x28) lstat(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)) r5 = openat$md(0xffffffffffffff9c, &(0x7f0000000540)='/dev/md0\x00', 0x482000, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r5, 0x4c09, 0x40) r6 = mmap$binder(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x1000000, 0x20010, r0, 0x0) getegid() write$P9_RLOCK(r3, &(0x7f0000000580)={0x8, 0x35, 0x1, 0x1}, 0x8) get_mempolicy(&(0x7f00000005c0), &(0x7f0000000600), 0x7, &(0x7f0000fec000/0x4000)=nil, 0x1) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000640)={0xad, 0x5, 0x8000, 0xfffffffffffffffb, 0xd3c6, 0xe1, 0x80000000, 0x0, 0x0}, &(0x7f0000000680)=0x20) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f00000006c0)={r7, 0x16}, 0x8) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000840)={0x80, 0x0, &(0x7f0000000780)=[@request_death={0x400c630e, 0x3}, @acquire_done={0x40106309, r6, 0x3}, @transaction_sg={0x40486311, {{0x3, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000700)=[@fd={0x66642a85, 0x0, r3, 0x0, 0x4}], &(0x7f0000000740)=[0x38, 0x18, 0x0, 0x30, 0x18, 0x78, 0x38, 0x48]}, 0xeb0b}}, @clear_death={0x400c630f, 0x1, 0x1}], 0xa, 0x0, &(0x7f0000000800)="5513f8f0dfa43e20bc99"}) r8 = fcntl$dupfd(r5, 0x0, r0) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000880)={0x0}, &(0x7f00000008c0)=0xc) r10 = getpgid(0x0) kcmp(r9, r10, 0x3, r5, r3) syzkaller login: [ 231.746178] IPVS: ftp: loaded support on port[0] = 21 13:47:12 executing program 1: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x1, 0x0) recvfrom$rxrpc(r0, &(0x7f0000000040)=""/144, 0x90, 0x0, &(0x7f0000000100)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x19}}}, 0x24) inotify_add_watch(r0, &(0x7f0000000140)='./file0\x00', 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e23, 0x3, @local, 0x9}}, 0x0, 0x20, 0x4, 0x7244, 0xa2}, &(0x7f0000000240)=0x98) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000280)={r1, 0x400}, &(0x7f00000002c0)=0x8) ioctl$ION_IOC_HEAP_QUERY(r0, 0xc0184908, &(0x7f0000000340)={0x34, 0x0, &(0x7f0000000300)}) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dlm-control\x00', 0x309240, 0x0) ioctl$sock_bt_bnep_BNEPCONNDEL(r3, 0x400442c9, &(0x7f00000003c0)={0x6, @broadcast}) fdatasync(r0) sync() clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) utimensat(r0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000480)={{r4, r5/1000+30000}, {0x77359400}}, 0x100) ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f00000004c0)) ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f0000000500)={0xffff, [0x3, 0x9, 0x16, 0x5, 0xff, 0x0, 0xff, 0x6, 0x8, 0x9, 0x5, 0xcc9e, 0x6, 0x1, 0x1, 0x100000000, 0x4, 0x1f, 0x1, 0x8, 0xf290, 0x0, 0x1, 0x9, 0x20, 0x8, 0x7fffffff, 0x1, 0x7, 0xffff, 0xfffffffeffffffff, 0x4, 0x8, 0x8000, 0x9, 0x401, 0x8, 0x5, 0x1000, 0x5e53, 0x7, 0x1ff, 0x1, 0x5, 0xfffffffffffffffa, 0x6, 0x101]}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000580)=""/235, &(0x7f0000000680)=""/82, &(0x7f0000000700)=""/96, 0xd000}) ioctl$sock_netdev_private(r0, 0x89f1, &(0x7f00000007c0)="42de006899ee300f69dec7411c031f1268262fe67c39d9c06450f9d1f2a93ab6f7ab20d121db412bd11c42d86f303f997b1106a46850d023be36577e4afcfabff87667b71ee7ec40d12f2418268851e85cf55682f34e7405480d2f25c290b63ad5f00b4767ead5195d67eb4278833ca0f031b35f05bb6eb08e56dd3c547e5c54121de79e92329a7dacf388c5ff9ffd0e93e5641d88e06d3a8535fcd8b86c1194bcaed01c611db6352145f38d37e8cd54e47ec7b6eccd0a07cd9418618847122c7de361e4fc8e8241f30d787ae021523979577b81609d3da5f0fdad76a1") setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f00000008c0)={0x77359400}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x1000) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f0000000900)={r2, 0x3f, 0x8, [0x27a, 0x1, 0x8fb9, 0xcf, 0x0, 0x1, 0x2, 0x20]}, &(0x7f0000000940)=0x18) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000ac0)={r3, 0x10, &(0x7f0000000a80)={&(0x7f0000000980)=""/247, 0xf7, 0xffffffffffffffff}}, 0x10) ioctl$KDGETMODE(r3, 0x4b3b, &(0x7f0000000b00)) ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000b40)=0xfbb, 0x4) clock_gettime(0x0, &(0x7f0000000bc0)={0x0, 0x0}) utimensat(r3, &(0x7f0000000b80)='./file0\x00', &(0x7f0000000c00)={{r6, r7/1000+10000}}, 0x100) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r3, 0x402c5342, &(0x7f0000000c40)={0x7, 0x1, 0x3, {}, 0xfffffffffffffff9, 0x1}) ioctl$KVM_GET_CLOCK(r0, 0x8030ae7c, &(0x7f0000000cc0)) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000dc0)=0x0) perf_event_open(&(0x7f0000000d40)={0x7, 0x70, 0x1ff, 0x1, 0xcc50, 0x100, 0x0, 0x6, 0x40, 0xd, 0x946f, 0x2, 0x6, 0x0, 0x7, 0x5, 0x9, 0x0, 0x401, 0x5, 0x4, 0x6c72, 0x3, 0xa80, 0x5, 0x4, 0x2, 0xe50, 0x6, 0x9, 0x4, 0x1, 0xffff, 0x9, 0x3ff, 0x3, 0xe00000000, 0x6c6, 0x0, 0x1, 0x1, @perf_bp={&(0x7f0000000d00), 0xd}, 0x141, 0x1, 0x4, 0x7, 0x0, 0x58, 0xc74}, r8, 0xa, r3, 0x8) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) [ 231.880574] chnl_net:caif_netlink_parms(): no params data found [ 231.980164] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.004693] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.012658] device bridge_slave_0 entered promiscuous mode [ 232.021954] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.030131] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.038063] device bridge_slave_1 entered promiscuous mode [ 232.057877] IPVS: ftp: loaded support on port[0] = 21 [ 232.083190] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 232.094026] bond0: Enslaving bond_slave_1 as an active interface with an up link 13:47:12 executing program 2: r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0xfffffffffffffffc, 0x1) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r0, 0xc0305616, &(0x7f0000000040)={0x0, {0x7, 0x5}}) ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f0000000080)) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x7, 0x7, 0x3, 0x6}) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000100)={0xfff, 0x2, 0xffffffff, 0x401}, 0x14) r2 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x0, 0x2) ioctl$sock_TIOCOUTQ(r2, 0x5411, &(0x7f0000000180)) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f00000001c0)={0x1, 0x0, {0x7, 0xfffffffffffffded, 0x1, 0xd, 0x4, 0x0, 0x1, 0x1}}) r3 = getpid() ioctl$KVM_ASSIGN_SET_INTX_MASK(r0, 0x4040aea4, &(0x7f0000000240)={0x7, 0x9, 0x9, 0x6, 0x8}) ioctl$DRM_IOCTL_MARK_BUFS(r2, 0x40206417, &(0x7f0000000280)={0x61, 0x9, 0x80000001, 0x1, 0x9e4681904a620096, 0x3}) r4 = syz_open_dev$adsp(&(0x7f00000002c0)='/dev/adsp#\x00', 0x10000, 0x101001) ioctl$sock_inet_udp_SIOCOUTQ(r4, 0x5411, &(0x7f0000000300)) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0xbabb710fe7f6a1ec}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r5, 0x631, 0x70bd29, 0x25dfdbfc, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x20040000) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000480)=0x33d6) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f00000004c0)={0x0, 0x7fff, 0x36}) ioctl$FS_IOC_GETFLAGS(r1, 0x80086601, &(0x7f0000000500)) fcntl$lock(r0, 0x7, &(0x7f0000000540)={0x0, 0x2, 0xfffffffffffffffd, 0x1200000000000000, r3}) fcntl$lock(r2, 0x27, &(0x7f0000000580)={0x2, 0x4, 0x3, 0x80, r3}) dup(r1) openat$snapshot(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/snapshot\x00', 0x10d080, 0x0) ioctl$EVIOCGID(r2, 0x80084502, &(0x7f0000000600)=""/10) getsockopt$inet6_udp_int(r4, 0x11, 0x1, &(0x7f0000000640), &(0x7f0000000680)=0x4) sync_file_range(r2, 0x4, 0x1, 0x2) r6 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/dlm-control\x00', 0x40, 0x0) syz_open_dev$usb(&(0x7f0000000700)='/dev/bus/usb/00#/00#\x00', 0xad, 0x80000) syz_genetlink_get_family_id$tipc(&(0x7f0000000740)='TIPC\x00') write$FUSE_WRITE(r6, &(0x7f0000000780)={0x18, 0xfffffffffffffff5, 0x6, {0x7ff}}, 0x18) [ 232.152559] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 232.163689] team0: Port device team_slave_0 added [ 232.176971] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 232.192831] team0: Port device team_slave_1 added [ 232.206546] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 232.233080] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 232.363903] IPVS: ftp: loaded support on port[0] = 21 13:47:12 executing program 3: r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x5, 0x202000) ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000000040)={0x401, 0x800, 0x1, 0x40}) r1 = request_key(&(0x7f0000000080)='ceph\x00', &(0x7f00000000c0)={'syz', 0x1}, &(0x7f0000000100)='\x00', 0xfffffffffffffffe) r2 = request_key(&(0x7f0000000140)='big_key\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f00000001c0)='em1ppp1\x00', 0xfffffffffffffffe) keyctl$unlink(0x9, r1, r2) getsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000200), &(0x7f0000000240)=0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000280)={0x0, 0x9, 0xfff, 0x8, 0x100000001}, 0x14) ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f00000002c0)={0x400, 0x0, 0x9}) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vsock\x00', 0x105000, 0x0) ioctl$PERF_EVENT_IOC_ID(r3, 0x80082407, &(0x7f0000000340)) ioctl$sock_inet_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000380)) ioctl$VIDIOC_QUERYCAP(r3, 0x80685600, &(0x7f00000003c0)) ioctl$DRM_IOCTL_MAP_BUFS(r3, 0xc0186419, &(0x7f0000000840)={0x4, &(0x7f0000000440)=""/218, &(0x7f00000007c0)=[{0x2, 0xb6, 0xffff, &(0x7f0000000540)=""/182}, {0xfffffffffffffffa, 0xac, 0x1, &(0x7f0000000600)=""/172}, {0x8, 0x5a, 0xfff, &(0x7f00000006c0)=""/90}, {0x1ff, 0x62, 0x59, &(0x7f0000000740)=""/98}]}) ioctl$VIDIOC_QUERYCAP(r0, 0x80685600, &(0x7f0000000880)) bpf$MAP_CREATE(0x0, &(0x7f0000000900)={0x17, 0x7, 0x3, 0x7, 0x20, r0, 0x7}, 0x2c) ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000980)={&(0x7f0000000940)=[0xffffffffffff2dc1, 0x1ff, 0x2, 0x7, 0x0, 0x6cbb, 0x8], 0x7, 0x6, 0x80, 0x9, 0xff, 0x1, {0xed0, 0x8, 0x2, 0x1, 0x5, 0x8, 0x10000, 0x8c33, 0x6, 0x1ff, 0x5, 0xc2, 0x4, 0x4, "02968dcbb404f3386969ef428dfc54a5e83f281acac56b051c17da61c54a6c33"}}) socket$key(0xf, 0x3, 0x2) r4 = accept4$packet(r3, &(0x7f0000000a00), &(0x7f0000000a40)=0x14, 0x800) ioctl$DRM_IOCTL_RES_CTX(r3, 0xc0106426, &(0x7f0000000ac0)={0x3, &(0x7f0000000a80)=[{}, {}, {0x0}]}) ioctl$DRM_IOCTL_RM_CTX(r0, 0xc0086421, &(0x7f0000000b00)={r5, 0x3}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000b40)={{0x6, 0x8}, 'port1\x00', 0x8, 0x2, 0x0, 0x9, 0x7fff, 0x1f, 0x11, 0x0, 0x4, 0xffffffffffffff79}) io_setup(0x100, &(0x7f0000000c00)=0x0) io_cancel(r6, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0xb, 0x1, r4, &(0x7f0000000c40)="3763b22a04a9bc72717db2925734591cfdce66353d40011c2908e1f36d5d72447bcf43b69403f9320c4cd5ba9d4f0c424c11ba52e7821805fa68311a166d22c7222316ba442117d19e5c54bdc89760aa973736065a1f4b79c90fcee0e386b6c242e9510700a2bd956d4049c871fb5c", 0x6f, 0x20, 0x0, 0x1, r0}, &(0x7f0000000d00)) ioctl$KDDELIO(r0, 0x4b35, 0xfff) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0x40a85323, &(0x7f0000000d40)={{0x2, 0x100000001}, 'port0\x00', 0xa4, 0x20000, 0x40, 0x74c1, 0x7, 0x4d, 0x3800000000000, 0x0, 0x87770a1af2876e02, 0x9}) ioctl$VIDIOC_S_PARM(r4, 0xc0cc5616, &(0x7f0000000e00)={0xc, @raw_data="b1ab6b446438de4fb26e1b989106a350e7710db5024c995ec95d9c90ac8c82a3d278eaf19ff16f92872e15bb7aa540750d6a43378ce6f9c49d2818160531ee215f962fdc10781e1dc878de97b03f6e86aef5bd08163756cd5163dd14567f1a73fb2ff3f9e7796532cadcbc422d22b36edf4324809fcf49f57956d02beee35b2711c53747f68cc1af6afa49e1cc1d740802180f66b76ca21dd6e5ab3fe18c2d2e24fc6fc0aab5b1dd2a637d1f1c3ca4ef2c6ed72912f40849a61c085a0c1d7f495b33e89cbda9d5ea"}) ioctl$VIDIOC_S_PARM(r3, 0xc0cc5616, &(0x7f0000000f00)={0x6, @capture={0x1000, 0x1, {0x3, 0x1}, 0xffff, 0x2}}) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000001000)=[@timestamp, @window={0x3, 0x9c70, 0xffffffffffffffff}, @timestamp, @timestamp], 0x4) setsockopt$netlink_NETLINK_PKTINFO(r3, 0x10e, 0x3, &(0x7f0000001040)=0x6, 0x4) [ 232.388382] device hsr_slave_0 entered promiscuous mode [ 232.424934] device hsr_slave_1 entered promiscuous mode [ 232.466120] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 232.473228] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 232.526157] chnl_net:caif_netlink_parms(): no params data found [ 232.554326] IPVS: ftp: loaded support on port[0] = 21 [ 232.579786] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.586348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.593408] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.599824] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.675093] ================================================================== [ 232.682633] BUG: KASAN: use-after-free in memcmp+0xb3/0xc0 [ 232.688264] Read of size 1 at addr ffff88809f1efe70 by task syz-executor1/8111 [ 232.695618] [ 232.697256] CPU: 0 PID: 8111 Comm: syz-executor1 Not tainted 5.0.0-rc3+ #43 [ 232.704354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 232.713712] Call Trace: [ 232.716292] [ 232.718458] dump_stack+0x1db/0x2d0 [ 232.722100] ? dump_stack_print_info.cold+0x20/0x20 [ 232.727131] ? add_lock_to_list.isra.0+0x450/0x450 [ 232.732100] ? memcmp+0xb3/0xc0 [ 232.735394] print_address_description.cold+0x7c/0x20d [ 232.738382] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 232.740675] ? memcmp+0xb3/0xc0 [ 232.750048] ? memcmp+0xb3/0xc0 [ 232.753349] kasan_report.cold+0x1b/0x40 [ 232.754595] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.757416] ? memcmp+0xb3/0xc0 [ 232.766579] __asan_report_load1_noabort+0x14/0x20 [ 232.771515] memcmp+0xb3/0xc0 [ 232.774645] br_mdb_ip_get+0x694/0xe30 [ 232.777329] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 232.778566] ? br_multicast_group_expired+0x490/0x490 [ 232.789784] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 232.795331] ? __skb_checksum_complete+0x284/0x530 [ 232.800278] ? lock_acquire+0x1db/0x570 [ 232.804276] ? br_multicast_add_group+0xbd/0x7d0 [ 232.809051] br_multicast_new_group+0x77/0x200 [ 232.813662] ? br_mdb_get+0xf50/0xf50 [ 232.816517] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 232.817472] ? csum_partial+0x21/0x30 [ 232.823526] 8021q: adding VLAN 0 to HW filter on device team0 [ 232.827415] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 232.827437] br_multicast_add_group+0x4ce/0x7d0 [ 232.827459] ? ipv6_mc_validate_checksum+0x510/0x510 [ 232.848596] ? br_multicast_new_port_group+0x4c0/0x4c0 [ 232.853890] ? mld_ifc_timer_expire+0x449/0x8a0 [ 232.858608] ? trace_raw_output_hrtimer_start+0x80/0x200 [ 232.864065] ? print_usage_bug+0xd0/0xd0 [ 232.868165] ? irq_exit+0x180/0x1d0 13:47:13 executing program 4: pause() r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0xfffffffffffffff8, 0x105200) ioctl$SG_GET_SG_TABLESIZE(r0, 0x227f, &(0x7f0000000040)) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000080)={0x2, 0x1}) read$FUSE(r0, &(0x7f00000000c0), 0x1000) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x80) getsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f00000010c0), &(0x7f0000001100)=0x4) r1 = syz_open_dev$audion(&(0x7f0000001140)='/dev/audio#\x00', 0x2, 0x0) ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000001180)={0x2d, 0x34, 0x14, 0x7, 0x2, 0xfff, 0x0, 0x162, 0xffffffffffffffff}) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f00000011c0)='veth0_to_bond\x00') ioctl$PPPIOCSMRU(r0, 0x40047452, &(0x7f0000001200)=0x4) ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000001240)) link(&(0x7f0000001280)='./file0\x00', &(0x7f00000012c0)='./file0\x00') ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r0, 0x40045730, &(0x7f0000001300)=0x9) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001380)=@raw={'raw\x00', 0x9, 0x3, 0x2b0, 0xf0, 0x0, 0x0, 0xf0, 0x0, 0x1e0, 0x1e0, 0x1e0, 0x1e0, 0x1e0, 0x3, &(0x7f0000001340), {[{{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @ipv4={[], [], @multicast1}, [0x0, 0xffffff00, 0x0, 0xffffff00], [0xffffffff, 0x0, 0x0, 0xff], 'bridge_slave_1\x00', 'batadv0\x00', {0xff}, {0xff}, 0x3b, 0x4b880000000, 0x4, 0x5}, 0x0, 0xc8, 0xf0}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x100000001, 0x6}}}, {{@uncond, 0x0, 0xc8, 0xf0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffd}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil}) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000001700)=0x2000, 0x4) ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f0000001740)=0xffffffffffffffff) socket$xdp(0x2c, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000001780)={0x0, @in6={{0xa, 0x4e24, 0x7a, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0xcf0}}, 0xeaf, 0x2, 0x8, 0x0, 0x3}, &(0x7f0000001840)=0x98) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000001880)={0x10001, 0x0, 0x8005, 0x8, 0x5, 0x690527fe, 0x3, 0x100000000, r2}, &(0x7f00000018c0)=0x20) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000001900)={0x3ff, {0x0, 0x5, 0xff, 0x2, 0x6, 0x6}}) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000001940)={{{@in6, @in=@remote}}, {{@in6=@mcast1}, 0x0, @in6=@mcast2}}, &(0x7f0000001a40)=0xe8) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000001a80)={0x9, 0x1, 0xcf57, 0xffffffffffffff22, 0x2, 0xe6f, 0x8, 0xff, 0xffff, 0x42, 0x8, 0x7fff}) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000001b00)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000001bc0)={&(0x7f0000001ac0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000001b80)={&(0x7f0000001b40)={0x30, r3, 0x321, 0x70bd2d, 0x25dfdbfb, {{}, 0x0, 0x4108, 0x0, {0x14, 0x18, {0x4, @bearer=@udp='udp:syz1\x00'}}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x4000000) getsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000001c00), &(0x7f0000001c40)=0x4) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000001c80), 0x4) ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5387, &(0x7f0000001cc0)) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000001d00)={{{@in=@local, @in6=@local}}, {{}, 0x0, @in6=@mcast1}}, &(0x7f0000001e00)=0xe8) [ 232.871822] ? smp_apic_timer_interrupt+0x1b7/0x760 [ 232.876853] br_multicast_rcv+0x24aa/0x4270 [ 232.881202] ? down_killable+0x10/0x90 [ 232.885099] ? br_multicast_disable_port+0x1b0/0x1b0 [ 232.890254] ? mark_held_locks+0x100/0x100 [ 232.891600] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 232.894514] ? kmem_cache_free+0x225/0x260 [ 232.904725] ? add_lock_to_list.isra.0+0x450/0x450 [ 232.909661] ? find_held_lock+0x35/0x120 [ 232.913732] ? print_usage_bug+0xd0/0xd0 [ 232.917810] ? get_stack_info+0x37/0x142 [ 232.921884] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 232.923793] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 232.927443] ? br_allowed_ingress+0x131/0x1a40 [ 232.927456] ? find_held_lock+0x35/0x120 [ 232.927472] ? is_bpf_text_address+0xac/0x170 [ 232.927488] ? print_usage_bug+0xd0/0xd0 [ 232.951131] ? is_bpf_text_address+0xac/0x170 [ 232.955642] ? br_handle_vlan+0x1110/0x1110 [ 232.959986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 232.961019] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 232.965568] ? __lock_is_held+0xb6/0x140 [ 232.965593] br_dev_xmit+0x7f4/0x1780 [ 232.979613] ? br_poll_controller+0x10/0x10 [ 232.983954] ? add_lock_to_list.isra.0+0x450/0x450 [ 232.988910] ? audit_kill_trees+0x3a0/0x425 [ 232.993277] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 232.994421] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 232.998825] ? check_preemption_disabled+0x48/0x290 [ 232.998853] ? __lock_is_held+0xb6/0x140 [ 232.998880] dev_hard_start_xmit+0x261/0xc70 [ 233.018407] ? dev_direct_xmit+0x670/0x670 [ 233.018425] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 233.028195] ? validate_xmit_skb+0x85a/0xf60 [ 233.032634] ? netif_skb_features+0xb90/0xb90 [ 233.037178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 233.042729] ? check_preemption_disabled+0x48/0x290 [ 233.047766] ? check_preemption_disabled+0x48/0x290 [ 233.053305] __dev_queue_xmit+0x2f8a/0x3a60 [ 233.057643] ? mark_held_locks+0x100/0x100 [ 233.061896] ? netdev_pick_tx+0x300/0x300 [ 233.066057] ? ipv6_chk_mcast_addr+0x373/0x7e0 [ 233.070649] ? find_held_lock+0x35/0x120 [ 233.074720] ? add_lock_to_list.isra.0+0x450/0x450 [ 233.079663] ? ipv6_chk_mcast_addr+0x373/0x7e0 [ 233.084262] ? print_usage_bug+0xd0/0xd0 [ 233.088347] ? ip6_finish_output+0x577/0xc30 [ 233.092770] ? find_held_lock+0x35/0x120 [ 233.096844] ? mark_held_locks+0xb1/0x100 [ 233.101007] ? ip6_finish_output2+0x1896/0x28e0 [ 233.105682] ? ip6_finish_output2+0x1896/0x28e0 [ 233.110360] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 233.114950] ? trace_hardirqs_on+0xbd/0x310 [ 233.119282] ? ip6_finish_output+0x577/0xc30 [ 233.123704] ? trace_hardirqs_off_caller+0x300/0x300 [ 233.128823] dev_queue_xmit+0x18/0x20 [ 233.132632] ? dev_queue_xmit+0x18/0x20 [ 233.136622] ip6_finish_output2+0x141a/0x28e0 [ 233.141136] ? ip6_forward_finish+0x580/0x580 [ 233.145644] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 233.150931] ? rcu_read_unlock_special+0x380/0x380 [ 233.155880] ? ip6_mtu+0x160/0x520 [ 233.159428] ? find_match+0x10d0/0x10d0 [ 233.163409] ? kasan_check_read+0x11/0x20 [ 233.167576] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 233.172906] ip6_finish_output+0x577/0xc30 [ 233.177161] ? ip6_finish_output+0x577/0xc30 [ 233.181615] ip6_output+0x23c/0xa00 [ 233.185243] ? ip6_finish_output+0xc30/0xc30 [ 233.189659] ? ip6_mc_leave_src+0x230/0x230 [ 233.193990] ? ip6_fragment+0x3780/0x3780 [ 233.198149] ? ip6_mtu_from_fib6+0x750/0x750 [ 233.202587] mld_sendpack+0xa44/0xfd0 [ 233.206425] ? nf_hook.constprop.0+0x850/0x850 [ 233.211018] ? trace_hardirqs_on+0xbd/0x310 [ 233.215350] ? _raw_read_unlock_bh+0x31/0x40 [ 233.219778] ? mld_ifc_timer_expire+0x437/0x8a0 [ 233.224459] ? __local_bh_enable_ip+0x15a/0x270 [ 233.229143] mld_ifc_timer_expire+0x449/0x8a0 [ 233.233663] call_timer_fn+0x254/0x900 [ 233.237578] ? mld_dad_timer_expire+0x1c0/0x1c0 [ 233.242365] ? process_timeout+0x40/0x40 [ 233.242388] ? _raw_spin_unlock_irq+0x28/0x90 [ 233.242403] ? _raw_spin_unlock_irq+0x28/0x90 [ 233.242419] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 233.251164] ? trace_hardirqs_on+0xbd/0x310 [ 233.251180] ? kasan_check_read+0x11/0x20 [ 233.251196] ? trace_hardirqs_off_caller+0x300/0x300 [ 233.260258] ? mld_dad_timer_expire+0x1c0/0x1c0 [ 233.268719] ? mld_dad_timer_expire+0x1c0/0x1c0 [ 233.268739] __run_timers+0x6fc/0xd50 [ 233.268765] ? __bpf_trace_timer_expire_entry+0x30/0x30 [ 233.278499] ? trace_hardirqs_on_caller+0xc0/0x310 [ 233.278518] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 233.278542] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 233.278569] ? add_lock_to_list.isra.0+0x450/0x450 [ 233.287026] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 233.297318] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 233.297335] ? check_preemption_disabled+0x48/0x290 [ 233.297357] ? __lock_is_held+0xb6/0x140 [ 233.297371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 233.297385] ? check_preemption_disabled+0x48/0x290 [ 233.297405] run_timer_softirq+0x52/0xb0 [ 233.297421] ? rcu_read_lock_sched_held+0x110/0x130 [ 233.307635] __do_softirq+0x30b/0xb11 [ 233.307661] ? __irqentry_text_end+0x1f96d2/0x1f96d2 [ 233.307682] ? kvm_clock_read+0x18/0x30 [ 233.307699] ? kvm_sched_clock_read+0x9/0x20 [ 233.318152] ? sched_clock+0x2e/0x50 [ 233.318168] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 233.318180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 233.318200] ? check_preemption_disabled+0x48/0x290 [ 233.328744] irq_exit+0x180/0x1d0 [ 233.328760] smp_apic_timer_interrupt+0x1b7/0x760 [ 233.328777] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 233.328792] ? smp_call_function_single_interrupt+0x640/0x640 [ 233.338377] ? trace_hardirqs_off+0x310/0x310 [ 233.338395] ? task_prio+0x50/0x50 [ 233.338414] ? check_preemption_disabled+0x48/0x290 [ 233.338435] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 233.347502] apic_timer_interrupt+0xf/0x20 [ 233.430531] [ 233.432801] RIP: 0010:kasan_check_read+0x0/0x20 [ 233.437481] Code: ef e9 14 eb ff ff 48 8b 73 58 89 c2 48 c7 c7 f0 c2 3c 89 f7 da e8 54 69 a2 ff e9 c4 f5 ff ff 90 90 90 90 90 90 90 90 90 90 90 <55> 89 f6 31 d2 48 89 e5 48 8b 4d 08 e8 ff 23 00 00 5d c3 0f 1f 00 [ 233.440790] IPVS: ftp: loaded support on port[0] = 21 [ 233.456394] RSP: 0018:ffff88809e937428 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 233.456409] RAX: 0000000000000000 RBX: ffffffff8a318400 RCX: ffffffff8162f642 [ 233.456416] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff8a318400 [ 233.456423] RBP: ffff88809e937530 R08: 1ffffffff1463080 R09: fffffbfff1463081 [ 233.456430] R10: fffffbfff1463080 R11: ffffffff8a318407 R12: ffff88809ac4c600 [ 233.456438] R13: ffff88809e937508 R14: dffffc0000000000 R15: ffffed1013d26e91 [ 233.456469] ? mutex_spin_on_owner+0x112/0x530 [ 233.456492] ? mutex_spin_on_owner+0x112/0x530 [ 233.514928] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 233.520494] ? __ww_mutex_wound+0x2b0/0x2b0 [ 233.524829] ? kasan_check_read+0x11/0x20 [ 233.528986] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 233.534274] ? rcu_read_unlock_special+0x380/0x380 [ 233.539221] ? rtnetlink_rcv_msg+0x425/0xc30 [ 233.543657] __mutex_lock+0x377/0x1670 [ 233.547565] ? refcount_sub_and_test_checked+0x1fe/0x2f0 [ 233.553026] ? rtnetlink_rcv_msg+0x425/0xc30 [ 233.557467] ? refcount_inc_not_zero_checked+0x2e0/0x2e0 [ 233.557709] IPVS: ftp: loaded support on port[0] = 21 [ 233.562938] ? mutex_trylock+0x2d0/0x2d0 [ 233.572176] ? mark_held_locks+0x100/0x100 [ 233.576408] ? __lock_acquire+0x572/0x4a30 [ 233.580625] ? add_lock_to_list.isra.0+0x450/0x450 [ 233.585551] ? add_lock_to_list.isra.0+0x450/0x450 [ 233.590480] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 233.595999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 233.601522] ? check_preemption_disabled+0x48/0x290 [ 233.606555] ? rtnetlink_rcv_msg+0x3ea/0xc30 [ 233.610955] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 233.616480] ? lock_downgrade+0x910/0x910 [ 233.620614] ? kasan_check_read+0x11/0x20 [ 233.624747] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 233.630020] ? rcu_read_unlock_special+0x380/0x380 [ 233.634941] mutex_lock_nested+0x16/0x20 [ 233.638983] ? mutex_lock_nested+0x16/0x20 [ 233.643200] rtnetlink_rcv_msg+0x425/0xc30 [ 233.647420] ? rtnetlink_put_metrics+0x640/0x640 [ 233.652158] ? rcu_read_unlock_special+0x380/0x380 [ 233.657077] netlink_rcv_skb+0x17d/0x410 [ 233.661296] ? rtnetlink_put_metrics+0x640/0x640 [ 233.666039] ? netlink_ack+0xba0/0xba0 [ 233.669954] rtnetlink_rcv+0x1d/0x30 [ 233.673649] netlink_unicast+0x574/0x770 [ 233.677698] ? netlink_attachskb+0x980/0x980 [ 233.682107] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 233.687025] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 233.692041] netlink_sendmsg+0xa05/0xf90 [ 233.696091] ? netlink_unicast+0x770/0x770 [ 233.700324] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 233.705160] ? apparmor_socket_sendmsg+0x2a/0x30 [ 233.709903] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 233.715446] ? security_socket_sendmsg+0x93/0xc0 [ 233.720186] ? netlink_unicast+0x770/0x770 [ 233.724420] sock_sendmsg+0xdd/0x130 [ 233.728120] __sys_sendto+0x387/0x5f0 [ 233.731936] ? __ia32_sys_getpeername+0xb0/0xb0 [ 233.736594] ? get_unused_fd_flags+0x1a0/0x1a0 [ 233.741166] ? __alloc_fd+0x700/0x700 [ 233.744958] ? do_syscall_64+0x8c/0x800 [ 233.748914] ? do_syscall_64+0x8c/0x800 [ 233.752891] ? lockdep_hardirqs_on+0x415/0x5d0 [ 233.757461] ? trace_hardirqs_on+0xbd/0x310 [ 233.761768] ? move_addr_to_kernel+0x80/0x80 [ 233.766166] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 233.771517] ? trace_hardirqs_off_caller+0x300/0x300 [ 233.776620] __x64_sys_sendto+0xe1/0x1a0 [ 233.780673] do_syscall_64+0x1a3/0x800 [ 233.784567] ? syscall_return_slowpath+0x5f0/0x5f0 [ 233.789489] ? prepare_exit_to_usermode+0x232/0x3b0 [ 233.794489] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 233.799323] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 233.804495] RIP: 0033:0x411fc3 [ 233.807678] Code: ff 0f 83 40 18 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d cd 42 64 00 00 75 17 49 89 ca b8 2c 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 11 18 00 00 c3 48 83 ec 08 e8 87 fa ff ff [ 233.826573] RSP: 002b:0000000000a4fb28 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 233.834285] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000411fc3 [ 233.841552] RDX: 000000000000006c RSI: 0000000000a50070 RDI: 0000000000000003 [ 233.848808] RBP: 0000000000000003 R08: 0000000000a4fb30 R09: 000000000000000c [ 233.856066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a4fef0 [ 233.863322] R13: 0000000000a4fbb8 R14: 0000000000a4fc80 R15: 00000000004bcf8a [ 233.870599] [ 233.872214] Allocated by task 8111: [ 233.875834] save_stack+0x45/0xd0 [ 233.879273] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 233.884188] kasan_kmalloc+0x9/0x10 [ 233.887801] kmem_cache_alloc_trace+0x151/0x760 [ 233.892456] br_multicast_new_group.part.0+0xdc/0x1a40 [ 233.897716] br_multicast_new_group+0x19d/0x200 [ 233.902365] br_multicast_add_group+0x4ce/0x7d0 [ 233.907018] br_multicast_rcv+0x24aa/0x4270 [ 233.911321] br_dev_xmit+0x7f4/0x1780 [ 233.915107] dev_hard_start_xmit+0x261/0xc70 [ 233.919496] __dev_queue_xmit+0x2f8a/0x3a60 [ 233.923800] dev_queue_xmit+0x18/0x20 [ 233.927584] neigh_resolve_output+0x6a0/0xb30 [ 233.932062] ip6_finish_output2+0xc56/0x28e0 [ 233.936455] ip6_finish_output+0x577/0xc30 [ 233.940670] ip6_output+0x23c/0xa00 [ 233.944278] mld_sendpack+0xa44/0xfd0 [ 233.948062] mld_ifc_timer_expire+0x449/0x8a0 [ 233.952550] call_timer_fn+0x254/0x900 [ 233.956422] __run_timers+0x6fc/0xd50 [ 233.960203] run_timer_softirq+0x52/0xb0 [ 233.964260] __do_softirq+0x30b/0xb11 [ 233.968036] [ 233.969646] Freed by task 8111: [ 233.972911] save_stack+0x45/0xd0 [ 233.976364] __kasan_slab_free+0x102/0x150 [ 233.980581] kasan_slab_free+0xe/0x10 [ 233.984377] kfree+0xcf/0x230 [ 233.987465] br_multicast_new_group.part.0+0x1489/0x1a40 [ 233.992894] br_multicast_new_group+0x19d/0x200 [ 233.997553] br_multicast_add_group+0x4ce/0x7d0 [ 234.002206] br_multicast_rcv+0x24aa/0x4270 [ 234.006511] br_dev_xmit+0x7f4/0x1780 [ 234.010339] dev_hard_start_xmit+0x261/0xc70 [ 234.014726] __dev_queue_xmit+0x2f8a/0x3a60 [ 234.019043] dev_queue_xmit+0x18/0x20 [ 234.022845] neigh_resolve_output+0x6a0/0xb30 [ 234.027323] ip6_finish_output2+0xc56/0x28e0 [ 234.031711] ip6_finish_output+0x577/0xc30 [ 234.035926] ip6_output+0x23c/0xa00 [ 234.039540] mld_sendpack+0xa44/0xfd0 [ 234.043326] mld_ifc_timer_expire+0x449/0x8a0 [ 234.047810] call_timer_fn+0x254/0x900 [ 234.051680] __run_timers+0x6fc/0xd50 [ 234.055647] run_timer_softirq+0x52/0xb0 [ 234.059696] __do_softirq+0x30b/0xb11 [ 234.063472] [ 234.065084] The buggy address belongs to the object at ffff88809f1efe00 [ 234.065084] which belongs to the cache kmalloc-192 of size 192 [ 234.077720] The buggy address is located 112 bytes inside of [ 234.077720] 192-byte region [ffff88809f1efe00, ffff88809f1efec0) [ 234.089577] The buggy address belongs to the page: [ 234.094498] page:ffffea00027c7bc0 count:1 mapcount:0 mapping:ffff88812c3f0040 index:0x0 [ 234.102629] flags: 0x1fffc0000000200(slab) [ 234.106851] raw: 01fffc0000000200 ffffea00027df108 ffffea00027c7c48 ffff88812c3f0040 [ 234.114717] raw: 0000000000000000 ffff88809f1ef000 0000000100000010 0000000000000000 [ 234.122607] page dumped because: kasan: bad access detected [ 234.128314] [ 234.129926] Memory state around the buggy address: [ 234.134838] ffff88809f1efd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 234.142193] ffff88809f1efd80: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 234.149551] >ffff88809f1efe00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 234.156891] ^ [ 234.163888] ffff88809f1efe80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 234.171233] ffff88809f1eff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 234.178589] ================================================================== [ 234.185931] Disabling lock debugging due to kernel taint [ 234.191686] Kernel panic - not syncing: panic_on_warn set ... [ 234.197596] CPU: 0 PID: 8111 Comm: syz-executor1 Tainted: G B 5.0.0-rc3+ #43 [ 234.206074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 234.215414] Call Trace: [ 234.217977] [ 234.220115] dump_stack+0x1db/0x2d0 [ 234.223727] ? dump_stack_print_info.cold+0x20/0x20 [ 234.228734] panic+0x2cb/0x65c [ 234.231908] ? add_taint.cold+0x16/0x16 [ 234.235868] ? trace_hardirqs_on+0xb4/0x310 [ 234.240174] ? trace_hardirqs_on+0xb4/0x310 [ 234.244529] ? memcmp+0xb3/0xc0 [ 234.247838] end_report+0x47/0x4f [ 234.251274] ? memcmp+0xb3/0xc0 [ 234.254562] kasan_report.cold+0xe/0x40 [ 234.258525] ? memcmp+0xb3/0xc0 [ 234.261797] __asan_report_load1_noabort+0x14/0x20 [ 234.266722] memcmp+0xb3/0xc0 [ 234.269816] br_mdb_ip_get+0x694/0xe30 [ 234.273690] ? br_multicast_group_expired+0x490/0x490 [ 234.278864] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 234.284385] ? __skb_checksum_complete+0x284/0x530 [ 234.289305] ? lock_acquire+0x1db/0x570 [ 234.293264] ? br_multicast_add_group+0xbd/0x7d0 [ 234.298006] br_multicast_new_group+0x77/0x200 [ 234.302575] ? br_mdb_get+0xf50/0xf50 [ 234.306362] ? csum_partial+0x21/0x30 [ 234.310149] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 234.315675] br_multicast_add_group+0x4ce/0x7d0 [ 234.320333] ? ipv6_mc_validate_checksum+0x510/0x510 [ 234.325424] ? br_multicast_new_port_group+0x4c0/0x4c0 [ 234.330685] ? mld_ifc_timer_expire+0x449/0x8a0 [ 234.335343] ? trace_raw_output_hrtimer_start+0x80/0x200 [ 234.340778] ? print_usage_bug+0xd0/0xd0 [ 234.344840] ? irq_exit+0x180/0x1d0 [ 234.348448] ? smp_apic_timer_interrupt+0x1b7/0x760 [ 234.353453] br_multicast_rcv+0x24aa/0x4270 [ 234.357765] ? down_killable+0x10/0x90 [ 234.361639] ? br_multicast_disable_port+0x1b0/0x1b0 [ 234.366730] ? mark_held_locks+0x100/0x100 [ 234.370948] ? kmem_cache_free+0x225/0x260 [ 234.375170] ? add_lock_to_list.isra.0+0x450/0x450 [ 234.380077] ? find_held_lock+0x35/0x120 [ 234.384122] ? print_usage_bug+0xd0/0xd0 [ 234.388167] ? get_stack_info+0x37/0x142 [ 234.392211] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 234.397735] ? br_allowed_ingress+0x131/0x1a40 [ 234.402307] ? find_held_lock+0x35/0x120 [ 234.406352] ? is_bpf_text_address+0xac/0x170 [ 234.410830] ? print_usage_bug+0xd0/0xd0 [ 234.414890] ? is_bpf_text_address+0xac/0x170 [ 234.419371] ? br_handle_vlan+0x1110/0x1110 [ 234.423675] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 234.429195] ? __lock_is_held+0xb6/0x140 [ 234.433242] br_dev_xmit+0x7f4/0x1780 [ 234.437029] ? br_poll_controller+0x10/0x10 [ 234.441333] ? add_lock_to_list.isra.0+0x450/0x450 [ 234.446249] ? audit_kill_trees+0x3a0/0x425 [ 234.450563] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 234.456089] ? check_preemption_disabled+0x48/0x290 [ 234.461092] ? __lock_is_held+0xb6/0x140 [ 234.465141] dev_hard_start_xmit+0x261/0xc70 [ 234.469539] ? dev_direct_xmit+0x670/0x670 [ 234.473764] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 234.479316] ? validate_xmit_skb+0x85a/0xf60 [ 234.483709] ? netif_skb_features+0xb90/0xb90 [ 234.488190] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 234.493721] ? check_preemption_disabled+0x48/0x290 [ 234.498721] ? check_preemption_disabled+0x48/0x290 [ 234.503726] __dev_queue_xmit+0x2f8a/0x3a60 [ 234.508035] ? mark_held_locks+0x100/0x100 [ 234.512256] ? netdev_pick_tx+0x300/0x300 [ 234.516394] ? ipv6_chk_mcast_addr+0x373/0x7e0 [ 234.520958] ? find_held_lock+0x35/0x120 [ 234.525005] ? add_lock_to_list.isra.0+0x450/0x450 [ 234.529915] ? ipv6_chk_mcast_addr+0x373/0x7e0 [ 234.534477] ? print_usage_bug+0xd0/0xd0 [ 234.538522] ? ip6_finish_output+0x577/0xc30 [ 234.542921] ? find_held_lock+0x35/0x120 [ 234.546963] ? mark_held_locks+0xb1/0x100 [ 234.551094] ? ip6_finish_output2+0x1896/0x28e0 [ 234.555745] ? ip6_finish_output2+0x1896/0x28e0 [ 234.560407] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 234.564972] ? trace_hardirqs_on+0xbd/0x310 [ 234.569289] ? ip6_finish_output+0x577/0xc30 [ 234.573680] ? trace_hardirqs_off_caller+0x300/0x300 [ 234.578768] dev_queue_xmit+0x18/0x20 [ 234.582558] ? dev_queue_xmit+0x18/0x20 [ 234.586516] ip6_finish_output2+0x141a/0x28e0 [ 234.591007] ? ip6_forward_finish+0x580/0x580 [ 234.595488] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 234.600748] ? rcu_read_unlock_special+0x380/0x380 [ 234.605664] ? ip6_mtu+0x160/0x520 [ 234.609185] ? find_match+0x10d0/0x10d0 [ 234.613157] ? kasan_check_read+0x11/0x20 [ 234.617301] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 234.622572] ip6_finish_output+0x577/0xc30 [ 234.626788] ? ip6_finish_output+0x577/0xc30 [ 234.631192] ip6_output+0x23c/0xa00 [ 234.634801] ? ip6_finish_output+0xc30/0xc30 [ 234.639190] ? ip6_mc_leave_src+0x230/0x230 [ 234.643506] ? ip6_fragment+0x3780/0x3780 [ 234.647638] ? ip6_mtu_from_fib6+0x750/0x750 [ 234.652027] mld_sendpack+0xa44/0xfd0 [ 234.655810] ? nf_hook.constprop.0+0x850/0x850 [ 234.660384] ? trace_hardirqs_on+0xbd/0x310 [ 234.664689] ? _raw_read_unlock_bh+0x31/0x40 [ 234.669079] ? mld_ifc_timer_expire+0x437/0x8a0 [ 234.673730] ? __local_bh_enable_ip+0x15a/0x270 [ 234.678398] mld_ifc_timer_expire+0x449/0x8a0 [ 234.682883] call_timer_fn+0x254/0x900 [ 234.686751] ? mld_dad_timer_expire+0x1c0/0x1c0 [ 234.691401] ? process_timeout+0x40/0x40 [ 234.695444] ? _raw_spin_unlock_irq+0x28/0x90 [ 234.699919] ? _raw_spin_unlock_irq+0x28/0x90 [ 234.704395] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 234.708960] ? trace_hardirqs_on+0xbd/0x310 [ 234.713265] ? kasan_check_read+0x11/0x20 [ 234.717395] ? trace_hardirqs_off_caller+0x300/0x300 [ 234.722484] ? mld_dad_timer_expire+0x1c0/0x1c0 [ 234.727148] ? mld_dad_timer_expire+0x1c0/0x1c0 [ 234.731797] __run_timers+0x6fc/0xd50 [ 234.735602] ? __bpf_trace_timer_expire_entry+0x30/0x30 [ 234.740945] ? trace_hardirqs_on_caller+0xc0/0x310 [ 234.745858] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 234.750596] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 234.756028] ? add_lock_to_list.isra.0+0x450/0x450 [ 234.760941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 234.766473] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 234.771994] ? check_preemption_disabled+0x48/0x290 [ 234.777014] ? __lock_is_held+0xb6/0x140 [ 234.781058] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 234.786581] ? check_preemption_disabled+0x48/0x290 [ 234.791595] run_timer_softirq+0x52/0xb0 [ 234.795652] ? rcu_read_lock_sched_held+0x110/0x130 [ 234.800648] __do_softirq+0x30b/0xb11 [ 234.804429] ? __irqentry_text_end+0x1f96d2/0x1f96d2 [ 234.809518] ? kvm_clock_read+0x18/0x30 [ 234.813510] ? kvm_sched_clock_read+0x9/0x20 [ 234.817903] ? sched_clock+0x2e/0x50 [ 234.821598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 234.827115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 234.832639] ? check_preemption_disabled+0x48/0x290 [ 234.837641] irq_exit+0x180/0x1d0 [ 234.841075] smp_apic_timer_interrupt+0x1b7/0x760 [ 234.845904] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 234.850728] ? smp_call_function_single_interrupt+0x640/0x640 [ 234.856596] ? trace_hardirqs_off+0x310/0x310 [ 234.861077] ? task_prio+0x50/0x50 [ 234.864605] ? check_preemption_disabled+0x48/0x290 [ 234.869606] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 234.874434] apic_timer_interrupt+0xf/0x20 [ 234.878648] [ 234.880875] RIP: 0010:kasan_check_read+0x0/0x20 [ 234.885556] Code: ef e9 14 eb ff ff 48 8b 73 58 89 c2 48 c7 c7 f0 c2 3c 89 f7 da e8 54 69 a2 ff e9 c4 f5 ff ff 90 90 90 90 90 90 90 90 90 90 90 <55> 89 f6 31 d2 48 89 e5 48 8b 4d 08 e8 ff 23 00 00 5d c3 0f 1f 00 [ 234.904443] RSP: 0018:ffff88809e937428 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 234.912129] RAX: 0000000000000000 RBX: ffffffff8a318400 RCX: ffffffff8162f642 [ 234.919388] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff8a318400 [ 234.926637] RBP: ffff88809e937530 R08: 1ffffffff1463080 R09: fffffbfff1463081 [ 234.933898] R10: fffffbfff1463080 R11: ffffffff8a318407 R12: ffff88809ac4c600 [ 234.941153] R13: ffff88809e937508 R14: dffffc0000000000 R15: ffffed1013d26e91 [ 234.948422] ? mutex_spin_on_owner+0x112/0x530 [ 234.952988] ? mutex_spin_on_owner+0x112/0x530 [ 234.957561] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 234.963082] ? __ww_mutex_wound+0x2b0/0x2b0 [ 234.967386] ? kasan_check_read+0x11/0x20 [ 234.971520] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 234.976787] ? rcu_read_unlock_special+0x380/0x380 [ 234.981703] ? rtnetlink_rcv_msg+0x425/0xc30 [ 234.986097] __mutex_lock+0x377/0x1670 [ 234.989969] ? refcount_sub_and_test_checked+0x1fe/0x2f0 [ 234.995403] ? rtnetlink_rcv_msg+0x425/0xc30 [ 234.999792] ? refcount_inc_not_zero_checked+0x2e0/0x2e0 [ 235.005225] ? mutex_trylock+0x2d0/0x2d0 [ 235.009291] ? mark_held_locks+0x100/0x100 [ 235.013518] ? __lock_acquire+0x572/0x4a30 [ 235.017744] ? add_lock_to_list.isra.0+0x450/0x450 [ 235.022654] ? add_lock_to_list.isra.0+0x450/0x450 [ 235.027571] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 235.033090] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 235.038623] ? check_preemption_disabled+0x48/0x290 [ 235.043635] ? rtnetlink_rcv_msg+0x3ea/0xc30 [ 235.048064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 235.053594] ? lock_downgrade+0x910/0x910 [ 235.057725] ? kasan_check_read+0x11/0x20 [ 235.061856] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 235.067123] ? rcu_read_unlock_special+0x380/0x380 [ 235.072055] mutex_lock_nested+0x16/0x20 [ 235.076097] ? mutex_lock_nested+0x16/0x20 [ 235.080314] rtnetlink_rcv_msg+0x425/0xc30 [ 235.084551] ? rtnetlink_put_metrics+0x640/0x640 [ 235.089307] ? rcu_read_unlock_special+0x380/0x380 [ 235.094224] netlink_rcv_skb+0x17d/0x410 [ 235.098272] ? rtnetlink_put_metrics+0x640/0x640 [ 235.103028] ? netlink_ack+0xba0/0xba0 [ 235.106904] rtnetlink_rcv+0x1d/0x30 [ 235.110608] netlink_unicast+0x574/0x770 [ 235.114652] ? netlink_attachskb+0x980/0x980 [ 235.119048] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 235.123983] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 235.128986] netlink_sendmsg+0xa05/0xf90 [ 235.133032] ? netlink_unicast+0x770/0x770 [ 235.137253] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 235.142081] ? apparmor_socket_sendmsg+0x2a/0x30 [ 235.146820] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 235.152346] ? security_socket_sendmsg+0x93/0xc0 [ 235.157089] ? netlink_unicast+0x770/0x770 [ 235.161310] sock_sendmsg+0xdd/0x130 [ 235.165015] __sys_sendto+0x387/0x5f0 [ 235.168801] ? __ia32_sys_getpeername+0xb0/0xb0 [ 235.173455] ? get_unused_fd_flags+0x1a0/0x1a0 [ 235.178024] ? __alloc_fd+0x700/0x700 [ 235.181813] ? do_syscall_64+0x8c/0x800 [ 235.185771] ? do_syscall_64+0x8c/0x800 [ 235.189733] ? lockdep_hardirqs_on+0x415/0x5d0 [ 235.194321] ? trace_hardirqs_on+0xbd/0x310 [ 235.198628] ? move_addr_to_kernel+0x80/0x80 [ 235.203018] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 235.208384] ? trace_hardirqs_off_caller+0x300/0x300 [ 235.213488] __x64_sys_sendto+0xe1/0x1a0 [ 235.217552] do_syscall_64+0x1a3/0x800 [ 235.221425] ? syscall_return_slowpath+0x5f0/0x5f0 [ 235.226337] ? prepare_exit_to_usermode+0x232/0x3b0 [ 235.231351] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 235.236185] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 235.241354] RIP: 0033:0x411fc3 [ 235.244550] Code: ff 0f 83 40 18 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d cd 42 64 00 00 75 17 49 89 ca b8 2c 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 11 18 00 00 c3 48 83 ec 08 e8 87 fa ff ff [ 235.263457] RSP: 002b:0000000000a4fb28 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 235.271158] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000411fc3 [ 235.278430] RDX: 000000000000006c RSI: 0000000000a50070 RDI: 0000000000000003 [ 235.285690] RBP: 0000000000000003 R08: 0000000000a4fb30 R09: 000000000000000c [ 235.292948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a4fef0 [ 235.300202] R13: 0000000000a4fbb8 R14: 0000000000a4fc80 R15: 00000000004bcf8a [ 235.308492] Kernel Offset: disabled [ 235.312131] Rebooting in 86400 seconds..