[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.789497] kauditd_printk_skb: 8 callbacks suppressed [ 28.789508] audit: type=1800 audit(1544397738.995:29): pid=5880 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.814455] audit: type=1800 audit(1544397739.005:30): pid=5880 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.179' (ECDSA) to the list of known hosts. 2018/12/09 23:22:30 fuzzer started 2018/12/09 23:22:32 dialing manager at 10.128.0.26:43039 syzkaller login: [ 42.139311] ld (6044) used greatest stack depth: 15296 bytes left 2018/12/09 23:22:33 syscalls: 1 2018/12/09 23:22:33 code coverage: enabled 2018/12/09 23:22:33 comparison tracing: enabled 2018/12/09 23:22:33 setuid sandbox: enabled 2018/12/09 23:22:33 namespace sandbox: enabled 2018/12/09 23:22:33 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/09 23:22:33 fault injection: enabled 2018/12/09 23:22:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/09 23:22:33 net packet injection: enabled 2018/12/09 23:22:33 net device setup: enabled 23:22:56 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000080)={0x0, 0x1}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000040)=r1, 0xffffffffffffff5e) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="aa"], 0x1) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0xfffffcbe) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'team0\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0x0, 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) close(r0) [ 66.068282] IPVS: ftp: loaded support on port[0] = 21 23:22:56 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) listen(r0, 0x0) ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f0000000040)={0x0, 0x989680}, 0x0, 0x0) [ 66.361084] IPVS: ftp: loaded support on port[0] = 21 23:22:56 executing program 2: r0 = socket$inet6(0xa, 0x803, 0x4) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000000040)={0x10, 0x0, 0x0, 0x30811001}, 0xc) connect$inet(r1, &(0x7f00000003c0)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) [ 66.639757] IPVS: ftp: loaded support on port[0] = 21 23:22:57 executing program 3: r0 = accept4(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) connect$l2tp(r0, &(0x7f0000001440)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}, 0x4}}, 0x26) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000001380)="120000001200efef007b0000f4afd7030a7c8df6d69556132ea0972eb53cdc8d3c35be2fff54ec8f3f767502d102b272", 0x30, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001a80)=[{{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f00000002c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/142, 0x8e}], 0x2, &(0x7f0000001300)=""/53, 0x35}}], 0x2bb, 0x0, &(0x7f0000000000)={0x0, 0x1c9c380}) [ 67.116584] IPVS: ftp: loaded support on port[0] = 21 23:22:57 executing program 4: r0 = socket$inet6(0xa, 0x100000002, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000013c0)={0xa, 0x0, 0xa03c}, 0xffffffffffffff2c) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x0, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}}, &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x79, &(0x7f0000000100)=""/121}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000020b7050000000000006a0a00fe000000008500000012000000b7000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0xf000, 0xe, 0xfd, &(0x7f00000005c0)="121d9b1511a34bc4fde6a9c9ce6e", &(0x7f0000000640)=""/253, 0x6db8}, 0x28) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000001100)={0x0, @in6={{0xa, 0x0, 0x0, @local}}, [0x800, 0x5, 0x0, 0x20, 0x0, 0x1, 0x0, 0x200, 0x81, 0xfff, 0x0, 0x7, 0x7, 0x0, 0x7]}, &(0x7f0000000000)=0x100) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000040)={r2, 0xf019}, 0x8) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @ipv4={[], [], @multicast2=0xe000000d}}, 0x1c) getsockopt$sock_timeval(r0, 0x1, 0x0, &(0x7f0000001340), &(0x7f0000001380)=0x10) [ 67.777149] IPVS: ftp: loaded support on port[0] = 21 [ 67.799601] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.810226] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.818082] device bridge_slave_0 entered promiscuous mode [ 67.974305] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.991035] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.007315] device bridge_slave_1 entered promiscuous mode 23:22:58 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_buf(r0, 0x0, 0x400000000000485, &(0x7f0000dcffe8)=""/24, &(0x7f0000000500)=0x18) [ 68.176808] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 68.330297] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.346138] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.354152] device bridge_slave_0 entered promiscuous mode [ 68.364406] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 68.367688] IPVS: ftp: loaded support on port[0] = 21 [ 68.523980] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.530703] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.560790] device bridge_slave_1 entered promiscuous mode [ 68.668250] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 68.767853] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.778210] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.786064] device bridge_slave_0 entered promiscuous mode [ 68.818868] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 68.831819] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 68.904221] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.932811] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.943381] device bridge_slave_1 entered promiscuous mode [ 68.967258] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 69.048565] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 69.178955] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 69.241035] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 69.259651] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 69.267492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 69.365144] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 69.409900] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.422668] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.433008] device bridge_slave_0 entered promiscuous mode [ 69.495764] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 69.519782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 69.612209] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.618613] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.641705] device bridge_slave_1 entered promiscuous mode [ 69.658310] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 69.677643] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 69.701011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 69.717378] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 69.732088] team0: Port device team_slave_0 added [ 69.812229] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 69.823293] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 69.904961] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 69.914832] team0: Port device team_slave_1 added [ 69.938049] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 70.056962] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 70.104796] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 70.118202] team0: Port device team_slave_0 added [ 70.131493] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.137855] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.161606] device bridge_slave_0 entered promiscuous mode [ 70.218173] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 70.256948] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 70.273679] team0: Port device team_slave_1 added [ 70.281285] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.287861] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.300640] device bridge_slave_1 entered promiscuous mode [ 70.341040] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 70.356617] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 70.370806] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 70.378822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 70.428812] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 70.455158] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 70.472304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 70.480300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 70.503536] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 70.524445] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 70.551443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 70.561363] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 70.571579] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 70.579113] team0: Port device team_slave_0 added [ 70.610180] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 70.644563] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 70.671775] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 70.683497] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 70.708486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 70.721281] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 70.753336] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 70.770924] team0: Port device team_slave_1 added [ 70.838845] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.852398] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.859793] device bridge_slave_0 entered promiscuous mode [ 70.884537] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 70.911794] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 70.919856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 70.952855] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 70.974413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 70.982643] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.017748] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.030528] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.038419] device bridge_slave_1 entered promiscuous mode [ 71.053993] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 71.064563] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.079990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 71.116136] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 71.132124] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.149355] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 71.208663] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 71.268676] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 71.276911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.294277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.322181] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 71.341127] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 71.348536] team0: Port device team_slave_0 added [ 71.384032] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 71.401012] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.409001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 71.443024] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 71.450676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 71.466196] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 71.491683] team0: Port device team_slave_1 added [ 71.624193] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 71.639156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 71.668997] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 71.689693] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 71.721034] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.743680] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 71.814200] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 71.840911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.848899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.912416] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 71.951859] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 71.959387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.979935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.008242] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 72.021549] team0: Port device team_slave_0 added [ 72.107870] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 72.120837] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.128797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.161325] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 72.171388] team0: Port device team_slave_1 added [ 72.288017] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 72.304293] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.310838] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.317808] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.324245] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.355905] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 72.362903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 72.381046] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.413669] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 72.435439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 72.451293] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.563242] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 72.580545] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.611819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.674762] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 72.689542] team0: Port device team_slave_0 added [ 72.698300] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 72.720970] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.747999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.766547] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.772998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.779682] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.786093] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.802870] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 72.822420] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 72.842626] team0: Port device team_slave_1 added [ 72.952853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.970389] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.976838] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.983552] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.989931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.998155] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 73.092696] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.231563] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 73.241186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.257059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.285667] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.311605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.318861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.370182] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 73.378377] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.395267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.768122] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.774587] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.781321] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.787680] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.811680] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 74.290663] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 74.409883] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.416333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.423067] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.429443] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.439199] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 74.835594] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.842034] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.848691] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.855126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.872102] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 75.355403] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 75.366599] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.452748] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.941498] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 78.048930] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.184465] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.431427] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 78.437772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 78.445514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.547927] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 78.691707] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 78.922386] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.951044] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.006090] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 79.019477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.041186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.193916] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 79.200141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.211533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.395985] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 79.494376] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.548812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.682703] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.925662] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 79.952126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.961306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.011540] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.166901] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 80.370656] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.494861] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 80.642493] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 80.656059] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 80.664738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 81.026514] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 81.051034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 81.070898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 81.120677] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.511907] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.028043] audit: type=1804 audit(1544397792.235:31): pid=7468 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor0" name="/root/syzkaller-testdir029218375/syzkaller.aGerof/0/memory.events" dev="sda1" ino=16519 res=1 [ 82.108637] audit: type=1804 audit(1544397792.315:32): pid=7463 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor0" name="/root/syzkaller-testdir029218375/syzkaller.aGerof/0/memory.events" dev="sda1" ino=16519 res=1 23:23:12 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000080)={0x0, 0x1}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000040)=r1, 0xffffffffffffff5e) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="aa"], 0x1) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0xfffffcbe) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'team0\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0x0, 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) close(r0) [ 82.152945] syz-executor0 (7463) used greatest stack depth: 14544 bytes left [ 82.398665] audit: type=1804 audit(1544397792.605:33): pid=7506 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor0" name="/root/syzkaller-testdir029218375/syzkaller.aGerof/1/memory.events" dev="sda1" ino=16519 res=1 [ 82.487708] ================================================================== [ 82.495247] BUG: KASAN: slab-out-of-bounds in __list_add_valid+0x8f/0xac [ 82.502102] Read of size 8 at addr ffff8881ca015db0 by task syz-executor2/7521 [ 82.509458] [ 82.511100] CPU: 1 PID: 7521 Comm: syz-executor2 Not tainted 4.20.0-rc4+ #335 [ 82.518391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.527758] Call Trace: [ 82.530366] dump_stack+0x244/0x39d [ 82.534017] ? dump_stack_print_info.cold.1+0x20/0x20 [ 82.539243] ? printk+0xa7/0xcf [ 82.542546] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 82.547334] print_address_description.cold.7+0x9/0x1ff [ 82.552737] kasan_report.cold.8+0x242/0x309 [ 82.557158] ? __list_add_valid+0x8f/0xac [ 82.561333] __asan_report_load8_noabort+0x14/0x20 [ 82.566272] __list_add_valid+0x8f/0xac [ 82.570262] ___neigh_create+0x14b7/0x2600 [ 82.574512] ? __lock_acquire+0x62f/0x4c20 [ 82.578766] ? enqueue_to_backlog+0xcb0/0xfa0 [ 82.583304] ? neigh_remove_one+0x5a0/0x5a0 [ 82.587637] ? mark_held_locks+0x130/0x130 [ 82.591882] ? trace_hardirqs_off_caller+0x310/0x310 [ 82.596994] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.602545] ? enqueue_to_backlog+0x309/0xfa0 [ 82.607055] ? check_preemption_disabled+0x48/0x280 [ 82.612103] ? napi_busy_loop+0xda0/0xda0 [ 82.616261] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 82.621820] ? rcu_pm_notify+0xc0/0xc0 [ 82.625737] ? __lock_acquire+0x62f/0x4c20 [ 82.629996] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.635544] ? netif_rx_internal+0x1ba/0xb90 [ 82.639982] ? zap_class+0x640/0x640 [ 82.643751] ? lock_acquire+0x1ed/0x520 [ 82.647742] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.653299] ? check_preemption_disabled+0x48/0x280 [ 82.658376] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 82.663950] ? rcu_pm_notify+0xc0/0xc0 [ 82.667860] __neigh_create+0x30/0x40 [ 82.671678] ip_finish_output2+0xb8b/0x1860 [ 82.676015] ? ip_copy_metadata+0xdb0/0xdb0 [ 82.680377] ? zap_class+0x640/0x640 [ 82.684109] ? nf_ct_deliver_cached_events+0x28b/0x7d0 [ 82.689402] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.694970] ? ipv4_mtu+0x39f/0x590 [ 82.698608] ? rt_acct_proc_show+0x370/0x370 [ 82.703051] ? find_held_lock+0x36/0x1c0 [ 82.707139] ip_finish_output+0x7fd/0xfa0 [ 82.711310] ? ip_finish_output+0x7fd/0xfa0 [ 82.715653] ? ip_fragment.constprop.51+0x240/0x240 [ 82.720686] ? kasan_check_read+0x11/0x20 [ 82.724862] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 82.730175] ? nf_nat_ipv4_out+0x2e1/0x340 [ 82.734453] ? rcu_softirq_qs+0x20/0x20 [ 82.738445] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 82.743475] ? nf_hook_slow+0x11e/0x1c0 [ 82.747468] ip_mc_output+0x2c4/0x15b0 [ 82.751377] ? __ip_queue_xmit+0x1f40/0x1f40 [ 82.755804] ? ip_copy_addrs+0xe0/0xe0 [ 82.759706] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 82.764678] ? kasan_check_read+0x11/0x20 [ 82.768838] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 82.774147] ? rcu_softirq_qs+0x20/0x20 [ 82.778141] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 82.783170] ? nf_hook_slow+0x11e/0x1c0 [ 82.787166] ? ip_fragment.constprop.51+0x240/0x240 [ 82.792200] ? __ip_local_out+0x5e2/0xb30 [ 82.796364] ? ip_finish_output+0xfa0/0xfa0 [ 82.800703] ? ip_append_data.part.50+0x170/0x170 [ 82.805579] ? ip_make_skb+0x216/0x340 [ 82.809487] ip_local_out+0xc5/0x1b0 [ 82.813225] ip_send_skb+0x40/0xe0 [ 82.816776] udp_send_skb.isra.46+0x6ad/0x1160 [ 82.821368] ? xfrm_lookup_route+0x74/0x1f0 [ 82.825711] udp_sendmsg+0x2953/0x3c40 [ 82.829623] ? __might_sleep+0x95/0x190 [ 82.833634] ? ip_reply_glue_bits+0xc0/0xc0 [ 82.837973] ? udp_v4_get_port+0x180/0x180 [ 82.842222] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.847773] ? get_futex_value_locked+0xcb/0xf0 [ 82.852458] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 82.857538] ? perf_trace_sched_process_exec+0x860/0x860 [ 82.863000] ? lock_downgrade+0x900/0x900 [ 82.867180] ? aa_label_sk_perm+0x91/0x100 [ 82.871430] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 82.876372] ? aa_sk_perm+0x22b/0x8e0 [ 82.880226] ? import_iovec+0x2a3/0x4b0 [ 82.884236] ? aa_af_perm+0x5a0/0x5a0 [ 82.888069] inet_sendmsg+0x1a1/0x690 [ 82.891883] ? udp_v4_get_port+0x180/0x180 [ 82.896140] ? inet_sendmsg+0x1a1/0x690 [ 82.900164] ? ipip_gro_receive+0x100/0x100 [ 82.904529] ? apparmor_socket_sendmsg+0x29/0x30 [ 82.909301] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.914872] ? security_socket_sendmsg+0x94/0xc0 [ 82.919839] ? ipip_gro_receive+0x100/0x100 [ 82.924189] sock_sendmsg+0xd5/0x120 [ 82.927920] ___sys_sendmsg+0x51d/0x930 [ 82.931915] ? copy_msghdr_from_user+0x580/0x580 [ 82.936687] ? find_held_lock+0x36/0x1c0 [ 82.940796] ? __fget_light+0x2e9/0x430 [ 82.944784] ? fget_raw+0x20/0x20 [ 82.948253] ? zap_class+0x640/0x640 [ 82.951986] ? trace_hardirqs_on+0xbd/0x310 [ 82.956325] ? _raw_spin_unlock_bh+0x30/0x40 [ 82.960759] ? trace_hardirqs_off_caller+0x310/0x310 [ 82.965896] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 82.971447] ? sockfd_lookup_light+0xc5/0x160 [ 82.975956] __sys_sendmmsg+0x246/0x6d0 [ 82.979957] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 82.984318] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 82.989899] ? put_timespec64+0x10f/0x1b0 [ 82.994059] ? nsecs_to_jiffies+0x30/0x30 [ 82.998228] ? do_syscall_64+0x9a/0x820 [ 83.002249] ? do_syscall_64+0x9a/0x820 [ 83.006246] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 83.010845] ? trace_hardirqs_on+0xbd/0x310 [ 83.015201] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.020875] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.026250] ? trace_hardirqs_off_caller+0x310/0x310 [ 83.031382] __x64_sys_sendmmsg+0x9d/0x100 [ 83.035632] do_syscall_64+0x1b9/0x820 23:23:13 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) listen(r0, 0x0) ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f0000000040)={0x0, 0x989680}, 0x0, 0x0) [ 83.039793] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 83.045169] ? syscall_return_slowpath+0x5e0/0x5e0 [ 83.050124] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 83.054985] ? trace_hardirqs_on_caller+0x310/0x310 [ 83.060017] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 83.065051] ? prepare_exit_to_usermode+0x291/0x3b0 [ 83.070088] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 83.074952] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.080146] RIP: 0033:0x457659 [ 83.083347] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 83.102311] RSP: 002b:00007f0c5d66fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 83.110040] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457659 [ 83.117316] RDX: 04000000000001a8 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 83.124596] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 83.131883] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0c5d6706d4 23:23:13 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) listen(r0, 0x0) ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f0000000040)={0x0, 0x989680}, 0x0, 0x0) [ 83.139155] R13: 00000000004c3e14 R14: 00000000004d6c38 R15: 00000000ffffffff [ 83.146441] [ 83.148571] Allocated by task 7079: [ 83.152211] save_stack+0x43/0xd0 [ 83.155684] kasan_kmalloc+0xc7/0xe0 [ 83.159422] kasan_slab_alloc+0x12/0x20 [ 83.163421] kmem_cache_alloc+0x12e/0x730 [ 83.167579] copy_process+0x2aba/0x87a0 [ 83.171593] _do_fork+0x1cb/0x11d0 [ 83.175154] __x64_sys_clone+0xbf/0x150 [ 83.179153] do_syscall_64+0x1b9/0x820 [ 83.183072] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.188276] [ 83.189915] Freed by task 7091: [ 83.193202] save_stack+0x43/0xd0 [ 83.196666] __kasan_slab_free+0x102/0x150 [ 83.200915] kasan_slab_free+0xe/0x10 [ 83.204735] kmem_cache_free+0x83/0x290 [ 83.208748] __put_task_struct+0x3cd/0x620 [ 83.212998] delayed_put_task_struct+0x2ff/0x4c0 [ 83.217795] rcu_process_callbacks+0x100a/0x1ac0 [ 83.222591] __do_softirq+0x308/0xb7e [ 83.226388] [ 83.228047] The buggy address belongs to the object at ffff8881ca015800 [ 83.228047] which belongs to the cache signal_cache of size 1328 [ 83.240890] The buggy address is located 128 bytes to the right of [ 83.240890] 1328-byte region [ffff8881ca015800, ffff8881ca015d30) [ 83.253379] The buggy address belongs to the page: [ 83.258321] page:ffffea0007280500 count:1 mapcount:0 mapping:ffff8881da97adc0 index:0x0 compound_mapcount: 0 [ 83.268301] flags: 0x2fffc0000010200(slab|head) [ 83.272988] raw: 02fffc0000010200 ffffea000731ae08 ffffea00070cc708 ffff8881da97adc0 [ 83.280887] raw: 0000000000000000 ffff8881ca014100 0000000100000005 0000000000000000 [ 83.288770] page dumped because: kasan: bad access detected [ 83.294477] [ 83.296118] Memory state around the buggy address: [ 83.301067] ffff8881ca015c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.308429] ffff8881ca015d00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 83.315812] >ffff8881ca015d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.323171] ^ [ 83.328108] ffff8881ca015e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 23:23:13 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000080)={0x0, 0x1}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000040)=r1, 0xffffffffffffff5e) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="aa"], 0x1) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0xfffffcbe) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'team0\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0x0, 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) close(r0) [ 83.335503] ffff8881ca015e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.342864] ================================================================== [ 83.350223] Disabling lock debugging due to kernel taint [ 83.355752] Kernel panic - not syncing: panic_on_warn set ... [ 83.361653] CPU: 1 PID: 7521 Comm: syz-executor2 Tainted: G B 4.20.0-rc4+ #335 [ 83.370320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.379675] Call Trace: [ 83.382274] dump_stack+0x244/0x39d [ 83.385922] ? dump_stack_print_info.cold.1+0x20/0x20 23:23:13 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) listen(r0, 0x0) ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f0000000040)={0x0, 0x989680}, 0x0, 0x0) [ 83.391128] panic+0x2ad/0x55c [ 83.394330] ? add_taint.cold.5+0x16/0x16 [ 83.398516] ? trace_hardirqs_on+0xb4/0x310 [ 83.402848] kasan_end_report+0x47/0x4f [ 83.403055] kobject: 'loop1' (0000000092f22671): kobject_uevent_env [ 83.406836] kasan_report.cold.8+0x76/0x309 [ 83.417583] ? __list_add_valid+0x8f/0xac [ 83.421754] __asan_report_load8_noabort+0x14/0x20 [ 83.426690] __list_add_valid+0x8f/0xac [ 83.430695] ___neigh_create+0x14b7/0x2600 [ 83.434953] ? __lock_acquire+0x62f/0x4c20 [ 83.437364] kobject: 'loop1' (0000000092f22671): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 83.439197] ? enqueue_to_backlog+0xcb0/0xfa0 [ 83.453145] ? neigh_remove_one+0x5a0/0x5a0 [ 83.457536] ? mark_held_locks+0x130/0x130 [ 83.461795] ? trace_hardirqs_off_caller+0x310/0x310 [ 83.466926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.472508] ? enqueue_to_backlog+0x309/0xfa0 [ 83.477036] ? check_preemption_disabled+0x48/0x280 [ 83.482067] ? napi_busy_loop+0xda0/0xda0 [ 83.486230] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 83.491781] ? rcu_pm_notify+0xc0/0xc0 [ 83.495683] ? __lock_acquire+0x62f/0x4c20 [ 83.499953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.502313] kobject: 'loop0' (000000008fac1f21): kobject_uevent_env [ 83.505517] ? netif_rx_internal+0x1ba/0xb90 [ 83.505534] ? zap_class+0x640/0x640 [ 83.505552] ? lock_acquire+0x1ed/0x520 [ 83.524052] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.529595] ? check_preemption_disabled+0x48/0x280 [ 83.534629] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 83.535171] kobject: 'loop0' (000000008fac1f21): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 83.540174] ? rcu_pm_notify+0xc0/0xc0 [ 83.540197] __neigh_create+0x30/0x40 [ 83.557333] ip_finish_output2+0xb8b/0x1860 [ 83.561674] ? ip_copy_metadata+0xdb0/0xdb0 [ 83.566009] ? zap_class+0x640/0x640 [ 83.569767] ? nf_ct_deliver_cached_events+0x28b/0x7d0 [ 83.575058] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.580601] ? ipv4_mtu+0x39f/0x590 [ 83.584242] ? rt_acct_proc_show+0x370/0x370 [ 83.588659] ? find_held_lock+0x36/0x1c0 [ 83.592758] ip_finish_output+0x7fd/0xfa0 [ 83.596915] ? ip_finish_output+0x7fd/0xfa0 [ 83.601248] ? ip_fragment.constprop.51+0x240/0x240 [ 83.606326] ? kasan_check_read+0x11/0x20 [ 83.610481] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 83.615790] ? nf_nat_ipv4_out+0x2e1/0x340 [ 83.620051] ? rcu_softirq_qs+0x20/0x20 [ 83.624063] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 83.629114] ? nf_hook_slow+0x11e/0x1c0 [ 83.633132] ip_mc_output+0x2c4/0x15b0 [ 83.637034] ? __ip_queue_xmit+0x1f40/0x1f40 [ 83.641455] ? ip_copy_addrs+0xe0/0xe0 [ 83.645351] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 83.650294] ? kasan_check_read+0x11/0x20 [ 83.654455] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 83.659761] ? rcu_softirq_qs+0x20/0x20 [ 83.663805] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 83.668859] ? nf_hook_slow+0x11e/0x1c0 [ 83.672848] ? ip_fragment.constprop.51+0x240/0x240 [ 83.677873] ? __ip_local_out+0x5e2/0xb30 [ 83.682243] ? ip_finish_output+0xfa0/0xfa0 [ 83.686582] ? ip_append_data.part.50+0x170/0x170 [ 83.691435] ? ip_make_skb+0x216/0x340 [ 83.695357] ip_local_out+0xc5/0x1b0 [ 83.699080] ip_send_skb+0x40/0xe0 [ 83.702629] udp_send_skb.isra.46+0x6ad/0x1160 [ 83.707112] audit: type=1804 audit(1544397793.915:34): pid=7565 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor0" name="/root/syzkaller-testdir029218375/syzkaller.aGerof/2/memory.events" dev="sda1" ino=16524 res=1 [ 83.707220] ? xfrm_lookup_route+0x74/0x1f0 [ 83.735739] udp_sendmsg+0x2953/0x3c40 [ 83.739681] ? __might_sleep+0x95/0x190 [ 83.743664] ? ip_reply_glue_bits+0xc0/0xc0 [ 83.747989] ? udp_v4_get_port+0x180/0x180 [ 83.752241] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.757780] ? get_futex_value_locked+0xcb/0xf0 [ 83.762449] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 83.767480] ? perf_trace_sched_process_exec+0x860/0x860 [ 83.772930] ? lock_downgrade+0x900/0x900 [ 83.777083] ? aa_label_sk_perm+0x91/0x100 [ 83.781316] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 83.786243] ? aa_sk_perm+0x22b/0x8e0 [ 83.790041] ? import_iovec+0x2a3/0x4b0 [ 83.794020] ? aa_af_perm+0x5a0/0x5a0 [ 83.797824] inet_sendmsg+0x1a1/0x690 [ 83.801626] ? udp_v4_get_port+0x180/0x180 [ 83.805858] ? inet_sendmsg+0x1a1/0x690 [ 83.809834] ? ipip_gro_receive+0x100/0x100 [ 83.814188] ? apparmor_socket_sendmsg+0x29/0x30 [ 83.818977] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.824546] ? security_socket_sendmsg+0x94/0xc0 [ 83.829319] ? ipip_gro_receive+0x100/0x100 [ 83.833645] sock_sendmsg+0xd5/0x120 [ 83.837363] ___sys_sendmsg+0x51d/0x930 [ 83.841359] ? copy_msghdr_from_user+0x580/0x580 [ 83.846119] ? find_held_lock+0x36/0x1c0 [ 83.850182] ? __fget_light+0x2e9/0x430 [ 83.854157] ? fget_raw+0x20/0x20 [ 83.857621] ? zap_class+0x640/0x640 [ 83.861332] ? trace_hardirqs_on+0xbd/0x310 [ 83.865650] ? _raw_spin_unlock_bh+0x30/0x40 [ 83.870058] ? trace_hardirqs_off_caller+0x310/0x310 [ 83.875170] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 83.880705] ? sockfd_lookup_light+0xc5/0x160 [ 83.885221] __sys_sendmmsg+0x246/0x6d0 [ 83.889331] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 83.893666] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 83.899202] ? put_timespec64+0x10f/0x1b0 [ 83.903355] ? nsecs_to_jiffies+0x30/0x30 [ 83.907507] ? do_syscall_64+0x9a/0x820 [ 83.911490] ? do_syscall_64+0x9a/0x820 [ 83.915479] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 83.920061] ? trace_hardirqs_on+0xbd/0x310 [ 83.924411] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.929949] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.935315] ? trace_hardirqs_off_caller+0x310/0x310 [ 83.940440] __x64_sys_sendmmsg+0x9d/0x100 [ 83.944680] do_syscall_64+0x1b9/0x820 [ 83.948568] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 83.953936] ? syscall_return_slowpath+0x5e0/0x5e0 [ 83.958869] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 83.963734] ? trace_hardirqs_on_caller+0x310/0x310 [ 83.968757] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 83.973772] ? prepare_exit_to_usermode+0x291/0x3b0 [ 83.978793] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 83.983655] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.988869] RIP: 0033:0x457659 [ 83.992064] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 84.010981] RSP: 002b:00007f0c5d66fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 84.018687] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457659 [ 84.025950] RDX: 04000000000001a8 RSI: 0000000020007fc0 RDI: 0000000000000004 [ 84.033229] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 84.040525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0c5d6706d4 [ 84.047810] R13: 00000000004c3e14 R14: 00000000004d6c38 R15: 00000000ffffffff [ 84.056087] Kernel Offset: disabled [ 84.059711] Rebooting in 86400 seconds..