[ 31.671097] kauditd_printk_skb: 8 callbacks suppressed [ 31.671103] audit: type=1800 audit(1572943216.496:33): pid=6741 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 31.698045] audit: type=1800 audit(1572943216.496:34): pid=6741 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.025131] random: sshd: uninitialized urandom read (32 bytes read) [ 35.262548] audit: type=1400 audit(1572943220.086:35): avc: denied { map } for pid=6916 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 35.313986] random: sshd: uninitialized urandom read (32 bytes read) [ 35.938633] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. [ 41.512707] random: sshd: uninitialized urandom read (32 bytes read) 2019/11/05 08:40:26 fuzzer started [ 41.712041] audit: type=1400 audit(1572943226.536:36): avc: denied { map } for pid=6925 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 42.531648] random: cc1: uninitialized urandom read (8 bytes read) 2019/11/05 08:40:28 dialing manager at 10.128.0.105:41191 2019/11/05 08:40:28 syscalls: 2529 2019/11/05 08:40:28 code coverage: enabled 2019/11/05 08:40:28 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/11/05 08:40:28 extra coverage: extra coverage is not supported by the kernel 2019/11/05 08:40:28 setuid sandbox: enabled 2019/11/05 08:40:28 namespace sandbox: enabled 2019/11/05 08:40:28 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/05 08:40:28 fault injection: enabled 2019/11/05 08:40:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/05 08:40:28 net packet injection: enabled 2019/11/05 08:40:28 net device setup: enabled 2019/11/05 08:40:28 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/05 08:40:28 devlink PCI setup: PCI device 0000:00:10.0 is not available [ 44.995888] random: crng init done 08:41:41 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 08:41:41 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) ioctl$sock_inet_SIOCSIFPFLAGS(r2, 0x8934, 0x0) r3 = syz_open_dev$radio(0x0, 0x0, 0x2) ioctl$VIDIOC_QUERYCAP(r3, 0x80685600, 0x0) getsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, &(0x7f0000000300), 0x0) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$mouse(&(0x7f0000000340)='/dev/input/mouse#\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4004ae99, 0x0) ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000240)=0x7ff) 08:41:41 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000300)={0x7b, 0x5, [0x40000010], [0xc1]}) 08:41:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) stat(0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x1a9b, 0x0) r0 = syz_open_dev$usbfs(0x0, 0x0, 0x0) mmap$usbfs(&(0x7f0000002000/0x4000)=nil, 0x204e00, 0x0, 0x11, r0, 0x0) 08:41:41 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x4, &(0x7f0000000040)) 08:41:41 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x2000000004e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='vxcan1\x00', 0xf) r1 = dup2(r0, r0) sendmsg$tipc(r1, &(0x7f0000002580)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)="fe", 0x1}], 0x1}, 0x0) [ 116.278136] audit: type=1400 audit(1572943301.096:37): avc: denied { map } for pid=6925 comm="syz-fuzzer" path="/root/syzkaller-shm739855144" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 116.321155] audit: type=1400 audit(1572943301.146:38): avc: denied { map } for pid=6943 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13819 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 116.640953] IPVS: ftp: loaded support on port[0] = 21 [ 117.459487] chnl_net:caif_netlink_parms(): no params data found [ 117.467961] IPVS: ftp: loaded support on port[0] = 21 [ 117.503178] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.509811] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.517151] device bridge_slave_0 entered promiscuous mode [ 117.524597] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.531214] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.538089] device bridge_slave_1 entered promiscuous mode [ 117.553949] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 117.562923] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 117.580882] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 117.588355] team0: Port device team_slave_0 added [ 117.595328] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 117.602514] team0: Port device team_slave_1 added [ 117.610838] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 117.622405] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 117.682126] device hsr_slave_0 entered promiscuous mode [ 117.720421] device hsr_slave_1 entered promiscuous mode [ 117.802421] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 117.812009] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 117.822783] IPVS: ftp: loaded support on port[0] = 21 [ 117.891292] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.897746] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.904653] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.911021] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.919341] chnl_net:caif_netlink_parms(): no params data found [ 117.955132] IPVS: ftp: loaded support on port[0] = 21 [ 117.968043] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.975642] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.984072] device bridge_slave_0 entered promiscuous mode [ 117.993742] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.000161] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.007035] device bridge_slave_1 entered promiscuous mode [ 118.027187] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 118.038421] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 118.058584] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 118.066751] team0: Port device team_slave_0 added [ 118.085834] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 118.093374] team0: Port device team_slave_1 added [ 118.124688] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 118.161014] chnl_net:caif_netlink_parms(): no params data found [ 118.169329] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 118.204270] IPVS: ftp: loaded support on port[0] = 21 [ 118.243214] device hsr_slave_0 entered promiscuous mode [ 118.290357] device hsr_slave_1 entered promiscuous mode [ 118.343329] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 118.355257] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 118.375794] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.383164] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.391076] device bridge_slave_0 entered promiscuous mode [ 118.397684] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.404533] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.411964] device bridge_slave_1 entered promiscuous mode [ 118.437707] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 118.447314] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 118.466194] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.472634] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.479302] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.485671] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.512201] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 118.518290] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.525499] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.532863] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.539862] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 118.547890] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.555019] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.569234] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 118.576852] team0: Port device team_slave_0 added [ 118.585288] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 118.592862] team0: Port device team_slave_1 added [ 118.645220] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 118.653634] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 118.668488] IPVS: ftp: loaded support on port[0] = 21 [ 118.674496] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 118.743130] device hsr_slave_0 entered promiscuous mode [ 118.780558] device hsr_slave_1 entered promiscuous mode [ 118.821514] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 118.828504] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 118.835944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 118.843691] chnl_net:caif_netlink_parms(): no params data found [ 118.859319] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 118.866934] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 118.881227] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 118.887349] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.915731] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 118.939085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 118.947045] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 118.955412] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.961838] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.973593] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 119.029151] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.040984] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 119.054357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.062370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.069954] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.076340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.088813] chnl_net:caif_netlink_parms(): no params data found [ 119.102773] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 119.110774] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 119.117015] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.123734] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.130746] device bridge_slave_0 entered promiscuous mode [ 119.138638] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.145194] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.152251] device bridge_slave_1 entered promiscuous mode [ 119.169417] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.179686] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 119.198185] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 119.205247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.213391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.221156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.230385] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 119.239571] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 119.258282] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 119.268457] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 119.275186] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.282598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 119.290444] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 119.298227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 119.306630] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 119.314613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 119.324198] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 119.347473] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.354130] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.361758] device bridge_slave_0 entered promiscuous mode [ 119.369293] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 119.389439] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 119.397804] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.405364] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.413175] device bridge_slave_1 entered promiscuous mode [ 119.419368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 119.427925] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 119.436010] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.444276] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.452262] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.458629] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.467311] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 119.476086] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 119.485073] team0: Port device team_slave_0 added [ 119.492597] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 119.507460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 119.517396] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 119.525231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.533719] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.541707] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.548209] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.561881] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 119.569161] team0: Port device team_slave_1 added [ 119.574630] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 119.590280] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 119.604064] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.612009] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 119.620484] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 119.628479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.637104] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 119.651677] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 119.679360] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 119.688975] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 119.709663] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 119.762234] device hsr_slave_0 entered promiscuous mode [ 119.800352] device hsr_slave_1 entered promiscuous mode [ 119.855266] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 119.863100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.870810] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 119.878479] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 119.886157] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 119.893872] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 119.901922] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 119.922071] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 119.934053] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 119.941898] team0: Port device team_slave_0 added [ 119.947087] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 119.954769] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 119.961800] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 119.968494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 119.976363] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 119.984260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.991600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.001759] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 120.010893] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.017408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 120.025734] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.037316] chnl_net:caif_netlink_parms(): no params data found [ 120.045775] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 120.054431] team0: Port device team_slave_1 added [ 120.059843] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 120.067685] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 120.076274] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 120.087646] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 120.094188] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.108399] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 120.125500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 120.134174] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.147556] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 120.156530] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 08:41:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_tables_matches\x00') r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000300)={0x7b, 0x5, [0x175], [0xc1]}) [ 120.213859] device hsr_slave_0 entered promiscuous mode [ 120.240342] device hsr_slave_1 entered promiscuous mode [ 120.263643] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 120.283371] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 120.315802] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 120.322965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.331560] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.339339] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.346430] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.353720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 120.363363] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 120.377035] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 120.384131] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.398632] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.406559] bridge0: port 2(bridge_slave_1) entered blocking state 08:41:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_tables_matches\x00') r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000300)={0x7b, 0x5, [0x9e], [0xc1]}) [ 120.413021] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.434856] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 120.468271] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.476645] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.484303] device bridge_slave_0 entered promiscuous mode [ 120.491662] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.498067] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.505182] device bridge_slave_1 entered promiscuous mode [ 120.513495] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 120.531366] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 08:41:45 executing program 0: r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0a000000010000001d09"], 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/370) ioctl$PIO_UNIMAP(r1, 0x5428, 0x0) [ 120.564634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 120.579446] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 120.588129] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready 08:41:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000300)={0x7b, 0x5, [0x1a0], [0xc1]}) [ 120.615299] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 120.624874] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 120.633316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 120.640626] audit: type=1804 audit(1572943305.456:39): pid=6993 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/" dev="sda1" ino=2333 res=1 [ 120.663280] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 120.670433] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 120.679055] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 120.689874] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.711278] audit: type=1804 audit(1572943305.466:40): pid=6994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.0" name="/" dev="sda1" ino=2333 res=1 [ 120.757436] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 120.765234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 120.777842] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.786004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 120.798189] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 08:41:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_tables_matches\x00') r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000300)={0x7b, 0x5, [0x10a], [0xc1]}) [ 120.806141] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 120.824443] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.837642] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 120.855935] team0: Port device team_slave_0 added [ 120.863284] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 120.874183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 120.881735] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.891273] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.902409] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 120.911693] team0: Port device team_slave_1 added [ 120.919051] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 120.927683] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 120.935934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 120.948333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.959187] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 120.965598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 120.973437] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 120.983311] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 120.991638] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 121.003019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 121.011149] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 121.019707] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 121.039685] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready 08:41:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_tables_matches\x00') r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000300)={0x7b, 0x5, [0x10a], [0xc1]}) [ 121.060595] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 121.066714] 8021q: adding VLAN 0 to HW filter on device team0 [ 121.083839] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 121.097178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 08:41:46 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000300)={0x7b, 0x5, [0x40000010], [0xc1]}) [ 121.127049] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 121.133796] 8021q: adding VLAN 0 to HW filter on device team0 [ 121.185885] device hsr_slave_0 entered promiscuous mode [ 121.240458] device hsr_slave_1 entered promiscuous mode [ 121.270795] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 121.278096] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 121.289500] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 121.302129] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 121.319294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 121.327401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 121.335417] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.341846] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.348702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 121.357213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 121.364858] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.371256] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.378404] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 121.388457] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 121.395195] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 121.405951] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 121.414608] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 121.425547] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 121.434906] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 121.445258] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 121.452991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 121.461674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 121.470522] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.476889] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.484269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 121.491943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 121.502851] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 121.515119] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 121.522543] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 121.530827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 121.538377] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.544772] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.554276] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 121.563057] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 121.573068] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 121.579835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 121.588132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 121.596422] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 121.604850] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 121.613266] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 121.622053] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 121.633636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 121.641667] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 121.651332] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 121.661699] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 121.669635] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 121.678458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 121.686616] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 121.694580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 121.702365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 121.709807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 121.738838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 121.747331] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 121.758518] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 121.769155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 121.777162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 121.787480] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 121.795426] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 121.807339] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 121.819693] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 121.826313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 121.836157] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 121.846579] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 121.856677] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 121.866043] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 121.873031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 121.883000] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 121.894526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 121.902289] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 121.912442] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 121.922891] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 121.936999] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 121.945700] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 121.955516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 121.962938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 121.970035] hrtimer: interrupt took 35958 ns [ 121.971912] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 121.985077] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 121.996427] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 122.003932] 8021q: adding VLAN 0 to HW filter on device team0 [ 122.013091] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 122.024207] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 122.034645] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 122.043224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 122.052231] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.058660] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.066251] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 122.075251] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 122.087125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 122.096311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 122.107589] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.114040] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.126709] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 122.136601] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 122.147388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 122.157264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 122.166405] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 122.174247] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 122.184241] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 122.192169] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 122.198957] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 122.206196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 122.214610] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 122.226421] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 122.236283] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 122.250495] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 122.270815] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 122.284206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 122.299674] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 122.308042] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 122.317972] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 122.329842] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 122.341380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 122.349055] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 122.360248] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 122.366444] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 122.395245] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 122.406286] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 122.413116] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 122.423040] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 122.433810] 8021q: adding VLAN 0 to HW filter on device batadv0 08:41:47 executing program 5: r0 = syz_open_dev$sndmidi(&(0x7f0000653fee)='/dev/snd/midiC#D#\x00', 0x200, 0x1) openat$audio(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x40045730, &(0x7f0000000080)) 08:41:47 executing program 1: r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0a000000010000001d09"], 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/370) ioctl$PIO_UNIMAP(r1, 0x545d, 0x0) [ 122.486148] audit: type=1804 audit(1572943307.306:41): pid=7056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/" dev="sda1" ino=2333 res=1 [ 122.523383] audit: type=1804 audit(1572943307.306:42): pid=7057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/" dev="sda1" ino=2333 res=1 08:41:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) stat(0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x1a9b, 0x0) r0 = syz_open_dev$usbfs(0x0, 0x0, 0x0) mmap$usbfs(&(0x7f0000002000/0x4000)=nil, 0x204e00, 0x0, 0x11, r0, 0x0) 08:41:48 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_tables_matches\x00') r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000300)={0x7b, 0x5, [0x4d0], [0xc1]}) 08:41:48 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000004c80)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c, 0x0}}], 0x1, 0x20000000) sendto$inet6(r0, 0x0, 0x0, 0x20000003, 0x0, 0x0) 08:41:48 executing program 1: clone(0x2004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000200)='pagemap\x00') r0 = gettid() tkill(r0, 0x38) syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00W\xf6Je|H\x10\x05\xf1\xab\xc4MJ\xcbP\xed@\xe8\xe39\xd2\xea\xaap\xf9\x1aTM\x1f\x8e\x86c\xb4T\xde\x10\xf6\xa1\x89\xea)6\xca\x00\xa2\x04\xe6}\xaa\xd4\xf6~\xd0\x04bj\xe5\xa2\x99t;zzV\x15\x9a\x1b\xb9\x87@\xe9#\x99\xd6\xb8\xa4\xb1T\x00\xe0\x93\xd0\xd5\xd8\x0f\x11y\xef\xf1R\v\xd6\x81\x97\xa96,q\xc1\xb8\xde\xf6\x8153\x1a\x11VEG(\x93\x18u\xed\xd1\x1aH\xf8\xb5\x16\xf2\xbc\x17\x1f\xd7\x89F(G\x18S\xfb\x92\x99\x0f\x8b\xc8A\xc8\xb4=Y;\xa8\xed6\xf1\x14\'\xa0\xfb\r\xf7I1]:\xd1;h\xc6\xe2M\xf2\x005\x96\x9b\xd1\x92v\xf9\xba\xf4\x12\r\"^\xc2\xb2\x1d\n:mq\xc7\x00\x00\xa1\x7f\x92r\x95\x96\xda7\xea\x85\xc0\x8c\xa8^\xb7\x1f\x80\x05\x03\xc2\xd2Ca\xe7\x19\x9f\x16w\xc0\xec\x9c\x94\x92\xbf\x81\xbb\xef9C\xcb(*F\vHFw\x04\x1d\xc7L\xa39C kW\xb2\xe9\xe6\x17\xe8%\x86\xd1H\rR\xafX\x1f\xea\x00\x00\x00\x00U\\\x80!\x00\x00W\x00\x00v\x99\x8f\x86s:\x8a\a\x16je\xedN\x8b|\x9a\x8d\xeb\xf03\xda\x90\xb4\xd33E\xb6\xfa\xcc\xb2M+\x89\x93/\x8a\xad\x89\xd9\x7f\n\x1b^\x99e\xa9\"\aM\x902\x90\xcc*s\x96\x19z.M<\xb9\xa8l\f\xfc\r\x91\x1c\rc\xe40\a\x17,/\x88I\x0f\\F\xc6\x95T\xb9-\xa3%\xe7\x1c\xd2\xd1\xf9X\xfe\x13\b\xd6\xa4\xed\xa7\x9aO\xac\xb4h\xc1\xca\xe2/a\xee\x0f\xe8\n') 08:41:48 executing program 5: r0 = syz_open_dev$sndmidi(&(0x7f0000653fee)='/dev/snd/midiC#D#\x00', 0x200, 0x1) openat$audio(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x40045730, &(0x7f0000000080)) 08:41:48 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'bond_slave_0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="1b00000005"]}) [ 123.620141] audit: type=1400 audit(1572943308.436:43): avc: denied { map } for pid=7073 comm="syz-executor.2" path="/dev/bus/usb/001/001" dev="devtmpfs" ino=15515 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file permissive=1 08:41:48 executing program 4: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000240), 0x8) 08:41:48 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080), 0x4) 08:41:48 executing program 1: r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0a000000010000001d09"], 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/370) write$P9_RREAD(r1, &(0x7f0000000100)={0x11, 0x75, 0x0, {0x6, "dce10237fb29"}}, 0x11) write$apparmor_exec(r1, &(0x7f0000000180)={'stack ', 'TRUE'}, 0xa) 08:41:48 executing program 5: r0 = syz_open_dev$sndmidi(&(0x7f0000653fee)='/dev/snd/midiC#D#\x00', 0x200, 0x1) openat$audio(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x40045730, &(0x7f0000000080)) [ 123.777109] BUG: unable to handle kernel NULL pointer dereference at (null) [ 123.778474] kobject: 'kvm' (ffff8880a6e83350): kobject_uevent_env [ 123.785312] IP: (null) [ 123.785319] PGD 99d79067 P4D 99d79067 PUD 996da067 PMD 0 [ 123.785339] Oops: 0010 [#1] PREEMPT SMP KASAN [ 123.785345] Modules linked in: [ 123.785357] CPU: 0 PID: 7099 Comm: syz-executor.4 Not tainted 4.14.151 #0 [ 123.785362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 123.785367] task: ffff888097a323c0 task.stack: ffff888063d40000 [ 123.785372] RIP: 0010: (null) [ 123.785376] RSP: 0018:ffff888063d47d48 EFLAGS: 00010246 [ 123.785383] RAX: dffffc0000000000 RBX: ffffffff88151060 RCX: ffffc9000ca63000 [ 123.785387] RDX: 1ffffffff102a223 RSI: 0000000000000000 RDI: ffff888090ecc000 [ 123.785392] RBP: ffff888063d47d68 R08: 0000000000000001 R09: ffff888097a32c60 [ 123.785396] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888090ecc000 [ 123.785402] R13: ffff888090ecc00e R14: 0000000000000010 R15: 0000000000000802 [ 123.785408] FS: 00007f5170b9f700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 123.785413] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.785418] CR2: 0000000000000000 CR3: 000000008f2e3000 CR4: 00000000001426f0 [ 123.785426] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 123.785431] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 123.785433] Call Trace: [ 123.785446] inet_autobind+0xae/0x180 [ 123.785455] inet_dgram_connect+0x136/0x1e0 [ 123.785468] SYSC_connect+0x1f6/0x2d0 [ 123.793118] kobject: 'loop5' (ffff8880a4a889e0): kobject_uevent_env [ 123.795059] ? SYSC_bind+0x220/0x220 [ 123.795074] ? nsecs_to_jiffies+0x30/0x30 [ 123.795086] ? SyS_clock_gettime+0xf8/0x180 [ 123.808384] kobject: 'loop5' (ffff8880a4a889e0): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 123.808843] SyS_connect+0x24/0x30 [ 123.815930] kobject: 'kvm' (ffff8880a6e83350): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 123.825381] ? SyS_accept+0x30/0x30 [ 123.825396] do_syscall_64+0x1e8/0x640 [ 123.825404] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 123.825418] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 123.825425] RIP: 0033:0x45a219 [ 123.825429] RSP: 002b:00007f5170b9ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 123.825437] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219 [ 123.825441] RDX: 0000000000000010 RSI: 0000000020004cc0 RDI: 0000000000000003 [ 123.825446] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 08:41:48 executing program 5: r0 = syz_open_dev$sndmidi(&(0x7f0000653fee)='/dev/snd/midiC#D#\x00', 0x200, 0x1) openat$audio(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x40045730, &(0x7f0000000080)) [ 123.825450] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5170b9f6d4 [ 123.825458] R13: 00000000004c099d R14: 00000000004d3340 R15: 00000000ffffffff [ 124.037399] Code: Bad RIP value. [ 124.040857] RIP: (null) RSP: ffff888063d47d48 [ 124.046209] CR2: 0000000000000000 08:41:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x100000000000}, 0x0, 0x0, 0xffffffff, 0x0, 0x47}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000001fc1)='#vmnet1nodevem1\x00', 0x0) write(r0, &(0x7f0000000040)='/', 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = creat(&(0x7f0000002440)='./file0\x00', 0x0) creat(&(0x7f0000002440)='./file0\x00', 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000240)='threaded\x00', 0xfb3f) fallocate(0xffffffffffffffff, 0x0, 0x7fff, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r2, 0x8, 0x0, 0x8000) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000d40)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',\x00']) setsockopt$inet_mreqsrc(r1, 0x0, 0x25, &(0x7f0000000000)={@multicast2, @local, @local}, 0xc) pipe(&(0x7f0000000000)={0xffffffffffffffff}) r6 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet6(0xa, 0x80f, 0x1) close(r6) splice(r5, 0x0, r6, 0x0, 0x80000001, 0x0) ioctl$PPPIOCSDEBUG(r5, 0x40047440, &(0x7f0000000080)=0xfffffffffffffffe) r7 = socket$inet(0x2, 0x3, 0x2) r8 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r8, 0x0, 0xca, &(0x7f0000000000), 0x10) finit_module(r3, &(0x7f0000000100)='ppp0\x00', 0x2) r9 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r9, 0x0, 0xca, &(0x7f0000000000), 0x10) setsockopt$inet_int(r9, 0x0, 0x32, &(0x7f0000000040)=0xfffffffffffffffd, 0x8) setsockopt$inet_MCAST_JOIN_GROUP(r7, 0x0, 0x2a, &(0x7f0000000180)={0x7, {{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0xffffffffffffff1f) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) r10 = socket(0x200040000000015, 0x805, 0x0) getsockopt(r10, 0x114, 0x271d, 0x0, &(0x7f00000000c0)) r11 = socket(0x200040000000015, 0x805, 0x0) getsockopt(r11, 0x114, 0x271d, 0x0, &(0x7f00000000c0)) setsockopt$inet_msfilter(r11, 0x0, 0x29, &(0x7f0000000580)=ANY=[@ANYRES16=r0, @ANYRESOCT, @ANYBLOB="f31c93ef2b2021d774d2369d9e14fe7a6cc7c1c6b2aaf884afee01d206058fa0cd73bce5d0c0e4c94429c00c73ee32ab7901cff25eaee3061bc31b93855a6a68553795877e09b651a569522afd251f1291eeea7b88f3b2b589e85006443d0948309f5fc81ae8f4aa85b75c1bf7abb390855d01bce2c6e9564bf071134f0019944f3a825963cfeefb83dca5704c9311a1127373f804ef7c3a60c67acbc7f456c510f2bcb9c08d0cff1c984c874f4ef488184ec511bd2bc65ad06ac0c5e8268e6dc67d53d71a2bacac8ca7fbd3e164b7870f52", @ANYRESDEC=r0], 0x4) sendfile(r0, r0, &(0x7f00000000c0), 0xffffffff) [ 124.064694] audit: type=1804 audit(1572943308.886:44): pid=7109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/" dev="sda1" ino=2333 res=1 [ 124.076076] ---[ end trace 50abab176bdfa64a ]--- [ 124.093346] Kernel panic - not syncing: Fatal exception [ 124.100425] Kernel Offset: disabled [ 124.104071] Rebooting in 86400 seconds..