[....] Starting periodic command[ 40.597162][ T26] audit: type=1800 audit(1552603627.767:32): pid=7760 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 41.241236][ T26] audit: type=1800 audit(1552603628.407:33): pid=7760 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 46.001599][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 46.001613][ T26] audit: type=1400 audit(1552603633.177:35): avc: denied { map } for pid=7934 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.116' (ECDSA) to the list of known hosts. 2019/03/14 22:47:19 fuzzer started [ 52.437162][ T26] audit: type=1400 audit(1552603639.607:36): avc: denied { map } for pid=7943 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/03/14 22:47:22 dialing manager at 10.128.0.26:43013 2019/03/14 22:47:22 syscalls: 1 2019/03/14 22:47:22 code coverage: enabled 2019/03/14 22:47:22 comparison tracing: enabled 2019/03/14 22:47:22 extra coverage: extra coverage is not supported by the kernel 2019/03/14 22:47:22 setuid sandbox: enabled 2019/03/14 22:47:22 namespace sandbox: enabled 2019/03/14 22:47:22 Android sandbox: /sys/fs/selinux/policy does not exist 2019/03/14 22:47:22 fault injection: enabled 2019/03/14 22:47:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/03/14 22:47:22 net packet injection: enabled 2019/03/14 22:47:22 net device setup: enabled 22:49:36 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x294) connect$inet6(r0, &(0x7f0000000340), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$sock_timeval(r1, 0x1, 0x0, &(0x7f0000000140), 0x10) poll(0x0, 0x0, 0x1d3) [ 189.390971][ T26] audit: type=1400 audit(1552603776.557:37): avc: denied { map } for pid=7958 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=15725 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 189.489279][ T7959] IPVS: ftp: loaded support on port[0] = 21 22:49:36 executing program 1: mknod(&(0x7f0000000080)='./file0\x00', 0x103c, 0x0) execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='io\x00[\xfcW\x16\x9b\xab\xeeT\xed\x16\xe3\x9ez\x8f\xe4\xb9\x00\x16\xf2f\xe3\xf60x0}) fchown(r1, 0x0, r3) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0xffffffffffffffff) fsetxattr$system_posix_acl(r2, &(0x7f0000000280)='system.posix_acl_default\x00', &(0x7f0000000c80)=ANY=[@ANYBLOB="10000200000000002000040000000000"], 0x1, 0x2) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60fd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/loop-control\x00', 0x8000000000000800, 0x0) r6 = semget$private(0x0, 0x0, 0x40) semtimedop(r6, &(0x7f0000000400)=[{0x3, 0x6, 0x800}, {0x4, 0x80000001, 0x1000}, {0x3, 0x2, 0x1800}, {0x7, 0x5, 0x800}], 0x4, &(0x7f0000000900)) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r5, 0x4c80, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r4, 0x6611) setuid(0x0) setxattr$trusted_overlay_origin(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000340)='trusted.overlay.origin\x00', 0x0, 0x0, 0x2) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x80000001ff) r7 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000080)='NET_DM\x00') sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r7, 0x300, 0x70bd26, 0x25dfdbfd, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x24000805}, 0x4000) [ 190.051680][ T7959] device hsr_slave_1 entered promiscuous mode [ 190.156105][ T7959] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.163340][ T7959] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.170907][ T7959] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.178011][ T7959] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.188920][ T7964] IPVS: ftp: loaded support on port[0] = 21 [ 190.206977][ T7967] IPVS: ftp: loaded support on port[0] = 21 22:49:37 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0x0, &(0x7f0000000340)='net/tcp6\x00') preadv(r1, &(0x7f0000000300)=[{&(0x7f0000000100)=""/236, 0xec}, {&(0x7f0000000200)=""/227, 0xe3}], 0x2, 0x0) [ 190.273847][ T7962] chnl_net:caif_netlink_parms(): no params data found [ 190.396074][ T7959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.445732][ T7962] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.453400][ T7962] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.461190][ T7962] device bridge_slave_0 entered promiscuous mode [ 190.469213][ T7962] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.476419][ T7962] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.484447][ T7962] device bridge_slave_1 entered promiscuous mode [ 190.499155][ T7959] 8021q: adding VLAN 0 to HW filter on device team0 22:49:37 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x4000) close(r3) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet(0x2, 0x3, 0x7f) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_int(r4, 0x0, 0x3, &(0x7f0000000280)=0x7ff, 0x4) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r1, 0x0, r3, 0x0, 0x80000010005, 0x0) creat(&(0x7f0000000100)='./bus\x00', 0x0) r5 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002011, r5, 0x0) [ 190.575195][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.589213][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.597565][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.609735][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 190.668737][ T7971] IPVS: ftp: loaded support on port[0] = 21 [ 190.677871][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.687543][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.701132][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.708246][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.716245][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.724758][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.733112][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.740143][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.747708][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.757678][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.770351][ T7967] chnl_net:caif_netlink_parms(): no params data found [ 190.781020][ T7962] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.791031][ T7962] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.818507][ T7962] team0: Port device team_slave_0 added [ 190.832770][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.841122][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.849750][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.858456][ T7964] chnl_net:caif_netlink_parms(): no params data found [ 190.875258][ T7962] team0: Port device team_slave_1 added [ 190.889420][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.897894][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.906203][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.914441][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.955739][ T2994] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 190.966257][ T2994] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.968244][ T7976] IPVS: ftp: loaded support on port[0] = 21 [ 191.073869][ T7962] device hsr_slave_0 entered promiscuous mode [ 191.111639][ T7962] device hsr_slave_1 entered promiscuous mode [ 191.160054][ T7959] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.167832][ T7967] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.175267][ T7967] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.183164][ T7967] device bridge_slave_0 entered promiscuous mode [ 191.195657][ T7967] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.203197][ T7967] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.210679][ T7967] device bridge_slave_1 entered promiscuous mode [ 191.250227][ T7964] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.257759][ T7964] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.266115][ T7964] device bridge_slave_0 entered promiscuous mode [ 191.275574][ T7964] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.282835][ T7964] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.290274][ T7964] device bridge_slave_1 entered promiscuous mode [ 191.298580][ T7967] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 191.308804][ T7967] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.419401][ T7964] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 191.429624][ T7964] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.446414][ T7971] chnl_net:caif_netlink_parms(): no params data found [ 191.461053][ T7967] team0: Port device team_slave_0 added [ 191.467179][ T7976] chnl_net:caif_netlink_parms(): no params data found [ 191.488417][ T7967] team0: Port device team_slave_1 added [ 191.510572][ T7964] team0: Port device team_slave_0 added [ 191.521251][ T7964] team0: Port device team_slave_1 added [ 191.562669][ T7967] device hsr_slave_0 entered promiscuous mode [ 191.611600][ T7967] device hsr_slave_1 entered promiscuous mode [ 191.715319][ T7959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.727735][ T7971] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.736813][ T7971] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.745022][ T7971] device bridge_slave_0 entered promiscuous mode [ 191.758855][ T7971] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.766562][ T7971] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.774318][ T7971] device bridge_slave_1 entered promiscuous mode [ 191.803974][ T7964] device hsr_slave_0 entered promiscuous mode [ 191.871557][ T7964] device hsr_slave_1 entered promiscuous mode [ 191.918599][ T26] audit: type=1400 audit(1552603779.087:38): avc: denied { associate } for pid=7959 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 191.980595][ T7962] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.989180][ T7976] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.997263][ T7976] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.006570][ T7976] device bridge_slave_0 entered promiscuous mode [ 192.024037][ T7971] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 192.042334][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.050001][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.059507][ T7976] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.067365][ T7976] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.081020][ T7976] device bridge_slave_1 entered promiscuous mode [ 192.110436][ T7971] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 192.133239][ T7962] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.144455][ T7976] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 192.154607][ T7976] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 192.174261][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.183368][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.192183][ T7969] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.199272][ T7969] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.243604][ T7966] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.252594][ T7966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.261193][ T7966] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.270057][ T7966] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.277156][ T7966] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.285787][ T7966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.294755][ T7966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.304401][ T7976] team0: Port device team_slave_0 added [ 192.311290][ T7976] team0: Port device team_slave_1 added [ 192.332572][ T7964] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.340581][ T7971] team0: Port device team_slave_0 added [ 192.351069][ T7971] team0: Port device team_slave_1 added 22:49:39 executing program 0: r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000100)="ea770d981e153c55008869c4f78c59fd15da714eacc3b35955f34aa6469a93476c4b165800316b0011f425e7c01949fc3f887b66c80af605d616168ef3a42906418d744a10c0e6c2bff201e5e81066a9afe2c3fe268e104564cb2fec61b281d2950ad87d6c21ed41c45ecc28dd4fd817ba04df00d6d3fd0b6509150aa1ccff002df7c769a58bac8eab5b0555c2ee4d41ae42ed72b58307d5dbd143ab5c625b4c2fe6c3632ea4624621d8d59f65ecf2883bdaccb693b714803571af3398c0604cfc6a6b7179d9ed25a50380b010aa81555e9f5993598a3bd1c3228d2ea085377061b326d5950e6c47a404cbcc3b2654cf3622e7c16cd8e11703c13e0fdb856a58") [ 192.406349][ T7967] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.417057][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.426320][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.435211][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.443379][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 22:49:39 executing program 0: r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ppoll(&(0x7f0000000140)=[{r0}], 0x1, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) [ 192.483609][ T7976] device hsr_slave_0 entered promiscuous mode 22:49:39 executing program 0: r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ppoll(&(0x7f0000000140)=[{r0}], 0x1, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) [ 192.523990][ T7976] device hsr_slave_1 entered promiscuous mode [ 192.559676][ T7964] 8021q: adding VLAN 0 to HW filter on device team0 22:49:39 executing program 0: r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ppoll(&(0x7f0000000140)=[{r0}], 0x1, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) [ 192.595106][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.606221][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.614470][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 22:49:39 executing program 0: r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ppoll(&(0x7f0000000140)=[{r0}], 0x1, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) [ 192.654467][ T7971] device hsr_slave_0 entered promiscuous mode [ 192.692243][ T7971] device hsr_slave_1 entered promiscuous mode 22:49:39 executing program 0: ppoll(&(0x7f0000000140)=[{}], 0x1, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) [ 192.791476][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.800073][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.812892][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.821223][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.829739][ T7969] bridge0: port 1(bridge_slave_0) entered blocking state 22:49:40 executing program 0: ppoll(&(0x7f0000000140)=[{}], 0x1, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) [ 192.836827][ T7969] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.850216][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.861236][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.869724][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.878136][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.886513][ T7969] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.893620][ T7969] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.901243][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.909861][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.918560][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.948947][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.964109][ T7967] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.975163][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.986260][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.995203][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.003927][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.012361][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.038479][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.047116][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.055740][ T7969] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.062878][ T7969] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.070776][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.079398][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.087770][ T7969] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.094837][ T7969] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.102652][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.110995][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.119420][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.138276][ T7964] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 193.149487][ T7964] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 193.175616][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.183980][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.192686][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.200765][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.209137][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.217588][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.225959][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.234372][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.242911][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.251189][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.259651][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.267909][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.276497][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.284231][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.298598][ T7962] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.311067][ T7967] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 193.324583][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.347233][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.355929][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.413894][ T7964] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.428394][ T7967] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.442922][ T7971] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.455263][ T7976] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.493047][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.501282][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.512441][ T7971] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.527354][ T7976] 8021q: adding VLAN 0 to HW filter on device team0 22:49:40 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x400100000001, 0x4) r1 = dup2(r0, r0) connect$netlink(r1, &(0x7f0000000000)=@unspec, 0xc) write$P9_RREADDIR(r1, 0x0, 0x0) 22:49:40 executing program 0: ppoll(&(0x7f0000000140)=[{}], 0x1, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) [ 193.566198][ T2994] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.576982][ T2994] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.593502][ T2994] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.608879][ T2994] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.632606][ T2994] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.639672][ T2994] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.655006][ T2994] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.663791][ T2994] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.680111][ T2994] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.687209][ T2994] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.712245][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.720296][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.729457][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.737903][ T7977] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.745007][ T7977] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.759693][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.768389][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.782177][ T7977] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.789237][ T7977] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.801053][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.826793][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.841060][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.850791][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.859531][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.867906][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.876409][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.894024][ C1] hrtimer: interrupt took 55948 ns [ 193.902965][ T7976] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 193.913442][ T26] audit: type=1400 audit(1552603781.077:39): avc: denied { create } for pid=8024 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 193.927981][ T7976] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 193.951479][ T26] audit: type=1400 audit(1552603781.077:40): avc: denied { write } for pid=8024 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 193.976871][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.985216][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.993129][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.003128][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 194.012958][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 194.018808][ T26] audit: type=1400 audit(1552603781.077:41): avc: denied { read } for pid=8024 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 194.021259][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.054011][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.062458][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 194.070613][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 194.079482][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 194.087500][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 194.105898][ T7966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.117942][ T7966] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.138181][ T8022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 194.146814][ T8022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 194.157216][ T8022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 194.167093][ T8022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 194.183069][ T7971] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 194.200644][ T7976] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.261550][ T7971] 8021q: adding VLAN 0 to HW filter on device batadv0 22:49:41 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) syz_execute_func(&(0x7f0000000380)="3666440f50f564ff0945c32e660f73fd18c4c27d794e00664207d9e33e0f1110c442019dccd3ee6f") write(r0, 0x0, 0x0) [ 194.462124][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 194.468641][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 194.521392][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 194.527167][ C0] protocol 88fb is buggy, dev hsr_slave_1 22:49:41 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0x0, &(0x7f0000000340)='net/tcp6\x00') preadv(r1, &(0x7f0000000300)=[{&(0x7f0000000100)=""/236, 0xec}, {&(0x7f0000000200)=""/227, 0xe3}], 0x2, 0x0) [ 194.553815][ T26] audit: type=1804 audit(1552603781.727:42): pid=8041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir206136377/syzkaller.y9lM7Y/0/bus" dev="sda1" ino=16518 res=1 22:49:41 executing program 5: 22:49:41 executing program 2: process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000002540)=[{&(0x7f00000003c0)=""/63, 0x216}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_mcast\x00') ioctl$DRM_IOCTL_FREE_BUFS(r0, 0x4010641a, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305616, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a4, 0x0) 22:49:41 executing program 0: r0 = syz_open_dev$dri(0x0, 0x0, 0x0) ppoll(&(0x7f0000000140)=[{r0}], 0x1, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) 22:49:41 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/fib_trie\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fe, 0x400000000000) 22:49:41 executing program 3: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c62, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x1d) bind$netlink(r0, &(0x7f0000514ff4), 0xc) 22:49:41 executing program 4: 22:49:41 executing program 5: 22:49:41 executing program 0: r0 = syz_open_dev$dri(0x0, 0x0, 0x0) ppoll(&(0x7f0000000140)=[{r0}], 0x1, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) 22:49:42 executing program 3: 22:49:42 executing program 2: 22:49:42 executing program 5: 22:49:42 executing program 4: 22:49:42 executing program 0: r0 = syz_open_dev$dri(0x0, 0x0, 0x0) ppoll(&(0x7f0000000140)=[{r0}], 0x1, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) 22:49:42 executing program 3: 22:49:42 executing program 4: 22:49:42 executing program 1: 22:49:42 executing program 2: 22:49:42 executing program 5: 22:49:42 executing program 0: syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ppoll(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) 22:49:42 executing program 3: 22:49:42 executing program 4: 22:49:42 executing program 5: 22:49:42 executing program 3: 22:49:42 executing program 4: 22:49:42 executing program 2: 22:49:42 executing program 1: 22:49:42 executing program 0: syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ppoll(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) 22:49:42 executing program 3: 22:49:42 executing program 2: 22:49:42 executing program 5: 22:49:42 executing program 4: 22:49:42 executing program 1: 22:49:42 executing program 3: 22:49:42 executing program 4: 22:49:42 executing program 0: syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ppoll(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) 22:49:42 executing program 1: 22:49:42 executing program 5: 22:49:42 executing program 2: 22:49:43 executing program 0: syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ppoll(&(0x7f0000000140), 0x0, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) 22:49:43 executing program 4: 22:49:43 executing program 3: 22:49:43 executing program 5: 22:49:43 executing program 1: 22:49:43 executing program 2: 22:49:43 executing program 3: 22:49:43 executing program 5: 22:49:43 executing program 4: 22:49:43 executing program 0: syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ppoll(&(0x7f0000000140), 0x0, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) 22:49:43 executing program 1: 22:49:43 executing program 3: 22:49:43 executing program 2: 22:49:43 executing program 4: 22:49:43 executing program 3: 22:49:43 executing program 5: r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$VT_DISALLOCATE(r1, 0x5608) 22:49:43 executing program 0: syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ppoll(&(0x7f0000000140), 0x0, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) 22:49:43 executing program 1: 22:49:43 executing program 4: 22:49:43 executing program 2: 22:49:43 executing program 5: 22:49:43 executing program 3: 22:49:43 executing program 1: 22:49:43 executing program 0: syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ppoll(&(0x7f0000000140)=[{}], 0x1, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) 22:49:43 executing program 2: syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000200)=""/11, 0xb) r1 = creat(&(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x10a) dup2(r0, r1) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)) open$dir(&(0x7f0000000280)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, 0x0) 22:49:43 executing program 4: 22:49:43 executing program 1: 22:49:43 executing program 3: 22:49:43 executing program 5: 22:49:43 executing program 4: 22:49:43 executing program 0: syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ppoll(&(0x7f0000000140)=[{}], 0x1, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) 22:49:43 executing program 5: 22:49:43 executing program 3: 22:49:43 executing program 1: 22:49:43 executing program 4: 22:49:44 executing program 0: syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ppoll(&(0x7f0000000140)=[{}], 0x1, &(0x7f00000001c0)={0x0, 0x1c9c380}, 0x0, 0x0) 22:49:44 executing program 2: 22:49:44 executing program 1: 22:49:44 executing program 5: 22:49:44 executing program 3: 22:49:44 executing program 4: 22:49:44 executing program 2: 22:49:44 executing program 4: 22:49:44 executing program 0: r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ppoll(&(0x7f0000000140)=[{r0}], 0x1, 0x0, 0x0, 0x0) 22:49:44 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781500000000f600000800000007000000402c11000000000009000007000000000000000000000000385a5800000000000000000000000000000100000000000000c70000000000000e00000048d79300"], 0x60) 22:49:44 executing program 1: clone(0x0, 0x0, 0x0, 0x0, 0x0) times(0x0) 22:49:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = eventfd2(0x0, 0x0) read$eventfd(r1, &(0x7f0000000140), 0x53e6) io_setup(0xa3c, &(0x7f0000409000)=0x0) io_submit(r2, 0x1, &(0x7f0000329fd8)=[&(0x7f00002a8000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r1}]) 22:49:44 executing program 2: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet6(0xa, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='cmdline\x00') exit(0x0) sendfile(r0, r0, 0x0, 0x1) [ 197.126751][ T8242] kasan: CONFIG_KASAN_INLINE enabled 22:49:44 executing program 4: syz_open_procfs(0x0, &(0x7f0000000100)='pagemap\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000140)='fd/3\x00W\xf6Je|H\x10\x05\xf1\xab\xc4MJ\xcbP\xed@\xe8\xe39\xd2\xea\xaap\xf9\x1aTM\x1f\x8e\x86c\xb4T\xde\x10\xf6\xa1\x89\xea)6\xca\x00\xa2\x04\xe6}\xaa\xd4\xf6~\xd0\x04bq\xe5\xa2\x99t;zzV\x15t[f\x16\x9dL\xe3\xc9\xf8Q\xf3<\x98\x9a\x1b\xb9\x87@\xe9#\x99\xd6\xb8\xa4\xb1T\xdd\xe0\x93\xd0\xd5\xd8\x0f\x11y\xef\xf1R\v\xd6\x81\x97\xa96,q\xd053\x1a\x11VEG(\x93\x18\xf2\xbc\x17\x1f\xd7\x89F(G\x18S\xda\x99\xdb\xeb\xa0\xc9*\xbd\xb4=Y;\xa8\xed\xd2\xa9\xa2\x87\xa0\xfb\r\xf7I1]:\xd1;h\xc6\xe2M\xf2\x005\x96\x9b\xd1\x92\x048\xb2\x02\xf1C\xdf\xa6\xc2\xb2\x1d\n:mnO8\\\xa1\x7f\x92r\x95\x96\xda7\xea\x85\xc8\x8c\xa8^\xb7\x1f\x80\x05\x03\xbb\xef9C\xcb(\x9bF\vHFW\x04\x1d\xc7LkW\xb2\xe9\xdd\x17\xe8%\x86\xd1H\rR\xafX\x1f\xea') close(r0) [ 197.164056][ T8242] kasan: GPF could be caused by NULL-ptr deref or user memory access 22:49:44 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f0000000600)=ANY=[@ANYBLOB="03000000009ad39beb2a5047b3f96ce654950200d0cf217897fbef9fc9846bde3f1b2cb49be711164608a9b3f26a349ac1869585b8bc73f3c8d2abd13a63cafbc8fead76ff7edb4683c191d5053379273008709690b1e82d0aef3603a63d0cf494debf94ac7c90a20000"], 0x6a) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000000100)='./bus\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) mkdir(&(0x7f0000000480)='./file0\x00', 0x0) fstatfs(r1, 0x0) [ 197.221362][ T8242] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 197.229281][ T8242] CPU: 0 PID: 8242 Comm: syz-executor.5 Not tainted 5.0.0+ #22 [ 197.236843][ T8242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.246924][ T8242] RIP: 0010:ebitmap_destroy+0x32/0xf0 [ 197.252298][ T8242] Code: 49 89 fd 41 54 53 e8 ed f4 7f fe 4d 85 ed 0f 84 99 00 00 00 e8 df f4 7f fe 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 98 00 00 00 49 be 00 00 00 00 00 fc ff df 4d 8b [ 197.265172][ T3872] kobject: 'loop1' (00000000eae12cd7): kobject_uevent_env [ 197.271903][ T8242] RSP: 0018:ffff888058a0f8c8 EFLAGS: 00010202 [ 197.271914][ T8242] RAX: dffffc0000000000 RBX: ffff888096002ae8 RCX: ffffc900108c8000 [ 197.271922][ T8242] RDX: 0000000000000002 RSI: ffffffff82f06f51 RDI: 0000000000000010 [ 197.271929][ T8242] RBP: ffff888058a0f8e8 R08: ffff888058a06540 R09: ffff888058a06e30 [ 197.271936][ T8242] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002 [ 197.271943][ T8242] R13: 0000000000000010 R14: ffffed1012c00592 R15: 0000000000585a38 [ 197.271953][ T8242] FS: 00007f43a5a80700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 197.271968][ T8242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 197.283268][ T3872] kobject: 'loop1' (00000000eae12cd7): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 197.285101][ T8242] CR2: 00007fb079fb9db8 CR3: 000000009d7e2000 CR4: 00000000001406f0 [ 197.285110][ T8242] Call Trace: [ 197.285134][ T8242] policydb_destroy+0x62c/0x7f0 [ 197.308756][ T8263] kobject: 'loop1' (00000000eae12cd7): kobject_uevent_env [ 197.309001][ T8242] policydb_read+0xe27/0x52c0 [ 197.324776][ T8263] kobject: 'loop1' (00000000eae12cd7): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 197.324924][ T8242] ? cache_grow_end+0xa4/0x190 [ 197.393235][ T8242] ? str_read+0x170/0x170 [ 197.397549][ T8242] ? string_to_av_perm+0xa0/0xa0 [ 197.402488][ T8242] ? security_load_policy+0x185/0x1170 [ 197.407954][ T8242] ? rcu_read_lock_sched_held+0x110/0x130 [ 197.413673][ T8242] ? kmem_cache_alloc_trace+0x354/0x760 [ 197.419204][ T8242] ? find_first_zero_bit+0x9a/0xc0 [ 197.424313][ T8242] security_load_policy+0x36d/0x1170 [ 197.429591][ T8242] ? security_change_sid+0x150/0x150 [ 197.434891][ T8242] ? find_held_lock+0x35/0x130 [ 197.439642][ T8242] ? __might_fault+0x12b/0x1e0 [ 197.444400][ T8242] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.450625][ T8242] ? _copy_from_user+0xdd/0x150 [ 197.455473][ T8242] sel_write_load+0x25a/0x470 [ 197.460150][ T8242] __vfs_write+0x8d/0x110 [ 197.464466][ T8242] ? sel_make_policy_nodes+0x1540/0x1540 [ 197.470087][ T8242] vfs_write+0x20c/0x580 [ 197.474338][ T8242] ksys_write+0xea/0x1f0 [ 197.478568][ T8242] ? __ia32_sys_read+0xb0/0xb0 [ 197.483323][ T8242] ? do_syscall_64+0x26/0x610 [ 197.487999][ T8242] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.494067][ T8242] ? do_syscall_64+0x26/0x610 [ 197.498734][ T8242] __x64_sys_write+0x73/0xb0 [ 197.503316][ T8242] do_syscall_64+0x103/0x610 [ 197.507898][ T8242] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.513768][ T8242] RIP: 0033:0x458079 [ 197.517658][ T8242] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.537257][ T8242] RSP: 002b:00007f43a5a7fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 197.545647][ T8242] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458079 [ 197.553630][ T8242] RDX: 0000000000000060 RSI: 0000000020000080 RDI: 0000000000000006 [ 197.561681][ T8242] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 197.569659][ T8242] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f43a5a806d4 [ 197.577624][ T8242] R13: 00000000004c7521 R14: 00000000004dd120 R15: 00000000ffffffff [ 197.585596][ T8242] Modules linked in: [ 197.602908][ T8242] ---[ end trace 65a143e9a8c02ca0 ]--- [ 197.608505][ T8242] RIP: 0010:ebitmap_destroy+0x32/0xf0 22:49:44 executing program 4: syz_open_procfs(0x0, &(0x7f0000000100)='pagemap\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000140)='fd/3\x00W\xf6Je|H\x10\x05\xf1\xab\xc4MJ\xcbP\xed@\xe8\xe39\xd2\xea\xaap\xf9\x1aTM\x1f\x8e\x86c\xb4T\xde\x10\xf6\xa1\x89\xea)6\xca\x00\xa2\x04\xe6}\xaa\xd4\xf6~\xd0\x04bq\xe5\xa2\x99t;zzV\x15t[f\x16\x9dL\xe3\xc9\xf8Q\xf3<\x98\x9a\x1b\xb9\x87@\xe9#\x99\xd6\xb8\xa4\xb1T\xdd\xe0\x93\xd0\xd5\xd8\x0f\x11y\xef\xf1R\v\xd6\x81\x97\xa96,q\xd053\x1a\x11VEG(\x93\x18\xf2\xbc\x17\x1f\xd7\x89F(G\x18S\xda\x99\xdb\xeb\xa0\xc9*\xbd\xb4=Y;\xa8\xed\xd2\xa9\xa2\x87\xa0\xfb\r\xf7I1]:\xd1;h\xc6\xe2M\xf2\x005\x96\x9b\xd1\x92\x048\xb2\x02\xf1C\xdf\xa6\xc2\xb2\x1d\n:mnO8\\\xa1\x7f\x92r\x95\x96\xda7\xea\x85\xc8\x8c\xa8^\xb7\x1f\x80\x05\x03\xbb\xef9C\xcb(\x9bF\vHFW\x04\x1d\xc7LkW\xb2\xe9\xdd\x17\xe8%\x86\xd1H\rR\xafX\x1f\xea') close(r0) [ 197.616315][ T8242] Code: 49 89 fd 41 54 53 e8 ed f4 7f fe 4d 85 ed 0f 84 99 00 00 00 e8 df f4 7f fe 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 98 00 00 00 49 be 00 00 00 00 00 fc ff df 4d 8b [ 197.638235][ T3872] kobject: 'loop4' (00000000cbbcd252): kobject_uevent_env [ 197.645852][ T8242] RSP: 0018:ffff888058a0f8c8 EFLAGS: 00010202 [ 197.648838][ T3872] kobject: 'loop4' (00000000cbbcd252): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 197.655040][ T8242] RAX: dffffc0000000000 RBX: ffff888096002ae8 RCX: ffffc900108c8000 22:49:44 executing program 4: syz_open_procfs(0x0, &(0x7f0000000100)='pagemap\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000140)='fd/3\x00W\xf6Je|H\x10\x05\xf1\xab\xc4MJ\xcbP\xed@\xe8\xe39\xd2\xea\xaap\xf9\x1aTM\x1f\x8e\x86c\xb4T\xde\x10\xf6\xa1\x89\xea)6\xca\x00\xa2\x04\xe6}\xaa\xd4\xf6~\xd0\x04bq\xe5\xa2\x99t;zzV\x15t[f\x16\x9dL\xe3\xc9\xf8Q\xf3<\x98\x9a\x1b\xb9\x87@\xe9#\x99\xd6\xb8\xa4\xb1T\xdd\xe0\x93\xd0\xd5\xd8\x0f\x11y\xef\xf1R\v\xd6\x81\x97\xa96,q\xd053\x1a\x11VEG(\x93\x18\xf2\xbc\x17\x1f\xd7\x89F(G\x18S\xda\x99\xdb\xeb\xa0\xc9*\xbd\xb4=Y;\xa8\xed\xd2\xa9\xa2\x87\xa0\xfb\r\xf7I1]:\xd1;h\xc6\xe2M\xf2\x005\x96\x9b\xd1\x92\x048\xb2\x02\xf1C\xdf\xa6\xc2\xb2\x1d\n:mnO8\\\xa1\x7f\x92r\x95\x96\xda7\xea\x85\xc8\x8c\xa8^\xb7\x1f\x80\x05\x03\xbb\xef9C\xcb(\x9bF\vHFW\x04\x1d\xc7LkW\xb2\xe9\xdd\x17\xe8%\x86\xd1H\rR\xafX\x1f\xea') close(r0) [ 197.666509][ T3872] kobject: 'loop1' (00000000eae12cd7): kobject_uevent_env [ 197.678698][ T8242] RDX: 0000000000000002 RSI: ffffffff82f06f51 RDI: 0000000000000010 [ 197.679164][ T3872] kobject: 'loop1' (00000000eae12cd7): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 197.706825][ T8242] RBP: ffff888058a0f8e8 R08: ffff888058a06540 R09: ffff888058a06e30 22:49:44 executing program 4: syz_open_procfs(0x0, &(0x7f0000000100)='pagemap\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000140)='fd/3\x00W\xf6Je|H\x10\x05\xf1\xab\xc4MJ\xcbP\xed@\xe8\xe39\xd2\xea\xaap\xf9\x1aTM\x1f\x8e\x86c\xb4T\xde\x10\xf6\xa1\x89\xea)6\xca\x00\xa2\x04\xe6}\xaa\xd4\xf6~\xd0\x04bq\xe5\xa2\x99t;zzV\x15t[f\x16\x9dL\xe3\xc9\xf8Q\xf3<\x98\x9a\x1b\xb9\x87@\xe9#\x99\xd6\xb8\xa4\xb1T\xdd\xe0\x93\xd0\xd5\xd8\x0f\x11y\xef\xf1R\v\xd6\x81\x97\xa96,q\xd053\x1a\x11VEG(\x93\x18\xf2\xbc\x17\x1f\xd7\x89F(G\x18S\xda\x99\xdb\xeb\xa0\xc9*\xbd\xb4=Y;\xa8\xed\xd2\xa9\xa2\x87\xa0\xfb\r\xf7I1]:\xd1;h\xc6\xe2M\xf2\x005\x96\x9b\xd1\x92\x048\xb2\x02\xf1C\xdf\xa6\xc2\xb2\x1d\n:mnO8\\\xa1\x7f\x92r\x95\x96\xda7\xea\x85\xc8\x8c\xa8^\xb7\x1f\x80\x05\x03\xbb\xef9C\xcb(\x9bF\vHFW\x04\x1d\xc7LkW\xb2\xe9\xdd\x17\xe8%\x86\xd1H\rR\xafX\x1f\xea') close(r0) 22:49:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = eventfd2(0x0, 0x0) read$eventfd(r1, &(0x7f0000000140), 0x53e6) io_setup(0xa3c, &(0x7f0000409000)=0x0) io_submit(r2, 0x1, &(0x7f0000329fd8)=[&(0x7f00002a8000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r1}]) [ 197.716794][ T3872] kobject: 'loop4' (00000000cbbcd252): kobject_uevent_env [ 197.733893][ T3872] kobject: 'loop4' (00000000cbbcd252): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 197.736599][ T8242] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002 [ 197.764549][ T8242] R13: 0000000000000010 R14: ffffed1012c00592 R15: 0000000000585a38 [ 197.784233][ T3872] kobject: 'loop3' (000000002d49c3b2): kobject_uevent_env [ 197.795091][ T8242] FS: 00007f43a5a80700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 197.800280][ T3872] kobject: 'loop3' (000000002d49c3b2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 197.808547][ T8242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 197.828616][ T8242] CR2: 00000000004dc388 CR3: 000000009d7e2000 CR4: 00000000001406e0 [ 197.842838][ T8242] Kernel panic - not syncing: Fatal exception [ 197.849618][ T8242] Kernel Offset: disabled [ 197.853935][ T8242] Rebooting in 86400 seconds..