[ 31.064404] kauditd_printk_skb: 9 callbacks suppressed [ 31.064413] audit: type=1800 audit(1564400649.826:33): pid=6810 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 31.090949] audit: type=1800 audit(1564400649.826:34): pid=6810 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.215099] random: sshd: uninitialized urandom read (32 bytes read) [ 35.443670] audit: type=1400 audit(1564400654.206:35): avc: denied { map } for pid=6983 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 35.496165] random: sshd: uninitialized urandom read (32 bytes read) [ 36.148087] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts. [ 41.748991] random: sshd: uninitialized urandom read (32 bytes read) 2019/07/29 11:44:20 fuzzer started [ 41.942387] audit: type=1400 audit(1564400660.706:36): avc: denied { map } for pid=6992 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 44.045905] random: cc1: uninitialized urandom read (8 bytes read) 2019/07/29 11:44:23 dialing manager at 10.128.0.105:45179 2019/07/29 11:44:24 syscalls: 2461 2019/07/29 11:44:24 code coverage: enabled 2019/07/29 11:44:24 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/07/29 11:44:24 extra coverage: extra coverage is not supported by the kernel 2019/07/29 11:44:24 setuid sandbox: enabled 2019/07/29 11:44:24 namespace sandbox: enabled 2019/07/29 11:44:24 Android sandbox: /sys/fs/selinux/policy does not exist 2019/07/29 11:44:24 fault injection: enabled 2019/07/29 11:44:24 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/07/29 11:44:24 net packet injection: enabled 2019/07/29 11:44:24 net device setup: enabled [ 46.075402] random: crng init done 11:46:34 executing program 0: 11:46:34 executing program 5: 11:46:34 executing program 1: [ 175.513413] audit: type=1400 audit(1564400794.276:37): avc: denied { map } for pid=6992 comm="syz-fuzzer" path="/root/syzkaller-shm010687038" dev="sda1" ino=16489 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 11:46:34 executing program 2: 11:46:34 executing program 3: 11:46:34 executing program 4: [ 175.554986] audit: type=1400 audit(1564400794.316:38): avc: denied { map } for pid=7011 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=12981 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 176.540208] IPVS: ftp: loaded support on port[0] = 21 [ 176.837993] chnl_net:caif_netlink_parms(): no params data found [ 176.847367] IPVS: ftp: loaded support on port[0] = 21 [ 176.900516] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.907322] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.914475] device bridge_slave_0 entered promiscuous mode [ 176.924666] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.931207] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.938140] device bridge_slave_1 entered promiscuous mode [ 176.963216] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.973497] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.994218] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 177.001207] IPVS: ftp: loaded support on port[0] = 21 [ 177.001768] team0: Port device team_slave_0 added [ 177.014425] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 177.021667] team0: Port device team_slave_1 added [ 177.027031] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 177.039156] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 177.142077] device hsr_slave_0 entered promiscuous mode [ 177.210516] device hsr_slave_1 entered promiscuous mode [ 177.279522] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 177.289297] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 177.301748] chnl_net:caif_netlink_parms(): no params data found [ 177.334918] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.341425] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.348302] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.354726] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.392058] IPVS: ftp: loaded support on port[0] = 21 [ 177.405864] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.412444] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.419304] device bridge_slave_0 entered promiscuous mode [ 177.456074] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.462732] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.469641] device bridge_slave_1 entered promiscuous mode [ 177.509165] chnl_net:caif_netlink_parms(): no params data found [ 177.528705] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.558759] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 177.584756] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.591793] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.598977] device bridge_slave_0 entered promiscuous mode [ 177.605650] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.612142] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.618972] device bridge_slave_1 entered promiscuous mode [ 177.646160] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 177.653418] team0: Port device team_slave_0 added [ 177.672011] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 177.678109] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.686257] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 177.693707] team0: Port device team_slave_1 added [ 177.704031] IPVS: ftp: loaded support on port[0] = 21 [ 177.724988] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 177.732449] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 177.740999] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.749911] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 177.769900] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 177.837480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.856749] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.863779] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.871784] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 177.932112] device hsr_slave_0 entered promiscuous mode [ 177.970299] device hsr_slave_1 entered promiscuous mode [ 178.053749] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 178.061158] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 178.068196] team0: Port device team_slave_0 added [ 178.074205] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 178.081689] team0: Port device team_slave_1 added [ 178.094006] chnl_net:caif_netlink_parms(): no params data found [ 178.116060] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 178.123146] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 178.134556] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 178.140767] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.159261] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 178.166553] IPVS: ftp: loaded support on port[0] = 21 [ 178.167104] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 178.183908] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.211733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.219502] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.227935] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.234325] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.244289] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.324254] device hsr_slave_0 entered promiscuous mode [ 178.360453] device hsr_slave_1 entered promiscuous mode [ 178.400418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.408225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.416023] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.422410] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.447059] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 178.455058] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 178.464221] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 178.482682] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.489059] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.496482] device bridge_slave_0 entered promiscuous mode [ 178.503595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.516912] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 178.533111] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.539532] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.547486] device bridge_slave_1 entered promiscuous mode [ 178.563977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.625887] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.634314] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 178.644716] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 178.657410] chnl_net:caif_netlink_parms(): no params data found [ 178.675533] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 178.683916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.692040] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.699608] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.707598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.715104] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.728205] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 178.754007] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 178.764322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 178.774251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 178.787428] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 178.796528] team0: Port device team_slave_0 added [ 178.827868] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 178.836809] team0: Port device team_slave_1 added [ 178.843533] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 178.852016] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 178.870398] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 178.893471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.901344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.911508] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.952412] device hsr_slave_0 entered promiscuous mode [ 178.980608] device hsr_slave_1 entered promiscuous mode [ 179.040864] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 179.070173] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.076578] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.086455] device bridge_slave_0 entered promiscuous mode [ 179.099647] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 179.106783] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.115245] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.122652] device bridge_slave_1 entered promiscuous mode [ 179.129068] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 179.166573] chnl_net:caif_netlink_parms(): no params data found [ 179.180660] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 179.186693] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.209517] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.227642] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.241241] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 179.248873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.255916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.264168] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.286773] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 179.292905] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.299698] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 179.317096] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.325294] team0: Port device team_slave_0 added [ 179.335368] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.345618] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.352779] team0: Port device team_slave_1 added [ 179.358223] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 179.366184] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 179.375210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.383109] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.390913] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.397270] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.404351] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.413754] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 179.424316] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 179.447577] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 179.474862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.483422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.491159] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.500935] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 179.507007] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.516189] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.562367] device hsr_slave_0 entered promiscuous mode [ 179.600496] device hsr_slave_1 entered promiscuous mode [ 179.650416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.658162] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.668113] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.674469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.683240] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 179.691361] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 179.699411] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.707200] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.718401] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.725778] device bridge_slave_0 entered promiscuous mode [ 179.736383] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.743637] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.753262] device bridge_slave_1 entered promiscuous mode [ 179.764378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.772613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.780478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.788165] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.794574] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.802915] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 179.809899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.819442] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 179.859987] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.868869] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.881400] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 179.889774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.904695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.917694] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.925738] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.932160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.939565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.950178] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready 11:46:38 executing program 5: r0 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000000)={0x5}) [ 179.971388] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 179.979056] bond0: Enslaving bond_slave_1 as an active interface with an up link 11:46:38 executing program 5: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x80000006, 0x0, 0x0, 0x50000}]}) r0 = socket$inet_tcp(0x2, 0x1, 0x0) write$P9_RLOPEN(r0, 0x0, 0x0) [ 180.013456] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 180.029738] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 180.042019] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready 11:46:38 executing program 5: syz_open_dev$vcsn(&(0x7f0000000180)='/dev/vcs#\x00', 0x0, 0x0) [ 180.098672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.107424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.124570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.139293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready 11:46:38 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) bpf$MAP_DELETE_ELEM(0x4, &(0x7f00000001c0)={r0, &(0x7f00000000c0)}, 0x10) [ 180.147559] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.156821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.165754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 11:46:38 executing program 5: r0 = socket$inet(0x10, 0x2000000003, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000140)="240000002e0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000005e00ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000064c0), 0x40000000000022a, 0x0, 0x0) [ 180.191560] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 180.207703] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.215525] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 180.225247] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 180.236973] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 180.244509] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 180.251952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.259486] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.267165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 180.274996] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 180.282764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 180.290397] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 180.298194] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 180.305882] team0: Port device team_slave_0 added [ 180.313471] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 180.325795] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 180.332068] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 180.339298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 180.347046] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 180.354838] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 180.363487] team0: Port device team_slave_1 added [ 180.368803] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.377706] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.388893] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 180.411050] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 180.426332] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 180.435550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 180.443562] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 180.493860] device hsr_slave_0 entered promiscuous mode [ 180.530759] device hsr_slave_1 entered promiscuous mode [ 180.580740] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 180.588017] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 180.596670] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 180.605016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 180.614800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 180.628267] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 180.654807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 180.661876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.680608] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 180.688823] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 180.697445] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 180.703982] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.716064] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.727307] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 180.741076] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.749185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.762560] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.777647] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.784057] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.793408] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 180.803395] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 180.813818] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.829220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.838374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.846298] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.852720] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.861516] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 180.869719] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready 11:46:39 executing program 2: symlinkat(&(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, 0x0) clone(0x40100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x60, &(0x7f0000000080)={0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'none\x00'}, 0x2c) [ 180.896483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 180.909274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.922249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.933777] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 180.945815] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.954392] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 180.980862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.999160] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.012487] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.021525] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 181.029149] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.038396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.051614] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.058025] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.065824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.073804] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.084004] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.100970] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.108433] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 181.141904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.159860] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.167853] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.174319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.187023] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 181.196341] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.205076] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 181.213743] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 181.222186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.230534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.238180] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.246049] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 181.253068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 181.262559] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 181.273130] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 181.279220] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.288993] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 181.298849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.306943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.315517] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.324799] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 181.336079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.343753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.351599] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 181.360557] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.369044] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 181.376694] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 181.384292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.393166] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.401155] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.407534] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.414583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.422091] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.429396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.437171] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.445098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.459395] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 181.468877] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.475962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.484293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.491834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.499463] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.507260] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.513654] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.523536] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 181.532222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.539790] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.549526] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.558418] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 181.564527] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 181.572588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.582720] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 181.590799] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 181.596785] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 181.606303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.617294] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 181.628814] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 181.637472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.645293] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.653207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.661006] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.668482] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 181.679377] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 181.689816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.697426] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.706656] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 181.716624] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 181.726655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.734413] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.744120] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 181.754067] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 181.762254] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 181.772610] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 181.787960] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 181.799690] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 181.812901] 8021q: adding VLAN 0 to HW filter on device batadv0 11:46:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x14, r1, 0x301, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) 11:46:41 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x18, r1, 0x1, 0x0, 0x0, {0xf}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0) [ 182.789256] audit: type=1400 audit(1564400801.546:39): avc: denied { create } for pid=7108 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 182.828289] audit: type=1400 audit(1564400801.546:40): avc: denied { write } for pid=7109 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 182.858926] audit: type=1400 audit(1564400801.546:41): avc: denied { read } for pid=7109 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 11:46:41 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='task\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) open(&(0x7f0000000280)='./bus\x00', 0x141042, 0x0) r2 = open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002011, r2, 0x0) fstat(r0, 0x0) 11:46:41 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x100082) memfd_create(0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$rxrpc(0x21, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$sg(0x0, 0x0, 0x400001) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCSISO7816(0xffffffffffffffff, 0xc0285443, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000340)=[{0x0}], 0x1, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40fdf) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x0) syz_genetlink_get_family_id$ipvs(0x0) read$eventfd(r1, &(0x7f0000000080), 0x8) 11:46:41 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x2000000003, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000140)="240000002e0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000005e00ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000800)='/dev/net/tun\x00', 0x0, 0x0) recvmmsg(r0, &(0x7f00000064c0), 0x40000000000022a, 0x0, 0x0) 11:46:41 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x3, 0x0, 0x0) 11:46:41 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)={r0, &(0x7f00000000c0)}, 0x10) 11:46:41 executing program 2: symlinkat(&(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, 0x0) clone(0x40100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x60, &(0x7f0000000080)={0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'none\x00', 0x0, 0x200000}, 0x2c) 11:46:41 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="000000009204000000c195b86316f5c2", 0x10) [ 183.060748] audit: type=1804 audit(1564400801.816:42): pid=7124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir987249210/syzkaller.EpmN2O/1/bus" dev="sda1" ino=16541 res=1 [ 183.102562] hrtimer: interrupt took 37553 ns 11:46:41 executing program 0: timerfd_create(0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)='fdinfo/3\x00') preadv(r0, &(0x7f00000017c0), 0x199, 0x2) 11:46:41 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = memfd_create(&(0x7f00000000c0)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\x94a\xac', 0x3) write$binfmt_misc(r1, &(0x7f0000000c40)=ANY=[@ANYRES32], 0xff67) sendfile(r0, r1, &(0x7f0000000000), 0xffff) fcntl$addseals(r1, 0x409, 0x8) fsetxattr$trusted_overlay_nlink(r1, &(0x7f0000000040)='trusted.overlay.nlinkk', 0x0, 0x0, 0x0) 11:46:41 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0x1, 0x0}, 0x9) 11:46:42 executing program 0: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="280000003200015a19aad2623e020095c9d7000000001400010010000100080003000000000000000000"], 0x28}}, 0x0) r0 = socket(0x4000000000010, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x492492492492540, 0x0) 11:46:42 executing program 2: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet(0x2, 0x3, 0x2a) write$UHID_CREATE(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r0, 0x0, 0x40040) 11:46:42 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x14, r1, 0x301, 0x0, 0x0, {0x8}}, 0x14}}, 0x0) 11:46:42 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xad3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x2000000003, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000140)="240000002e0007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000005e00ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000064c0), 0x40000000000022a, 0x0, 0x0) syz_open_procfs(0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0) [ 183.339445] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 183.353464] tc_dump_action: action bad kind [ 183.369959] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 183.389716] tc_dump_action: action bad kind 11:46:42 executing program 3: io_setup(0x1004, &(0x7f00000000c0)=0x0) r1 = socket(0x0, 0x2, 0x10000000000002) connect$rxrpc(r1, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x24) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, 0x0) write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f0000000180)={0xf}, 0xf) ioctl(0xffffffffffffffff, 0x1000008912, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$usbmon(0x0, 0x26, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000240)=ANY=[@ANYBLOB="a6490c5274e56463f4c8e6d6f9b6851a03e07fdb157c6c8ecf34ed952e8faadb33bf41474e60cb3d98829fd7cec40cf16b83a3a7ffe63c728a9676a52260c08eb57142f14bd3ae65be8c9ba341989ee9752d97d18d7292a55e122e8d9df786b596d1c3a2e133002ca6ca601a54272c1967f15b884c0ee25ee0224378895a8e138d32bf69c45d275061f9418d03bfdca8df739d1e3e4ddf46d9e77f3aee846372"], 0x0) syz_open_dev$audion(0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000200)) openat$nullb(0xffffffffffffff9c, &(0x7f0000000480)='/dev/nullb0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x10, 0xffffffffffffffff, 0x0) io_setup(0x0, &(0x7f0000000040)=0x0) shmdt(0x0) io_submit(r3, 0x1, &(0x7f0000001540)=[0x0]) sendmmsg(r1, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[{0x18, 0x110, 0x1, 'w'}], 0x18}}], 0x1, 0x0) recvmmsg(r1, 0x0, 0x0, 0x10002, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'\x00', 0x4902}) io_submit(r0, 0x1, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r4, &(0x7f0000000040), 0x2000ffa6}]) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x608000, 0x0) ioctl$EVIOCGVERSION(r5, 0x80044501, &(0x7f0000000640)=""/4096) 11:46:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000003000008912, &(0x7f0000000900)="11dca50d5e0bcfe47bf070") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x30, r2, 0x505, 0x0, 0x0, {{}, 0x0, 0x5, 0x0, {0x14}}}, 0x30}}, 0x0) 11:46:42 executing program 0: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="2800000032009d134ace9a44f658c9d700000000140001001000f0c6c4219f07d0930ed102000000a7fb8673c3"], 0x28}}, 0x0) r0 = socket(0x6000000000010, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x492492492492540, 0x0) 11:46:42 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 11:46:42 executing program 1: r0 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f00000000c0)={0x7, @pix_mp}) 11:46:42 executing program 5: io_setup(0x1004, &(0x7f00000000c0)=0x0) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r1, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x24) listen(0xffffffffffffffff, 0x0) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, 0x0) write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f0000000180)={0xf}, 0xf) ioctl(0xffffffffffffffff, 0x1000008912, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$usbmon(0x0, 0x26, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000240)=ANY=[@ANYBLOB="a6490c5274e56463f4c8e6d6f9b6851a03e07fdb157c6c8ecf34ed952e8faadb33bf41474e60cb3d98829fd7cec40cf16b83a3a7ffe63c728a9676a52260c08eb57142f14bd3ae65be8c9ba341989ee9752d97d18d7292a55e122e8d9df786b596d1c3a2e133002ca6ca601a54272c1967f15b884c0ee25ee0224378895a8e138d32bf69c45d275061f9418d03bfdca8df739d1e3e4ddf46d9e77f3aee846372"], 0x0) syz_open_dev$audion(0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000200)) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000480)='/dev/nullb0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x10, 0xffffffffffffffff, 0x0) io_setup(0x0, &(0x7f0000000040)=0x0) shmdt(0x0) io_submit(r4, 0x2000000000000246, &(0x7f0000001540)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x14000000, 0x0, r3, &(0x7f0000000000), 0xfffffce4}]) sendmmsg(r1, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[{0x18, 0x110, 0x1, 'w'}], 0x18}}], 0x1, 0x0) recvmmsg(r1, &(0x7f00000031c0)=[{{0x0, 0xf000000, 0x0, 0x0, 0x0, 0x78}}], 0x371, 0x10002, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'\x00', 0x4902}) io_submit(r0, 0x1, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r5, &(0x7f0000000040), 0x2000ffa6}]) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x608000, 0x0) ioctl$EVIOCGVERSION(r6, 0x80044501, &(0x7f0000000640)=""/4096) [ 183.936331] tc_dump_action: action bad kind [ 183.949521] tc_dump_action: action bad kind 11:46:42 executing program 0: getsockopt$inet_sctp_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, &(0x7f00000001c0)) r0 = syz_open_dev$midi(0x0, 0x5, 0x202) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r0, 0x81785501, &(0x7f0000000340)=""/94) fremovexattr(0xffffffffffffffff, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) readv(r1, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) 11:46:42 executing program 1: mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) r0 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r0, 0x28, 0x2, &(0x7f0000000000), 0x8) [ 184.058088] kasan: CONFIG_KASAN_INLINE enabled [ 184.067997] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 184.113389] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 184.119669] Modules linked in: [ 184.122884] CPU: 0 PID: 7205 Comm: syz-executor.5 Not tainted 4.14.134 #30 [ 184.129896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.139251] task: ffff8880581b23c0 task.stack: ffff8880581b8000 [ 184.145354] RIP: 0010:rxrpc_connect_call+0xc9/0x41a0 [ 184.150446] RSP: 0018:ffff8880581bf738 EFLAGS: 00010206 [ 184.155801] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90005e2d000 [ 184.163084] RDX: 0000000000000003 RSI: ffffffff8593c089 RDI: 0000000000000018 [ 184.170361] RBP: ffff8880581bf880 R08: 0000000000000001 R09: ffff8880581b2c60 [ 184.177635] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88809381cc00 [ 184.184912] R13: ffff88805d028460 R14: ffff88805d028450 R15: ffff8880581bf998 [ 184.192183] FS: 00007f21d03d7700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 184.200407] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 184.206295] CR2: 00007f9cef414518 CR3: 00000000a5ba6000 CR4: 00000000001406f0 [ 184.213578] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 184.220936] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 184.228207] Call Trace: [ 184.230828] ? trace_hardirqs_on_caller+0x400/0x590 [ 184.235853] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 184.240646] ? rxrpc_discard_expired_client_conns+0x7e0/0x7e0 [ 184.246535] ? retint_kernel+0x2d/0x2d [ 184.250432] rxrpc_new_client_call+0x8f7/0x1420 [ 184.255117] ? rxrpc_do_sendmsg+0x91a/0x1103 [ 184.259518] rxrpc_do_sendmsg+0x91a/0x1103 [ 184.263749] ? rxrpc_kernel_send_data+0x470/0x470 [ 184.268620] rxrpc_sendmsg+0x48a/0x650 [ 184.272526] ? security_socket_sendmsg+0x89/0xb0 [ 184.277307] ? rxrpc_sock_destructor+0x130/0x130 [ 184.282081] sock_sendmsg+0xce/0x110 [ 184.285814] ___sys_sendmsg+0x349/0x840 [ 184.289808] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 184.294589] ? __fget+0x210/0x370 [ 184.298059] ? lock_downgrade+0x6e0/0x6e0 [ 184.302226] ? __fget+0x237/0x370 [ 184.305697] ? __fget_light+0x172/0x1f0 [ 184.309692] ? __fdget+0x1b/0x20 [ 184.313068] ? sockfd_lookup_light+0xb4/0x160 [ 184.317588] __sys_sendmmsg+0x152/0x3a0 [ 184.321585] ? SyS_sendmsg+0x50/0x50 [ 184.325331] ? kasan_check_read+0x11/0x20 [ 184.329527] ? _copy_to_user+0x87/0xd0 [ 184.333426] ? put_timespec64+0xb4/0x100 [ 184.337489] ? nsecs_to_jiffies+0x30/0x30 [ 184.341649] ? SyS_clock_gettime+0xf8/0x180 [ 184.346510] SyS_sendmmsg+0x35/0x60 [ 184.350237] ? __sys_sendmmsg+0x3a0/0x3a0 [ 184.354389] do_syscall_64+0x1e8/0x640 [ 184.358279] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 184.363136] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 184.368331] RIP: 0033:0x459829 [ 184.371513] RSP: 002b:00007f21d03d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 184.379220] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459829 [ 184.386484] RDX: 0000000000000001 RSI: 0000000020005c00 RDI: 0000000000000003 [ 184.393751] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 184.401912] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f21d03d76d4 [ 184.409171] R13: 00000000004c6fe8 R14: 00000000004dc518 R15: 00000000ffffffff [ 184.416437] Code: e8 03 80 3c 18 00 0f 85 6f 39 00 00 48 8b 85 28 ff ff ff 48 8b 18 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 18 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 8a 39 00 00 48 8b 5b 18 48 8d bb 00 02 00 00 [ 184.435708] RIP: rxrpc_connect_call+0xc9/0x41a0 RSP: ffff8880581bf738 [ 184.452161] kobject: 'batman_adv' (ffff88809267dd00): kobject_uevent_env [ 184.452238] ---[ end trace 7d014b702b15c29b ]--- [ 184.459807] audit: type=1400 audit(1564400803.216:43): avc: denied { map } for pid=7212 comm="syz-executor.1" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=25400 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=1 [ 184.463918] Kernel panic - not syncing: Fatal exception [ 184.495136] kobject: 'batman_adv' (ffff88809267dd00): kobject_uevent_env: filter function caused the event to drop! [ 184.498437] Kernel Offset: disabled [ 184.512593] Rebooting in 86400 seconds..