[ 31.406601] kauditd_printk_skb: 8 callbacks suppressed [ 31.406607] audit: type=1800 audit(1569036568.724:33): pid=6766 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 31.433942] audit: type=1800 audit(1569036568.724:34): pid=6766 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.710410] random: sshd: uninitialized urandom read (32 bytes read) [ 34.942327] audit: type=1400 audit(1569036572.264:35): avc: denied { map } for pid=6939 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 34.992560] random: sshd: uninitialized urandom read (32 bytes read) [ 35.636305] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.4' (ECDSA) to the list of known hosts. [ 41.218626] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/21 03:29:38 fuzzer started [ 41.413027] audit: type=1400 audit(1569036578.734:36): avc: denied { map } for pid=6949 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 42.315577] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/21 03:29:40 dialing manager at 10.128.0.105:35365 2019/09/21 03:29:40 syscalls: 2472 2019/09/21 03:29:40 code coverage: enabled 2019/09/21 03:29:40 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/21 03:29:40 extra coverage: extra coverage is not supported by the kernel 2019/09/21 03:29:40 setuid sandbox: enabled 2019/09/21 03:29:40 namespace sandbox: enabled 2019/09/21 03:29:40 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/21 03:29:40 fault injection: enabled 2019/09/21 03:29:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/21 03:29:40 net packet injection: enabled 2019/09/21 03:29:40 net device setup: enabled [ 44.476539] random: crng init done 03:31:23 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) 03:31:23 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, 0x0) 03:31:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") r1 = socket(0x2, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) 03:31:23 executing program 2: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) lstat(0x0, 0x0) clock_gettime(0x0, 0x0) io_setup(0x0, 0x0) io_setup(0x0, 0x0) io_getevents(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCSSERIAL(r0, 0x541f, 0x0) 03:31:23 executing program 3: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") getsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000080), &(0x7f0000000100)=0x4) 03:31:23 executing program 4: r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x77, &(0x7f0000000100), 0xc) [ 146.006966] audit: type=1400 audit(1569036683.324:37): avc: denied { map } for pid=6949 comm="syz-fuzzer" path="/root/syzkaller-shm844224685" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 146.070224] audit: type=1400 audit(1569036683.354:38): avc: denied { map } for pid=6966 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=35 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 146.186347] IPVS: ftp: loaded support on port[0] = 21 [ 146.531682] chnl_net:caif_netlink_parms(): no params data found [ 146.542244] IPVS: ftp: loaded support on port[0] = 21 [ 146.573404] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.580685] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.587851] device bridge_slave_0 entered promiscuous mode [ 146.596011] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.602474] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.609768] device bridge_slave_1 entered promiscuous mode [ 146.624807] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 146.634102] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 146.650211] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 146.658028] team0: Port device team_slave_0 added [ 146.665001] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 146.672207] team0: Port device team_slave_1 added [ 146.678926] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 146.691038] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 146.751945] device hsr_slave_0 entered promiscuous mode [ 146.830367] device hsr_slave_1 entered promiscuous mode [ 146.872368] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 146.881999] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 146.892800] IPVS: ftp: loaded support on port[0] = 21 [ 146.942934] chnl_net:caif_netlink_parms(): no params data found [ 146.954570] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.961292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.968192] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.974691] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.024563] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.031634] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.038607] device bridge_slave_0 entered promiscuous mode [ 147.049346] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.056425] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.064788] IPVS: ftp: loaded support on port[0] = 21 [ 147.065367] device bridge_slave_1 entered promiscuous mode [ 147.095901] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 147.105113] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 147.128658] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 147.135917] team0: Port device team_slave_0 added [ 147.143618] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 147.150831] team0: Port device team_slave_1 added [ 147.156159] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 147.176058] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 147.252543] device hsr_slave_0 entered promiscuous mode [ 147.290428] device hsr_slave_1 entered promiscuous mode [ 147.367824] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 147.376081] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 147.397837] chnl_net:caif_netlink_parms(): no params data found [ 147.444469] IPVS: ftp: loaded support on port[0] = 21 [ 147.444839] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.456269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 147.462936] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.469307] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.512902] chnl_net:caif_netlink_parms(): no params data found [ 147.528289] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.534997] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.542190] device bridge_slave_0 entered promiscuous mode [ 147.549040] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.555578] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.562669] device bridge_slave_1 entered promiscuous mode [ 147.603446] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 147.612615] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.629924] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.637648] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.644550] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.653692] 8021q: adding VLAN 0 to HW filter on device bond0 [ 147.670967] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 147.693765] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.700933] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.707818] device bridge_slave_0 entered promiscuous mode [ 147.715593] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 147.729037] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.735717] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.742757] device bridge_slave_1 entered promiscuous mode [ 147.763301] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 147.772338] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 147.778738] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 147.786148] team0: Port device team_slave_0 added [ 147.792118] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 147.799183] team0: Port device team_slave_1 added [ 147.805417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 147.813187] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 147.823533] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 147.842673] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 147.849766] team0: Port device team_slave_0 added [ 147.855370] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 147.873014] IPVS: ftp: loaded support on port[0] = 21 [ 147.873238] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 147.884815] 8021q: adding VLAN 0 to HW filter on device team0 [ 147.891332] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 147.898399] team0: Port device team_slave_1 added [ 147.905791] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 147.913511] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 147.936063] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 147.948588] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 147.963812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 147.972060] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 147.979834] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.986346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.043491] device hsr_slave_0 entered promiscuous mode [ 148.080456] device hsr_slave_1 entered promiscuous mode [ 148.122259] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 148.183553] device hsr_slave_0 entered promiscuous mode [ 148.230420] device hsr_slave_1 entered promiscuous mode [ 148.270412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 148.278520] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 148.286389] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.292889] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.300149] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 148.307327] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 148.315484] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 148.326551] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 148.336281] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 148.346747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 148.359657] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 148.375153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 148.384662] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 148.394462] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 148.407433] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 148.415573] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.425437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 148.433367] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 148.441125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 148.448783] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 148.456607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 148.464252] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 148.484239] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 148.493781] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 148.500413] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 148.512346] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 148.520428] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 148.535745] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 148.541997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 148.549410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 148.557152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 148.564059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 148.594296] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 148.600616] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 148.609166] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 148.616157] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.684179] chnl_net:caif_netlink_parms(): no params data found [ 148.714758] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 148.723648] chnl_net:caif_netlink_parms(): no params data found [ 148.746791] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 148.757991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 148.767818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 148.775668] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.782050] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.790661] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 148.800976] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 148.832243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 148.840535] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 148.848373] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.854786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.862618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 148.885775] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.892402] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.899262] device bridge_slave_0 entered promiscuous mode [ 148.908121] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 148.922482] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.928858] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.936379] device bridge_slave_0 entered promiscuous mode [ 148.942878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 148.950929] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.957274] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.964459] device bridge_slave_1 entered promiscuous mode [ 148.981435] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.988463] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 148.997979] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 149.005497] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.012766] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.019739] device bridge_slave_1 entered promiscuous mode [ 149.036584] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 149.043133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 149.051723] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 149.059408] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 149.067555] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 149.082408] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.091071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 149.099261] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 149.119514] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 149.129257] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 149.135759] 8021q: adding VLAN 0 to HW filter on device team0 [ 149.149013] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 149.156440] team0: Port device team_slave_0 added [ 149.164046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 149.172097] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 149.179589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 149.186701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 149.195017] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 149.206074] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 149.215098] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 149.223362] team0: Port device team_slave_1 added [ 149.229158] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 149.236494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 149.244767] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 149.254121] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 149.264136] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 149.275531] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 149.284114] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 149.298714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 149.306732] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 149.315316] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 149.323696] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 149.329705] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 149.346560] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 149.359278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 149.368317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 149.376396] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.382801] bridge0: port 1(bridge_slave_0) entered forwarding state [ 149.390922] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 149.397896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 149.405808] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 149.419295] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 149.472451] device hsr_slave_0 entered promiscuous mode [ 149.511682] device hsr_slave_1 entered promiscuous mode [ 149.550802] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 149.558131] team0: Port device team_slave_0 added [ 149.564055] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 149.572583] team0: Port device team_slave_1 added [ 149.578133] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 149.589069] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 149.595260] 8021q: adding VLAN 0 to HW filter on device team0 03:31:26 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) socket$inet6_dccp(0xa, 0x6, 0x0) r0 = syz_open_dev$loop(0x0, 0x4, 0x100082) r1 = memfd_create(&(0x7f0000000380)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000180)='\'', 0x1}], 0x1, 0x8180a) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x10, 0xffffffffffffffff, 0x0) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r3, 0x0) sendto$inet6(r2, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "d44eb8c7308ec7c4", "442065238929350ade91900b51fc9534", "6bdda720", "7ee51430da3f51b3"}, 0x28) sendto$inet6(r2, &(0x7f0000000080)="39a110", 0xffffffffffffffc1, 0x40, 0x0, 0xfffffffffffffe5b) write$binfmt_script(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="a7999a104850913a9090415bc1ada9a821783d1b2d86e59aa74101d10f25dd494001f1bdb301774654181f4979c1cff4c61a7a48716e099aa5a11e8b4f9804d4a079cc9886e6a129afc1291947a6c93dbc9c6f35b909b3af94ed37f6"], 0x5c) r4 = syz_open_dev$loop(&(0x7f0000000280)='/dev/loop#\x00', 0x4, 0x100082) sendfile(r4, 0xffffffffffffffff, 0x0, 0x20000102000007) [ 149.604196] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 149.618023] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 149.632749] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 149.644067] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.653064] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 149.664984] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 149.679334] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.685793] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.695344] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 149.718209] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 149.726489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 149.734961] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 149.747395] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 149.748802] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.764266] bridge0: port 1(bridge_slave_0) entered forwarding state [ 149.783120] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 149.800047] hrtimer: interrupt took 36546 ns [ 149.807573] kasan: CONFIG_KASAN_INLINE enabled [ 149.816246] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 149.824519] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 149.830863] Modules linked in: [ 149.834054] CPU: 0 PID: 7009 Comm: syz-executor.3 Not tainted 4.14.145 #0 [ 149.840371] kobject: 'hsr0' (ffff888063df8db0): kobject_add_internal: parent: 'net', set: 'devices' [ 149.841068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 149.851198] kobject: 'hsr0' (ffff888063df8db0): kobject_uevent_env [ 149.859802] task: ffff888063c981c0 task.stack: ffff888063ca0000 [ 149.859822] RIP: 0010:do_tcp_sendpages+0x33d/0x18f0 [ 149.859826] RSP: 0018:ffff888063ca7898 EFLAGS: 00010202 [ 149.859838] RAX: 0000000000000010 RBX: 0000000000000000 RCX: ffffc90006036000 [ 149.866754] kobject: 'hsr0' (ffff888063df8db0): fill_kobj_path: path = '/devices/virtual/net/hsr0' [ 149.872189] RDX: 00000000000007b7 RSI: ffffffff8523f1eb RDI: 0000000000000080 [ 149.872194] RBP: ffff888063ca79c0 R08: ffff888063c981c0 R09: 0000000000000001 [ 149.872197] R10: 0000000000000000 R11: ffff888063c981c0 R12: 0000000000005555 [ 149.872201] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff88809703c040 [ 149.872208] FS: 00007f0aacf9b700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 149.872212] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 149.872216] CR2: 0000001b2f326000 CR3: 000000007bdf4000 CR4: 00000000001406f0 [ 149.872224] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 149.872231] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 149.877561] kobject: 'queues' (ffff8880a1586b48): kobject_add_internal: parent: 'hsr0', set: '' [ 149.882571] Call Trace: [ 149.882590] ? kfree+0x196/0x270 [ 149.882606] ? sk_stream_alloc_skb+0x780/0x780 [ 149.882619] ? tcp_rate_check_app_limited+0x2ba/0x320 [ 149.890418] kobject: 'queues' (ffff8880a1586b48): kobject_uevent_env [ 149.898964] tls_push_sg+0x1e1/0x660 [ 149.898977] tls_push_record+0xa4a/0x1210 [ 149.906314] kobject: 'queues' (ffff8880a1586b48): kobject_uevent_env: filter function caused the event to drop! [ 149.913491] tls_sw_sendmsg+0x9e8/0x1020 [ 149.913505] ? retint_kernel+0x2d/0x2d [ 149.913519] ? trace_hardirqs_on_caller+0x400/0x590 [ 149.921164] kobject: 'rx-0' (ffff8880a018a250): kobject_add_internal: parent: 'queues', set: 'queues' [ 149.928033] ? alloc_encrypted_sg+0x100/0x100 [ 149.928047] ? retint_kernel+0x2d/0x2d [ 149.936377] kobject: 'rx-0' (ffff8880a018a250): kobject_uevent_env [ 149.942119] inet_sendmsg+0x122/0x500 [ 149.942127] ? inet_recvmsg+0x500/0x500 [ 149.942137] sock_sendmsg+0xce/0x110 [ 149.942146] SYSC_sendto+0x206/0x310 [ 149.949819] kobject: 'rx-0' (ffff8880a018a250): fill_kobj_path: path = '/devices/virtual/net/hsr0/queues/rx-0' [ 149.956686] ? SYSC_connect+0x2d0/0x2d0 [ 149.956703] ? trace_hardirqs_on_caller+0x400/0x590 [ 149.956714] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 149.956727] ? check_preemption_disabled+0x3c/0x250 [ 149.964311] kobject: 'tx-0' (ffff8880a828d798): kobject_add_internal: parent: 'queues', set: 'queues' [ 149.973440] ? retint_kernel+0x2d/0x2d [ 149.973454] ? SyS_getpeername+0x30/0x30 [ 149.973463] SyS_sendto+0x40/0x50 [ 149.973470] ? SyS_getpeername+0x30/0x30 [ 149.973480] do_syscall_64+0x1e8/0x640 [ 149.973492] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 149.976699] kobject: 'tx-0' (ffff8880a828d798): kobject_uevent_env [ 149.979427] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 149.979438] RIP: 0033:0x459a09 [ 149.984119] kobject: 'tx-0' (ffff8880a828d798): fill_kobj_path: path = '/devices/virtual/net/hsr0/queues/tx-0' [ 149.989171] RSP: 002b:00007f0aacf9ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 149.989180] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459a09 [ 149.989184] RDX: ffffffffffffffc1 RSI: 0000000020000080 RDI: 0000000000000007 [ 149.989188] RBP: 000000000075bf20 R08: 0000000000000000 R09: fffffffffffffe5b [ 149.989196] R10: 0000000000000040 R11: 0000000000000246 R12: 00007f0aacf9b6d4 [ 149.996994] kobject: 'batman_adv' (ffff88809714dd00): kobject_add_internal: parent: 'hsr0', set: '' [ 149.999365] R13: 00000000004c79b8 R14: 00000000004dd418 R15: 00000000ffffffff [ 149.999376] Code: [ 150.003768] device hsr_slave_0 entered promiscuous mode [ 150.013741] ff ff 48 0f 44 d8 e8 13 f1 38 fc 4d 85 e4 0f 84 9b 03 00 00 e8 05 f1 38 fc 48 8d bb 80 00 00 00 44 8b 65 a8 48 89 f8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 74 08 3c 03 0f 8e 85 11 00 00 44 2b a3 80 [ 150.232855] RIP: do_tcp_sendpages+0x33d/0x18f0 RSP: ffff888063ca7898 [ 150.244685] ---[ end trace 762ba515e8e6adf2 ]--- [ 150.249801] Kernel panic - not syncing: Fatal exception [ 150.256929] Kernel Offset: disabled [ 150.260558] Rebooting in 86400 seconds..