[ 33.794995] kauditd_printk_skb: 9 callbacks suppressed [ 33.795003] audit: type=1800 audit(1556265875.969:33): pid=6901 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 33.822310] audit: type=1800 audit(1556265875.969:34): pid=6901 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.098965] random: sshd: uninitialized urandom read (32 bytes read) [ 37.492120] audit: type=1400 audit(1556265879.669:35): avc: denied { map } for pid=7076 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 37.544421] random: sshd: uninitialized urandom read (32 bytes read) [ 38.231000] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.204' (ECDSA) to the list of known hosts. [ 43.839983] random: sshd: uninitialized urandom read (32 bytes read) 2019/04/26 08:04:46 fuzzer started [ 44.039601] audit: type=1400 audit(1556265886.209:36): avc: denied { map } for pid=7085 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 45.982472] random: cc1: uninitialized urandom read (8 bytes read) 2019/04/26 08:04:49 dialing manager at 10.128.0.105:44877 2019/04/26 08:04:49 syscalls: 2434 2019/04/26 08:04:49 code coverage: enabled 2019/04/26 08:04:49 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/04/26 08:04:49 extra coverage: extra coverage is not supported by the kernel 2019/04/26 08:04:49 setuid sandbox: enabled 2019/04/26 08:04:49 namespace sandbox: enabled 2019/04/26 08:04:49 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/26 08:04:49 fault injection: enabled 2019/04/26 08:04:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/26 08:04:49 net packet injection: enabled 2019/04/26 08:04:49 net device setup: enabled [ 48.306757] random: crng init done 08:07:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r2 = creat(&(0x7f00000003c0)='./file1\x00', 0x0) dup2(r2, r1) 08:07:00 executing program 0: r0 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') r1 = creat(&(0x7f00000003c0)='./file1\x00', 0x0) dup2(r1, r0) 08:07:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") semget(0x0, 0x0, 0x0) 08:07:00 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00007a1ff6)='net/unix\x00') sendfile(r0, r1, &(0x7f00004db000)=0x300, 0xfe) 08:07:00 executing program 2: accept4$inet(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$midi(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0x0, 0x0, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) r2 = memfd_create(&(0x7f0000001b40)='t\bnu\x00\x00\x00\x7f\x00\x00\x8c\x00\x10\x00\x00\x00\x00\x00\x00N\x1c\xc3\xfe\xc3.\x12\x1e\xcc\xf2\xd8\xd5l\x04~K8\xff\xe1S\xfa\xc1\xbb\x8bx\x9e\v\x83\xf6\xb2q[\xfd\xd8\x8b\x1d7\xcc\xe9\x82\xe8Y\xda\xec\x02sh5\x8d\x90J\xd0v\tu@\x13\x94\xd3\xe2\x8d\xec\x914\xcaKy\xe9K\x9cP\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa1\xff\x96\xec\xf8\xcaJH\xef\xfc\n.}\x0fnvI\x83\xa5\xfc\xd3\xe4(\xa7&\xab\xd2\xd5\x90\x87\xea\xddO\x1f\xff\x00\x00\x00\xdd\xb1\xc6\xae\x0f\xb6\xfcEq\xc3\xe6p\x95\xc7x\x91\x9c\xf4\x10W\xfd\xea\xb3|\xa1\xb0M\x06C\xf1\xb5\xc3\x8a\xaf\x1b\x98\xc9c6\x13\xa6\x94\x14', 0x0) pwritev(r2, 0x0, 0x0, 0x1081806) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000600)={0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0xb, 0x1c, "7001e0f57c8cf6270b24e415e93e42aae51d871554c11cd59cc80000000025bad6b399778066f9d1ac8a570e3a42f70a7c0f30f66157a96aae15813f0dceb297", "a8a4cd0160ec941a3de45387daf7b1ac786d0e8a75e8904655faf6f2bc6cc487d93a61edb75c8d510255faf7f404000000daa4276939a341033400", "2f18ffffffffffff4116893616105829576914e70bfeb59800f97c97644ab8a7", [0x0, 0x2]}) 08:07:00 executing program 4: setreuid(0x0, 0xee00) r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x50000, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000140)) r1 = socket$netlink(0x10, 0x3, 0xf) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000440)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f00000006c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000680)={&(0x7f0000000480)={0x3c, r2, 0x308, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_NODE={0x8, 0x6, [@TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_SOCK={0x1c, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xffffffff}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfff}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_NET={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x0) r3 = geteuid() setresuid(r3, 0x0, 0x0) setrlimit(0x6, &(0x7f00000000c0)) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 178.323622] audit: type=1400 audit(1556266020.499:37): avc: denied { map } for pid=7085 comm="syz-fuzzer" path="/root/syzkaller-shm290833339" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 178.380259] audit: type=1400 audit(1556266020.529:38): avc: denied { map } for pid=7103 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 179.140361] IPVS: ftp: loaded support on port[0] = 21 [ 179.462351] IPVS: ftp: loaded support on port[0] = 21 [ 179.474701] chnl_net:caif_netlink_parms(): no params data found [ 179.548376] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.555205] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.562603] device bridge_slave_0 entered promiscuous mode [ 179.570471] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.576937] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.584095] device bridge_slave_1 entered promiscuous mode [ 179.592804] IPVS: ftp: loaded support on port[0] = 21 [ 179.615060] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.632307] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.685705] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.693248] team0: Port device team_slave_0 added [ 179.703231] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.710712] team0: Port device team_slave_1 added [ 179.728081] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 179.738548] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 179.822290] device hsr_slave_0 entered promiscuous mode [ 179.860453] device hsr_slave_1 entered promiscuous mode [ 179.940482] chnl_net:caif_netlink_parms(): no params data found [ 179.949950] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 179.963829] IPVS: ftp: loaded support on port[0] = 21 [ 179.972525] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 180.083288] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.089745] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.096666] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.103060] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.111518] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.117923] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.125572] device bridge_slave_0 entered promiscuous mode [ 180.135527] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.142039] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.149160] device bridge_slave_1 entered promiscuous mode [ 180.155744] chnl_net:caif_netlink_parms(): no params data found [ 180.192323] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.205165] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.236281] IPVS: ftp: loaded support on port[0] = 21 [ 180.242758] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 180.250832] team0: Port device team_slave_0 added [ 180.272314] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 180.279840] team0: Port device team_slave_1 added [ 180.298731] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.309242] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.356562] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.363317] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.370773] device bridge_slave_0 entered promiscuous mode [ 180.378349] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.385073] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.392169] device bridge_slave_1 entered promiscuous mode [ 180.475401] device hsr_slave_0 entered promiscuous mode [ 180.530600] device hsr_slave_1 entered promiscuous mode [ 180.600801] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 180.609231] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 180.648802] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.658274] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.675642] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.687698] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.726331] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 180.734204] team0: Port device team_slave_0 added [ 180.739929] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 180.747486] team0: Port device team_slave_1 added [ 180.753119] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.762764] IPVS: ftp: loaded support on port[0] = 21 [ 180.763840] chnl_net:caif_netlink_parms(): no params data found [ 180.786094] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 180.795267] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.862555] device hsr_slave_0 entered promiscuous mode [ 180.900557] device hsr_slave_1 entered promiscuous mode [ 180.941171] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 180.979111] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 181.061784] chnl_net:caif_netlink_parms(): no params data found [ 181.076100] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.095457] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.102189] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.109564] device bridge_slave_0 entered promiscuous mode [ 181.140796] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.147262] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.154759] device bridge_slave_1 entered promiscuous mode [ 181.175838] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 181.221511] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.231031] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 181.238431] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.255122] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.261911] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.268949] device bridge_slave_0 entered promiscuous mode [ 181.276965] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 181.292672] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 181.300899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 181.318777] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.325507] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.333125] device bridge_slave_1 entered promiscuous mode [ 181.353005] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 181.359091] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.398883] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.408783] team0: Port device team_slave_0 added [ 181.422305] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.431925] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.474272] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.481887] team0: Port device team_slave_1 added [ 181.488856] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.499322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.506092] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.513646] team0: Port device team_slave_0 added [ 181.523008] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.530523] team0: Port device team_slave_1 added [ 181.535900] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.544719] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.554246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.562170] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.569841] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.576270] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.585938] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.598372] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.623261] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 181.672522] device hsr_slave_0 entered promiscuous mode [ 181.710482] device hsr_slave_1 entered promiscuous mode [ 181.770854] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 181.778289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.786588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.794502] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.800908] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.809138] chnl_net:caif_netlink_parms(): no params data found [ 181.818430] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.894142] device hsr_slave_0 entered promiscuous mode [ 181.930501] device hsr_slave_1 entered promiscuous mode [ 181.972872] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 181.980986] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 181.995241] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 182.005441] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 182.013636] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 182.029823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.037745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 182.044885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 182.054221] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.064079] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.074257] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 182.081311] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.087775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.096156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.104375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.112365] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 182.125623] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.144937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.153611] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.168749] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 182.178141] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.204167] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.211358] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.218768] device bridge_slave_0 entered promiscuous mode [ 182.226200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.234604] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.242446] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.248874] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.256037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.265841] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 182.276941] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.284439] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.291513] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.298630] device bridge_slave_1 entered promiscuous mode [ 182.313567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 182.321459] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 182.329095] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.337160] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.344963] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.351403] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.362463] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 182.373319] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 182.384352] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 182.402433] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 182.411096] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 182.418779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.432063] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 182.438183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 182.451509] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.459898] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.476748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.488046] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.519004] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.527238] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.541438] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.548918] team0: Port device team_slave_0 added [ 182.556124] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.563792] team0: Port device team_slave_1 added [ 182.569537] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.579821] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 182.587937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.596029] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.604476] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 182.614177] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.627912] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 182.635782] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.646041] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 182.654066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.663119] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.671351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 182.678956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 182.686784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 182.694028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 182.710940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.732380] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 182.738505] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.748214] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 182.757035] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 182.769540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 182.777678] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 182.786768] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 182.795710] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.806607] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 182.854362] device hsr_slave_0 entered promiscuous mode [ 182.910629] device hsr_slave_1 entered promiscuous mode [ 182.958455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.966715] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.974762] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.981135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.988043] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 182.995466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.006334] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.017290] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.024796] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 183.042038] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.048849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.056584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.064772] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.073083] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.079453] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.089259] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.098610] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 183.109291] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 183.116210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.129584] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 183.136510] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.144374] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.158010] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 183.165560] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.173827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.181901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.195737] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.206152] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.217543] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 183.226268] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.237356] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 183.243908] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.250414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.258437] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.266593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.275000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.283235] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.289638] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.296910] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 183.305045] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.325204] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.337436] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.351772] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.370437] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 183.388287] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 183.410503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.419002] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.447134] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.453600] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.461833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.470843] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.478507] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.484918] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.493464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.501953] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.509636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 183.517536] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 183.527109] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.537323] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.549465] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 183.558957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.568134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.576549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.584976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.594091] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.600578] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.608139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 183.616228] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.627346] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.638102] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.647718] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.656068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 08:07:05 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000140)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_ADD_MAP(r0, 0xc0286415, &(0x7f0000000040)={&(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil}) [ 183.666997] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready 08:07:05 executing program 5: r0 = syz_open_dev$swradio(&(0x7f0000000200)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000240)={0x0, 0x9, 0x200000001, {0xb, @pix={0x0, 0xffffffff00000001}}}) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000540)={0x0, 0xa8, 0x2, {0xb, @sliced={0x0, [0x0, 0x1f]}}}) [ 183.694208] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 183.712238] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 183.724008] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.745408] kasan: CONFIG_KASAN_INLINE enabled [ 183.751749] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 183.769174] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.772391] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 183.782258] Modules linked in: [ 183.785293] audit: type=1400 audit(1556266025.959:39): avc: denied { create } for pid=7154 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 183.785500] CPU: 0 PID: 7151 Comm: syz-executor.5 Not tainted 4.14.113 #3 [ 183.815725] audit: type=1400 audit(1556266025.989:40): avc: denied { write } for pid=7154 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 183.816501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.816507] task: ffff8880650f42c0 task.stack: ffff8880650f8000 [ 183.816608] RIP: 0010:refcount_sub_and_test+0x2b/0xf0 [ 183.816617] RSP: 0018:ffff8880650ffb98 EFLAGS: 00010202 [ 183.849245] audit: type=1400 audit(1556266025.989:41): avc: denied { read } for pid=7154 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 183.890059] RAX: dffffc0000000000 RBX: ffff888091f3b080 RCX: ffffffff8425dac0 [ 183.897329] RDX: 0000000000000004 RSI: 0000000000000020 RDI: 0000000000000001 [ 183.904600] RBP: ffff8880650ffbc0 R08: 00000000f7d62fbb R09: ffff8880650f4b88 [ 183.911883] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000020 [ 183.919147] R13: 0000000000000001 R14: ffff888091f3b094 R15: 0000000000000000 [ 183.926433] FS: 00000000018b5940(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 183.934675] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 183.940562] CR2: 0000000000872c00 CR3: 000000008d50c000 CR4: 00000000001406f0 [ 183.947837] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 183.955119] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 183.962398] Call Trace: [ 183.964998] refcount_dec_and_test+0x1b/0x20 [ 183.969463] vb2_vmalloc_put+0x18/0x70 [ 183.973353] __vb2_buf_mem_free+0x106/0x1e0 [ 183.977682] ? vb2_vmalloc_dmabuf_ops_attach+0x3f0/0x3f0 [ 183.983135] __vb2_queue_free+0x63a/0x7e0 [ 183.987301] vb2_core_queue_release+0x64/0x80 [ 183.991893] _vb2_fop_release+0x1cf/0x2a0 [ 183.996034] vb2_fop_release+0x75/0xc0 [ 183.999923] vivid_fop_release+0x180/0x3f0 [ 184.004162] ? vivid_remove+0x3d0/0x3d0 [ 184.008138] ? dev_debug_store+0xe0/0xe0 [ 184.012190] v4l2_release+0xfb/0x190 [ 184.016011] __fput+0x277/0x7a0 [ 184.019303] ____fput+0x16/0x20 [ 184.022596] task_work_run+0x119/0x190 [ 184.026488] exit_to_usermode_loop+0x1da/0x220 [ 184.031065] do_syscall_64+0x4a9/0x630 [ 184.034940] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 184.039802] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 184.044987] RIP: 0033:0x412b61 [ 184.048155] RSP: 002b:00007ffcab1291c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 184.055853] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000412b61 [ 184.063113] RDX: 0000001b2fb20000 RSI: 0000000000000000 RDI: 0000000000000003 [ 184.070403] RBP: 0000000000000001 R08: 0000000015c23545 R09: 0000000015c23549 [ 184.077666] R10: 00007ffcab1292a0 R11: 0000000000000293 R12: 0000000000740f48 [ 184.084930] R13: 000000000002cdc0 R14: 000000000002cded R15: 000000000073bf0c [ 184.092219] Code: 55 48 89 e5 41 56 41 55 41 89 fd 41 54 49 89 f4 53 48 83 ec 08 e8 16 9d 85 fe 4c 89 e2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c 89 e0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 [ 184.111374] RIP: refcount_sub_and_test+0x2b/0xf0 RSP: ffff8880650ffb98 [ 184.120555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.122091] ---[ end trace 16183d0653d77e50 ]--- [ 184.128366] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.133059] Kernel panic - not syncing: Fatal exception [ 184.140579] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.153171] Kernel Offset: disabled [ 184.156793] Rebooting in 86400 seconds..