[ 35.915883] audit: type=1800 audit(1569722838.162:32): pid=7308 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.622692] audit: type=1800 audit(1569722838.952:33): pid=7308 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.206' (ECDSA) to the list of known hosts. 2019/09/29 02:07:28 fuzzer started syzkaller login: [ 46.363179] kauditd_printk_skb: 2 callbacks suppressed [ 46.363193] audit: type=1400 audit(1569722848.692:36): avc: denied { map } for pid=7495 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/09/29 02:07:30 dialing manager at 10.128.0.105:34323 2019/09/29 02:07:30 syscalls: 2489 2019/09/29 02:07:30 code coverage: enabled 2019/09/29 02:07:30 comparison tracing: enabled 2019/09/29 02:07:30 extra coverage: extra coverage is not supported by the kernel 2019/09/29 02:07:30 setuid sandbox: enabled 2019/09/29 02:07:30 namespace sandbox: enabled 2019/09/29 02:07:30 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/29 02:07:30 fault injection: enabled 2019/09/29 02:07:30 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/29 02:07:30 net packet injection: enabled 2019/09/29 02:07:30 net device setup: enabled 02:10:00 executing program 0: [ 198.355589] audit: type=1400 audit(1569723000.682:37): avc: denied { map } for pid=7512 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=41 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 198.439650] IPVS: ftp: loaded support on port[0] = 21 02:10:00 executing program 1: [ 198.542834] chnl_net:caif_netlink_parms(): no params data found [ 198.611081] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.629825] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.650570] device bridge_slave_0 entered promiscuous mode [ 198.658565] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.680755] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.688042] device bridge_slave_1 entered promiscuous mode [ 198.724074] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 198.734164] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 198.756290] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 198.759231] IPVS: ftp: loaded support on port[0] = 21 [ 198.764223] team0: Port device team_slave_0 added 02:10:01 executing program 2: [ 198.775966] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 198.783732] team0: Port device team_slave_1 added [ 198.802908] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 198.811803] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 198.902597] device hsr_slave_0 entered promiscuous mode [ 198.942564] device hsr_slave_1 entered promiscuous mode 02:10:01 executing program 3: [ 198.995960] IPVS: ftp: loaded support on port[0] = 21 [ 199.001356] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 199.021694] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 199.117957] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.124548] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.131634] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.138012] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.159361] chnl_net:caif_netlink_parms(): no params data found [ 199.218396] IPVS: ftp: loaded support on port[0] = 21 02:10:01 executing program 4: [ 199.312074] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 199.318196] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.337354] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.348288] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.356167] device bridge_slave_0 entered promiscuous mode [ 199.413790] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.422605] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.428965] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.437260] device bridge_slave_1 entered promiscuous mode [ 199.480515] IPVS: ftp: loaded support on port[0] = 21 [ 199.483142] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 199.492334] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.504983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.517964] bridge0: port 1(bridge_slave_0) entered disabled state 02:10:01 executing program 5: [ 199.536206] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.544032] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 199.559901] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 199.603435] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 199.612194] chnl_net:caif_netlink_parms(): no params data found [ 199.624572] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 199.673573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.682805] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.692728] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.699090] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.735841] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 199.746371] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 199.753907] team0: Port device team_slave_0 added [ 199.761034] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 199.768216] team0: Port device team_slave_1 added [ 199.778244] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 199.786757] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 199.795983] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.803785] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.811894] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.818235] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.825321] chnl_net:caif_netlink_parms(): no params data found [ 199.835306] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 199.865641] IPVS: ftp: loaded support on port[0] = 21 [ 199.892712] device hsr_slave_0 entered promiscuous mode [ 199.930041] device hsr_slave_1 entered promiscuous mode [ 199.995816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.006538] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.013167] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.021257] device bridge_slave_0 entered promiscuous mode [ 200.029668] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.036673] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.043998] device bridge_slave_1 entered promiscuous mode [ 200.050848] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 200.075379] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 200.092702] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 200.112376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.130528] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 200.158985] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 200.168646] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 200.188397] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 200.196190] team0: Port device team_slave_0 added [ 200.201892] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 200.209157] team0: Port device team_slave_1 added [ 200.215269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.223510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.231871] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.238958] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.245560] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.253198] device bridge_slave_0 entered promiscuous mode [ 200.260322] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.266675] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.274090] device bridge_slave_1 entered promiscuous mode [ 200.292133] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 200.298726] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 200.306338] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 200.325205] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 200.368858] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 200.408532] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 200.429464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.437376] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.481511] device hsr_slave_0 entered promiscuous mode [ 200.520049] device hsr_slave_1 entered promiscuous mode [ 200.560641] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 200.582669] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 200.592294] team0: Port device team_slave_0 added [ 200.598078] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 200.605744] team0: Port device team_slave_1 added [ 200.614208] chnl_net:caif_netlink_parms(): no params data found [ 200.622958] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 200.648915] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 200.659051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 200.666662] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 200.674572] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 200.686213] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 200.733075] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.739530] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.747354] device bridge_slave_0 entered promiscuous mode [ 200.756128] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.763377] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.770639] device bridge_slave_1 entered promiscuous mode [ 200.783246] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 200.792672] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 200.803536] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 200.809585] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 200.818751] chnl_net:caif_netlink_parms(): no params data found [ 200.881567] device hsr_slave_0 entered promiscuous mode [ 200.920146] device hsr_slave_1 entered promiscuous mode [ 200.960321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 200.967894] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 200.985137] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.000515] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 201.012861] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 201.019405] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 201.034857] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 201.044225] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 201.053297] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 201.068381] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 201.077217] team0: Port device team_slave_0 added [ 201.083509] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 201.091122] team0: Port device team_slave_1 added [ 201.098548] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 201.114370] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 201.131256] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 201.143991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.151353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.163434] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 201.169532] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.176122] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 201.199614] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 201.211286] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 201.220517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.228286] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.236853] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.243491] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.254492] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.262528] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.269644] device bridge_slave_0 entered promiscuous mode [ 201.284601] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 201.293069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.301250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.308974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.316754] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.323158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.372691] device hsr_slave_0 entered promiscuous mode [ 201.410167] device hsr_slave_1 entered promiscuous mode [ 201.451910] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 201.459051] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 201.466895] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.473349] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.480791] device bridge_slave_1 entered promiscuous mode [ 201.497801] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 201.508990] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.525584] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 201.534731] audit: type=1400 audit(1569723003.862:38): avc: denied { associate } for pid=7513 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 201.566237] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 201.576033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.588542] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 201.596134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.619289] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 02:10:04 executing program 0: socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000001000000010000000300000003000000"], 0x18}, 0x0) [ 201.645542] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 201.662118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.676526] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.696791] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 201.708554] team0: Port device team_slave_0 added [ 201.728243] 8021q: adding VLAN 0 to HW filter on device bond0 02:10:04 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f00000005c0), 0x0, &(0x7f0000000200)={0x0, 0x1c9c380}, 0x8) getpid() ptrace(0x10, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/autofs\x00', 0x141000, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xcd, &(0x7f0000000740)={{0xa, 0x4e24, 0x7, @rand_addr="c82d2d2ad4137d0d53961321ad865dac", 0x101}, {0xa, 0x4e1d, 0x4, @empty}, 0x0, [0x6f1, 0xfff7ffffffffff80, 0x1fe, 0x8000, 0xe1, 0x4, 0x1, 0xffffffff]}, 0x5c) sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000380)={&(0x7f0000000a80)=ANY=[]}, 0x1, 0x0, 0x0, 0x24000850}, 0x10) write$cgroup_subtree(r0, &(0x7f0000000000)={[{0x0, 'memory'}, {0x2b, 'cpu'}, {0x2d, 'rdma'}, {0x0, 'cpu'}, {0x0, 'rdma'}]}, 0x1e) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000240)='team\x00') sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000008c0)={{{@in6=@ipv4={[], [], @empty}, @in6=@ipv4={[], [], @local}}}, {{@in=@initdev}, 0x0, @in6=@loopback}}, &(0x7f0000000340)=0xe8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000063c0)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @gretap={{0xc, 0x1, 'gretap\x00'}, {0x14, 0x2, [@gre_common_policy=[@IFLA_GRE_ERSPAN_VER={0x8, 0x16, 0x2}], @gre_common_policy=[@IFLA_GRE_LINK={0x8, 0x1, r3}]]}}}]}, 0x44}}, 0x0) [ 201.749213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.756356] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.765576] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 201.773931] team0: Port device team_slave_1 added [ 201.779233] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 201.787520] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready 02:10:04 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) connect$x25(r1, &(0x7f00000002c0)={0x9, @null=' \x00'}, 0x12) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x83c6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) recvmsg(0xffffffffffffffff, &(0x7f0000005700)={0x0, 0x31, 0x0, 0x0, 0xfffffffffffffffd, 0x66d2f5089ed8fde5}, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x400) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x40000000015, 0x5, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) bind$inet(r3, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendmsg$xdp(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000740)}, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmsg(r2, 0x0, 0x0) [ 201.807938] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 201.813716] audit: type=1400 audit(1569723004.132:39): avc: denied { create } for pid=7543 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 201.835962] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 201.860218] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 201.876840] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 201.884990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.893142] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.902162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.914301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.923817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.931208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.940717] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 201.948467] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready 02:10:04 executing program 0: r0 = socket$kcm(0xa, 0x802, 0x88) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000080)=@in6={0xa, 0x4e24, 0x0, @mcast2, 0x9}, 0x80, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="3800000000000000290000000400000078040e01000000c0073510fbff0000b408000000fab771172119000020002000004e5e1000388022"], 0x38}, 0x8000) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) [ 201.959393] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 201.969354] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.986342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.997379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 02:10:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x133, 0x0, 0x0, 0xff7d) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="66b829018ec0b9800000c00f3235002000000f3066baf80cb8c8f61a8eef66bafc0ced0f787e0036400fc75a00c4e1f9e601c4018575504f0f87d485a71b64440f01c43e662666470f38804185", 0x4d}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x40, 0x0, 0xfffffffffffffdd4) r3 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setxattr$security_evm(0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYRES16=r3], 0x1, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 202.033133] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 202.039228] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 202.049570] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 202.082869] device hsr_slave_0 entered promiscuous mode [ 202.094525] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 202.120607] device hsr_slave_1 entered promiscuous mode [ 202.147872] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.155636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.164485] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 202.175176] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 202.180907] ================================================================== [ 202.189295] BUG: KASAN: null-ptr-deref in kvm_write_guest_virt_system+0x64/0x90 [ 202.196765] Write of size 24 at addr 0000000000000000 by task syz-executor.0/7554 [ 202.200608] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.204417] [ 202.211934] CPU: 0 PID: 7554 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 202.215654] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 202.218797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.228555] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 202.234199] Call Trace: [ 202.234225] dump_stack+0x172/0x1f0 [ 202.234244] ? kvm_write_guest_virt_system+0x64/0x90 [ 202.234260] kasan_report.cold+0x199/0x2ba [ 202.234283] check_memory_region+0x123/0x190 [ 202.243902] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 202.246592] memset+0x24/0x40 [ 202.252034] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.255939] kvm_write_guest_virt_system+0x64/0x90 [ 202.263587] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 202.266397] handle_vmread+0x7fe/0xa10 [ 202.272542] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 202.275375] ? handle_invpcid+0xa80/0xa80 [ 202.283016] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 202.287244] ? __lock_is_held+0xb6/0x140 [ 202.294128] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 202.298053] ? __lock_is_held+0xb6/0x140 [ 202.305198] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 202.308959] ? handle_invpcid+0xa80/0xa80 [ 202.316044] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 202.319762] vmx_handle_exit+0x276/0x16b0 [ 202.319777] ? lock_acquire+0x16f/0x3f0 [ 202.319789] ? vcpu_enter_guest+0xf15/0x5ed0 [ 202.319808] vcpu_enter_guest+0x10ca/0x5ed0 [ 202.327515] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 202.330634] ? kvm_vcpu_ioctl+0x181/0xf90 [ 202.330654] ? emulator_read_emulated+0x50/0x50 [ 202.330669] ? lock_acquire+0x16f/0x3f0 [ 202.330687] ? kvm_check_async_pf_completion+0x2d8/0x440 [ 202.338773] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 202.341684] kvm_arch_vcpu_ioctl_run+0x457/0x16b0 [ 202.341698] ? kvm_arch_vcpu_ioctl_run+0x457/0x16b0 [ 202.341717] kvm_vcpu_ioctl+0x4dc/0xf90 [ 202.341733] ? kvm_vcpu_block+0xcc0/0xcc0 [ 202.348496] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 202.349863] ? mark_held_locks+0x100/0x100 [ 202.349885] ? __might_fault+0x12b/0x1e0 [ 202.349898] ? __fget+0x340/0x540 [ 202.349915] ? find_held_lock+0x35/0x130 [ 202.354456] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 202.358644] ? __fget+0x340/0x540 [ 202.367255] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 202.369486] ? kvm_vcpu_block+0xcc0/0xcc0 [ 202.381170] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 202.383547] do_vfs_ioctl+0xd5f/0x1380 [ 202.383562] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.383579] ? selinux_file_ioctl+0x125/0x5e0 [ 202.395306] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.400083] ? ioctl_preallocate+0x210/0x210 [ 202.400099] ? selinux_file_mprotect+0x620/0x620 [ 202.400118] ? iterate_fd+0x360/0x360 02:10:04 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000001280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe6}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r0, &(0x7f00000010c0)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/207, 0xcf}], 0x1}}], 0x1, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000001c0)=0x1fd, 0x4) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYRESHEX=0x0], 0x273) [ 202.400133] ? nsecs_to_jiffies+0x30/0x30 [ 202.408248] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.443724] ? security_file_ioctl+0x8d/0xc0 [ 202.443741] ksys_ioctl+0xab/0xd0 [ 202.443757] __x64_sys_ioctl+0x73/0xb0 [ 202.443777] do_syscall_64+0xfd/0x620 [ 202.443794] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.453331] RIP: 0033:0x459a29 [ 202.507459] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.515295] RSP: 002b:00007f139dcafc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 202.560308] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 202.567578] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 202.574848] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 202.582220] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f139dcb06d4 [ 202.589483] R13: 00000000004c2ddb R14: 00000000004d6618 R15: 00000000ffffffff [ 202.596844] ================================================================== [ 202.604190] Disabling lock debugging due to kernel taint [ 202.612613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.620070] Kernel panic - not syncing: panic_on_warn set ... [ 202.620070] [ 202.640889] CPU: 0 PID: 7554 Comm: syz-executor.0 Tainted: G B 4.19.75 #0 [ 202.651583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.666312] Call Trace: [ 202.673079] dump_stack+0x172/0x1f0 [ 202.676701] ? kvm_write_guest_virt_system+0x64/0x90 [ 202.681795] panic+0x263/0x507 [ 202.684975] ? __warn_printk+0xf3/0xf3 [ 202.688855] ? kvm_write_guest_virt_system+0x64/0x90 [ 202.693946] ? preempt_schedule+0x4b/0x60 [ 202.698081] ? ___preempt_schedule+0x16/0x18 [ 202.702481] ? trace_hardirqs_on+0x5e/0x220 [ 202.706804] ? kvm_write_guest_virt_system+0x64/0x90 [ 202.711923] kasan_end_report+0x47/0x4f [ 202.716232] kasan_report.cold+0xa9/0x2ba [ 202.720370] check_memory_region+0x123/0x190 [ 202.725200] memset+0x24/0x40 [ 202.729361] kvm_write_guest_virt_system+0x64/0x90 [ 202.735596] handle_vmread+0x7fe/0xa10 [ 202.739953] ? handle_invpcid+0xa80/0xa80 [ 202.744105] ? __lock_is_held+0xb6/0x140 [ 202.748486] ? __lock_is_held+0xb6/0x140 [ 202.752655] ? handle_invpcid+0xa80/0xa80 [ 202.757082] vmx_handle_exit+0x276/0x16b0 [ 202.761339] ? lock_acquire+0x16f/0x3f0 [ 202.765339] ? vcpu_enter_guest+0xf15/0x5ed0 [ 202.769739] vcpu_enter_guest+0x10ca/0x5ed0 [ 202.774070] ? kvm_vcpu_ioctl+0x181/0xf90 [ 202.778207] ? emulator_read_emulated+0x50/0x50 [ 202.782864] ? lock_acquire+0x16f/0x3f0 [ 202.786828] ? kvm_check_async_pf_completion+0x2d8/0x440 [ 202.792267] kvm_arch_vcpu_ioctl_run+0x457/0x16b0 [ 202.797096] ? kvm_arch_vcpu_ioctl_run+0x457/0x16b0 [ 202.802100] kvm_vcpu_ioctl+0x4dc/0xf90 [ 202.806585] ? kvm_vcpu_block+0xcc0/0xcc0 [ 202.810720] ? mark_held_locks+0x100/0x100 [ 202.814951] ? __might_fault+0x12b/0x1e0 [ 202.818997] ? __fget+0x340/0x540 [ 202.822447] ? find_held_lock+0x35/0x130 [ 202.826498] ? __fget+0x340/0x540 [ 202.829940] ? kvm_vcpu_block+0xcc0/0xcc0 [ 202.834770] do_vfs_ioctl+0xd5f/0x1380 [ 202.838646] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.844187] ? selinux_file_ioctl+0x125/0x5e0 [ 202.848953] ? ioctl_preallocate+0x210/0x210 [ 202.861996] ? selinux_file_mprotect+0x620/0x620 [ 202.866909] ? iterate_fd+0x360/0x360 [ 202.870732] ? nsecs_to_jiffies+0x30/0x30 [ 202.874894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.880424] ? security_file_ioctl+0x8d/0xc0 [ 202.884834] ksys_ioctl+0xab/0xd0 [ 202.888280] __x64_sys_ioctl+0x73/0xb0 [ 202.892173] do_syscall_64+0xfd/0x620 [ 202.895965] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.901143] RIP: 0033:0x459a29 [ 202.904323] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.923212] RSP: 002b:00007f139dcafc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 202.930931] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 202.938222] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 202.945501] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 202.952777] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f139dcb06d4 [ 202.960041] R13: 00000000004c2ddb R14: 00000000004d6618 R15: 00000000ffffffff [ 202.968807] Kernel Offset: disabled [ 202.972437] Rebooting in 86400 seconds..