Warning: Permanently added '10.128.1.36' (ECDSA) to the list of known hosts. [ 39.546269] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/23 07:08:33 fuzzer started [ 39.738785] audit: type=1400 audit(1569222513.885:36): avc: denied { map } for pid=6848 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.577721] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/23 07:08:35 dialing manager at 10.128.0.105:42531 2019/09/23 07:08:36 syscalls: 2472 2019/09/23 07:08:36 code coverage: enabled 2019/09/23 07:08:36 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/23 07:08:36 extra coverage: extra coverage is not supported by the kernel 2019/09/23 07:08:36 setuid sandbox: enabled 2019/09/23 07:08:36 namespace sandbox: enabled 2019/09/23 07:08:36 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/23 07:08:36 fault injection: enabled 2019/09/23 07:08:36 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/23 07:08:36 net packet injection: enabled 2019/09/23 07:08:36 net device setup: enabled [ 43.225286] random: crng init done 07:10:30 executing program 5: r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00') mkdirat(r0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r1 = creat(&(0x7f0000df1000)='./file0/bus\x00', 0xbc9dc8fbd81cb4b1) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) unshare(0x40600) ftruncate(r1, 0x39) socketpair$unix(0x1, 0x80001, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 07:10:30 executing program 0: r0 = syz_open_dev$sndtimer(&(0x7f0000000340)='/dev/snd/timer\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) r2 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./bus\x00', 0x200, 0x1e5) r3 = openat$cgroup_ro(r2, &(0x7f0000000480)='Cpuacct.@tE\xae\x00', 0x275a, 0x0) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x2000002) read$eventfd(r4, &(0x7f00000003c0), 0x8) poll(&(0x7f0000000300)=[{r3, 0x20}, {r3, 0x400}, {0xffffffffffffffff, 0x4000}, {r3, 0x4000}, {r1, 0x100}, {r1, 0x5000}, {r3, 0x200}, {r0, 0x100}], 0x8, 0x9) fallocate(r1, 0x800000000000002, 0x0, 0xffffffff) r5 = creat(&(0x7f0000001c00)='./bus\x00', 0xa1) r6 = socket$inet6(0xa, 0x400000000001, 0x0) accept4(r5, &(0x7f0000000240)=@pptp={0x18, 0x2, {0x0, @loopback}}, 0x0, 0x800) r7 = dup(r6) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r6) bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect(r7, &(0x7f00000005c0)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80) sendto$inet6(r6, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) inotify_rm_watch(r9, 0x0) ftruncate(r5, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 07:10:30 executing program 3: ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x8000}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000b80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000000)=0x14) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x4ce]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:10:30 executing program 4: r0 = gettid() sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="0ca60f0527ac4ba9"], 0x8}}, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r0, 0x31) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:10:30 executing program 1: r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) fadvise64(r0, 0x0, 0x0, 0x0) 07:10:30 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') readv(r0, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/enforce\x00', 0x102, 0x0) sendfile(r1, r0, 0x0, 0x40000000009) [ 155.851546] audit: type=1400 audit(1569222630.005:37): avc: denied { map } for pid=6848 comm="syz-fuzzer" path="/root/syzkaller-shm977396314" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 155.901427] audit: type=1400 audit(1569222630.015:38): avc: denied { map } for pid=6867 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13746 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 156.250937] IPVS: ftp: loaded support on port[0] = 21 [ 157.058595] chnl_net:caif_netlink_parms(): no params data found [ 157.071434] IPVS: ftp: loaded support on port[0] = 21 [ 157.095889] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.103298] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.110672] device bridge_slave_0 entered promiscuous mode [ 157.117593] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.124286] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.132091] device bridge_slave_1 entered promiscuous mode [ 157.148680] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 157.157819] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 157.182756] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 157.189956] team0: Port device team_slave_0 added [ 157.195807] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 157.203166] team0: Port device team_slave_1 added [ 157.210967] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 157.220318] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 157.282224] device hsr_slave_0 entered promiscuous mode [ 157.350354] device hsr_slave_1 entered promiscuous mode [ 157.420720] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 157.431489] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 157.454577] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.461201] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.467988] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.474367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.518540] chnl_net:caif_netlink_parms(): no params data found [ 157.553011] IPVS: ftp: loaded support on port[0] = 21 [ 157.566947] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.573443] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.580854] device bridge_slave_0 entered promiscuous mode [ 157.588248] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.595086] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.602137] device bridge_slave_1 entered promiscuous mode [ 157.617825] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 157.624221] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.640361] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 157.649554] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 157.672075] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 157.679230] team0: Port device team_slave_0 added [ 157.684926] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 157.696611] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 157.704143] team0: Port device team_slave_1 added [ 157.711841] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 157.721356] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 157.743027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.751265] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.758376] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.767583] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 157.773760] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.780986] IPVS: ftp: loaded support on port[0] = 21 [ 157.822172] device hsr_slave_0 entered promiscuous mode [ 157.860320] device hsr_slave_1 entered promiscuous mode [ 157.907758] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 157.928706] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.936502] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.942915] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.954930] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 157.966974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.974728] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.981225] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.020391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.027985] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.050730] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 158.057125] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 158.066156] IPVS: ftp: loaded support on port[0] = 21 [ 158.081984] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 158.099825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 158.107820] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.117362] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 158.141317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 158.148938] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 158.164331] chnl_net:caif_netlink_parms(): no params data found [ 158.184450] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 158.195614] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 158.205963] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 158.212028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 158.239797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 158.247523] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 158.267825] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 158.287475] chnl_net:caif_netlink_parms(): no params data found [ 158.332396] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.353320] IPVS: ftp: loaded support on port[0] = 21 [ 158.384585] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.393687] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.400995] device bridge_slave_0 entered promiscuous mode [ 158.409537] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.415968] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.423089] device bridge_slave_1 entered promiscuous mode [ 158.466669] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.473494] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.480568] device bridge_slave_0 entered promiscuous mode [ 158.517502] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.524436] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.532106] device bridge_slave_1 entered promiscuous mode [ 158.551837] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 158.562653] chnl_net:caif_netlink_parms(): no params data found [ 158.583687] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 158.619830] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 158.628066] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 158.635803] team0: Port device team_slave_0 added [ 158.646105] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 158.649774] ptrace attach of "/root/syz-executor.4"[6898] was attempted by "/root/syz-executor.4"[6899] [ 158.659068] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready 07:10:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f00000000c0)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 158.671184] team0: Port device team_slave_1 added [ 158.695540] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 158.717367] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.724487] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 158.748998] kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns [ 158.772108] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 158.783557] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 158.789947] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready 07:10:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x133, 0x0, 0x0, 0xff7d) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000140)="66b8b9000f00d0c7442400b7fe0000c744240250260000c7442406000000000f011c240f78ba0000c0fe660f3834860a000000c4c275ac7c2c003e3e0f79970c00000066baf80cb8caae098cefb8000000000f23d00f21f835300000040f23f8ecc6f84c0f32f30fc736", 0x47}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x40, 0x0, 0xfffffffffffffdd4) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="280000000200"/15], 0xf) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 158.801440] team0: Port device team_slave_0 added [ 158.815179] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 158.825455] team0: Port device team_slave_1 added [ 158.892711] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 158.904450] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 158.920588] ================================================================== [ 158.928178] BUG: KASAN: null-ptr-deref in kvm_write_guest_virt_system+0x64/0x90 [ 158.935622] Write of size 24 at addr (null) by task syz-executor.4/6910 [ 158.935627] [ 158.935637] CPU: 0 PID: 6910 Comm: syz-executor.4 Not tainted 4.14.146 #0 [ 158.935644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 158.935647] Call Trace: [ 158.935665] dump_stack+0x138/0x197 [ 158.935675] ? vprintk_func+0x65/0x159 [ 158.935693] ? kvm_write_guest_virt_system+0x64/0x90 [ 158.935705] kasan_report.cold+0x127/0x2af [ 158.935720] check_memory_region+0x123/0x190 [ 158.944964] memset+0x24/0x40 [ 158.961300] kvm_write_guest_virt_system+0x64/0x90 [ 158.961313] handle_vmread+0x548/0x730 [ 158.961324] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 158.961340] ? __lock_is_held+0xb6/0x140 [ 158.966348] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 158.967529] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 158.974152] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 158.976491] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 158.981000] 8021q: adding VLAN 0 to HW filter on device team0 [ 158.985105] vmx_handle_exit+0x20d/0x1330 [ 158.990666] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 158.993128] ? vcpu_enter_guest+0xd2d/0x5210 [ 158.999002] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 159.002349] vcpu_enter_guest+0xf28/0x5210 [ 159.002361] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 159.002376] ? emulator_read_emulated+0x50/0x50 [ 159.002388] ? kvm_check_async_pf_completion+0x2a9/0x410 [ 159.009221] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 159.012490] kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 159.012500] ? kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 159.012515] kvm_vcpu_ioctl+0x401/0xd10 [ 159.012527] ? kvm_vcpu_block+0xbb0/0xbb0 [ 159.020461] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 159.024020] ? trace_hardirqs_on+0x10/0x10 [ 159.031770] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 159.035259] ? __might_fault+0x110/0x1d0 [ 159.042832] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 159.046302] ? save_trace+0x290/0x290 [ 159.052817] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 159.057624] ? __might_fault+0x110/0x1d0 [ 159.064363] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 159.066588] ? __fget+0x210/0x370 [ 159.072603] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 159.076676] ? find_held_lock+0x35/0x130 [ 159.083766] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 159.088248] ? __fget+0x210/0x370 [ 159.093926] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 159.097222] ? kvm_vcpu_block+0xbb0/0xbb0 [ 159.107152] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 159.108102] do_vfs_ioctl+0x7ae/0x1060 [ 159.116264] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 159.119076] ? selinux_file_mprotect+0x5d0/0x5d0 [ 159.129859] ? lock_downgrade+0x6e0/0x6e0 [ 159.144434] ? ioctl_preallocate+0x1c0/0x1c0 [ 159.154528] ? __fget+0x237/0x370 [ 159.164719] kobject: 'nlmon0' (ffff88808bd31170): fill_kobj_path: path = '/devices/virtual/net/nlmon0' [ 159.168375] ? security_file_ioctl+0x89/0xb0 [ 159.178325] kobject: 'queues' (ffff88809825dd48): kobject_add_internal: parent: 'nlmon0', set: '' [ 159.181425] SyS_ioctl+0x8f/0xc0 [ 159.181434] ? do_vfs_ioctl+0x1060/0x1060 [ 159.181447] do_syscall_64+0x1e8/0x640 [ 159.181457] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 159.187747] kobject: 'queues' (ffff88809825dd48): kobject_uevent_env [ 159.191729] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 159.191738] RIP: 0033:0x459a09 [ 159.191743] RSP: 002b:00007ff0491f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 159.191754] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a09 [ 159.197885] kobject: 'queues' (ffff88809825dd48): kobject_uevent_env: filter function caused the event to drop! [ 159.201748] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 159.201754] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 159.201758] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0491f36d4 [ 159.201763] R13: 00000000004c2da0 R14: 00000000004d65c0 R15: 00000000ffffffff [ 159.201780] ================================================================== [ 159.209905] kobject: 'rx-0' (ffff8880954b7b50): kobject_add_internal: parent: 'queues', set: 'queues' [ 159.212548] Disabling lock debugging due to kernel taint [ 159.222578] Kernel panic - not syncing: panic_on_warn set ... [ 159.222578] [ 159.227674] kobject: 'rx-0' (ffff8880954b7b50): kobject_uevent_env [ 159.234839] CPU: 0 PID: 6910 Comm: syz-executor.4 Tainted: G B 4.14.146 #0 [ 159.234844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 159.234847] Call Trace: [ 159.234863] dump_stack+0x138/0x197 [ 159.234877] ? kvm_write_guest_virt_system+0x64/0x90 [ 159.234884] panic+0x1f2/0x426 [ 159.234891] ? add_taint.cold+0x16/0x16 [ 159.234904] ? ___preempt_schedule+0x16/0x18 [ 159.239315] kobject: 'rx-0' (ffff8880954b7b50): fill_kobj_path: path = '/devices/virtual/net/nlmon0/queues/rx-0' [ 159.248806] kasan_end_report+0x47/0x4f [ 159.248813] kasan_report.cold+0x130/0x2af [ 159.248821] check_memory_region+0x123/0x190 [ 159.248831] memset+0x24/0x40 [ 159.252714] kobject: 'tx-0' (ffff888095cba0d8): kobject_add_internal: parent: 'queues', set: 'queues' [ 159.256305] kvm_write_guest_virt_system+0x64/0x90 [ 159.260321] kobject: 'tx-0' (ffff888095cba0d8): kobject_uevent_env [ 159.264987] handle_vmread+0x548/0x730 [ 159.271707] kobject: 'tx-0' (ffff888095cba0d8): fill_kobj_path: path = '/devices/virtual/net/nlmon0/queues/tx-0' [ 159.276622] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 159.283591] kobject: 'veth0_to_hsr' (ffff88805eadb3b0): kobject_add_internal: parent: 'net', set: 'devices' [ 159.287513] ? __lock_is_held+0xb6/0x140 [ 159.295553] kobject: 'veth0_to_hsr' (ffff88805eadb3b0): kobject_uevent_env [ 159.304976] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 159.304986] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 159.304997] vmx_handle_exit+0x20d/0x1330 [ 159.312595] kobject: 'veth0_to_hsr' (ffff88805eadb3b0): fill_kobj_path: path = '/devices/virtual/net/veth0_to_hsr' [ 159.319541] ? vcpu_enter_guest+0xd2d/0x5210 [ 159.327075] kobject: 'queues' (ffff88809825da48): kobject_add_internal: parent: 'veth0_to_hsr', set: '' [ 159.334050] vcpu_enter_guest+0xf28/0x5210 [ 159.334061] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 159.334073] ? emulator_read_emulated+0x50/0x50 [ 159.341661] kobject: 'queues' (ffff88809825da48): kobject_uevent_env [ 159.350763] ? kvm_check_async_pf_completion+0x2a9/0x410 [ 159.350776] kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 159.356204] kobject: 'queues' (ffff88809825da48): kobject_uevent_env: filter function caused the event to drop! [ 159.363549] ? kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 159.363561] kvm_vcpu_ioctl+0x401/0xd10 [ 159.363570] ? kvm_vcpu_block+0xbb0/0xbb0 [ 159.363581] ? trace_hardirqs_on+0x10/0x10 [ 159.369988] kobject: 'rx-0' (ffff8880954b79d0): kobject_add_internal: parent: 'queues', set: 'queues' [ 159.377999] ? __might_fault+0x110/0x1d0 [ 159.378007] ? save_trace+0x290/0x290 [ 159.378016] ? __might_fault+0x110/0x1d0 [ 159.388247] kobject: 'rx-0' (ffff8880954b79d0): kobject_uevent_env [ 159.389943] ? __fget+0x210/0x370 [ 159.393589] kobject: 'rx-0' (ffff8880954b79d0): fill_kobj_path: path = '/devices/virtual/net/veth0_to_hsr/queues/rx-0' [ 159.398634] ? find_held_lock+0x35/0x130 [ 159.402235] kobject: 'tx-0' (ffff8880968bba18): kobject_add_internal: parent: 'queues', set: 'queues' [ 159.405767] ? __fget+0x210/0x370 [ 159.410295] kobject: 'tx-0' (ffff8880968bba18): kobject_uevent_env [ 159.420539] ? kvm_vcpu_block+0xbb0/0xbb0 [ 159.420550] do_vfs_ioctl+0x7ae/0x1060 [ 159.420562] ? selinux_file_mprotect+0x5d0/0x5d0 [ 159.425000] kobject: 'tx-0' (ffff8880968bba18): fill_kobj_path: path = '/devices/virtual/net/veth0_to_hsr/queues/tx-0' [ 159.428734] ? lock_downgrade+0x6e0/0x6e0 [ 159.433985] kobject: 'batman_adv' (ffff88808e5bcb00): kobject_add_internal: parent: 'veth0_to_hsr', set: '' [ 159.436215] ? ioctl_preallocate+0x1c0/0x1c0 [ 159.446245] kobject: 'hsr_slave_0' (ffff88805ead9370): kobject_add_internal: parent: 'net', set: 'devices' [ 159.450549] ? __fget+0x237/0x370 [ 159.450562] ? security_file_ioctl+0x89/0xb0 [ 159.450573] SyS_ioctl+0x8f/0xc0 [ 159.457608] kobject: 'hsr_slave_0' (ffff88805ead9370): kobject_uevent_env [ 159.460839] ? do_vfs_ioctl+0x1060/0x1060 [ 159.460848] do_syscall_64+0x1e8/0x640 [ 159.460855] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 159.460867] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 159.460875] RIP: 0033:0x459a09 [ 159.471518] kobject: 'hsr_slave_0' (ffff88805ead9370): fill_kobj_path: path = '/devices/virtual/net/hsr_slave_0' [ 159.476875] RSP: 002b:00007ff0491f2c78 EFLAGS: 00000246 [ 159.487019] kobject: 'queues' (ffff88809825d648): kobject_add_internal: parent: 'hsr_slave_0', set: '' [ 159.490780] ORIG_RAX: 0000000000000010 [ 159.490785] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a09 [ 159.490789] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 159.490793] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 159.490798] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff0491f36d4 [ 159.490802] R13: 00000000004c2da0 R14: 00000000004d65c0 R15: 00000000ffffffff [ 159.499174] Kernel Offset: disabled [ 159.822928] Rebooting in 86400 seconds..