[?25l[?1c7[ ok 8[?25h[?0c. [ 33.139764] audit: type=1800 audit(1557941068.142:33): pid=6904 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 33.162275] audit: type=1800 audit(1557941068.152:34): pid=6904 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.127189] random: sshd: uninitialized urandom read (32 bytes read) [ 37.340527] audit: type=1400 audit(1557941072.352:35): avc: denied { map } for pid=7077 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 37.391778] random: sshd: uninitialized urandom read (32 bytes read) [ 38.044485] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.132' (ECDSA) to the list of known hosts. [ 43.657035] random: sshd: uninitialized urandom read (32 bytes read) 2019/05/15 17:24:38 fuzzer started [ 43.846966] audit: type=1400 audit(1557941078.852:36): avc: denied { map } for pid=7086 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 45.420559] random: cc1: uninitialized urandom read (8 bytes read) 2019/05/15 17:24:41 dialing manager at 10.128.0.105:37723 2019/05/15 17:24:43 syscalls: 2441 2019/05/15 17:24:43 code coverage: enabled 2019/05/15 17:24:43 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/05/15 17:24:43 extra coverage: extra coverage is not supported by the kernel 2019/05/15 17:24:43 setuid sandbox: enabled 2019/05/15 17:24:43 namespace sandbox: enabled 2019/05/15 17:24:43 Android sandbox: /sys/fs/selinux/policy does not exist 2019/05/15 17:24:43 fault injection: enabled 2019/05/15 17:24:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/05/15 17:24:43 net packet injection: enabled 2019/05/15 17:24:43 net device setup: enabled [ 49.443601] random: crng init done 17:29:37 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000500)={0xfc, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x64, 0x4, [@TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_LINK={0x50, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}]}]}, 0xfc}}, 0x0) syz_execute_func(&(0x7f0000000440)="f2af91930f0124eda133fa20430fbafce842f66188d0d4430fc7f314c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") 17:29:37 executing program 0: perf_event_open$cgroup(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x2, @perf_config_ext={0x8000, 0x8}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100024, 0x500001c) 17:29:37 executing program 3: r0 = socket(0x1e, 0x5, 0x0) r1 = socket(0x1e, 0x2, 0x0) bind(r1, &(0x7f0000d80f80)=@generic={0x1e, "0103000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cb184a"}, 0x80) connect$llc(r0, &(0x7f00000000c0)={0x1e, 0x302}, 0x10) recvmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000100)=""/43, 0x2b}], 0x1, &(0x7f0000000180)=""/200, 0xc8}}], 0x1, 0x0, 0x0) recvmsg$kcm(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000280)=""/9, 0x9}], 0x1}, 0x0) close(r1) 17:29:37 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000080), 0x4) 17:29:37 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000040)=[@timestamp, @mss={0x2, 0x6}, @window], 0x3) clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f00000006c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") setsockopt$IP_VS_SO_SET_DEL(r1, 0x0, 0x484, 0x0, 0x0) accept4(r1, &(0x7f0000000100)=@hci, &(0x7f0000000180)=0x80, 0x80000) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 17:29:37 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000640)='./cgroup/\x00\x00z0\xdf\n\xcb\xf0\xce\xd9,Fj\xbd\xad\x89!\xf9\x00\x9f\x80\xd5\x01)c)\xaa\xba\x92\xe1\xd6\xa6\x0fTA\x16jwl\x1a\x92% \x1dY\xed\x87b_\xc4\x97r\xf68u\xf4~g\x1b\xf3g\x0e\x167\x0f\xc2\x93\xef\xe1\x91\x81\xe3\xc7*\xdb\x84\x82$\xaa\x8f\xd6 \x98\x91\f\xf4R\x99\xb2\x87#E\xccGc\xf2\x0fs\xed\xff\xc7\xed>Zy\x92\t\xcd\xc8\fN4\x1fn\x99\xd3\x01\x00\xb2gR\xdb\xd1\x95`\xadf\xdb($B\x95\xd1\xef\x15\x9ek\b\xc7\x17u<\xcb\xec\xde\x92 \xf1\x01X!y\x8e\f\x1eo\x84o\x12\x1b\x17\xb3\xd7%Mw\xb9[\v\x19B\n\x87l\x9b\xacn\x86tt\xeb\xb7\xf9r\x82\x16\xac\x12\xc9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9a\x02\xc6\xf0j\x990L\x12\xaboL\x8cD\xb4KRL\xb1\b\xcf\xce\x15Y\xb17\x9fVOn\x9e\xdc\xb7\xddz\xb8\xc8\xa6\x12\x8aC\x99Ai\xaef\x01>\x10\x98\xf42\xe9\xe0?\xae', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000200), 0x12) [ 342.821151] audit: type=1400 audit(1557941377.822:37): avc: denied { map } for pid=7086 comm="syz-fuzzer" path="/root/syzkaller-shm241854134" dev="sda1" ino=2233 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 342.863979] audit: type=1400 audit(1557941377.852:38): avc: denied { map } for pid=7104 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13004 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 343.150263] IPVS: ftp: loaded support on port[0] = 21 [ 343.464517] chnl_net:caif_netlink_parms(): no params data found [ 343.473034] IPVS: ftp: loaded support on port[0] = 21 [ 343.530333] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.536759] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.543795] device bridge_slave_0 entered promiscuous mode [ 343.556291] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.562901] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.569804] device bridge_slave_1 entered promiscuous mode [ 343.588464] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 343.597976] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 343.608998] IPVS: ftp: loaded support on port[0] = 21 [ 343.622143] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 343.629587] team0: Port device team_slave_0 added [ 343.635342] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 343.642368] team0: Port device team_slave_1 added [ 343.650678] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 343.659482] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 343.742216] device hsr_slave_0 entered promiscuous mode [ 343.810414] device hsr_slave_1 entered promiscuous mode [ 343.860827] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 343.873739] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 343.897594] chnl_net:caif_netlink_parms(): no params data found [ 343.925216] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.931729] bridge0: port 2(bridge_slave_1) entered forwarding state [ 343.938682] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.945134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 343.964986] IPVS: ftp: loaded support on port[0] = 21 [ 344.052733] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.059148] bridge0: port 1(bridge_slave_0) entered disabled state [ 344.066304] device bridge_slave_0 entered promiscuous mode [ 344.073488] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.079833] bridge0: port 2(bridge_slave_1) entered disabled state [ 344.087105] device bridge_slave_1 entered promiscuous mode [ 344.112132] chnl_net:caif_netlink_parms(): no params data found [ 344.128756] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 344.138279] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 344.208186] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.214933] bridge0: port 1(bridge_slave_0) entered disabled state [ 344.222171] device bridge_slave_0 entered promiscuous mode [ 344.229518] IPVS: ftp: loaded support on port[0] = 21 [ 344.237896] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 344.249631] team0: Port device team_slave_0 added [ 344.255533] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 344.262878] team0: Port device team_slave_1 added [ 344.268929] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.275868] bridge0: port 2(bridge_slave_1) entered disabled state [ 344.282944] device bridge_slave_1 entered promiscuous mode [ 344.305074] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 344.314039] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 344.324211] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 344.348667] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 344.367844] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 344.376353] team0: Port device team_slave_0 added [ 344.396744] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 344.404058] team0: Port device team_slave_1 added [ 344.492062] device hsr_slave_0 entered promiscuous mode [ 344.530379] device hsr_slave_1 entered promiscuous mode [ 344.581839] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 344.587957] 8021q: adding VLAN 0 to HW filter on device bond0 [ 344.594908] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 344.602373] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 344.627588] bridge0: port 1(bridge_slave_0) entered disabled state [ 344.634677] bridge0: port 2(bridge_slave_1) entered disabled state [ 344.642139] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 344.663012] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 344.693771] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 344.702505] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 344.751085] IPVS: ftp: loaded support on port[0] = 21 [ 344.759591] device hsr_slave_0 entered promiscuous mode [ 344.810301] device hsr_slave_1 entered promiscuous mode [ 344.854286] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 344.860687] chnl_net:caif_netlink_parms(): no params data found [ 344.876708] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 344.883038] 8021q: adding VLAN 0 to HW filter on device team0 [ 344.889081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 344.896202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 344.904210] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 344.911410] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 344.939513] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 344.967973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 344.976039] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 344.983779] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.990192] bridge0: port 1(bridge_slave_0) entered forwarding state [ 344.999160] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 345.011789] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 345.070612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 345.078331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 345.085975] bridge0: port 2(bridge_slave_1) entered blocking state [ 345.092324] bridge0: port 2(bridge_slave_1) entered forwarding state [ 345.099080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 345.112195] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 345.122606] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 345.130386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 345.153951] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 345.167422] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 345.175147] bridge0: port 1(bridge_slave_0) entered blocking state [ 345.182494] bridge0: port 1(bridge_slave_0) entered disabled state [ 345.189334] device bridge_slave_0 entered promiscuous mode [ 345.198872] bridge0: port 2(bridge_slave_1) entered blocking state [ 345.205347] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.212612] device bridge_slave_1 entered promiscuous mode [ 345.232688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 345.241334] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 345.248860] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 345.256322] chnl_net:caif_netlink_parms(): no params data found [ 345.280678] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 345.291407] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 345.307155] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 345.322557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 345.332507] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 345.374506] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 345.394872] bridge0: port 1(bridge_slave_0) entered blocking state [ 345.401378] bridge0: port 1(bridge_slave_0) entered disabled state [ 345.408228] device bridge_slave_0 entered promiscuous mode [ 345.414996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 345.425360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 345.476479] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 345.483903] team0: Port device team_slave_0 added [ 345.488963] bridge0: port 2(bridge_slave_1) entered blocking state [ 345.495523] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.502782] device bridge_slave_1 entered promiscuous mode [ 345.527380] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 345.537153] team0: Port device team_slave_1 added [ 345.543526] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 345.554058] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 345.564713] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 345.573870] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 345.583004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 345.590926] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 345.608493] 8021q: adding VLAN 0 to HW filter on device bond0 [ 345.617096] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 345.625419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 345.632456] chnl_net:caif_netlink_parms(): no params data found [ 345.655126] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 345.684685] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 345.692835] team0: Port device team_slave_0 added [ 345.732109] device hsr_slave_0 entered promiscuous mode [ 345.770476] device hsr_slave_1 entered promiscuous mode [ 345.822254] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 345.832451] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 345.847564] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 345.857792] team0: Port device team_slave_1 added [ 345.863708] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 345.871432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 345.878284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 345.887365] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 345.893937] 8021q: adding VLAN 0 to HW filter on device team0 [ 345.903206] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 345.912092] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 345.919329] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 345.942896] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 345.961965] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 345.973070] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 345.996091] 8021q: adding VLAN 0 to HW filter on device bond0 [ 346.002950] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.009316] bridge0: port 1(bridge_slave_0) entered disabled state [ 346.017167] device bridge_slave_0 entered promiscuous mode [ 346.023872] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 346.034226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 346.041852] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.048173] bridge0: port 1(bridge_slave_0) entered forwarding state [ 346.057030] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 346.079874] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 346.087966] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.094646] bridge0: port 2(bridge_slave_1) entered disabled state [ 346.102167] device bridge_slave_1 entered promiscuous mode [ 346.108701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 346.118637] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 346.126364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 346.134022] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.140374] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.182133] device hsr_slave_0 entered promiscuous mode [ 346.220504] device hsr_slave_1 entered promiscuous mode [ 346.281543] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 346.289349] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 346.296874] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 346.318712] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 346.328228] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 346.340973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 346.361460] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 346.370839] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 346.380921] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 346.388217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 346.401098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 346.408897] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 346.436642] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 346.451670] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 346.463128] 8021q: adding VLAN 0 to HW filter on device bond0 [ 346.481537] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 346.488354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 346.497053] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 346.508478] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 346.515615] 8021q: adding VLAN 0 to HW filter on device team0 [ 346.523892] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 346.531537] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 346.538644] team0: Port device team_slave_0 added [ 346.543975] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 346.552001] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 346.564548] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 346.573410] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 346.583443] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 346.591947] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 346.599150] team0: Port device team_slave_1 added [ 346.605149] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 346.613024] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 346.621178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 346.628958] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 17:29:41 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r0, &(0x7f0000000040)=@full={0xb, @dev, @bcast, 0x0, [@null, @null, @remote, @bcast, @null, @default]}, 0x40) 17:29:41 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r0, &(0x7f0000000040)=@full={0xb, @dev, @bcast, 0x0, [@null, @null, @remote, @bcast, @null, @default]}, 0x40) [ 346.637680] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.645738] bridge0: port 1(bridge_slave_0) entered forwarding state [ 346.676900] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready 17:29:41 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r0, &(0x7f0000000040)=@full={0xb, @dev, @bcast, 0x0, [@null, @null, @remote, @bcast, @null, @default]}, 0x40) [ 346.697321] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 346.709100] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 346.724405] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 346.736855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 17:29:41 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r0, &(0x7f0000000040)=@full={0xb, @dev, @bcast, 0x0, [@null, @null, @remote, @bcast, @null, @default]}, 0x40) [ 346.746837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 346.755608] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 346.763156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 346.770770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 346.779275] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 17:29:41 executing program 3: bind$rose(0xffffffffffffffff, &(0x7f0000000040)=@full={0xb, @dev, @bcast, 0x0, [@null, @null, @remote, @bcast, @null, @default]}, 0x40) [ 346.791164] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 346.798916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 346.810956] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.817321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.829750] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 346.840322] 8021q: adding VLAN 0 to HW filter on device team0 17:29:41 executing program 3: bind$rose(0xffffffffffffffff, &(0x7f0000000040)=@full={0xb, @dev, @bcast, 0x0, [@null, @null, @remote, @bcast, @null, @default]}, 0x40) [ 346.848550] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 346.859099] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 346.922272] device hsr_slave_0 entered promiscuous mode [ 346.960496] device hsr_slave_1 entered promiscuous mode [ 347.020791] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 347.027945] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 347.040319] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 347.049871] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 347.064597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 347.072506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 347.080748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 347.088318] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.094738] bridge0: port 1(bridge_slave_0) entered forwarding state [ 347.101903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 347.114386] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 347.127691] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 347.138127] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 347.145726] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 347.154071] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 347.161973] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.168343] bridge0: port 2(bridge_slave_1) entered forwarding state [ 347.175246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 347.192573] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 347.201227] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 347.211036] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 347.220745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 347.228562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 347.236459] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 347.244184] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 347.259042] 8021q: adding VLAN 0 to HW filter on device bond0 [ 347.267551] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 347.277408] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 347.289242] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 347.296358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 347.304114] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 347.312118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 347.319535] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 347.327741] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 347.342943] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 347.352640] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 347.363601] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 347.369692] 8021q: adding VLAN 0 to HW filter on device team0 [ 347.376362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 347.385148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 347.392730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 347.400463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 347.407240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 347.416902] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 347.427430] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 347.436047] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 347.445787] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 347.457573] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 347.464339] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 347.474802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 347.482718] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 347.490510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 347.498103] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 347.505777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 347.514655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 347.522327] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.528773] bridge0: port 1(bridge_slave_0) entered forwarding state [ 347.535879] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 347.543226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 347.561587] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 347.569959] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 347.584984] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 347.595867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 347.603972] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 347.611922] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 347.620959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 347.628577] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.634969] bridge0: port 2(bridge_slave_1) entered forwarding state [ 347.645618] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 347.659294] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 347.667297] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 347.683288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 347.702758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 347.710947] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 347.720845] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 347.729332] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 347.738875] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 347.750199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 347.758035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 347.765922] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 347.774460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 347.782917] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 347.790702] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 347.801484] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 347.811896] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 347.828837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 347.836348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 347.845087] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 347.855366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 347.865618] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 347.879041] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 347.890538] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 347.899086] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 347.909206] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 347.916587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 347.928462] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 347.939756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 347.952608] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 347.958707] 8021q: adding VLAN 0 to HW filter on device team0 [ 347.974432] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 347.989712] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 348.014105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 348.022506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 348.050371] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.056752] bridge0: port 1(bridge_slave_0) entered forwarding state [ 348.065480] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 348.074776] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 348.093512] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 348.106227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 348.116073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 348.126690] audit: type=1804 audit(1557941383.122:39): pid=7186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir216408882/syzkaller.239a7j/0/memory.events" dev="sda1" ino=16530 res=1 [ 348.162159] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.168544] bridge0: port 2(bridge_slave_1) entered forwarding state [ 348.183855] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 348.197531] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 348.214777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 348.237387] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 348.257715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 348.269978] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 348.290672] audit: type=1804 audit(1557941383.292:40): pid=7188 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir216408882/syzkaller.239a7j/0/memory.events" dev="sda1" ino=16530 res=1 [ 348.331140] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 348.338886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 348.358359] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 348.367414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 348.381278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 348.404791] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 348.429419] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 348.444135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 348.459303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 348.472546] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 348.481275] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 348.512037] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 348.529416] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 348.555707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 348.568425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 348.588974] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready 17:29:43 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000500)={0xfc, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x64, 0x4, [@TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_LINK={0x50, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}]}]}, 0xfc}}, 0x0) syz_execute_func(&(0x7f0000000440)="f2af91930f0124eda133fa20430fbafce842f66188d0d4430fc7f314c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") 17:29:43 executing program 3: bind$rose(0xffffffffffffffff, &(0x7f0000000040)=@full={0xb, @dev, @bcast, 0x0, [@null, @null, @remote, @bcast, @null, @default]}, 0x40) 17:29:43 executing program 0: [ 348.626707] 8021q: adding VLAN 0 to HW filter on device batadv0 17:29:43 executing program 1: syz_execute_func(&(0x7f0000000000)="969898472c431c040f05f30f59bfd900cf00c4a37bf0c53e41e2e96ec401e9743ffb660c0f86dd0f0fb8c4034e4e771e0fa0e509ab34d10fdd720970c4c461cd583d00000081c66db711c4397fd300c9f0420fb348a60fbcaf00100c00f345d9c6acacc4a19d71e4892ca6c31ba6c31bb9a5605419c2c2b00b002e45813a9a341474f08171a30b8a826ec482f941c6a80dd4d48cc7e8628f6808a3056f0000004e00c4608de352c2f50b260b2626fe88c4a1dd7dbbbfdd5cc6006930a1c9fb110fd3c43e450fae7c0f0f") 17:29:43 executing program 2: 17:29:44 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x78, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x18, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_LINK={0x38, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}]}, 0x78}}, 0x0) syz_execute_func(&(0x7f0000000280)="f2af91930f0124eda133fa20430fbafce842f66188d027430fc7f314c1ab5bf9e2f9660f3a0fae735e090000baba3c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa11420f383c020201405c6bfd49d768d768f833fefbab6464660f38323c8fc481e5eb85ee000000a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") 17:29:44 executing program 3: syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(0xffffffffffffffff, &(0x7f0000000040)=@full={0xb, @dev, @bcast, 0x0, [@null, @null, @remote, @bcast, @null, @default]}, 0x40) 17:29:44 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x3}, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r1 = socket$inet6(0xa, 0x3, 0x88) connect$inet6(r1, &(0x7f0000000080), 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x4000) 17:29:44 executing program 2: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c65, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) lsetxattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=ANY=[@ANYBLOB='user.s'], 0x0, 0x0, 0x2) 17:29:44 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000500)={0xfc, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x64, 0x4, [@TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_LINK={0x50, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}]}]}, 0xfc}}, 0x0) syz_execute_func(&(0x7f0000000440)="f2af91930f0124eda133fa20430fbafce842f66188d0d4430fc7f314c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") 17:29:44 executing program 3: syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(0xffffffffffffffff, &(0x7f0000000040)=@full={0xb, @dev, @bcast, 0x0, [@null, @null, @remote, @bcast, @null, @default]}, 0x40) 17:29:44 executing program 1: 17:29:44 executing program 2: 17:29:44 executing program 1: 17:29:44 executing program 3: syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(0xffffffffffffffff, &(0x7f0000000040)=@full={0xb, @dev, @bcast, 0x0, [@null, @null, @remote, @bcast, @null, @default]}, 0x40) 17:29:45 executing program 2: 17:29:45 executing program 1: [ 349.990255] protocol 88fb is buggy, dev hsr_slave_0 [ 349.995515] protocol 88fb is buggy, dev hsr_slave_1 17:29:45 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x78, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x18, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_LINK={0x38, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}]}, 0x78}}, 0x0) syz_execute_func(&(0x7f0000000280)="f2af91930f0124eda133fa20430fbafce842f66188d027430fc7f314c1ab5bf9e2f9660f3a0fae735e090000baba3c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa11420f383c020201405c6bfd49d768d768f833fefbab6464660f38323c8fc481e5eb85ee000000a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") 17:29:45 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r0, 0x0, 0x0) 17:29:45 executing program 2: 17:29:45 executing program 1: 17:29:45 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x3}, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r1 = socket$inet6(0xa, 0x3, 0x88) connect$inet6(r1, &(0x7f0000000080), 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x4000) 17:29:45 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000500)={0xfc, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x64, 0x4, [@TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_LINK={0x50, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}]}]}, 0xfc}}, 0x0) syz_execute_func(&(0x7f0000000440)="f2af91930f0124eda133fa20430fbafce842f66188d0d4430fc7f314c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") 17:29:45 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x3}, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r1 = socket$inet6(0xa, 0x3, 0x88) connect$inet6(r1, &(0x7f0000000080), 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x4000) 17:29:45 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r0, 0x0, 0x0) 17:29:45 executing program 2: 17:29:45 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r0, 0x0, 0x0) 17:29:45 executing program 2: 17:29:45 executing program 3: [ 351.030118] protocol 88fb is buggy, dev hsr_slave_0 [ 351.035283] protocol 88fb is buggy, dev hsr_slave_1 17:29:46 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x78, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x18, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_LINK={0x38, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}]}, 0x78}}, 0x0) syz_execute_func(&(0x7f0000000280)="f2af91930f0124eda133fa20430fbafce842f66188d027430fc7f314c1ab5bf9e2f9660f3a0fae735e090000baba3c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa11420f383c020201405c6bfd49d768d768f833fefbab6464660f38323c8fc481e5eb85ee000000a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") 17:29:46 executing program 2: 17:29:46 executing program 3: 17:29:46 executing program 1: 17:29:46 executing program 0: 17:29:46 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000440)="f2af91930f0124eda133fa20430fbafce842f66188d0d4430fc7f314c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") 17:29:46 executing program 1: 17:29:46 executing program 3: 17:29:46 executing program 0: 17:29:46 executing program 2: 17:29:46 executing program 3: r0 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x14, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000000)=@caif=@rfm={0x25, 0x5, "8de06f55c742ae7c2bb7ed7767c245f6"}, 0x80, 0x0}, 0x0) 17:29:46 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) r1 = syz_open_pts(r0, 0x202) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000000)) ioctl$TCXONC(r1, 0x540a, 0x0) write(r1, &(0x7f0000000040)='\x00', 0x1) 17:29:47 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x78, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x18, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_LINK={0x38, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}]}, 0x78}}, 0x0) syz_execute_func(&(0x7f0000000280)="f2af91930f0124eda133fa20430fbafce842f66188d027430fc7f314c1ab5bf9e2f9660f3a0fae735e090000baba3c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa11420f383c020201405c6bfd49d768d768f833fefbab6464660f38323c8fc481e5eb85ee000000a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") 17:29:47 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) 17:29:47 executing program 1: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00'}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) write$cgroup_subtree(r1, &(0x7f00000008c0)=ANY=[], 0x0) socket$kcm(0x2, 0x80000000005, 0x2) openat$tun(0xffffffffffffff9c, 0x0, 0x28082, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f00000004c0)='securitytrusted-\'em0ppp0\'-em1\x00') perf_event_open(0x0, 0x0, 0x2, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.memory_pressure\x00', 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000800)={0xffffffffffffffff, 0x0}, 0x10) socket$kcm(0xa, 0x2, 0x11) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) 17:29:47 executing program 3: r0 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x14, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000000)=@caif=@rfm={0x25, 0x5, "8de06f55c742ae7c2bb7ed7767c245f6"}, 0x80, 0x0}, 0x0) [ 352.344986] ================================================================== [ 352.352733] BUG: KASAN: use-after-free in erspan_build_header+0x392/0x3b0 [ 352.359687] Read of size 2 at addr ffff888084d1f58b by task syz-executor.3/7335 [ 352.367140] [ 352.368780] CPU: 0 PID: 7335 Comm: syz-executor.3 Not tainted 4.14.119 #11 [ 352.375801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 352.385225] Call Trace: [ 352.387885] dump_stack+0x138/0x19c [ 352.391532] ? erspan_build_header+0x392/0x3b0 [ 352.396235] print_address_description.cold+0x7c/0x1dc [ 352.401602] ? erspan_build_header+0x392/0x3b0 [ 352.406211] kasan_report.cold+0x11e/0x2db [ 352.410473] __asan_report_load_n_noabort+0xf/0x20 [ 352.415422] erspan_build_header+0x392/0x3b0 [ 352.419894] ? iptunnel_handle_offloads+0x2f3/0x500 [ 352.424915] erspan_xmit+0x3ec/0x11c0 [ 352.428722] ? __gre_xmit+0x890/0x890 [ 352.432625] ? lock_acquire+0x16f/0x430 [ 352.436685] ? packet_direct_xmit+0x345/0x640 [ 352.441189] packet_direct_xmit+0x438/0x640 [ 352.445543] packet_sendmsg+0x329f/0x5930 [ 352.449799] ? avc_has_perm_noaudit+0x420/0x420 [ 352.454568] ? __might_fault+0x110/0x1d0 [ 352.458668] ? rw_copy_check_uvector+0x1f1/0x290 [ 352.463445] ? packet_notifier+0x770/0x770 [ 352.467787] ? copy_msghdr_from_user+0x292/0x3f0 [ 352.472559] ? security_socket_sendmsg+0x8f/0xc0 [ 352.477313] ? packet_notifier+0x770/0x770 [ 352.481545] sock_sendmsg+0xd0/0x110 [ 352.485260] ___sys_sendmsg+0x70c/0x850 [ 352.489232] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 352.494018] ? __fget+0x210/0x370 [ 352.497471] ? find_held_lock+0x35/0x130 [ 352.501527] ? __fget+0x210/0x370 [ 352.504982] ? lock_downgrade+0x6e0/0x6e0 [ 352.509130] ? __fget+0x237/0x370 [ 352.512725] ? __fdget+0x1b/0x20 [ 352.516089] ? sockfd_lookup_light+0xb4/0x160 [ 352.520586] __sys_sendmsg+0xb9/0x140 [ 352.524413] ? SyS_shutdown+0x180/0x180 [ 352.528428] ? put_timespec64+0xb4/0x100 [ 352.532522] ? SyS_clock_gettime+0xfd/0x190 [ 352.536864] SyS_sendmsg+0x2d/0x50 [ 352.540408] ? __sys_sendmsg+0x140/0x140 [ 352.544552] do_syscall_64+0x1eb/0x640 [ 352.548438] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 352.553344] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 352.558532] RIP: 0033:0x458da9 [ 352.561717] RSP: 002b:00007f94dfb7ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 352.569428] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458da9 [ 352.576699] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 352.583970] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 352.591240] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f94dfb7b6d4 [ 352.598509] R13: 00000000004c6745 R14: 00000000004db370 R15: 00000000ffffffff [ 352.605792] [ 352.607465] Allocated by task 0: [ 352.610852] save_stack_trace+0x16/0x20 [ 352.614826] save_stack+0x45/0xd0 [ 352.618279] kasan_kmalloc+0xce/0xf0 [ 352.621985] kasan_slab_alloc+0xf/0x20 [ 352.625941] kmem_cache_alloc+0x12e/0x780 [ 352.630107] skb_clone+0x129/0x310 [ 352.633644] packet_rcv_spkt+0x424/0x560 [ 352.637726] __netif_receive_skb_core+0x9be/0x2ae0 [ 352.642656] __netif_receive_skb+0x2c/0x1b0 [ 352.647550] netif_receive_skb_internal+0xe4/0x5a0 [ 352.652478] napi_gro_receive+0x2fb/0x410 [ 352.656762] receive_buf+0x532/0x3fd0 [ 352.660567] virtnet_poll+0x515/0xa6e [ 352.664363] net_rx_action+0x495/0xf80 [ 352.668249] __do_softirq+0x24e/0x9ae [ 352.672038] [ 352.673659] Freed by task 0: [ 352.676673] save_stack_trace+0x16/0x20 [ 352.680667] save_stack+0x45/0xd0 [ 352.684119] kasan_slab_free+0x75/0xc0 [ 352.688004] kmem_cache_free+0x83/0x2b0 [ 352.691983] kfree_skbmem+0xac/0x120 [ 352.695693] kfree_skb+0xbd/0x350 [ 352.699180] packet_rcv_spkt+0xd9/0x560 [ 352.703155] __netif_receive_skb_core+0x9be/0x2ae0 [ 352.708084] __netif_receive_skb+0x2c/0x1b0 [ 352.712430] netif_receive_skb_internal+0xe4/0x5a0 [ 352.717359] napi_gro_receive+0x2fb/0x410 [ 352.721505] receive_buf+0x532/0x3fd0 [ 352.725308] virtnet_poll+0x515/0xa6e [ 352.729111] net_rx_action+0x495/0xf80 [ 352.732997] __do_softirq+0x24e/0x9ae [ 352.736784] [ 352.738413] The buggy address belongs to the object at ffff888084d1f500 [ 352.738413] which belongs to the cache skbuff_head_cache of size 232 [ 352.751595] The buggy address is located 139 bytes inside of [ 352.751595] 232-byte region [ffff888084d1f500, ffff888084d1f5e8) [ 352.763494] The buggy address belongs to the page: [ 352.768431] page:ffffea00021347c0 count:1 mapcount:0 mapping:ffff888084d1f000 index:0x0 [ 352.776578] flags: 0x1fffc0000000100(slab) [ 352.780812] raw: 01fffc0000000100 ffff888084d1f000 0000000000000000 000000010000000c [ 352.788697] raw: ffffea000294dee0 ffffea00020e5260 ffff88821b757240 0000000000000000 [ 352.796613] page dumped because: kasan: bad access detected [ 352.802320] [ 352.803937] Memory state around the buggy address: [ 352.808865] ffff888084d1f480: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 352.816225] ffff888084d1f500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 352.823621] >ffff888084d1f580: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 352.830976] ^ [ 352.834597] ffff888084d1f600: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 352.841953] ffff888084d1f680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 352.849309] ================================================================== [ 352.856664] Disabling lock debugging due to kernel taint [ 352.862345] Kernel panic - not syncing: panic_on_warn set ... [ 352.862345] [ 352.869730] CPU: 0 PID: 7335 Comm: syz-executor.3 Tainted: G B 4.14.119 #11 [ 352.877975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 352.887344] Call Trace: [ 352.889944] dump_stack+0x138/0x19c [ 352.893585] ? erspan_build_header+0x392/0x3b0 [ 352.898250] panic+0x1f2/0x438 [ 352.901468] ? add_taint.cold+0x16/0x16 [ 352.905458] kasan_end_report+0x47/0x4f [ 352.909442] kasan_report.cold+0x13b/0x2db [ 352.913682] __asan_report_load_n_noabort+0xf/0x20 [ 352.918618] erspan_build_header+0x392/0x3b0 [ 352.923034] ? iptunnel_handle_offloads+0x2f3/0x500 [ 352.928055] erspan_xmit+0x3ec/0x11c0 [ 352.931863] ? __gre_xmit+0x890/0x890 [ 352.935680] ? lock_acquire+0x16f/0x430 [ 352.939658] ? packet_direct_xmit+0x345/0x640 [ 352.944162] packet_direct_xmit+0x438/0x640 [ 352.948489] packet_sendmsg+0x329f/0x5930 [ 352.952646] ? avc_has_perm_noaudit+0x420/0x420 [ 352.957326] ? __might_fault+0x110/0x1d0 [ 352.961392] ? rw_copy_check_uvector+0x1f1/0x290 [ 352.966175] ? packet_notifier+0x770/0x770 [ 352.970425] ? copy_msghdr_from_user+0x292/0x3f0 [ 352.975365] ? security_socket_sendmsg+0x8f/0xc0 [ 352.980133] ? packet_notifier+0x770/0x770 [ 352.984373] sock_sendmsg+0xd0/0x110 [ 352.988095] ___sys_sendmsg+0x70c/0x850 [ 352.992071] ? copy_msghdr_from_user+0x3f0/0x3f0 17:29:48 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x80001000008912, &(0x7f0000000700)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000440)="f2af91930f0124eda133fa20430fbafce842f66188d0d4430fc7f314c1ab5bf9e2f9660f3a0fae5e090000ba023c1fb63ac4817d73d74ec482310d46f449f216c863fa438036a91bdbae95aaaa420f383c02c401405c6bfd49d768d768f833fefbab6464660f38323c8f26dbc1a1fe5ff6f6df0804f4c4efa59c0f01c4288ba6452e000054c4431d5cc100") [ 352.996833] ? __fget+0x210/0x370 [ 353.000297] ? find_held_lock+0x35/0x130 [ 353.004368] ? __fget+0x210/0x370 [ 353.007835] ? lock_downgrade+0x6e0/0x6e0 [ 353.011987] ? __fget+0x237/0x370 [ 353.015447] ? __fdget+0x1b/0x20 [ 353.018826] ? sockfd_lookup_light+0xb4/0x160 [ 353.023324] __sys_sendmsg+0xb9/0x140 [ 353.027126] ? SyS_shutdown+0x180/0x180 [ 353.031111] ? put_timespec64+0xb4/0x100 [ 353.035183] ? SyS_clock_gettime+0xfd/0x190 [ 353.039515] SyS_sendmsg+0x2d/0x50 [ 353.043059] ? __sys_sendmsg+0x140/0x140 [ 353.047129] do_syscall_64+0x1eb/0x640 [ 353.051030] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 353.055891] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 353.061268] RIP: 0033:0x458da9 [ 353.064454] RSP: 002b:00007f94dfb7ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 353.070341] kobject: 'nr0' (ffff888045db0e30): kobject_add_internal: parent: 'net', set: 'devices' [ 353.072165] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458da9 [ 353.072171] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 353.072177] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 353.072182] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f94dfb7b6d4 [ 353.072188] R13: 00000000004c6745 R14: 00000000004db370 R15: 00000000ffffffff [ 353.082578] Kernel Offset: disabled [ 353.122680] Rebooting in 86400 seconds..