[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   31.383183] random: sshd: uninitialized urandom read (32 bytes read)
[   31.651510] kauditd_printk_skb: 9 callbacks suppressed
[   31.651518] audit: type=1400 audit(1568561163.903:35): avc:  denied  { map } for  pid=6807 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   31.706840] random: sshd: uninitialized urandom read (32 bytes read)
[   32.286332] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.1.55' (ECDSA) to the list of known hosts.
[   37.771055] random: sshd: uninitialized urandom read (32 bytes read)
2019/09/15 15:26:10 fuzzer started
[   37.967579] audit: type=1400 audit(1568561170.213:36): avc:  denied  { map } for  pid=6818 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   38.598051] random: cc1: uninitialized urandom read (8 bytes read)
2019/09/15 15:26:11 dialing manager at 10.128.0.105:34685
2019/09/15 15:26:11 syscalls: 2466
2019/09/15 15:26:11 code coverage: enabled
2019/09/15 15:26:11 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument
2019/09/15 15:26:11 extra coverage: extra coverage is not supported by the kernel
2019/09/15 15:26:11 setuid sandbox: enabled
2019/09/15 15:26:11 namespace sandbox: enabled
2019/09/15 15:26:11 Android sandbox: /sys/fs/selinux/policy does not exist
2019/09/15 15:26:11 fault injection: enabled
2019/09/15 15:26:11 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/09/15 15:26:11 net packet injection: enabled
2019/09/15 15:26:11 net device setup: enabled
[   40.706928] random: crng init done
15:27:53 executing program 5:
openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000440)='/proc/self//exe\x00', 0x3, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00\x02\x17\x87:\xf4\x03\xdfc\x88,5I\xd7^\xb5D\xf7\xd7\xdb,(\xd5\x00\xc2\x06MG\xcd\xe9w\xe5s\x02\xf2\xea\xb6\xabsp\x12xT8\x01\x00\xd4S\xd8F\xab.x|\x8b\x87\xb0\xa2\xf5Y>\xb1 p\x998(\xe63\xcf\x7f\xac\x89F\x03n\x96\x15zsw\x98\xca\xcb3\xb6M=h\x01i.\xa3\xda}\x190~\xe7d6\xa5\x17\xb3\xe9\xd9QV\x0f\xf3\x02\xd6\xc1\xc3n\xcd*R\x9a\x95\x12\x05K\xa0<\xc9\xe3\xed\xab\xc9\x8bK\xb3\x86\xe2\x93f\x92iKA|e\x97k :,J36\x11\xf0\x99\x96\xb7]\xfd\xe3\v\xd8\x98\xc5o\xc6\xde\x80\xf7_\xc9\x8f\xaf\xf9\xd5\xb7ui\xea\xde\xd0\xeb\xd9\xf5_\v\xe2*\xa3\xf4\xab?n\xcb\x19i\x80\x91\xd2\xf6\x14\xfe!!0\x84L\x86\x81\x95,B\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xab*[\xa5\xb217\x93\xf3\x88\x92\xa6\xde\x11\xa2-J\x9d\xc9\xb2\x97\xa3\x88v\x9eR\x155\xc7N!\xdb\"8\xc8I\xb9c\xed\xa7!\t\x85s\xb1\xa5\xa7R2Yf\x1c\xf8\xc2z>\xb1\x9c\x02a\x87\xe9\xb8\xf8\xdcv\xb6\xe4\xa6\n\x0e\x83lM7\xcc?\xea\x19\x99\xce\x1c\x10\xd2lQ(\xc7\xe9\xef\xd2Q\vY\xf58\x10|8}uE\xaf\xb4w;\xbc\xe4\x01\xd8\xf2\xf9u\xc1Dt\'\x84\xb5\xa4\x83\xeft\xfc\xf3\xdd\x87<B%\xd1g\xd6\xe3\xca8\x9aT\x0e\xf5iA\x05\x13\x02\x14\to\xca\xf7\x04\x15U2\xaef\x1d\xb6\x9f')
fcntl$setstatus(r0, 0x4, 0xc800)
read(r0, &(0x7f0000000000)=""/17, 0xfffffcd6)

15:27:53 executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x29}]}, &(0x7f0000000040)='J@<GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)

15:27:53 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x44}]}, &(0x7f0000000040)='J@<GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)

15:27:53 executing program 1:
r0 = open(&(0x7f00000000c0)='./bus\x00', 0x8001141042, 0x0)
write$vhci(r0, &(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2)
creat(&(0x7f0000000100)='./bus\x00', 0x0)

15:27:53 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x22}]}, &(0x7f0000000040)='J@<GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)

15:27:53 executing program 4:
syz_emit_ethernet(0x66, &(0x7f0000000080)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}, @loopback}, @gre={{0x0, 0x0, 0x1, 0x0, 0xb, 0x0, 0x0, 0x4, 0x6558}, {}, {}, {0x8, 0x88be, 0x0, {{}, 0xffffca88}}}}}}}, 0x0)

[  141.318321] audit: type=1400 audit(1568561273.563:37): avc:  denied  { map } for  pid=6818 comm="syz-fuzzer" path="/root/syzkaller-shm650899637" dev="sda1" ino=16461 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[  141.378991] audit: type=1400 audit(1568561273.583:38): avc:  denied  { map } for  pid=6836 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13787 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[  141.731242] IPVS: ftp: loaded support on port[0] = 21
[  142.611476] IPVS: ftp: loaded support on port[0] = 21
[  142.628357] chnl_net:caif_netlink_parms(): no params data found
[  142.682260] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.688653] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.695736] device bridge_slave_0 entered promiscuous mode
[  142.701182] IPVS: ftp: loaded support on port[0] = 21
[  142.720701] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.727056] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.734125] device bridge_slave_1 entered promiscuous mode
[  142.775171] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  142.784104] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  142.818012] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  142.825487] team0: Port device team_slave_0 added
[  142.826212] IPVS: ftp: loaded support on port[0] = 21
[  142.831084] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  142.843601] team0: Port device team_slave_1 added
[  142.848862] chnl_net:caif_netlink_parms(): no params data found
[  142.862970] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  142.882628] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  142.952936] device hsr_slave_0 entered promiscuous mode
[  142.990464] device hsr_slave_1 entered promiscuous mode
[  143.062623] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  143.097056] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  143.127030] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.133571] bridge0: port 1(bridge_slave_0) entered disabled state
[  143.140632] device bridge_slave_0 entered promiscuous mode
[  143.158276] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.165463] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.165970] IPVS: ftp: loaded support on port[0] = 21
[  143.177817] device bridge_slave_1 entered promiscuous mode
[  143.192969] chnl_net:caif_netlink_parms(): no params data found
[  143.207345] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.213807] bridge0: port 2(bridge_slave_1) entered forwarding state
[  143.220734] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.227081] bridge0: port 1(bridge_slave_0) entered forwarding state
[  143.279213] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  143.308129] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  143.326232] chnl_net:caif_netlink_parms(): no params data found
[  143.372531] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  143.380418] team0: Port device team_slave_0 added
[  143.386676] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  143.395614] team0: Port device team_slave_1 added
[  143.396485] IPVS: ftp: loaded support on port[0] = 21
[  143.400835] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.412491] bridge0: port 1(bridge_slave_0) entered disabled state
[  143.419944] device bridge_slave_0 entered promiscuous mode
[  143.438267] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  143.448303] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.455543] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.462488] device bridge_slave_1 entered promiscuous mode
[  143.485972] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  143.506559] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  143.520584] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  143.592232] device hsr_slave_0 entered promiscuous mode
[  143.630381] device hsr_slave_1 entered promiscuous mode
[  143.700510] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.706891] bridge0: port 1(bridge_slave_0) entered disabled state
[  143.714585] device bridge_slave_0 entered promiscuous mode
[  143.754324] bridge0: port 1(bridge_slave_0) entered disabled state
[  143.761666] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.770165] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  143.777983] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  143.784912] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.791508] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.798369] device bridge_slave_1 entered promiscuous mode
[  143.822074] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  143.829502] team0: Port device team_slave_0 added
[  143.840963] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  143.848127] team0: Port device team_slave_1 added
[  143.853951] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  143.861867] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  143.870151] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  143.880911] chnl_net:caif_netlink_parms(): no params data found
[  143.909948] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  143.993662] device hsr_slave_0 entered promiscuous mode
[  144.030442] device hsr_slave_1 entered promiscuous mode
[  144.085415] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  144.096381] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  144.113002] bridge0: port 1(bridge_slave_0) entered blocking state
[  144.119415] bridge0: port 1(bridge_slave_0) entered disabled state
[  144.126676] device bridge_slave_0 entered promiscuous mode
[  144.138535] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  144.147470] 8021q: adding VLAN 0 to HW filter on device bond0
[  144.156732] bridge0: port 2(bridge_slave_1) entered blocking state
[  144.163211] bridge0: port 2(bridge_slave_1) entered disabled state
[  144.170507] device bridge_slave_1 entered promiscuous mode
[  144.176993] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  144.184824] team0: Port device team_slave_0 added
[  144.243114] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  144.252172] team0: Port device team_slave_1 added
[  144.257574] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  144.265203] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  144.278953] chnl_net:caif_netlink_parms(): no params data found
[  144.297558] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  144.306523] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  144.315657] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  144.362880] device hsr_slave_0 entered promiscuous mode
[  144.401454] device hsr_slave_1 entered promiscuous mode
[  144.448743] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  144.457671] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  144.471875] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  144.479979] team0: Port device team_slave_0 added
[  144.485978] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  144.493653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  144.501477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  144.525555] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  144.533921] team0: Port device team_slave_1 added
[  144.539358] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  144.551892] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  144.559011] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  144.565518] 8021q: adding VLAN 0 to HW filter on device team0
[  144.572653] bridge0: port 1(bridge_slave_0) entered blocking state
[  144.578997] bridge0: port 1(bridge_slave_0) entered disabled state
[  144.586442] device bridge_slave_0 entered promiscuous mode
[  144.594126] bridge0: port 2(bridge_slave_1) entered blocking state
[  144.600847] bridge0: port 2(bridge_slave_1) entered disabled state
[  144.607751] device bridge_slave_1 entered promiscuous mode
[  144.619904] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  144.643427] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  144.692260] device hsr_slave_0 entered promiscuous mode
[  144.730379] device hsr_slave_1 entered promiscuous mode
[  144.770859] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  144.785958] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  144.795109] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  144.811564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  144.819408] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  144.827069] bridge0: port 1(bridge_slave_0) entered blocking state
[  144.833547] bridge0: port 1(bridge_slave_0) entered forwarding state
[  144.841497] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  144.849483] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  144.862841] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  144.874068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  144.882022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  144.889505] bridge0: port 2(bridge_slave_1) entered blocking state
[  144.895904] bridge0: port 2(bridge_slave_1) entered forwarding state
[  144.904890] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  144.926604] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  144.934339] team0: Port device team_slave_0 added
[  144.951196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  144.962036] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  144.975022] 8021q: adding VLAN 0 to HW filter on device bond0
[  144.982546] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  144.989820] team0: Port device team_slave_1 added
[  145.000797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  145.009178] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  145.020010] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  145.031381] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  145.039746] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  145.046647] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  145.056423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  145.064502] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  145.072395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  145.079206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  145.086600] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  145.096250] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  145.109276] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  145.115600] 8021q: adding VLAN 0 to HW filter on device team0
[  145.122681] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  145.131688] 8021q: adding VLAN 0 to HW filter on device bond0
[  145.139266] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  145.146565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  145.154316] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  145.167344] 8021q: adding VLAN 0 to HW filter on device bond0
[  145.177524] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  145.233677] device hsr_slave_0 entered promiscuous mode
[  145.280379] device hsr_slave_1 entered promiscuous mode
[  145.320973] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  145.327793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  145.335781] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  145.345087] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  145.353718] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  145.365334] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  145.373347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  145.381646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  145.389307] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.395783] bridge0: port 1(bridge_slave_0) entered forwarding state
[  145.402846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  145.410837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  145.418446] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  145.426451] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  145.435102] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  145.441542] 8021q: adding VLAN 0 to HW filter on device team0
[  145.449628] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  145.456527] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  145.466137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  145.481831] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  145.493170] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  145.503383] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  145.509390] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  145.516870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  145.524754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  145.532672] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.538992] bridge0: port 1(bridge_slave_0) entered forwarding state
[  145.546213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  145.553952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  145.561695] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.568025] bridge0: port 2(bridge_slave_1) entered forwarding state
[  145.575725] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  145.590350] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  145.597957] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  145.606918] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  145.616497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  145.623984] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  145.632009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  145.639514] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.645887] bridge0: port 2(bridge_slave_1) entered forwarding state
[  145.652981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  145.659738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  145.666967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  145.678557] 8021q: adding VLAN 0 to HW filter on device bond0
[  145.687731] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  145.694046] 8021q: adding VLAN 0 to HW filter on device team0
[  145.702041] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  145.714715] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  145.726550] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  145.733068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  145.741842] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  145.752027] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  145.760663] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  145.771849] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  145.780866] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  145.789942] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  145.797907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  145.805914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  145.814188] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  145.821770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  145.829290] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  145.836844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  145.844742] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  145.852346] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.858690] bridge0: port 1(bridge_slave_0) entered forwarding state
[  145.865848] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  145.873199] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  145.880766] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  145.891319] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  145.905279] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  145.912899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  145.921069] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  145.929475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  145.936667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  145.945674] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  145.953774] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  145.967240] 8021q: adding VLAN 0 to HW filter on device batadv0
[  145.975155] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  145.981367] 8021q: adding VLAN 0 to HW filter on device team0
[  145.991211] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  145.998529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  146.006929] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  146.018942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  146.026609] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  146.034512] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  146.042491] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  146.053161] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.059495] bridge0: port 2(bridge_slave_1) entered forwarding state
[  146.068182] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  146.078823] 8021q: adding VLAN 0 to HW filter on device bond0
[  146.087025] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  146.101217] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  146.110778] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  146.117775] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  146.125321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  146.132979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  146.140949] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  146.148476] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.154940] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.163162] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  146.171419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  146.179010] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.185386] bridge0: port 2(bridge_slave_1) entered forwarding state
[  146.192187] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  146.200375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  146.208147] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  146.217702] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  146.226603] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  146.238298] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  146.245364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  146.253659] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  146.262818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  146.270416] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  146.277935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  146.286159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  146.295866] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  146.302069] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  146.309658] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  146.317906] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  146.324376] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  146.334831] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  146.347774] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  146.358874] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  146.368292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  146.376114] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  146.384139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  146.396616] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  146.410536] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  146.417632] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  146.425256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  146.432929] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  146.440873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  146.447776] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  146.456692] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  146.465112] 8021q: adding VLAN 0 to HW filter on device batadv0
15:27:58 executing program 5:

[  146.475242] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  146.487671] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  146.504221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  146.513481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
15:27:58 executing program 5:

[  146.525443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  146.535631] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  146.552259] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  146.565536] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
15:27:58 executing program 5:

[  146.580655] 8021q: adding VLAN 0 to HW filter on device team0
[  146.592293] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  146.601415] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  146.617477] 8021q: adding VLAN 0 to HW filter on device batadv0
15:27:58 executing program 5:

[  146.625981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  146.634539] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  146.649724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  146.666563] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
15:27:58 executing program 5:

15:27:58 executing program 5:

[  146.676595] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.682991] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.690553] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  146.703283] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  146.719458] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  146.732732] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  146.740464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  146.748085] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  146.764592] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
15:27:59 executing program 5:

[  146.781242] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  146.805171] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  146.817469] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  146.828703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  146.839073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  146.850399] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.856896] bridge0: port 2(bridge_slave_1) entered forwarding state
[  146.864660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  146.873024] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  146.880983] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  146.889260] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  146.899474] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  146.913846] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  146.919865] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  146.929002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  146.947040] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  146.967696] 8021q: adding VLAN 0 to HW filter on device batadv0
[  146.974853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  146.991498] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  147.002316] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  147.009194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  147.017476] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  147.030982] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  147.040328] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  147.048722] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  147.056752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  147.064714] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  147.072848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  147.081055] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  147.096461] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  147.109166] 8021q: adding VLAN 0 to HW filter on device batadv0
[  147.116806] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  147.126312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  147.136577] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  147.146996] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
15:27:59 executing program 0:

[  147.168781] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  147.188042] 8021q: adding VLAN 0 to HW filter on device batadv0
15:27:59 executing program 5:

15:28:00 executing program 1:
r0 = socket$kcm(0x2b, 0x8000000000001, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001280)={&(0x7f0000000100)=ANY=[@ANYBLOB="380000001d000105000000d36b0e7b5a9e445a00", @ANYRES32=0x0, @ANYBLOB="00000000000000001800120008000100677265000c00020008000700e0000001"], 0x38}}, 0x0)

15:28:00 executing program 3:

15:28:00 executing program 0:

15:28:00 executing program 2:

15:28:00 executing program 5:

15:28:00 executing program 4:
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r1, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "d44eb8c7308ec7c4", "442065238929350ade91900b51fc9534", "6bdda720", "7ee51430da3f51b3"}, 0x28)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(r2, r1)

15:28:00 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca51d5e0bcfe47bf070")
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0)

15:28:00 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/ptmx\x00', 0x8000000080001, 0x0)
write$binfmt_aout(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="167d0000000057e1749bf75b4b5f85f0864fafe2ada28e42c6c00d837578669963eb145a229f0d2ae0a27ed9f522ff3bf637ee91cdb1572221651c515ae38d33fa5e676d"], 0x1)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040))
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
r2 = syz_open_pts(r0, 0x0)
ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000))

15:28:00 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'lo\x00'})
r1 = socket(0xa, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000001400210100540000000000000a000000", @ANYRES32=r3, @ANYBLOB="080008000000000014000200000000000000000000000000000000011400010000f70000000000000000ffffac1e000114000600000000000900"/68], 0x5c}}, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'lo\x00\x00\x00\x00\x04\x00\x00\x00\x00\x06\x00', 0xfd})

15:28:00 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newsa={0x154, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in6=@dev}, {@in6=@rand_addr="c8000400", 0x0, 0x33}, @in=@broadcast, {}, {}, {}, 0x0, 0x0, 0x2}, [@replay_esn_val={0x1c}, @algo_auth={0x48, 0x1, {{'md5\x00'}, 0x2}}]}, 0x154}}, 0x0)

[  148.425657] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
15:28:00 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newsa={0x140, 0x10, 0x713, 0x0, 0x0, {{@in=@loopback, @in6=@dev}, {@in6=@rand_addr="c8000400", 0x0, 0x33}, @in, {}, {}, {}, 0x0, 0x0, 0x2}, [@tfcpad={0x8}, @algo_auth={0x48, 0x1, {{'sha512-arm64\x00'}, 0xd6}}]}, 0x140}}, 0x0)

15:28:00 executing program 3:
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, 0xffffffffffffff3d}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bcsh0\x00', 0x21})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='ns\x00')
getdents(r2, &(0x7f0000000040)=""/46, 0x2e)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89f1, &(0x7f0000000080)='ip6tnl0\x00')
ioctl(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0)

15:28:00 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_vs_stats_percpu\x00')
getsockopt$TIPC_NODE_RECVQ_DEPTH(r0, 0x10f, 0x83, 0x0, 0x0)
openat$md(0xffffffffffffff9c, 0x0, 0x400000, 0x0)
ioctl$void(0xffffffffffffffff, 0x5451)
prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b)
mkdir(0x0, 0x100000000020)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x9d7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_RESET(r1, 0x2403, 0x7)
lstat(0x0, &(0x7f0000000c40))
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000740)={0x0, 0x7fff}, 0x0)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
ioctl$BLKROTATIONAL(0xffffffffffffffff, 0x127e, &(0x7f0000000180))
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000008c0)={0x0, 0x0, 0x20}, 0x0)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000200)={0x0, 0x0})
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000500)={0x0, 0x0, 0x140a09e5, 0x0, 0x9965, 0x3}, &(0x7f0000000540)=0x14)
ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, &(0x7f0000000300)={0x0, &(0x7f0000000480)=""/112})
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000840)={0x2, &(0x7f0000000800)=[{}, {}]})
clock_gettime(0x0, &(0x7f0000000a40))
preadv(0xffffffffffffffff, &(0x7f0000000b00)=[{0x0}, {&(0x7f0000000380)=""/12, 0xc}, {0x0}, {&(0x7f0000000580)=""/35, 0x23}, {0x0}, {&(0x7f00000005c0)=""/37, 0x25}], 0x6, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000001c0)='/dev/snd/midiC#D#\x00', 0x0, 0x381)
ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40286608, &(0x7f0000000280)={0x200, 0x6, 0x3ff, 0x1, 0x6, 0x6})
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f0000000040)=[{&(0x7f00000002c0)="3900000013000900edc6e91f48ec5804ab007448100000004600010700000014190001c0000000edff0003f5480000000000ef38bf461e59d7", 0x39}], 0x1)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001000010500"/20, @ANYRES32=0x0, @ANYBLOB="00000000ee0000001c0012000c00010062726964676500000c0002000800020039450000c39da61b9c8b074099a61aa4dde9590a"], 0x3c}}, 0x0)

[  148.514317] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6961 comm=syz-executor.2
15:28:00 executing program 1:
r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0)
write$eventfd(r0, &(0x7f00000001c0), 0xffffff7f)
r1 = open(&(0x7f0000000040)='./bus\x00', 0x10d000, 0x0)
read$FUSE(r1, &(0x7f0000000200), 0x1000)

15:28:00 executing program 2:
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x1ffffffe)
r0 = syz_open_dev$loop(&(0x7f0000000540)='/dev/loop#\x00', 0x0, 0x105082)
write(r0, 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x10, r0, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0x1000}, 0x2a, 0x0)
r1 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$read(0xb, r1, &(0x7f0000000240)=""/112, 0x349b7f55)
openat$zero(0xffffffffffffff9c, 0x0, 0x103, 0x0)
ioctl$RTC_EPOCH_READ(0xffffffffffffffff, 0x8008700d, 0x0)

[  148.654150] hrtimer: interrupt took 45042 ns
[  148.659184] ==================================================================
[  148.666868] BUG: KASAN: use-after-free in tcp_init_tso_segs+0x1ae/0x200
[  148.673636] Read of size 2 at addr ffff8880915107f0 by task syz-executor.4/6951
[  148.681092] 
[  148.682736] CPU: 0 PID: 6951 Comm: syz-executor.4 Not tainted 4.14.143 #0
[  148.689668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  148.699039] Call Trace:
[  148.701733]  dump_stack+0x138/0x197
[  148.705365]  ? tcp_init_tso_segs+0x1ae/0x200
[  148.711333]  print_address_description.cold+0x7c/0x1dc
[  148.716604]  ? tcp_init_tso_segs+0x1ae/0x200
[  148.721000]  kasan_report.cold+0xa9/0x2af
[  148.725136]  __asan_report_load2_noabort+0x14/0x20
[  148.730052]  tcp_init_tso_segs+0x1ae/0x200
[  148.734266]  ? tcp_tso_segs+0x7d/0x1c0
[  148.738136]  tcp_write_xmit+0x15e/0x4960
[  148.742191]  ? tcp_v6_md5_lookup+0x23/0x30
[  148.746422]  ? tcp_established_options+0x2c5/0x420
[  148.751348]  ? tcp_current_mss+0x1dc/0x2f0
[  148.755566]  ? __alloc_skb+0x3ee/0x500
[  148.759437]  __tcp_push_pending_frames+0xa6/0x260
[  148.764264]  tcp_send_fin+0x17e/0xc40
[  148.768136]  tcp_close+0xcc8/0xfb0
[  148.771666]  ? __local_bh_enable_ip+0x99/0x1a0
[  148.776236]  tls_sk_proto_close+0x157/0x750
[  148.780542]  ? tcp_check_oom+0x460/0x460
[  148.784587]  ? tls_write_space+0x2a0/0x2a0
[  148.788804]  ? ip_mc_drop_socket+0x1d6/0x230
[  148.793209]  inet_release+0xec/0x1c0
[  148.796934]  inet6_release+0x53/0x80
[  148.800634]  __sock_release+0xce/0x2b0
[  148.804512]  ? __sock_release+0x2b0/0x2b0
[  148.808641]  sock_close+0x1b/0x30
[  148.812077]  __fput+0x275/0x7a0
[  148.815355]  ____fput+0x16/0x20
[  148.818620]  task_work_run+0x114/0x190
[  148.822501]  exit_to_usermode_loop+0x1da/0x220
[  148.827070]  do_syscall_64+0x4bc/0x640
[  148.831038]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  148.835874]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  148.841049] RIP: 0033:0x4598e9
[  148.844223] RSP: 002b:00007fb15d0a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  148.851916] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004598e9
[  148.859169] RDX: 0000000000000001 RSI: 000000000000011a RDI: 0000000000000005
[  148.866508] RBP: 000000000075bf20 R08: 0000000000000028 R09: 0000000000000000
[  148.873789] R10: 0000000020000100 R11: 0000000000000246 R12: 00007fb15d0aa6d4
[  148.881055] R13: 00000000004c7f4f R14: 00000000004dde48 R15: 00000000ffffffff
[  148.888324] 
[  148.889937] Allocated by task 6951:
[  148.893554]  save_stack_trace+0x16/0x20
[  148.897597]  save_stack+0x45/0xd0
[  148.901034]  kasan_kmalloc+0xce/0xf0
[  148.904731]  kasan_slab_alloc+0xf/0x20
[  148.908603]  kmem_cache_alloc_node+0x144/0x780
[  148.913184]  __alloc_skb+0x9c/0x500
[  148.916802]  sk_stream_alloc_skb+0xb3/0x780
[  148.921111]  tcp_sendmsg_locked+0xf61/0x3200
[  148.925685]  tcp_sendmsg+0x30/0x50
[  148.929302]  inet_sendmsg+0x122/0x500
[  148.933090]  sock_sendmsg+0xce/0x110
[  148.936911]  SYSC_sendto+0x206/0x310
[  148.940622]  SyS_sendto+0x40/0x50
[  148.944063]  do_syscall_64+0x1e8/0x640
[  148.948036]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  148.963382] 
[  148.964990] Freed by task 6951:
[  148.968260]  save_stack_trace+0x16/0x20
[  148.972217]  save_stack+0x45/0xd0
[  148.975751]  kasan_slab_free+0x75/0xc0
[  148.979645]  kmem_cache_free+0x83/0x2b0
[  148.983622]  kfree_skbmem+0x8d/0x120
[  148.987331]  __kfree_skb+0x1e/0x30
[  148.990861]  tcp_remove_empty_skb.part.0+0x231/0x2e0
[  148.995994]  tcp_sendmsg_locked+0x1ced/0x3200
[  149.000471]  tcp_sendmsg+0x30/0x50
[  149.003993]  inet_sendmsg+0x122/0x500
[  149.007779]  sock_sendmsg+0xce/0x110
[  149.011487]  SYSC_sendto+0x206/0x310
[  149.015273]  SyS_sendto+0x40/0x50
[  149.018711]  do_syscall_64+0x1e8/0x640
[  149.022673]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  149.027839] 
[  149.029559] The buggy address belongs to the object at ffff8880915107c0
[  149.029559]  which belongs to the cache skbuff_fclone_cache of size 472
[  149.042896] The buggy address is located 48 bytes inside of
[  149.042896]  472-byte region [ffff8880915107c0, ffff888091510998)
[  149.054666] The buggy address belongs to the page:
[  149.059578] page:ffffea0002454400 count:1 mapcount:0 mapping:ffff888091510040 index:0x0
[  149.067740] flags: 0x1fffc0000000100(slab)
[  149.071964] raw: 01fffc0000000100 ffff888091510040 0000000000000000 0000000100000006
[  149.079920] raw: ffffea000258e220 ffffea00025aac60 ffff88821b7203c0 0000000000000000
[  149.088785] page dumped because: kasan: bad access detected
[  149.094490] 
[  149.096098] Memory state around the buggy address:
[  149.101101]  ffff888091510680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
15:28:00 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vcs\x00', 0x109000, 0x0)
syz_open_dev$evdev(&(0x7f0000000780)='/dev/input/event#\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xe, 0x8031, 0xffffffffffffffff, 0x0)
r1 = open(0x0, 0x0, 0x59)
getdents64(r1, &(0x7f0000000680)=""/4096, 0x1a)
openat$cgroup_ro(r1, 0x0, 0x0, 0x0)

[  149.108443]  ffff888091510700: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[  149.115785] >ffff888091510780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  149.123127]                                                              ^
[  149.130130]  ffff888091510800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  149.137491]  ffff888091510880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  149.144923] ==================================================================
[  149.152262] Disabling lock debugging due to kernel taint
[  149.170240] audit: type=1400 audit(1568561280.903:39): avc:  denied  { map } for  pid=6989 comm="syz-executor.2" path="/dev/loop0" dev="devtmpfs" ino=219 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=1
[  149.185557] encrypted_key: key user:syz not found
15:28:01 executing program 2:
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x1ffffffe)
r0 = syz_open_dev$loop(&(0x7f0000000540)='/dev/loop#\x00', 0x0, 0x105082)
write(r0, 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x10, r0, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0x1000}, 0x2a, 0x0)
r1 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$read(0xb, r1, &(0x7f0000000240)=""/112, 0x349b7f55)
openat$zero(0xffffffffffffff9c, 0x0, 0x103, 0x0)
ioctl$RTC_EPOCH_READ(0xffffffffffffffff, 0x8008700d, 0x0)

[  149.214445] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  149.220509] kasan: CONFIG_KASAN_INLINE enabled
[  149.252044] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  149.293986] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  149.297237] kobject: 'tx-0' (ffff888094b4b598): kobject_uevent_env
[  149.300262] Modules linked in:
[  149.300275] CPU: 1 PID: 6947 Comm: syz-executor.4 Tainted: G    B           4.14.143 #0
[  149.300279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  149.300284] task: ffff88808c0386c0 task.stack: ffff88805f1e0000
[  149.300295] RIP: 0010:skb_clone+0x9e/0x320
[  149.300298] RSP: 0018:ffff88805f1e7930 EFLAGS: 00010246
[  149.300304] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff84d07e85
[  149.300307] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000003
[  149.300311] RBP: ffff88805f1e7950 R08: 00000000c5dda758 R09: 0000000000000000
[  149.300315] R10: 0000000000000000 R11: ffff88808c0386c0 R12: ffff888089665b00
[  149.300318] R13: 0000000001080020 R14: dffffc0000000000 R15: ffff888089665b00
[  149.300323] FS:  0000000001adb940(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
[  149.300327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  149.300331] CR2: 0000000000625208 CR3: 000000008a366000 CR4: 00000000001406e0
[  149.300337] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  149.300341] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  149.300343] Call Trace:
[  149.300357]  __tcp_transmit_skb+0x1ec/0x2fe0
[  149.300365]  ? mod_timer_pending+0x1030/0x1030
[  149.300374]  ? __tcp_select_window+0x6e0/0x6e0
[  149.300381]  ? tcp_rearm_rto.part.0+0x137/0x280
[  149.300392]  ? __asan_report_load4_noabort+0x14/0x20
[  149.300398]  ? tcp_small_queue_check+0x184/0x1e0
[  149.300406]  tcp_write_xmit+0x523/0x4960
[  149.300414]  ? tcp_v6_md5_lookup+0x23/0x30
[  149.300421]  ? tcp_established_options+0x2c5/0x420
[  149.300429]  ? tcp_current_mss+0x1b0/0x2f0
[  149.300439]  __tcp_push_pending_frames+0xa6/0x260
[  149.300446]  tcp_send_fin+0x17e/0xc40
[  149.300453]  tcp_close+0xcc8/0xfb0
[  149.300461]  ? __local_bh_enable_ip+0x99/0x1a0
[  149.300472]  tls_sk_proto_close+0x157/0x750
[  149.300479]  ? fsnotify+0x92f/0x11e0
[  149.300486]  ? tcp_check_oom+0x460/0x460
[  149.300492]  ? tls_write_space+0x2a0/0x2a0
[  149.300499]  ? ip_mc_drop_socket+0x1d6/0x230
[  149.300507]  inet_release+0xec/0x1c0
[  149.300514]  inet6_release+0x53/0x80
[  149.300521]  __sock_release+0xce/0x2b0
[  149.300528]  ? __sock_release+0x2b0/0x2b0
[  149.300533]  sock_close+0x1b/0x30
[  149.300539]  __fput+0x275/0x7a0
[  149.300549]  ____fput+0x16/0x20
[  149.300556]  task_work_run+0x114/0x190
[  149.300566]  exit_to_usermode_loop+0x1da/0x220
[  149.300574]  do_syscall_64+0x4bc/0x640
[  149.300580]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  149.300592]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  149.300598] RIP: 0033:0x4135d1
[  149.300601] RSP: 002b:00007ffd7ddbf020 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  149.300608] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 00000000004135d1
[  149.300611] RDX: 0000000000000000 RSI: 0000000000000081 RDI: 0000000000000005
[  149.300615] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffffffffff
[  149.300619] R10: 00000000007607b8 R11: 0000000000000293 R12: 000000000075bfc8
[  149.300623] R13: 0000000000000002 R14: 00000000007607c8 R15: ffffffffffffffff
[  149.300630] Code: 48 c1 ea 03 80 3c 02 00 0f 85 7f 02 00 00 49 03 9c 24 d0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 
[  149.316844] kobject: 'tx-0' (ffff888094b4b598): fill_kobj_path: path = '/devices/virtual/net/bridge1/queues/tx-0'
[  149.318325] 03 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 
[  149.340323] kobject: 'brif' (ffff8880a87bde80): kobject_add_internal: parent: 'bridge1', set: '<NULL>'
[  149.343394] 07 38 d0 7f 08 84 c0 0f 85 21 02 00 
[  149.343430] RIP: skb_clone+0x9e/0x320 RSP: ffff88805f1e7930
[  149.377905] encrypted_key: key user:syz not found
[  149.384315] kobject: 'batman_adv' (ffff8880a87bdc00): kobject_add_internal: parent: 'bridge1', set: '<NULL>'
[  149.423162] kobject: 'loop0' (ffff8880a49076a0): kobject_uevent_env
[  149.431063] kobject: 'brif' (ffff8880a87bde80): kobject_cleanup, parent ffff88805ebd5570
[  149.444452] kobject: 'loop0' (ffff8880a49076a0): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  149.448597] kobject: 'brif' (ffff8880a87bde80): auto cleanup kobject_del
[  149.470966] kobject: 'loop2' (ffff8880a49b2ee0): kobject_uevent_env
[  149.486426] kobject: 'brif' (ffff8880a87bde80): calling ktype release
[  149.505731] kobject: 'loop2' (ffff8880a49b2ee0): fill_kobj_path: path = '/devices/virtual/block/loop2'
[  149.506890] kobject: (ffff8880a87bde80): dynamic_kobj_release
[  149.512013] ---[ end trace b23a2c245574130f ]---
[  149.514944] audit: type=1804 audit(1568561281.773:40): pid=6991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir007663451/syzkaller.LOus4P/3/bus" dev="sda1" ino=16551 res=1
[  149.518501] Kernel panic - not syncing: Fatal exception
[  149.522462] audit: type=1804 audit(1568561281.783:41): pid=6994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir007663451/syzkaller.LOus4P/3/bus" dev="sda1" ino=16551 res=1
[  149.526433] Kernel Offset: disabled
[  149.792026] Rebooting in 86400 seconds..