Warning: Permanently added '[localhost]:58941' (ECDSA) to the list of known hosts. syzkaller login: [ 110.909399][ T39] kauditd_printk_skb: 7 callbacks suppressed [ 110.909411][ T39] audit: type=1400 audit(1579234652.791:42): avc: denied { map } for pid=8970 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16524 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/01/17 04:17:32 fuzzer started 2020/01/17 04:17:34 dialing manager at 10.0.2.10:42607 2020/01/17 04:17:35 syscalls: 2863 2020/01/17 04:17:35 code coverage: enabled 2020/01/17 04:17:35 comparison tracing: enabled 2020/01/17 04:17:35 extra coverage: enabled 2020/01/17 04:17:35 setuid sandbox: enabled 2020/01/17 04:17:35 namespace sandbox: enabled 2020/01/17 04:17:35 Android sandbox: /sys/fs/selinux/policy does not exist 2020/01/17 04:17:35 fault injection: enabled 2020/01/17 04:17:35 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/01/17 04:17:35 net packet injection: enabled 2020/01/17 04:17:35 net device setup: enabled 2020/01/17 04:17:35 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/01/17 04:17:35 devlink PCI setup: PCI device 0000:00:10.0 is not available 04:18:29 executing program 0: [ 167.398457][ T39] audit: type=1400 audit(1579234709.281:43): avc: denied { map } for pid=8993 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1193 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 04:18:29 executing program 1: [ 167.682929][ T8996] IPVS: ftp: loaded support on port[0] = 21 [ 167.682936][ T8994] IPVS: ftp: loaded support on port[0] = 21 04:18:29 executing program 2: [ 167.846536][ T8998] IPVS: ftp: loaded support on port[0] = 21 04:18:29 executing program 3: [ 167.986431][ T8996] chnl_net:caif_netlink_parms(): no params data found [ 168.013141][ T8994] chnl_net:caif_netlink_parms(): no params data found [ 168.074689][ T9002] IPVS: ftp: loaded support on port[0] = 21 [ 168.093088][ T8994] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.103845][ T8994] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.117708][ T8994] device bridge_slave_0 entered promiscuous mode [ 168.131525][ T8994] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.140408][ T8994] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.150891][ T8994] device bridge_slave_1 entered promiscuous mode [ 168.160386][ T8996] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.168928][ T8996] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.178036][ T8996] device bridge_slave_0 entered promiscuous mode [ 168.188479][ T8996] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.197254][ T8996] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.209560][ T8996] device bridge_slave_1 entered promiscuous mode [ 168.244499][ T8994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.264852][ T8996] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.277516][ T8994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.306230][ T8994] team0: Port device team_slave_0 added [ 168.315082][ T8996] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.334022][ T8994] team0: Port device team_slave_1 added [ 168.379109][ T8996] team0: Port device team_slave_0 added [ 168.391127][ T8996] team0: Port device team_slave_1 added [ 168.474996][ T8994] device hsr_slave_0 entered promiscuous mode [ 168.543462][ T8994] device hsr_slave_1 entered promiscuous mode [ 168.623725][ T8998] chnl_net:caif_netlink_parms(): no params data found [ 168.735420][ T8996] device hsr_slave_0 entered promiscuous mode [ 168.802787][ T8996] device hsr_slave_1 entered promiscuous mode [ 168.872589][ T8996] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 168.883432][ T8996] Cannot create hsr debugfs directory [ 168.958245][ T8998] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.966549][ T8998] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.975647][ T8998] device bridge_slave_0 entered promiscuous mode [ 168.985213][ T8998] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.993531][ T8998] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.002629][ T8998] device bridge_slave_1 entered promiscuous mode [ 169.098241][ T8998] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.116793][ T9002] chnl_net:caif_netlink_parms(): no params data found [ 169.136212][ T8998] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.180787][ T8998] team0: Port device team_slave_0 added [ 169.196830][ T8998] team0: Port device team_slave_1 added [ 169.334582][ T8998] device hsr_slave_0 entered promiscuous mode [ 169.393352][ T8998] device hsr_slave_1 entered promiscuous mode [ 169.472506][ T8998] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 169.484514][ T8998] Cannot create hsr debugfs directory [ 169.503022][ T39] audit: type=1400 audit(1579234711.381:44): avc: denied { create } for pid=8996 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 169.508227][ T8996] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 169.535895][ T39] audit: type=1400 audit(1579234711.381:45): avc: denied { write } for pid=8996 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 169.535914][ T39] audit: type=1400 audit(1579234711.381:46): avc: denied { read } for pid=8996 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 169.665093][ T8994] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 169.764527][ T8994] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 169.901725][ T9002] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.913811][ T9002] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.923575][ T9002] device bridge_slave_0 entered promiscuous mode [ 169.932665][ T8996] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 170.005040][ T8994] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 170.106855][ T8994] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 170.165097][ T9002] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.173876][ T9002] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.183253][ T9002] device bridge_slave_1 entered promiscuous mode [ 170.191232][ T8996] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 170.239104][ T8996] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 170.353944][ T9002] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 170.375875][ T9002] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 170.416029][ T9002] team0: Port device team_slave_0 added [ 170.442859][ T9002] team0: Port device team_slave_1 added [ 170.578843][ T9002] device hsr_slave_0 entered promiscuous mode [ 170.632653][ T9002] device hsr_slave_1 entered promiscuous mode [ 170.682442][ T9002] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 170.691261][ T9002] Cannot create hsr debugfs directory [ 170.714225][ T8998] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 170.777761][ T8998] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 170.839336][ T8998] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 170.925220][ T8998] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 171.117511][ T9002] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 171.198452][ T9002] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 171.283279][ T9002] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 171.379480][ T9002] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 171.441713][ T8996] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.479895][ T8994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.517686][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.540708][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.565683][ T8996] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.598308][ T8998] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.625324][ T3045] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.639011][ T3045] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.650333][ T3045] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.659290][ T3045] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.686204][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.695555][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.704916][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.714716][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.726331][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.737799][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.746280][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.758888][ T8994] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.770030][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.779693][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.791575][ T3275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.806624][ T8998] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.825834][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.836131][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.848171][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.859283][ T1235] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.867862][ T1235] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.877445][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.895208][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.905361][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.915165][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.923379][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.932053][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.942823][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.952709][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.961153][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.970676][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.994721][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 172.006359][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 172.019907][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.031094][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.041729][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.051875][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.063524][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.077141][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.088575][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.098765][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.108854][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.118523][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.128437][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.139149][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.149363][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.157978][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.171678][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.181165][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.198430][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.208496][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.219272][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 172.233417][ T8996] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 172.247433][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.262760][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.272612][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.283648][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.293643][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.316960][ T8994] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.326494][ T3045] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 172.336646][ T3045] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.349902][ T3045] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.363041][ T3045] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.380514][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.392543][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.417667][ T9002] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.431000][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.440981][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 172.450456][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.461579][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.478405][ T8996] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.499471][ T3275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.510252][ T3275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.522539][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.538187][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 172.550527][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.565627][ T9002] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.576168][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.585542][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 172.599586][ T8994] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.619967][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 172.629899][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.639571][ T1235] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.647841][ T1235] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.657211][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 172.668300][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 172.678686][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.688862][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.698859][ T1235] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.707370][ T1235] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.726577][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 172.735955][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 172.757832][ T8998] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.769789][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 172.781504][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.791680][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 172.803831][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.816087][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.826607][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.837135][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.848308][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.865497][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 172.875177][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 172.885052][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.895059][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.905990][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 172.917383][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 172.939161][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 172.950075][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 172.962880][ T8996] device veth0_vlan entered promiscuous mode [ 172.982453][ T9006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.995162][ T9006] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 173.012083][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 173.040579][ T8996] device veth1_vlan entered promiscuous mode [ 173.049491][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 173.059522][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 173.069492][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 173.081392][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 173.093107][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 173.104403][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 173.115414][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 173.129407][ T8994] device veth0_vlan entered promiscuous mode [ 173.151696][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 173.152606][ T39] audit: type=1400 audit(1579234715.031:47): avc: denied { associate } for pid=8996 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 173.165722][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 173.206390][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 173.229816][ T8994] device veth1_vlan entered promiscuous mode [ 173.249263][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 173.264583][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 173.277044][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 173.288109][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 173.298903][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 173.311783][ T8998] device veth0_vlan entered promiscuous mode [ 173.331772][ T8998] device veth1_vlan entered promiscuous mode [ 173.388042][ T9002] 8021q: adding VLAN 0 to HW filter on device batadv0 04:18:35 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_config_ext={0x7fffffff, 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x18, 0x32, 0x119, 0x0, 0x0, {0x2}, [@generic="ffd38d9b"]}, 0x18}}, 0x0) r1 = socket(0x27, 0xa326486fc09b94b3, 0x6) r2 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r2, &(0x7f0000000140)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}}, 0x24) sendmmsg(r2, &(0x7f0000005c00)=[{{0x0, 0xfffffffffffffd95, 0x0, 0x0, &(0x7f0000000000)=[{0x18, 0x110, 0x1, "ec"}], 0x18}}], 0x1, 0x0) r3 = socket(0x8, 0x5, 0x0) getpeername(r3, &(0x7f0000000500)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, &(0x7f0000000580)=0x80) r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000700)='NLBL_UNLBL\x00') sendmsg$NLBL_UNLABEL_C_STATICADD(r4, &(0x7f00000007c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x70400c90}, 0xc, &(0x7f0000000780)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000d9dacfa159be039cd0428d37d01f3cf3057627afb2cd6c6e4c5f9442ec1b6cfdc747bcc9aaff5646fcf878c957942674998dc3c411ff65ed866f5a53b786acc0277ab6089c2efcbb1fc78909f361d434de158e70473799837233f797c10dc525d910c6306b2999f7", @ANYRES16=r5], 0x2}, 0x1, 0x0, 0x0, 0x20004400}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4080010}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r5, 0x10, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40801}, 0x4000a000) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ttyS3\x00', 0x100901, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = dup(0xffffffffffffffff) ioctl$VFIO_IOMMU_UNMAP_DMA(r7, 0x3b72, &(0x7f0000000300)={0x18, 0x1, 0x7, 0x6}) sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2400000032001901000000000000000002000000ffd3e58d9b0c00017ff900180000000000"], 0x24}}, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, 0x0, &(0x7f0000000080)) [ 173.445012][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready 04:18:35 executing program 2: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r0, &(0x7f0000002200)=[{{&(0x7f00000002c0)={0xa, 0x0, 0x0, @rand_addr="fcc62782ebb22b1728b817521ebd2833", 0x80000000}, 0x1c, 0x0}}], 0x1, 0x0) [ 173.471363][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready 04:18:35 executing program 2: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r0, &(0x7f0000002200)=[{{&(0x7f00000002c0)={0xa, 0x0, 0x0, @rand_addr="fcc62782ebb22b1728b817521ebd2833", 0x80000000}, 0x1c, 0x0}}], 0x1, 0x0) [ 173.477390][ T39] audit: type=1400 audit(1579234715.361:48): avc: denied { open } for pid=9016 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 173.489771][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 173.614058][ T9020] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 173.659272][ C0] hrtimer: interrupt took 841782 ns 04:18:35 executing program 2: r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x1) [ 173.708482][ T39] audit: type=1400 audit(1579234715.361:49): avc: denied { kernel } for pid=9016 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 173.892684][ T39] audit: type=1400 audit(1579234715.481:50): avc: denied { write } for pid=9024 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 173.949926][ T39] audit: type=1400 audit(1579234715.811:51): avc: denied { getopt } for pid=9016 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 174.357236][ T9026] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 193.885725][ T18] kasan: CONFIG_KASAN_INLINE enabled [ 193.933583][ T18] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 193.956321][ T18] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 193.962771][ T18] CPU: 1 PID: 18 Comm: kworker/1:0 Not tainted 5.5.0-rc6-syzkaller #0 [ 193.962771][ T18] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 193.962771][ T18] Workqueue: krxrpcd rxrpc_peer_keepalive_worker [ 193.962771][ T18] RIP: 0010:selinux_socket_sendmsg+0x22/0x40 [ 193.962771][ T18] Code: c3 e8 32 ba 5a fe eb e8 55 48 89 e5 53 48 89 fb e8 b3 fa 1c fe 48 8d 7b 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 11 48 8b 7b 18 be 04 00 00 00 e8 fa fb ff ff 5b 5d [ 193.962771][ T18] RSP: 0018:ffffc900004cf9f0 EFLAGS: 00010206 [ 193.962771][ T18] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff83997bc5 [ 193.962771][ T18] RDX: 0000000000000003 RSI: ffffffff8357facd RDI: 0000000000000018 [ 193.962771][ T18] RBP: ffffc900004cf9f8 R08: ffff88802c6a45c0 R09: fffffbfff165e7ae [ 193.962771][ T18] R10: fffffbfff165e7ad R11: ffffffff8b2f3d6f R12: dffffc0000000000 [ 193.962771][ T18] R13: ffffc900004cfb20 R14: ffffc900004cfb20 R15: 000000000000001d [ 193.962771][ T18] FS: 0000000000000000(0000) GS:ffff88802d100000(0000) knlGS:0000000000000000 [ 193.962771][ T18] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.962771][ T18] CR2: 00007ff63a4c0db8 CR3: 000000001c9fa000 CR4: 0000000000340ee0 [ 193.962771][ T18] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 193.962771][ T18] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 193.962771][ T18] Call Trace: [ 193.962771][ T18] security_socket_sendmsg+0x77/0xc0 [ 193.962771][ T18] sock_sendmsg+0x45/0x130 [ 193.962771][ T18] kernel_sendmsg+0x44/0x50 [ 193.962771][ T18] rxrpc_send_keepalive+0x1ff/0x940 [ 193.962771][ T18] ? rxrpc_reject_packets+0xab0/0xab0 [ 193.962771][ T18] ? _raw_spin_unlock_bh+0x2c/0x30 [ 193.962771][ T18] ? __local_bh_enable_ip+0x15a/0x270 [ 193.962771][ T18] ? lockdep_hardirqs_on+0x421/0x5e0 [ 193.962771][ T18] ? rxrpc_peer_keepalive_worker+0x62e/0xd02 [ 193.962771][ T18] ? __local_bh_enable_ip+0x15a/0x270 [ 193.962771][ T18] rxrpc_peer_keepalive_worker+0x7be/0xd02 [ 193.962771][ T18] ? rxrpc_peer_add_rtt+0x650/0x650 [ 193.962771][ T18] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 193.962771][ T18] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 193.962771][ T18] ? trace_hardirqs_on+0x67/0x240 [ 193.962771][ T18] process_one_work+0x9af/0x1740 [ 193.962771][ T18] ? pwq_dec_nr_in_flight+0x320/0x320 [ 193.962771][ T18] ? lock_acquire+0x190/0x410 [ 193.962771][ T18] worker_thread+0x98/0xe40 [ 193.962771][ T18] kthread+0x361/0x430 [ 193.962771][ T18] ? process_one_work+0x1740/0x1740 [ 193.962771][ T18] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 193.962771][ T18] ret_from_fork+0x24/0x30 [ 193.962771][ T18] Modules linked in: [ 194.481306][ T18] ---[ end trace 02a1949f0bb449a0 ]--- [ 194.492946][ T18] RIP: 0010:selinux_socket_sendmsg+0x22/0x40 [ 194.504310][ T18] Code: c3 e8 32 ba 5a fe eb e8 55 48 89 e5 53 48 89 fb e8 b3 fa 1c fe 48 8d 7b 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 11 48 8b 7b 18 be 04 00 00 00 e8 fa fb ff ff 5b 5d [ 194.534211][ T18] RSP: 0018:ffffc900004cf9f0 EFLAGS: 00010206 [ 194.545150][ T18] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff83997bc5 [ 194.560566][ T18] RDX: 0000000000000003 RSI: ffffffff8357facd RDI: 0000000000000018 [ 194.571986][ T18] RBP: ffffc900004cf9f8 R08: ffff88802c6a45c0 R09: fffffbfff165e7ae [ 194.583239][ T18] R10: fffffbfff165e7ad R11: ffffffff8b2f3d6f R12: dffffc0000000000 [ 194.594453][ T18] R13: ffffc900004cfb20 R14: ffffc900004cfb20 R15: 000000000000001d [ 194.607686][ T18] FS: 0000000000000000(0000) GS:ffff88802d100000(0000) knlGS:0000000000000000 [ 194.619056][ T18] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.627110][ T18] CR2: 00007ff63a4c0db8 CR3: 000000001c9fa000 CR4: 0000000000340ee0 [ 194.637254][ T18] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 194.647597][ T18] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 194.659751][ T18] Kernel panic - not syncing: Fatal exception [ 194.669680][ T18] Kernel Offset: disabled [ 194.669680][ T18] Rebooting in 86400 seconds..