[ 33.266738] kauditd_printk_skb: 9 callbacks suppressed [ 33.266746] audit: type=1800 audit(1564520955.768:33): pid=6871 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 33.293731] audit: type=1800 audit(1564520955.768:34): pid=6871 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.012754] random: sshd: uninitialized urandom read (32 bytes read) [ 37.355916] audit: type=1400 audit(1564520959.858:35): avc: denied { map } for pid=7043 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 37.406594] random: sshd: uninitialized urandom read (32 bytes read) [ 38.081148] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.57' (ECDSA) to the list of known hosts. [ 43.679553] random: sshd: uninitialized urandom read (32 bytes read) 2019/07/30 21:09:26 fuzzer started [ 43.889843] audit: type=1400 audit(1564520966.388:36): avc: denied { map } for pid=7052 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 46.075034] random: cc1: uninitialized urandom read (8 bytes read) 2019/07/30 21:09:29 dialing manager at 10.128.0.105:34765 2019/07/30 21:09:29 syscalls: 2463 2019/07/30 21:09:29 code coverage: enabled 2019/07/30 21:09:29 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/07/30 21:09:29 extra coverage: extra coverage is not supported by the kernel 2019/07/30 21:09:29 setuid sandbox: enabled 2019/07/30 21:09:29 namespace sandbox: enabled 2019/07/30 21:09:29 Android sandbox: /sys/fs/selinux/policy does not exist 2019/07/30 21:09:29 fault injection: enabled 2019/07/30 21:09:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/07/30 21:09:29 net packet injection: enabled 2019/07/30 21:09:29 net device setup: enabled [ 48.117037] random: crng init done 21:11:15 executing program 0: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="2f0000001c0005c5ffffff000d000000020000000b000000ec0079c913000180f0ffffebffff6e263f", 0x29}], 0x78}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e0bcfe87b0071") r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) [ 153.090277] audit: type=1400 audit(1564521075.588:37): avc: denied { map } for pid=7052 comm="syz-fuzzer" path="/root/syzkaller-shm924758174" dev="sda1" ino=16490 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 21:11:15 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket(0x10, 0x800000000000002, 0xc) write(r2, &(0x7f0000000040)="1f0000000104ff00fd4354c007110000f3e9000008000100010423dcffdf00", 0x1f) write(r1, &(0x7f0000000100)="1f0000000104ff00fd4354c007110000f305030008000100010423dcffdf00", 0x1f) 21:11:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000340)="08880000000bcfe87b0071") pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000680)=[{&(0x7f0000000000)='R', 0x1}, {&(0x7f0000000100)="87", 0x1}, {&(0x7f0000000200)='Q', 0x1}, {&(0x7f0000000080)=';', 0x1}, {&(0x7f0000000300)="9c", 0x1}, {&(0x7f0000000400)="e6", 0x1}, {&(0x7f0000000480)=')', 0x1}, {&(0x7f00000004c0)='R', 0x1}], 0x8, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0x4240a2a0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r1, 0x0, r3, 0x0, 0x8100000, 0x0) 21:11:15 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x112, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) 21:11:15 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, 0x0, &(0x7f0000000180)) 21:11:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000380)="310000001200090069000600f403000000000000000000004600010700000054080003c02564030000bd5d58410b8b0b01", 0x31}], 0x1) [ 153.119396] audit: type=1400 audit(1564521075.618:38): avc: denied { map } for pid=7070 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=15 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 153.800213] IPVS: ftp: loaded support on port[0] = 21 [ 154.115314] chnl_net:caif_netlink_parms(): no params data found [ 154.142741] IPVS: ftp: loaded support on port[0] = 21 [ 154.158781] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.165557] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.172749] device bridge_slave_0 entered promiscuous mode [ 154.186743] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.193190] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.200303] device bridge_slave_1 entered promiscuous mode [ 154.227690] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 154.238823] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 154.273167] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 154.280598] team0: Port device team_slave_0 added [ 154.286336] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 154.293514] team0: Port device team_slave_1 added [ 154.299089] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 154.306540] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 154.314445] IPVS: ftp: loaded support on port[0] = 21 [ 154.372012] device hsr_slave_0 entered promiscuous mode [ 154.450291] device hsr_slave_1 entered promiscuous mode [ 154.513051] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 154.527261] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 154.595184] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.601953] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.608860] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.615266] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.633598] chnl_net:caif_netlink_parms(): no params data found [ 154.681551] IPVS: ftp: loaded support on port[0] = 21 [ 154.749752] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.756999] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.763935] device bridge_slave_0 entered promiscuous mode [ 154.770336] chnl_net:caif_netlink_parms(): no params data found [ 154.794427] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.801710] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.809045] device bridge_slave_1 entered promiscuous mode [ 154.836010] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 154.869485] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 154.894650] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.901969] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.909172] device bridge_slave_0 entered promiscuous mode [ 154.933228] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 154.940631] team0: Port device team_slave_0 added [ 154.945781] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.952612] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.959544] device bridge_slave_1 entered promiscuous mode [ 154.985839] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 154.995027] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 155.003380] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 155.010373] IPVS: ftp: loaded support on port[0] = 21 [ 155.013018] team0: Port device team_slave_1 added [ 155.021704] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 155.029150] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 155.044757] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 155.050907] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.113260] device hsr_slave_0 entered promiscuous mode [ 155.140314] device hsr_slave_1 entered promiscuous mode [ 155.183437] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 155.196012] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 155.203413] team0: Port device team_slave_0 added [ 155.209018] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 155.216432] team0: Port device team_slave_1 added [ 155.222126] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.229184] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.237035] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 155.252321] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 155.263902] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 155.270359] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 155.288845] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 155.298424] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 155.343200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 155.350274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 155.412187] device hsr_slave_0 entered promiscuous mode [ 155.450342] device hsr_slave_1 entered promiscuous mode [ 155.493406] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 155.508510] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 155.514992] 8021q: adding VLAN 0 to HW filter on device team0 [ 155.522864] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 155.530884] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 155.537999] chnl_net:caif_netlink_parms(): no params data found [ 155.552732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 155.561243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 155.568902] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.575320] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.586430] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 155.613586] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 155.623550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 155.633052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 155.640982] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.647337] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.656738] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 155.666189] IPVS: ftp: loaded support on port[0] = 21 [ 155.667812] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 155.687787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 155.697420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 155.728854] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.736695] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.743608] device bridge_slave_0 entered promiscuous mode [ 155.754826] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 155.763913] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 155.782285] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.788667] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.795894] device bridge_slave_1 entered promiscuous mode [ 155.816246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 155.824672] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 155.832888] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 155.864097] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 155.881605] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 155.923092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 155.931001] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 155.939721] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 155.949444] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 155.964284] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 155.975491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 155.983399] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 155.991119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 155.998716] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 156.033266] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 156.039313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 156.051336] chnl_net:caif_netlink_parms(): no params data found [ 156.064647] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 156.072998] team0: Port device team_slave_0 added [ 156.078590] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 156.086558] team0: Port device team_slave_1 added [ 156.092410] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 156.099795] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 156.119385] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 156.169626] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.192614] device hsr_slave_0 entered promiscuous mode [ 156.220470] device hsr_slave_1 entered promiscuous mode [ 156.279309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.322794] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 156.333916] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 156.383077] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 156.393950] chnl_net:caif_netlink_parms(): no params data found [ 156.410748] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.417212] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.424772] device bridge_slave_0 entered promiscuous mode [ 156.434800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.443889] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 156.456133] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.462884] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.469797] device bridge_slave_1 entered promiscuous mode [ 156.481685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 156.488584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.498421] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 156.507679] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 156.514504] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.539245] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 156.548424] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 156.563445] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 156.571182] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 156.578126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.590850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 156.600997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 156.608548] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.614943] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.622183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 156.629908] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 156.638287] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.644708] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.654164] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 156.665526] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 21:11:19 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x4e22}, 0x19) sendto$inet6(r1, &(0x7f0000000180)="997e8585910cc5876fd8c2071e868a4b5131d7d7185bb4a50f418d85f4e412c397fc76b2a62eb1d45783c8adeb363c6a85e744a3dc4044b5858f8fd9d3b75f4138b4455942ef9e7c89cebf59533ced7270f9541050130ad5f29e1efb67b3b480f2352bef3a12b2882910fd11958d17762d9fc7902fa3863ed6693d884a497ed34111670b7c2d6f95739db822c5ec9b98da4cfec7ddab3254ebfc4e868fa017c1240d8927f00b0c4d8093468e8c05023bafcb715917bf3a23bdde058552cd2519bd5c2a294a028530931791afedb7e34662d02d0bfa30578f7b84712c9fd508f01353ffef2eaa0096fc0a3b68c0d584024449337fffb6b1dba2de2e953d3a286d0722b6e0ee9a4de0672477f4b1d7bfef1d6d094aafbda84f82fa635449973c2e40e2406c3430a616ea52f3c0b10f6b6beebc3ec27333c4da612c6bf91166e6ca4d478536388be238ba7f9e0ad021e1ee936e2b8a48ad2a3cdb29935341ff2542a76f071ceeae9224df2e09b9e574bdcf656ac180faefe01328db5c5351bb2b42c3130749438a42b89c61f15f6127545cbd1baae09524af17439025ea018aa5bf8502ce94bdd5fdf97c7a83faa9e1283e2f3557aabbb15ea43a4a14f616efb94d3a12cc75ca1651a77dcb191fd1b219f84e4d81861914bdefe0afa395c869196a392da06350467f35a884039222e3fccc1b2136330aa57f6b4a19cd40d7872a7d73027d34a100cdb9eb29f2cab1c3572cbe90b4f27cd54f2f925e41c6707b6ce8f5e7dc4281067f8ff8726d3a27298e321fa26e53e18644c9db8ab09b0a297382367a195282354eefc6bdc544e1d32f7207b0ca71656b1e0ca4f4d569b564c17b6d19f4bc960d359a159e30b2d9cb4b76747e462077a253a2656db4fe9ef83854cbdc1d67afacc43796f188478a8d25b12a07b7e3898740c7482b3bc517c0688d110274eccf34a139e603ea7827eefd16b8da121fa8c8aaf0989a75eaae5d611a745b2592bc6e3988b4375ba9832e65e6ed02a2fb1951542710ba53646850865b0ab659feb488aa318c99d269816402f4b737f47d0e829a6a32f70b92323aa420d9a548263f17f200fe91a85945d9c3d948e55b95f3dc238b97f1ae4498d7dc1488e9b9fef40206e346240e2f7d54c1ceb822f2d672d995fb14699e0c0f3019a2861f919dfde21d41d316f370718f2cb7cb6af918093310f0cdf453037e0a403795be91b90bb24c85311ce987407553dee87663a47a3f5cb79579f2794915f98b58b5eb7b501eb93ef5582e650d096426110a9f909a7486256401eb99ae705873f9af3eef6f6cc0fa47e6360be6f8affcfc3c8dbd9afa717c637a562b784c30a485c0f601ce3aec8a1ea2545b5f6c2cc78535db20819d816263118bad65af7029faf44ce5855b09f089021ab48bbcac4376b496ee2363a0edc2b283d3f3272388f685ccb2520b7c17e5b5f2b5735b79d456314f04d79dbb2c4a1387be48fe27feeb155a26ab4584a156b11180f7b2cf2a620a6fd313b2f1e792eab9d79896bffafb5985431df20e3e8017fbc1ef0cfd34c3bd529c427d4d685ba056caf89b0c9fba499e9b18d6ecfc19bfbf04c6d636fec749b00e8f5be1dee472e25902ac5d48c6c5b8e4aaf9cf552902b31aa2d848182dc708cd0295e894c8a5f4388f818c9ba12a5c21c5e9634de22946cc6cdde25f23c320a35b8d7964ef1c4feb6fa8741c15f0f924cacf94861a932d30f6c3c2a523cce16ea322dc52f8d2a0f25497c0f7a3a29c8bcc45d41753eb58153a8a619b31b1d8d56dc623521cc5c73275f44abe46eba06623c49d86f1ac2aabc1f13ddc6208a5747afdfc14b15ba0a012d576ed2f7bc30c7211257064a6bd0bedaee514018e107477006d945caa1579d07d0dd9e0bb09235bbde37e8064533b3b9b8a7632f0d794c6b85d41368caa2efc942cd7da0ce391b3347d4cf903fa9ca3bc75558415df92773c6284edc80458dba2eabfe88148a510953f2803f2a15faec47a166b", 0x591, 0x0, 0x0, 0x0) dup2(r2, r1) r3 = accept4(r1, 0x0, 0x0, 0x0) splice(r3, 0x0, r0, 0x0, 0x80000000, 0x0) [ 156.693587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 156.703179] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 156.719742] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.727945] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.739099] device bridge_slave_0 entered promiscuous mode [ 156.748074] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 156.757426] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.766516] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 156.774875] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 21:11:19 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) getsockopt$inet6_udp_int(r0, 0x11, 0x66, 0x0, &(0x7f0000000040)) [ 156.795252] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 156.811100] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.817494] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.831328] device bridge_slave_1 entered promiscuous mode [ 156.837786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 21:11:19 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_mreq(r0, 0x0, 0x16, &(0x7f0000000000)={@multicast1, @broadcast}, 0x8) [ 156.848326] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 156.875709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 156.886451] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 21:11:19 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000000), &(0x7f0000000040)=0x10) [ 156.896422] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.902838] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.920298] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 156.929335] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 156.945362] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready 21:11:19 executing program 0: futex(&(0x7f0000000000), 0xb, 0x0, &(0x7f0000000140), &(0x7f0000000180), 0x0) 21:11:19 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x84) getsockname(r0, 0x0, &(0x7f0000001140)) [ 156.973734] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 156.983284] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 156.991233] team0: Port device team_slave_0 added [ 156.996525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.004412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.012730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready 21:11:19 executing program 0: sched_getaffinity(0x0, 0x8, &(0x7f0000000100)) [ 157.020758] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.027128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.036544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 157.044924] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 157.053106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 157.069768] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 157.080510] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 157.089864] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 157.104275] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 157.114592] team0: Port device team_slave_1 added [ 157.124370] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 157.133744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.141558] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 157.149027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.157470] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 157.165315] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 157.172672] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 157.183661] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 157.191938] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 157.207093] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 157.222984] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 157.230799] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.240489] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 157.249133] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 157.312610] device hsr_slave_0 entered promiscuous mode [ 157.350537] device hsr_slave_1 entered promiscuous mode [ 157.391009] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 157.399516] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.408867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 157.416404] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.424182] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 157.431797] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.441896] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 157.449605] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 157.457283] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 157.464968] team0: Port device team_slave_0 added [ 157.471008] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 157.478198] team0: Port device team_slave_1 added [ 157.484112] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 157.491622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 157.499199] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.506937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 157.514762] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 157.524940] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 157.533654] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 157.541243] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 157.571879] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 157.579395] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 157.587500] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 157.594393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 157.602150] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 157.608183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 157.620233] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 157.673987] device hsr_slave_0 entered promiscuous mode [ 157.732678] device hsr_slave_1 entered promiscuous mode [ 157.782943] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 157.796827] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 157.806694] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 157.813776] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 157.822036] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 157.835404] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 157.842811] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 157.849726] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.859652] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 157.866498] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.879974] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 157.890259] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 157.908684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 157.917181] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.925128] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.931526] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.938342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.946974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.954710] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.961102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.968091] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.977850] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 157.993457] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.001296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 158.016721] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 158.028336] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 158.037990] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 158.052592] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.061754] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 158.072559] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 158.083011] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.100330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.108113] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.116478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 158.124526] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.132720] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.144003] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 158.154722] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 158.176052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.182699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 158.190813] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 158.206227] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 158.218465] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 158.228482] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 158.237421] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 158.246436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 158.254279] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 158.262110] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 158.279320] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 158.290964] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 158.297033] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 158.310951] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 158.317083] 8021q: adding VLAN 0 to HW filter on device team0 [ 158.324147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 158.333686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 158.337180] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'. [ 158.340356] audit: type=1400 audit(1564521080.838:39): avc: denied { create } for pid=7142 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 158.340378] audit: type=1400 audit(1564521080.838:40): avc: denied { write } for pid=7142 comm="syz-executor.5" path="socket:[25967]" dev="sockfs" ino=25967 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 158.345294] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 158.358512] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'. [ 158.381518] 8021q: adding VLAN 0 to HW filter on device team0 [ 158.410224] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'. [ 158.421867] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 158.447651] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 21:11:20 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x4e22}, 0x19) [ 158.457836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 158.468337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 158.491363] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.497782] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.508329] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 158.510622] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 158.526419] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 158.531198] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.552595] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 158.559713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 158.569479] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 158.577230] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.583637] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.609257] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 158.617903] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 158.629573] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 158.637850] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 158.646767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 158.654836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 158.662739] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.669149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.676459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 158.684511] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 158.692271] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.698700] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.705697] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 158.716600] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 158.725587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 158.734658] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 158.744486] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 158.753368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 158.761707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 158.772963] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 158.783425] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 158.791220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.798857] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.806732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.814741] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.825022] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 158.833078] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.840649] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.847758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 158.856208] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.866076] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 158.873595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 158.884129] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.897533] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 158.911844] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 158.918653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 158.928581] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 158.938987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 158.952807] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 158.966296] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 158.975609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 158.985453] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 158.994480] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 159.005031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 159.012675] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 159.020880] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 159.026905] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 159.036423] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 159.043319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 159.068252] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 159.078069] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 159.089028] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 159.104620] 8021q: adding VLAN 0 to HW filter on device batadv0 21:11:21 executing program 2: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000180)='\x00', 0x1) close(r1) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_int(r1, 0x11, 0x200001000000067, &(0x7f0000000100)=0x96, 0x4) bind$inet(r1, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) splice(r0, 0x0, r1, 0x0, 0x10000, 0x0) 21:11:21 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000005c0)={{{@in=@multicast1, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x6e6bbf}, {{@in6=@ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x0, @in=@empty}}, 0xe8) [ 160.233461] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.4'. [ 160.245973] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.4'. 21:11:22 executing program 1: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x2000000000002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x02\x00', 0x20000005001}) write$P9_RLERRORu(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="13"], 0x1) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 21:11:22 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, 0x0, &(0x7f00000000c0)=0x700) 21:11:22 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x4e22}, 0x19) 21:11:22 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_mreq(r0, 0x0, 0x15, &(0x7f0000000000)={@multicast1, @broadcast}, 0x8) 21:11:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_mreq(r0, 0x0, 0x20, 0x0, 0xfc) 21:11:22 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000100)={'lo\x00', {0x2, 0x0, @remote}}) 21:11:22 executing program 0: futex(&(0x7f0000000000), 0x0, 0x0, &(0x7f0000000140), 0x0, 0x0) [ 160.345914] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 21:11:22 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_mreq(r0, 0x0, 0x19, &(0x7f0000000000)={@multicast1, @broadcast}, 0x8) 21:11:22 executing program 3: syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={[{@nolargeio='nolargeio'}]}) 21:11:22 executing program 2: openat$selinux_checkreqprot(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x40, 0x0) setxattr$security_capability(&(0x7f0000000600)='./file0\x00', &(0x7f0000000240)='security.capability\x00', &(0x7f0000000200)=@v2, 0x14, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) 21:11:22 executing program 4: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) [ 160.497640] ================================================================== [ 160.505387] BUG: KASAN: global-out-of-bounds in strscpy+0x20e/0x2c0 [ 160.505401] Read of size 8 at addr ffffffff8677bda0 by task syz-executor.3/7216 [ 160.505404] [ 160.505417] CPU: 0 PID: 7216 Comm: syz-executor.3 Not tainted 4.14.134 #30 [ 160.505424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 160.505428] Call Trace: [ 160.505441] dump_stack+0x138/0x19c [ 160.505455] ? strscpy+0x20e/0x2c0 [ 160.505469] print_address_description.cold+0x5/0x1dc [ 160.505481] ? strscpy+0x20e/0x2c0 [ 160.505492] kasan_report.cold+0xa9/0x2af [ 160.505508] __asan_report_load8_noabort+0x14/0x20 [ 160.505519] strscpy+0x20e/0x2c0 [ 160.505536] prepare_error_buf+0x94/0x1aa0 [ 160.505550] ? lock_downgrade+0x6e0/0x6e0 [ 160.505564] ? scnprintf_le_key+0x600/0x600 [ 160.505578] ? __lock_acquire+0x5f9/0x45e0 [ 160.505591] __reiserfs_warning+0x9f/0xb0 [ 160.505601] ? reiserfs_printk+0xd0/0xd0 [ 160.505629] ? trace_hardirqs_on+0x10/0x10 [ 160.505647] reiserfs_parse_options+0x153e/0x1820 [ 160.505663] ? find_held_lock+0x35/0x130 [ 160.505677] ? reiserfs_sync_fs+0xe0/0xe0 [ 160.505689] ? trace_hardirqs_on+0x10/0x10 [ 160.505773] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 160.505787] ? lockdep_init_map+0x9/0x10 [ 160.505797] ? debug_mutex_init+0x2d/0x5a [ 160.505811] reiserfs_fill_super+0x461/0x2b20 [ 160.505830] ? finish_unfinished+0x1010/0x1010 [ 160.505848] ? snprintf+0xa5/0xd0 [ 160.505864] ? set_blocksize+0x270/0x300 [ 160.505874] ? ns_test_super+0x50/0x50 [ 160.505890] mount_bdev+0x2be/0x370 [ 160.505899] ? finish_unfinished+0x1010/0x1010 [ 160.505911] get_super_block+0x35/0x40 [ 160.505923] mount_fs+0x97/0x2a1 [ 160.505938] vfs_kern_mount.part.0+0x5e/0x3d0 [ 160.505952] do_mount+0x417/0x27d0 [ 160.505963] ? copy_mount_options+0x5c/0x2f0 [ 160.505975] ? rcu_read_lock_sched_held+0x110/0x130 [ 160.505989] ? copy_mount_string+0x40/0x40 [ 160.506005] ? copy_mount_options+0x1fe/0x2f0 [ 160.506019] SyS_mount+0xab/0x120 [ 160.506029] ? copy_mnt_ns+0x8c0/0x8c0 [ 160.506042] do_syscall_64+0x1e8/0x640 [ 160.506051] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 160.506068] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 160.506077] RIP: 0033:0x45c27a [ 160.506083] RSP: 002b:00007f1f894f1a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 160.506095] RAX: ffffffffffffffda RBX: 00007f1f894f1b40 RCX: 000000000045c27a [ 160.506102] RDX: 00007f1f894f1ae0 RSI: 0000000020000040 RDI: 00007f1f894f1b00 [ 160.506109] RBP: 0000000000000000 R08: 00007f1f894f1b40 R09: 00007f1f894f1ae0 [ 160.506116] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003 [ 160.506121] R13: 00000000004c8a7f R14: 00000000004df8b8 R15: 00000000ffffffff [ 160.506141] [ 160.506145] The buggy address belongs to the variable: [ 160.506155] __func__.31301+0x980/0x3a60 [ 160.506158] [ 160.506162] Memory state around the buggy address: [ 160.506172] ffffffff8677bc80: fa fa fa fa 00 03 fa fa fa fa fa fa 00 00 00 00 [ 160.506182] ffffffff8677bd00: 00 06 fa fa fa fa fa fa 00 03 fa fa fa fa fa fa [ 160.506190] >ffffffff8677bd80: 00 00 00 00 06 fa fa fa fa fa fa fa 00 03 fa fa [ 160.506195] ^ [ 160.506205] ffffffff8677be00: fa fa fa fa 00 00 00 00 05 fa fa fa fa fa fa fa [ 160.506213] ffffffff8677be80: 00 03 fa fa fa fa fa fa 00 00 00 01 fa fa fa fa [ 160.506217] ================================================================== [ 160.506220] Disabling lock debugging due to kernel taint [ 160.506444] Kernel panic - not syncing: panic_on_warn set ... [ 160.506444] [ 160.506455] CPU: 0 PID: 7216 Comm: syz-executor.3 Tainted: G B 4.14.134 #30 [ 160.506460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 160.506464] Call Trace: [ 160.506474] dump_stack+0x138/0x19c [ 160.506485] ? strscpy+0x20e/0x2c0 [ 160.506494] panic+0x1f2/0x426 [ 160.506503] ? add_taint.cold+0x16/0x16 [ 160.506520] kasan_end_report+0x47/0x4f [ 160.506529] kasan_report.cold+0x130/0x2af [ 160.506540] __asan_report_load8_noabort+0x14/0x20 [ 160.506549] strscpy+0x20e/0x2c0 [ 160.506560] prepare_error_buf+0x94/0x1aa0 [ 160.506571] ? lock_downgrade+0x6e0/0x6e0 [ 160.506582] ? scnprintf_le_key+0x600/0x600 [ 160.506592] ? __lock_acquire+0x5f9/0x45e0 [ 160.506603] __reiserfs_warning+0x9f/0xb0 [ 160.506611] ? reiserfs_printk+0xd0/0xd0 [ 160.506636] ? trace_hardirqs_on+0x10/0x10 [ 160.506649] reiserfs_parse_options+0x153e/0x1820 [ 160.506662] ? find_held_lock+0x35/0x130 [ 160.506673] ? reiserfs_sync_fs+0xe0/0xe0 [ 160.506684] ? trace_hardirqs_on+0x10/0x10 [ 160.506736] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 160.506748] ? lockdep_init_map+0x9/0x10 [ 160.506756] ? debug_mutex_init+0x2d/0x5a [ 160.506767] reiserfs_fill_super+0x461/0x2b20 [ 160.506781] ? finish_unfinished+0x1010/0x1010 [ 160.506794] ? snprintf+0xa5/0xd0 [ 160.506806] ? set_blocksize+0x270/0x300 [ 160.506814] ? ns_test_super+0x50/0x50 [ 160.506825] mount_bdev+0x2be/0x370 [ 160.506834] ? finish_unfinished+0x1010/0x1010 [ 160.506844] get_super_block+0x35/0x40 [ 160.506853] mount_fs+0x97/0x2a1 [ 160.506864] vfs_kern_mount.part.0+0x5e/0x3d0 [ 160.506876] do_mount+0x417/0x27d0 [ 160.506885] ? copy_mount_options+0x5c/0x2f0 [ 160.506894] ? rcu_read_lock_sched_held+0x110/0x130 [ 160.506909] ? copy_mount_string+0x40/0x40 [ 160.506928] ? copy_mount_options+0x1fe/0x2f0 [ 160.526244] kobject: 'tun0' (ffff88805e9e0e70): kobject_cleanup, parent (null) [ 160.530036] SyS_mount+0xab/0x120 [ 160.530046] ? copy_mnt_ns+0x8c0/0x8c0 [ 160.530056] do_syscall_64+0x1e8/0x640 [ 160.530064] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 160.530076] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 160.530083] RIP: 0033:0x45c27a [ 160.530088] RSP: 002b:00007f1f894f1a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 160.530098] RAX: ffffffffffffffda RBX: 00007f1f894f1b40 RCX: 000000000045c27a [ 160.530103] RDX: 00007f1f894f1ae0 RSI: 0000000020000040 RDI: 00007f1f894f1b00 [ 160.530107] RBP: 0000000000000000 R08: 00007f1f894f1b40 R09: 00007f1f894f1ae0 [ 160.530111] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003 [ 160.530116] R13: 00000000004c8a7f R14: 00000000004df8b8 R15: 00000000ffffffff [ 160.531172] Kernel Offset: disabled