Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts. [ 34.755934] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/10 11:55:35 fuzzer started [ 34.948729] kauditd_printk_skb: 10 callbacks suppressed [ 34.948738] audit: type=1400 audit(1568116535.418:36): avc: denied { map } for pid=6764 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 35.692860] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/10 11:55:36 dialing manager at 10.128.0.105:33975 2019/09/10 11:55:36 syscalls: 2466 2019/09/10 11:55:36 code coverage: enabled 2019/09/10 11:55:36 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/10 11:55:36 extra coverage: extra coverage is not supported by the kernel 2019/09/10 11:55:36 setuid sandbox: enabled 2019/09/10 11:55:36 namespace sandbox: enabled 2019/09/10 11:55:36 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/10 11:55:36 fault injection: enabled 2019/09/10 11:55:36 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/10 11:55:36 net packet injection: enabled 2019/09/10 11:55:36 net device setup: enabled [ 37.495306] random: crng init done 11:57:04 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='comm\x00') exit(0x0) write$FUSE_NOTIFY_DELETE(r0, 0x0, 0x0) 11:57:04 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca50d5e0b38e47bf070") getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x5bc) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) socket(0x0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendto$inet6(r2, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) setsockopt$RDS_FREE_MR(0xffffffffffffffff, 0x114, 0x3, 0x0, 0x0) recvfrom$inet6(r2, &(0x7f00000001c0)=""/31, 0xfffffee1, 0x100, &(0x7f0000000040), 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='nv\x00', 0xdfd8e18b4a1465b9) setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, 0x0, 0xffffffffffffff86) socketpair(0x0, 0x0, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_GET_REMOTE_MNG(0xffffffffffffffff, 0x0, 0x0) shutdown(r2, 0x1) r3 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet6(r3, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) 11:57:04 executing program 0: mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000004, 0x400002172, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0x2000, 0x3, &(0x7f0000ff8000/0x2000)=nil) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000), 0x4) 11:57:04 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000180)="11dca50d5e0bcfe47bf070") setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="d0010eb4adf34ef32a08", 0xa) 11:57:04 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$rxrpc(0x21, 0x2, 0xa) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) dup2(r2, r0) 11:57:04 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r1 = socket$alg(0x26, 0x5, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) close(r1) openat$vfio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vfio/vfio\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) [ 124.006664] audit: type=1400 audit(1568116624.478:37): avc: denied { map } for pid=6783 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13822 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 124.191995] IPVS: ftp: loaded support on port[0] = 21 [ 124.988779] chnl_net:caif_netlink_parms(): no params data found [ 125.001539] IPVS: ftp: loaded support on port[0] = 21 [ 125.025280] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.032662] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.039620] device bridge_slave_0 entered promiscuous mode [ 125.046530] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.052983] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.059787] device bridge_slave_1 entered promiscuous mode [ 125.077420] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 125.087286] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 125.104038] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 125.111296] team0: Port device team_slave_0 added [ 125.116648] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 125.123963] team0: Port device team_slave_1 added [ 125.132996] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 125.144057] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 125.202076] device hsr_slave_0 entered promiscuous mode [ 125.270291] device hsr_slave_1 entered promiscuous mode [ 125.312354] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 125.321652] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 125.342472] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.348849] bridge0: port 2(bridge_slave_1) entered forwarding state [ 125.355833] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.362189] bridge0: port 1(bridge_slave_0) entered forwarding state [ 125.381772] IPVS: ftp: loaded support on port[0] = 21 [ 125.415150] chnl_net:caif_netlink_parms(): no params data found [ 125.458264] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.465801] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.473035] device bridge_slave_0 entered promiscuous mode [ 125.479668] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.486263] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.493225] device bridge_slave_1 entered promiscuous mode [ 125.517191] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 125.523377] 8021q: adding VLAN 0 to HW filter on device bond0 [ 125.532588] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 125.541906] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 125.551704] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 125.573067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 125.581617] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.598655] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.609710] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 125.616351] 8021q: adding VLAN 0 to HW filter on device team0 [ 125.622634] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 125.629676] team0: Port device team_slave_0 added [ 125.635371] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 125.642575] team0: Port device team_slave_1 added [ 125.655512] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 125.664164] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.664406] IPVS: ftp: loaded support on port[0] = 21 [ 125.670538] bridge0: port 1(bridge_slave_0) entered forwarding state [ 125.680348] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 125.689493] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 125.702513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 125.711147] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.717469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 125.724597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 125.792472] device hsr_slave_0 entered promiscuous mode [ 125.830353] device hsr_slave_1 entered promiscuous mode [ 125.874156] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 125.881360] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 125.906808] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 125.914900] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 125.923111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 125.936890] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 125.947321] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 125.953429] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 125.960431] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 125.996461] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 126.004308] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 126.022405] IPVS: ftp: loaded support on port[0] = 21 [ 126.031270] chnl_net:caif_netlink_parms(): no params data found [ 126.063811] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 126.098872] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.163073] chnl_net:caif_netlink_parms(): no params data found [ 126.185161] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.192184] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.198959] device bridge_slave_0 entered promiscuous mode [ 126.217485] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.223944] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.231137] device bridge_slave_1 entered promiscuous mode [ 126.249089] IPVS: ftp: loaded support on port[0] = 21 11:57:06 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000300)='bbr\x00', 0x4) getsockopt$inet_tcp_buf(r1, 0x6, 0x1a, 0x0, &(0x7f0000000040)=0x4) [ 126.266321] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 126.290804] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 126.368183] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 126.375792] team0: Port device team_slave_0 added [ 126.381689] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 126.388710] team0: Port device team_slave_1 added [ 126.399004] 8021q: adding VLAN 0 to HW filter on device bond0 [ 126.407517] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 11:57:06 executing program 0: syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000180)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={[{@nodiscard='nodiscard'}]}) [ 126.447409] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 126.454605] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.461325] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.468213] device bridge_slave_0 entered promiscuous mode [ 126.479038] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 126.498109] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 126.515572] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.522533] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.530801] device bridge_slave_1 entered promiscuous mode [ 126.538083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 126.545637] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 126.560306] XFS (loop0): Invalid superblock magic number [ 126.577507] chnl_net:caif_netlink_parms(): no params data found [ 126.589558] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 126.595945] 8021q: adding VLAN 0 to HW filter on device team0 11:57:07 executing program 0: syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000180)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={[{@nodiscard='nodiscard'}]}) [ 126.672759] device hsr_slave_0 entered promiscuous mode [ 126.692206] device hsr_slave_1 entered promiscuous mode [ 126.742419] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 126.752394] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 126.786002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 126.797392] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 126.805498] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.811904] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.821732] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 126.829034] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 126.837071] XFS (loop0): Invalid superblock magic number [ 126.842911] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 126.874010] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 11:57:07 executing program 0: syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000180)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={[{@nodiscard='nodiscard'}]}) [ 126.881292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 126.889060] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 126.896806] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.903187] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.914159] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 126.951382] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 126.960667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 126.970554] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.976933] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.984445] device bridge_slave_0 entered promiscuous mode [ 127.002862] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 127.005170] XFS (loop0): Invalid superblock magic number [ 127.010144] team0: Port device team_slave_0 added [ 127.024119] chnl_net:caif_netlink_parms(): no params data found [ 127.035339] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.041819] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.048682] device bridge_slave_1 entered promiscuous mode [ 127.055336] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 127.062428] team0: Port device team_slave_1 added [ 127.067757] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 127.078273] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 127.089630] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 11:57:07 executing program 0: syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000180)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={[{@nodiscard='nodiscard'}]}) [ 127.126607] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 127.134237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 127.143795] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 127.160580] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 127.186746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 127.194859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 127.204062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 127.211711] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 127.219374] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 127.227794] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 127.235886] XFS (loop0): Invalid superblock magic number [ 127.243856] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 127.256971] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 127.265476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 127.273153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 127.282735] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready 11:57:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x85) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000180)="aefdda9d240000005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb69d952f41bdd2ac8bb8c09", 0x2e}, {&(0x7f0000000140)="aa1d484e24002000a84d4583670e12d9fc56b0953fbd80630600007704a71e023a27b2da9426f40100008000000000a7457e3867", 0x84}], 0x2) 11:57:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x85) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000180)="aefdda9d240000005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb69d952f41bdd2ac8bb8c09", 0x2e}, {&(0x7f0000000140)="aa1d484e24002000a84d4583670e12d9fc56b0953fbd80630600007704a71e023a27b2da9426f40100008000000000a7457e3867", 0x84}], 0x2) [ 127.355050] device hsr_slave_0 entered promiscuous mode [ 127.374005] sg_write: data in/out 2097152/80 bytes for SCSI command 0x94-- guessing data in; [ 127.374005] program syz-executor.0 not setting count and/or reply_len properly [ 127.420385] device hsr_slave_1 entered promiscuous mode [ 127.426634] sg_write: data in/out 2097152/80 bytes for SCSI command 0x94-- guessing data in; [ 127.426634] program syz-executor.0 not setting count and/or reply_len properly [ 127.451688] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 127.463652] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 127.469715] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 127.477944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 127.485977] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 127.511141] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 127.518025] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 127.525440] team0: Port device team_slave_0 added [ 127.535065] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 127.542471] team0: Port device team_slave_1 added [ 127.547893] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 127.562557] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.568630] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.575099] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.582302] device bridge_slave_0 entered promiscuous mode [ 127.588673] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 127.596401] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 127.615488] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.622202] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.630257] device bridge_slave_1 entered promiscuous mode [ 127.636574] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 127.648530] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 127.693814] device hsr_slave_0 entered promiscuous mode [ 127.732587] device hsr_slave_1 entered promiscuous mode [ 127.775112] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 127.788460] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 127.795439] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 127.813350] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 127.825256] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 127.835676] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 127.844800] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 127.858150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 127.865310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 127.882005] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 127.888084] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.915546] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 127.924643] team0: Port device team_slave_0 added [ 127.932605] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 127.939546] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 127.948042] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 127.955642] team0: Port device team_slave_1 added [ 127.968557] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.975020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 127.983071] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 127.991078] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.997400] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.004499] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 128.012676] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 128.019944] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 128.033947] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 128.043580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 128.051384] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 128.058940] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.065381] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.073777] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 128.095506] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 128.103103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 128.127790] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 128.144209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 128.151858] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 128.202207] device hsr_slave_0 entered promiscuous mode [ 128.240334] device hsr_slave_1 entered promiscuous mode [ 128.281077] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 128.289843] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 128.296499] 8021q: adding VLAN 0 to HW filter on device team0 [ 128.303847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 128.316219] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 128.323377] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 128.337751] 8021q: adding VLAN 0 to HW filter on device bond0 [ 128.347312] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 128.355039] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 128.370328] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 128.378129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 128.386077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 128.393999] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.400367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.407540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 128.414705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 128.422547] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 128.429335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 128.436416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 128.444062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 128.452729] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 128.459711] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 128.466806] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 128.474960] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 128.482598] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.488923] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.497901] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 128.504109] 8021q: adding VLAN 0 to HW filter on device team0 [ 128.513122] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 128.520446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 128.529269] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 128.538658] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 128.547151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 128.558007] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 128.566525] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 128.577887] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 128.585115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 128.592783] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 128.600289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 128.607903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 128.615693] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.622114] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.628882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 128.637053] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 128.645003] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 128.652008] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 128.667037] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 128.675220] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 128.684823] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 128.693121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 128.702791] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 128.711150] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.717498] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.724424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 128.732232] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 128.739496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 128.746989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 128.755837] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 128.765332] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 128.772107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 128.784352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 128.792118] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 128.804289] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 128.811777] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 128.818765] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 128.826972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 128.834770] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 128.842552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 128.852736] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 128.864232] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 128.871811] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 128.879262] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 128.886927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 128.896356] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 128.903819] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 128.913123] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 128.924695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 128.932696] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 128.940740] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 128.948514] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 128.956939] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 128.975865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 128.982363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 128.989975] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 129.001064] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 129.009400] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 129.023366] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 129.034189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 129.042402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 129.050791] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 129.057893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 129.065797] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 129.074328] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 129.085053] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 129.093381] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 129.099436] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 129.107066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 129.114871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 129.124158] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 129.133027] 8021q: adding VLAN 0 to HW filter on device team0 [ 129.144386] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 129.161974] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 129.171093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 129.178868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 129.187229] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.193620] bridge0: port 1(bridge_slave_0) entered forwarding state [ 129.201178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 129.219274] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 129.230699] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 129.241040] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 129.247310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 129.257239] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 129.268214] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.271716] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 129.274619] bridge0: port 2(bridge_slave_1) entered forwarding state [ 129.295591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 129.305344] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 129.317287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 129.328057] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 129.335204] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 129.345538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 129.353940] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 129.354596] audit: type=1400 audit(1568116629.828:38): avc: denied { create } for pid=6926 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 129.388883] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 129.393412] audit: type=1400 audit(1568116629.828:39): avc: denied { write } for pid=6926 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 129.410942] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 129.427398] audit: type=1400 audit(1568116629.838:40): avc: denied { read } for pid=6926 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 129.458757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 129.471954] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 129.480237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 129.504075] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 129.519791] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 129.533870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 129.541655] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 129.554782] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 129.563105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 129.579435] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 129.591903] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 130.020262] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 11:57:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f0000002000)=[{{&(0x7f00000000c0)={0x2, 0x4e23, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000480)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x6}]}}}], 0x18}}], 0x1, 0x0) 11:57:10 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x85) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000180)="aefdda9d240000005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb69d952f41bdd2ac8bb8c09", 0x2e}, {&(0x7f0000000140)="aa1d484e24002000a84d4583670e12d9fc56b0953fbd80630600007704a71e023a27b2da9426f40100008000000000a7457e3867", 0x84}], 0x2) 11:57:10 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000180)="11dca50d5e0bcfe47bf070") setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="d0010eb4adf34ef32a08", 0xa) 11:57:10 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x85) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000180)="aefdda9d240000005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb69d952f41bdd2ac8bb8c09", 0x2e}, {&(0x7f0000000140)="aa1d484e24002000a84d4583670e12d9fc56b0953fbd80630600007704a71e023a27b2da9426f40100008000000000a7457e3867", 0x84}], 0x2) [ 130.383676] sg_write: data in/out 2097152/80 bytes for SCSI command 0x94-- guessing data in; [ 130.383676] program syz-executor.0 not setting count and/or reply_len properly [ 130.415960] sg_write: data in/out 2097152/80 bytes for SCSI command 0x94-- guessing data in; [ 130.415960] program syz-executor.3 not setting count and/or reply_len properly 11:57:11 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/fuse\x00', 0x2, 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r2, 0xc0505350, &(0x7f0000000080)={{0x0, 0x7}}) 11:57:11 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca50d5e0b38e47bf070") getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x5bc) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) socket(0x0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendto$inet6(r2, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) setsockopt$RDS_FREE_MR(0xffffffffffffffff, 0x114, 0x3, 0x0, 0x0) recvfrom$inet6(r2, &(0x7f00000001c0)=""/31, 0xfffffee1, 0x100, &(0x7f0000000040), 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='nv\x00', 0xdfd8e18b4a1465b9) setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, 0x0, 0xffffffffffffff86) socketpair(0x0, 0x0, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_GET_REMOTE_MNG(0xffffffffffffffff, 0x0, 0x0) shutdown(r2, 0x1) r3 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet6(r3, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) 11:57:11 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000180)="11dca50d5e0bcfe47bf070") setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="d0010eb4adf34ef32a08", 0xa) 11:57:11 executing program 1: r0 = epoll_create1(0x0) fcntl$getflags(r0, 0x401) 11:57:11 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x85) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000180)="aefdda9d240000005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb69d952f41bdd2ac8bb8c09", 0x2e}, {&(0x7f0000000140)="aa1d484e24002000a84d4583670e12d9fc56b0953fbd80630600007704a71e023a27b2da9426f40100008000000000a7457e3867", 0x84}], 0x2) 11:57:11 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x85) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000180)="aefdda9d240000005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb69d952f41bdd2ac8bb8c09", 0x2e}, {&(0x7f0000000140)="aa1d484e24002000a84d4583670e12d9fc56b0953fbd80630600007704a71e023a27b2da9426f40100008000000000a7457e3867", 0x84}], 0x2) [ 130.751979] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 11:57:11 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(tnepres)\x00'}, 0x58) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000180)="11dca50d5e0bcfe47bf070") setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="d0010eb4adf34ef32a08", 0xa) 11:57:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x8000, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000040), 0x4) recvmmsg(r1, &(0x7f0000008880), 0x45b, 0x44000102, 0x0) sendto$inet6(r1, &(0x7f0000000000)="b4", 0x1, 0x0, 0x0, 0x0) [ 130.836301] sg_write: data in/out 2097152/80 bytes for SCSI command 0x94-- guessing data in; [ 130.836301] program syz-executor.3 not setting count and/or reply_len properly [ 130.853704] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 11:57:11 executing program 4: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xd, 0x48000028, r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.usage_sys\x00', 0x275a, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) 11:57:11 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x85) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000180)="aefdda9d240000005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb69d952f41bdd2ac8bb8c09", 0x2e}, {&(0x7f0000000140)="aa1d484e24002000a84d4583670e12d9fc56b0953fbd80630600007704a71e023a27b2da9426f40100008000000000a7457e3867", 0x84}], 0x2) 11:57:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000080)="c4c24596df0f01cf66660f383105f26d0000d3a587079dacb9330a0000b800000080ba000000000f30c4e37579663200b8d50000000f23c80f21f8350c0070000f23f8260fc7680067640fc73866baf80cb810098f83ef66bafc0ced", 0x5c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x9821, 0x0, 0x0, 0xfffffffffffffd9c) pipe(&(0x7f0000000000)) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:57:11 executing program 2: r0 = epoll_create1(0x0) fcntl$lock(r0, 0x5, &(0x7f0000000140)) 11:57:11 executing program 4: sysfs$1(0x1, &(0x7f0000001a40)='veth0_to_team\x00') socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) signalfd(r0, &(0x7f00000013c0), 0x8) r1 = socket(0x40000000015, 0x805, 0x0) sync_file_range(r0, 0x4, 0x0, 0x6) getsockopt(r1, 0x114, 0x2710, &(0x7f0000af0fe7)=""/13, &(0x7f000033bffc)=0xc08) accept4$packet(r1, 0x0, &(0x7f0000000140), 0x80000) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x0, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000001480)='team\x00') sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f00000018c0)={&(0x7f0000001440), 0xc, &(0x7f0000001880), 0x1, 0x0, 0x0, 0x4}, 0x4000804) ioctl$SG_GET_ACCESS_COUNT(r2, 0x2289, &(0x7f0000001900)) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000080)=[@in6={0xa, 0x4e21, 0x6, @local, 0x1}, @in={0x2, 0x4e23, @broadcast}], 0x2c) socket$inet_udplite(0x2, 0x2, 0x88) [ 131.032428] sg_write: data in/out 2097152/80 bytes for SCSI command 0x94-- guessing data in; [ 131.032428] program syz-executor.3 not setting count and/or reply_len properly [ 131.173802] kasan: CONFIG_KASAN_INLINE enabled [ 131.176561] kvm: emulating exchange as write [ 131.192475] hrtimer: interrupt took 26901 ns [ 131.206122] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 131.225878] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 131.232132] Modules linked in: [ 131.235324] CPU: 1 PID: 7002 Comm: syz-executor.5 Not tainted 4.14.143 #0 [ 131.242248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 131.251653] task: ffff888062304040 task.stack: ffff888062310000 [ 131.257731] RIP: 0010:tcp_push+0xe9/0x610 [ 131.261853] RSP: 0018:ffff888062317a48 EFLAGS: 00010202 [ 131.267193] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc9000b247000 [ 131.274440] RDX: 0000000000000007 RSI: ffffffff85231b30 RDI: 0000000000000038 [ 131.281715] RBP: ffff888062317a98 R08: ffff88806503545c R09: ffff8880623048e0 [ 131.288961] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888065034bc0 [ 131.296207] R13: 0000000000000000 R14: ffff888065035454 R15: 0000000000000000 [ 131.303455] FS: 00007f6148029700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 131.311656] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 131.317554] CR2: 0000000001493300 CR3: 00000000a511e000 CR4: 00000000001406e0 [ 131.324836] DR0: 0000000000000000 DR1: 00000000000000d8 DR2: 0000000000000000 [ 131.332092] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 131.339338] Call Trace: [ 131.341933] tcp_sendmsg_locked+0x2307/0x3200 [ 131.346412] ? tcp_sendpage+0x60/0x60 [ 131.350196] ? trace_hardirqs_on_caller+0x400/0x590 [ 131.355194] ? trace_hardirqs_on+0xd/0x10 [ 131.359319] tcp_sendmsg+0x30/0x50 [ 131.362836] inet_sendmsg+0x122/0x500 [ 131.366612] ? inet_recvmsg+0x500/0x500 [ 131.370653] sock_sendmsg+0xce/0x110 [ 131.374352] SYSC_sendto+0x206/0x310 [ 131.378044] ? SYSC_connect+0x2d0/0x2d0 [ 131.381997] ? kasan_check_read+0x11/0x20 [ 131.386123] ? _copy_to_user+0x87/0xd0 [ 131.389987] ? put_timespec64+0xb4/0x100 [ 131.394024] ? nsecs_to_jiffies+0x30/0x30 [ 131.398148] ? SyS_clock_gettime+0xf8/0x180 [ 131.402447] SyS_sendto+0x40/0x50 [ 131.405881] ? SyS_getpeername+0x30/0x30 [ 131.409929] do_syscall_64+0x1e8/0x640 [ 131.413795] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 131.418631] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 131.423805] RIP: 0033:0x4598e9 [ 131.426978] RSP: 002b:00007f6148028c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 131.434661] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004598e9 [ 131.441907] RDX: 00000000fffffdda RSI: 00000000200000c0 RDI: 0000000000000006 [ 131.449153] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 131.456398] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61480296d4 [ 131.463659] R13: 00000000004c7880 R14: 00000000004dd188 R15: 00000000ffffffff [ 131.470909] Code: 00 4d 8d 84 24 9c 08 00 00 4c 89 45 b8 e8 40 c7 39 fc 48 8d 7b 38 4c 8b 45 b8 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 06 0f 8e 1e 04 00 00 48 b8 00 00 00 00 00 [ 131.489998] RIP: tcp_push+0xe9/0x610 RSP: ffff888062317a48 [ 131.497922] kobject: 'loop4' (ffff8880a4a649e0): kobject_uevent_env [ 131.502239] ---[ end trace ebe843fbc119948a ]--- [ 131.510871] Kernel panic - not syncing: Fatal exception [ 131.512470] kobject: 'loop4' (ffff8880a4a649e0): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 131.517462] Kernel Offset: disabled [ 131.530505] Rebooting in 86400 seconds..