[ 41.180372] audit: type=1400 audit(1570180926.086:35): avc: denied { map } for pid=7613 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.254' (ECDSA) to the list of known hosts. 2019/10/04 09:22:12 fuzzer started syzkaller login: [ 47.659901] audit: type=1400 audit(1570180932.566:36): avc: denied { map } for pid=7623 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/10/04 09:22:14 dialing manager at 10.128.0.105:33937 2019/10/04 09:22:14 syscalls: 2516 2019/10/04 09:22:14 code coverage: enabled 2019/10/04 09:22:14 comparison tracing: enabled 2019/10/04 09:22:14 extra coverage: extra coverage is not supported by the kernel 2019/10/04 09:22:14 setuid sandbox: enabled 2019/10/04 09:22:14 namespace sandbox: enabled 2019/10/04 09:22:14 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/04 09:22:14 fault injection: enabled 2019/10/04 09:22:14 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/04 09:22:14 net packet injection: enabled 2019/10/04 09:22:14 net device setup: enabled 09:25:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x133, 0x0, 0x0, 0xff7d) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="66b829018ec0b9800000c00f3235002000000f3066baf80cb8c8f61a8eef66bafc0ced0f787e0036400fc75a00c4e1f9e601c4018575504f0f87d485a71b64440f01c43e662666470f38804185", 0x4d}], 0x1, 0x0, 0x0, 0xfffffffffffffe96) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x40, 0x0, 0xfffffffffffffdd4) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 223.720926] audit: type=1400 audit(1570181108.626:37): avc: denied { map } for pid=7640 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14982 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 223.820518] IPVS: ftp: loaded support on port[0] = 21 09:25:08 executing program 1: ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x8000}) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000b80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000000)=0x14) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040), 0x4) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000780)=ANY=[@ANYBLOB="0000060005007f001f00ff7f0900b20a8c6d0775ce7cafe8f8bce2b46a184bdeeae04033f5185e61658c66c38b7b32feffff00006635813a3dc02e58e9881caa747243c8035ca5083b7f8be5d455ee968dbf309320f7b32b2bf16f962a585b101c1076292321ede55c3e9cf01b5587572fe42c548d589b52170d27b8509047ac497632245b48174107004c53261520346ce326956e2db1edeb1bcc57772bdf9900000000000000000000000000005eae2be1023caeea4fc8841ef169b83287f727d8d7db5c83709f5199320c6af3cb978be5aee4eec3ccda82f03b9179f1dc93bf70b98078da8a2bd87836c20db391cca2f82590021bf38aee21ea268376d315d762542937d163d0870acbd1e513be25bb86df9be95c347ed6889272d3677d19a9327d89b523"], 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x4ce]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 223.928890] chnl_net:caif_netlink_parms(): no params data found [ 224.030622] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.052826] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.072525] device bridge_slave_0 entered promiscuous mode [ 224.083437] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.089815] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.113432] device bridge_slave_1 entered promiscuous mode 09:25:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000200)={&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x5000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)='=', 0x1, r0}, 0x68) [ 224.139040] IPVS: ftp: loaded support on port[0] = 21 [ 224.147506] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 224.161504] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 224.223961] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 224.231791] team0: Port device team_slave_0 added [ 224.260423] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 224.293264] team0: Port device team_slave_1 added [ 224.324554] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 224.332132] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready 09:25:09 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000100)="f2a6bad004660f28864d85eeb2080f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2f}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 224.400239] IPVS: ftp: loaded support on port[0] = 21 [ 224.430513] chnl_net:caif_netlink_parms(): no params data found [ 224.476411] device hsr_slave_0 entered promiscuous mode [ 224.514203] device hsr_slave_1 entered promiscuous mode [ 224.556026] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 224.574973] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 224.605909] IPVS: ftp: loaded support on port[0] = 21 09:25:09 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r4 = dup(r3) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8b1a, &(0x7f0000002440)='wlan0\x00') [ 224.633971] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.640515] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.647868] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.654309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.762419] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.768895] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.778045] device bridge_slave_0 entered promiscuous mode [ 224.790143] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.799011] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.808400] device bridge_slave_1 entered promiscuous mode [ 224.937346] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 224.949645] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 224.959440] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.968524] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.998327] chnl_net:caif_netlink_parms(): no params data found [ 225.014867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.028974] IPVS: ftp: loaded support on port[0] = 21 09:25:10 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r0 = socket$kcm(0x10, 0x80000000000002, 0x4) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="39000000140081ae00003c9733f5f087110008abca9b4e7d0f6298db85d0b0e62bdbb7d553b4e921556b3d5df500c250825702000000000000", 0x39}], 0x1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) [ 225.059686] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 225.079253] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 225.089507] team0: Port device team_slave_0 added [ 225.101015] chnl_net:caif_netlink_parms(): no params data found [ 225.118283] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 225.144502] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 225.155205] team0: Port device team_slave_1 added [ 225.177160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 225.186404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 225.209859] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.220144] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.295497] device hsr_slave_0 entered promiscuous mode [ 225.332800] device hsr_slave_1 entered promiscuous mode [ 225.374351] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 225.380495] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.406581] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 225.414848] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 225.423185] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 225.427162] IPVS: ftp: loaded support on port[0] = 21 [ 225.434858] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 225.450070] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.458487] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.465927] device bridge_slave_0 entered promiscuous mode [ 225.473358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.481587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.489506] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.496391] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.504245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.512086] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.519868] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.526266] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.547334] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 225.555939] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.562858] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.570045] device bridge_slave_1 entered promiscuous mode [ 225.594228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 225.604091] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.611346] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.618579] device bridge_slave_0 entered promiscuous mode [ 225.627115] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.633620] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.640688] device bridge_slave_1 entered promiscuous mode [ 225.649459] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 225.681661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 225.698338] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 225.707893] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 225.720452] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 225.749968] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 225.759227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.767910] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.775920] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 225.785168] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 225.808704] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 225.828852] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 225.837261] team0: Port device team_slave_0 added [ 225.842743] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 225.850061] team0: Port device team_slave_0 added [ 225.859445] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 225.866837] team0: Port device team_slave_1 added [ 225.876027] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 225.885600] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 225.893570] team0: Port device team_slave_1 added [ 225.900939] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.909242] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.918374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.926690] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.934654] chnl_net:caif_netlink_parms(): no params data found [ 225.953183] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 225.962090] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.986799] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 226.005150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 226.013582] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 226.064263] device hsr_slave_0 entered promiscuous mode [ 226.092722] device hsr_slave_1 entered promiscuous mode [ 226.145174] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 226.153052] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 226.162928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 226.172318] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 226.199508] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 226.208520] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.215109] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.222025] device bridge_slave_0 entered promiscuous mode [ 226.229869] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.236370] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.243756] device bridge_slave_1 entered promiscuous mode [ 226.304178] device hsr_slave_0 entered promiscuous mode [ 226.342696] device hsr_slave_1 entered promiscuous mode [ 226.393245] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 226.423391] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.439755] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 226.448041] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 226.458964] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 226.465506] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 226.475938] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 226.498366] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 226.506416] team0: Port device team_slave_0 added [ 226.516069] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 226.522277] chnl_net:caif_netlink_parms(): no params data found [ 226.538782] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 226.549459] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 226.557295] team0: Port device team_slave_1 added [ 226.564623] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 226.571964] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 226.644407] device hsr_slave_0 entered promiscuous mode [ 226.692742] device hsr_slave_1 entered promiscuous mode [ 226.733389] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 226.750377] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 226.759132] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 226.769815] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 226.777264] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 226.812221] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.821137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 226.828889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 226.837607] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 226.843988] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.858510] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 226.865348] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.871742] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.878833] device bridge_slave_0 entered promiscuous mode [ 226.889501] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.895966] audit: type=1400 audit(1570181111.796:38): avc: denied { associate } for pid=7641 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 226.919615] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.927800] device bridge_slave_1 entered promiscuous mode [ 226.944389] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 226.953598] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 226.982038] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 226.991921] team0: Port device team_slave_0 added [ 226.998514] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 227.013141] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 227.028490] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 227.036468] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 227.051477] team0: Port device team_slave_1 added [ 227.064406] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 227.073236] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 227.090595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 227.105966] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 227.114070] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.120453] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.127751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 227.135727] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 227.145767] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.152152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.159389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 227.177933] ================================================================== [ 227.185659] BUG: KASAN: null-ptr-deref in kvm_write_guest_virt_system+0x64/0x90 [ 227.193134] Write of size 24 at addr 0000000000000000 by task syz-executor.0/7666 [ 227.194017] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.200768] [ 227.208299] CPU: 0 PID: 7666 Comm: syz-executor.0 Not tainted 4.19.76 #0 [ 227.209402] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 227.215152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 227.215158] Call Trace: [ 227.215182] dump_stack+0x172/0x1f0 [ 227.215201] ? kvm_write_guest_virt_system+0x64/0x90 [ 227.215218] kasan_report.cold+0x199/0x2ba [ 227.215235] check_memory_region+0x123/0x190 [ 227.215252] memset+0x24/0x40 [ 227.223401] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 227.231360] kvm_write_guest_virt_system+0x64/0x90 [ 227.237552] handle_vmread+0x7fe/0xa10 [ 227.246862] ? handle_invpcid+0xa80/0xa80 [ 227.254341] ? __lock_is_held+0xb6/0x140 [ 227.254375] ? __lock_is_held+0xb6/0x140 [ 227.254395] ? handle_invpcid+0xa80/0xa80 [ 227.254414] vmx_handle_exit+0x276/0x16b0 [ 227.266150] ? lock_acquire+0x16f/0x3f0 [ 227.266164] ? vcpu_enter_guest+0xf15/0x5ed0 [ 227.266183] vcpu_enter_guest+0x10ca/0x5ed0 [ 227.266205] ? emulator_read_emulated+0x50/0x50 [ 227.274229] ? lock_acquire+0x16f/0x3f0 [ 227.274247] ? kvm_check_async_pf_completion+0x2d8/0x440 [ 227.274270] kvm_arch_vcpu_ioctl_run+0x457/0x16b0 [ 227.274280] ? kvm_arch_vcpu_ioctl_run+0x457/0x16b0 [ 227.274301] kvm_vcpu_ioctl+0x4dc/0xf90 [ 227.282408] ? kvm_vcpu_block+0xcc0/0xcc0 [ 227.282422] ? mark_held_locks+0x100/0x100 [ 227.282443] ? __might_fault+0x12b/0x1e0 [ 227.282463] ? __fget+0x340/0x540 [ 227.290728] ? find_held_lock+0x35/0x130 [ 227.299094] ? __fget+0x340/0x540 [ 227.308059] ? kvm_vcpu_block+0xcc0/0xcc0 [ 227.317447] do_vfs_ioctl+0xd5f/0x1380 [ 227.317465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 227.317479] ? selinux_file_ioctl+0x125/0x5e0 [ 227.317495] ? ioctl_preallocate+0x210/0x210 [ 227.327330] ? selinux_file_mprotect+0x620/0x620 [ 227.335416] ? iterate_fd+0x360/0x360 [ 227.335432] ? nsecs_to_jiffies+0x30/0x30 [ 227.335455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 227.335471] ? security_file_ioctl+0x8d/0xc0 [ 227.343746] ksys_ioctl+0xab/0xd0 [ 227.343763] __x64_sys_ioctl+0x73/0xb0 [ 227.343781] do_syscall_64+0xfd/0x620 [ 227.343802] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 227.351290] RIP: 0033:0x459a29 [ 227.358859] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 227.368245] RSP: 002b:00007f02778b7c78 EFLAGS: 00000246 [ 227.377113] ORIG_RAX: 0000000000000010 [ 227.385626] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 227.385634] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 227.385642] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 227.385650] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02778b86d4 [ 227.385656] R13: 00000000004c2ddb R14: 00000000004d68f8 R15: 00000000ffffffff [ 227.385683] ================================================================== [ 227.385690] Disabling lock debugging due to kernel taint [ 227.497916] Kernel panic - not syncing: panic_on_warn set ... [ 227.497916] [ 227.498328] kobject: 'rx-0' (00000000790c37e8): kobject_add_internal: parent: 'queues', set: 'queues' [ 227.505296] CPU: 1 PID: 7666 Comm: syz-executor.0 Tainted: G B 4.19.76 #0 [ 227.505303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 227.505307] Call Trace: [ 227.505328] dump_stack+0x172/0x1f0 [ 227.505348] ? kvm_write_guest_virt_system+0x64/0x90 [ 227.505359] panic+0x263/0x507 [ 227.505374] ? __warn_printk+0xf3/0xf3 [ 227.516897] kobject: 'rx-0' (00000000790c37e8): kobject_uevent_env [ 227.522948] ? kvm_write_guest_virt_system+0x64/0x90 [ 227.522966] ? preempt_schedule+0x4b/0x60 [ 227.522985] ? ___preempt_schedule+0x16/0x18 [ 227.534407] kobject: 'rx-0' (00000000790c37e8): fill_kobj_path: path = '/devices/virtual/net/hsr_slave_0/queues/rx-0' [ 227.534901] ? trace_hardirqs_on+0x5e/0x220 [ 227.538641] kobject: 'tx-0' (00000000420aba30): kobject_add_internal: parent: 'queues', set: 'queues' [ 227.543590] ? kvm_write_guest_virt_system+0x64/0x90 [ 227.543611] kasan_end_report+0x47/0x4f [ 227.543624] kasan_report.cold+0xa9/0x2ba [ 227.543637] check_memory_region+0x123/0x190 [ 227.543657] memset+0x24/0x40 [ 227.547053] kobject: 'tx-0' (00000000420aba30): kobject_uevent_env [ 227.550697] kvm_write_guest_virt_system+0x64/0x90 [ 227.550718] handle_vmread+0x7fe/0xa10 [ 227.559642] kobject: 'tx-0' (00000000420aba30): fill_kobj_path: path = '/devices/virtual/net/hsr_slave_0/queues/tx-0' [ 227.562106] ? handle_invpcid+0xa80/0xa80 [ 227.562126] ? __lock_is_held+0xb6/0x140 [ 227.567012] kobject: 'batman_adv' (000000003272ae69): kobject_add_internal: parent: 'hsr_slave_0', set: '' [ 227.570642] ? __lock_is_held+0xb6/0x140 [ 227.570664] ? handle_invpcid+0xa80/0xa80 [ 227.589081] kobject: 'veth1_to_hsr' (00000000c77644aa): kobject_add_internal: parent: 'net', set: 'devices' [ 227.595078] vmx_handle_exit+0x276/0x16b0 [ 227.595093] ? lock_acquire+0x16f/0x3f0 [ 227.595104] ? vcpu_enter_guest+0xf15/0x5ed0 [ 227.595118] vcpu_enter_guest+0x10ca/0x5ed0 [ 227.595133] ? emulator_read_emulated+0x50/0x50 [ 227.595144] ? lock_acquire+0x16f/0x3f0 [ 227.595171] ? kvm_check_async_pf_completion+0x2d8/0x440 [ 227.602217] kobject: 'veth1_to_hsr' (00000000c77644aa): kobject_uevent_env [ 227.604393] kvm_arch_vcpu_ioctl_run+0x457/0x16b0 [ 227.604407] ? kvm_arch_vcpu_ioctl_run+0x457/0x16b0 [ 227.604424] kvm_vcpu_ioctl+0x4dc/0xf90 [ 227.604434] ? kvm_vcpu_block+0xcc0/0xcc0 [ 227.604450] ? mark_held_locks+0x100/0x100 [ 227.610602] kobject: 'veth1_to_hsr' (00000000c77644aa): fill_kobj_path: path = '/devices/virtual/net/veth1_to_hsr' [ 227.612973] ? __might_fault+0x12b/0x1e0 [ 227.612988] ? __fget+0x340/0x540 [ 227.613004] ? find_held_lock+0x35/0x130 [ 227.613016] ? __fget+0x340/0x540 [ 227.613031] ? kvm_vcpu_block+0xcc0/0xcc0 [ 227.617305] kobject: 'queues' (00000000f345a544): kobject_add_internal: parent: 'veth1_to_hsr', set: '' [ 227.622446] do_vfs_ioctl+0xd5f/0x1380 [ 227.622464] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 227.622479] ? selinux_file_ioctl+0x125/0x5e0 [ 227.622490] ? ioctl_preallocate+0x210/0x210 [ 227.622502] ? selinux_file_mprotect+0x620/0x620 [ 227.622518] ? iterate_fd+0x360/0x360 [ 227.622530] ? nsecs_to_jiffies+0x30/0x30 [ 227.622547] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 227.629542] kobject: 'queues' (00000000f345a544): kobject_uevent_env [ 227.631339] ? security_file_ioctl+0x8d/0xc0 [ 227.631360] ksys_ioctl+0xab/0xd0 [ 227.645079] kobject: 'queues' (00000000f345a544): kobject_uevent_env: filter function caused the event to drop! [ 227.646228] __x64_sys_ioctl+0x73/0xb0 [ 227.646250] do_syscall_64+0xfd/0x620 [ 227.650344] kobject: 'rx-0' (000000007caf4a1f): kobject_add_internal: parent: 'queues', set: 'queues' [ 227.660587] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 227.660597] RIP: 0033:0x459a29 [ 227.660608] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 227.660615] RSP: 002b:00007f02778b7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 227.660627] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 227.660633] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 227.660644] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 227.667310] kobject: 'rx-0' (000000007caf4a1f): kobject_uevent_env [ 227.668815] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02778b86d4 [ 227.668822] R13: 00000000004c2ddb R14: 00000000004d68f8 R15: 00000000ffffffff [ 227.680256] Kernel Offset: disabled [ 227.938764] Rebooting in 86400 seconds..