[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.114652] random: sshd: uninitialized urandom read (32 bytes read) [ 34.440684] kauditd_printk_skb: 9 callbacks suppressed [ 34.440692] audit: type=1400 audit(1569834744.227:35): avc: denied { map } for pid=6853 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 34.496071] random: sshd: uninitialized urandom read (32 bytes read) [ 35.156316] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.203' (ECDSA) to the list of known hosts. [ 40.782760] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/30 09:12:30 fuzzer started [ 40.976362] audit: type=1400 audit(1569834750.757:36): avc: denied { map } for pid=6863 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 41.688919] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/30 09:12:32 dialing manager at 10.128.0.105:44723 2019/09/30 09:12:32 syscalls: 2473 2019/09/30 09:12:32 code coverage: enabled 2019/09/30 09:12:32 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/30 09:12:32 extra coverage: extra coverage is not supported by the kernel 2019/09/30 09:12:32 setuid sandbox: enabled 2019/09/30 09:12:32 namespace sandbox: enabled 2019/09/30 09:12:32 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/30 09:12:32 fault injection: enabled 2019/09/30 09:12:32 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/30 09:12:32 net packet injection: enabled 2019/09/30 09:12:32 net device setup: enabled [ 44.369383] random: crng init done 09:14:33 executing program 0: 09:14:34 executing program 5: 09:14:34 executing program 1: 09:14:34 executing program 2: write(0xffffffffffffffff, &(0x7f0000000000)="0f42", 0xfffffeab) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000006800)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c0000001c00070f"], 0x1}}, 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000140)=""/124, &(0x7f0000000040)=0x7c) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:14:34 executing program 3: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f00000005c0), 0x0, &(0x7f0000000200)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) 09:14:34 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000380)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x6e, &(0x7f0000000100)={@local, @remote, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) [ 164.207379] audit: type=1400 audit(1569834873.987:37): avc: denied { map } for pid=6863 comm="syz-fuzzer" path="/root/syzkaller-shm960944336" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 164.242627] audit: type=1400 audit(1569834874.017:38): avc: denied { map } for pid=6881 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=46 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 164.580939] IPVS: ftp: loaded support on port[0] = 21 [ 165.397947] chnl_net:caif_netlink_parms(): no params data found [ 165.406019] IPVS: ftp: loaded support on port[0] = 21 [ 165.454393] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.461069] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.467963] device bridge_slave_0 entered promiscuous mode [ 165.476374] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.482907] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.489680] device bridge_slave_1 entered promiscuous mode [ 165.508643] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 165.517484] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 165.536745] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 165.545117] team0: Port device team_slave_0 added [ 165.545847] IPVS: ftp: loaded support on port[0] = 21 [ 165.550684] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 165.563080] team0: Port device team_slave_1 added [ 165.568491] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 165.577929] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 165.631821] device hsr_slave_0 entered promiscuous mode [ 165.680356] device hsr_slave_1 entered promiscuous mode [ 165.752190] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 165.772578] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 165.802505] chnl_net:caif_netlink_parms(): no params data found [ 165.845630] IPVS: ftp: loaded support on port[0] = 21 [ 165.846689] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.857269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 165.864170] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.870550] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.884674] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.892021] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.898966] device bridge_slave_0 entered promiscuous mode [ 165.905617] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.912179] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.919060] device bridge_slave_1 entered promiscuous mode [ 165.939660] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 165.951962] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 165.975592] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 165.982925] team0: Port device team_slave_0 added [ 165.998570] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 166.005705] team0: Port device team_slave_1 added [ 166.011137] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 166.020322] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 166.076624] chnl_net:caif_netlink_parms(): no params data found [ 166.091971] IPVS: ftp: loaded support on port[0] = 21 [ 166.131969] device hsr_slave_0 entered promiscuous mode [ 166.190275] device hsr_slave_1 entered promiscuous mode [ 166.250592] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 166.276411] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 166.348190] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.355286] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.362225] device bridge_slave_0 entered promiscuous mode [ 166.387623] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 166.394033] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.402438] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 166.408816] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.415366] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.423418] device bridge_slave_1 entered promiscuous mode [ 166.444886] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.451627] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.458572] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 166.472271] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 166.479576] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 166.489466] chnl_net:caif_netlink_parms(): no params data found [ 166.499752] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 166.508132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 166.515295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 166.532080] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 166.541293] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 166.547370] 8021q: adding VLAN 0 to HW filter on device team0 [ 166.561671] IPVS: ftp: loaded support on port[0] = 21 [ 166.585250] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 166.597769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.605565] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.613388] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.619867] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.627000] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 166.635131] team0: Port device team_slave_0 added [ 166.644760] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 166.652966] team0: Port device team_slave_1 added [ 166.658174] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 166.665963] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 166.684433] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 166.692019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 166.699657] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 166.707312] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.713782] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.764073] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 166.776881] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.784640] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.791918] device bridge_slave_0 entered promiscuous mode [ 166.812090] device hsr_slave_0 entered promiscuous mode [ 166.850269] device hsr_slave_1 entered promiscuous mode [ 166.891306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 166.899119] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 166.915399] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 166.926728] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.933220] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.940368] device bridge_slave_1 entered promiscuous mode [ 166.947069] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 166.959277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 166.969958] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 166.983429] chnl_net:caif_netlink_parms(): no params data found [ 166.998895] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 167.008081] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.016738] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 167.037063] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 167.044239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 167.052612] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.061919] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 167.072490] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 167.081715] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 167.100444] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 167.126139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 167.133670] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 167.141273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 167.148633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 167.158873] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 167.164967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 167.172093] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 167.179135] team0: Port device team_slave_0 added [ 167.185103] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 167.192215] team0: Port device team_slave_1 added [ 167.197996] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.204517] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.211624] device bridge_slave_0 entered promiscuous mode [ 167.219434] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 167.231456] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 167.238704] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 167.247981] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.256334] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.263393] device bridge_slave_1 entered promiscuous mode [ 167.284714] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 167.352164] device hsr_slave_0 entered promiscuous mode [ 167.400520] device hsr_slave_1 entered promiscuous mode [ 167.446385] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.456187] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 167.464184] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 167.477407] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 167.491482] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 167.499426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 167.506698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 167.518315] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 167.526959] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 167.541831] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 167.549770] team0: Port device team_slave_0 added [ 167.556838] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 167.563970] team0: Port device team_slave_1 added [ 167.573889] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 167.579984] 8021q: adding VLAN 0 to HW filter on device team0 [ 167.611026] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 167.639195] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.655923] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 167.664609] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 167.673031] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 167.681617] chnl_net:caif_netlink_parms(): no params data found [ 167.693795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 167.703747] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 167.712301] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.718648] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.747068] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 167.755051] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 167.771541] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 167.780694] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 167.795859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.804217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 167.812505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.821513] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.827867] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.835004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 167.843579] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 167.857317] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready 09:14:37 executing program 0: 09:14:37 executing program 0: 09:14:37 executing program 0: [ 167.903638] device hsr_slave_0 entered promiscuous mode 09:14:37 executing program 0: 09:14:37 executing program 0: [ 167.970574] device hsr_slave_1 entered promiscuous mode [ 168.004044] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 168.014697] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 09:14:37 executing program 0: [ 168.024031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 168.041016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 168.051250] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 168.061343] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready 09:14:37 executing program 0: [ 168.073789] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 168.106050] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 168.113648] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 168.121589] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 168.129198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 168.137103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 168.147021] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.167026] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.174678] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 168.182681] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 168.189313] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 168.198272] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.204931] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.212410] device bridge_slave_0 entered promiscuous mode [ 168.219068] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.225747] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.232729] device bridge_slave_1 entered promiscuous mode [ 168.239165] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 168.247372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 168.254824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 168.261836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 168.270229] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 168.276223] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 168.286608] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 168.292881] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.314394] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 168.324745] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 168.333976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 168.341063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 168.347925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 168.355712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 168.363299] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.369617] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.377864] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 168.390452] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 168.396523] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.406127] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 168.413836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.420969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 168.428670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 168.436299] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.442647] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.450590] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 168.458345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.466720] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 168.477716] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 168.486906] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 168.504204] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 168.512419] team0: Port device team_slave_0 added [ 168.517558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 168.525374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 168.533291] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.539680] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.546751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 168.554814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 168.562620] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.569058] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.580310] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 168.589177] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 168.601879] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 168.608917] team0: Port device team_slave_1 added [ 168.614469] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 168.622729] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 168.629883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 168.638081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 168.647851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 168.657462] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 168.665932] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 168.675209] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 168.683887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 168.693283] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 168.700985] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 168.708501] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 168.728154] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.736528] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 168.747385] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 168.782213] device hsr_slave_0 entered promiscuous mode [ 168.820405] device hsr_slave_1 entered promiscuous mode [ 168.860841] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 168.867632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 168.875358] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 168.882923] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 168.890668] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 168.898078] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 168.906540] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 168.917793] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 168.925625] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 168.933681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 168.941903] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 168.949553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 168.957635] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 168.968180] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 168.985041] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 168.994527] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 169.002151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 169.009535] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 169.017539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 169.025158] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 169.032845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 169.040571] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 169.049500] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 169.055734] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 169.068037] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 169.077035] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 169.085385] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 169.102142] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 169.112322] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 169.129709] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.137635] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.147109] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.156757] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 169.173797] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 169.189236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 169.197762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 169.216193] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 169.223410] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.238422] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.252121] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 169.262295] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 169.271012] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 169.277147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 169.286638] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 169.294865] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.301249] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.308931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 169.316640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 169.325178] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 169.343152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 169.351564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 169.363205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready 09:14:39 executing program 5: [ 169.374062] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.380476] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.390840] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 169.397039] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.417631] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 169.426351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 169.438142] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 169.446551] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 169.456331] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 169.463797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 169.471860] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 169.479451] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.485818] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.492687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 169.500739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 169.508259] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 169.516362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 169.523752] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 169.536884] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 169.546401] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 169.556141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 169.567034] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 09:14:39 executing program 1: [ 169.576077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 169.584245] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 169.599791] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.606195] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.621032] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 169.639665] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 169.654838] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 169.665259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 169.673251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 169.680747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 169.692571] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 169.706230] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 169.714649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 09:14:39 executing program 2: [ 169.726872] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 169.734844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 169.749316] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 169.757731] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 169.767022] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 169.779086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 169.788162] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 169.807318] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 169.814824] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 169.822368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 169.829956] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 169.839507] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 169.847732] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 169.854691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 169.862971] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 169.872792] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 169.883666] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.890444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 169.897916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 169.907008] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 169.914501] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 169.931463] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 169.943010] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.969262] audit: type=1400 audit(1569834880.747:39): avc: denied { create } for pid=6976 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 170.970038] hrtimer: interrupt took 33257 ns [ 170.999662] TCP: request_sock_TCPv6: Possible SYN flooding on port 20000. Sending cookies. Check SNMP counters. [ 171.016145] TCP: request_sock_TCPv6: Possible SYN flooding on port 20000. Sending cookies. Check SNMP counters. [ 171.027290] syz-executor.4 (6977) used greatest stack depth: 23264 bytes left 09:14:40 executing program 3: 09:14:40 executing program 5: 09:14:40 executing program 0: 09:14:40 executing program 1: 09:14:40 executing program 2: 09:14:40 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000380)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x6e, &(0x7f0000000100)={@local, @remote, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 09:14:41 executing program 2: 09:14:41 executing program 0: 09:14:41 executing program 3: 09:14:41 executing program 5: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1000001, 0x13, r0, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r1, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r1, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r1, 0x1) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x9, 0x1}, &(0x7f0000000100)=0x8) 09:14:41 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) dup2(r0, r1) 09:14:41 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x133, 0x0, 0x0, 0xff7d) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="66b829018ec0b9800000c00f3235002000000f3066baf80cb8c8f61a8eef66bafc0ced0f787e0036400fc75a00c4e1f9e601c4018575504f0f87d485a71b64440f01c43e662666470f38804185", 0x4d}], 0x1, 0x0, 0x0, 0xfffffffffffffe96) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x40, 0x0, 0xfffffffffffffdd4) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:14:41 executing program 0: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhci\x00', 0x0) read(r0, 0x0, 0x108) timer_create(0x0, &(0x7f0000000040), 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) timer_settime(0x0, 0x0, 0x0, 0x0) tkill(0x0, 0x0) [ 171.274435] TCP: request_sock_TCPv6: Possible SYN flooding on port 20000. Sending cookies. Check SNMP counters. 09:14:41 executing program 2: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) recvmmsg(r0, &(0x7f0000005380)=[{{&(0x7f0000000000)=@caif=@util, 0x80, 0x0}}], 0x1, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x100001000008912, &(0x7f0000000140)="11dca50d5e0bcfe47bf070") sendmmsg(r0, &(0x7f000060d000)=[{{0x0, 0x0, &(0x7f0000c38ff0)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1}}], 0x1, 0x0) 09:14:41 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000380)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x6e, &(0x7f0000000100)={@local, @remote, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) [ 171.303232] audit: type=1400 audit(1569834881.087:40): avc: denied { map } for pid=6997 comm="syz-executor.5" path="/dev/nullb0" dev="devtmpfs" ino=315 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=blk_file permissive=1 09:14:41 executing program 1: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x50000}]}) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RREADLINK(r0, 0x0, 0x0) [ 171.430327] TCP: request_sock_TCPv6: Possible SYN flooding on port 20000. Sending cookies. Check SNMP counters. [ 171.451816] ================================================================== [ 171.459317] BUG: KASAN: null-ptr-deref in kvm_write_guest_virt_system+0x64/0x90 [ 171.466776] Write of size 24 at addr (null) by task syz-executor.3/7011 [ 171.474401] 09:14:41 executing program 4: r0 = syz_open_dev$sndtimer(&(0x7f0000000340)='/dev/snd/timer\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000500)='./bus\x00', 0x8a000, 0x1e5) r3 = openat$cgroup_ro(r2, &(0x7f0000000480)='Cpuacct.@tE\xae\x00', 0x275a, 0x0) r4 = creat(&(0x7f00000001c0)='./bus\x00', 0x160) fallocate(r4, 0x0, 0x0, 0x2000002) read$eventfd(r4, &(0x7f00000003c0), 0x8) poll(&(0x7f0000000300)=[{r3, 0x20}, {r3, 0x400}, {r3, 0x4000}, {r3, 0x4000}, {r1, 0x100}, {r1, 0x5000}, {r3, 0x200}, {r0, 0x100}], 0x8, 0x9) fallocate(r1, 0x800000000000002, 0x6, 0xffffffff) r5 = creat(&(0x7f0000001c00)='./bus\x00', 0xa1) r6 = socket$inet6(0xa, 0x400000000001, 0x0) accept4(r5, &(0x7f0000000240)=@pptp={0x18, 0x2, {0x0, @loopback}}, &(0x7f00000002c0)=0x80, 0x80000) r7 = dup(r6) bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r6, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x288, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setxattr$security_selinux(&(0x7f0000000100)='./bus\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000200)='system_u:object_r:lvm_control_t:s0\x00', 0x23, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x800fe) getpid() getsockname$inet(r5, &(0x7f0000000080)={0x2, 0x0, @empty}, &(0x7f0000000380)=0x10) sendfile(r7, r8, 0x0, 0x8000fffffffe) sendmsg$nl_netfilter(r8, &(0x7f0000000600)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000005c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="fc100000100800062abd7000000000000300000208000000ac1e01012e02a63dba133160d96b894a4eae84fa17fa8c7afd1febeb4404db1729062da5f83d54c9a9ca02407b867aa8c72261c89eb8a92fbd559fb8ae1aa2e142e26148665ec2d33236becc3928590d40a0ce8536aa1508890d268c10190018006a00805f959abe8b298110177c91e4fa3a2dcfda000083aa392c68dcbc7f71015a6c0c14c921ad39e4a7d43c26334fa5482fb527569c856b02084b41418e86a13d6180709114e03e74fcfaaa6e323bb9b18310f322d00a0623dae4f96310b2004caaa269922a9731da3078eac3afdc5e1b237ac814fe6bdd6f0658f7d479b7c8a9f557021e010c5f6a58db8c7a41f83f183b4d0ecdbf8da9cc14202f5e859f24c6c264d26f747d3d49354edba89c42aea49efa064c00616e017d5528b0b5b317a3acea89f92c3008d115484e05e7ad2cd4ca1700ddee9870fe97d3106a41faca935622e44b85c51df80b52f63b40c312d2b96d3fc53be91bd21c7953e6a0846cbb0025e8ad9476aac96573b79b71b228415b12777a53f78ae02391a6b2dffe672f0f1a7693a36133d8965f17d03234fca160b624533a908d33913e80a3b211fa459f0aea5989e1b9e7fa185836420712b4a3d92c88da715f9eb3d564b26c4e8aa71d22bd1ef3a01a30d814a732213e01b30a6fe3a2a127341926ebb3693a2106de3fdc9ce09ef86c89f5dc4aa5b922245e78e49ec85c6fc61ca6517c1ec837228e1909cc8b302ea58a60c4df2dd5876351fbe7c51f007dc29d54a8d60f200cde68a00442f7c3d8722ec9afcc415e238b7ae9c94615e703a6dafc40600e325a5604474565b561175075d2caf1276fcfe3343aa73c1cd55145f585f3fe1d08077455089af824f8039ea8fbaad40bda904f5c7cfc1ba789968d168e807aee6469df14404549847a4367951f816a6e7e66825443d4c491e5308e0679945816e023b7749eca152aaf2496a9b78b5be9a42c2e2556c3009c6c0a414e82b9a482b7521f8e4688d466b5aa4bc65e26580fec98b767639d93be7860ad2ff9f9c2e117c8133dda3ebe88ebd0dd5b70c3701f6b426c4720ce623e1eff78dc1a09bd891ab51ccfccab1f5779df7fb93f775c8342a31b1cf22abccdd7dbd10f1c8b5c100806ff4d14abc4243a24f88ab2d214b37e2664d63d1abb0aa0b8226acfff714b1ba93d9fd2ebe84821476efeb688bba20671729252551224430be36596022977c79396a6990d17b19a139b7a44619c9b60b6ac134f0ee6f88567041bfd235b8abff233fb4690ea8ea49267a25fdd86629c913daa2b4122371dea42fe692fecac694879d97728204a5602299a586fcf98daf3f571e2de8f5113cbf6b3230a72fb6d10e82e4a3e70951317d3a6c239551535df947aa1bd02275e408a6f580200000054c8c781d931371fac38448e11c9f415136973f3fe91f91978036e9af067233066880c520a28ec20d7e773f47340ff902d6ac0a9f934fac9d87e338fa429c8d1cc4b393eb049b06df20ca924c4be7d4f09b90abdf84d654b6f3d1f76663c4ed48505a4b2dafb59020c4217471aa52b6e3f07b68370b344b7e764155033a784d928008c9b1ee04353e9964429752ffeff2ae5918d5f2d172e5cb06f231a70bca73f1f4d179106aad1f796cecbca65baad4a6c1cc58d1ade4b7e6d64e3bfebb8bcf39584ef91f7844e6e6014c95b575b7b4d7db481b444f59b9cf8ae8d578dd8a04f48fd0bda028855b173f25ef7164d8bbd6d642b65e6f92ba02e62273c27ba7f15f3d4c0ea427c6bc5d5aaf1c374571e91a90b9b466a1667aeb2b1d9e628aa17cc87083d0928411db022bbfaf5da0c4f5f8bdecf52a794f66126692d98f5f852afbcb1487d60e9a5159fdd59e8b316618933aed7d26fc2101b2106a3e7a5d546624693487c81393529caaee3e785a79141cd2573151919597be85c2105a3bfe18b0fd461a3c82d2437a1a48cacb6ea27f545f3b758ebb81f24f9b3d086863804ff77fa3d5283673b27e7634237cdefe30b155d67d29ca663f46266cd3d168063eaea3e08add63c26ba7d23ec9e62f12b2f85e8d902b63a9032d3f617f2d21fef12f316c29865df0837173c102af2ed8f4c63970cf2d388ef59cc7115b982d63fbeb8b46a22adbf8c92438d3fad9ec44bbdbf1f16e3216067aec43ed9dd6fdda0986a2034bb90c11991490b21a97f039d0d3e69e6cc5b3c0c146445c56cf0481d388ed51d3fe7baacc907e97483ae2bd7e62a5d6f4ba5be2a2f84f7e23320c26a2950b58808098f6e4960b0176cdbbae9b0d63a92d9759bb13997649f4a0ab60e194d1f309b0139f140efddd0610434ed4b4cb8cd959e9206a26a3048b67488b6722f83a4000859aa2bce1e778e04d541be0934f38ab8cfd679465dc97e86a275e8afc838632c9eb2a50ba980736885c06ba06eafbcf18e238acfcd5694223b1a2bbb2106ba450a242676fd6c47f1d249d5a48175efb0943cb9a73a5781e69a2caf9a7a29139da47f86270b35ba983c7a743021abdb7d418401f83ef9f7264d2a665bb7e142aeb00d6870cec7c28d993139eb2a1e4cecd579b02c5e1240d763ae822053e50b4a44e954b0ed8006c23ddcb97b058a9dba3b0339125bda2b2e26ca3d2e40cbbaea47b1c8118400da76bb568b3e531335ebfcf31f713e21fb39974017f38771b81443ba1b934bd4f4915a795659159af81d71d730f89a18aa1d76c65956e4a9fd94352d7f43a7a57fc418fcccd511ea21065613c31975cc3171051c634a38875251b175c4eef8a12729444e2617e3420d22dd517d861a9b022cae24324910cf3f021177e915c5c52e5c7a0d7e4a315f1f7379f272642e1eda4683f27ff6d1c1d0e1d3f956ecbb231ce9712571c9a5420d024dc5b90099e2ecf5d553fbd71b0be9e32a18c027b5bb1de3c4af1c918a3cc91cb06748f8a2a2beda806c5029fd1e340e843a58b964754f5001559b116db67d173d17714409baf21c7cbfb3f83abe3e07dce8c2c6a59f686bdcc48e89ebff1c90bea1122fbf483fb3542a342bd6be3469a78cb53902872c1ce21743b400c6da9fe19ff727a8af19bafd4ac27392a470155d5992dcc1a2024ca025f1313d0e066ce0daecaa732c9d62f839be37fe61a0aa0f5fa23162d67d49dee1d74dfa0ec1e42b261075288f06c6744e05343131613ebedf8b6fc70a78d28eb3581f955c870d98b009f0b730f67712ee9535bc60e3c374824c1d90fd3c51d587c8c0b5dbf6c36c8cc82d650280e568f7c7e6b2550a45657a646ca6a48c6c683dd8bb42bb7998a01ca6e4b283897478e7eb36bc465dd0d6f6716c1f199f2a21723f9affa29faafd35cf94720bafa6d1e8f0c8c10731a62adabcf1cb31532e97f0efd4a4153c808bdee100bf9cc5b595421f466a2dae9cde36d9e0f781d6d9e58d155f4a23aa09e257b9134c425f8fca6437979a0b101e88364fe5a7af725797b7c6c7fe2f5eab18966beeb7edd02817de5331fdf7f94e1ea9eb70aa4da258b88377124a344d9c9d2ed1e0535d0f1489f5d45fbeb223059f46ba5b4a1c216040cba81acf294ed316eed7258798e70a3cc992f1bd3a18f3b19537f50f73dfc4a620de6739d6379bc2e9c26e416e38d20048072ca739307ac1cf8d2cc5348e0fab28bf78e897e2007e07a8d13b909b87e98b82be8b108a316ca9e0df0381f6311c96dbb9d7c3495ba08af960231da069105bcf8373a454218bb78ef421cc42b2950bce097f6be4da55d3b726288192c80adf8df967994c0594bcdc808a65b1d3aa8234495f03262e7c83b65b574535b7127d7e322f443a111d889f9361e56576a44d17234d36f97a59a09acbef174ab001863d363b93db5c118d1f58aceca5673e31e8c8c7b730d9aab9ea01f683edaf4dd07f9df4295268d368807af22bcdaad525995204a4966e620b63d71fab023e3bbf3f3eab2ca8cb99c889bec8138919474bcfffd29727c367dd3399ed483216c308c0887610edb0961dc83167234586cc0f0aeb58ce49a6a250d554a01439c340dd8afe36c72251c7887f7a5fefe9bb1c45128f573c1a7ae99ca058f2f1172cee7d7a9f2d5a0f66ec9dc74b35abe5611eeb5193f0ff6c82868d38745c19932964eb16146ef9cf5080f960248f665a4e0bc659269a833f31b7174550f87251e88ff0e004205674934e9522e17dca85d0b6b51c29306414cf832838426449d52e38ab7fbe4e27f2eb468af3c862e0071e5416c2bec21975dc1cad52d5eeef0cebd16ce084a7fd9111d12c90c3e684984cf9717a89804ce266b416c7104457626544e136b8da3af37c15127dbb6ed671ca3d6a1dea57429796838798b1d5a666bb163f441d1d7b83986eb4808b5271bf4461f7555d25a56a5abc5ca87b9642f8a5447f320f8b9e88a5f0bf7135946bbc54926a2c5d14259f48d838b06e1346f92584af37cfca6f2fcb102192afcbd2b5bd4ccce4b47665f5d24fae0c09b96e7de6a92618f9cc20792d5214bafda9eb283f512463feac50fa4e5729cb9bb52aee43d98e85e53724b5abdb98f748d1efa36d7f6ba9b8c769b1141e47f646fe1d34962b863890cd85859f86121d590ea7fb6b3906b4fe2a330247befdb11c4af5a812fee2102a570f1f0a98f82edd3ba0c2b66e05b64087cd2c0d948788e8091c3bd64cbf39a9ceba5d00ee50a928f6aacd06b25c0584eed4b54d1cb0dd6dd2b98772507aa1597e329fa923a2e0459e7b0da5edfe080bd54d552e5158b5770f3f210d14e0944a86780d3ec23dd69aa663edcdcaddd137b4220cebb0549691e197aaf714d1a8d889bcf1381062f778819d602d7154ae0967f23397a943ba80f7fde879c60d555a4defcef46ab6ba592cfff449f6b31270c716c71c7e27685b11e3ae691cdb229ac6cea1c1d7d7a42a8a9ee60a89ec1edc21519f9e487bf0e93ae81b91ebfa0ad712d7cf9eb2e5922bf2e47e52817d19288f3a080c2dbf867a72a2d05f564f1b23f7f98383411e224182a543b4d85709aaad9640d722dd49264f8c8952a74f0ad696fc607aa3b76805b28eecf260e7a2d30de28ae02826920e72cbd806b2311b53ace0bffbd70f78404dd9d7db8913386372f40ebb567678ce35ab67df12cd83af09665e265ae21b9cfba78c1a7e8e6a149669dec2548a4d1af109c831af0195ac72a79e22fd2e0f05675361e76231bc001a215374bfa914cc1ee8597680b572cb85ea8aa14b2acf0df1b6414a701c6a7b00b84a8b511231509c24a438c929c39d0f4fbbb7dbf05dfcc7ce3740d3493936bf65167afa8745b77184c46bbac1bbe84c511dafc0da2abcbbf0a6675ecfae803d08a91f4cbeee4c9a6fcb28799a76e64908685a20e7bd30659be12283ba4ec773f148dbac0cbad76c71e81d425e3c40cf63421b7019261b16f3fa09bd5108d24048107fc299fd6723e624187899776f58938210f34680a1b56d37120c66304587ae287ef9892bc336f6ebd6be9a3e907292fea7b48454b36ff762d6e4c90d0a7d3574f2ade3ca24b837525793213738cff469cd12fdb343c4bf107b8eb485848027f5bad2db9be1bfefc5b262038a3a32baca76179fefb2472c8e467489c14719da19dcf901a1de4d13c3562b0566f0f40ef60dc827add8b489f26f169a6077bf1b3b6b0c72813e9471c64b127c21c3f2b19d27ddf1ffc755d1c535bf68cb23db7fe8c7f37a5b21baa4696d74b32afc700bfc14d607171b4b8eb9c1dc8b0b3efc1025e6818842ce131404fefda554149615b31fb350374475527c7209603b5e926f028a96610260033184e503c8281aa90fe6c36455c5f04ca239a69592c106aa609fafd07ac0f24486cd8e62288a273f0a32699d1bcaae687aaac42dc844ec26b3692084fdaba340f84a0925ef9fa406deb018aa16e97db2a52ab33e35f5451b59d592f4a50b260f9dc5c2adaa0831643f23ccca4b1ce9ba97cb4fc69b66fd2e417521ed906e245eae0ba114f739caae780073be149d9d86d92d42e49519fc5ad2d04a9716429fe27dbba170ac46d21f5e3e389a1b78e991f559297dce7c3ce546255dd0f1be1eb0ae4746ea3134500e652033f1c3874dd8fceed989df2f2ab4ba974d270757b440f00c000a00433b"], 0x10fc}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) socket$inet6(0xa, 0x100800000000002, 0x88) [ 171.476033] CPU: 0 PID: 7011 Comm: syz-executor.3 Not tainted 4.14.146 #0 [ 171.482953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.492306] Call Trace: [ 171.494907] dump_stack+0x138/0x197 [ 171.498551] ? vprintk_func+0x65/0x159 [ 171.502443] ? kvm_write_guest_virt_system+0x64/0x90 [ 171.507551] kasan_report.cold+0x127/0x2af [ 171.511795] check_memory_region+0x123/0x190 [ 171.516203] memset+0x24/0x40 [ 171.519316] kvm_write_guest_virt_system+0x64/0x90 [ 171.524251] handle_vmread+0x548/0x730 [ 171.528152] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 171.533522] ? __lock_is_held+0xb6/0x140 [ 171.537590] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 171.543045] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 171.548416] vmx_handle_exit+0x20d/0x1330 [ 171.552570] ? vcpu_enter_guest+0xd2d/0x5210 [ 171.556988] vcpu_enter_guest+0xf28/0x5210 [ 171.561228] ? save_trace+0x290/0x290 [ 171.563145] audit: type=1400 audit(1569834881.297:41): avc: denied { relabelto } for pid=7028 comm="syz-executor.4" name="bus" dev="sda1" ino=16552 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lvm_control_t:s0 tclass=file permissive=1 [ 171.565037] ? find_held_lock+0x130/0x130 [ 171.565092] ? emulator_read_emulated+0x50/0x50 [ 171.565101] ? lock_acquire+0x16f/0x430 [ 171.565110] ? kvm_check_async_pf_completion+0x2a9/0x410 [ 171.565126] kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 171.612520] ? kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 171.617534] kvm_vcpu_ioctl+0x401/0xd10 [ 171.621506] ? kvm_vcpu_block+0xbb0/0xbb0 [ 171.625638] ? trace_hardirqs_on+0x10/0x10 [ 171.629858] ? __might_fault+0x110/0x1d0 [ 171.633919] ? save_trace+0x290/0x290 [ 171.637701] ? __might_fault+0x110/0x1d0 [ 171.641744] ? __fget+0x210/0x370 [ 171.645179] ? find_held_lock+0x35/0x130 [ 171.649221] ? __fget+0x210/0x370 [ 171.652659] ? kvm_vcpu_block+0xbb0/0xbb0 [ 171.656786] do_vfs_ioctl+0x7ae/0x1060 [ 171.660657] ? selinux_file_mprotect+0x5d0/0x5d0 [ 171.665392] ? lock_downgrade+0x6e0/0x6e0 [ 171.669521] ? ioctl_preallocate+0x1c0/0x1c0 [ 171.674007] ? __fget+0x237/0x370 [ 171.677592] ? security_file_ioctl+0x89/0xb0 [ 171.681999] SyS_ioctl+0x8f/0xc0 [ 171.685364] ? do_vfs_ioctl+0x1060/0x1060 [ 171.689503] do_syscall_64+0x1e8/0x640 [ 171.693377] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 171.698213] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 171.703392] RIP: 0033:0x459a29 [ 171.706567] RSP: 002b:00007ff813fb5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 171.714272] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 171.721524] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 171.728776] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 171.736037] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff813fb66d4 [ 171.743287] R13: 00000000004c2ddb R14: 00000000004d6618 R15: 00000000ffffffff [ 171.750556] ================================================================== [ 171.757896] Disabling lock debugging due to kernel taint [ 171.770370] Kernel panic - not syncing: panic_on_warn set ... [ 171.770370] [ 171.777763] CPU: 0 PID: 7011 Comm: syz-executor.3 Tainted: G B 4.14.146 #0 [ 171.785895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.789325] audit: type=1400 audit(1569834881.297:42): avc: denied { read write } for pid=7028 comm="syz-executor.4" name="bus" dev="sda1" ino=16552 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lvm_control_t:s0 tclass=file permissive=1 [ 171.795242] Call Trace: [ 171.795257] dump_stack+0x138/0x197 [ 171.795271] ? kvm_write_guest_virt_system+0x64/0x90 [ 171.795279] panic+0x1f2/0x426 [ 171.795286] ? add_taint.cold+0x16/0x16 [ 171.795296] ? ___preempt_schedule+0x16/0x18 [ 171.795309] kasan_end_report+0x47/0x4f [ 171.795321] kasan_report.cold+0x130/0x2af [ 171.795329] check_memory_region+0x123/0x190 [ 171.795336] memset+0x24/0x40 [ 171.795345] kvm_write_guest_virt_system+0x64/0x90 [ 171.795355] handle_vmread+0x548/0x730 [ 171.795363] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 171.795372] ? __lock_is_held+0xb6/0x140 [ 171.795383] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 171.795390] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 171.795400] vmx_handle_exit+0x20d/0x1330 [ 171.795409] ? vcpu_enter_guest+0xd2d/0x5210 [ 171.795418] vcpu_enter_guest+0xf28/0x5210 [ 171.795426] ? save_trace+0x290/0x290 [ 171.795436] ? find_held_lock+0x130/0x130 [ 171.795445] ? emulator_read_emulated+0x50/0x50 [ 171.795453] ? lock_acquire+0x16f/0x430 [ 171.795463] ? kvm_check_async_pf_completion+0x2a9/0x410 [ 171.821677] audit: type=1400 audit(1569834881.307:43): avc: denied { open } for pid=7028 comm="syz-executor.4" path="/root/syzkaller-testdir651443711/syzkaller.CyQT7a/3/bus" dev="sda1" ino=16552 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lvm_control_t:s0 tclass=file permissive=1 [ 171.822491] kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 171.955188] ? kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 171.960186] kvm_vcpu_ioctl+0x401/0xd10 [ 171.964140] ? kvm_vcpu_block+0xbb0/0xbb0 [ 171.968267] ? trace_hardirqs_on+0x10/0x10 [ 171.972480] ? __might_fault+0x110/0x1d0 [ 171.976518] ? save_trace+0x290/0x290 [ 171.980296] ? __might_fault+0x110/0x1d0 [ 171.984341] ? __fget+0x210/0x370 [ 171.987773] ? find_held_lock+0x35/0x130 [ 171.991810] ? __fget+0x210/0x370 [ 171.995243] ? kvm_vcpu_block+0xbb0/0xbb0 [ 171.999369] do_vfs_ioctl+0x7ae/0x1060 [ 172.003235] ? selinux_file_mprotect+0x5d0/0x5d0 [ 172.007969] ? lock_downgrade+0x6e0/0x6e0 [ 172.012096] ? ioctl_preallocate+0x1c0/0x1c0 [ 172.016482] ? __fget+0x237/0x370 [ 172.019916] ? security_file_ioctl+0x89/0xb0 [ 172.024304] SyS_ioctl+0x8f/0xc0 [ 172.027646] ? do_vfs_ioctl+0x1060/0x1060 [ 172.031771] do_syscall_64+0x1e8/0x640 [ 172.035639] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 172.040463] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 172.045632] RIP: 0033:0x459a29 [ 172.048798] RSP: 002b:00007ff813fb5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 172.056494] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 172.063742] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 172.070989] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 172.078259] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff813fb66d4 [ 172.085508] R13: 00000000004c2ddb R14: 00000000004d6618 R15: 00000000ffffffff [ 172.094228] Kernel Offset: disabled [ 172.097846] Rebooting in 86400 seconds..