[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.924493] random: sshd: uninitialized urandom read (32 bytes read) [ 33.207125] kauditd_printk_skb: 9 callbacks suppressed [ 33.207140] audit: type=1400 audit(1569991601.986:35): avc: denied { map } for pid=6858 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 33.263304] random: sshd: uninitialized urandom read (32 bytes read) [ 33.839516] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.114' (ECDSA) to the list of known hosts. [ 39.418747] random: sshd: uninitialized urandom read (32 bytes read) 2019/10/02 04:46:48 fuzzer started [ 39.632725] audit: type=1400 audit(1569991608.416:36): avc: denied { map } for pid=6868 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.179891] random: cc1: uninitialized urandom read (8 bytes read) 2019/10/02 04:46:49 dialing manager at 10.128.0.105:39593 2019/10/02 04:46:49 syscalls: 2500 2019/10/02 04:46:49 code coverage: enabled 2019/10/02 04:46:49 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/10/02 04:46:49 extra coverage: extra coverage is not supported by the kernel 2019/10/02 04:46:49 setuid sandbox: enabled 2019/10/02 04:46:49 namespace sandbox: enabled 2019/10/02 04:46:49 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/02 04:46:49 fault injection: enabled 2019/10/02 04:46:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/02 04:46:49 net packet injection: enabled 2019/10/02 04:46:49 net device setup: enabled [ 42.307831] random: crng init done 04:48:58 executing program 5: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x0, &(0x7f00000014c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_client='access=client'}]}}) 04:48:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x96}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0x240}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:48:58 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2cec6504df6ead74ed8a60ab563e98b4b2a3d27a7082dbb78abd55fba3da80b856445ab100621d6234555c08dc540473753cd89e9b08e3f5972fe9ca162b123e192e8c89c9dd81c79"], 0x63) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}, {@version_u='version=9p2000.u'}, {@cachetag={'cachetag', 0x3d, '9p\x00'}}, {@dfltuid={'dfltuid'}}]}}) 04:48:58 executing program 1: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, r0+10000000}}, 0x0) getpid() r1 = socket$inet6(0xa, 0x400000000001, 0x0) close(r1) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r3 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x10}, 0xc) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, 0x0, 0x0) ftruncate(r3, 0x200004) sendfile(r1, r3, 0x0, 0x80001d00c0d0) 04:48:58 executing program 2: 04:48:58 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f00000000c0)=0x101, 0x4) sendmmsg(r0, &(0x7f0000008600)=[{{&(0x7f0000000100)=@nfc_llcp={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "38f1095001068a73c183c1d209a3c918575c2c41ca7e2301792c682513522dfff9f5186aecbf68ace99667c0c98f07b26b501469cb7d2ee871a4a95c2e74be"}, 0x80, &(0x7f0000000640)=[{&(0x7f0000000180)="907bd689453c75b24588d8be1ac3", 0xe}], 0x1}}], 0x1, 0x0) [ 169.683119] audit: type=1400 audit(1569991738.466:37): avc: denied { map } for pid=6868 comm="syz-fuzzer" path="/root/syzkaller-shm385169314" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 169.760417] audit: type=1400 audit(1569991738.476:38): avc: denied { map } for pid=6885 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=19 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 170.061056] IPVS: ftp: loaded support on port[0] = 21 [ 170.871702] chnl_net:caif_netlink_parms(): no params data found [ 170.872158] IPVS: ftp: loaded support on port[0] = 21 [ 170.929306] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.937631] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.946717] device bridge_slave_0 entered promiscuous mode [ 170.954167] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.961306] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.968964] device bridge_slave_1 entered promiscuous mode [ 170.969818] IPVS: ftp: loaded support on port[0] = 21 [ 170.996296] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 171.007728] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 171.029500] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 171.037783] team0: Port device team_slave_0 added [ 171.045423] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 171.053607] team0: Port device team_slave_1 added [ 171.061701] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 171.078174] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 171.162331] device hsr_slave_0 entered promiscuous mode [ 171.220469] device hsr_slave_1 entered promiscuous mode [ 171.282763] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 171.292747] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 171.299897] chnl_net:caif_netlink_parms(): no params data found [ 171.321031] IPVS: ftp: loaded support on port[0] = 21 [ 171.342338] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.349620] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.357154] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.364287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.417652] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.425886] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.434372] device bridge_slave_0 entered promiscuous mode [ 171.457507] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.464932] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.472260] device bridge_slave_1 entered promiscuous mode [ 171.496572] chnl_net:caif_netlink_parms(): no params data found [ 171.513510] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 171.537650] IPVS: ftp: loaded support on port[0] = 21 [ 171.544698] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 171.564811] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 171.573151] team0: Port device team_slave_0 added [ 171.594007] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 171.601392] team0: Port device team_slave_1 added [ 171.608842] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 171.627249] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 171.649120] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.656527] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.665101] device bridge_slave_0 entered promiscuous mode [ 171.672548] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.678929] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.686359] device bridge_slave_1 entered promiscuous mode [ 171.732157] device hsr_slave_0 entered promiscuous mode [ 171.771405] device hsr_slave_1 entered promiscuous mode [ 171.810705] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 171.842193] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 171.851772] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 171.861001] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 171.867603] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.882729] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 171.894979] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 171.908922] IPVS: ftp: loaded support on port[0] = 21 [ 171.923642] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.930577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.937735] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.944380] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.970111] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.977805] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.986319] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 171.995131] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.002290] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.055209] chnl_net:caif_netlink_parms(): no params data found [ 172.072094] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 172.093359] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 172.101232] team0: Port device team_slave_0 added [ 172.110267] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 172.117369] team0: Port device team_slave_1 added [ 172.123046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 172.131040] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.158970] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 172.169786] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 172.206345] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 172.212972] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.228753] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.235511] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.242800] device bridge_slave_0 entered promiscuous mode [ 172.273515] device hsr_slave_0 entered promiscuous mode [ 172.320451] device hsr_slave_1 entered promiscuous mode [ 172.362897] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 172.386858] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 172.398823] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.405424] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.413701] device bridge_slave_1 entered promiscuous mode [ 172.433776] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 172.441152] chnl_net:caif_netlink_parms(): no params data found [ 172.455228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 172.463957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.472758] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.479624] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.489254] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 172.502907] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 172.514063] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 172.532037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.540835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.548550] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.555728] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.584034] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 172.592271] team0: Port device team_slave_0 added [ 172.597922] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 172.605384] team0: Port device team_slave_1 added [ 172.617084] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 172.638628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 172.646739] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 172.655426] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 172.666800] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 172.682982] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.689395] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.696962] device bridge_slave_0 entered promiscuous mode [ 172.709292] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.715968] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.723545] device bridge_slave_1 entered promiscuous mode [ 172.731455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 172.741606] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 172.755751] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 172.781720] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 172.794097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.802320] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.810665] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.873578] device hsr_slave_0 entered promiscuous mode [ 172.930565] device hsr_slave_1 entered promiscuous mode [ 172.995554] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 173.003308] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 173.038318] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 173.046331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 173.057391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 173.066850] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 173.095764] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.105115] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 173.115498] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 173.123576] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 173.131958] team0: Port device team_slave_0 added [ 173.142755] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 173.151228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 173.159099] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 173.168130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 173.176245] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 173.187263] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 173.193418] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 173.202561] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 173.211078] team0: Port device team_slave_1 added [ 173.217107] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 173.226723] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 173.235429] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 173.249545] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 173.261417] chnl_net:caif_netlink_parms(): no params data found [ 173.278741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 173.288988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 173.301407] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 173.307961] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.336833] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 173.346273] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 173.392443] device hsr_slave_0 entered promiscuous mode [ 173.440403] device hsr_slave_1 entered promiscuous mode [ 173.490836] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 173.509239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.519696] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.528076] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.534960] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.543186] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.552745] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 173.567783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.576734] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 173.605411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 173.614021] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.622304] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.629206] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.639225] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 173.650111] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 173.659124] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 173.668959] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.676999] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.685010] device bridge_slave_0 entered promiscuous mode [ 173.693008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 173.702872] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 173.710586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 173.721891] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 173.730975] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 173.741162] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 173.747714] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.759033] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 173.766713] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.773908] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.781866] device bridge_slave_1 entered promiscuous mode [ 173.790703] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 173.805851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.814819] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.823227] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.830567] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.839348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 173.848626] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 173.861401] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 173.878476] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 173.899818] bond0: Enslaving bond_slave_0 as an active interface with an up link 04:49:02 executing program 5: 04:49:02 executing program 5: [ 173.911266] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 173.923608] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 173.931987] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 173.939912] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 173.948567] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready 04:49:02 executing program 5: [ 173.957816] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.965657] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.982296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 173.991023] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 173.999783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 04:49:02 executing program 5: [ 174.009979] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 174.023976] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 174.035559] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.047318] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready 04:49:02 executing program 5: [ 174.067997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 174.076122] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 174.086519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.105329] 8021q: adding VLAN 0 to HW filter on device bond0 04:49:02 executing program 5: 04:49:02 executing program 5: [ 174.119504] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 174.147736] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 174.173310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 174.186043] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 174.193703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 174.201973] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.212284] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 174.228196] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 174.237040] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 174.244547] team0: Port device team_slave_0 added [ 174.250792] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 174.257797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 174.265752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 174.274686] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 174.282095] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 174.288296] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 174.298683] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 174.308447] team0: Port device team_slave_1 added [ 174.314513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 174.322530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 174.332511] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 174.338767] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.350364] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 174.359882] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 174.367509] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 174.379237] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 174.388005] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 174.397614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 174.407059] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 174.415178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 174.423405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 174.434405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 174.442932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 174.450869] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.457227] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.465384] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 174.473291] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 174.489636] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 174.543682] device hsr_slave_0 entered promiscuous mode [ 174.600395] device hsr_slave_1 entered promiscuous mode [ 174.641659] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 174.648336] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 174.660484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 174.669105] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 174.678103] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.686056] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.694806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.706013] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 174.724410] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 174.735013] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 174.758305] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 174.769524] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 174.778995] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.791504] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.803452] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 174.811775] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 174.827095] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.843051] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 174.854943] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 174.870346] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 174.880611] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.896550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 174.903840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 174.912648] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 174.923593] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 174.937767] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 174.947843] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 174.956016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 174.964269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.973040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 174.981138] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 174.988943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 174.997129] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.005355] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.012736] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.019900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 175.028592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.037164] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.044359] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.051998] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 175.059160] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 175.072493] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 175.083656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 175.092480] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 175.107298] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 175.117354] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 175.133348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 175.142901] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 175.151849] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 175.161899] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 175.172639] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 175.178851] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 175.191250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 175.207053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.217468] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 175.234540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 175.243276] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 175.253918] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 175.263675] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 175.275048] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 175.284422] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 175.302333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 175.313751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 175.324650] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 175.334810] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 175.342684] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.355083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 175.364041] hrtimer: interrupt took 42912 ns [ 175.368252] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 175.379552] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 175.395929] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.408537] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 175.418669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 175.427030] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 175.440792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 175.451522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.459306] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.465734] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.481386] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 175.489648] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 175.504332] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 175.512404] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 175.526128] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 175.535869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 175.544780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 175.554154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 175.568053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 175.588109] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.601802] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.611814] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.629243] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 175.639485] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 175.656708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 175.674803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.687685] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 175.697406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 175.724089] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 175.735059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 175.751415] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 175.763731] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 175.771851] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 175.779016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 175.794767] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 175.808939] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 175.821550] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 175.828675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 175.836480] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 175.846781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 175.854822] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 175.866381] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 175.875258] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 175.894898] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 175.916235] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.930892] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 04:49:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x96}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0x240}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:49:05 executing program 3: syslog(0x2, &(0x7f0000000180)=""/113, 0x71) socket$nl_xfrm(0x10, 0x3, 0x6) 04:49:05 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) sendmmsg(r0, &(0x7f0000008600)=[{{&(0x7f0000000100)=@nfc_llcp={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "38f1095001068a73c183c1d209a3c918575c2c41ca7e2301792c682513522dfff9f5186aecbf68ace99667c0c98f07b26b501469cb7d2ee871a4a95c2e74be"}, 0x80, &(0x7f0000000640)=[{&(0x7f0000000180)="907bd689453c75b24588d8be1ac3", 0xe}], 0x1}}], 0x1, 0x0) [ 176.330303] protocol 88fb is buggy, dev hsr_slave_0 [ 176.341625] audit: type=1400 audit(1569991745.126:39): avc: denied { syslog } for pid=6989 comm="syz-executor.3" capability=34 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 04:49:05 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000240)={@flat=@binder={0x73622a85, 0x1efb7d35a3603745}, @ptr={0x70742a85, 0x0, 0x0}, @fd}, &(0x7f0000000180)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) 04:49:05 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x8000002}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000540)='dctcp\x00', 0x6) sendto$inet6(r0, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000080)={'lo\x00'}) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000140)={'lo\x00\x00\xe7\xff\x03\x00\x00\x00\x00\x06\x00', 0xfd}) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='scalable\x00', 0x9) r2 = socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000a5c000/0x3000)=nil, 0x3000, 0x0, 0x10, r2, 0x0) sendto$packet(r0, &(0x7f0000000340), 0xfffffffffffffd72, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) 04:49:05 executing program 1: r0 = syz_open_dev$cec(0x0, 0x1, 0x2) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x801, 0x0) openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000080)={0x0, 0x4004400}) 04:49:05 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="0d00000000003639408fa3a3ba27660199783b0a82f79b32a7c8225086600a38e07d4db88a66596759e95307b680ab73e03c53555c97e8e37d01da4d44a994354a9fa3f355214eeabd24fd620b2022d5ad63b369aaffe9a6b608a5fece0eca95d71f2d3e60613a027fb50cbcbd92d44076d3b97247e066165ccf10", 0x7b}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x398}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$cont(0x9, r0, 0x0, 0x0) 04:49:05 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="0d00000000003639408fa3a3ba27660199783b0a82f79b32a7c8225086600a38e07d4db88a66596759e95307b680ab73e03c53555c97e8e37d01da4d44a994354a9fa3f355214eeabd24fd620b2022d5ad63b369aaffe9a6b608a5fece0eca95d71f2d3e60613a027fb50cbcbd92d44076d3b97247e06616", 0x78}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$cont(0x9, r0, 0x0, 0x0) 04:49:05 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000240)={@flat=@binder={0x73622a85, 0x1efb7d35a3603745}, @ptr={0x70742a85, 0x0, 0x0}, @fd}, &(0x7f0000000180)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) [ 177.174643] audit: type=1400 audit(1569991745.956:40): avc: denied { map } for pid=7001 comm="syz-executor.4" path="/dev/binder4" dev="devtmpfs" ino=15776 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 04:49:06 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x23, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000002c0)={@flat, @ptr={0x70742a85, 0x1, 0x0}, @flat=@weak_binder}, &(0x7f0000000180)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) 04:49:06 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff3ffff}) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0xfff}) [ 177.228870] audit: type=1400 audit(1569991745.986:41): avc: denied { set_context_mgr } for pid=7001 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 177.271582] audit: type=1400 audit(1569991745.996:42): avc: denied { map } for pid=6999 comm="syz-executor.2" path="socket:[26907]" dev="sockfs" ino=26907 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_route_socket permissive=1 04:49:06 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff3ffff}) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0xfff}) 04:49:06 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) pipe(&(0x7f0000000340)={0xffffffffffffffff}) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x133, 0x0, 0x0, 0xff7d) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="66b829018ec0b9800000c00f3235002000000f3066baf80cb8c8f61a8eef66bafc0ced0f787e0036400fc75a00c4e1f9e601c4018575504f0f87d485a71b64440f01c43e662666470f38804185", 0x4d}], 0x1, 0x0, 0x0, 0xfffffffffffffe96) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x40, 0x0, 0xfffffffffffffdd4) setxattr$security_evm(0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="b9"], 0x1, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 04:49:06 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) r1 = mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0xc, 0x0, &(0x7f0000000080)=[@free_buffer={0x40086303, r1}], 0x0, 0x0, 0x0}) [ 177.300852] audit: type=1400 audit(1569991746.046:43): avc: denied { map } for pid=6999 comm="syz-executor.2" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=26250 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=1 04:49:06 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff3ffff}) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0xfff}) 04:49:06 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 177.524374] ================================================================== [ 177.533722] BUG: KASAN: null-ptr-deref in kvm_write_guest_virt_system+0x64/0x90 [ 177.542641] Write of size 24 at addr (null) by task syz-executor.3/7036 [ 177.550497] [ 177.552148] CPU: 0 PID: 7036 Comm: syz-executor.3 Not tainted 4.14.146 #0 [ 177.559423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.569801] Call Trace: [ 177.572903] dump_stack+0x138/0x197 [ 177.576837] ? vprintk_func+0x65/0x159 [ 177.581003] ? kvm_write_guest_virt_system+0x64/0x90 [ 177.586119] kasan_report.cold+0x127/0x2af [ 177.590455] check_memory_region+0x123/0x190 [ 177.595045] memset+0x24/0x40 [ 177.598237] kvm_write_guest_virt_system+0x64/0x90 [ 177.604660] handle_vmread+0x548/0x730 [ 177.608614] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 177.614157] ? __lock_is_held+0xb6/0x140 [ 177.618265] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 177.624096] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 177.630433] vmx_handle_exit+0x20d/0x1330 [ 177.635040] ? vcpu_enter_guest+0xd2d/0x5210 [ 177.639961] vcpu_enter_guest+0xf28/0x5210 [ 177.644348] ? save_trace+0x290/0x290 [ 177.648603] ? find_held_lock+0x130/0x130 [ 177.653522] ? emulator_read_emulated+0x50/0x50 [ 177.658280] ? lock_acquire+0x16f/0x430 [ 177.662467] ? kvm_check_async_pf_completion+0x2a9/0x410 [ 177.669660] kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 177.675195] ? kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 177.681243] kvm_vcpu_ioctl+0x401/0xd10 [ 177.685216] ? kvm_vcpu_block+0xbb0/0xbb0 [ 177.689364] ? trace_hardirqs_on+0x10/0x10 [ 177.693603] ? __might_fault+0x110/0x1d0 [ 177.697870] ? save_trace+0x290/0x290 [ 177.701753] ? __might_fault+0x110/0x1d0 [ 177.705824] ? __fget+0x210/0x370 [ 177.709274] ? find_held_lock+0x35/0x130 [ 177.713420] ? __fget+0x210/0x370 [ 177.716877] ? kvm_vcpu_block+0xbb0/0xbb0 [ 177.721165] do_vfs_ioctl+0x7ae/0x1060 [ 177.725152] ? selinux_file_mprotect+0x5d0/0x5d0 [ 177.730094] ? lock_downgrade+0x6e0/0x6e0 [ 177.734418] ? ioctl_preallocate+0x1c0/0x1c0 [ 177.738916] ? __fget+0x237/0x370 [ 177.742373] ? security_file_ioctl+0x89/0xb0 [ 177.746779] SyS_ioctl+0x8f/0xc0 [ 177.751942] ? do_vfs_ioctl+0x1060/0x1060 [ 177.756478] do_syscall_64+0x1e8/0x640 [ 177.760581] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 177.765724] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 177.771523] RIP: 0033:0x459a29 [ 177.774710] RSP: 002b:00007fbdee894c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 177.782592] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 177.790345] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 177.797790] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 177.805087] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdee8956d4 [ 177.812843] R13: 00000000004c2ddb R14: 00000000004d68f8 R15: 00000000ffffffff [ 177.820210] ================================================================== [ 177.827822] Disabling lock debugging due to kernel taint [ 177.837630] Kernel panic - not syncing: panic_on_warn set ... [ 177.837630] [ 177.845046] CPU: 0 PID: 7036 Comm: syz-executor.3 Tainted: G B 4.14.146 #0 [ 177.853425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.862953] Call Trace: [ 177.865537] dump_stack+0x138/0x197 [ 177.869250] ? kvm_write_guest_virt_system+0x64/0x90 [ 177.874440] panic+0x1f2/0x426 [ 177.877626] ? add_taint.cold+0x16/0x16 [ 177.881789] ? ___preempt_schedule+0x16/0x18 [ 177.886400] kasan_end_report+0x47/0x4f [ 177.890471] kasan_report.cold+0x130/0x2af [ 177.894703] check_memory_region+0x123/0x190 [ 177.899516] memset+0x24/0x40 [ 177.902623] kvm_write_guest_virt_system+0x64/0x90 [ 177.908182] handle_vmread+0x548/0x730 [ 177.912615] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 177.917982] ? __lock_is_held+0xb6/0x140 [ 177.922399] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 177.928111] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 177.933641] vmx_handle_exit+0x20d/0x1330 [ 177.938222] ? vcpu_enter_guest+0xd2d/0x5210 [ 177.942803] vcpu_enter_guest+0xf28/0x5210 [ 177.947903] ? save_trace+0x290/0x290 [ 177.951784] ? find_held_lock+0x130/0x130 [ 177.955996] ? emulator_read_emulated+0x50/0x50 [ 177.960663] ? lock_acquire+0x16f/0x430 [ 177.964998] ? kvm_check_async_pf_completion+0x2a9/0x410 [ 177.970798] kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 177.977240] ? kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 177.983220] kvm_vcpu_ioctl+0x401/0xd10 [ 177.987368] ? kvm_vcpu_block+0xbb0/0xbb0 [ 177.991601] ? trace_hardirqs_on+0x10/0x10 [ 177.995976] ? __might_fault+0x110/0x1d0 [ 178.000668] ? save_trace+0x290/0x290 [ 178.004568] ? __might_fault+0x110/0x1d0 [ 178.008622] ? __fget+0x210/0x370 [ 178.012156] ? find_held_lock+0x35/0x130 [ 178.017086] ? __fget+0x210/0x370 [ 178.020537] ? kvm_vcpu_block+0xbb0/0xbb0 [ 178.024765] do_vfs_ioctl+0x7ae/0x1060 [ 178.029096] ? selinux_file_mprotect+0x5d0/0x5d0 [ 178.033929] ? lock_downgrade+0x6e0/0x6e0 [ 178.039161] ? ioctl_preallocate+0x1c0/0x1c0 [ 178.043569] ? __fget+0x237/0x370 [ 178.047021] ? security_file_ioctl+0x89/0xb0 [ 178.051459] SyS_ioctl+0x8f/0xc0 [ 178.054950] ? do_vfs_ioctl+0x1060/0x1060 [ 178.059095] do_syscall_64+0x1e8/0x640 [ 178.063064] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 178.068134] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 178.073928] RIP: 0033:0x459a29 [ 178.077355] RSP: 002b:00007fbdee894c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 178.086113] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 178.094656] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 178.102744] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 178.111738] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdee8956d4 [ 178.119306] R13: 00000000004c2ddb R14: 00000000004d68f8 R15: 00000000ffffffff [ 178.128820] Kernel Offset: disabled [ 178.132685] Rebooting in 86400 seconds..