[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 41.755291] random: sshd: uninitialized urandom read (32 bytes read) [ 42.115337] kauditd_printk_skb: 10 callbacks suppressed [ 42.115345] audit: type=1400 audit(1568886415.266:35): avc: denied { map } for pid=6871 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 42.162223] random: sshd: uninitialized urandom read (32 bytes read) [ 42.764987] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts. [ 48.436644] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/19 09:47:01 fuzzer started [ 48.631333] audit: type=1400 audit(1568886421.786:36): avc: denied { map } for pid=6880 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 49.337739] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/19 09:47:03 dialing manager at 10.128.0.105:36039 2019/09/19 09:47:03 syscalls: 2471 2019/09/19 09:47:03 code coverage: enabled 2019/09/19 09:47:03 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/19 09:47:03 extra coverage: extra coverage is not supported by the kernel 2019/09/19 09:47:03 setuid sandbox: enabled 2019/09/19 09:47:03 namespace sandbox: enabled 2019/09/19 09:47:03 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/19 09:47:03 fault injection: enabled 2019/09/19 09:47:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/19 09:47:03 net packet injection: enabled 2019/09/19 09:47:03 net device setup: enabled [ 51.197455] random: crng init done 09:48:19 executing program 0: mount(0x0, 0x0, 0x0, 0x100, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) wait4(0x0, 0x0, 0x80000000, 0x0) tkill(0x0, 0x9) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xb, 0x6, 0x209e1e, 0x3, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000b40)={r0, &(0x7f0000000300), &(0x7f0000000340)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r0, &(0x7f0000000240), &(0x7f0000000040)=""/89}, 0x18) 09:48:19 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xfffffffffffffff7, 0x84, 0x0, 0x0, 0x0, 0x7, 0x100, 0x0, 0xfe, 0x0, 0xb24c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1807, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x9, 0x100000001, 0x1, 0x401, 0x0, 0x3, 0x0, 0x3, 0x4, 0x0, 0x7, 0x0, @perf_bp, 0x8000, 0x2, 0x3}, 0x0, 0x3, r0, 0x3) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/ptype\x00\xcc\xf8V\xfe~\xdc\x94\x8e\xf06Ff\x00\xab\xa5\xd6\xeaY\xc8\xb5F\xfa\xa1\xd2\xc4*,ZT') preadv(r1, &(0x7f00000017c0), 0x1b4, 0x500000000000000) 09:48:19 executing program 1: r0 = socket$inet6(0x10, 0x80003, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="5500000018007fafb72d1cb2a4a280930206430200a843090626274d004016001500154004004c00007aa3c728f1c46b7b31afdc1338d54400009b84136ef75afb6cde448daa7227c43ab8620000bf0cec6bab91d4", 0x55}], 0x1}, 0x0) 09:48:19 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) 09:48:19 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100002000dcd8384a968b86be9084baa5b5db0700000068000a0100000000"], 0x2a) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/99, 0x23}, {&(0x7f00000000c0)=""/223, 0xdf}], 0x2) 09:48:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x201000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") r1 = socket(0x10, 0x3, 0x0) write(r1, &(0x7f0000000400)="fc0000004a000700ab092500090007000aab805c010000000000369321000100000000000000000000ff000000000000008656a64ab113cd70ebae071b0171038c6453aaa79bb94b46fe00000007ec020800008c0100036c6c256f1a272f2e117c22ebc205214000000080008934d07302ade01720d7d5bbc91a3e2e80772c74fb2cc56ce1f0f156272f5b00000005defd5a32e2082038f4f8b29d3ef3d92c8334b3863032000048b6e4170e5bbab2ccd2436d6b9408e0ad91bd0734babc7c3f2eeb57d43d3f0000000000106b4f9ed3142627c4623b880f411f46a6b567b4d5715587e650a1d9565187dc48deac270e33429fd30001040000b8d38a", 0xfc) getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, 0x0, 0x0) [ 126.162787] audit: type=1400 audit(1568886499.316:37): avc: denied { map } for pid=6880 comm="syz-fuzzer" path="/root/syzkaller-shm165633998" dev="sda1" ino=16491 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 126.202443] audit: type=1400 audit(1568886499.346:38): avc: denied { map } for pid=6898 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=22 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 126.550918] IPVS: ftp: loaded support on port[0] = 21 [ 127.289310] IPVS: ftp: loaded support on port[0] = 21 [ 127.325487] chnl_net:caif_netlink_parms(): no params data found [ 127.381521] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.387915] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.395025] device bridge_slave_0 entered promiscuous mode [ 127.402042] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.408381] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.415405] device bridge_slave_1 entered promiscuous mode [ 127.433190] IPVS: ftp: loaded support on port[0] = 21 [ 127.443485] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 127.459029] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 127.508724] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 127.516245] team0: Port device team_slave_0 added [ 127.526333] chnl_net:caif_netlink_parms(): no params data found [ 127.535009] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 127.542134] team0: Port device team_slave_1 added [ 127.549043] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 127.566126] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 127.622502] IPVS: ftp: loaded support on port[0] = 21 [ 127.651941] device hsr_slave_0 entered promiscuous mode [ 127.700388] device hsr_slave_1 entered promiscuous mode [ 127.806755] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 127.814312] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.821109] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.828056] device bridge_slave_0 entered promiscuous mode [ 127.837772] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.844247] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.851208] device bridge_slave_1 entered promiscuous mode [ 127.862409] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 127.875514] chnl_net:caif_netlink_parms(): no params data found [ 127.905568] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 127.916068] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 127.945081] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 127.952453] team0: Port device team_slave_0 added [ 127.959854] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 127.966933] team0: Port device team_slave_1 added [ 127.981954] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.988384] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.995323] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.001701] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.009526] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 128.017872] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 128.025675] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.026443] IPVS: ftp: loaded support on port[0] = 21 [ 128.033170] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.045014] device bridge_slave_0 entered promiscuous mode [ 128.052286] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.058680] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.065895] device bridge_slave_1 entered promiscuous mode [ 128.098915] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 128.109886] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 128.161916] device hsr_slave_0 entered promiscuous mode [ 128.200406] device hsr_slave_1 entered promiscuous mode [ 128.280751] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 128.287683] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 128.308417] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 128.317185] team0: Port device team_slave_0 added [ 128.324667] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 128.331866] team0: Port device team_slave_1 added [ 128.337084] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 128.345649] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 128.422974] device hsr_slave_0 entered promiscuous mode [ 128.460413] device hsr_slave_1 entered promiscuous mode [ 128.502559] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 128.511384] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.517748] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.524387] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.530732] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.549591] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.556398] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.563723] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.570639] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.579285] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 128.623488] chnl_net:caif_netlink_parms(): no params data found [ 128.636815] IPVS: ftp: loaded support on port[0] = 21 [ 128.667200] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 128.681285] 8021q: adding VLAN 0 to HW filter on device bond0 [ 128.714701] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 128.726653] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.734012] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.741825] device bridge_slave_0 entered promiscuous mode [ 128.782057] chnl_net:caif_netlink_parms(): no params data found [ 128.794966] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.801700] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.808552] device bridge_slave_1 entered promiscuous mode [ 128.822214] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 128.844817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 128.852397] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 128.861861] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 128.867921] 8021q: adding VLAN 0 to HW filter on device team0 [ 128.879170] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 128.890528] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 128.918510] 8021q: adding VLAN 0 to HW filter on device bond0 [ 128.926184] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 128.938915] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 128.946488] team0: Port device team_slave_0 added [ 128.957435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 128.965759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 128.973375] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.979698] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.993556] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 129.004306] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 129.013782] team0: Port device team_slave_1 added [ 129.019205] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 129.027696] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 129.035739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 129.043857] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 129.051929] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.058275] bridge0: port 2(bridge_slave_1) entered forwarding state [ 129.073272] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.079722] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.086869] device bridge_slave_0 entered promiscuous mode [ 129.094487] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.101046] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.107882] device bridge_slave_1 entered promiscuous mode [ 129.119266] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 129.128509] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 129.138711] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 129.153694] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 129.163140] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 129.172873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 129.179907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 129.189486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 129.204138] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 129.210624] 8021q: adding VLAN 0 to HW filter on device team0 [ 129.220627] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 129.282118] device hsr_slave_0 entered promiscuous mode [ 129.320493] device hsr_slave_1 entered promiscuous mode [ 129.370772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 129.379047] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 129.398643] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 129.408687] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 129.416504] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 129.423633] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 129.431485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 129.439169] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 129.449420] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.455788] bridge0: port 1(bridge_slave_0) entered forwarding state [ 129.463237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 129.471840] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 129.479285] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 129.486915] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 129.494657] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 129.504900] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 129.512025] team0: Port device team_slave_0 added [ 129.518710] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 129.527098] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 129.538611] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 129.548213] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 129.555544] team0: Port device team_slave_1 added [ 129.561177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 129.568555] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 129.576787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 129.584884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 129.592735] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.599282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 129.606167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 129.615882] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 129.629409] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 129.638530] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 129.646595] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 129.653709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 129.663086] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 129.670835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 129.679751] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 129.688169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 129.704810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 129.720907] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 129.731279] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 129.747672] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 129.755448] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 129.765601] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 129.792569] device hsr_slave_0 entered promiscuous mode [ 129.830622] device hsr_slave_1 entered promiscuous mode [ 129.871090] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 129.913781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 129.921904] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 129.929596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 129.937306] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 129.944961] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 129.953938] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 129.964660] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 129.971716] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 129.981033] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 129.991967] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 129.998041] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.007188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 130.014912] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 130.022644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 130.031476] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 130.038789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 130.045792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 130.055853] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 130.062009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 130.072435] chnl_net:caif_netlink_parms(): no params data found [ 130.082531] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 130.098041] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 130.123254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 130.132699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 130.140545] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.146966] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.155642] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 130.167716] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 130.176522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 130.184019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 130.194048] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 130.201872] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.208193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.219208] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 130.253069] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 130.264068] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 130.288595] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.295706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 130.307895] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 130.320240] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.326590] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.339516] device bridge_slave_0 entered promiscuous mode [ 130.346743] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.353333] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.360313] device bridge_slave_1 entered promiscuous mode [ 130.366677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 130.386278] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 130.399318] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 09:48:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") syz_read_part_table(0x0, 0x2, &(0x7f00000000c0)=[{0x0, 0x0, 0x5d028}, {&(0x7f00000033c0)="a87deb8ac33cc703df55f86396b189ed394c7e318c3eab31c18845619aec7f0925893038d371fe0c3ea0196d6ab28930055d51c988f8823a086c4d36d09ed48869164ab63f5943a6e7a0936033ffc58d4140406e2a0c16643321f71bb28a69a6160093c318da3e12ef3085498f564782e0b58f16d0bdfdbd5c41189f0917673131d15c1335d031f2cd4aeff1e349d6d813e7ea6dd9fa4d6777ce5d20831d0425d2ce6e69475c07c503fb673c28b8874ab6596ff1bfd5763eb487c36a6309d679bc89fa016f7736d197c3133b0dfc0af23c26ceed683dfc6cea3f64e96603ae9e3e1db432f77fd2bef2ee50064247a8e1799ea6f79dfa5cd5369f9cc9d7e50d94deb965c391114f2d702244e41e8dc3dcaf3e91919729c7cd3e61876c9ae34f2f8d3e5bfee2a5624e1063b450dc39e27a96f1a8f04f0c835e787f70373ff899eb3492a14386f50dbbf7d6bdf4c8708d21d10ee84ee79fd2c4a8ef16ca1a8b9ef2a658a57993ad3ae67856411243852f53b9d59c30e7543729138c1465229bb8a62f95ec31e57038dd54505b541f4ab3b88432d35314e2f2dd64ede2e91336fc15aaa9759b64989c63e38fed210ac22e63adfc1a5b92198d4ed8c3ed02d267b51544fbd7627421394050b48f6dcd39f2", 0x1cf, 0x8}]) [ 130.413092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 130.420808] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 130.429272] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 130.439267] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 130.456539] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 130.465068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 130.473854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 130.486798] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 130.495793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.504609] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 130.514798] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 130.522515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 130.531925] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 130.538004] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.546404] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 130.582672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 130.604447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 130.613766] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 130.623125] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready 09:48:23 executing program 1: [ 130.630673] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.637689] team0: Port device team_slave_0 added [ 130.645276] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 130.673071] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 09:48:23 executing program 1: 09:48:23 executing program 1: [ 130.696514] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 130.704971] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 130.713247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 130.725878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 130.738660] bridge0: port 1(bridge_slave_0) entered blocking state 09:48:23 executing program 1: [ 130.745055] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.752788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 130.768296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 130.784690] bridge0: port 2(bridge_slave_1) entered blocking state 09:48:23 executing program 0: mount(0x0, 0x0, 0x0, 0x100, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) wait4(0x0, 0x0, 0x80000000, 0x0) tkill(0x0, 0x9) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xb, 0x6, 0x209e1e, 0x3, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000b40)={r0, &(0x7f0000000300), &(0x7f0000000340)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r0, &(0x7f0000000240), &(0x7f0000000040)=""/89}, 0x18) 09:48:23 executing program 1: [ 130.791077] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.818516] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 130.826704] team0: Port device team_slave_1 added [ 130.840254] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 130.850804] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 130.856875] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.864113] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 130.871324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 130.879280] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 130.890849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 130.901200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 130.908076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 130.915265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 130.923488] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 130.932707] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 130.942627] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 130.960421] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 130.969852] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 130.978701] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 130.991039] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 131.014113] device hsr_slave_0 entered promiscuous mode [ 131.051933] device hsr_slave_1 entered promiscuous mode [ 131.090528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 131.098230] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 131.105795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.114369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.121952] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.128461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.135586] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 131.142633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 131.151753] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 131.161078] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 131.168286] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 131.175769] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 131.183448] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.196211] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 131.205273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 131.213158] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.220982] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 131.228344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 131.236175] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.244196] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.251814] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.258141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.276127] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 131.286904] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 131.298286] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 131.306556] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 131.316721] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 131.324491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 131.333580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 131.347043] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 131.359553] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 131.366134] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 131.375037] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 131.389532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 131.397242] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 131.405410] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 131.414928] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 131.424438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 131.437092] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.447935] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 131.463317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 131.471465] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 131.481621] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 131.489270] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready 09:48:24 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xfffffffffffffff7, 0x84, 0x0, 0x0, 0x0, 0x7, 0x100, 0x0, 0xfe, 0x0, 0xb24c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1807, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x9, 0x100000001, 0x1, 0x401, 0x0, 0x3, 0x0, 0x3, 0x4, 0x0, 0x7, 0x0, @perf_bp, 0x8000, 0x2, 0x3}, 0x0, 0x3, r0, 0x3) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/ptype\x00\xcc\xf8V\xfe~\xdc\x94\x8e\xf06Ff\x00\xab\xa5\xd6\xeaY\xc8\xb5F\xfa\xa1\xd2\xc4*,ZT') preadv(r1, &(0x7f00000017c0), 0x1b4, 0x500000000000000) 09:48:24 executing program 1: [ 131.507851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 131.521152] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 131.529755] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 131.539952] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 131.566321] 8021q: adding VLAN 0 to HW filter on device bond0 [ 131.585343] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.603656] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 131.627612] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 131.645919] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 131.656135] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 131.663252] 8021q: adding VLAN 0 to HW filter on device team0 [ 131.670893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 131.677717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 131.690451] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 131.699275] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.711731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.724084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.732200] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.738561] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.746129] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 131.754771] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 131.765263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.774960] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.782999] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.789333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.798488] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 131.809548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 131.819526] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 131.829768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 131.846197] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 131.867867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 131.875702] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 131.884024] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 131.893650] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 131.900741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 131.908424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.918960] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 131.926859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 131.934760] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 131.944325] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 131.951570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 131.958974] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 131.968127] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 131.974678] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 131.985826] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 131.995664] 8021q: adding VLAN 0 to HW filter on device batadv0 09:48:25 executing program 2: 09:48:25 executing program 0: 09:48:26 executing program 4: 09:48:26 executing program 1: 09:48:26 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xfffffffffffffff7, 0x84, 0x0, 0x0, 0x0, 0x7, 0x100, 0x0, 0xfe, 0x0, 0xb24c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1807, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x9, 0x100000001, 0x1, 0x401, 0x0, 0x3, 0x0, 0x3, 0x4, 0x0, 0x7, 0x0, @perf_bp, 0x8000, 0x2, 0x3}, 0x0, 0x3, r0, 0x3) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/ptype\x00\xcc\xf8V\xfe~\xdc\x94\x8e\xf06Ff\x00\xab\xa5\xd6\xeaY\xc8\xb5F\xfa\xa1\xd2\xc4*,ZT') preadv(r1, &(0x7f00000017c0), 0x1b4, 0x500000000000000) 09:48:26 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100002000dcd8384a968b86be9084baa5b5db0700000068000a0100000000"], 0x2a) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/99, 0x23}, {&(0x7f00000000c0)=""/223, 0xdf}], 0x2) 09:48:26 executing program 0: 09:48:26 executing program 2: [ 133.264710] netlink: 188 bytes leftover after parsing attributes in process `syz-executor.4'. [ 133.276096] netlink: 188 bytes leftover after parsing attributes in process `syz-executor.4'. 09:48:26 executing program 2: clone(0x80210a001ff1, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 09:48:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={[], [], @local}}, 0x1c) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0xbb8) 09:48:26 executing program 0: r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0) r1 = socket$kcm(0x29, 0x5, 0x0) socketpair(0x0, 0x6, 0x7, &(0x7f0000002c00)) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002c40)='cpuset.effective_mems\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000002c80)={0xffffffffffffffff, r2}) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000740)={0xffffffffffffffff, r2, 0x15}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000640)='./cgroup\x00', 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0x13, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x4c, 0x7}}, &(0x7f0000014ff5)='syzka\x00\x00\x00\x05\x00\xf3', 0x2, 0x1000, &(0x7f0000014000)=""/4096}, 0x48) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000540)='/dev/net/tun\x00', 0x10000, 0x0) ioctl$TUNGETFILTER(r4, 0x801054db, &(0x7f0000000680)=""/104) r5 = socket$kcm(0x11, 0x6, 0x0) openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) r6 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r6}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x10, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x67}}, &(0x7f0000000340)='syzkaller\x00', 0x5, 0x338, &(0x7f000000cf3d)=""/195}, 0x48) socket$kcm(0xa, 0x1, 0x0) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) recvmsg$kcm(r5, 0x0, 0x100) socketpair(0x1a, 0x803, 0x8, &(0x7f0000000700)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x1ff) close(r7) 09:48:26 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100002000dcd8384a968b86be9084baa5b5db0700000068000a0100000000"], 0x2a) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/99, 0x23}, {&(0x7f00000000c0)=""/223, 0xdf}], 0x2) 09:48:26 executing program 2: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$vfio(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x511, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) connect$llc(r0, &(0x7f0000000380)={0x1a, 0x1, 0x0, 0x5, 0x0, 0x0, @local}, 0x10) 09:48:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0xbb8) 09:48:26 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x2da8020000100000, 0x500001c) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="ab3757b6c23389f63a1afbd3f03dc5ec9bacdc54887242b6cd9aed49a59529113f0b4b0bcfebaef28e65e64d3ad9f56fb6395a0051f1b1799eed12c2b5130bf8c738f15968c8f6529592062d1914"], 0x200600) 09:48:26 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100002000dcd8384a968b86be9084baa5b5db0700000068000a0100000000"], 0x2a) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/99, 0x23}, {&(0x7f00000000c0)=""/223, 0xdf}], 0x2) [ 133.440029] hrtimer: interrupt took 27154 ns 09:48:26 executing program 2: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$vfio(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x511, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) connect$llc(r0, &(0x7f0000000380)={0x1a, 0x1, 0x0, 0x5, 0x0, 0x0, @local}, 0x10) 09:48:26 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xfffffffffffffdc6, 0x20000004, &(0x7f0000000280)={0xa, 0x4e22}, 0x1c) bind$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, 0x0, 0x0) listen(0xffffffffffffffff, 0x80) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, 0x0, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) write(r1, 0x0, 0x0) recvfrom$inet6(r1, &(0x7f0000001840)=""/31, 0xfffffe0e, 0x100, &(0x7f0000001880), 0x3c8) shutdown(r0, 0x1) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000140)={'lo\x00\x00\x00$\x00\x00\x00\x00\x00\x00\b\x00\x00\x11', 0xff}) r6 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet6(r6, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) 09:48:26 executing program 0: wait4(0x0, 0x0, 0x0, 0x0) tkill(0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xb, 0x6, 0x209e1e, 0x3, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000b40)={r0, &(0x7f0000000300), &(0x7f0000000340)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r0, &(0x7f0000000240), &(0x7f0000000040)=""/89}, 0x18) 09:48:26 executing program 4: r0 = socket$kcm(0x2b, 0x4000000000000001, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x2, 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="2b201000", @ANYRES32], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 133.548018] audit: type=1804 audit(1568886506.696:39): pid=7052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir348755741/syzkaller.NYZrzS/3/memory.events" dev="sda1" ino=16528 res=1 09:48:26 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100002000dcd8384a968b86be9084baa5b5db0700000068000a0100000000"], 0x2a) 09:48:26 executing program 4: r0 = socket$kcm(0x2b, 0x4000000000000001, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x2, 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="2b201000", @ANYRES32], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 133.650165] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 09:48:26 executing program 2: syz_mount_image$iso9660(&(0x7f0000000040)='iso9660\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='dmode=0x0000000000000001,sbsector=0x0000000000000008,mode=0']) 09:48:26 executing program 3: write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100002000dcd8384a968b86be9084baa5b5db0700000068000a0100000000"], 0x2a) 09:48:26 executing program 4: r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SCALLUSERDATA(r0, 0x89e5, &(0x7f0000000140)={0x0, "196b4bc124573d8a213546169623a2fb2cea22d4c89e774947813071a356f1620820b417814c558899d01d65beed414c33ab6183b3a5a5ee858cd7563d0f0665bee111d431299ee012b1b5d1d4792062af774bdec71d04892c8450683b04ce5a8a5625e9397fe3b8d4d8b7a3ba80a034a240df3a718873dd31b7c3754fa2d377"}) 09:48:26 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) unshare(0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r0, 0x8991, &(0x7f00000000c0)={'bond0\x00\x16\b\xea\xff\xff\x80\x00\x06\x02\xff', @ifru_names='bond_slave_1\x00t\x00'}) ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000240)={'bond0\x00\xe1\x03\f\x00!!\x00\x01\x00\x01', @ifru_names='bond_slave_1\x00\x00\x00\b'}) [ 133.779014] audit: type=1804 audit(1568886506.926:40): pid=7088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir348755741/syzkaller.NYZrzS/3/memory.events" dev="sda1" ino=16528 res=1 09:48:27 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x2da8020000100000, 0x500001c) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="ab3757b6c23389f63a1afbd3f03dc5ec9bacdc54887242b6cd9aed49a59529113f0b4b0bcfebaef28e65e64d3ad9f56fb6395a0051f1b1799eed12c2b5130bf8c738f15968c8f6529592062d1914"], 0x200600) 09:48:27 executing program 4: connect$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0x10, 0x80003, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="5500000018007fafb72d1cb2a4a280930206430200a843090626274d040016001500154004004c00007aa3c728f1c46b7b31afdc1338d54400009b84136ef75afb6cde448daa7227c43ab8620000bf0cec6bab91d4", 0x55}], 0x1}, 0x0) [ 133.839841] ISOFS: Unable to identify CD-ROM format. [ 133.859866] bond0: Releasing backup interface bond_slave_1 09:48:27 executing program 3: write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100002000dcd8384a968b86be9084baa5b5db0700000068000a0100000000"], 0x2a) [ 133.872344] audit: type=1400 audit(1568886506.976:41): avc: denied { create } for pid=7093 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 133.943870] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 133.981578] ISOFS: Unable to identify CD-ROM format. [ 133.994514] bond0: Releasing backup interface bond_slave_1 [ 134.014747] audit: type=1400 audit(1568886506.986:42): avc: denied { ioctl } for pid=7093 comm="syz-executor.0" path="socket:[27716]" dev="sockfs" ino=27716 ioctlcmd=0x8991 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 134.045437] audit: type=1804 audit(1568886507.106:43): pid=7105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir348755741/syzkaller.NYZrzS/4/memory.events" dev="sda1" ino=16532 res=1 [ 134.083090] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 134.420147] ================================================================== [ 134.427730] BUG: KASAN: use-after-free in tcp_ack+0x414f/0x4760 [ 134.433779] Read of size 4 at addr ffff8880a0b917ec by task syz-executor.1/7064 [ 134.441227] [ 134.442839] CPU: 0 PID: 7064 Comm: syz-executor.1 Not tainted 4.14.145 #0 [ 134.449757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 134.459090] Call Trace: [ 134.461693] [ 134.463829] dump_stack+0x138/0x197 [ 134.467458] ? tcp_ack+0x414f/0x4760 [ 134.471155] print_address_description.cold+0x7c/0x1dc [ 134.476424] ? tcp_ack+0x414f/0x4760 [ 134.480119] kasan_report.cold+0xa9/0x2af [ 134.484249] __asan_report_load4_noabort+0x14/0x20 [ 134.489157] tcp_ack+0x414f/0x4760 [ 134.492676] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 134.497760] ? trace_hardirqs_on+0x10/0x10 [ 134.501977] ? tcp_fastretrans_alert+0x2620/0x2620 [ 134.506893] ? lock_downgrade+0x6e0/0x6e0 [ 134.511034] tcp_rcv_established+0x3e9/0x1650 [ 134.515519] ? trace_hardirqs_on+0xd/0x10 [ 134.519652] ? save_trace+0x290/0x290 [ 134.523432] ? tcp_data_queue+0x3730/0x3730 [ 134.527737] tcp_v6_do_rcv+0x417/0x1190 [ 134.531706] tcp_v6_rcv+0x2446/0x2ed0 [ 134.535483] ? save_trace+0x290/0x290 [ 134.539273] ip6_input_finish+0x300/0x15a0 [ 134.543492] ip6_input+0xd5/0x340 [ 134.546924] ? ip6_input_finish+0x15a0/0x15a0 [ 134.551410] ? ipv6_rcv+0x16aa/0x1d20 [ 134.555239] ? ip6_rcv_finish+0x7a0/0x7a0 [ 134.559369] ip6_rcv_finish+0x23f/0x7a0 [ 134.563323] ipv6_rcv+0xe4d/0x1d20 [ 134.566840] ? put_prev_task_stop+0x348/0x400 [ 134.571315] ? ip6_input+0x340/0x340 [ 134.575008] ? __lock_is_held+0xb6/0x140 [ 134.579138] ? check_preemption_disabled+0x3c/0x250 [ 134.584139] ? ip6_make_skb+0x410/0x410 [ 134.588280] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 134.593706] ? ip6_input+0x340/0x340 [ 134.598097] __netif_receive_skb_core+0x1eae/0x2ca0 [ 134.603090] ? trace_hardirqs_on+0x10/0x10 [ 134.607317] ? enqueue_to_backlog+0xcc0/0xcc0 [ 134.611804] ? process_backlog+0x43e/0x730 [ 134.616021] ? lock_acquire+0x16f/0x430 [ 134.619991] __netif_receive_skb+0x2c/0x1b0 [ 134.624292] ? __netif_receive_skb+0x2c/0x1b0 [ 134.628766] process_backlog+0x21f/0x730 [ 134.632806] ? mark_held_locks+0xb1/0x100 [ 134.636933] net_rx_action+0x490/0xf80 [ 134.640889] ? napi_complete_done+0x4f0/0x4f0 [ 134.645363] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 134.650808] __do_softirq+0x244/0x9a0 [ 134.654591] ? ip6_finish_output2+0x9c0/0x21b0 [ 134.659152] do_softirq_own_stack+0x2a/0x40 [ 134.663460] [ 134.665678] do_softirq.part.0+0x10e/0x160 [ 134.669902] __local_bh_enable_ip+0x154/0x1a0 [ 134.674401] ip6_finish_output2+0x9f3/0x21b0 [ 134.678792] ? ip6_forward_finish+0x480/0x480 [ 134.683270] ? __lock_is_held+0xb6/0x140 [ 134.687343] ? check_preemption_disabled+0x3c/0x250 [ 134.692340] ip6_finish_output+0x4f4/0xb50 [ 134.696637] ? ip6_finish_output+0x4f4/0xb50 [ 134.701032] ip6_output+0x20f/0x6d0 [ 134.704637] ? ip6_finish_output+0xb50/0xb50 [ 134.709043] ? __lock_is_held+0xb6/0x140 [ 134.713085] ? check_preemption_disabled+0x3c/0x250 [ 134.718183] ? ip6_fragment+0x32c0/0x32c0 [ 134.722311] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 134.727739] ip6_xmit+0xd53/0x1eb0 [ 134.731265] ? ip6_finish_output2+0x21b0/0x21b0 [ 134.735911] ? ip6_dst_check+0x86/0x2c0 [ 134.739958] ? save_trace+0x290/0x290 [ 134.743769] ? ip6_append_data+0x2f0/0x2f0 [ 134.747987] ? __lock_is_held+0xb6/0x140 [ 134.752037] ? check_preemption_disabled+0x3c/0x250 [ 134.757034] inet6_csk_xmit+0x286/0x4d0 [ 134.761004] ? inet6_csk_update_pmtu+0x140/0x140 [ 134.765739] ? tcp_md5_do_lookup+0x1d3/0x530 [ 134.770132] __tcp_transmit_skb+0x172c/0x2fe0 [ 134.774629] ? __tcp_select_window+0x6e0/0x6e0 [ 134.779191] ? kvm_clock_read+0x23/0x40 [ 134.783159] ? sched_clock_cpu+0x1b/0x1c0 [ 134.787303] ? tcp_small_queue_check+0x184/0x1e0 [ 134.792039] tcp_write_xmit+0x523/0x4960 [ 134.796081] ? tcp_v6_md5_lookup+0x23/0x30 [ 134.800293] ? tcp_established_options+0x2c5/0x420 [ 134.805214] ? tcp_current_mss+0x101/0x2f0 [ 134.809432] __tcp_push_pending_frames+0xa6/0x260 [ 134.814254] tcp_send_fin+0x17e/0xc40 [ 134.818035] tcp_close+0xcc8/0xfb0 [ 134.821569] ? lock_acquire+0x16f/0x430 [ 134.825523] ? ip_mc_drop_socket+0x1d6/0x230 [ 134.829911] inet_release+0xec/0x1c0 [ 134.833612] inet6_release+0x53/0x80 [ 134.837320] __sock_release+0xce/0x2b0 [ 134.841192] ? __sock_release+0x2b0/0x2b0 [ 134.845341] sock_close+0x1b/0x30 [ 134.848777] __fput+0x275/0x7a0 [ 134.852038] ____fput+0x16/0x20 [ 134.855298] task_work_run+0x114/0x190 [ 134.859172] exit_to_usermode_loop+0x1da/0x220 [ 134.863731] do_syscall_64+0x4bc/0x640 [ 134.867607] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 134.872447] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 134.877615] RIP: 0033:0x4135d1 [ 134.880796] RSP: 002b:00007ffcdccdf050 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 134.888568] RAX: 0000000000000000 RBX: 000000000000000a RCX: 00000000004135d1 [ 134.895818] RDX: 0000000000000000 RSI: 00000000000009a7 RDI: 0000000000000009 [ 134.903066] RBP: 0000000000000001 R08: 00000000e64469a7 R09: 00000000e64469ab [ 134.910421] R10: 00007ffcdccdf130 R11: 0000000000000293 R12: 000000000075c9a0 [ 134.917672] R13: 000000000075c9a0 R14: 00000000007610f0 R15: 000000000075c07c [ 134.924939] [ 134.926567] Allocated by task 7072: [ 134.930187] save_stack_trace+0x16/0x20 [ 134.934146] save_stack+0x45/0xd0 [ 134.937586] kasan_kmalloc+0xce/0xf0 [ 134.941277] kasan_slab_alloc+0xf/0x20 [ 134.945255] kmem_cache_alloc_node+0x144/0x780 [ 134.949816] __alloc_skb+0x9c/0x500 [ 134.953423] sk_stream_alloc_skb+0xb3/0x780 [ 134.957732] tcp_sendmsg_locked+0xf61/0x3200 [ 134.962132] tcp_sendmsg+0x30/0x50 [ 134.965658] inet_sendmsg+0x122/0x500 [ 134.969533] sock_sendmsg+0xce/0x110 [ 134.973223] SYSC_sendto+0x206/0x310 [ 134.976917] SyS_sendto+0x40/0x50 [ 134.980441] do_syscall_64+0x1e8/0x640 [ 134.984345] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 134.989510] [ 134.991113] Freed by task 7072: [ 134.994373] save_stack_trace+0x16/0x20 [ 134.998325] save_stack+0x45/0xd0 [ 135.001783] kasan_slab_free+0x75/0xc0 [ 135.005655] kmem_cache_free+0x83/0x2b0 [ 135.009604] kfree_skbmem+0x8d/0x120 [ 135.013422] __kfree_skb+0x1e/0x30 [ 135.016951] tcp_remove_empty_skb.part.0+0x231/0x2e0 [ 135.022038] tcp_sendmsg_locked+0x1ced/0x3200 [ 135.026513] tcp_sendmsg+0x30/0x50 [ 135.030038] inet_sendmsg+0x122/0x500 [ 135.033872] sock_sendmsg+0xce/0x110 [ 135.037605] SYSC_sendto+0x206/0x310 [ 135.041296] SyS_sendto+0x40/0x50 [ 135.044753] do_syscall_64+0x1e8/0x640 [ 135.048619] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 135.053794] [ 135.055401] The buggy address belongs to the object at ffff8880a0b917c0 [ 135.055401] which belongs to the cache skbuff_fclone_cache of size 472 [ 135.068728] The buggy address is located 44 bytes inside of [ 135.068728] 472-byte region [ffff8880a0b917c0, ffff8880a0b91998) [ 135.080494] The buggy address belongs to the page: [ 135.085405] page:ffffea000282e440 count:1 mapcount:0 mapping:ffff8880a0b91040 index:0x0 [ 135.093525] flags: 0x1fffc0000000100(slab) [ 135.097913] raw: 01fffc0000000100 ffff8880a0b91040 0000000000000000 0000000100000006 [ 135.105771] raw: ffffea00024e0020 ffffea00024ab220 ffff8880a9e10a80 0000000000000000 [ 135.113635] page dumped because: kasan: bad access detected [ 135.119322] [ 135.120929] Memory state around the buggy address: [ 135.125834] ffff8880a0b91680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 135.133180] ffff8880a0b91700: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 135.140527] >ffff8880a0b91780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 135.147874] ^ [ 135.154603] ffff8880a0b91800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 135.161946] ffff8880a0b91880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 135.169391] ================================================================== [ 135.176753] Disabling lock debugging due to kernel taint [ 135.182245] Kernel panic - not syncing: panic_on_warn set ... [ 135.182245] [ 135.189698] CPU: 0 PID: 7064 Comm: syz-executor.1 Tainted: G B 4.14.145 #0 [ 135.197898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 135.207277] Call Trace: [ 135.209944] [ 135.212091] dump_stack+0x138/0x197 [ 135.215703] ? tcp_ack+0x414f/0x4760 [ 135.219459] panic+0x1f2/0x426 [ 135.222634] ? add_taint.cold+0x16/0x16 [ 135.226594] kasan_end_report+0x47/0x4f [ 135.230547] kasan_report.cold+0x130/0x2af [ 135.234809] __asan_report_load4_noabort+0x14/0x20 [ 135.239715] tcp_ack+0x414f/0x4760 [ 135.243233] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 135.248327] ? trace_hardirqs_on+0x10/0x10 [ 135.252543] ? tcp_fastretrans_alert+0x2620/0x2620 [ 135.257480] ? lock_downgrade+0x6e0/0x6e0 [ 135.261607] tcp_rcv_established+0x3e9/0x1650 [ 135.266091] ? trace_hardirqs_on+0xd/0x10 [ 135.270217] ? save_trace+0x290/0x290 [ 135.273995] ? tcp_data_queue+0x3730/0x3730 [ 135.278327] tcp_v6_do_rcv+0x417/0x1190 [ 135.282288] tcp_v6_rcv+0x2446/0x2ed0 [ 135.286066] ? save_trace+0x290/0x290 [ 135.289849] ip6_input_finish+0x300/0x15a0 [ 135.294064] ip6_input+0xd5/0x340 [ 135.297495] ? ip6_input_finish+0x15a0/0x15a0 [ 135.301976] ? ipv6_rcv+0x16aa/0x1d20 [ 135.305753] ? ip6_rcv_finish+0x7a0/0x7a0 [ 135.309887] ip6_rcv_finish+0x23f/0x7a0 [ 135.313841] ipv6_rcv+0xe4d/0x1d20 [ 135.317367] ? put_prev_task_stop+0x348/0x400 [ 135.321845] ? ip6_input+0x340/0x340 [ 135.325537] ? __lock_is_held+0xb6/0x140 [ 135.329580] ? check_preemption_disabled+0x3c/0x250 [ 135.334573] ? ip6_make_skb+0x410/0x410 [ 135.338961] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 135.344395] ? ip6_input+0x340/0x340 [ 135.348109] __netif_receive_skb_core+0x1eae/0x2ca0 [ 135.353103] ? trace_hardirqs_on+0x10/0x10 [ 135.357323] ? enqueue_to_backlog+0xcc0/0xcc0 [ 135.361881] ? process_backlog+0x43e/0x730 [ 135.366095] ? lock_acquire+0x16f/0x430 [ 135.370048] __netif_receive_skb+0x2c/0x1b0 [ 135.374349] ? __netif_receive_skb+0x2c/0x1b0 [ 135.378833] process_backlog+0x21f/0x730 [ 135.382871] ? mark_held_locks+0xb1/0x100 [ 135.386998] net_rx_action+0x490/0xf80 [ 135.390863] ? napi_complete_done+0x4f0/0x4f0 [ 135.395334] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 135.400763] __do_softirq+0x244/0x9a0 [ 135.404545] ? ip6_finish_output2+0x9c0/0x21b0 [ 135.409104] do_softirq_own_stack+0x2a/0x40 [ 135.413425] [ 135.415657] do_softirq.part.0+0x10e/0x160 [ 135.419882] __local_bh_enable_ip+0x154/0x1a0 [ 135.424372] ip6_finish_output2+0x9f3/0x21b0 [ 135.428762] ? ip6_forward_finish+0x480/0x480 [ 135.433236] ? __lock_is_held+0xb6/0x140 [ 135.437275] ? check_preemption_disabled+0x3c/0x250 [ 135.442280] ip6_finish_output+0x4f4/0xb50 [ 135.446489] ? ip6_finish_output+0x4f4/0xb50 [ 135.450875] ip6_output+0x20f/0x6d0 [ 135.454479] ? ip6_finish_output+0xb50/0xb50 [ 135.458874] ? __lock_is_held+0xb6/0x140 [ 135.462912] ? check_preemption_disabled+0x3c/0x250 [ 135.467949] ? ip6_fragment+0x32c0/0x32c0 [ 135.472094] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 135.477524] ip6_xmit+0xd53/0x1eb0 [ 135.481052] ? ip6_finish_output2+0x21b0/0x21b0 [ 135.485700] ? ip6_dst_check+0x86/0x2c0 [ 135.489654] ? save_trace+0x290/0x290 [ 135.493434] ? ip6_append_data+0x2f0/0x2f0 [ 135.497646] ? __lock_is_held+0xb6/0x140 [ 135.501684] ? check_preemption_disabled+0x3c/0x250 [ 135.506691] inet6_csk_xmit+0x286/0x4d0 [ 135.510644] ? inet6_csk_update_pmtu+0x140/0x140 [ 135.515386] ? tcp_md5_do_lookup+0x1d3/0x530 [ 135.519777] __tcp_transmit_skb+0x172c/0x2fe0 [ 135.524251] ? __tcp_select_window+0x6e0/0x6e0 [ 135.528812] ? kvm_clock_read+0x23/0x40 [ 135.532764] ? sched_clock_cpu+0x1b/0x1c0 [ 135.536891] ? tcp_small_queue_check+0x184/0x1e0 [ 135.541627] tcp_write_xmit+0x523/0x4960 [ 135.545665] ? tcp_v6_md5_lookup+0x23/0x30 [ 135.549889] ? tcp_established_options+0x2c5/0x420 [ 135.554794] ? tcp_current_mss+0x101/0x2f0 [ 135.559004] __tcp_push_pending_frames+0xa6/0x260 [ 135.563847] tcp_send_fin+0x17e/0xc40 [ 135.567627] tcp_close+0xcc8/0xfb0 [ 135.571143] ? lock_acquire+0x16f/0x430 [ 135.575103] ? ip_mc_drop_socket+0x1d6/0x230 [ 135.579576] inet_release+0xec/0x1c0 [ 135.583272] inet6_release+0x53/0x80 [ 135.587010] __sock_release+0xce/0x2b0 [ 135.590888] ? __sock_release+0x2b0/0x2b0 [ 135.595014] sock_close+0x1b/0x30 [ 135.598602] __fput+0x275/0x7a0 [ 135.601868] ____fput+0x16/0x20 [ 135.605126] task_work_run+0x114/0x190 [ 135.608992] exit_to_usermode_loop+0x1da/0x220 [ 135.613595] do_syscall_64+0x4bc/0x640 [ 135.617572] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 135.622396] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 135.627563] RIP: 0033:0x4135d1 [ 135.630842] RSP: 002b:00007ffcdccdf050 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 135.638528] RAX: 0000000000000000 RBX: 000000000000000a RCX: 00000000004135d1 [ 135.645783] RDX: 0000000000000000 RSI: 00000000000009a7 RDI: 0000000000000009 [ 135.653034] RBP: 0000000000000001 R08: 00000000e64469a7 R09: 00000000e64469ab [ 135.660283] R10: 00007ffcdccdf130 R11: 0000000000000293 R12: 000000000075c9a0 [ 135.667529] R13: 000000000075c9a0 R14: 00000000007610f0 R15: 000000000075c07c [ 135.676272] Kernel Offset: disabled [ 135.679892] Rebooting in 86400 seconds..