[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 44.821750] random: sshd: uninitialized urandom read (32 bytes read) [ 45.300776] kauditd_printk_skb: 9 callbacks suppressed [ 45.300784] audit: type=1400 audit(1568860358.848:35): avc: denied { map } for pid=6851 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 45.346425] random: sshd: uninitialized urandom read (32 bytes read) [ 45.992810] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.11' (ECDSA) to the list of known hosts. [ 51.459518] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/19 02:32:45 fuzzer started [ 51.647151] audit: type=1400 audit(1568860365.188:36): avc: denied { map } for pid=6861 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 52.377001] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/19 02:32:46 dialing manager at 10.128.0.105:45739 2019/09/19 02:32:47 syscalls: 2466 2019/09/19 02:32:47 code coverage: enabled 2019/09/19 02:32:47 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/19 02:32:47 extra coverage: extra coverage is not supported by the kernel 2019/09/19 02:32:47 setuid sandbox: enabled 2019/09/19 02:32:47 namespace sandbox: enabled 2019/09/19 02:32:47 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/19 02:32:47 fault injection: enabled 2019/09/19 02:32:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/19 02:32:47 net packet injection: enabled 2019/09/19 02:32:47 net device setup: enabled [ 54.292428] random: crng init done 02:34:13 executing program 5: clone(0x200, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = gettid() clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) kcmp(r1, r1, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$setopts(0x4206, r1, 0x0, 0x0) 02:34:13 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @empty, [{}], {@ipv6={0x86dd, {0x0, 0x6, "8c3d5d", 0x14, 0x5c, 0x0, @rand_addr="fdc4af60db6c115641e84c443a15a87e", @remote, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 02:34:13 executing program 3: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x1) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) io_cancel(0x0, 0x0, 0x0) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) modify_ldt$write2(0x11, &(0x7f00000000c0)={0x4, 0x0, 0x2000, 0xfffffffffffffffe, 0x0, 0x0, 0x100, 0x0, 0x0, 0x2}, 0x10) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x101000, 0x0) prctl$PR_GET_NAME(0x10, 0x0) write$P9_RWALK(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8) mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0, 0x28812, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, r3) ioctl$TIOCLINUX4(0xffffffffffffffff, 0x541c, &(0x7f0000000a40)) recvmmsg(0xffffffffffffffff, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000280)=""/116, 0x74}], 0x2, &(0x7f0000000300)=""/44, 0x2c}, 0x8}], 0x1, 0x0, 0x0) ioctl$TUNSETVNETBE(r1, 0x400454de, &(0x7f0000000100)) ioctl$LOOP_CTL_REMOVE(r2, 0x4c80, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x210007fd, 0x0, 0x0) 02:34:13 executing program 1: sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2e00000023008163e45ae08700000000060f0ec0000000bc4cc91b4dd65b2f0580cb7023f52a556d1cd4f1cbf90a", 0x2e}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 02:34:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_XSAVE(r2, 0x5000aea5, &(0x7f0000000300)={"8b5914c7bbee10ff7484f5e19283dbd78fe4d287de8b6b58fbdbf50e1303ec1ebc9dc52c54e0f3f136929748c184682c8a1d9db5aafb569246538213dadaf3c4321b6c11feb8b630230b7ca6df6b2e2e9d76ccc92a8416b6b66e8d2dcda8a8ea106c103d9d4817add5f75c09bdd79bccb087592484d548dd140ccd48eec674a48818c9fcd454663d2283c100d2604e14b27943701bdf304ba4ce887a3276612b6dbcb7fb37fa1cbd9b3f114d52adbdd82390177d27a6ddec6b1fdd1eedad0d69b884224a1b7391833c8717bb0797c217056cd7010a701fdc164c4dcd0c512aa6d5f4682d1a472382a85a7c95549fb7308273ce5c3168302878c56ae7d555727d4acc1d25817f8001cb2aba0d95420f8678cebfd54e0198cdbeba49484f2c898f62e2bb518e3cb3949aeee38b741785a09bd565662918f8a4043811cdd4e8d54049366b13759eff9f7093c639c1c26774d8d9cf631b75f7562cbced8e730b5ce7e599ed157a1e7bd7e2376d605ed3d1b7a68c6304a913f4cb205da6e931978dfd63d21372bf036c7886fcf701e8d8f376c35f77c305a6b8726d3594776ab1556ae506bf0102a4e7fecf8af476c010e3f020a377c77a444f4101ebb0a45804db57f6309c3786843e98411dda4d626e948620f998789f77385f1bb8bf8c08983fa570119dd791f208ac058799bfbc27d8762651f5d405e7e57fa80fbf5d7cabaa2c220a2a840a503b4befcdbefa953e9be4294f213794ed5b8ab4fd570f2be7fdc21d614415f4efdbbedb7ccce8a31a80e288e02ad90613e18a58ffafa1e4037ce7132b4ff5bc6148894757be31b722eae8372ef8c6b288b1680cc1801b11c1f9f3cdeda08a512c756cdb229d7f124fe3eccbb720cba0e67776b2d74680634bf18e556cb9b7e49c042a5eb7a6686e9ac4171a0087be6e1695b3cb090fd1dcdb9d25922f70757bbcd6dc7de9dc73e298e0f2e1b2d0e985185b9d6c5db7c21e68faf35d31e1140f91f125395ef46e7cf3d08cde5055200ccf6253a40f66c913d6121c9feaf56ccc06b55be2ddb991ec57adf21eb481b8b6c23dad7b8e02cb351d534633de4d2ccf22a481beba5c110b3a83cebd3a87522ae73ca76bccebaca8a3a854694c993daa26709811ccb95ea6eeff022ff5624e8614ccf20b294ad93acec156d7f00e452129958ae5d59504419b33fe5be188805eed89c04eb23e948629a035b455547945328a7d92c6cf155e214772c18dc3ef8ceaf93326246aedab9cde45cf8609af08537b12659663ba97e9eb8d63bad3e3cfdc4108626f857a5143db0d4d8614fc5c6db506469243d193435076ff61928ceb721302986b774f7f3f80c58ccec74b0800ef3ed5d9bd1695f020a180c1358a28045d1283e048260509f1345ef2c214247947e94f9b114fa2064cd57c16aefb12857822917654234342c193"}) 02:34:13 executing program 4: clone(0x200, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = gettid() clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) kcmp(r1, r1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$setopts(0x4206, r1, 0x0, 0x0) [ 139.491938] audit: type=1400 audit(1568860453.038:37): avc: denied { map } for pid=6861 comm="syz-fuzzer" path="/root/syzkaller-shm133591999" dev="sda1" ino=2233 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 139.590104] audit: type=1400 audit(1568860453.048:38): avc: denied { map } for pid=6879 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 139.691994] IPVS: ftp: loaded support on port[0] = 21 [ 140.448616] IPVS: ftp: loaded support on port[0] = 21 [ 140.497181] chnl_net:caif_netlink_parms(): no params data found [ 140.524383] IPVS: ftp: loaded support on port[0] = 21 [ 140.547587] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.554491] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.561617] device bridge_slave_0 entered promiscuous mode [ 140.570714] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.577372] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.585194] device bridge_slave_1 entered promiscuous mode [ 140.634762] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 140.645616] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 140.667606] chnl_net:caif_netlink_parms(): no params data found [ 140.681759] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 140.688971] team0: Port device team_slave_0 added [ 140.705168] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 140.712309] team0: Port device team_slave_1 added [ 140.718542] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 140.726710] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 140.751605] IPVS: ftp: loaded support on port[0] = 21 [ 140.812641] device hsr_slave_0 entered promiscuous mode [ 140.880320] device hsr_slave_1 entered promiscuous mode [ 140.952694] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.959649] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.967178] device bridge_slave_0 entered promiscuous mode [ 140.984216] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 140.991157] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.997501] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.004531] device bridge_slave_1 entered promiscuous mode [ 141.022195] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 141.065093] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 141.082140] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 141.092836] chnl_net:caif_netlink_parms(): no params data found [ 141.100524] IPVS: ftp: loaded support on port[0] = 21 [ 141.134026] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.140920] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.147714] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.154099] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.163955] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 141.171226] team0: Port device team_slave_0 added [ 141.215456] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 141.223183] team0: Port device team_slave_1 added [ 141.229109] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 141.259132] chnl_net:caif_netlink_parms(): no params data found [ 141.276867] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 141.363306] device hsr_slave_0 entered promiscuous mode [ 141.400472] device hsr_slave_1 entered promiscuous mode [ 141.450338] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.457765] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.466914] device bridge_slave_0 entered promiscuous mode [ 141.493122] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 141.499805] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.507020] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.513995] device bridge_slave_0 entered promiscuous mode [ 141.529407] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.529982] IPVS: ftp: loaded support on port[0] = 21 [ 141.536098] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.548257] device bridge_slave_1 entered promiscuous mode [ 141.555725] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.562760] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.571521] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.577873] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.585946] device bridge_slave_1 entered promiscuous mode [ 141.592476] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 141.629679] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 141.639194] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 141.661538] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 141.676256] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 141.683775] team0: Port device team_slave_0 added [ 141.690519] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 141.697523] team0: Port device team_slave_1 added [ 141.710747] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 141.728026] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 141.735575] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 141.754878] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 141.762954] team0: Port device team_slave_0 added [ 141.813610] chnl_net:caif_netlink_parms(): no params data found [ 141.825205] 8021q: adding VLAN 0 to HW filter on device bond0 [ 141.831636] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 141.838674] team0: Port device team_slave_1 added [ 141.844749] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 141.852060] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 141.913259] device hsr_slave_0 entered promiscuous mode [ 141.950498] device hsr_slave_1 entered promiscuous mode [ 142.001815] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 142.013597] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 142.028495] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 142.082292] device hsr_slave_0 entered promiscuous mode [ 142.140378] device hsr_slave_1 entered promiscuous mode [ 142.181179] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 142.187563] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 142.194693] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 142.230512] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 142.240739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 142.248007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 142.284677] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 142.293312] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 142.299492] 8021q: adding VLAN 0 to HW filter on device team0 [ 142.314071] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.320957] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.327893] device bridge_slave_0 entered promiscuous mode [ 142.362970] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.369331] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.376343] device bridge_slave_1 entered promiscuous mode [ 142.382990] chnl_net:caif_netlink_parms(): no params data found [ 142.397055] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.404116] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 142.425831] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 142.448595] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 142.457002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 142.465188] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 142.473055] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.479384] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.488446] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 142.498096] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 142.508823] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 142.521258] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 142.527329] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.533870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 142.543524] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 142.551775] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.558109] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.566981] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 142.587039] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 142.595248] team0: Port device team_slave_0 added [ 142.602306] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 142.608676] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 142.616814] team0: Port device team_slave_1 added [ 142.623572] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 142.631282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 142.647879] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 142.656952] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 142.666033] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 142.674336] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 142.681357] 8021q: adding VLAN 0 to HW filter on device team0 [ 142.687984] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 142.696068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 142.703530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 142.722810] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 142.728991] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.735443] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.743380] device bridge_slave_0 entered promiscuous mode [ 142.750213] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 142.757985] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.764441] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.771680] device bridge_slave_1 entered promiscuous mode [ 142.779249] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 142.787057] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 142.794320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 142.801258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 142.808985] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 142.816911] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 142.884736] device hsr_slave_0 entered promiscuous mode [ 142.930367] device hsr_slave_1 entered promiscuous mode [ 142.975270] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 142.984825] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 143.000643] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.012396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 143.022741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 143.030441] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.036769] bridge0: port 1(bridge_slave_0) entered forwarding state [ 143.043952] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 143.052349] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 143.058431] 8021q: adding VLAN 0 to HW filter on device team0 [ 143.066011] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 143.073876] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 143.083513] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 143.091970] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 143.098974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 143.106580] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 143.115333] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 143.124940] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 143.138312] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 143.147521] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 143.156594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 143.165676] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.172066] bridge0: port 2(bridge_slave_1) entered forwarding state [ 143.178916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 143.187828] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 143.197452] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 143.213446] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 143.224615] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 143.233156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 143.241804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 143.249296] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.255661] bridge0: port 1(bridge_slave_0) entered forwarding state [ 143.263858] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 143.273569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 143.281052] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 143.288291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 143.295132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 143.302270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 143.310800] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 143.318251] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 143.325601] team0: Port device team_slave_0 added [ 143.333199] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 143.344040] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 143.350824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 143.358442] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 143.366117] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.372499] bridge0: port 2(bridge_slave_1) entered forwarding state [ 143.379284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 143.386946] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 143.397863] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 143.406819] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 143.414662] team0: Port device team_slave_1 added [ 143.422646] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 143.432273] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 143.438514] 8021q: adding VLAN 0 to HW filter on device team0 [ 143.448827] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 143.456042] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 143.464069] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 143.473626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 143.481338] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 143.488962] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 143.499901] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 143.509592] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 143.520890] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 143.528235] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 143.534531] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 143.553196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 143.561303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 143.568774] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.575155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 143.582251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 143.589944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 143.597728] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 143.605469] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 143.613742] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 143.623700] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 143.633086] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 143.682227] device hsr_slave_0 entered promiscuous mode [ 143.720401] device hsr_slave_1 entered promiscuous mode [ 143.761301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 143.768938] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 143.779276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 143.786877] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 143.794794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 143.802480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 143.809930] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.816290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 143.823769] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 143.834383] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 143.843178] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 143.852175] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 143.862697] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 143.870330] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 143.877074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 143.886808] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 143.894723] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 143.902631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 143.909980] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 143.921729] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 143.929199] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 143.941769] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 143.950472] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 143.961185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 143.969756] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 143.978031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 143.987157] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 143.993516] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 144.007325] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 144.016641] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 144.025139] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 144.033381] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 144.044464] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 144.050734] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 144.058547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 144.066680] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 144.074234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 144.082096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 144.089486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 144.097190] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 144.104864] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 144.114248] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 144.132128] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 144.141334] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 144.147583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 144.156284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 144.168411] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 144.177076] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 144.194534] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 144.207689] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 144.214521] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 144.226809] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 144.235172] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 144.247384] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 144.261528] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 144.268994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.291281] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 144.309126] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 144.323444] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 144.341014] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 144.349318] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 144.356276] 8021q: adding VLAN 0 to HW filter on device team0 [ 144.367780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 144.375207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 144.396256] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 02:34:18 executing program 5: clone(0x200, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = gettid() clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) kcmp(r1, r1, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$setopts(0x4206, r1, 0x0, 0x0) [ 144.428163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 144.430346] ptrace attach of "/root/syz-executor.5"[6932] was attempted by "/root/syz-executor.5"[6934] [ 144.438241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 144.466472] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.472908] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.479230] ptrace attach of ""[6922] was attempted by "/root/syz-executor.5"[6934] [ 144.511239] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 02:34:18 executing program 3: [ 144.526126] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 144.536829] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 144.550720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 02:34:18 executing program 3: [ 144.573600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 144.587066] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.593482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.599080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 02:34:18 executing program 5: clone(0x200, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = gettid() clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) kcmp(r1, r1, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$setopts(0x4206, r1, 0x0, 0x0) [ 144.635205] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.646803] audit: type=1400 audit(1568860458.188:39): avc: denied { create } for pid=6956 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 144.676831] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready 02:34:18 executing program 3: [ 144.699079] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 144.714028] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 02:34:18 executing program 1: 02:34:18 executing program 3: [ 144.735917] audit: type=1400 audit(1568860458.278:40): avc: denied { write } for pid=6956 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 144.765086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 144.782528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 144.811980] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 144.836012] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 144.849533] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 144.857060] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 144.870912] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 144.879580] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 144.888334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 144.896101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 02:34:18 executing program 0: 02:34:18 executing program 3: 02:34:18 executing program 1: [ 144.908935] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 144.922518] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 144.929681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 144.938568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 144.945573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 144.971923] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 145.001599] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 145.007719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 145.035540] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 145.050577] 8021q: adding VLAN 0 to HW filter on device team0 [ 145.059210] ptrace attach of "/root/syz-executor.5"[6986] was attempted by "/root/syz-executor.5"[6993] [ 145.083506] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 145.096811] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 145.105177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 145.114704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 145.124286] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.132774] bridge0: port 1(bridge_slave_0) entered forwarding state [ 145.141264] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 145.152342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.160780] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 145.168329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 145.177783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 145.185964] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.192804] bridge0: port 2(bridge_slave_1) entered forwarding state [ 145.203388] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 145.212906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 145.225747] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 145.235070] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 145.243199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 145.251849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 145.262146] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 145.270263] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 145.281379] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 145.290640] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 145.298162] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 145.306990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 145.315372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 145.323003] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 145.333411] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 145.342395] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 145.353026] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 145.359028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 145.366056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 145.373665] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 145.392551] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 145.402036] 8021q: adding VLAN 0 to HW filter on device batadv0 02:34:19 executing program 2: [ 146.013929] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 02:34:20 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000003c0)="a4ab12f728db4b2b4d2f2fba4fad0b3a47006db763e3a227deb6999d32772cf2eebb1fb054d54ac45a333c28785d630f38ba0fd5e2d5fb109aa4d1", 0x3b}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 02:34:20 executing program 3: 02:34:20 executing program 1: 02:34:20 executing program 0: 02:34:20 executing program 5: clone(0x200, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = gettid() clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) kcmp(r1, r1, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$setopts(0x4206, r1, 0x0, 0x0) 02:34:20 executing program 2: 02:34:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000540)=ANY=[@ANYBLOB="b7020000f70000001da70000000000002402000020feffff7a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000fffe00000704000000000000b5040000100000206a0700fe00000000850000002f000000b70000000a00000095000000000000006458c2c62fc2868f0399d909a63796c113a80c19aab9d607000000b6cd483be3f0d3253730e711f5969f62c28b22756bedf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468956af540439fce41f144631ac262dcae08c3d1a1fbe96dd87235b44174f7c0343185089a0f119e31975e551558055dc2dced18e14cfd81cc9204e388"], &(0x7f0000000280)='\xc2\x06m\xd6D\xec\x01\xd7Rg\x7f\x9c-_\xd0\xe7\xfa=2\x00=', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x139}, 0x48) 02:34:20 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl(r1, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x0, 0x12, r3, 0x0) write$FUSE_DIRENT(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="10"], 0x1) mmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 02:34:20 executing program 2: clone(0x84007bf7, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() mknod(&(0x7f0000000100)='./file0\x00', 0x1142, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) ptrace(0x10, r0) creat(&(0x7f0000000080)='./file0\x00', 0x0) ptrace(0x11, r0) 02:34:20 executing program 1: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f0000000240)=ANY=[@ANYBLOB="020d0000100000002f3144e800000008030006000720000002004000e0000001000000f5000000000800120002000200000000000000000030006c00020300060000000000f9acb20200000000152c000000000000000001020014bb00000000000000000000000003000500002000000200ed00e000000100800083e30f510b9d8efd6eadf31561988c77cf152ea8bb43ddbd7d03dac7f445a652d3f8b063daeb15b162399635b5eb6ec8a358f29535d3f8c10117eaf3e10e8d53fd852096ff1c17d5c647067080641d4c75fe6f4ede5fb105595e85190900000000000000f93a0fcc835820d96008f866fb4d28bc7ef9f8062f9db55b8128159cdcfd0c171bcf9e868c603d7f8542cbd8c5d2e29b90ddf7f6d9525cbc5b20d8b6f661130c526af0320ad36f005f535d7e160b5669dd7f1237cc0f7d1d35826f68073a437965d66df2f2d4bff069f7d039c721484d89f3684064363829139df6b4be76fb04ad9ec5cf2faf907a440931d08e9e65d7b8597e57292ac7c4f1982c1bd6f4004599024a82954502db72a47cc66269ee45d0f4431963df216018cd09bb08ad3d5892b7b45695d5f782adaeac17bf2ef5d6862908eb0cd1f08974add39b3dc0c419ab6cdf8741796365ff5febc5acc75fc049d032b828fbbfb2a1f86bd5ddac8b0c34a65f46d7a939862a1dd88b855e8cc356e15f6ddcef472fd05c029c319536e0a31e646c5afdde4f9efd85a700a7ef39946f797fa96bacfd15ccb9a902c486c3ea0b529fd45c29361d88fda169ec1ce96ab06bae592ec35a1db60eb31fc681004c32755b474f45edf0d211c8f97e5d1bc7b000c02edef7a48db21b1bed2250f1e1044d4e9d018bb02ac2f8a22b834cbf73c16ec0bfeba144e362c08960124b6fe545d7d5a7613ff2a0a27644f22b707dde3227b8375905fb38e5a8c45f2579b2e80762c2c54695669ac80f00007d4f0000970e7e3c4bc415bad58368aadb6dd179da093b760f40ac2cf674dde3642c6052c14c275fe321612006d2bf4d6fe600a954494b97e133e35b414d50f9f02fda424a59147ffdeef8dd0406e0ce4e4150ab927c7020281ac2aeb90710f5c72159f40e573e1a98bdbd45014c882cf185b11003924150ce0e90cf060e75669e11b52980b0215dd874f8c7b77a5510000000000091537ac62a93d30b3a03af813137fdbe437ebeb3bb5465e146df3b1db40c941e7b3fb95d05ac7ebe7f649913a1ee2322d19616d5073260fd3a024754feced7322c087dd0aabb28deacf04ba53888e748cd3e33784ef870a1d077ed042e179fd1e4cc4af0e2a15f4bb4f7fde1c5d12bf1a7982ffb0bf92329982ca257d83b31369a23f5f183156f5fb4c77fcc05dba8003d73e8ca7ad22dcc2ca7409ee85333a12dbb75ee124e511f41e1130c47049c00000000000000000054450e914e30db640a5f465cc343ed4d15e0ac565f6b501e35dda2b48c0e503239e0265c079ec700b7eda23f2f816e53a2eafd99b6c21df716ba011af218c828e68c9083ea03480a1be36aa1a3f1c79cfee450d10c62d09408d0d14e0b45d24f4c2deeafcb544402848780ff33723b157000000000000000090d238bac9a91b376db76124c6f851f1615ed405b02ee06a41ee4532067cc12dddd74bfe3125c15e35a004f7492b5d4feec1ceb7503461103c6b88e4c2c5404ca8331b319070051a4319c695132950e6b4595bba5a43b470091a1cc3caad0272edf93d7d55813f1c5c33073ffe5d1f3e27db32999c569753dbfe869792694de40fba09e4ac97ffc2a483e61ca000000804d1e7a824eba0884b04d731de8193a73d342a727d9703cb71b770504deeece71fcf92af35a4873c733a6b348f4bc2aaaf5793cca3250ddedcebd51df45eaf8ff2012160cb8b85951bf8a13c51d983b22c03db12b929c9bde8ea3cc4ce4120a09713a1d3dd37e200a2dd71949ed8d28153cecbea71f4b50387a973cc0056f9f000000100083822a960c2edce5c20b0ff7cfef9559824b89a21e140e577b68eee02882861fc51a820e497b18d9059e3f4a1a1ac5208f35a1404d1df9b25f2fbdf9fbfab4c352000000000000000000000000000098d99fb576a0072c72936578654f970ce2caa319f2b8f0ff64bf3dc43f2dcd50a3a11ce0e4465d44e915e19da56dc8400eb8bb52cc02a419f7d562a39aa9fae346c49f9dc301b1aa3bd557c91748f5e0020d2dfecaeb107887e4887031687120d0452bf79b0523d190ce81cd624ab277368148a84f188ffb0700e54509b8bc28535690cb16e2306d85371baa0d7a62ba7466694c218df1a3a56d750c87c5f5bd5367e674c6821b5763f51e5b93fdf27b9af9f8d2035d73aa75613e3d165c51620a001d537b9f9cb36a9711f2967942ff7daf93f7dd70e553324d8b63d86733e6301fcd903f7335a6c2719b8cbab445b3f0a3cd1aa478291771292138bdffbae1a91a7cdf4ed2732fe3a38dab24b686abedc9687602eedd6781f6a0b3e8c0d732acd1b417fdf6a292c838882682a19257d4abb35904c85fe7eb7b056fc62d13a743060da27e660715a66c722b41888c506546cb03ed2f3898ec397056bca0ae791384990b2dd17189813597dac3fdec6f7e410a02d24605cf286a0ebb1672f2547b7ecdf3cb7a82d223e3e695b380155f446a893be0dc7591df9f7807f0b93bcbd418b51af4bced834cc8850675cb38bbef1803676413c9a949a6da7191e8156ee61a914fae3abecf98da3805858f10ef4c484cbb7ec7e5b107199196d7b65aa61ea5e5177e3716e21f86006354552a1439eeb0fee900000000000000000000c5da7eb7640e3e93eb5685918a239230cdc1dbcea699dcf280abefebd6a5da22e70dce8780117f9ab0000000000000000000000000506a6b252a0f133913c59586d05358b4224315356979e1ebf7f7d2ddf011e6cbcf6a977dd9347e5e43a1f6f228e95d31d603b823d6fa3d43eed9fddc1a8ca3f3a81545d60686b298d61a5601f79215def48d07c686e2bc532a28b3c6f7508a7cb6ce824e14360cc170b2adafe07f9b50876dcea0ef56fcd0425a50680c393440024571676900ede564b5e8935c8aaeff153f39885df9856567f6c56c9763f113a7ea89d70c0991842f9217e82a322278c3bd6f6e6edb2d9868f8924c524319142de50c226026c57931aac7f6ab086a67cfc7140086e1bffc9b4fdf9bc76c689249dceaeb455c3e1853fd2cc22d5700"/2308], 0x80}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x400024c, 0x0) 02:34:20 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'veth1\x00', &(0x7f0000000140)=@ethtool_cmd={0x19}}) [ 146.664075] audit: type=1400 audit(1568860460.208:41): avc: denied { map } for pid=7050 comm="syz-executor.0" path="/root/syzkaller-testdir026981326/syzkaller.a3BKl3/3/file0/mem" dev="devtmpfs" ino=13689 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:memory_device_t:s0 tclass=chr_file permissive=1 02:34:20 executing program 0: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='overlay\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB=',lowerdir=.:file0']) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000240)=""/65, 0x41) [ 146.708105] ptrace attach of "/root/syz-executor.2"[7049] was attempted by "/root/syz-executor.2"[7058] [ 146.749287] ptrace attach of "/root/syz-executor.5"[7051] was attempted by "/root/syz-executor.5"[7070] [ 146.796015] overlayfs: fs on 'file0' does not support file handles, falling back to index=off. [ 146.808618] overlayfs: fs on 'file0' does not support file handles, falling back to index=off. 02:34:23 executing program 5: clone(0x200, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = gettid() clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ptrace$setopts(0x4206, r1, 0x0, 0x0) 02:34:23 executing program 3: syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0x2, 0x2) ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2) ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) getpid() mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f00001da000/0x18000)=nil, 0x0, 0xfffffe72, 0x0, 0x0, 0xa00000000000000) ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f00000001c0)) openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0) sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, 0x0, 0x81) r3 = socket$inet6(0xa, 0x400000000001, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) setsockopt$inet_sctp6_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={0x0, 0x839}, 0x8) ftruncate(0xffffffffffffffff, 0x200004) 02:34:23 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000003c0)="a4ab12f728db4b2b4d2f2fba4fad0b3a47006db763e3a227deb6999d32772cf2eebb1fb054d54ac45a333c28785d630f38ba", 0x32}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 02:34:23 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000440)=ANY=[@ANYBLOB="010000e8"]) 02:34:23 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000540)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000006402000020feffff7a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000fffe00000704000000000000b5040000100000206a0700fe00000000850000002f000000b70000000a00000095000000000000006458c2c62fc2868f0399d909a63796c113a80c19aab9d607000000b6cd483be3f0d3253730e711f5969f62c28b22756bedf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468956af540439fce41f144631ac262dcae08c3d1a1fbe96dd87235b44174f7c0343185089a0f119e31975e551558055dc2dced18e14cfd81cc9204e388"], &(0x7f0000000280)='\xc2\x06m\xd6D\xec\x01\xd7Rg\x7f\x9c-_\xd0\xe7\xfa=2\x00=', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x139}, 0x48) 02:34:23 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000003c0)="a4ab12f728db4b2b4d2f2fba4fad0b3a47006db763e3a227deb6999d32772cf2eebb1fb054d54ac45a333c28785d630f38ba0fd5e2d5fb109aa4d1a2d25799eb00ea36a133349cce8d7986f5f3a2518643b1287105afeb7e56476dd2c9cb575a0fad7e0b6f6355077e72904a4153382c5952219145c003abaf3a24499ea6ccd595d14ee538bc7bf15b304003d1048ac70caa5064492916d98251883c182f2ec07ed91d53e745a1b28530a453bed61ecc0fc6056bba5b37c29fcd84fa8c38c6337f59de193214f08711612845a0898b8f0ed5", 0xd2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 02:34:23 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2e00000023008163e45ae08700000000060f0ec0000000bc4cc91b4dd65b2f0580cb7023f52a556d1cd4f1cbf90a", 0x2e}], 0x1}, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000006f00)=[{0x0}], 0x1}, 0x0) [ 149.623744] hrtimer: interrupt took 23893 ns [ 149.633569] audit: type=1400 audit(1568860463.178:42): avc: denied { map } for pid=7085 comm="syz-executor.3" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=26866 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=1 02:34:23 executing program 5: clone(0x200, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = gettid() clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ptrace$setopts(0x4206, r1, 0x0, 0x0) 02:34:23 executing program 2: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) r2 = epoll_create(0xb) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clock_gettime(0x0, &(0x7f0000000240)) socket(0x10, 0x802, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 149.734635] audit: type=1400 audit(1568860463.268:43): avc: denied { read } for pid=7106 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 02:34:23 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x22a, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='yeah\x00', 0x5) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) syz_open_dev$swradio(0x0, 0x0, 0x2) ioctl$TIOCGETD(0xffffffffffffffff, 0x5424, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) clock_gettime(0x0, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, 0x0, 0x0) shutdown(r1, 0x1) r2 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet6(r2, &(0x7f0000000080)='#', 0x1, 0x0, 0x0, 0x0) 02:34:23 executing program 3: r0 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x48f, &(0x7f0000000300)={0x100000011, @empty, 0x0, 0x6008800, 'lblc\x00'}, 0x2c) 02:34:23 executing program 5: clone(0x200, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = gettid() clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ptrace$setopts(0x4206, r1, 0x0, 0x0) [ 149.999078] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 150.025283] ================================================================== [ 150.032775] BUG: KASAN: use-after-free in tcp_init_tso_segs+0x1ae/0x200 [ 150.039529] Read of size 2 at addr ffff88809489a2f0 by task syz-executor.1/7133 [ 150.047007] [ 150.048647] CPU: 1 PID: 7133 Comm: syz-executor.1 Not tainted 4.14.144 #0 [ 150.055572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 150.064926] Call Trace: [ 150.067520] dump_stack+0x138/0x197 [ 150.071181] ? tcp_init_tso_segs+0x1ae/0x200 [ 150.075592] print_address_description.cold+0x7c/0x1dc [ 150.080882] ? tcp_init_tso_segs+0x1ae/0x200 [ 150.085295] kasan_report.cold+0xa9/0x2af [ 150.089448] __asan_report_load2_noabort+0x14/0x20 [ 150.094399] tcp_init_tso_segs+0x1ae/0x200 [ 150.098645] ? tcp_tso_segs+0x7d/0x1c0 [ 150.102595] tcp_write_xmit+0x15e/0x4960 [ 150.107031] ? tcp_v6_md5_lookup+0x23/0x30 [ 150.111265] ? tcp_established_options+0x2c5/0x420 [ 150.116193] ? tcp_current_mss+0x1dc/0x2f0 [ 150.120426] ? __alloc_skb+0x3ee/0x500 [ 150.124334] __tcp_push_pending_frames+0xa6/0x260 [ 150.129175] tcp_send_fin+0x17e/0xc40 [ 150.132977] ? lock_sock_nested+0x8c/0x110 [ 150.137212] tcp_shutdown+0xe2/0x110 [ 150.140939] ? tcp_tx_timestamp.part.0+0x290/0x290 [ 150.146931] inet_shutdown+0x178/0x350 [ 150.150822] SyS_shutdown+0xe1/0x170 [ 150.154973] ? SyS_getsockopt+0x1e0/0x1e0 [ 150.159117] ? SyS_clock_gettime+0xf8/0x180 [ 150.163441] ? do_syscall_64+0x53/0x640 [ 150.167440] ? SyS_getsockopt+0x1e0/0x1e0 [ 150.171594] do_syscall_64+0x1e8/0x640 [ 150.175485] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 150.180354] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 150.186436] RIP: 0033:0x4598e9 [ 150.189623] RSP: 002b:00007f3aa9ca6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000030 [ 150.197328] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004598e9 [ 150.205070] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004 [ 150.213919] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 150.223596] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3aa9ca76d4 [ 150.230981] R13: 00000000004c8463 R14: 00000000004df000 R15: 00000000ffffffff [ 150.238274] [ 150.239907] Allocated by task 7133: [ 150.243540] save_stack_trace+0x16/0x20 [ 150.247515] save_stack+0x45/0xd0 [ 150.250963] kasan_kmalloc+0xce/0xf0 [ 150.254671] kasan_slab_alloc+0xf/0x20 [ 150.258552] kmem_cache_alloc_node+0x144/0x780 [ 150.263126] __alloc_skb+0x9c/0x500 [ 150.266749] sk_stream_alloc_skb+0xb3/0x780 [ 150.271064] tcp_sendmsg_locked+0xf61/0x3200 [ 150.275489] tcp_sendmsg+0x30/0x50 [ 150.279026] inet_sendmsg+0x122/0x500 [ 150.282824] sock_sendmsg+0xce/0x110 [ 150.286536] SYSC_sendto+0x206/0x310 [ 150.290246] SyS_sendto+0x40/0x50 [ 150.293703] do_syscall_64+0x1e8/0x640 [ 150.297613] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 150.302790] [ 150.304414] Freed by task 7133: [ 150.307701] save_stack_trace+0x16/0x20 [ 150.311671] save_stack+0x45/0xd0 [ 150.315122] kasan_slab_free+0x75/0xc0 [ 150.319447] kmem_cache_free+0x83/0x2b0 [ 150.323420] kfree_skbmem+0x8d/0x120 [ 150.327130] __kfree_skb+0x1e/0x30 [ 150.330665] tcp_remove_empty_skb.part.0+0x231/0x2e0 [ 150.335748] tcp_sendmsg_locked+0x1ced/0x3200 [ 150.340223] tcp_sendmsg+0x30/0x50 [ 150.343742] inet_sendmsg+0x122/0x500 [ 150.347528] sock_sendmsg+0xce/0x110 [ 150.351229] SYSC_sendto+0x206/0x310 [ 150.354921] SyS_sendto+0x40/0x50 [ 150.358355] do_syscall_64+0x1e8/0x640 [ 150.362223] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 150.367387] [ 150.368994] The buggy address belongs to the object at ffff88809489a2c0 [ 150.368994] which belongs to the cache skbuff_fclone_cache of size 472 [ 150.382327] The buggy address is located 48 bytes inside of [ 150.382327] 472-byte region [ffff88809489a2c0, ffff88809489a498) [ 150.394099] The buggy address belongs to the page: [ 150.399012] page:ffffea0002522680 count:1 mapcount:0 mapping:ffff88809489a040 index:0x0 [ 150.409722] flags: 0x1fffc0000000100(slab) [ 150.414018] raw: 01fffc0000000100 ffff88809489a040 0000000000000000 0000000100000006 [ 150.423982] raw: ffffea0002302da0 ffffea0002181da0 ffff8880a9e19a80 0000000000000000 [ 150.431850] page dumped because: kasan: bad access detected [ 150.437561] [ 150.439168] Memory state around the buggy address: 02:34:24 executing program 5: clone(0x200, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = gettid() kcmp(r1, r1, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$setopts(0x4206, r1, 0x0, 0x0) 02:34:24 executing program 3: r0 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$user(&(0x7f0000000480)='user\x00', &(0x7f0000000280)={'syz'}, &(0x7f0000000600)="08000000000000003759540d01ab3409d020ce89f347f85954148506ada508304f9a72c09ed607aaa5aebe2498570ca5d2d11eadfec8ef98f956a77dd104439715fb62f2aa8e3d83b831c272c31f4412f90df7203dd222f0652c485463d225ffcc2357e053c0ba88cdce1e394b0c4896e5ee5b1de0dd94615ce05f1eec2510cf313e048bdfc66a909be38e1127baae09a26c08d0153bd5a49d6748f6c07d75cc2e7eb4367b92abf90b9a39bf8fabddb4b79515fc7194d4df5a0118ca46b1513277f9814b7e341f616a3636d3955333aa7ad584527d980f42a323252bc0531c1f787db7c88cb76eea99d893af4fcac6bbd4f45a1e82d64ef5d013c03c5283bf0d9e270525afae3644facb7f56d66c3474e49bc0db50ab87c04e277dc29f09da1db4514d9275f1a617123880b43b19d16fd658c5fa22377ffc2618a96455d310df61d99f73ea14a8554dd521f459643c900951735c30d133f8c04373c12fd20ce4730a0a0be2bcb5d2b0", 0x169, r0) r2 = add_key$user(&(0x7f0000000380)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f00000003c0)='X', 0x1, 0xfffffffffffffffe) getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080), &(0x7f00000000c0)=0x4) r3 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000100)={r2, r3, r1}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'crct10dif\x00\x00\x00 \x00\x00\x00+\x00'}}) [ 150.444081] ffff88809489a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 150.451422] ffff88809489a200: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 150.458772] >ffff88809489a280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 150.466113] ^ [ 150.473111] ffff88809489a300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 150.480611] ffff88809489a380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 150.487973] ================================================================== [ 150.495323] Disabling lock debugging due to kernel taint [ 150.515866] Kernel panic - not syncing: panic_on_warn set ... [ 150.515866] [ 150.523260] CPU: 1 PID: 7133 Comm: syz-executor.1 Tainted: G B 4.14.144 #0 [ 150.531396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 150.540742] Call Trace: [ 150.543335] dump_stack+0x138/0x197 [ 150.546965] ? tcp_init_tso_segs+0x1ae/0x200 [ 150.551391] panic+0x1f2/0x426 [ 150.554687] ? add_taint.cold+0x16/0x16 [ 150.558672] ? ___preempt_schedule+0x16/0x18 [ 150.563084] kasan_end_report+0x47/0x4f [ 150.567064] kasan_report.cold+0x130/0x2af [ 150.571303] __asan_report_load2_noabort+0x14/0x20 [ 150.576845] tcp_init_tso_segs+0x1ae/0x200 [ 150.579727] kobject: 'loop5' (ffff8880a4a3f320): kobject_uevent_env [ 150.581091] ? tcp_tso_segs+0x7d/0x1c0 [ 150.581101] tcp_write_xmit+0x15e/0x4960 [ 150.581111] ? tcp_v6_md5_lookup+0x23/0x30 [ 150.581119] ? tcp_established_options+0x2c5/0x420 [ 150.581128] ? tcp_current_mss+0x1dc/0x2f0 [ 150.581138] ? __alloc_skb+0x3ee/0x500 [ 150.581147] __tcp_push_pending_frames+0xa6/0x260 [ 150.581158] tcp_send_fin+0x17e/0xc40 [ 150.587576] kobject: 'loop5' (ffff8880a4a3f320): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 150.591522] ? lock_sock_nested+0x8c/0x110 [ 150.591531] tcp_shutdown+0xe2/0x110 [ 150.591538] ? tcp_tx_timestamp.part.0+0x290/0x290 [ 150.591546] inet_shutdown+0x178/0x350 [ 150.591554] SyS_shutdown+0xe1/0x170 [ 150.591563] ? SyS_getsockopt+0x1e0/0x1e0 [ 150.655570] ? SyS_clock_gettime+0xf8/0x180 [ 150.659961] ? do_syscall_64+0x53/0x640 [ 150.663927] ? SyS_getsockopt+0x1e0/0x1e0 [ 150.668078] do_syscall_64+0x1e8/0x640 [ 150.671967] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 150.676799] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 150.681971] RIP: 0033:0x4598e9 [ 150.685141] RSP: 002b:00007f3aa9ca6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000030 [ 150.692837] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004598e9 [ 150.700092] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004 [ 150.707342] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 150.714692] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3aa9ca76d4 [ 150.721945] R13: 00000000004c8463 R14: 00000000004df000 R15: 00000000ffffffff [ 150.730824] Kernel Offset: disabled [ 150.734496] Rebooting in 86400 seconds..