[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   44.821750] random: sshd: uninitialized urandom read (32 bytes read)
[   45.300776] kauditd_printk_skb: 9 callbacks suppressed
[   45.300784] audit: type=1400 audit(1568860358.848:35): avc:  denied  { map } for  pid=6851 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   45.346425] random: sshd: uninitialized urandom read (32 bytes read)
[   45.992810] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.1.11' (ECDSA) to the list of known hosts.
[   51.459518] random: sshd: uninitialized urandom read (32 bytes read)
2019/09/19 02:32:45 fuzzer started
[   51.647151] audit: type=1400 audit(1568860365.188:36): avc:  denied  { map } for  pid=6861 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   52.377001] random: cc1: uninitialized urandom read (8 bytes read)
2019/09/19 02:32:46 dialing manager at 10.128.0.105:45739
2019/09/19 02:32:47 syscalls: 2466
2019/09/19 02:32:47 code coverage: enabled
2019/09/19 02:32:47 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument
2019/09/19 02:32:47 extra coverage: extra coverage is not supported by the kernel
2019/09/19 02:32:47 setuid sandbox: enabled
2019/09/19 02:32:47 namespace sandbox: enabled
2019/09/19 02:32:47 Android sandbox: /sys/fs/selinux/policy does not exist
2019/09/19 02:32:47 fault injection: enabled
2019/09/19 02:32:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/09/19 02:32:47 net packet injection: enabled
2019/09/19 02:32:47 net device setup: enabled
[   54.292428] random: crng init done
02:34:13 executing program 5:
clone(0x200, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r1 = gettid()
clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
kcmp(r1, r1, 0x4, 0xffffffffffffffff, 0xffffffffffffffff)
ptrace$setopts(0x4206, r1, 0x0, 0x0)

02:34:13 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071")
syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @empty, [{}], {@ipv6={0x86dd, {0x0, 0x6, "8c3d5d", 0x14, 0x5c, 0x0, @rand_addr="fdc4af60db6c115641e84c443a15a87e", @remote, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

02:34:13 executing program 3:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0)
io_cancel(0x0, 0x0, 0x0)
write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0)
modify_ldt$write2(0x11, &(0x7f00000000c0)={0x4, 0x0, 0x2000, 0xfffffffffffffffe, 0x0, 0x0, 0x100, 0x0, 0x0, 0x2}, 0x10)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x101000, 0x0)
prctl$PR_GET_NAME(0x10, 0x0)
write$P9_RWALK(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8)
mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0, 0x28812, 0xffffffffffffffff, 0x0)
r3 = perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup2(0xffffffffffffffff, r3)
ioctl$TIOCLINUX4(0xffffffffffffffff, 0x541c, &(0x7f0000000a40))
recvmmsg(0xffffffffffffffff, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000280)=""/116, 0x74}], 0x2, &(0x7f0000000300)=""/44, 0x2c}, 0x8}], 0x1, 0x0, 0x0)
ioctl$TUNSETVNETBE(r1, 0x400454de, &(0x7f0000000100))
ioctl$LOOP_CTL_REMOVE(r2, 0x4c80, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x210007fd, 0x0, 0x0)

02:34:13 executing program 1:
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2e00000023008163e45ae08700000000060f0ec0000000bc4cc91b4dd65b2f0580cb7023f52a556d1cd4f1cbf90a", 0x2e}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

02:34:13 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_XSAVE(r2, 0x5000aea5, &(0x7f0000000300)={"8b5914c7bbee10ff7484f5e19283dbd78fe4d287de8b6b58fbdbf50e1303ec1ebc9dc52c54e0f3f136929748c184682c8a1d9db5aafb569246538213dadaf3c4321b6c11feb8b630230b7ca6df6b2e2e9d76ccc92a8416b6b66e8d2dcda8a8ea106c103d9d4817add5f75c09bdd79bccb087592484d548dd140ccd48eec674a48818c9fcd454663d2283c100d2604e14b27943701bdf304ba4ce887a3276612b6dbcb7fb37fa1cbd9b3f114d52adbdd82390177d27a6ddec6b1fdd1eedad0d69b884224a1b7391833c8717bb0797c217056cd7010a701fdc164c4dcd0c512aa6d5f4682d1a472382a85a7c95549fb7308273ce5c3168302878c56ae7d555727d4acc1d25817f8001cb2aba0d95420f8678cebfd54e0198cdbeba49484f2c898f62e2bb518e3cb3949aeee38b741785a09bd565662918f8a4043811cdd4e8d54049366b13759eff9f7093c639c1c26774d8d9cf631b75f7562cbced8e730b5ce7e599ed157a1e7bd7e2376d605ed3d1b7a68c6304a913f4cb205da6e931978dfd63d21372bf036c7886fcf701e8d8f376c35f77c305a6b8726d3594776ab1556ae506bf0102a4e7fecf8af476c010e3f020a377c77a444f4101ebb0a45804db57f6309c3786843e98411dda4d626e948620f998789f77385f1bb8bf8c08983fa570119dd791f208ac058799bfbc27d8762651f5d405e7e57fa80fbf5d7cabaa2c220a2a840a503b4befcdbefa953e9be4294f213794ed5b8ab4fd570f2be7fdc21d614415f4efdbbedb7ccce8a31a80e288e02ad90613e18a58ffafa1e4037ce7132b4ff5bc6148894757be31b722eae8372ef8c6b288b1680cc1801b11c1f9f3cdeda08a512c756cdb229d7f124fe3eccbb720cba0e67776b2d74680634bf18e556cb9b7e49c042a5eb7a6686e9ac4171a0087be6e1695b3cb090fd1dcdb9d25922f70757bbcd6dc7de9dc73e298e0f2e1b2d0e985185b9d6c5db7c21e68faf35d31e1140f91f125395ef46e7cf3d08cde5055200ccf6253a40f66c913d6121c9feaf56ccc06b55be2ddb991ec57adf21eb481b8b6c23dad7b8e02cb351d534633de4d2ccf22a481beba5c110b3a83cebd3a87522ae73ca76bccebaca8a3a854694c993daa26709811ccb95ea6eeff022ff5624e8614ccf20b294ad93acec156d7f00e452129958ae5d59504419b33fe5be188805eed89c04eb23e948629a035b455547945328a7d92c6cf155e214772c18dc3ef8ceaf93326246aedab9cde45cf8609af08537b12659663ba97e9eb8d63bad3e3cfdc4108626f857a5143db0d4d8614fc5c6db506469243d193435076ff61928ceb721302986b774f7f3f80c58ccec74b0800ef3ed5d9bd1695f020a180c1358a28045d1283e048260509f1345ef2c214247947e94f9b114fa2064cd57c16aefb12857822917654234342c193"})

02:34:13 executing program 4:
clone(0x200, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r1 = gettid()
clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
kcmp(r1, r1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)
ptrace$setopts(0x4206, r1, 0x0, 0x0)

[  139.491938] audit: type=1400 audit(1568860453.038:37): avc:  denied  { map } for  pid=6861 comm="syz-fuzzer" path="/root/syzkaller-shm133591999" dev="sda1" ino=2233 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[  139.590104] audit: type=1400 audit(1568860453.048:38): avc:  denied  { map } for  pid=6879 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[  139.691994] IPVS: ftp: loaded support on port[0] = 21
[  140.448616] IPVS: ftp: loaded support on port[0] = 21
[  140.497181] chnl_net:caif_netlink_parms(): no params data found
[  140.524383] IPVS: ftp: loaded support on port[0] = 21
[  140.547587] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.554491] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.561617] device bridge_slave_0 entered promiscuous mode
[  140.570714] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.577372] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.585194] device bridge_slave_1 entered promiscuous mode
[  140.634762] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  140.645616] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  140.667606] chnl_net:caif_netlink_parms(): no params data found
[  140.681759] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  140.688971] team0: Port device team_slave_0 added
[  140.705168] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  140.712309] team0: Port device team_slave_1 added
[  140.718542] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  140.726710] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  140.751605] IPVS: ftp: loaded support on port[0] = 21
[  140.812641] device hsr_slave_0 entered promiscuous mode
[  140.880320] device hsr_slave_1 entered promiscuous mode
[  140.952694] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.959649] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.967178] device bridge_slave_0 entered promiscuous mode
[  140.984216] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  140.991157] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.997501] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.004531] device bridge_slave_1 entered promiscuous mode
[  141.022195] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  141.065093] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  141.082140] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  141.092836] chnl_net:caif_netlink_parms(): no params data found
[  141.100524] IPVS: ftp: loaded support on port[0] = 21
[  141.134026] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.140920] bridge0: port 2(bridge_slave_1) entered forwarding state
[  141.147714] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.154099] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.163955] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  141.171226] team0: Port device team_slave_0 added
[  141.215456] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  141.223183] team0: Port device team_slave_1 added
[  141.229109] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  141.259132] chnl_net:caif_netlink_parms(): no params data found
[  141.276867] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  141.363306] device hsr_slave_0 entered promiscuous mode
[  141.400472] device hsr_slave_1 entered promiscuous mode
[  141.450338] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.457765] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.466914] device bridge_slave_0 entered promiscuous mode
[  141.493122] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  141.499805] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.507020] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.513995] device bridge_slave_0 entered promiscuous mode
[  141.529407] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.529982] IPVS: ftp: loaded support on port[0] = 21
[  141.536098] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.548257] device bridge_slave_1 entered promiscuous mode
[  141.555725] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.562760] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.571521] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.577873] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.585946] device bridge_slave_1 entered promiscuous mode
[  141.592476] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  141.629679] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  141.639194] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  141.661538] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  141.676256] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  141.683775] team0: Port device team_slave_0 added
[  141.690519] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  141.697523] team0: Port device team_slave_1 added
[  141.710747] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  141.728026] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  141.735575] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  141.754878] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  141.762954] team0: Port device team_slave_0 added
[  141.813610] chnl_net:caif_netlink_parms(): no params data found
[  141.825205] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.831636] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  141.838674] team0: Port device team_slave_1 added
[  141.844749] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  141.852060] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  141.913259] device hsr_slave_0 entered promiscuous mode
[  141.950498] device hsr_slave_1 entered promiscuous mode
[  142.001815] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  142.013597] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  142.028495] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  142.082292] device hsr_slave_0 entered promiscuous mode
[  142.140378] device hsr_slave_1 entered promiscuous mode
[  142.181179] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  142.187563] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  142.194693] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  142.230512] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  142.240739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  142.248007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  142.284677] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  142.293312] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  142.299492] 8021q: adding VLAN 0 to HW filter on device team0
[  142.314071] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.320957] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.327893] device bridge_slave_0 entered promiscuous mode
[  142.362970] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.369331] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.376343] device bridge_slave_1 entered promiscuous mode
[  142.382990] chnl_net:caif_netlink_parms(): no params data found
[  142.397055] 8021q: adding VLAN 0 to HW filter on device bond0
[  142.404116] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  142.425831] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  142.448595] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  142.457002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  142.465188] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  142.473055] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.479384] bridge0: port 1(bridge_slave_0) entered forwarding state
[  142.488446] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  142.498096] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  142.508823] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  142.521258] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  142.527329] 8021q: adding VLAN 0 to HW filter on device bond0
[  142.533870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  142.543524] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  142.551775] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.558109] bridge0: port 2(bridge_slave_1) entered forwarding state
[  142.566981] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  142.587039] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  142.595248] team0: Port device team_slave_0 added
[  142.602306] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  142.608676] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  142.616814] team0: Port device team_slave_1 added
[  142.623572] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  142.631282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  142.647879] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  142.656952] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  142.666033] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  142.674336] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  142.681357] 8021q: adding VLAN 0 to HW filter on device team0
[  142.687984] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  142.696068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  142.703530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  142.722810] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  142.728991] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.735443] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.743380] device bridge_slave_0 entered promiscuous mode
[  142.750213] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  142.757985] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.764441] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.771680] device bridge_slave_1 entered promiscuous mode
[  142.779249] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  142.787057] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  142.794320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  142.801258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  142.808985] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  142.816911] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  142.884736] device hsr_slave_0 entered promiscuous mode
[  142.930367] device hsr_slave_1 entered promiscuous mode
[  142.975270] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  142.984825] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  143.000643] 8021q: adding VLAN 0 to HW filter on device bond0
[  143.012396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  143.022741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  143.030441] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.036769] bridge0: port 1(bridge_slave_0) entered forwarding state
[  143.043952] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  143.052349] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  143.058431] 8021q: adding VLAN 0 to HW filter on device team0
[  143.066011] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  143.073876] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  143.083513] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  143.091970] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  143.098974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  143.106580] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  143.115333] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  143.124940] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  143.138312] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  143.147521] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  143.156594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  143.165676] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.172066] bridge0: port 2(bridge_slave_1) entered forwarding state
[  143.178916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  143.187828] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  143.197452] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  143.213446] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  143.224615] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  143.233156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  143.241804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  143.249296] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.255661] bridge0: port 1(bridge_slave_0) entered forwarding state
[  143.263858] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  143.273569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  143.281052] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  143.288291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  143.295132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  143.302270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  143.310800] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  143.318251] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  143.325601] team0: Port device team_slave_0 added
[  143.333199] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  143.344040] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  143.350824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  143.358442] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  143.366117] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.372499] bridge0: port 2(bridge_slave_1) entered forwarding state
[  143.379284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  143.386946] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  143.397863] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  143.406819] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  143.414662] team0: Port device team_slave_1 added
[  143.422646] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  143.432273] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  143.438514] 8021q: adding VLAN 0 to HW filter on device team0
[  143.448827] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  143.456042] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  143.464069] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  143.473626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  143.481338] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  143.488962] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  143.499901] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  143.509592] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  143.520890] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  143.528235] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  143.534531] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  143.553196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  143.561303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  143.568774] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.575155] bridge0: port 1(bridge_slave_0) entered forwarding state
[  143.582251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  143.589944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  143.597728] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  143.605469] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  143.613742] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  143.623700] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  143.633086] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  143.682227] device hsr_slave_0 entered promiscuous mode
[  143.720401] device hsr_slave_1 entered promiscuous mode
[  143.761301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  143.768938] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  143.779276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  143.786877] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  143.794794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  143.802480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  143.809930] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.816290] bridge0: port 2(bridge_slave_1) entered forwarding state
[  143.823769] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  143.834383] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  143.843178] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  143.852175] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  143.862697] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  143.870330] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  143.877074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  143.886808] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  143.894723] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  143.902631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  143.909980] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  143.921729] 8021q: adding VLAN 0 to HW filter on device batadv0
[  143.929199] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  143.941769] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  143.950472] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  143.961185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  143.969756] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  143.978031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  143.987157] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  143.993516] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  144.007325] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  144.016641] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  144.025139] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  144.033381] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  144.044464] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  144.050734] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  144.058547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  144.066680] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  144.074234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  144.082096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  144.089486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  144.097190] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  144.104864] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  144.114248] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  144.132128] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  144.141334] 8021q: adding VLAN 0 to HW filter on device batadv0
[  144.147583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  144.156284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  144.168411] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  144.177076] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  144.194534] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  144.207689] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  144.214521] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  144.226809] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  144.235172] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  144.247384] 8021q: adding VLAN 0 to HW filter on device batadv0
[  144.261528] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  144.268994] 8021q: adding VLAN 0 to HW filter on device bond0
[  144.291281] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  144.309126] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  144.323444] 8021q: adding VLAN 0 to HW filter on device batadv0
[  144.341014] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  144.349318] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  144.356276] 8021q: adding VLAN 0 to HW filter on device team0
[  144.367780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  144.375207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  144.396256] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
02:34:18 executing program 5:
clone(0x200, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r1 = gettid()
clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
kcmp(r1, r1, 0x4, 0xffffffffffffffff, 0xffffffffffffffff)
ptrace$setopts(0x4206, r1, 0x0, 0x0)

[  144.428163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  144.430346] ptrace attach of "/root/syz-executor.5"[6932] was attempted by "/root/syz-executor.5"[6934]
[  144.438241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  144.466472] bridge0: port 1(bridge_slave_0) entered blocking state
[  144.472908] bridge0: port 1(bridge_slave_0) entered forwarding state
[  144.479230] ptrace attach of ""[6922] was attempted by "/root/syz-executor.5"[6934]
[  144.511239] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
02:34:18 executing program 3:

[  144.526126] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  144.536829] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  144.550720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
02:34:18 executing program 3:

[  144.573600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  144.587066] bridge0: port 2(bridge_slave_1) entered blocking state
[  144.593482] bridge0: port 2(bridge_slave_1) entered forwarding state
[  144.599080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
02:34:18 executing program 5:
clone(0x200, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r1 = gettid()
clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
kcmp(r1, r1, 0x4, 0xffffffffffffffff, 0xffffffffffffffff)
ptrace$setopts(0x4206, r1, 0x0, 0x0)

[  144.635205] 8021q: adding VLAN 0 to HW filter on device bond0
[  144.646803] audit: type=1400 audit(1568860458.188:39): avc:  denied  { create } for  pid=6956 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  144.676831] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
02:34:18 executing program 3:

[  144.699079] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  144.714028] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
02:34:18 executing program 1:

02:34:18 executing program 3:

[  144.735917] audit: type=1400 audit(1568860458.278:40): avc:  denied  { write } for  pid=6956 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  144.765086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  144.782528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  144.811980] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  144.836012] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  144.849533] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  144.857060] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  144.870912] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  144.879580] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  144.888334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  144.896101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
02:34:18 executing program 0:

02:34:18 executing program 3:

02:34:18 executing program 1:

[  144.908935] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  144.922518] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  144.929681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  144.938568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  144.945573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  144.971923] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  145.001599] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  145.007719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  145.035540] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  145.050577] 8021q: adding VLAN 0 to HW filter on device team0
[  145.059210] ptrace attach of "/root/syz-executor.5"[6986] was attempted by "/root/syz-executor.5"[6993]
[  145.083506] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  145.096811] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  145.105177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  145.114704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  145.124286] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.132774] bridge0: port 1(bridge_slave_0) entered forwarding state
[  145.141264] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  145.152342] 8021q: adding VLAN 0 to HW filter on device batadv0
[  145.160780] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  145.168329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  145.177783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  145.185964] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.192804] bridge0: port 2(bridge_slave_1) entered forwarding state
[  145.203388] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  145.212906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  145.225747] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  145.235070] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  145.243199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  145.251849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  145.262146] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  145.270263] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  145.281379] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  145.290640] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  145.298162] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  145.306990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  145.315372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  145.323003] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  145.333411] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  145.342395] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  145.353026] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  145.359028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  145.366056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  145.373665] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  145.392551] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  145.402036] 8021q: adding VLAN 0 to HW filter on device batadv0
02:34:19 executing program 2:

[  146.013929] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
02:34:20 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000003c0)="a4ab12f728db4b2b4d2f2fba4fad0b3a47006db763e3a227deb6999d32772cf2eebb1fb054d54ac45a333c28785d630f38ba0fd5e2d5fb109aa4d1", 0x3b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

02:34:20 executing program 3:

02:34:20 executing program 1:

02:34:20 executing program 0:

02:34:20 executing program 5:
clone(0x200, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r1 = gettid()
clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
kcmp(r1, r1, 0x4, 0xffffffffffffffff, 0xffffffffffffffff)
ptrace$setopts(0x4206, r1, 0x0, 0x0)

02:34:20 executing program 2:

02:34:20 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000540)=ANY=[@ANYBLOB="b7020000f70000001da70000000000002402000020feffff7a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000fffe00000704000000000000b5040000100000206a0700fe00000000850000002f000000b70000000a00000095000000000000006458c2c62fc2868f0399d909a63796c113a80c19aab9d607000000b6cd483be3f0d3253730e711f5969f62c28b22756bedf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468956af540439fce41f144631ac262dcae08c3d1a1fbe96dd87235b44174f7c0343185089a0f119e31975e551558055dc2dced18e14cfd81cc9204e388"], &(0x7f0000000280)='\xc2\x06m\xd6D\xec\x01\xd7Rg\x7f\x9c-_\xd0\xe7\xfa=2\x00=', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x139}, 0x48)

02:34:20 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl(r1, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070")
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./file0\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='mem\x00\x00\x00\x00\x00\x00<s\x8c\')tU\x19\x9a)S\xa7b\xce\xd8\xde\x95\xf6\xc3\\n\xc1\xa2)o\xee\x97\xdf\xe9\xf3\xfdJ\xe8`7iY\x86~\xd8\xecy\xc00.\x90\xfc\xac\xa0\xb8\x1d\x1a\x7f\xec\xea\np\xb4\xd5l\xb5\xc3\xc7w%\x16a~]P\x04\xc7 \xf7\x92\x8b\x8f\x9d&\\\xf9\xa3\x96G<\xd4\x80\x16/\x81\xe7(\x8b\xde9]\xaf\xbc\xb0\r}Ne\xfaX\xb0\x8a\xbd\x1d\xfc\xd4\x91\x95\x00\v\x14a0_\xd9\x1f\xc7\xb5\xc3FS\x16\x03~\xbbc*\xa3\xab`\x06\xf0\xbc\xacJY\xe7\xb2\x8cw\xa4U.\xa4\xe2u\x1d!jVL}#O\t\xb2`\x0e\xe9\xc6*\xf7\xf8Uh\x8e\x01\xf1b\xf5;\x8a\x17\x9a\x0fq\x01\x91pSR\x82-H\n\x1fP\xb6*\xc9\xfd\x89\xb5\x7f\x87m\"\xaa\xce\xed\a\xf2\xfd<\x10\xb8\xcf\xfac\xcc\x0f\xd2\xdd\xcd#8\"\x8b\xf2\xccA\v\xdf\xf5\x8d\xa5-\x02\xaa|\xdd\xd0az\xc8,)\xedf\x89x>\a\x13', 0x275a, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='mem\x00\x00\x00\x00\x00\x00<s\x8c\')tU\x19\x9a)S\xa7b\xce\xd8\xde\x95\xf6\xc3\\n\xc1\xa2)o\xee\x97\xdf\xe9\xf3\xfdJ\xe8`7iY\x86~\xd8\xecy\xc00.\x90\xfc\xac\xa0\xb8\x1d\x1a\x7f\xec\xea\np\xb4\xd5l\xb5\xc3\xc7w%\x16a~]P\x04\xc7 \xf7\x92\x8b\x8f\x9d&\\\xf9\xa3\x96G<\xd4\x80\x16/\x81\xe7(\x8b\xde9]\xaf\xbc\xb0\r}Ne\xfaX\xb0\x8a\xbd\x1d\xfc\xd4\x91\x95\x00\v\x14a0_\xd9\x1f\xc7\xb5\xc3FS\x16\x03~\xbbc*\xa3\xab`\x06\xf0\xbc\xacJY\xe7\xb2\x8cw\xa4U.\xa4\xe2u\x1d!jVL}#O\t\xb2`\x0e\xe9\xc6*\xf7\xf8Uh\x8e\x01\xf1b\xf5;\x8a\x17\x9a\x0fq\x01\x91pSR\x82-H\n\x1fP\xb6*\xc9\xfd\x89\xb5\x7f\x87m\"\xaa\xce\xed\a\xf2\xfd<\x10\xb8\xcf\xfac\xcc\x0f\xd2\xdd\xcd#8\"\x8b\xf2\xccA\v\xdf\xf5\x8d\xa5-\x02\xaa|\xdd\xd0az\xc8,)\xedf\x89x>\a\x13', 0x275a, 0x0)
mmap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x0, 0x12, r3, 0x0)
write$FUSE_DIRENT(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="10"], 0x1)
mmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

02:34:20 executing program 2:
clone(0x84007bf7, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = getpid()
mknod(&(0x7f0000000100)='./file0\x00', 0x1142, 0x0)
execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0)
ptrace(0x10, r0)
creat(&(0x7f0000000080)='./file0\x00', 0x0)
ptrace(0x11, r0)

02:34:20 executing program 1:
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f0000000240)=ANY=[@ANYBLOB="020d0000100000002f3144e800000008030006000720000002004000e0000001000000f5000000000800120002000200000000000000000030006c00020300060000000000f9acb20200000000152c000000000000000001020014bb00000000000000000000000003000500002000000200ed00e000000100800083e30f510b9d8efd6eadf31561988c77cf152ea8bb43ddbd7d03dac7f445a652d3f8b063daeb15b162399635b5eb6ec8a358f29535d3f8c10117eaf3e10e8d53fd852096ff1c17d5c647067080641d4c75fe6f4ede5fb105595e85190900000000000000f93a0fcc835820d96008f866fb4d28bc7ef9f8062f9db55b8128159cdcfd0c171bcf9e868c603d7f8542cbd8c5d2e29b90ddf7f6d9525cbc5b20d8b6f661130c526af0320ad36f005f535d7e160b5669dd7f1237cc0f7d1d35826f68073a437965d66df2f2d4bff069f7d039c721484d89f3684064363829139df6b4be76fb04ad9ec5cf2faf907a440931d08e9e65d7b8597e57292ac7c4f1982c1bd6f4004599024a82954502db72a47cc66269ee45d0f4431963df216018cd09bb08ad3d5892b7b45695d5f782adaeac17bf2ef5d6862908eb0cd1f08974add39b3dc0c419ab6cdf8741796365ff5febc5acc75fc049d032b828fbbfb2a1f86bd5ddac8b0c34a65f46d7a939862a1dd88b855e8cc356e15f6ddcef472fd05c029c319536e0a31e646c5afdde4f9efd85a700a7ef39946f797fa96bacfd15ccb9a902c486c3ea0b529fd45c29361d88fda169ec1ce96ab06bae592ec35a1db60eb31fc681004c32755b474f45edf0d211c8f97e5d1bc7b000c02edef7a48db21b1bed2250f1e1044d4e9d018bb02ac2f8a22b834cbf73c16ec0bfeba144e362c08960124b6fe545d7d5a7613ff2a0a27644f22b707dde3227b8375905fb38e5a8c45f2579b2e80762c2c54695669ac80f00007d4f0000970e7e3c4bc415bad58368aadb6dd179da093b760f40ac2cf674dde3642c6052c14c275fe321612006d2bf4d6fe600a954494b97e133e35b414d50f9f02fda424a59147ffdeef8dd0406e0ce4e4150ab927c7020281ac2aeb90710f5c72159f40e573e1a98bdbd45014c882cf185b11003924150ce0e90cf060e75669e11b52980b0215dd874f8c7b77a5510000000000091537ac62a93d30b3a03af813137fdbe437ebeb3bb5465e146df3b1db40c941e7b3fb95d05ac7ebe7f649913a1ee2322d19616d5073260fd3a024754feced7322c087dd0aabb28deacf04ba53888e748cd3e33784ef870a1d077ed042e179fd1e4cc4af0e2a15f4bb4f7fde1c5d12bf1a7982ffb0bf92329982ca257d83b31369a23f5f183156f5fb4c77fcc05dba8003d73e8ca7ad22dcc2ca7409ee85333a12dbb75ee124e511f41e1130c47049c00000000000000000054450e914e30db640a5f465cc343ed4d15e0ac565f6b501e35dda2b48c0e503239e0265c079ec700b7eda23f2f816e53a2eafd99b6c21df716ba011af218c828e68c9083ea03480a1be36aa1a3f1c79cfee450d10c62d09408d0d14e0b45d24f4c2deeafcb544402848780ff33723b157000000000000000090d238bac9a91b376db76124c6f851f1615ed405b02ee06a41ee4532067cc12dddd74bfe3125c15e35a004f7492b5d4feec1ceb7503461103c6b88e4c2c5404ca8331b319070051a4319c695132950e6b4595bba5a43b470091a1cc3caad0272edf93d7d55813f1c5c33073ffe5d1f3e27db32999c569753dbfe869792694de40fba09e4ac97ffc2a483e61ca000000804d1e7a824eba0884b04d731de8193a73d342a727d9703cb71b770504deeece71fcf92af35a4873c733a6b348f4bc2aaaf5793cca3250ddedcebd51df45eaf8ff2012160cb8b85951bf8a13c51d983b22c03db12b929c9bde8ea3cc4ce4120a09713a1d3dd37e200a2dd71949ed8d28153cecbea71f4b50387a973cc0056f9f000000100083822a960c2edce5c20b0ff7cfef9559824b89a21e140e577b68eee02882861fc51a820e497b18d9059e3f4a1a1ac5208f35a1404d1df9b25f2fbdf9fbfab4c352000000000000000000000000000098d99fb576a0072c72936578654f970ce2caa319f2b8f0ff64bf3dc43f2dcd50a3a11ce0e4465d44e915e19da56dc8400eb8bb52cc02a419f7d562a39aa9fae346c49f9dc301b1aa3bd557c91748f5e0020d2dfecaeb107887e4887031687120d0452bf79b0523d190ce81cd624ab277368148a84f188ffb0700e54509b8bc28535690cb16e2306d85371baa0d7a62ba7466694c218df1a3a56d750c87c5f5bd5367e674c6821b5763f51e5b93fdf27b9af9f8d2035d73aa75613e3d165c51620a001d537b9f9cb36a9711f2967942ff7daf93f7dd70e553324d8b63d86733e6301fcd903f7335a6c2719b8cbab445b3f0a3cd1aa478291771292138bdffbae1a91a7cdf4ed2732fe3a38dab24b686abedc9687602eedd6781f6a0b3e8c0d732acd1b417fdf6a292c838882682a19257d4abb35904c85fe7eb7b056fc62d13a743060da27e660715a66c722b41888c506546cb03ed2f3898ec397056bca0ae791384990b2dd17189813597dac3fdec6f7e410a02d24605cf286a0ebb1672f2547b7ecdf3cb7a82d223e3e695b380155f446a893be0dc7591df9f7807f0b93bcbd418b51af4bced834cc8850675cb38bbef1803676413c9a949a6da7191e8156ee61a914fae3abecf98da3805858f10ef4c484cbb7ec7e5b107199196d7b65aa61ea5e5177e3716e21f86006354552a1439eeb0fee900000000000000000000c5da7eb7640e3e93eb5685918a239230cdc1dbcea699dcf280abefebd6a5da22e70dce8780117f9ab0000000000000000000000000506a6b252a0f133913c59586d05358b4224315356979e1ebf7f7d2ddf011e6cbcf6a977dd9347e5e43a1f6f228e95d31d603b823d6fa3d43eed9fddc1a8ca3f3a81545d60686b298d61a5601f79215def48d07c686e2bc532a28b3c6f7508a7cb6ce824e14360cc170b2adafe07f9b50876dcea0ef56fcd0425a50680c393440024571676900ede564b5e8935c8aaeff153f39885df9856567f6c56c9763f113a7ea89d70c0991842f9217e82a322278c3bd6f6e6edb2d9868f8924c524319142de50c226026c57931aac7f6ab086a67cfc7140086e1bffc9b4fdf9bc76c689249dceaeb455c3e1853fd2cc22d5700"/2308], 0x80}}, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r0, &(0x7f0000000180), 0x400024c, 0x0)

02:34:20 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'veth1\x00', &(0x7f0000000140)=@ethtool_cmd={0x19}})

[  146.664075] audit: type=1400 audit(1568860460.208:41): avc:  denied  { map } for  pid=7050 comm="syz-executor.0" path="/root/syzkaller-testdir026981326/syzkaller.a3BKl3/3/file0/mem" dev="devtmpfs" ino=13689 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:memory_device_t:s0 tclass=chr_file permissive=1
02:34:20 executing program 0:
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='overlay\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB=',lowerdir=.:file0'])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000240)=""/65, 0x41)

[  146.708105] ptrace attach of "/root/syz-executor.2"[7049] was attempted by "/root/syz-executor.2"[7058]
[  146.749287] ptrace attach of "/root/syz-executor.5"[7051] was attempted by "/root/syz-executor.5"[7070]
[  146.796015] overlayfs: fs on 'file0' does not support file handles, falling back to index=off.
[  146.808618] overlayfs: fs on 'file0' does not support file handles, falling back to index=off.
02:34:23 executing program 5:
clone(0x200, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r1 = gettid()
clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ptrace$setopts(0x4206, r1, 0x0, 0x0)

02:34:23 executing program 3:
syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0x2, 0x2)
ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2)
ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
getpid()
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f00001da000/0x18000)=nil, 0x0, 0xfffffe72, 0x0, 0x0, 0xa00000000000000)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f00000001c0))
openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0)
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, 0x0, 0x81)
r3 = socket$inet6(0xa, 0x400000000001, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp6_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={0x0, 0x839}, 0x8)
ftruncate(0xffffffffffffffff, 0x200004)

02:34:23 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000003c0)="a4ab12f728db4b2b4d2f2fba4fad0b3a47006db763e3a227deb6999d32772cf2eebb1fb054d54ac45a333c28785d630f38ba", 0x32}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

02:34:23 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000440)=ANY=[@ANYBLOB="010000e8"])

02:34:23 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000540)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000006402000020feffff7a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000fffe00000704000000000000b5040000100000206a0700fe00000000850000002f000000b70000000a00000095000000000000006458c2c62fc2868f0399d909a63796c113a80c19aab9d607000000b6cd483be3f0d3253730e711f5969f62c28b22756bedf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468956af540439fce41f144631ac262dcae08c3d1a1fbe96dd87235b44174f7c0343185089a0f119e31975e551558055dc2dced18e14cfd81cc9204e388"], &(0x7f0000000280)='\xc2\x06m\xd6D\xec\x01\xd7Rg\x7f\x9c-_\xd0\xe7\xfa=2\x00=', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x139}, 0x48)

02:34:23 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000003c0)="a4ab12f728db4b2b4d2f2fba4fad0b3a47006db763e3a227deb6999d32772cf2eebb1fb054d54ac45a333c28785d630f38ba0fd5e2d5fb109aa4d1a2d25799eb00ea36a133349cce8d7986f5f3a2518643b1287105afeb7e56476dd2c9cb575a0fad7e0b6f6355077e72904a4153382c5952219145c003abaf3a24499ea6ccd595d14ee538bc7bf15b304003d1048ac70caa5064492916d98251883c182f2ec07ed91d53e745a1b28530a453bed61ecc0fc6056bba5b37c29fcd84fa8c38c6337f59de193214f08711612845a0898b8f0ed5", 0xd2}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

02:34:23 executing program 2:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2e00000023008163e45ae08700000000060f0ec0000000bc4cc91b4dd65b2f0580cb7023f52a556d1cd4f1cbf90a", 0x2e}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg(r0, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000006f00)=[{0x0}], 0x1}, 0x0)

[  149.623744] hrtimer: interrupt took 23893 ns
[  149.633569] audit: type=1400 audit(1568860463.178:42): avc:  denied  { map } for  pid=7085 comm="syz-executor.3" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=26866 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=1
02:34:23 executing program 5:
clone(0x200, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r1 = gettid()
clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ptrace$setopts(0x4206, r1, 0x0, 0x0)

02:34:23 executing program 2:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f00000001c0), 0xfffffef3)
r2 = epoll_create(0xb)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040))
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
clock_gettime(0x0, &(0x7f0000000240))
socket(0x10, 0x802, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  149.734635] audit: type=1400 audit(1568860463.268:43): avc:  denied  { read } for  pid=7106 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
02:34:23 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r1, 0x0, 0x22a, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c)
recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='yeah\x00', 0x5)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
syz_open_dev$swradio(0x0, 0x0, 0x2)
ioctl$TIOCGETD(0xffffffffffffffff, 0x5424, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0)
clock_gettime(0x0, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, 0x0, 0x0)
shutdown(r1, 0x1)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendto$inet6(r2, &(0x7f0000000080)='#', 0x1, 0x0, 0x0, 0x0)

02:34:23 executing program 3:
r0 = socket(0xa, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x48f, &(0x7f0000000300)={0x100000011, @empty, 0x0, 0x6008800, 'lblc\x00'}, 0x2c)

02:34:23 executing program 5:
clone(0x200, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r1 = gettid()
clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ptrace$setopts(0x4206, r1, 0x0, 0x0)

[  149.999078] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  150.025283] ==================================================================
[  150.032775] BUG: KASAN: use-after-free in tcp_init_tso_segs+0x1ae/0x200
[  150.039529] Read of size 2 at addr ffff88809489a2f0 by task syz-executor.1/7133
[  150.047007] 
[  150.048647] CPU: 1 PID: 7133 Comm: syz-executor.1 Not tainted 4.14.144 #0
[  150.055572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  150.064926] Call Trace:
[  150.067520]  dump_stack+0x138/0x197
[  150.071181]  ? tcp_init_tso_segs+0x1ae/0x200
[  150.075592]  print_address_description.cold+0x7c/0x1dc
[  150.080882]  ? tcp_init_tso_segs+0x1ae/0x200
[  150.085295]  kasan_report.cold+0xa9/0x2af
[  150.089448]  __asan_report_load2_noabort+0x14/0x20
[  150.094399]  tcp_init_tso_segs+0x1ae/0x200
[  150.098645]  ? tcp_tso_segs+0x7d/0x1c0
[  150.102595]  tcp_write_xmit+0x15e/0x4960
[  150.107031]  ? tcp_v6_md5_lookup+0x23/0x30
[  150.111265]  ? tcp_established_options+0x2c5/0x420
[  150.116193]  ? tcp_current_mss+0x1dc/0x2f0
[  150.120426]  ? __alloc_skb+0x3ee/0x500
[  150.124334]  __tcp_push_pending_frames+0xa6/0x260
[  150.129175]  tcp_send_fin+0x17e/0xc40
[  150.132977]  ? lock_sock_nested+0x8c/0x110
[  150.137212]  tcp_shutdown+0xe2/0x110
[  150.140939]  ? tcp_tx_timestamp.part.0+0x290/0x290
[  150.146931]  inet_shutdown+0x178/0x350
[  150.150822]  SyS_shutdown+0xe1/0x170
[  150.154973]  ? SyS_getsockopt+0x1e0/0x1e0
[  150.159117]  ? SyS_clock_gettime+0xf8/0x180
[  150.163441]  ? do_syscall_64+0x53/0x640
[  150.167440]  ? SyS_getsockopt+0x1e0/0x1e0
[  150.171594]  do_syscall_64+0x1e8/0x640
[  150.175485]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  150.180354]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  150.186436] RIP: 0033:0x4598e9
[  150.189623] RSP: 002b:00007f3aa9ca6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000030
[  150.197328] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004598e9
[  150.205070] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004
[  150.213919] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  150.223596] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3aa9ca76d4
[  150.230981] R13: 00000000004c8463 R14: 00000000004df000 R15: 00000000ffffffff
[  150.238274] 
[  150.239907] Allocated by task 7133:
[  150.243540]  save_stack_trace+0x16/0x20
[  150.247515]  save_stack+0x45/0xd0
[  150.250963]  kasan_kmalloc+0xce/0xf0
[  150.254671]  kasan_slab_alloc+0xf/0x20
[  150.258552]  kmem_cache_alloc_node+0x144/0x780
[  150.263126]  __alloc_skb+0x9c/0x500
[  150.266749]  sk_stream_alloc_skb+0xb3/0x780
[  150.271064]  tcp_sendmsg_locked+0xf61/0x3200
[  150.275489]  tcp_sendmsg+0x30/0x50
[  150.279026]  inet_sendmsg+0x122/0x500
[  150.282824]  sock_sendmsg+0xce/0x110
[  150.286536]  SYSC_sendto+0x206/0x310
[  150.290246]  SyS_sendto+0x40/0x50
[  150.293703]  do_syscall_64+0x1e8/0x640
[  150.297613]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  150.302790] 
[  150.304414] Freed by task 7133:
[  150.307701]  save_stack_trace+0x16/0x20
[  150.311671]  save_stack+0x45/0xd0
[  150.315122]  kasan_slab_free+0x75/0xc0
[  150.319447]  kmem_cache_free+0x83/0x2b0
[  150.323420]  kfree_skbmem+0x8d/0x120
[  150.327130]  __kfree_skb+0x1e/0x30
[  150.330665]  tcp_remove_empty_skb.part.0+0x231/0x2e0
[  150.335748]  tcp_sendmsg_locked+0x1ced/0x3200
[  150.340223]  tcp_sendmsg+0x30/0x50
[  150.343742]  inet_sendmsg+0x122/0x500
[  150.347528]  sock_sendmsg+0xce/0x110
[  150.351229]  SYSC_sendto+0x206/0x310
[  150.354921]  SyS_sendto+0x40/0x50
[  150.358355]  do_syscall_64+0x1e8/0x640
[  150.362223]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  150.367387] 
[  150.368994] The buggy address belongs to the object at ffff88809489a2c0
[  150.368994]  which belongs to the cache skbuff_fclone_cache of size 472
[  150.382327] The buggy address is located 48 bytes inside of
[  150.382327]  472-byte region [ffff88809489a2c0, ffff88809489a498)
[  150.394099] The buggy address belongs to the page:
[  150.399012] page:ffffea0002522680 count:1 mapcount:0 mapping:ffff88809489a040 index:0x0
[  150.409722] flags: 0x1fffc0000000100(slab)
[  150.414018] raw: 01fffc0000000100 ffff88809489a040 0000000000000000 0000000100000006
[  150.423982] raw: ffffea0002302da0 ffffea0002181da0 ffff8880a9e19a80 0000000000000000
[  150.431850] page dumped because: kasan: bad access detected
[  150.437561] 
[  150.439168] Memory state around the buggy address:
02:34:24 executing program 5:
clone(0x200, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mknod(&(0x7f0000000000)='./file0\x00', 0x38, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r1 = gettid()
kcmp(r1, r1, 0x4, 0xffffffffffffffff, 0xffffffffffffffff)
ptrace$setopts(0x4206, r1, 0x0, 0x0)

02:34:24 executing program 3:
r0 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$user(&(0x7f0000000480)='user\x00', &(0x7f0000000280)={'syz'}, &(0x7f0000000600)="08000000000000003759540d01ab3409d020ce89f347f85954148506ada508304f9a72c09ed607aaa5aebe2498570ca5d2d11eadfec8ef98f956a77dd104439715fb62f2aa8e3d83b831c272c31f4412f90df7203dd222f0652c485463d225ffcc2357e053c0ba88cdce1e394b0c4896e5ee5b1de0dd94615ce05f1eec2510cf313e048bdfc66a909be38e1127baae09a26c08d0153bd5a49d6748f6c07d75cc2e7eb4367b92abf90b9a39bf8fabddb4b79515fc7194d4df5a0118ca46b1513277f9814b7e341f616a3636d3955333aa7ad584527d980f42a323252bc0531c1f787db7c88cb76eea99d893af4fcac6bbd4f45a1e82d64ef5d013c03c5283bf0d9e270525afae3644facb7f56d66c3474e49bc0db50ab87c04e277dc29f09da1db4514d9275f1a617123880b43b19d16fd658c5fa22377ffc2618a96455d310df61d99f73ea14a8554dd521f459643c900951735c30d133f8c04373c12fd20ce4730a0a0be2bcb5d2b0", 0x169, r0)
r2 = add_key$user(&(0x7f0000000380)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f00000003c0)='X', 0x1, 0xfffffffffffffffe)
getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
r3 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r2, r3, r1}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'crct10dif\x00\x00\x00 \x00\x00\x00+\x00'}})

[  150.444081]  ffff88809489a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  150.451422]  ffff88809489a200: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[  150.458772] >ffff88809489a280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  150.466113]                                                              ^
[  150.473111]  ffff88809489a300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  150.480611]  ffff88809489a380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  150.487973] ==================================================================
[  150.495323] Disabling lock debugging due to kernel taint
[  150.515866] Kernel panic - not syncing: panic_on_warn set ...
[  150.515866] 
[  150.523260] CPU: 1 PID: 7133 Comm: syz-executor.1 Tainted: G    B           4.14.144 #0
[  150.531396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  150.540742] Call Trace:
[  150.543335]  dump_stack+0x138/0x197
[  150.546965]  ? tcp_init_tso_segs+0x1ae/0x200
[  150.551391]  panic+0x1f2/0x426
[  150.554687]  ? add_taint.cold+0x16/0x16
[  150.558672]  ? ___preempt_schedule+0x16/0x18
[  150.563084]  kasan_end_report+0x47/0x4f
[  150.567064]  kasan_report.cold+0x130/0x2af
[  150.571303]  __asan_report_load2_noabort+0x14/0x20
[  150.576845]  tcp_init_tso_segs+0x1ae/0x200
[  150.579727] kobject: 'loop5' (ffff8880a4a3f320): kobject_uevent_env
[  150.581091]  ? tcp_tso_segs+0x7d/0x1c0
[  150.581101]  tcp_write_xmit+0x15e/0x4960
[  150.581111]  ? tcp_v6_md5_lookup+0x23/0x30
[  150.581119]  ? tcp_established_options+0x2c5/0x420
[  150.581128]  ? tcp_current_mss+0x1dc/0x2f0
[  150.581138]  ? __alloc_skb+0x3ee/0x500
[  150.581147]  __tcp_push_pending_frames+0xa6/0x260
[  150.581158]  tcp_send_fin+0x17e/0xc40
[  150.587576] kobject: 'loop5' (ffff8880a4a3f320): fill_kobj_path: path = '/devices/virtual/block/loop5'
[  150.591522]  ? lock_sock_nested+0x8c/0x110
[  150.591531]  tcp_shutdown+0xe2/0x110
[  150.591538]  ? tcp_tx_timestamp.part.0+0x290/0x290
[  150.591546]  inet_shutdown+0x178/0x350
[  150.591554]  SyS_shutdown+0xe1/0x170
[  150.591563]  ? SyS_getsockopt+0x1e0/0x1e0
[  150.655570]  ? SyS_clock_gettime+0xf8/0x180
[  150.659961]  ? do_syscall_64+0x53/0x640
[  150.663927]  ? SyS_getsockopt+0x1e0/0x1e0
[  150.668078]  do_syscall_64+0x1e8/0x640
[  150.671967]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  150.676799]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  150.681971] RIP: 0033:0x4598e9
[  150.685141] RSP: 002b:00007f3aa9ca6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000030
[  150.692837] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004598e9
[  150.700092] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004
[  150.707342] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  150.714692] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3aa9ca76d4
[  150.721945] R13: 00000000004c8463 R14: 00000000004df000 R15: 00000000ffffffff
[  150.730824] Kernel Offset: disabled
[  150.734496] Rebooting in 86400 seconds..