[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.553808] random: sshd: uninitialized urandom read (32 bytes read) [ 33.864839] kauditd_printk_skb: 11 callbacks suppressed [ 33.864847] audit: type=1400 audit(1570167213.155:35): avc: denied { map } for pid=6966 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 33.920570] random: sshd: uninitialized urandom read (32 bytes read) [ 34.523825] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts. [ 40.106874] random: sshd: uninitialized urandom read (32 bytes read) 2019/10/04 05:33:39 fuzzer started [ 40.300312] audit: type=1400 audit(1570167219.595:36): avc: denied { map } for pid=6976 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.959503] random: cc1: uninitialized urandom read (8 bytes read) 2019/10/04 05:33:41 dialing manager at 10.128.0.105:38761 2019/10/04 05:33:41 syscalls: 2500 2019/10/04 05:33:41 code coverage: enabled 2019/10/04 05:33:41 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/10/04 05:33:41 extra coverage: extra coverage is not supported by the kernel 2019/10/04 05:33:41 setuid sandbox: enabled 2019/10/04 05:33:41 namespace sandbox: enabled 2019/10/04 05:33:41 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/04 05:33:41 fault injection: enabled 2019/10/04 05:33:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/04 05:33:41 net packet injection: enabled 2019/10/04 05:33:41 net device setup: enabled [ 43.107848] random: crng init done 05:35:53 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000200), 0xc) r1 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) dup2(r1, r0) 05:35:53 executing program 0: openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000040)={0x0, 0x5}) 05:35:53 executing program 3: r0 = gettid() ioctl$TIOCLINUX3(0xffffffffffffffff, 0x541c, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup2(r1, r1) write$P9_RMKNOD(0xffffffffffffffff, 0x0, 0xfff5) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) read$eventfd(0xffffffffffffffff, &(0x7f0000000280), 0x8) getgroups(0x0, 0x0) sendmsg$netlink(r1, &(0x7f0000001cc0)={&(0x7f0000000100), 0xc, 0x0, 0x1bc, 0x0, 0x1d5}, 0x80) getsockname(0xffffffffffffffff, 0x0, 0x0) write$P9_RGETLOCK(0xffffffffffffffff, 0x0, 0x1a88f2c2a217f9) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) r2 = getpid() wait4(r2, &(0x7f0000000000), 0x0, 0x0) write$P9_RLCREATE(0xffffffffffffffff, 0x0, 0x0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x0) write$P9_RLCREATE(0xffffffffffffffff, 0x0, 0x15b) fcntl$dupfd(r1, 0x406, 0xffffffffffffffff) setxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.opaque\x00', &(0x7f00000002c0)='y\x00', 0x2, 0x0) tkill(r0, 0x401000000000014) 05:35:53 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, 0x1, {0x7, 0x1e}}, 0x50) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000040)={0x30, 0x5, 0x0, {0x0, 0x1, 0x0, 0x6}}, 0x30) 05:35:53 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)={0x44, r1, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PORT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}]}]}, 0x44}}, 0x0) 05:35:53 executing program 4: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)) [ 174.133874] audit: type=1400 audit(1570167353.425:37): avc: denied { map } for pid=6976 comm="syz-fuzzer" path="/root/syzkaller-shm339565176" dev="sda1" ino=16461 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 174.213096] audit: type=1400 audit(1570167353.435:38): avc: denied { map } for pid=6993 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=2632 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 174.521038] IPVS: ftp: loaded support on port[0] = 21 [ 175.289151] chnl_net:caif_netlink_parms(): no params data found [ 175.301340] IPVS: ftp: loaded support on port[0] = 21 [ 175.327287] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.333946] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.341249] device bridge_slave_0 entered promiscuous mode [ 175.347976] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.354445] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.361279] device bridge_slave_1 entered promiscuous mode [ 175.383264] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.392162] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.415811] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 175.423764] team0: Port device team_slave_0 added [ 175.431347] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 175.438322] team0: Port device team_slave_1 added [ 175.445323] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 175.452717] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 175.469389] IPVS: ftp: loaded support on port[0] = 21 [ 175.533232] device hsr_slave_0 entered promiscuous mode [ 175.570287] device hsr_slave_1 entered promiscuous mode [ 175.610682] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 175.617801] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 175.642483] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.648904] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.655725] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.662121] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.707033] chnl_net:caif_netlink_parms(): no params data found [ 175.776267] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.783872] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.790997] device bridge_slave_0 entered promiscuous mode [ 175.797872] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.798108] IPVS: ftp: loaded support on port[0] = 21 [ 175.804295] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.804961] device bridge_slave_1 entered promiscuous mode [ 175.833555] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 175.839630] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.857548] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 175.877163] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.887729] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.928876] chnl_net:caif_netlink_parms(): no params data found [ 175.937916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 175.947263] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.964661] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.972941] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 175.979973] team0: Port device team_slave_0 added [ 175.985737] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 175.993253] team0: Port device team_slave_1 added [ 176.007638] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 176.013907] 8021q: adding VLAN 0 to HW filter on device team0 [ 176.021628] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 176.029373] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 176.092214] device hsr_slave_0 entered promiscuous mode [ 176.130305] device hsr_slave_1 entered promiscuous mode [ 176.190760] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 176.198237] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 176.218178] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.224602] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.231217] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.237541] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.250484] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.257197] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.264423] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.272332] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.278652] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.285630] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.293494] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.299873] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.307226] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 176.328926] IPVS: ftp: loaded support on port[0] = 21 [ 176.336060] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 176.344659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.356027] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.366039] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 176.375550] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 176.400484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.408112] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.417646] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 176.426809] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.433881] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.441360] device bridge_slave_0 entered promiscuous mode [ 176.455193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 176.463086] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.473285] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 176.485003] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.491508] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.498380] device bridge_slave_1 entered promiscuous mode [ 176.525329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 176.533260] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.544839] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 176.551046] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 176.563884] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.593251] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.605107] chnl_net:caif_netlink_parms(): no params data found [ 176.646259] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 176.654704] team0: Port device team_slave_0 added [ 176.662115] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 176.673005] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.683354] 8021q: adding VLAN 0 to HW filter on device bond0 [ 176.689712] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 176.698045] team0: Port device team_slave_1 added [ 176.716869] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 176.725646] IPVS: ftp: loaded support on port[0] = 21 [ 176.747150] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 176.765653] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 176.777720] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.785494] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.792789] device bridge_slave_0 entered promiscuous mode [ 176.843297] device hsr_slave_0 entered promiscuous mode [ 176.900520] device hsr_slave_1 entered promiscuous mode [ 176.944181] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.951707] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.958941] device bridge_slave_1 entered promiscuous mode [ 176.977988] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.986048] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready 05:35:56 executing program 5: r0 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0x12) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, 0x0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x3a) bind$bt_l2cap(r1, &(0x7f0000000100)={0x1f, 0x14b, {0x0, 0xe1, 0x80, 0x0, 0x0, 0x2}, 0x0, 0xe5}, 0xe) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000001000)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8) r4 = accept$alg(r3, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000140)={'irlan0\x00', &(0x7f0000000440)=ANY=[@ANYBLOB="330000000900800008628f9f83e9d83daeeff26085bdcafabe793ec56f9bf404b21df0da202f8b037f4501d5461c90ed5703716994d11279a498536dab070d06ac37db98ef5553575155ea6a01b758037aa559d089846a9d883db0eaadbf5cd9298232b7c0507b6353a2eda26b32169126ec15013238a5262b8ddf6d8d3b381c9bd224520d710094"]}) r5 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000001000)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8) r7 = accept$alg(r6, 0x0, 0x0) sendmmsg(r7, &(0x7f0000007b40)=[{{&(0x7f0000000180)=@l2, 0x21, &(0x7f0000000000), 0x8}}, {{&(0x7f0000007500)=@hci, 0x80, &(0x7f0000007680), 0x141, &(0x7f00000076c0), 0x10}}], 0x4000000000003d5, 0x0) openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/self/attr/keycreate\x00', 0x2, 0x0) sendmsg$nl_netfilter(r5, 0x0, 0x800) dup3(r2, 0xffffffffffffffff, 0x80000) keyctl$setperm(0x5, 0x0, 0x100) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) [ 177.002032] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 177.015473] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 177.023349] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 177.035633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.043974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.100186] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 177.106282] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.143587] hrtimer: interrupt took 28785 ns [ 177.174988] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 177.183167] team0: Port device team_slave_0 added [ 177.197758] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 177.239265] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 177.249262] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 177.256619] team0: Port device team_slave_1 added [ 177.282893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.290975] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.298541] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.304912] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.312241] chnl_net:caif_netlink_parms(): no params data found [ 177.321801] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 05:35:56 executing program 5: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f00000000c0)="240000001a0025f0006bb404feff141c020b5aff6e10b500001180cc08000200ac141410", 0x24) [ 177.330303] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 177.337498] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 177.350909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.366776] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.376216] bridge0: port 2(bridge_slave_1) entered blocking state 05:35:56 executing program 5: r0 = socket(0x10, 0x400000000080803, 0x0) write(r0, &(0x7f0000000040)="240000003a00d17da53a7436fef7001d0a0b49ffed000009000028000800030001000000", 0x24) recvmmsg(r0, &(0x7f0000004040)=[{{0x0, 0xd1, &(0x7f00000011c0)=[{&(0x7f0000000140)=""/116, 0x74}, {&(0x7f00000001c0)=""/4096, 0x1000}], 0x2}}], 0x11a, 0x0, 0x0) [ 177.382629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.404946] chnl_net:caif_netlink_parms(): no params data found [ 177.428720] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 177.438518] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 177.459754] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.543371] device hsr_slave_0 entered promiscuous mode [ 177.580246] device hsr_slave_1 entered promiscuous mode [ 177.620242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.627937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.637658] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 177.655058] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 177.662439] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready 05:35:56 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000000, 0x2, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x10) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) ioprio_set$uid(0x0, 0x0, 0x0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) fallocate(r1, 0x0, 0x0, 0x1000f4) r3 = semget$private(0x0, 0x4, 0x8) semctl$GETVAL(r3, 0xfac69a90c9373844, 0xc, &(0x7f0000000200)=""/157) r4 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8000fffffffe) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0x5) setreuid(0x0, r5) write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000001d80)=ANY=[@ANYBLOB="620000007d010000004980090000000000c000000000020000000000003a05040000000000001a000200000000000000006486000900736861332d323536000400656e633d0900040000000000000017aa441310", @ANYRES32=0x0, @ANYRES32, @ANYRES32=0x0], 0x60) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, 0x0, 0x0) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r9 = socket$alg(0x26, 0x5, 0x0) accept4$alg(r9, 0x0, 0x0, 0x0) r10 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r10, 0x0, 0x0, 0x1000f4) sendfile(r10, 0xffffffffffffffff, 0x0, 0x8000fffffffe) perf_event_open$cgroup(&(0x7f0000001800)={0x0, 0x70, 0x7f, 0x4e, 0x81, 0x81, 0x0, 0xf22, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x400, 0x3, @perf_bp={0x0, 0x1}, 0x800, 0x6, 0x80000000, 0x2, 0x0, 0x5}, r10, 0x1, 0xffffffffffffffff, 0x0) r11 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r11, 0x1, 0x11, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000001880)={{{@in6=@dev, @in=@multicast1}}, {{@in6=@mcast2}, 0x0, @in6}}, &(0x7f0000001980)=0xe8) r12 = getegid() write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000440)={0x62, 0x7d, 0x0, {{0x0, 0xa, 0x9, 0x0, {0xc0, 0x0, 0x2}, 0x0, 0x0, 0x1a, 0x0, 0x9, 'sha3-256\x00', 0x4, 'enc=', 0x2, 'sha3-256\x00', 0x7d4ec375f52b336c}, 0x4, 'enc=', 0xee01, r12}}, 0x62) getpid() getresuid(0x0, &(0x7f0000001a00), 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, 0x0) lstat(&(0x7f0000001b40)='./bus\x00', &(0x7f0000001b80)) getegid() bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8000fffffffe) r13 = getegid() write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="620000007d010000000000020000000000000000000000000000001a000000f88aff01000000000900736861332d323536000400656e633d0900736861332d3235360000000400656e633d", @ANYRES32=0x0, @ANYRES32=r13, @ANYRES32=0x0], 0x62) sendmsg$unix(r0, 0x0, 0x2000) [ 177.669260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.677139] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.686677] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 177.713886] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 177.728011] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 177.741772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.749438] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.759447] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 177.764068] audit: type=1804 audit(1570167357.055:39): pid=7044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir531311241/syzkaller.7mLbmS/4/bus" dev="sda1" ino=16525 res=1 [ 177.768004] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.805921] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.813163] device bridge_slave_0 entered promiscuous mode [ 177.822376] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 177.833177] audit: type=1804 audit(1570167357.125:40): pid=7044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir531311241/syzkaller.7mLbmS/4/bus" dev="sda1" ino=16525 res=1 [ 177.877456] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.883883] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.890973] device bridge_slave_0 entered promiscuous mode [ 177.897182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 177.906530] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.913952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 177.921190] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.929130] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.935578] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.942633] device bridge_slave_1 entered promiscuous mode [ 177.949398] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 177.955901] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.964513] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 177.971641] bridge0: port 2(bridge_slave_1) entered blocking state 05:35:57 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_procfs(0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000280)=0x32, 0x4) connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) [ 177.977986] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.986748] device bridge_slave_1 entered promiscuous mode [ 177.998960] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 178.019846] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.034155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 178.050717] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 178.058159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.069016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.078102] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.084501] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.109567] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 178.120722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 178.129575] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.143606] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.152892] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.164457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.172275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.179869] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.186253] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.205072] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 178.222500] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 178.231563] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 178.240813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.250602] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.273531] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.294729] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 178.303559] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 178.322912] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.356929] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.378989] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 178.389757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.421329] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.429299] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 178.441169] team0: Port device team_slave_0 added [ 178.448058] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 178.467337] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 178.478553] team0: Port device team_slave_0 added [ 178.486312] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 178.497571] team0: Port device team_slave_1 added [ 178.505047] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 178.516408] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 178.523920] team0: Port device team_slave_1 added [ 178.529225] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 178.541836] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 178.554616] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 178.562974] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 178.573914] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 178.595891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.624044] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 05:35:58 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = eventfd(0x0) fstat(r2, &(0x7f0000000180)) 05:35:58 executing program 3: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x2, &(0x7f0000000040)=[{0x15, 0x0, 0x0, 0xfffffffd}, {0x6, 0x0, 0x0, 0xfffffffe}]}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 178.671528] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 178.735467] device hsr_slave_0 entered promiscuous mode [ 178.744270] audit: type=1326 audit(1570167358.035:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7065 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45c86a code=0xffff0000 [ 178.791662] device hsr_slave_1 entered promiscuous mode [ 178.892296] device hsr_slave_0 entered promiscuous mode [ 178.930560] device hsr_slave_1 entered promiscuous mode [ 178.980387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.987254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.995625] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 179.003693] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 179.011631] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 179.018773] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 179.026107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.033560] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.047022] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 179.055409] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 179.062116] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.068535] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 179.081181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.089040] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.102606] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 179.108613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.118042] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.135231] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 179.142077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.149683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.157614] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.163994] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.171739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.183677] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 179.194937] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.205902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.214170] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.222674] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.229009] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.237765] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 179.245543] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 179.253953] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.263730] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 179.274248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.287830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.302072] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 179.318795] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 179.326493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.334620] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.343576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.351556] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.358968] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.384186] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 179.400887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.408283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.417875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.425732] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 179.434645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.443477] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 179.449642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.457121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.466322] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 179.476006] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.486187] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 179.496449] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 179.505827] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 179.512380] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.521863] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 179.531432] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 179.531841] audit: type=1326 audit(1570167358.825:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7065 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45c86a code=0xffff0000 [ 179.537522] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.579818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.587287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.589598] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 179.594583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.616942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.625429] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.636586] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 179.646506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.656456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.667463] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.673878] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.683125] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.692826] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.705228] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.712530] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.719578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.727582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.735557] bridge0: port 2(bridge_slave_1) entered blocking state 05:35:59 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80)=[{0x0, 0x8dffffff00000000, &(0x7f0000000380)=[{&(0x7f0000000100)='/', 0x1}], 0x1}], 0x1, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000000c0)="0a0743cc05e381e5b3b60ced5c54dbb7", 0x10) r4 = accept$alg(r3, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000003e80)=[{0x0, 0x8dffffff00000000, &(0x7f0000000380), 0x1}], 0x49249249249254f, 0x0) 05:35:59 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = fcntl$dupfd(r0, 0x0, r3) ioctl$sock_bt_hci(r4, 0x400448c9, 0x0) [ 179.741922] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.746761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.757088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.770625] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.776966] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.791247] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.798983] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 179.812458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.829994] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 179.838561] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.869712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.878561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.886802] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.895138] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.901521] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.910654] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 179.920800] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 179.927950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.940668] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.953013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.964070] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 179.974841] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 179.984501] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 179.992528] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.999407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.007987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.015951] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.023840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.031569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.040953] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 180.048549] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 180.059403] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready 05:35:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r2 = accept$alg(r1, 0x0, 0x0) sendmsg$alg(r2, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000000700)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000240)=""/175, 0xfdc0}], 0x1}}], 0x1, 0x0, 0x0) [ 180.069583] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 180.076853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.085739] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.098009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 180.107144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 180.118851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 180.126955] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 180.136716] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 180.146382] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 180.152448] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 180.159762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 180.167673] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 180.177006] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 180.189361] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 180.200800] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 180.206813] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 180.217498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 180.225499] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 180.244439] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 180.254861] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 180.265431] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 180.279786] 8021q: adding VLAN 0 to HW filter on device batadv0 05:36:00 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) recvmmsg(r0, &(0x7f0000002d80)=[{{&(0x7f0000000080)=@alg, 0x80, &(0x7f0000000100)=[{&(0x7f0000001480)=""/4096, 0xe6c}, {&(0x7f0000000240)=""/147, 0x71f}], 0x2, &(0x7f0000002740)=""/218, 0x52}}], 0x400008c, 0x2, &(0x7f0000002e40)={0x77359400}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xffffffffffffff0e, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000004200053127d8010080000000000400000072e6c04000016ed7b2063c2e5df444b1d69598368135e22adfff66954ea956b6c525cfd9024454f1dd7ea2921c1e3b35e6b8407c13389947b2ea420101dfee3122981b471b674ba2b8e6e58022891fb9b85a2216fccfea61a3d1bc29cff0bca99a238de2deaf699e19b03b42bba6dd6509737d65b5e909451f20f3c68aaa68fe2553ef76e41f03abb15ca57d2c3f0f0435b3bb7738d93ec2dd9116f889cba8bb3835ca4ab6cfbcad4a44fbb22821f5a2d706ffea6c7aa57bb236837541cb54c1eb40fb7d19638d9411195e1e4787775926ce432fe23b9ac29e5d87d253d74eca3f58048e26af2178788efe9c89c7c9e509b66243e6218907cba3bf3473c64d606ee9c6d197feacd571a3908bcaf3bdde23d10fc60a83903242de26a2ae2a0b55361e67221f000000000000004d473cf341fe44f6947420d8399066a4efd865a48174d5a7e8050ce50e77043310f2c8ddc318f407028aae4ad1d077ab137b62c7282566055964bff527e756df553f135660d6c9acf462b3da3fb544f9a631a35c34ddf5bf88a06902200b0830f35b204d32aa389b46f29183ddcbbd87d9df16ff3979ab7ea870f7743c2931b907e4c693a42204a98f1296c162e31b23f3b75bfc15e5dfa814fbe0b474d804f67b3e521918f018dc44a505ec46559cb89d8df25cbd86ac939229c2f1cbdce8df0fcb0000cdd6d83c981b0c31e761141fbcda1d6a334d827c7feb88319bf7e269958501645a3e720b0f2fc465211f86fe0166d03cd6f3de58c5c808ea8ec3f79f716031f2cbb56418aab47229c26ede685d3204f0b29d1f2388e0cfb0e5fe2c0a350ecc4810d8a60569603498748a4fbe0698fb5a658f069f0079073bf87c9b30741732ad79dba24cc9dfa8a847f034895c9dee00983d2b20d68d899027cd608a68d5b3a4442d5b899bc8c34dedcc9401e35d"], 0x14}}, 0x0) [ 181.481023] audit: type=1400 audit(1570167360.775:43): avc: denied { create } for pid=7131 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 181.507833] audit: type=1400 audit(1570167360.775:44): avc: denied { write } for pid=7131 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 181.531873] audit: type=1400 audit(1570167360.775:45): avc: denied { read } for pid=7131 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 05:36:00 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x802, 0x88) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000080)=@in6={0xa, 0x4e24, 0x0, @mcast2, 0x9}, 0x80, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="3800000000000000290000000400000078040401000000c0073510fbff0000b408000000fab771172119000020002000004e5e0000388022"], 0x38}, 0x8000) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)}, 0x0) 05:36:00 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(0xffffffffffffffff, 0x0, 0x0, &(0x7f00001c9fff), 0x0) syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000580)) syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x401f0000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) 05:36:00 executing program 5: openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/enforce\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/pid\x00') 05:36:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="66b829018ec0b9800000c00f3235002000000f3066baf80cb8c8f61a8eef66bafc0ced0f787e0036400fc75a00c4e1f9e601c4018575504f0f87d485a71b64440f01c43e662666470f38804185", 0x4d}], 0x1, 0x0, 0x0, 0xfffffffffffffe96) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x40, 0x0, 0xfffffffffffffdd4) ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f0000000180)=ANY=[@ANYBLOB="0bcf"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:36:00 executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000640)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0x4004743d, &(0x7f0000001080)=""/246) r2 = socket$inet6_udp(0xa, 0x2, 0x0) dup2(r2, r0) 05:36:00 executing program 2: bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x19, 0x4, 0x4, 0x4, 0x4, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x3c) 05:36:01 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) creat(0x0, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = fcntl$dupfd(r0, 0x0, r3) ioctl$sock_bt_hci(r4, 0x400448c9, 0x0) [ 181.740143] ================================================================== [ 181.747652] BUG: KASAN: null-ptr-deref in kvm_write_guest_virt_system+0x64/0x90 [ 181.755104] Write of size 24 at addr (null) by task syz-executor.0/7147 [ 181.762728] [ 181.764378] CPU: 1 PID: 7147 Comm: syz-executor.0 Not tainted 4.14.146 #0 [ 181.771303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.780657] Call Trace: [ 181.783249] dump_stack+0x138/0x197 05:36:01 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x4e21, @remote}, 0x10) 05:36:01 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bind$bt_hci(r0, &(0x7f0000000200), 0xc) 05:36:01 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001000)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic\x00'}, 0x58) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001000)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007b40)=[{{&(0x7f0000000180)=@l2, 0x21, &(0x7f0000000000), 0x8}}, {{&(0x7f0000007500)=@hci, 0x80, &(0x7f0000007680), 0x141, &(0x7f00000076c0), 0x10}}], 0x4000000000003d5, 0x0) [ 181.786895] ? vprintk_func+0x65/0x159 [ 181.790788] ? kvm_write_guest_virt_system+0x64/0x90 [ 181.795901] kasan_report.cold+0x127/0x2af [ 181.800148] check_memory_region+0x123/0x190 [ 181.804555] memset+0x24/0x40 [ 181.807660] kvm_write_guest_virt_system+0x64/0x90 [ 181.807676] handle_vmread+0x548/0x730 [ 181.807687] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 181.807700] ? __lock_is_held+0xb6/0x140 [ 181.807712] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 181.807719] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 181.807728] vmx_handle_exit+0x20d/0x1330 [ 181.807736] ? vcpu_enter_guest+0xd2d/0x5210 [ 181.807745] vcpu_enter_guest+0xf28/0x5210 [ 181.807752] ? save_trace+0x290/0x290 [ 181.807762] ? find_held_lock+0x130/0x130 [ 181.821981] ? emulator_read_emulated+0x50/0x50 [ 181.821993] ? lock_acquire+0x16f/0x430 [ 181.822003] ? kvm_check_async_pf_completion+0x2a9/0x410 [ 181.822019] kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 181.822028] ? kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 181.822043] kvm_vcpu_ioctl+0x401/0xd10 [ 181.822053] ? kvm_vcpu_block+0xbb0/0xbb0 [ 181.889519] ? trace_hardirqs_on+0x10/0x10 [ 181.893752] ? __might_fault+0x110/0x1d0 [ 181.897815] ? save_trace+0x290/0x290 [ 181.901613] ? __might_fault+0x110/0x1d0 [ 181.905673] ? __fget+0x210/0x370 [ 181.909146] ? find_held_lock+0x35/0x130 [ 181.913207] ? __fget+0x210/0x370 [ 181.916663] ? kvm_vcpu_block+0xbb0/0xbb0 [ 181.920814] do_vfs_ioctl+0x7ae/0x1060 [ 181.924705] ? selinux_file_mprotect+0x5d0/0x5d0 [ 181.929474] ? lock_downgrade+0x6e0/0x6e0 [ 181.933628] ? ioctl_preallocate+0x1c0/0x1c0 05:36:01 executing program 2: gettid() mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000040)=@nullb='[d::],0::0:\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) [ 181.938035] ? __fget+0x237/0x370 [ 181.941484] ? security_file_ioctl+0x89/0xb0 [ 181.941497] SyS_ioctl+0x8f/0xc0 [ 181.941506] ? do_vfs_ioctl+0x1060/0x1060 [ 181.941519] do_syscall_64+0x1e8/0x640 [ 181.941527] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 181.941543] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 181.941552] RIP: 0033:0x459a29 [ 181.970486] RSP: 002b:00007f9666e5bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 181.978195] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 181.985470] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 181.992734] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 181.992741] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9666e5c6d4 [ 181.992745] R13: 00000000004c2ddb R14: 00000000004d68f8 R15: 00000000ffffffff [ 181.992762] ================================================================== [ 181.992766] Disabling lock debugging due to kernel taint [ 182.000989] Kernel panic - not syncing: panic_on_warn set ... [ 182.000989] [ 182.001000] CPU: 1 PID: 7147 Comm: syz-executor.0 Tainted: G B 4.14.146 #0 [ 182.001005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.001008] Call Trace: [ 182.001022] dump_stack+0x138/0x197 [ 182.001036] ? kvm_write_guest_virt_system+0x64/0x90 [ 182.001043] panic+0x1f2/0x426 [ 182.001050] ? add_taint.cold+0x16/0x16 [ 182.001061] ? ___preempt_schedule+0x16/0x18 [ 182.001074] kasan_end_report+0x47/0x4f [ 182.001082] kasan_report.cold+0x130/0x2af [ 182.001091] check_memory_region+0x123/0x190 [ 182.001098] memset+0x24/0x40 [ 182.001108] kvm_write_guest_virt_system+0x64/0x90 [ 182.001122] handle_vmread+0x548/0x730 [ 182.001133] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 182.001145] ? __lock_is_held+0xb6/0x140 [ 182.001157] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 182.001165] ? vmx_deliver_posted_interrupt+0x340/0x340 [ 182.001174] vmx_handle_exit+0x20d/0x1330 [ 182.001183] ? vcpu_enter_guest+0xd2d/0x5210 [ 182.001193] vcpu_enter_guest+0xf28/0x5210 [ 182.001201] ? save_trace+0x290/0x290 [ 182.001211] ? find_held_lock+0x130/0x130 [ 182.001220] ? emulator_read_emulated+0x50/0x50 [ 182.001228] ? lock_acquire+0x16f/0x430 [ 182.001236] ? kvm_check_async_pf_completion+0x2a9/0x410 [ 182.001248] kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 182.001256] ? kvm_arch_vcpu_ioctl_run+0x318/0x1000 [ 182.001268] kvm_vcpu_ioctl+0x401/0xd10 [ 182.001277] ? kvm_vcpu_block+0xbb0/0xbb0 [ 182.001285] ? trace_hardirqs_on+0x10/0x10 [ 182.001295] ? __might_fault+0x110/0x1d0 [ 182.001305] ? save_trace+0x290/0x290 [ 182.001313] ? __might_fault+0x110/0x1d0 [ 182.001322] ? __fget+0x210/0x370 [ 182.001330] ? find_held_lock+0x35/0x130 [ 182.001338] ? __fget+0x210/0x370 [ 182.001347] ? kvm_vcpu_block+0xbb0/0xbb0 [ 182.001355] do_vfs_ioctl+0x7ae/0x1060 [ 182.001364] ? selinux_file_mprotect+0x5d0/0x5d0 [ 182.001372] ? lock_downgrade+0x6e0/0x6e0 [ 182.001380] ? ioctl_preallocate+0x1c0/0x1c0 [ 182.001389] ? __fget+0x237/0x370 [ 182.001400] ? security_file_ioctl+0x89/0xb0 [ 182.001408] SyS_ioctl+0x8f/0xc0 [ 182.001416] ? do_vfs_ioctl+0x1060/0x1060 [ 182.001424] do_syscall_64+0x1e8/0x640 [ 182.001432] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 182.001444] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 182.001451] RIP: 0033:0x459a29 [ 182.001455] RSP: 002b:00007f9666e5bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 182.001464] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 182.001469] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 182.001473] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 182.001478] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9666e5c6d4 [ 182.001483] R13: 00000000004c2ddb R14: 00000000004d68f8 R15: 00000000ffffffff [ 182.002889] Kernel Offset: disabled [ 182.303708] Rebooting in 86400 seconds..