[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 76.294784][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 76.294794][ T27] audit: type=1800 audit(1575434668.276:39): pid=9379 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 76.336749][ T27] audit: type=1800 audit(1575434668.276:40): pid=9379 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [ 76.974041][ T27] audit: type=1400 audit(1575434668.956:41): avc: denied { map } for pid=9557 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. 2019/12/04 04:44:35 fuzzer started syzkaller login: [ 83.445305][ T27] audit: type=1400 audit(1575434675.426:42): avc: denied { map } for pid=9566 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/12/04 04:44:37 dialing manager at 10.128.0.26:35703 2019/12/04 04:44:37 syscalls: 2712 2019/12/04 04:44:37 code coverage: enabled 2019/12/04 04:44:37 comparison tracing: enabled 2019/12/04 04:44:37 extra coverage: extra coverage is not supported by the kernel 2019/12/04 04:44:37 setuid sandbox: enabled 2019/12/04 04:44:37 namespace sandbox: enabled 2019/12/04 04:44:37 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/04 04:44:37 fault injection: enabled 2019/12/04 04:44:37 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/04 04:44:37 net packet injection: enabled 2019/12/04 04:44:37 net device setup: enabled 2019/12/04 04:44:37 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/04 04:44:37 devlink PCI setup: PCI device 0000:00:10.0 is not available 04:47:13 executing program 0: syz_init_net_socket$rose(0xb, 0x5, 0x0) readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/93, 0x5d) ioctl$sock_bt_bnep_BNEPGETCONNINFO(0xffffffffffffffff, 0x800442d3, &(0x7f00000000c0)={0x9, 0x40, 0xfffa, @remote, 'veth0_to_bond\x00'}) r0 = open(&(0x7f0000000100)='./file0\x00', 0x400300, 0x100) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x7) socket$caif_seqpacket(0x25, 0x5, 0x2) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x100) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffb000/0x3000)=nil, 0x3000}, 0xc211c72180c492f9}) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/status\x00', 0x0, 0x0) unlinkat(r2, &(0x7f0000000200)='./file0\x00', 0x0) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000240)='/proc/capi/capi20\x00', 0x101000, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000280)={0x0, 0x400}, &(0x7f00000002c0)=0x8) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000300)={r4, 0x9}, &(0x7f0000000340)=0x8) r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000380)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$SG_EMULATED_HOST(r5, 0x2203, &(0x7f00000003c0)) r6 = accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000400)) setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f0000000440)={0x8, {{0xa, 0x4e23, 0x5, @local, 0x7ce3}}, 0x0, 0x2, [{{0xa, 0x4e20, 0xd5, @loopback, 0x10000}}, {{0xa, 0x4e21, 0x80, @ipv4={[], [], @local}, 0x1}}]}, 0x190) setsockopt$RDS_FREE_MR(r0, 0x114, 0x3, &(0x7f0000000600)={{0x7f, 0x1}, 0x10}, 0x10) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000640)={0x0, 0xd0, "8a8eb2b12e289a6125e34b714386cd1d33e92055a9b5c028153d987194b95d983c83395659223a408acd9059d8016b18a8514c64e5d902f79a1b70a19760985f3b6321bd968d67e69e0e13a0e4d1356bf9f8e01ac3e6a1589e7508aa5684b745bd8e4d14a265486cbefabdc917bfd94895b74047c01faffdec8e8df6c43a5d0fd64453f361ccb6c1d1b5797c4bfebbb98809e0d037275f129e5acaf945d14a0ff6881d1db6a72864b1bb7e7f5f3c2df65ccda920953f9982970b30d2733a574fcd6e33baa2f727636730b6da4b284772"}, &(0x7f0000000740)=0xd8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000780)={r7, 0x9, 0xde}, &(0x7f00000007c0)=0x8) r8 = syz_open_dev$audion(&(0x7f0000000800)='/dev/audio#\x00', 0x0, 0x301002) ioctl$SNDRV_PCM_IOCTL_HW_FREE(r8, 0x4112, 0x0) r9 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000840)='/dev/vga_arbiter\x00', 0x200001, 0x0) connect$rxrpc(r9, &(0x7f0000000880)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x80, @local, 0x2}}, 0x24) r10 = open(&(0x7f00000008c0)='./file0\x00', 0x8000, 0x41) ioctl$SOUND_PCM_READ_CHANNELS(r10, 0x80045006, &(0x7f0000000900)) r11 = syz_open_procfs(0x0, &(0x7f0000000940)='net/hci\x00') r12 = syz_genetlink_get_family_id$ipvs(&(0x7f00000009c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DEST(r11, &(0x7f0000000b00)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x84, r12, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x48, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x5a}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x9}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) r13 = syz_open_dev$sndpcmc(&(0x7f0000000b40)='/dev/snd/pcmC#D#c\x00', 0x40, 0x10000) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT(r13, 0xc0984124, &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) [ 241.638137][ T27] audit: type=1400 audit(1575434833.616:43): avc: denied { map } for pid=9582 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1096 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 04:47:13 executing program 1: r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsu\x00', 0x8000, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x9) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsu\x00', 0x1, 0x0) write$P9_RLOCK(r1, &(0x7f0000000080)={0x8, 0x35, 0x1, 0x5}, 0x8) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control\x00', 0x101000, 0x0) ioctl$PIO_UNISCRNMAP(r2, 0x4b6a, &(0x7f0000000100)="71df042513fb0e0efa5aa133feaf89a3a0aa09e0bf35c843ad8b1552c3405191e43daee7b0768193101ae941ff52206bf1d2ad03c4e99236347a567837f7b3fdf640424b5e69131a0cfc407a99f278c34a1e604f37f6bb56bb209d6dfb637274") write$binfmt_elf32(r1, &(0x7f0000000180)={{0x7f, 0x45, 0x4c, 0x46, 0x3f, 0x20, 0x1, 0x5, 0x2, 0x6, 0x6, 0x32, 0x219, 0x38, 0x10a, 0xc26e, 0xe6, 0x20, 0x1, 0x9, 0x9, 0x7}, [{0x6, 0x751, 0x7, 0x6, 0x166, 0x6, 0x6, 0x4}, {0x2, 0x7, 0x7, 0x9, 0x1, 0x10001, 0x0, 0x5}], "90246bdb3072a3cb7196b394572d151b3f69c283fd9720b0fa4698167c35e46a35f80d6f6f83bf62404f790849222b47fb51f92b1c1a0ba4ce9451bc67446c488cc3cfa3fc694933fbd949137bae5d9be87adf59076b352b5ceb5692de2778e607ab66310b20273ba3add2734b4689834cbce87cc043bbaac5706fd9303bf22ebf414f24430ba8163696838f98d5ebcc7141ee129fec576a35c885bf8664f28f5e0f4a6e5a23dcb6ee4f78b0d67dd6d4833fad0a670ddfe283ce34568efce03df5eec20759b6bfe3402d8af5f58eb72371f1717300ee32c37919bdabd7a953909d89f642360c940ddcdf3c8269ba3b66ee69920da4127452bb26cd", [[], [], [], [], [], [], [], [], [], []]}, 0xb73) getsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f0000000d00), &(0x7f0000000d40)=0x4) openat$audio1(0xffffffffffffff9c, &(0x7f0000000d80)='/dev/audio1\x00', 0x500a00, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000e00)='TIPC\x00') sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r1, &(0x7f0000000ec0)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000e80)={&(0x7f0000000e40)={0x1c, r3, 0x4, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x24004c00}, 0x861) r4 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000f00)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000f80)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000001040)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x38805400}, 0xc, &(0x7f0000001000)={&(0x7f0000000fc0)={0x34, r5, 0x200, 0x70bd28, 0x7, {{}, 0x0, 0x4101, 0x0, {0x18, 0x17, {0xb, 0x5, @udp='udp:syz1\x00'}}}, ["", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x240540c0}, 0x4) r6 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000001080)='/dev/ocfs2_control\x00', 0x140, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000010c0)={0x0, 0xc6, "763060a2d9caa15f08dec4a83cbb4d55996007dad095c49a88c41bac8d6f4cf0771e4e9a9f021cf948bed50a5d75ca15f74cc3ff773ccd657bd7a1c9f4e2011c501772cfeb549bf2f1d06a7b8af070f0abf1da9b5172be3bb6cb494ab9715a1803f8dc6d8bdeb71a3b12d9534962aebbde31c97555d3f010fb3a6208903ecd361d5894d3b23eddd6aae73951a0c0994928a88a7986483844bdba3f061dc4f0abf6482ca614b2763a91222ef044f4825f238d935b0a0043622ee99f887788f8ee331a1b21d8cb"}, &(0x7f00000011c0)=0xce) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r6, 0x84, 0x79, &(0x7f0000001200)={r7, 0x480, 0x100}, 0x8) r8 = openat$cgroup(0xffffffffffffffff, &(0x7f0000001240)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r8, &(0x7f0000001280)='cpuset.effective_cpus\x00', 0x0, 0x0) r9 = openat$full(0xffffffffffffff9c, &(0x7f00000012c0)='/dev/full\x00', 0x401000, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r9, 0xc0105303, &(0x7f0000001300)={0xba, 0x24, 0x40}) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r9) r10 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000001340)='/dev/dlm-control\x00', 0x4000, 0x0) r11 = eventfd2(0x1, 0x801) ioctl$KVM_HYPERV_EVENTFD(r10, 0x4018aebd, &(0x7f0000001380)={0x0, r11, 0x1}) socketpair(0x10, 0x80000, 0x20, &(0x7f00000013c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r12, 0x84, 0x71, &(0x7f0000001400)={r7, 0x8}, &(0x7f0000001440)=0x8) r13 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001480)='/dev/snapshot\x00', 0x101000, 0x0) write$P9_RAUTH(r13, &(0x7f00000014c0)={0x14, 0x67, 0x2, {0x20, 0x1, 0x3}}, 0x14) ioctl$FS_IOC_SETVERSION(r11, 0x40087602, &(0x7f0000001500)=0x3) [ 241.884819][ T9583] IPVS: ftp: loaded support on port[0] = 21 04:47:14 executing program 2: ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(0xffffffffffffffff, 0xc008551b, &(0x7f0000000000)={0xfffffffe, 0x10, [0x7, 0x8000, 0x0, 0x4]}) r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x58c80, 0x0) ioctl$SNDCTL_DSP_GETBLKSIZE(r2, 0xc0045004, &(0x7f0000000100)) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x4000, 0x0) r4 = syz_genetlink_get_family_id$nbd(&(0x7f00000001c0)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x74, r4, 0x200, 0x70bd29, 0x25dfdbfc, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x401}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x1ff}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x5}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xcb3}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x401}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x81}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}]}, 0x74}, 0x1, 0x0, 0x0, 0xc040}, 0x40000) setsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f0000000300)=0xffff, 0x4) ioctl$SNDCTL_DSP_GETISPACE(r0, 0x8010500d, &(0x7f0000000340)) chroot(&(0x7f0000000380)='./file0\x00') syz_open_dev$sndpcmp(&(0x7f00000003c0)='/dev/snd/pcmC#D#p\x00', 0x9522, 0x2a000) pipe(&(0x7f0000000400)={0xffffffffffffffff}) read$dsp(r5, &(0x7f0000000440)=""/24, 0x18) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000480)={0x50, 0xfffffffffffffff5, 0x7, {0x7, 0x1f, 0x1, 0x1000, 0x5, 0x400, 0x9, 0x57}}, 0x50) writev(r1, &(0x7f0000001800)=[{&(0x7f0000000500)="6271ddf69fda36609144f435bbe9017ae72f31b18084113541b72ce70a20ae9187ffb06fc5cb36c34a0a1ec729f82a2b441c030c257712d3ab6a4dda85397a6d3c1bea8e6c672eb5c5852ff53d2f8b8609ff9bd33d23d8b515faa3bd2f6afa34b495ea91f4d2becde7ebc79f4ffc7193f82dfbed9857364397792bf7468cd9003a884d753b2fbd3409c31d9d766f92a6aa99f37d9068ab689c2d2c02f1", 0x9d}, {&(0x7f00000005c0)="7f2271472980419ec782ac65c32d50bd36ddfcda560924a743a0bf727257433565bbb80e94769e217e5ecfae3ce1ed3da88a9d6f4db06f69a3383b651883c6c6dcee8f25007fce5460fc2928b3c4ab44f58dbfe31d933e8b32f985af47345b76c72647c84b8624c5f1f940229698db445af469f04190739bbf97ac3ae6fe2d80beff31387d579a5155046a9041f5be217d54f490402ec836d2ea9f135b603976c68a28086884af6d606f2834b9a0e5da7829f3e2760b8195a1ba774da788345415e7ec2ff51bd55dc8a9f4b2de6bb0d1cf5643359a86f2e85115837974d6ec0878bb484894f0e19af71a91f3e05f43d27769f3c35c356f18d0f21595d389fc3d6305cddcc4dfcca451cc10a09d05c18265b21701e99e3b36c0b6e6574d31d3056ce082c4f8aaee4858212f13a091b7f9649915050484672fac680196b49c104ba15919c471e57bba9c561c27e511b61da6261b3b563dc2f76db8a814893d797b444c63aa4cfc8ee8af78f67e07b3e3bff86fc7e997c446ae8005298c6f09841b5c515902c105392a342e33e78b9c76543471ca2a6647d991f78a1857e525ef7731e7b6688bb7e0958bd4c2772f4c9a5bc06cf785d556357b065bdc62d4683d474b562093bdad6c12da95f03337a9021c8446986db306501714f490fed38dfd38d080c50900d14a3df370ddac729f0130247bc86dbfa7c38c0544f5162d5acc80ee61f85f2a8bea349dffe852c45f0f053dfed80bff9d94e29ef589400a983a76184f440cd4a76b232187563654bfc4cc3368ce1a1c2eee86c28418769f7a92f182b20e5035c1b971f3c90678054743bbe495d6a92d1c4d18e8c8590d9c10613640176e45bb97db89791a1e6c42d9fbaf584127bab470a4d2896fea68d64ae9487ab07d5b6035e5c40c4fb3656e5d472ca6fac1a6b3316fdd6270944c6b51625243c496caa9359c398e20b3cc1c9069e404f1cad3fcca43138f10830aac8bc261820834420bfa1b2674467e73fbafad973cb546612331482ba987cfd6326529c01bb57f16c54e58a51b7e85d2f491ae7a8dc5100638c9071c279384390dab16c7bb4c8430f26e1523fc2d78afb7133445a9e2446f6bac208bef154d90daf9b425ed292dcd26d5fa5d8b93a767abba6a0acd5b85df92c78fbd39a501cb0c40c73d877bb0620afdc9e5a15378f8d5e34d095b75756b86a4da8964085fd9010285a6c0b2719b89fac09fe5f868f6135e93c6e9571957e4f7ce9c3f60726c9d15df6890da051f64a2b9fcf3b9828bfa8d444de290b682dfc865922c0ee668027ea9e985bfbf338b2feb0b347e97795d226f09795fffec086c2c0af237353c0a950bae30689b17d08ab3f38b858f8abd904abad14af1cc0751a89c2b9ed3ed7d7fcb09e995b807675d5b7d5adc6e5a73a8b95e31e6e0e55e9ee04f3034d66af7e308e062432d9cbe185e93f0ea0bb386a707d634b2d2598627ea1c7ed8904d18f45a809bc975021cd7befb21df498539dd15386b8697e1d477ec0f511c927af4a8f23b8b926586b0dc04822e1651736a0d71ebb84fe8700acd89ce2a966aa553a2633b6b54d5a0f670d878894d5b24381108c2a599be71381edc5f946e39728f4ed5ab162d63edfe501af0249696c62b62e212d15ef5224e52297b810b2f22058c7fc600f0e1eb449839585c3286ecb0453a8d7e5c69ec4fd947d3d38d8c348abf58af20e7a5bb83e4f5a62511a37715054464ef58225088755c3d6276ee66d5a7d9c56b4fa55102ec15b5ecdf04414bc4ac7103ab3c6b38d63abeedee29d9acd6fbfd22c8b1891bfad76f70e301f2fb60c70dd12d172a67012ceea474f4b83f48098adf69f5dd53a24d5e62fc4c8bfcc58c9735e12b993364036782f1b67bea629d31eeea9c5c302d1c088ed7ee860ca3237f009c999d4fb7f82c16b2505f1f81d52c383c80dadf1ff185fca34621b887e70c1dafc3404c17fcc78dd6dd361dec36f5ecd367e446337b68f33bd6e52dfa59a2079c0df6b48d0d53952661a307f29f698d81c0ff1f1738cacef90404055295da3c765b678f1e229d61bb0b88ee35ecfb40f0f8f3e610792ccc3c849f921d8541063a3e89b252803506977d418df56ed43ef57787f3417150f6e502e8f319f5bb5621d18519677f42c4d24807c0f4ad3231c2dec89a24e16e3d856887fc1bdf745d22b4b9f54704c9a6a51f0b87070ff8756d44e8b51af5b87333feb2488a03dad4d036fc2ffc3e79fd36eac90bc8cf752dede992f68fe25e44f04b2923a3c0cf17cfd0fafa107c4c3c6442e66a158486c32d3857b6ae4be9172166d606275809df0a960702c93b6f5e8cf05e16130882d693b2df170b121da7d65b16133325a27b83b43c5c3242cd8485b6cb8e2035e4356c22bdd2b9103b6ae699ccb178dd58b976f2cbcda9e66261399f58a6688e012e121752d86797abebbcdf449af6f89194fe613012c2700d9b06af14ee67c99c6f6a273cd9cd42a5cb9d5da8a36f073f333417c6da1cbcf35c2507087473e0f5ac370d161d53c0db744abef84dfa822c8e9bae2ea2e2f7b5fcc9b9f24654ca005c02dd389debee29db4a1d3511cc6bfe5097bdcc5d1258582f6199d45a224f6f2a792238e845b22b580277358eb839d32069592169314dcf4d6dcaf8001ea1e397c858ebf5d17fec303d563d47312256b3da58a059e39cef5d0bd9a51f10b23773d4e7eaa94f289e6cab18ed23a2aa3e64012ce5441a73950e5d524578b164148c18dfe569783ad0a4730cc36fb19f3580ce0a7174cbe527edba45b94d86a515953951d1eabe2fe205a75b58df8e75abb1f252646ad42f2582c8f3fd30d0ece464fce3a7648d2b634971ebdc0e470ad0387c60dccae721d7cb2c41659b43d995c1f43337de12e78bec602a0d5b0a4d1c6b089f9c3540f1219680d3ad2e39f5c21c878e953f1b0fc4f280694b10cc96d13a9a8c908a1e20f5c1588caa2a7fa1aaf4c81fb10dcf624e3d31498ded4fdea591fcff3ca0688776fda009382a3cea6b95ff31f3454ba08a55b5f5c613df93fe054c824e33f99b26925048dd44562a98c4f7c30dba4e9b0f235cbe222f22ea8608a9d016e7e8c925d4567424b5f317d82b4d9423742678b7855a8775e939807ce35d12daf5e5c57735e65a76d8f4376363b925c01fc0b4fc4853914ce1a590841f2b40539a262e8d6ef505716be8114b3f63d16a6f7cf2d6fbdede07305673686819383fdaa65bb0e9003d79fc432b3f3c5a393396db228bbe65f8f2dd789b920cb3bf01e1c47448c48cb8d176e90b7c2e835a7804ccebdcde76c46da426cb8ac07db8a057af28aacaa19457b3d968053c62d7655dcdc3ec931f01301a32bfd4de0c8ef9cdcac2be744539bd00cd448add9e121d8f6043fcc0bc995632ac687906442dd3d53d019c540ea83b1bdddfef01e385203921237670af855aa9b0557a3082c4201f12a6ca71bc3118447f9215002ae2b95c991321284c8c03dcefc63842846ffd54c1f6c525505388948b1c18453c4807ac75d2f6b58b24a1a8fb4aeb3ebb597ea4bcaf120821f9b05c93dc03590716eaa3c3c49a3887e329131626754c6b481685e21101344e2457b8956aff8048fea1b715770024f5c3ac2b9c79ac0d46ccaefe7b021046041f4678838e30cb5d84aabf10a779ef1fe4985feb95bc6e81e7c44d34f16da4d173f53d900b2f86a3251c2e8313711cb67da39ebea9a1829d3ea24c7fa48f19d4849c73f3c780c812436d0bb455af1f9f5394c84eeab0937d3b475d8182da7c936ac790286e850094da6cefe402f31dbd5ab807b1af1a8a8d73103e5a16e5cffd5ab0da4b5a49434f33d2ef8161e4fcba4a1e6723252411ff678321e30f11c23184b63fc65a5c387378b449f54c4c7b1a176667288a2264c78a7b01479b6546fe6969f8d2930fe301c814cd3fcbd26fc74428d34719e4ad2a1efdd26ce999f1adab981d2bef52c3e18ebc3dfe9a975cbcc30e9039124d5d9322f4877d8cace77e6c9ba06300dd653307ec6eb3784b64d75000eb0908ae5c0cb01fd0ed9d166ff5914f817136d41f40ec56413f0bed4b83d9a44bb0f97449bee3ffc28a33fd72592f7ae7cafde6fcbcd0d47d6f0a62f412c662150f86d3348713243280fd193bd870c97ed3cb1933edf53f13485d605141000eee5bb32f03b835311c178fcc94b2140e9270b7eb7c61f3d1dd0247a904d02d75e3991f3855d248019cb13fd62a36784becacae03c2231cf7e365dfd0ce5b88b763a84060a165474ef24a91a05a2356324447178b05e9e7c49d25be0c15cc5813194d4dc391a821e727730a3d8fa0df88a8655c1a0f90e37a97e58e11e67db18887e36431d732dee37e34c4bfe8af445899ad515789a59acf6a5a7341380b201597eb4e3e98beb2aba81ec6806d5d87ac93c80c62b573f654e39588d69d521fa466a7e6833f6857713953413f3b6fda913ab5b079bc48609b14398a57f335055b1760760b2dc86bcf50807f506613583fe5a3405231b931d235d9f9ec391f71d0b4138f3a9a1ab2427405b60131c4363e9ff98a39d328d464b43089ab831255b3cc3c113a88bb033f508191607e886da069aa1ae74a993f54b5f2615e757dca4099d75d4180fd6a7978663f5c64382318e0d22d41f57bd23632f43daf5eb5dc5de4f362a11978f9261fb40a8e09707d325e73969012c47a1068885807f7dabf47abcd896d197613055ea6f750426b34f04ee13f9ca54fe728d8ca803fdaff16ac8124cfb51e14219c1606bfba3fa17418e82afa323f61d27feb74f13647b1865af4adacba8cd471c8c1cc2f798449ea3cd055f9a964ce24956fd3eb9efbff7d6bcb4c030e0cdf3de718a1e571d560d1a6be173ddb3f35b4da83c8cbe328b7134448ee519c5ee2d902c0d2f069e2ca6ff241ebe7af7a8671f3827ff202840a6982ef986ed4f8b62897eee72efb04b28d3c7dca230ef6598f81af5ae4857344ea82afef7e4e6f5dbe72d4b20c9c36e547481364f0912e763d7ec2d5c6909d65471173930130f92aadef4ec2c1d16173c46fce9cdfde030c4ad728665d0e5f36e560cb7eacec625bc617c2a85e833d7025acf459d04c90366df76a3d77c5acca2398998f42e002ec9dd9726a6bdb6330325af498afd59f05d8bfc1d512d48697b58d6536ed8bda6048f9f3f6b180d6273a2ec050c8bc4a6f4e08ae4fdd15f635d172203486d0dc43b2a3c93493d34d3f5817181ca38cb3a7aea7418ce31d7cf57568910d55d69af1e15df84a493941af63a70c555006105436bc9748a98ebb026fd699286e2717d2f8aa47c3be2e725f9ca337a0112b1c58513dd0793f21310a0ea49df4d650d66128e0012fab4a99cb83cf25ef41af08a130f34ccd9f45bca7b6fb5ca39e8babe1b8b18379d7f755d4a4e60bfecdd459ce8f611fd76d44e4b62690abe0d76799064c9a59bac7db96ccd74e0be665f685a2af7b092307d30008b1bf83529b514afbb0e55da999dbfdd0e3036ac7d0375cd423d0ceaf19c991408e174e563ac94e992cf873cc641c4503ca1301fcc600505571b1824bfda95a966fe5fc4abee2325d75acafa5a020802b26205460d12b20c36b8a6d4a746dd363ebd93be8d2c1a0d543c5ad014622bff10e5d928b3f95376d71ccd1e98091eac70a5855b90fdcda811df788c6c12dd7a63f402c93d2d3f53c67687d3261ba2df0ca68ef3aae1e0a59406adeb6ea148102b0ccbbdbcf15858b3caca9cd13d301ac0fccbe768ca092e1a3f1c63c3782102c9af7e7435319", 0x1000}, {&(0x7f00000015c0)="3b30767c5c02be56937e79d2c68b81657e494ed372f771f3a45bceeecdc02987fbf53d403a20804e873e8934d5544314832e15c03db94850c42374e3c9c7877a73bb233a374144e156976bf7ca6209c4729290817b3c55af5cb42d343dd59870555fd0dac3532a639591ade9295b166c345ae0ce3a198042643fcc964f18a054dfea276a4deba4c3bfaf9641d318be9ddef5d926d79d06bedf72ebbe72c77994059bc0d6cdba747e749380161af5806764c2826a57b924f6cba91d75594c298acc4766dcb863a9196074b363ae16a8df309c1006af", 0xd5}, {&(0x7f00000016c0)="e38492c762c5b901", 0x8}, {&(0x7f0000001700)="d4670af76a41da11b16a0767e834f6f206548365541b210e7d9cf5c89d3b396fcaf28580033320556a6aeb0bc71cffefa4efbb9f628d3490a4ef1fdcbf36f7896f047c05169198311fc52fe909892aa188d906a450747780393d7685376051ce5b7de56f44ac68c2008fab8039fded921b8f0be52bed5465405198f26be34a00d5663162e55b3d8b95cd442233c90f26ac718f2b796f7bf7a46ecc0a92765761b4cf42ca3fc6b6da1ee14bc986b1898402681dcea72d8680ce9da83c8e6b8e0fa2", 0xc1}], 0x5) r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000001880)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) fspick(r6, &(0x7f00000018c0)='./file0\x00', 0x0) ioctl$sock_bt_cmtp_CMTPCONNDEL(0xffffffffffffffff, 0x400443c9, &(0x7f0000001900)={{0xff, 0x3, 0xff, 0x52, 0x4, 0x1}, 0x1ff}) r7 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000001940)='/proc/capi/capi20ncci\x00', 0x101200, 0x0) sendto$inet6(r7, &(0x7f0000001980)="8dbea9d530eb581e13c02601fb9da299c4c02fc6f22860a65373454f", 0x1c, 0x4000080, &(0x7f00000019c0)={0xa, 0x4e22, 0x6, @loopback, 0x80000000}, 0x1c) r8 = openat$null(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/null\x00', 0x8002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000001a80)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000001a40)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_CONNECT(r8, &(0x7f0000001ac0)={0x6, 0x118, 0xfa00, {{0x81, 0x0, "ac80bc6a7469ee1d4e6179a966262bcbd3fe70b5311d72cdd72507412a2c5956f6cb1d29075061cdf2deb2b8f9b0cdf8b2e08ec18b189e6e18938f633b99a4e669c53c41d5c3bb43adff243f997e4a30a66cae21fc0f8ade0cc789d23a6aeb8aa57c49d1d8acc23045351a192d5a84db7ddb9b8bca7ffa4646308d4abfacb618490ba0c060dc347101a84879040119f7420e602826a1e81ce0d1c6d12f89ca1ce2cc0f1b6f580b9f08d78de97de3359c693edcf63c89ce3d16125867c74a8a3782a8df078cddb3004bb22434e22aa03f08868410565510a357e7688ce4904575694ae03e5fc249a8e8716eade31ed24e0c38a08da65d92f8efda31911e68a116", 0x2, 0x1, 0x3f, 0x8, 0x3f, 0x7f, 0x7, 0x1}, r9}}, 0x120) arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x5e) r10 = socket$nl_crypto(0x10, 0x3, 0x15) preadv(r10, &(0x7f00000020c0)=[{&(0x7f0000001c00)=""/164, 0xa4}, {&(0x7f0000001cc0)=""/227, 0xe3}, {&(0x7f0000001dc0)=""/80, 0x50}, {&(0x7f0000001e40)=""/210, 0xd2}, {&(0x7f0000001f40)=""/65, 0x41}, {&(0x7f0000001fc0)=""/198, 0xc6}], 0x6, 0x1) r11 = socket$nl_xfrm(0x10, 0x3, 0x6) r12 = syz_open_dev$ptys(&(0x7f0000002140)='/dev/ptys#\x00', 0x8, 0xc11cc0) ioctl$FICLONE(r11, 0x40049409, r12) [ 242.069818][ T9585] IPVS: ftp: loaded support on port[0] = 21 [ 242.141708][ T9583] chnl_net:caif_netlink_parms(): no params data found [ 242.257334][ T9588] IPVS: ftp: loaded support on port[0] = 21 [ 242.267235][ T9583] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.283944][ T9583] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.294003][ T9583] device bridge_slave_0 entered promiscuous mode [ 242.305218][ T9583] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.314202][ T9583] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.323014][ T9583] device bridge_slave_1 entered promiscuous mode 04:47:14 executing program 3: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f0000000040)={{0x7f, 0x45, 0x4c, 0x46, 0x80, 0x80, 0x19, 0x4, 0x6, 0x3, 0x6, 0x4, 0x24, 0x40, 0x2c, 0x3, 0x3, 0x38, 0x1, 0x6, 0x5, 0x6}, [{0x6474e551, 0x0, 0x65d3, 0x350a, 0x1, 0x1, 0x0, 0xe1}, {0x6, 0x6, 0x10001, 0x9, 0x1, 0x2, 0x5}], "15e1718e63f383c5da6ead0509a6615924a89b9b25268e0e1b", [[], [], [], [], [], [], [], []]}, 0x8c9) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r0, 0xc2604110, &(0x7f0000000940)={0x0, [[0x17, 0x9b1, 0x7, 0x1, 0x4, 0x6, 0x3792, 0x40], [0x679, 0xb4, 0xffffffff, 0x3ff, 0x6, 0x8, 0x674c0521, 0x7], [0x3, 0x9, 0x20, 0x7c, 0x7fffffff, 0xffffff00, 0x0, 0x9b6c]], [], [{0x7, 0x401, 0x61e}, {0x1f, 0x0, 0xb236}, {0x6, 0xae8, 0x8f43}, {0x5, 0xfff, 0x7}, {0x990, 0x3, 0x1}, {0x5, 0x1, 0x7}, {0x4, 0x8b15, 0x3}, {0x8, 0x5, 0x4}, {0x7fffffff, 0x5, 0x6}, {0x5723, 0x1f, 0x800}, {0x6, 0xff, 0x6}, {0xfffffffd, 0x2cc, 0xd47}], [], 0x719}) getsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000bc0), &(0x7f0000000c00)=0x4) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/full\x00', 0x64c802, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000cc0)={&(0x7f0000000c40)='./file0\x00', r1}, 0x10) r2 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000d00)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$UI_SET_PROPBIT(r2, 0x4004556e, 0x1a) r3 = syz_open_dev$mouse(&(0x7f0000000d40)='/dev/input/mouse#\x00', 0x400, 0x201081) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000d80)={0x0, 0x1f}, &(0x7f0000000dc0)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000e00)={r4, 0x5, 0x10}, &(0x7f0000000e40)=0xc) r5 = openat(r2, &(0x7f0000000e80)='./file0\x00', 0x80000, 0x3) setsockopt$inet6_buf(r5, 0x29, 0xb50609588005aecd, &(0x7f0000000ec0)="f36740142ee72406c8d3766d08bc2ada5f454884eaa41f9464633123066f9c96b8c0d29710ff15e325e65c3986f23f5461069d892260e307eef5bbd57bf4574ca0d53590fa825dcf7d6f1f302dcd38f3aa1c87ddaba6564cec6591157ab8f767d8a7aef36b8a9ad5999e540cf2ec4b8aaa2bd5c18209abcbe8a9739cf1df0526a664bf1ec68d1bfa87f69899f19f07b1d4dd4f466cdade6c6120694f11744ace6207f47c427f52", 0xa7) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000f80)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000fc0)=0x0) fcntl$lock(r6, 0x6, &(0x7f0000001000)={0x2, 0x2, 0x1, 0x1abc, r7}) r8 = syz_open_dev$mouse(&(0x7f0000001040)='/dev/input/mouse#\x00', 0x6, 0x630001) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f0000001080)={0x0, 0x0}) ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f00000010c0)={0x0, 0x0, 0x2}) ioctl$DRM_IOCTL_GEM_OPEN(r8, 0xc010640b, &(0x7f0000001100)={r9, r10, 0x5bf4}) ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000001140)={0x1, 0x2, 0x5}) r11 = syz_open_dev$vcsn(&(0x7f0000001180)='/dev/vcs#\x00', 0x0, 0x88f8828b3f78d502) ioctl$sock_inet_SIOCGIFDSTADDR(r11, 0x8917, &(0x7f00000011c0)={'irlan0\x00', {0x2, 0x4e23, @local}}) r12 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000001200)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r12, 0x40082404, &(0x7f0000001240)=0x5) r13 = openat$bsg(0xffffffffffffff9c, &(0x7f0000001280)='/dev/bsg\x00', 0x400, 0x0) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r13, 0x84, 0x78, &(0x7f00000012c0)=r4, 0x4) ioctl$CAPI_GET_SERIAL(r13, 0xc0044308, &(0x7f0000001300)=0x5) ioctl$SNDRV_PCM_IOCTL_RESUME(r1, 0x4147, 0x0) ioctl$VIDIOC_G_PRIORITY(r11, 0x80045643, 0x0) [ 242.415577][ T9583] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 242.428815][ T9583] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 242.442446][ T9585] chnl_net:caif_netlink_parms(): no params data found [ 242.573633][ T9583] team0: Port device team_slave_0 added [ 242.604480][ T9583] team0: Port device team_slave_1 added [ 242.645917][ T9585] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.662703][ T9585] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.690722][ T9585] device bridge_slave_0 entered promiscuous mode [ 242.739051][ T9585] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.746319][ T9585] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.754607][ T9585] device bridge_slave_1 entered promiscuous mode 04:47:14 executing program 4: stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgid(r0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x200000, 0x0) getsockopt$nfc_llcp(r1, 0x118, 0x0, &(0x7f00000001c0)=""/250, 0xfa) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000300)={0x0, @in6={{0xa, 0x4e24, 0x9, @loopback, 0x4}}, 0x7, 0x3, 0x10001, 0x2, 0x9}, &(0x7f00000003c0)=0x98) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000400)={r3, 0x8001}, &(0x7f0000000440)=0x8) socket$inet_sctp(0x2, 0x5, 0x84) r4 = dup2(r1, r2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000500)=[@text32={0x20, &(0x7f0000000480)="f3650f017300c7442400bad40000c7442402c7000000c7442406000000000f011424650fc79900200000c74424000f000000c74424020d160000c7442406000000000f0114240fc7b3529485ac3667260f38cc910200650f08b805000000b9e24300000f01c166baa000edc4e2512c4a84", 0x71}], 0x1, 0x1, &(0x7f0000000540)=[@dstype3={0x7, 0xa}, @cr0={0x0, 0x8}], 0x2) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000580)='/dev/ubi_ctrl\x00', 0x0, 0x0) mkdirat$cgroup(r5, &(0x7f00000005c0)='syz0\x00', 0x1ff) r6 = socket$bt_hidp(0x1f, 0x3, 0x6) fstat(r6, &(0x7f0000000600)) pipe(&(0x7f0000000680)={0xffffffffffffffff}) ioctl$FUSE_DEV_IOC_CLONE(r7, 0x8004e500, &(0x7f00000006c0)=r2) r8 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000700)='/dev/ocfs2_control\x00', 0x3a37960bebae8827, 0x0) ioctl$VIDIOC_SUBDEV_G_EDID(r8, 0xc0285628, &(0x7f0000000780)={0x0, 0x0, 0x4800000, [], &(0x7f0000000740)=0xba}) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f00000007c0)) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f00000008c0)=0x0) r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000900)='/proc/sys/net/ipv4/vs/conn_reuse_mode\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000840)={0x4, 0x70, 0xf, 0x1, 0x0, 0x81, 0x0, 0x3ff, 0x10, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x2, @perf_bp={&(0x7f0000000800), 0x8}, 0x400, 0x6, 0x7, 0x2, 0x7f, 0xfffffff9, 0x200}, r9, 0xc, r10, 0x8) r11 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000940)='/dev/dlm-control\x00', 0x280, 0x0) ioctl$RNDCLEARPOOL(r11, 0x5206, &(0x7f0000000980)=0x8) r12 = fcntl$getown(0xffffffffffffffff, 0x9) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f00000009c0)={0x1, r12}) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r7, 0x40485404, &(0x7f0000000a00)={{0xffffffffffffffff, 0x1, 0x7fff, 0x2, 0x2}, 0xffffffffffffff01, 0x1000}) setsockopt$CAN_RAW_LOOPBACK(r2, 0x65, 0x3, &(0x7f0000000a80), 0x4) r13 = syz_open_dev$tty(&(0x7f0000000ac0)='/dev/tty1#\x00', 0xf6d0, 0x480802) r14 = socket$rxrpc(0x21, 0x2, 0xa) splice(r13, &(0x7f0000000b00)=0x2, r14, &(0x7f0000000b40)=0x40, 0x3, 0xc) [ 242.806205][ T9583] device hsr_slave_0 entered promiscuous mode [ 242.860743][ T9583] device hsr_slave_1 entered promiscuous mode [ 242.974753][ T9585] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 243.021178][ T9585] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 243.021481][ T9592] IPVS: ftp: loaded support on port[0] = 21 [ 243.094671][ T27] audit: type=1400 audit(1575434835.076:44): avc: denied { create } for pid=9583 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 243.134062][ T9588] chnl_net:caif_netlink_parms(): no params data found [ 243.149059][ T9595] IPVS: ftp: loaded support on port[0] = 21 [ 243.149280][ T27] audit: type=1400 audit(1575434835.076:45): avc: denied { write } for pid=9583 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 04:47:15 executing program 5: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0xc5302, 0x0) ioctl$SNDCTL_DSP_GETOSPACE(r0, 0x8010500c, &(0x7f0000000040)) ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000080)=0x100) openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/validatetrans\x00', 0x1, 0x0) ioperm(0x0, 0xca, 0x3f) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x81) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000140)={0x0, 0x5a, "697dc66d9b7e41ed7c619597fdb9980eb12d86832884465c20df666af2f3551ddaba9a84bf83a6a11a21bc105e6fc74d0c34c449bb404c6b4e5e4eb69a5f75086d8f08707aaf3c070385f300a8ad3b29b0a6234847080ab9139d"}, &(0x7f00000001c0)=0x62) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000200)={r2, 0x101}, 0x8) r3 = socket$rds(0x15, 0x5, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000600)={{{@in=@initdev, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in=@local}}, &(0x7f0000000700)=0xe8) sendmmsg(r3, &(0x7f0000001d80)=[{{&(0x7f0000000240)=@caif=@util={0x25, "d4df2e488b0fdd8b1e8a00c797410b24"}, 0x80, &(0x7f0000000400)=[{&(0x7f00000002c0)="13ec049ca5342edab5bd0730743b61296cdcf963ecec9cee33921d61504082e92d073837efd571b58f2ba6cde99862d13562e307e6eee8d22ca98e9ea1dc905ecc15c8f5b7ae1478a5f9712ef94cee9226c50403fd3e7ced02cc7329ebc3b98eb0d2140ffcefa338512118c21bbc0f57529332580c94471818df327a6dbd37e628b0d0e5a4141cc5cc2e9af73ca1b469f8f440567e6fdb110e4b25dfc6dbfb1b6b6555eea1cce2160751e7d4e4134116d26d82e9a207f0974eeff2f70bcb7bbf4047d52f738e4cf7ea23b211963e759e7374170a646641fcb6625e48d63e98c1f291eee6fd", 0xe5}, {&(0x7f00000003c0)="80f82191500916553acae5c10b4365d3fe37b25622c7d60e65a6ba2cf55c9078ba787bfdb56098ef9480b4a64ae5ab11661a", 0x32}], 0x2}}, {{&(0x7f0000000440)=@ax25={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x8}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}, 0x80, &(0x7f00000004c0), 0x0, &(0x7f0000000500)=[{0xc8, 0x112, 0x5ac, "4ee09fe8b21b2e3a1f6ed9ea7149c058ff0f7128ba65a6935c7d8f85c8362c47f0a83954e96e428747446be7e7fcb508b401c94ac427f106811c93b4fbff47527bab8c9cbc9fe5ab71de261bad6e189710dd8a4f562a8de3c9fd121a4564735be183e52d387abf81db1f09fa7625be938082cfb3c6db1cde7dc9ebbef6733541d26f7c2edc779891ce80c5a63410c83bae5254a1797f31bcb78bf0d6aca1611fda0a6790e4ccfec2de1e13715451f02edb4f5ab2bb160f"}], 0xc8}}, {{&(0x7f0000000740)=@hci={0x1f, r4, 0x1}, 0x80, &(0x7f0000001c40)=[{&(0x7f00000007c0)="f293e63a16c0a34a8b6f4f6908be3578d9cf710cae1e1a0377822c2886b597ab0c6b59c044f4f7037eaa8eb2fade2e711f0ef95a04c21d40c9134e0b737590a5779a0ebd17a29cf5c6d0003876f372b5d31b7b82c59ba529f12bb54f7da3d7bd6d6a97dfa896345d8ac23be4009a9ae9e71a7f253a2b3d992f437787a71cd25b83903d094fb949a21820098e02161783e1615dadf60e18fb334e31ad3319f766c9f6e5a19a91ce", 0xa7}, {&(0x7f0000000880)="3111fb44cb8bba4d59b1a2f69c99ae7eba7e50ab4a482d8e07dcec4bde1a339bb5accc46541c7c722e26304657bfc81a2e44730112213307362c372f97ce57255e2a793e8fa8c202021c130377421b9d486a4fe278973087a62a333a9ec2e3ce83490ea16a0de9ee4949995f96e1e24c62e058", 0x73}, {&(0x7f0000000900)="fe0b50692d406e2319cdbdf70d48c1db10df6a90729a16bed98d10356d27d38a0298c971d501777ed9b9a7cfbf1ac076518901283d19e5033a77c521938062326e71d2df3f86de8761c1f3489a0c04b167fc43b7f87dcc53dc5f32fb8872f211a135fa1e0ded466bd44eb25072186593b482a0af32091eef35759d9913cb4c44cbd1099702df7c5b837b929d951b15ad6e7df8aeec5eb9c0896c90c4c5f74312de36f9e64e5f958145205de09afe1a63e03d6b912b43756bfdfd99c8c611abc8775ef6135369c01740a339383fea27d0b5b38905e0fe0ab3add5ef4ae870b1c4ea95717e4aef7a0fd4ea1d0e1083f341d2ded9facbadb9d07e9a597320bb42cc2dc3f9b1da7d2b94a4c16b7651ac40ac9fd95aaa1be8577db0d7c511e3af1a2b8f3dff75fce93bf4c6fb07c33a770b63450818f279596fa68eaeb03fd567c1b20937c318e8e164707389e1cee0c9f93b02df7d80fd598956098eea79fd32b7101cc0bc87abef804bfe6b122dd9b6e312209a8ffee12b2d0f7f225925c602bedd2ec240b751cfffe4c035ad148c86801f5f4754ce33a7096d8638ca0f416cd88218065da14520bb4383c550915f60e12a2d5d5b34118bf8c5c4bca704fd6d5a9df31e47bb4a75e68e8c078b9cdede958c29d50bec216c64f36572516d513650f0c79a542497af81f427dfe6ea8eb3fc6b1243471475e689298e8e696eb95bcc20cfdabbc645aac7ed6b344626ba74d7bf3f5bea29f7313df3afd305df7764ce73b4d60592dab3b7aea30e013f507358dd2d91591279742c56920f6556a6b30f3bebeb324c2c171b527412f8bee04075aba053815d777fc347bdd66a39bd9c3af7465249abc06b7da324c685f8c2be0dc8ef86502f22c2ae59d80ea18054ac40e6aaea0c650058a907c827f1194086780f672feb7dd136d2395b86574194eeb9ef9131269355122e6b2f7981651c451d3f7f5bbe561e117498a3b6c0d80351718260277c682158f7cc13770d191d63000e2094cd79c469641b0329a09f672b22615e336d0ecc9ec7e86ff810e78866e3bf6ec0484182516f0b60b7a4ace2d1c6daa10c2a95730a67ce49eb6f036dd4bead5e3b6be70abb15c5ea05fc0c38653d4e1d356e3e92b8487e97e90b44c99f3583273edce591e46665849259eab0013742739f10a402f4830041b01d76da9af4e21ac4e6fef9e6e79aecce861879230ca26f9a045bdaa2146708294cbbe5fd49d9d0a1fd659417e92d7aead869a7ddea9c06effc4c195db67555dfd2dbf75f0f86eec3dc85be70ff38b57966c681023982472b47d35e35a746c33d54370b8d29bbcf0fb223ecdf6837f919f37e97d4563a003ce269459e5c7303b6e39a8ee663921def265d934f6877ee6d9dd41cdc412ed1604b1e49c44d2551b13d2d25e84b81a8b202a0b5d60c4e213908515361e9fbc6cc618d613e94f3d1b048030cc3fcf337fc403b216bd02c8bf1f06c71c871b2cba6f6b65cf049a2cd76a1dbeacdf26724292190aaf7acadf1e8565c7b1a8ffc1d7c62739412d88d456b7de79dac6d4a86bbb3858a8b1d128eaa1fd7d1a7bbc4bcd58b2ba8c1d353ce32f5408d51e24bfd59c3fb8d1896c33b0e08c420b371feafd633d7184cc68c3c7c2928dcffbb182e5f0275c045b44884bb36798f069bfa72210f099cdac2744aae374607f6addad5c888bf52227c651d2d7611d44585700d18bb728e69838dfe7f11b63da59c45c0506c052cf4f83582a4363746cfcd0e7c2a5526b53d57309ee087dd5a94eca85ebcde1c551bfda9aba9f3d21cded8ddb3ce4557b2e4413bc8a29f249771a169568422809fd6d638a992894b557e465c1ab46562941938e3a3980b0dcf72d791469820bb1fc10c4ccb6d1509060d2e519a9237ee2f72e01ba601cfdfc35fdafebd66bde5c5041e3844e91860b964870e56b0512690f25a67fdfdae8cab90541aff28bd96e7be86be58cb3f2da6cb9fff816c9756b4d6972dac4653d2635537993c8bbbc4bb7eb14b1f9566d92914422eb73f0404694445f6f9a232111483e8b5bf581f09ef8474af42d0c6b16914981c74da246362668a858f6ae95c0f1e1e55110b7d4f8a7797fd77d6e9b9932742a235bc9d8563e2694e1454802d975655bbd159af1396b5750ca905a608df931633d3a5903c52fd62c0e7ffe0fe60469aa7ed65f232371b1c3a55bc2137f8edaba1a539ed681efc49daef8d2c1732b910644c4111f9b2fc902651416c27ea10a0a8f192b7697f6de65dfd099b3bf2528fd7039c32edc43bc10155ae522341ad5aa0cb1ff41f245af8efe98dec2423b557bf0b97ec7392601fe559ee6a20541d421fc0f6de1a8630605434faa629fa9932c428a2fd424e6083881603a2ceedf35254159eff50d7940cf6b79d7d0486965ec8ea6bc48f908657d4a1187904b8cf48a48b4b84c8cbc3d743e2371153024c60957538d6b17bf82ac593972e090f811cce2b45e2969b5104d37aa0fec6b94e40710237315ecb172bed094bce0f343251c7dde1624ced5929c0bae14caefe8c6decfc5b64e25fcf6380ed5d11b543e5b6a7c0a8d8809cbaa91aba67725edc95336bf2123f195c1731cb7e25c473e6ffc78d8ea167c736092d2f07d91ec7bcd6b9fe65cfaf0d857d179206f0dcb71acb2f42a549f4e5d1067789a4f4d2e994e216b124ed9f94f5fb92a28272d842a26a12727370fa808cca44c37e64fb3a922cae89b8e0b2fedb927c2cc14a04ac3729eacc5660912cb42e7b2989e5e2662dc7f10fbbd384c455f6cd51e0cffd37680da5b5783b925581eaee54d24fa425940ce948cc48e16b865281300e2165b81ea24be1020d8e8a871226d60be76a915e471a595ae70a9e154d9d2369e07a28dafb7df8b0073c9ba3110d248f3c5ce2931ce7111ffdeb52d062086c918193b6c296a8e2c620bec649e955f2ead6b920d3623ac7b33ef763f833b820f0a32106861f3868289098a2fcc6654620fe535cc93cbb99e63eb5fe7cac16d634ade1fe5bd2098ca4f50c010be73eff91e7ef3cfeb4721ca8987b2b01ee41cd46c52bcbd74084bceb1256be903ed5822fae8a0bfbb2cf5eb3846aac7c1cf19604eb8ce64a32d5a01b6f49326cc2f07a365d86f6fec600ed69894d56687630d0d8dc0924138867bd2eaff2a81e4ee5b7deccf320edc0ccb04c65ae25b5a1d047423c70f942d62ba93eab62689be7a6b52ab44b5f5151677484ff50dcea0b9b3cdaaeb55784b09b30f85a38e133214354c1e7e400bf39c367637596cc22fae5ae3c094014b2dbc1735da3c5b615a8a5eba4a2d59502222c1e1a9cd23abf73aee88a18dfc9a1f031660c96d492b5fd0732c1ef6ada55c6903ba059ef63b928b36f91ef0d888e1b03997a498aa258a56dd1b8805ce08ac9bf06e709d86cd16e682b5ca29d3222b45c33c5811917e5aa08fb34b92308610aab76ce2a2cb2d5c10a53a7f422710bc3405d001b4ca1b6a94bf86f23b248bc03313a70ca7dceaf8454f76b1215a0c12e08a6375d6f1f5cdfffd4c5aac69d06293a8baacd43e7a3b1f06729b70f968bff333f2146e53beffa644eab3e760225f15fe38af1aa3efb181368002f6182893b1ebdd4152c050b65352522bd14e31e76c056037c1f8dd700732324be1e4d0e64ee3ca3f6ca18b7104fb8fee12fd4219c238ebb3e0f4c0896d8b30c095bf4384e032f2ca926594de54ab9cff5aa3e10bb4a8c4e1634e9df522171123c1844d5d2be4143dcf59274c74c43abeed1a1a5762c2396659b5a046011fe524b361e7733ab8526a6d022552661520215c371955d7c0f71bce4114b9ecbf99f55bfaa279a73d30766cc28793b072a51fb50ecadc65c279bb51ac84ecc807fa650210e1bc690d6307dcc88b6ee83e6df5a4f1354344bb13eb288700d9ead4699f0769ddd8ae6259d008cd42678332016b4c30a485a5ee7c48cf36257e19069393825c135fa917b53d3231700eb9349c58626604889298747226c957b3b360d012be1276b8633ee06f5253edcbdb851f018df0b0eda153aa1521b80b9875792f56edb71ab4c4662391ea7aa33ae4c03675869ac459fc2872f7d861165e8222567854c2feeaceb42e786f8680b23a7e258f73cd77e993a22b6d9a9178d5a76894dec02847c66e989c65b1cb003aa4bb6a127e13940a352c622f9e08f96030fec6ae2df6461c7c389a5464f9a0f53d08ce8092f1470b8d6132df6c986512cab99195f83de07b05fd7702658726dbb9d39000230acd7dacc77df08e99df71e1ae0897c8d71c8b168103257ca6e1a1599e1ffbdf9d7a88901b450cab3619530ccdb143825cecd89b85e03102da90ba3d9ff8cec80e1c567350145d1a2d39c55e3fe5cdb26e88e513060e4b641c9757b0ffbb8c8c9e851a512debc49ddc8f0cc25e109ffae6a0b411a3781878d0b7a1ed603d16c7101620b30d053e45ca2c346164c32c9daf2e8635d979d5b8291779b0d44e27c686ba6ae02efbe0614d0697e47cba077454a3b6cd5de1880f26127dd12746b7cc023209ff4a4c8d6a72447db5d58bffd1b198744d37f6f48532d75e1bddfe11520ef20ab53119fda302fec30c5e3c8004e05e72ff919f022883e4d9e705687eb00285434d3f63d0c815dd37fbaf0843721a8df8360f21daf2a3ec458711cf54ced22ce44c0d9cc1769160ce60f3837be6721711b5d081b1df22c9d9d5b1ed76524d2942ab053131dd87b768c238050adfa9ca7553d657f125959c1203cc258abee7b1cda026f136d264e6722c1a9ec2e65a67237cbb0df481d044123ec3c95cc0af7c56929dec374e9e5ec0b87103bf62da6fcf48684a477fb5d8d5690dcd25829237b12eaa4b909f0fdcdada80f6fc4a4d4f1da9d08e5e445f08e21d038e37f83532551a777303401ace97e6f07e346ee6c7066022ec36f81dbd393dec5b028a961b949cc02fcf659b816970625642d440f9b0cee3a9898423c5394121ddb05d8cc9e2152aff2993a1698c427be438a707d8f3ebe9a5159bd84071f355c186670614c324982ebfe3ec142d344dcffd5b14fea92cd66201cb1796add72f84267d3d8d9472e8afee5a343594837757d5b442c82f40121796c90463613c524838159d27773cd1c6d68b05077db00c53fe61db72c84ea35c6dedb41640003c066e5050d3074eb1c7a93aab3350dff0175ba9ad8807dc82ceff01df588c60a14fcbcd8f30e31f6cc55464b98b37154ecb7f940b875ac73cf5afad36579dca961d738acf57a03b85a52c3ad35bdb303d93892ea8e953f8828ffbe3f7bcac082417355475177a13755121f124422eadf118e8b1a92c416e0695e7f88d15323dbe9a1cd98eabe9efbad41ac69acba9a60b3952050143974ff6a30e5fb61f3ab38923b03ae901d84e28670f97e045f6577f4593380f7a61fb2b9cb3e2bb4a2ffb225f120c4d1fb3ea46d40504b9ea92fc03bf9906cba07d3611ead8723f1e2ca9fbe617e84986056ea3f2dfac963c6f1044a5ba4293955d866ebcc98a674a9e9f8f6122d09ebfbec5eb74c30f4e82773393b7fcd0677288d7d07396dc04851902bd666998d2f0230d1db4ac86b9381ac465ac1f7587f494b9675dfaf9f0db8ef33ad98a6745d92771b873c81493a883a85958f3cdf1f2c46b498a370c7ee59aaf098a64389aff8bf1e4c9ce8a32b8652d0bd38a1fc4345fe26dbcd0e7da09bb2c6b26ab8af96a5afba99734f7d557efc324bad46a28ac45ba7e191869df7cd8ad3443318747665e0eb309f3291e4e063b31cd9296f1ff71fb2a5", 0x1000}, {&(0x7f0000001900)="51973e2a281d039539417221afaf25f7424ba8251753353060ddea783c06838c9e32bc4d9c41d15d0bdb598254b8e79ebcb50988e248d1fb13d71ef13c98ea7fd083fb4d1cb1cb06756c9e5a51e90b59e947eec5f8cbc37df37ec8527fd3fea95ec59a6b7ca352a6e0bf57187becddb11a908806a932aac6102404524b48db0fa2a747d0cadb1bc9d0f2166804dd8f0017e9b8b57393b55da1e27cade26518c3ad3b8cfbec7b954a109318622e2c4d24fcfc58ab6553411b092dc0eb0e3dbade2cf29166cd7910950a743bcb7c2118a63011f09f", 0xd4}, {&(0x7f0000001a00)="702442187f159446b5f632275d0a84593b1c8e7db5faa43ebb5aabd0640cd61da709b5ee09ebeedead5ba562a52771207ae7c02e75c5c50936f73b7750b9b437955a4f22dc802e38f64b652791c7e5ec1feefed997bae96f2f4739936fe2bd92e5967fdbc4b339b3499167ee9cc3e5f7611897b9a5623616eede35faf0a65031c3ac941e58269015bffbe9fa14b6198f947831223593cf1e9c538d86d6640c100dadb32075c6030fce93e4", 0xab}, {&(0x7f0000001ac0)="27b64326660e437f46113fd593ac922b6e05551ea85902349d8403aa00e2aec8a09ca1598e4133f9125900eb2074c77ab9820d739e101f9b9bec95758d282f12ffe0701d3aff9c36d6a94e5fd838ec28c4d28fde550bb1aa2bc1255f20459d38242009029c5d9f", 0x67}, {&(0x7f0000001b40)="813d31b7bdec46647968624215586a6b2d15059b690b4f5fcd9fc8d43ba6d3910a34ae751fddc86d63c0e5e70942d443a9d1a9022aba7263cd3a0a0abc50cfac8d754798723f0d8777e449a5ba28418666fcd20dd7a2fa31084b776b0b64e5ca9829f51b0b76ed551659384a5f9c540a68861d60230da9e56a051eb6cd084c88570aa40e1167ec49ef7263aa5e3b165cbdcf0fda2218356a1be90736742eaea1cb849d6d12903923ca1a45574bdb6ac5e1c2d0e1c843f7747ac1bd03abeb3ff76d4b98c5da798b1d8f1f21e1c007f7bcb8c6868cf16acd5f62cccab68c", 0xdd}], 0x7, &(0x7f0000001cc0)=[{0xa8, 0x115, 0x3, "228c4ae411e54bf6a7a903c8448ea382f5be108e392bd80f17d6b831ed82c2eb7f493f05d45a8abcc92ca3398291740c81c57141a68f67296db001bd4c6a69fa60b4e27860b1bdfcc6154299ed5d78d8fcb0632b5b7b73bac14980d666e2871053891f509784a2bf9da5a2f79948a30561ff9f5e67fde112cd3719aec0a23bbe3a8056f94293263d8b9a427d96683cd787ad1025"}], 0xa8}}], 0x3, 0x4000000) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000001e40)={0x0, 0x80000, 0xffffffffffffffff}) ioctl$DRM_IOCTL_SWITCH_CTX(r5, 0x40086424, &(0x7f0000001e80)={0x0, 0x2}) ioctl$SOUND_PCM_READ_BITS(r1, 0x80045005, &(0x7f0000001ec0)) r6 = creat(&(0x7f0000001f00)='./file0\x00', 0x0) ioctl$BLKALIGNOFF(r6, 0x127a, &(0x7f0000001f40)) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000001fc0)='/dev/bsg\x00', 0x101100, 0x0) linkat(r1, &(0x7f0000001f80)='./file0\x00', r7, &(0x7f0000002000)='./file0\x00', 0x3400) socket$caif_seqpacket(0x25, 0x5, 0x5) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000002080)={0x1, &(0x7f0000002040)=[{0xfff, 0x0, 0x2, 0x200}]}) getgroups(0x3, &(0x7f0000002180)=[0xffffffffffffffff, 0xffffffffffffffff, 0xee00]) mount$9p_unix(&(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='./file0\x00', &(0x7f0000002140)='9p\x00', 0x1000000, &(0x7f00000021c0)={'trans=unix,', {[{@afid={'afid', 0x3d, 0x100000000}}, {@dfltgid={'dfltgid', 0x3d, r8}}], [{@obj_user={'obj_user', 0x3d, '/dev/bsg\x00'}}, {@obj_type={'obj_type'}}, {@dont_measure='dont_measure'}, {@context={'context', 0x3d, 'root'}}, {@context={'context', 0x3d, 'unconfined_u'}}]}}) listxattr(&(0x7f0000002280)='./file0\x00', &(0x7f00000022c0)=""/59, 0x3b) ioctl$EVIOCSCLOCKID(r1, 0x400445a0, &(0x7f0000002300)=0x7) r9 = socket$inet6_dccp(0xa, 0x6, 0x0) lsetxattr$security_capability(&(0x7f0000002340)='./file0\x00', &(0x7f0000002380)='security.capability\x00', &(0x7f00000023c0)=@v1={0x1000000, [{0x1f, 0x1}]}, 0xc, 0x2) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000002400)=0x0) ioctl$sock_FIOSETOWN(r9, 0x8901, &(0x7f0000002440)=r10) r11 = syz_open_dev$audion(&(0x7f0000002480)='/dev/audio#\x00', 0x81, 0x80400) ioctl$DRM_IOCTL_ADD_CTX(r11, 0xc0086420, &(0x7f00000024c0)) [ 243.183492][ T27] audit: type=1400 audit(1575434835.106:46): avc: denied { read } for pid=9583 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 243.215760][ T9583] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 243.299731][ T9585] team0: Port device team_slave_0 added [ 243.327048][ T9597] IPVS: ftp: loaded support on port[0] = 21 [ 243.338800][ T9583] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 243.385145][ T9583] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 243.453301][ T9585] team0: Port device team_slave_1 added [ 243.459266][ T9583] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 243.583891][ T9588] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.591927][ T9588] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.599736][ T9588] device bridge_slave_0 entered promiscuous mode [ 243.611743][ T9588] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.619050][ T9588] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.627000][ T9588] device bridge_slave_1 entered promiscuous mode [ 243.693482][ T9585] device hsr_slave_0 entered promiscuous mode [ 243.741083][ T9585] device hsr_slave_1 entered promiscuous mode [ 243.790536][ T9585] debugfs: Directory 'hsr0' with parent '/' already present! [ 243.822860][ T9588] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 243.840096][ T9588] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 243.919697][ T9588] team0: Port device team_slave_0 added [ 243.934517][ T9588] team0: Port device team_slave_1 added [ 243.984087][ T9585] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 244.047902][ T9585] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 244.121484][ T9597] chnl_net:caif_netlink_parms(): no params data found [ 244.131187][ T9592] chnl_net:caif_netlink_parms(): no params data found [ 244.154521][ T9585] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 244.236677][ T9585] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 244.352450][ T9588] device hsr_slave_0 entered promiscuous mode [ 244.401186][ T9588] device hsr_slave_1 entered promiscuous mode [ 244.460463][ T9588] debugfs: Directory 'hsr0' with parent '/' already present! [ 244.533797][ T9597] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.542014][ T9597] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.550153][ T9597] device bridge_slave_0 entered promiscuous mode [ 244.562836][ T9592] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.570004][ T9592] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.578567][ T9592] device bridge_slave_0 entered promiscuous mode [ 244.594565][ T9597] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.601825][ T9597] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.609776][ T9597] device bridge_slave_1 entered promiscuous mode [ 244.647557][ T9592] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.654855][ T9592] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.663157][ T9592] device bridge_slave_1 entered promiscuous mode [ 244.673929][ T9597] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 244.722078][ T9583] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.730419][ T9597] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 244.753668][ T9595] chnl_net:caif_netlink_parms(): no params data found [ 244.793905][ T9588] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 244.863403][ T9592] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 244.877114][ T9583] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.901744][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.911674][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.919666][ T9588] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 244.963163][ T9592] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 244.981103][ T9597] team0: Port device team_slave_0 added [ 244.990183][ T3742] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 245.002448][ T3742] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 245.014579][ T3742] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.022240][ T3742] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.032514][ T3742] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 245.041332][ T3742] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 245.049675][ T3742] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.056786][ T3742] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.064900][ T9588] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 245.102414][ T9588] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 245.158114][ T9597] team0: Port device team_slave_1 added [ 245.166766][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 245.186878][ T9592] team0: Port device team_slave_0 added [ 245.195170][ T9595] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.204884][ T9595] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.215802][ T9595] device bridge_slave_0 entered promiscuous mode [ 245.226919][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 245.239920][ T9595] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.247091][ T9595] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.255808][ T9595] device bridge_slave_1 entered promiscuous mode [ 245.266007][ T9592] team0: Port device team_slave_1 added [ 245.293703][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 245.314111][ T9585] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.326088][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 245.335205][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 245.346248][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 245.393168][ T9597] device hsr_slave_0 entered promiscuous mode [ 245.440865][ T9597] device hsr_slave_1 entered promiscuous mode [ 245.480487][ T9597] debugfs: Directory 'hsr0' with parent '/' already present! [ 245.508392][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 245.517644][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 245.529043][ T9595] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 245.542344][ T9595] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 245.623853][ T9592] device hsr_slave_0 entered promiscuous mode [ 245.670633][ T9592] device hsr_slave_1 entered promiscuous mode [ 245.740468][ T9592] debugfs: Directory 'hsr0' with parent '/' already present! [ 245.750534][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 245.759347][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 245.775371][ T9595] team0: Port device team_slave_0 added [ 245.805895][ T9585] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.815771][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.824379][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 245.834831][ T9595] team0: Port device team_slave_1 added [ 245.844702][ T9583] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 245.856701][ T9583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 245.907053][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 245.917631][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 245.928274][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 245.937180][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 245.946211][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.953337][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.961679][ T9597] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 246.016718][ T9597] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 246.116288][ T9595] device hsr_slave_0 entered promiscuous mode [ 246.170869][ T9595] device hsr_slave_1 entered promiscuous mode [ 246.231837][ T9595] debugfs: Directory 'hsr0' with parent '/' already present! [ 246.246571][ T9600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 246.257756][ T9600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 246.268437][ T9600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 246.277937][ T9600] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.285222][ T9600] bridge0: port 2(bridge_slave_1) entered forwarding state [ 246.294429][ T9600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 246.303623][ T9600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 246.315162][ T9597] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 246.373845][ T9597] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 246.441811][ T9600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 246.452034][ T9600] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 246.462296][ T9600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 246.472102][ T9600] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 246.482279][ T9600] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 246.489919][ T9600] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 246.523770][ T9595] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 246.570155][ T9595] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 246.625670][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 246.633835][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 246.643121][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 246.651783][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 246.661705][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 246.670349][ T9592] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 246.726839][ T9588] 8021q: adding VLAN 0 to HW filter on device bond0 [ 246.737078][ T9583] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 246.745713][ T9585] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 246.754026][ T9595] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 246.804607][ T9592] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 246.863345][ T9592] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 246.907795][ T27] audit: type=1400 audit(1575434838.886:47): avc: denied { associate } for pid=9583 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 246.920319][ T9595] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 246.970580][ T9592] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 246.998393][ T9600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 247.006510][ T9600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 247.014921][ T9600] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 247.022437][ T9600] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 247.032122][ T9588] 8021q: adding VLAN 0 to HW filter on device team0 [ 247.043944][ T9585] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 247.096300][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 247.122154][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 247.141761][ T2723] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.149583][ T2723] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.165346][ T2723] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 247.192204][ T9591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 247.204842][ T9591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 247.213715][ T27] audit: type=1804 audit(1575434839.186:48): pid=9606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir559500043/syzkaller.75vHFQ/0/file0" dev="sda1" ino=16519 res=1 [ 247.246677][ T9591] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.254188][ T9591] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.262492][ T9591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 247.271311][ T9591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 247.305472][ T27] audit: type=1804 audit(1575434839.286:49): pid=9606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir559500043/syzkaller.75vHFQ/0/file0" dev="sda1" ino=16519 res=1 [ 247.347849][ T9588] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 247.373055][ T9610] ================================================================== [ 247.373170][ T9610] BUG: KASAN: slab-out-of-bounds in vcs_scr_readw+0xc2/0xd0 [ 247.373183][ T9610] Read of size 2 at addr ffff8880a3f512c0 by task syz-executor.1/9610 [ 247.373187][ T9610] [ 247.373206][ T9610] CPU: 0 PID: 9610 Comm: syz-executor.1 Not tainted 5.4.0-syzkaller #0 [ 247.373214][ T9610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 247.373219][ T9610] Call Trace: [ 247.373281][ T9610] dump_stack+0x197/0x210 [ 247.373297][ T9610] ? vcs_scr_readw+0xc2/0xd0 [ 247.373340][ T9610] print_address_description.constprop.0.cold+0xd4/0x30b [ 247.373353][ T9610] ? vcs_scr_readw+0xc2/0xd0 [ 247.373369][ T9610] ? vcs_scr_readw+0xc2/0xd0 [ 247.373384][ T9610] __kasan_report.cold+0x1b/0x41 [ 247.373421][ T9610] ? vcs_write+0x440/0xcf0 [ 247.373435][ T9610] ? vcs_scr_readw+0xc2/0xd0 [ 247.373453][ T9610] kasan_report+0x12/0x20 [ 247.373471][ T9610] __asan_report_load2_noabort+0x14/0x20 [ 247.373486][ T9610] vcs_scr_readw+0xc2/0xd0 [ 247.373502][ T9610] vcs_write+0x646/0xcf0 [ 247.373548][ T9610] ? ___might_sleep+0x163/0x2c0 [ 247.373578][ T9610] ? vcs_size+0x250/0x250 [ 247.373615][ T9610] ? selinux_file_permission+0x9b/0x580 [ 247.373673][ T9610] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 247.373727][ T9610] ? security_file_permission+0x8f/0x380 [ 247.373771][ T9610] __vfs_write+0x8a/0x110 [ 247.373784][ T9610] ? vcs_size+0x250/0x250 [ 247.373802][ T9610] vfs_write+0x268/0x5d0 [ 247.373823][ T9610] ksys_write+0x14f/0x290 [ 247.373842][ T9610] ? __ia32_sys_read+0xb0/0xb0 [ 247.373884][ T9610] ? do_syscall_64+0x26/0x790 [ 247.373925][ T9610] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 247.373940][ T9610] ? do_syscall_64+0x26/0x790 [ 247.373961][ T9610] __x64_sys_write+0x73/0xb0 [ 247.373980][ T9610] do_syscall_64+0xfa/0x790 [ 247.374002][ T9610] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 247.374014][ T9610] RIP: 0033:0x45a679 [ 247.374031][ T9610] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 247.374039][ T9610] RSP: 002b:00007f5271365c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 247.374053][ T9610] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 247.374062][ T9610] RDX: 0000000000000b73 RSI: 0000000020000180 RDI: 0000000000000004 [ 247.374070][ T9610] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 247.374079][ T9610] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f52713666d4 [ 247.374088][ T9610] R13: 00000000004cba44 R14: 00000000004e5608 R15: 00000000ffffffff [ 247.374109][ T9610] [ 247.374116][ T9610] Allocated by task 1: [ 247.374129][ T9610] save_stack+0x23/0x90 [ 247.374143][ T9610] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 247.374156][ T9610] kasan_kmalloc+0x9/0x10 [ 247.374187][ T9610] __kmalloc+0x163/0x770 [ 247.374199][ T9610] vc_do_resize+0x262/0x1460 [ 247.374209][ T9610] vc_resize+0x4d/0x60 [ 247.374243][ T9610] fbcon_init+0x122d/0x1a90 [ 247.374258][ T9610] visual_init+0x30a/0x5e0 [ 247.374270][ T9610] do_bind_con_driver+0x54c/0x8b0 [ 247.374282][ T9610] do_take_over_console+0x449/0x5a0 [ 247.374296][ T9610] do_fbcon_takeover+0x116/0x220 [ 247.374311][ T9610] fbcon_fb_registered+0x275/0x340 [ 247.374324][ T9610] register_framebuffer+0x5c3/0xa10 [ 247.374355][ T9610] vga16fb_probe+0x711/0x825 [ 247.374410][ T9610] platform_drv_probe+0x8d/0x140 [ 247.374422][ T9610] really_probe+0x291/0x710 [ 247.374437][ T9610] driver_probe_device+0x110/0x220 [ 247.374450][ T9610] __device_attach_driver+0x1c9/0x230 [ 247.374463][ T9610] bus_for_each_drv+0x172/0x1f0 [ 247.374475][ T9610] __device_attach+0x237/0x390 [ 247.374489][ T9610] device_initial_probe+0x1b/0x20 [ 247.374502][ T9610] bus_probe_device+0x1f1/0x2a0 [ 247.374537][ T9610] device_add+0x14fe/0x1d00 [ 247.374551][ T9610] platform_device_add+0x34d/0x6c0 [ 247.374606][ T9610] vga16fb_init+0x15f/0x1d6 [ 247.374621][ T9610] do_one_initcall+0x120/0x81a [ 247.374646][ T9610] kernel_init_freeable+0x4ca/0x5b9 [ 247.374662][ T9610] kernel_init+0x12/0x1bf [ 247.374675][ T9610] ret_from_fork+0x24/0x30 [ 247.374680][ T9610] [ 247.374687][ T9610] Freed by task 0: [ 247.374692][ T9610] (stack is not available) [ 247.374696][ T9610] [ 247.374707][ T9610] The buggy address belongs to the object at ffff8880a3f50000 [ 247.374707][ T9610] which belongs to the cache kmalloc-8k of size 8192 [ 247.374721][ T9610] The buggy address is located 4800 bytes inside of [ 247.374721][ T9610] 8192-byte region [ffff8880a3f50000, ffff8880a3f52000) [ 247.374727][ T9610] The buggy address belongs to the page: [ 247.374747][ T9610] page:ffffea00028fd400 refcount:1 mapcount:0 mapping:ffff8880aa4021c0 index:0x0 compound_mapcount: 0 [ 247.374767][ T9610] raw: 00fffe0000010200 ffffea00028fcb08 ffffea0002880f08 ffff8880aa4021c0 [ 247.374786][ T9610] raw: 0000000000000000 ffff8880a3f50000 0000000100000001 0000000000000000 [ 247.374793][ T9610] page dumped because: kasan: bad access detected [ 247.374797][ T9610] [ 247.374802][ T9610] Memory state around the buggy address: [ 247.374815][ T9610] ffff8880a3f51180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 247.374828][ T9610] ffff8880a3f51200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 247.374840][ T9610] >ffff8880a3f51280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 247.374847][ T9610] ^ [ 247.374859][ T9610] ffff8880a3f51300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 247.374871][ T9610] ffff8880a3f51380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 247.374877][ T9610] ================================================================== [ 247.374883][ T9610] Disabling lock debugging due to kernel taint [ 247.374947][ T9610] Kernel panic - not syncing: panic_on_warn set ... [ 247.374963][ T9610] CPU: 0 PID: 9610 Comm: syz-executor.1 Tainted: G B 5.4.0-syzkaller #0 [ 247.374971][ T9610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 247.374976][ T9610] Call Trace: [ 247.374994][ T9610] dump_stack+0x197/0x210 [ 247.375041][ T9610] panic+0x2e3/0x75c [ 247.375063][ T9610] ? add_taint.cold+0x16/0x16 [ 247.375077][ T9610] ? vcs_scr_readw+0xc2/0xd0 [ 247.375091][ T9610] ? preempt_schedule+0x4b/0x60 [ 247.375106][ T9610] ? ___preempt_schedule+0x16/0x18 [ 247.375144][ T9610] ? trace_hardirqs_on+0x5e/0x240 [ 247.375160][ T9610] ? vcs_scr_readw+0xc2/0xd0 [ 247.375174][ T9610] end_report+0x47/0x4f [ 247.375187][ T9610] ? vcs_scr_readw+0xc2/0xd0 [ 247.375200][ T9610] __kasan_report.cold+0xe/0x41 [ 247.375215][ T9610] ? vcs_write+0x440/0xcf0 [ 247.375227][ T9610] ? vcs_scr_readw+0xc2/0xd0 [ 247.375240][ T9610] kasan_report+0x12/0x20 [ 247.375254][ T9610] __asan_report_load2_noabort+0x14/0x20 [ 247.375266][ T9610] vcs_scr_readw+0xc2/0xd0 [ 247.375279][ T9610] vcs_write+0x646/0xcf0 [ 247.375292][ T9610] ? ___might_sleep+0x163/0x2c0 [ 247.375311][ T9610] ? vcs_size+0x250/0x250 [ 247.375324][ T9610] ? selinux_file_permission+0x9b/0x580 [ 247.375340][ T9610] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 247.375355][ T9610] ? security_file_permission+0x8f/0x380 [ 247.375370][ T9610] __vfs_write+0x8a/0x110 [ 247.375381][ T9610] ? vcs_size+0x250/0x250 [ 247.375394][ T9610] vfs_write+0x268/0x5d0 [ 247.375410][ T9610] ksys_write+0x14f/0x290 [ 247.375423][ T9610] ? __ia32_sys_read+0xb0/0xb0 [ 247.375438][ T9610] ? do_syscall_64+0x26/0x790 [ 247.375453][ T9610] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 247.375466][ T9610] ? do_syscall_64+0x26/0x790 [ 247.375481][ T9610] __x64_sys_write+0x73/0xb0 [ 247.375496][ T9610] do_syscall_64+0xfa/0x790 [ 247.375512][ T9610] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 247.375522][ T9610] RIP: 0033:0x45a679 [ 247.375536][ T9610] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 247.375543][ T9610] RSP: 002b:00007f5271365c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 247.375556][ T9610] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 247.375564][ T9610] RDX: 0000000000000b73 RSI: 0000000020000180 RDI: 0000000000000004 [ 247.375571][ T9610] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 247.375579][ T9610] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f52713666d4 [ 247.375587][ T9610] R13: 00000000004cba44 R14: 00000000004e5608 R15: 00000000ffffffff [ 247.377412][ T9610] Kernel Offset: disabled [ 248.210207][ T9610] Rebooting in 86400 seconds..