[ 143.163259][ T9419] sshd (9419) used greatest stack depth: 23712 bytes left Warning: Permanently added '[localhost]:36715' (ECDSA) to the list of known hosts. [ 146.451492][ T40] audit: type=1400 audit(1595198974.269:42): avc: denied { map } for pid=9435 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/07/19 22:49:34 fuzzer started 2020/07/19 22:49:34 dialing manager at 10.0.2.10:41673 2020/07/19 22:49:35 syscalls: 3205 2020/07/19 22:49:35 code coverage: enabled 2020/07/19 22:49:35 comparison tracing: enabled 2020/07/19 22:49:35 extra coverage: enabled 2020/07/19 22:49:35 setuid sandbox: enabled 2020/07/19 22:49:35 namespace sandbox: enabled 2020/07/19 22:49:35 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/19 22:49:35 fault injection: enabled 2020/07/19 22:49:35 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/19 22:49:35 net packet injection: enabled 2020/07/19 22:49:35 net device setup: enabled 2020/07/19 22:49:35 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/19 22:49:35 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/19 22:49:35 USB emulation: enabled [ 147.247745][ T40] audit: type=1400 audit(1595198975.059:43): avc: denied { integrity } for pid=9451 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 22:50:20 executing program 0: r0 = socket(0x2, 0x3, 0x0) connect$unix(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="8202"], 0x10) writev(r0, &(0x7f00000006c0)=[{&(0x7f0000000000)="a86145f9bf5be18b848b034e4e9058b3f123ca30a935a303af2b35054ee338ca17bd2c7c5b8b4090479abf7cbf8d6cbc47172bb61baa6eb4f911886ea04b33ae765588373f2d83c4874e5d73d64a56efa6337b8dd0a4b77ad9fba144d83a45202031cdf22a03755296fde5f67186bd3fa8016e4e0e7d2f40412215653ace8dbd6817d2dba413df70d7fbf471653bd0bbf76fe851e77ea69546e5c8af", 0x9c}, {&(0x7f00000001c0)="00b28155c420c25a13d56caf5b0024a28d5684ba7732dca76742ce6f91c442ad311e08ca59bbcc7c419a1db36ba01d6ae4adfc8d3c57dfcbc1c2ff34f62591fa0b4b6c", 0x43}, {&(0x7f0000000240)="d5dc9400163b764b25135a128c1b2f7e5b345f348ed7a93c73de93a254cdc0248114d59d8ea8a152eb18a64cf9d0ba652e1a1df42ff392acd147f6c8af100a4460802d5c9f576d2463a2a52be3c6", 0x4e}, {&(0x7f0000000140)="bd548b2a3221db0cbda63f40d3f545045c7e9928bb30c906f5b28a25fc624049709c5a3a31", 0x25}, {&(0x7f00000002c0)="51d9a2352d0dc5c3c12437d8cd72e8097c679b5c123e11586491446f4058d29ee70c4109352c6cbde1fb578e309ff13aa4089ace9875a60a349e672528d1839fa98b1190d471100a31e9e59a498c557320756f8fb4a940f0bb9e14", 0x5b}, {&(0x7f0000000340)="233a852a7832298cce3bc71c0ba63e7713b02b676eca864dab8ebd386ded8ccf8932410c7fb733ab841b47d4af57a1ab9a4626e4a93da0a4c942298c5e8f6c8a6478d82f0ffa7ffe4736e6bf3639b4875027f9d54afc501f082127c942063e8d19e2f7f23225442f44344790fc208fe978c370207bf4", 0x76}, {&(0x7f00000003c0)="9f3c2c56757d8e06f12f72bf475cd33dcc5d843f5dc6da8321057d0120cb58804952aa0ff1dbad5393369fe72e28ab8e754ebe809205483a72d7ad64e2c675a7843f80b1a495148914bf98120a110b509ac705dd771db6ae5ad62739c4cebd7ac931b745ad7ed7d26dc874ad51497271484f0dd9ac4548035091d48e86e36b6ef601a270a3daf18ec4c22ff29fd0f5cb5656f56da211fc8ef515293d58", 0x9d}, {&(0x7f0000000480)="c3ad2d58dc6235e7fb0112e6145fcc33733d211d2c7451775ef58849ee55e8ddb5f72e7ca28be684de46d865ff01c0672355fff90eeb6daf07052fb3c972b2dbee9d298ea6ca78cafe5917dd14560ceb8462c1e7f671deab84c6a4eebf629c0e0ff509903016b47b72cebc8cac6f768e79343d4391ecc9b3194c41fedb77db2f722c9213160702", 0x87}, {&(0x7f0000000540)="a7d1cfe0efd9951ef039b7922e996c3a8399", 0x12}], 0x9) [ 192.467956][ T40] audit: type=1400 audit(1595199020.279:44): avc: denied { map } for pid=9455 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=2084 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 22:50:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000010000507a57d6663a29ac793baa39f91", @ANYRES32, @ANYBLOB="00000000000000001c0012800b00010062726964676500000c00028008001500000000000a0001000080c2000000000008000a00", @ANYRES64], 0x50}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 22:50:20 executing program 2: r0 = socket(0x18, 0x1, 0x0) setsockopt$sock_int(r0, 0xffff, 0x1000, 0x0, 0x0) 22:50:21 executing program 3: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000140)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=./file0']) [ 193.315170][ T9457] IPVS: ftp: loaded support on port[0] = 21 [ 193.315177][ T9459] IPVS: ftp: loaded support on port[0] = 21 [ 193.700884][ T9462] IPVS: ftp: loaded support on port[0] = 21 [ 193.701196][ T9461] IPVS: ftp: loaded support on port[0] = 21 [ 193.738438][ T9457] chnl_net:caif_netlink_parms(): no params data found [ 193.759602][ T9459] chnl_net:caif_netlink_parms(): no params data found [ 193.953100][ T9459] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.970918][ T9459] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.991432][ T9459] device bridge_slave_0 entered promiscuous mode [ 194.025024][ T9459] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.036977][ T9459] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.050585][ T9459] device bridge_slave_1 entered promiscuous mode [ 194.073322][ T9457] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.084658][ T9457] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.099668][ T9457] device bridge_slave_0 entered promiscuous mode [ 194.140405][ T9459] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 194.160935][ T9459] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 194.178681][ T9457] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.191665][ T9457] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.210664][ T9457] device bridge_slave_1 entered promiscuous mode [ 194.242367][ T9457] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 194.318703][ T9457] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 194.376223][ T9459] team0: Port device team_slave_0 added [ 194.435235][ T9462] chnl_net:caif_netlink_parms(): no params data found [ 194.461061][ T9459] team0: Port device team_slave_1 added [ 194.481285][ T9457] team0: Port device team_slave_0 added [ 194.500035][ T9461] chnl_net:caif_netlink_parms(): no params data found [ 194.548492][ T9457] team0: Port device team_slave_1 added [ 194.611818][ T9459] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 194.634039][ T9459] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.695125][ T9459] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 194.749732][ T9457] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 194.766436][ T9457] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.868093][ T9457] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 194.915382][ T9459] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 194.935703][ T9459] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 195.027700][ T9459] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 195.089980][ T9457] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 195.125016][ T9457] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 195.221179][ T9457] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 195.288210][ T9462] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.310497][ T9462] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.336234][ T9462] device bridge_slave_0 entered promiscuous mode [ 195.452390][ T9457] device hsr_slave_0 entered promiscuous mode [ 195.530557][ T9457] device hsr_slave_1 entered promiscuous mode [ 195.612574][ T9461] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.636611][ T9461] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.667239][ T9461] device bridge_slave_0 entered promiscuous mode [ 195.695821][ T9462] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.727274][ T9462] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.762210][ T9462] device bridge_slave_1 entered promiscuous mode [ 195.841981][ T9459] device hsr_slave_0 entered promiscuous mode [ 195.924883][ T9459] device hsr_slave_1 entered promiscuous mode [ 195.989657][ T9459] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 196.017208][ T9459] Cannot create hsr debugfs directory [ 196.035943][ T9461] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.056241][ T9461] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.074534][ T9461] device bridge_slave_1 entered promiscuous mode [ 196.136913][ T9461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 196.179750][ T9462] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 196.201347][ T9461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 196.241937][ T9462] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 196.275304][ T9461] team0: Port device team_slave_0 added [ 196.321106][ T9461] team0: Port device team_slave_1 added [ 196.374866][ T9461] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 196.408409][ T9461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.493823][ T9461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 196.523603][ T9461] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 196.541324][ T9461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.599852][ T9461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 196.624533][ T9462] team0: Port device team_slave_0 added [ 196.658568][ T9462] team0: Port device team_slave_1 added [ 196.718397][ T9462] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 196.730508][ T9462] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.807194][ T9462] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 196.837999][ T9462] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 196.856874][ T9462] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.929130][ T9462] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 197.011794][ T9461] device hsr_slave_0 entered promiscuous mode [ 197.069304][ T9461] device hsr_slave_1 entered promiscuous mode [ 197.119216][ T9461] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 197.133617][ T9461] Cannot create hsr debugfs directory [ 197.352537][ T9462] device hsr_slave_0 entered promiscuous mode [ 197.399453][ T9462] device hsr_slave_1 entered promiscuous mode [ 197.479258][ T9462] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 197.498307][ T9462] Cannot create hsr debugfs directory [ 197.547801][ T40] audit: type=1400 audit(1595199025.359:45): avc: denied { create } for pid=9457 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 197.564360][ T9457] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 197.618491][ T40] audit: type=1400 audit(1595199025.359:46): avc: denied { write } for pid=9457 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 197.689641][ T40] audit: type=1400 audit(1595199025.369:47): avc: denied { read } for pid=9457 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 197.807267][ T9457] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 197.866262][ T9457] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 197.981386][ T9457] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 198.110849][ T9459] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 198.212688][ T9459] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 198.285726][ T9459] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 198.353724][ T9459] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 198.477748][ T9462] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 198.562135][ T9462] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 198.654181][ T9462] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 198.736786][ T9462] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 198.848075][ T9461] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 198.903156][ T9461] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 198.994630][ T9461] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 199.065799][ T9461] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 199.277299][ T9457] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.315904][ T9483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.333344][ T9483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.352851][ T9457] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.375265][ T9459] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.406895][ T9462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.421399][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.436870][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.453474][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.465098][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.488415][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 199.520946][ T9461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.542767][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.557042][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.572631][ T2420] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.587328][ T2420] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.607046][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.622312][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.643025][ T9459] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.667882][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.700795][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.727478][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.759484][ T9462] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.797816][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.814243][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.831384][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.847064][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.862340][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.879927][ T9484] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.893604][ T9484] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.907933][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.924416][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.940913][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.958579][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.973026][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.986517][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 200.001558][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 200.015856][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 200.041576][ T9461] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.058429][ T9457] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 200.077027][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 200.093341][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.107878][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.124529][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.138530][ T1219] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.150695][ T1219] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.166473][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 200.195110][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.213040][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.233019][ T2854] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.250451][ T2854] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.270096][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.292197][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.313991][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.336570][ T2854] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.355129][ T2854] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.383000][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 200.400187][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.417020][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.434257][ T2854] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.451317][ T2854] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.467908][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.489830][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.509771][ T2854] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.531012][ T2854] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.550053][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.568517][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.599465][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.616936][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.634918][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.653652][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.695751][ T9459] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 200.717245][ T9459] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 200.743772][ T9483] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 200.760357][ T9483] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 200.776895][ T9483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.796020][ T9483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.814521][ T9483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.833299][ T9483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 200.850594][ T9483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 200.868227][ T9483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 200.886165][ T9483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 200.904096][ T9483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.930293][ T9457] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 200.962150][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 200.983879][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.007242][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.026952][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.046708][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.067824][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.084475][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.100347][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.116101][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.144322][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.162753][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.178324][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.191129][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.206723][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.223043][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.250566][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.266820][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.290680][ T9461] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 201.324166][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.345088][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.364691][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 201.383053][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 201.430309][ T9459] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.452342][ T9483] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 201.482906][ T9483] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 201.503835][ T9483] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 201.525972][ T9483] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 201.565503][ T9462] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.598419][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 201.664665][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 201.696090][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 201.722989][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 201.755050][ T9457] device veth0_vlan entered promiscuous mode [ 201.795320][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 201.824106][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 201.847479][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 201.872129][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 201.905462][ T9457] device veth1_vlan entered promiscuous mode [ 201.935415][ T9461] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.971223][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 201.990746][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 202.009256][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 202.028209][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 202.073236][ T9462] device veth0_vlan entered promiscuous mode [ 202.097187][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 202.122652][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 202.149378][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 202.184411][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 202.214145][ T9459] device veth0_vlan entered promiscuous mode [ 202.251426][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 202.277059][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 202.297347][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 202.323925][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 202.359920][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 202.387529][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 202.436453][ T9459] device veth1_vlan entered promiscuous mode [ 202.472346][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 202.504364][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 202.533852][ T9462] device veth1_vlan entered promiscuous mode [ 202.567720][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 202.591752][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 202.616481][ T9457] device veth0_macvtap entered promiscuous mode [ 202.637463][ T9457] device veth1_macvtap entered promiscuous mode [ 202.655193][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 202.679115][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 202.703943][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 202.725542][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 202.761561][ T9461] device veth0_vlan entered promiscuous mode [ 202.806216][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 202.847843][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 202.911737][ T9462] device veth0_macvtap entered promiscuous mode [ 202.949437][ T9461] device veth1_vlan entered promiscuous mode [ 202.976086][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 202.999496][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 203.019876][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 203.048374][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 203.079918][ T9459] device veth0_macvtap entered promiscuous mode [ 203.107855][ T9457] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 203.142658][ T9457] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 203.162924][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 203.176396][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 203.191489][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 203.212400][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 203.228995][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 203.255434][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 203.293889][ T9462] device veth1_macvtap entered promiscuous mode [ 203.345494][ T9459] device veth1_macvtap entered promiscuous mode [ 203.503696][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 203.534184][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 203.556834][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 203.578523][ T9472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 203.657749][ T9462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 203.700476][ T9462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.739451][ T9462] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 203.769889][ T9461] device veth0_macvtap entered promiscuous mode [ 203.791156][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 203.809708][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 203.827274][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 203.852749][ T9461] device veth1_macvtap entered promiscuous mode [ 203.966844][ T40] audit: type=1400 audit(1595199031.779:48): avc: denied { associate } for pid=9457 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 203.971512][ T9459] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 204.111406][ T9459] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.154840][ T9459] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 204.207405][ T9459] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.246098][ T9459] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 204.275567][ T9462] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 204.316331][ T9462] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.363546][ T9462] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.432878][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 204.476250][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 204.511032][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 204.551066][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 205.156579][ T9459] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 205.166553][ T9457] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 205.196608][ T9459] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.196784][ T9459] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 205.196788][ T9459] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.238489][ T9459] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.472707][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 205.557265][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 205.840358][ T9461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 205.913821][ T9461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.968346][ T9461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 206.030387][ T9461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.108071][ T9461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 206.149664][ T9461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.190850][ T9461] batman_adv: batadv0: Interface activated: batadv_slave_0 22:50:34 executing program 0: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) get_robust_list(0x0, &(0x7f0000000380)=0x0, &(0x7f00000003c0)) [ 206.325897][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 206.368665][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 206.413875][ T40] audit: type=1400 audit(1595199034.209:49): avc: denied { open } for pid=9494 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 206.529419][ T40] audit: type=1400 audit(1595199034.219:50): avc: denied { perfmon } for pid=9494 comm="syz-executor.0" capability=38 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 206.530534][ T9461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 206.607942][ T40] audit: type=1400 audit(1595199034.219:51): avc: denied { kernel } for pid=9494 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 206.626116][ T9461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.626129][ T9461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 206.626133][ T9461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.626150][ T9461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 206.626155][ T9461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.627977][ T9461] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 206.674345][ T40] audit: type=1400 audit(1595199034.219:52): avc: denied { confidentiality } for pid=9494 comm="syz-executor.0" lockdown_reason="unsafe use of perf" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 22:50:34 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUTCMAP(r0, 0x4608, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 207.021724][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 207.050118][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 22:50:34 executing program 0: r0 = open(&(0x7f0000000080)='./file0\x00', 0x615, 0x0) preadv(r0, &(0x7f0000001180)=[{0x0}], 0x1, 0x0) 22:50:34 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') mkdir(&(0x7f0000000400)='./bus\x00', 0x0) r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) [ 207.367847][ T9507] overlayfs: failed to resolve './file0': -2 22:50:35 executing program 0: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') mkdir(&(0x7f0000000400)='./bus\x00', 0x0) r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) [ 207.590709][ T9507] overlayfs: failed to resolve './file0': -2 22:50:35 executing program 2: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') mkdir(&(0x7f0000000400)='./bus\x00', 0x0) r0 = open(&(0x7f0000000300)='./bus\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) 22:50:35 executing program 3: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000140)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=./file0']) 22:50:35 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x0, 0x0, 0xffffffffffffff39) 22:50:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000010000507a57d6663a29ac793baa39f91", @ANYRES32, @ANYBLOB="00000000000000001c0012800b00010062726964676500000c00028008001500000000000a0001000080c2000000000008000a00", @ANYRES64], 0x50}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 207.917472][ T9531] overlayfs: failed to resolve './file0': -2 [ 207.934636][ T9534] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 22:50:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000010000507a57d6663a29ac793baa39f91", @ANYRES32, @ANYBLOB="00000000000000001c0012800b00010062726964676500000c00028008001500000000000a0001000080c2000000000008000a00", @ANYRES64], 0x50}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 22:50:35 executing program 3: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, 0x0, 0x0) 22:50:36 executing program 3: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) chdir(&(0x7f0000000000)='./file1\x00') r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, 0x0, 0x0) 22:50:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000010000507a57d6663a29ac793baa39f91", @ANYRES32, @ANYBLOB="00000000000000001c0012800b00010062726964676500000c00028008001500000000000a0001000080c2000000000008000a00", @ANYRES64], 0x50}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 22:50:36 executing program 2: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x14, &(0x7f0000001300)) ptrace(0x10, r0) 22:50:36 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000200)) ioctl$FBIOPUTCMAP(r0, 0x4605, &(0x7f00000001c0)={0x0, 0x4, &(0x7f0000000000)=[0x0, 0x5, 0x0, 0x0], &(0x7f0000000040)=[0x0, 0x0], &(0x7f0000000080)=[0x0], &(0x7f00000000c0)=[0x0]}) 22:50:36 executing program 2: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x14, &(0x7f0000001300)) ptrace(0x10, r0) [ 208.507366][ T9568] ================================================================== [ 208.508811][ T9568] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400 [ 208.508811][ T9568] Write of size 8 at addr ffffc90009b71000 by task syz-executor.3/9568 [ 208.508811][ T9568] [ 208.508811][ T9568] CPU: 3 PID: 9568 Comm: syz-executor.3 Not tainted 5.8.0-rc5-syzkaller #0 [ 208.508811][ T9568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 208.508811][ T9568] Call Trace: [ 208.508811][ T9568] dump_stack+0x18f/0x20d [ 208.508811][ T9568] ? bitfill_aligned+0x34a/0x400 [ 208.508811][ T9568] ? bitfill_aligned+0x34a/0x400 [ 208.508811][ T9568] print_address_description.constprop.0.cold+0x5/0x436 [ 208.508811][ T9568] ? lockdep_hardirqs_off+0x66/0xa0 [ 208.508811][ T9568] ? vprintk_func+0x97/0x1a6 [ 208.508811][ T9568] ? bitfill_aligned+0x34a/0x400 [ 208.508811][ T9568] kasan_report.cold+0x1f/0x37 [ 208.508811][ T9568] ? bitfill_aligned+0x34a/0x400 [ 208.508811][ T9568] bitfill_aligned+0x34a/0x400 [ 208.508811][ T9568] sys_fillrect+0x408/0x7a0 [ 208.508811][ T9568] ? sys_fillrect+0x7a0/0x7a0 [ 208.508811][ T9568] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 208.508811][ T9568] bit_clear_margins+0x2d5/0x4a0 [ 208.508811][ T9568] ? bit_bmove+0x210/0x210 [ 208.508811][ T9568] fbcon_clear_margins+0x1d5/0x230 [ 208.508811][ T9568] fbcon_switch+0xb6e/0x16c0 [ 208.508811][ T9568] ? fbcon_scroll+0x3600/0x3600 [ 208.508811][ T9568] ? fbcon_cursor+0x52b/0x650 [ 208.508811][ T9568] ? kmalloc_array.constprop.0+0x20/0x20 [ 208.508811][ T9568] ? is_console_locked+0x5/0x10 [ 208.508811][ T9568] ? fbcon_set_origin+0x26/0x50 [ 208.508811][ T9568] redraw_screen+0x2ae/0x770 [ 208.508811][ T9568] ? vc_init+0x440/0x440 [ 208.508811][ T9568] ? fb_get_color_depth+0x11a/0x240 [ 208.508811][ T9568] ? fbcon_set_palette+0x3a8/0x490 [ 208.508811][ T9568] fbcon_modechanged+0x575/0x710 [ 208.508811][ T9568] fbcon_update_vcs+0x3a/0x50 [ 208.508811][ T9568] fb_set_var+0xae8/0xd60 [ 208.508811][ T9568] ? fb_blank+0x190/0x190 [ 208.508811][ T9568] ? lock_release+0x8d0/0x8d0 [ 208.508811][ T9568] ? lock_is_held_type+0xb0/0xe0 [ 208.508811][ T9568] ? do_fb_ioctl+0x2f2/0x6c0 [ 208.508811][ T9568] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 208.508811][ T9568] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 208.508811][ T9568] ? trace_hardirqs_on+0x5f/0x220 [ 208.508811][ T9568] do_fb_ioctl+0x33f/0x6c0 [ 208.508811][ T9568] ? fb_set_suspend+0x1a0/0x1a0 [ 208.508811][ T9568] ? tomoyo_execute_permission+0x470/0x470 [ 208.508811][ T9568] ? lock_is_held_type+0xb0/0xe0 [ 208.508811][ T9568] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 208.508811][ T9568] ? do_vfs_ioctl+0x27d/0x1090 [ 208.508811][ T9568] ? __fget_files+0x294/0x400 [ 208.508811][ T9568] fb_ioctl+0xdd/0x130 [ 208.508811][ T9568] ? do_fb_ioctl+0x6c0/0x6c0 [ 208.508811][ T9568] ksys_ioctl+0x11a/0x180 [ 208.508811][ T9568] __x64_sys_ioctl+0x6f/0xb0 [ 208.508811][ T9568] ? lockdep_hardirqs_on+0x6a/0xe0 [ 208.508811][ T9568] do_syscall_64+0x60/0xe0 [ 208.508811][ T9568] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 208.508811][ T9568] RIP: 0033:0x45c049 [ 208.508811][ T9568] Code: Bad RIP value. [ 208.508811][ T9568] RSP: 002b:00007f37d495cc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 208.508811][ T9568] RAX: ffffffffffffffda RBX: 00000000006fb3c0 RCX: 000000000045c049 [ 208.508811][ T9568] RDX: 0000000020000200 RSI: 0000000000004601 RDI: 0000000000000003 [ 208.508811][ T9568] RBP: 00000000004a906e R08: 0000000000000000 R09: 0000000000000000 [ 208.508811][ T9568] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074bf00 [ 208.508811][ T9568] R13: 00007fffddbc235f R14: 00007f37d493d000 R15: 0000000000000003 [ 208.508811][ T9568] [ 208.508811][ T9568] [ 208.508811][ T9568] Memory state around the buggy address: [ 208.508811][ T9568] ffffc90009b70f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 208.508811][ T9568] ffffc90009b70f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 208.508811][ T9568] >ffffc90009b71000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 208.508811][ T9568] ^ [ 208.508811][ T9568] ffffc90009b71080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 208.508811][ T9568] ffffc90009b71100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 208.508811][ T9568] ================================================================== [ 208.508811][ T9568] Disabling lock debugging due to kernel taint [ 208.520915][ T9568] Kernel panic - not syncing: panic_on_warn set ... [ 208.520927][ T9568] CPU: 3 PID: 9568 Comm: syz-executor.3 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 208.520959][ T9568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 208.521045][ T9568] Call Trace: [ 208.521161][ T9568] dump_stack+0x18f/0x20d [ 208.521174][ T9568] ? bitfill_aligned+0x310/0x400 [ 208.521344][ T9568] panic+0x2e3/0x75c [ 208.521362][ T9568] ? __warn_printk+0xf3/0xf3 [ 208.521377][ T9568] ? preempt_schedule_common+0x59/0xc0 [ 208.521386][ T9568] ? bitfill_aligned+0x34a/0x400 [ 208.521498][ T9568] ? preempt_schedule_thunk+0x16/0x18 [ 208.521516][ T9568] ? trace_hardirqs_on+0x55/0x220 [ 208.521535][ T9568] ? bitfill_aligned+0x34a/0x400 [ 208.521553][ T9568] ? bitfill_aligned+0x34a/0x400 [ 208.521569][ T9568] end_report+0x4d/0x53 [ 208.521585][ T9568] kasan_report.cold+0xd/0x37 [ 208.521602][ T9568] ? bitfill_aligned+0x34a/0x400 [ 208.521619][ T9568] bitfill_aligned+0x34a/0x400 [ 208.521634][ T9568] sys_fillrect+0x408/0x7a0 [ 208.521651][ T9568] ? sys_fillrect+0x7a0/0x7a0 [ 208.521677][ T9568] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 208.521694][ T9568] bit_clear_margins+0x2d5/0x4a0 [ 208.521710][ T9568] ? bit_bmove+0x210/0x210 [ 208.521734][ T9568] fbcon_clear_margins+0x1d5/0x230 [ 208.521750][ T9568] fbcon_switch+0xb6e/0x16c0 [ 208.521771][ T9568] ? fbcon_scroll+0x3600/0x3600 [ 208.521793][ T9568] ? fbcon_cursor+0x52b/0x650 [ 208.521811][ T9568] ? kmalloc_array.constprop.0+0x20/0x20 [ 208.521865][ T9568] ? is_console_locked+0x5/0x10 [ 208.521882][ T9568] ? fbcon_set_origin+0x26/0x50 [ 208.521907][ T9568] redraw_screen+0x2ae/0x770 [ 208.521932][ T9568] ? vc_init+0x440/0x440 [ 208.521952][ T9568] ? fb_get_color_depth+0x11a/0x240 [ 208.521970][ T9568] ? fbcon_set_palette+0x3a8/0x490 [ 208.521992][ T9568] fbcon_modechanged+0x575/0x710 [ 208.522012][ T9568] fbcon_update_vcs+0x3a/0x50 [ 208.522026][ T9568] fb_set_var+0xae8/0xd60 [ 208.522043][ T9568] ? fb_blank+0x190/0x190 [ 208.522061][ T9568] ? lock_release+0x8d0/0x8d0 [ 208.522084][ T9568] ? lock_is_held_type+0xb0/0xe0 [ 208.522113][ T9568] ? do_fb_ioctl+0x2f2/0x6c0 [ 208.522136][ T9568] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 208.522155][ T9568] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 208.522172][ T9568] ? trace_hardirqs_on+0x5f/0x220 [ 208.522195][ T9568] do_fb_ioctl+0x33f/0x6c0 [ 208.522213][ T9568] ? fb_set_suspend+0x1a0/0x1a0 [ 208.522232][ T9568] ? tomoyo_execute_permission+0x470/0x470 [ 208.522253][ T9568] ? lock_is_held_type+0xb0/0xe0 [ 208.522278][ T9568] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 208.522294][ T9568] ? do_vfs_ioctl+0x27d/0x1090 [ 208.522322][ T9568] ? __fget_files+0x294/0x400 [ 208.522344][ T9568] fb_ioctl+0xdd/0x130 [ 208.522381][ T9568] ? do_fb_ioctl+0x6c0/0x6c0 [ 208.522398][ T9568] ksys_ioctl+0x11a/0x180 [ 208.522412][ T9568] __x64_sys_ioctl+0x6f/0xb0 [ 208.522429][ T9568] ? lockdep_hardirqs_on+0x6a/0xe0 [ 208.522447][ T9568] do_syscall_64+0x60/0xe0 [ 208.522464][ T9568] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 208.522477][ T9568] RIP: 0033:0x45c049 [ 208.522485][ T9568] Code: Bad RIP value. [ 208.522500][ T9568] RSP: 002b:00007f37d495cc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 208.522518][ T9568] RAX: ffffffffffffffda RBX: 00000000006fb3c0 RCX: 000000000045c049 [ 208.522527][ T9568] RDX: 0000000020000200 RSI: 0000000000004601 RDI: 0000000000000003 [ 208.522535][ T9568] RBP: 00000000004a906e R08: 0000000000000000 R09: 0000000000000000 [ 208.522540][ T9568] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074bf00 [ 208.522547][ T9568] R13: 00007fffddbc235f R14: 00007f37d493d000 R15: 0000000000000003 [ 208.528813][ T9568] Kernel Offset: disabled [ 208.528813][ T9568] Rebooting in 86400 seconds..