[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 33.577396] audit: type=1800 audit(1568954215.755:33): pid=6902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 33.601081] audit: type=1800 audit(1568954215.765:34): pid=6902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 [ 34.313365] random: sshd: uninitialized urandom read (32 bytes read) [ 34.628527] audit: type=1400 audit(1568954216.805:35): avc: denied { map } for pid=7073 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 34.684474] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.321763] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.178' (ECDSA) to the list of known hosts. [ 40.902422] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/20 04:37:03 fuzzer started [ 41.105885] audit: type=1400 audit(1568954223.285:36): avc: denied { map } for pid=7085 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 41.678025] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/20 04:37:04 dialing manager at 10.128.0.105:43807 2019/09/20 04:37:04 syscalls: 2472 2019/09/20 04:37:04 code coverage: enabled 2019/09/20 04:37:04 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/20 04:37:04 extra coverage: extra coverage is not supported by the kernel 2019/09/20 04:37:04 setuid sandbox: enabled 2019/09/20 04:37:04 namespace sandbox: enabled 2019/09/20 04:37:04 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/20 04:37:04 fault injection: enabled 2019/09/20 04:37:04 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/20 04:37:04 net packet injection: enabled 2019/09/20 04:37:04 net device setup: enabled [ 43.911383] random: crng init done 04:38:37 executing program 0: 04:38:37 executing program 1: [ 135.532880] audit: type=1400 audit(1568954317.715:37): avc: denied { map } for pid=7085 comm="syz-fuzzer" path="/root/syzkaller-shm870727044" dev="sda1" ino=16489 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 04:38:37 executing program 5: 04:38:37 executing program 2: 04:38:37 executing program 3: 04:38:37 executing program 4: [ 135.560387] audit: type=1400 audit(1568954317.715:38): avc: denied { map } for pid=7103 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13733 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 135.752164] IPVS: ftp: loaded support on port[0] = 21 [ 136.559750] IPVS: ftp: loaded support on port[0] = 21 [ 136.611869] chnl_net:caif_netlink_parms(): no params data found [ 136.666264] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.673269] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.681111] device bridge_slave_0 entered promiscuous mode [ 136.691991] IPVS: ftp: loaded support on port[0] = 21 [ 136.711461] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.717921] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.726082] device bridge_slave_1 entered promiscuous mode [ 136.755349] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 136.765750] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 136.787661] chnl_net:caif_netlink_parms(): no params data found [ 136.813107] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 136.820649] team0: Port device team_slave_0 added [ 136.828011] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 136.835428] team0: Port device team_slave_1 added [ 136.843145] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 136.850925] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 136.871948] IPVS: ftp: loaded support on port[0] = 21 [ 136.932926] device hsr_slave_0 entered promiscuous mode [ 137.020441] device hsr_slave_1 entered promiscuous mode [ 137.095005] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 137.102643] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.109092] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.116619] device bridge_slave_0 entered promiscuous mode [ 137.125842] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.132864] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.139908] device bridge_slave_1 entered promiscuous mode [ 137.147608] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 137.167339] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 137.182472] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 137.232075] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 137.239363] team0: Port device team_slave_0 added [ 137.265202] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 137.273631] team0: Port device team_slave_1 added [ 137.283737] IPVS: ftp: loaded support on port[0] = 21 [ 137.292680] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 137.302402] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 137.310262] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.316730] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.323816] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.330233] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.338314] chnl_net:caif_netlink_parms(): no params data found [ 137.413591] device hsr_slave_0 entered promiscuous mode [ 137.460422] device hsr_slave_1 entered promiscuous mode [ 137.521250] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 137.548224] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 137.585472] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.591884] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.598477] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.604837] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.617484] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.624917] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.632547] device bridge_slave_0 entered promiscuous mode [ 137.649879] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.656515] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.663740] device bridge_slave_1 entered promiscuous mode [ 137.682679] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.689790] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.697490] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.704191] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.749224] chnl_net:caif_netlink_parms(): no params data found [ 137.757569] IPVS: ftp: loaded support on port[0] = 21 [ 137.776283] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 137.785910] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 137.829976] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.837082] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.844284] device bridge_slave_0 entered promiscuous mode [ 137.878417] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 137.887709] team0: Port device team_slave_0 added [ 137.893975] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.901183] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.908199] device bridge_slave_1 entered promiscuous mode [ 137.935392] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 137.942715] team0: Port device team_slave_1 added [ 137.969609] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 137.977319] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 137.987437] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 137.997498] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 138.005933] chnl_net:caif_netlink_parms(): no params data found [ 138.064779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.122524] device hsr_slave_0 entered promiscuous mode [ 138.160470] device hsr_slave_1 entered promiscuous mode [ 138.205287] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 138.218202] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.224843] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 138.232357] team0: Port device team_slave_0 added [ 138.238465] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 138.245903] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.254226] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.261383] device bridge_slave_0 entered promiscuous mode [ 138.269957] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.277025] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.285123] device bridge_slave_1 entered promiscuous mode [ 138.292796] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 138.299919] team0: Port device team_slave_1 added [ 138.305837] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 138.333486] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 138.342552] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.349943] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 138.402948] device hsr_slave_0 entered promiscuous mode [ 138.440506] device hsr_slave_1 entered promiscuous mode [ 138.481354] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 138.489172] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 138.498524] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.506587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.515509] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 138.522065] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.540919] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 138.549157] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 138.569176] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 138.577341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 138.585743] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.592401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 138.601290] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 138.609955] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 138.624487] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 138.632743] team0: Port device team_slave_0 added [ 138.638262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 138.646557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 138.654965] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.661361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 138.668559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 138.678578] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 138.715940] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 138.723252] team0: Port device team_slave_1 added [ 138.728921] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 138.737487] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 138.744378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 138.758255] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 138.778290] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 138.789876] chnl_net:caif_netlink_parms(): no params data found [ 138.842512] device hsr_slave_0 entered promiscuous mode [ 138.880431] device hsr_slave_1 entered promiscuous mode [ 138.920415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 138.928503] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 138.936280] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 138.953411] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.964020] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 138.971601] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 138.983691] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.995557] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 139.004703] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 139.023849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 139.032790] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 139.042477] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 139.069640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 139.077958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 139.087226] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 139.097223] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 139.108101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 139.115358] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 139.131170] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 139.138708] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 139.146507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.153344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.162882] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 139.168913] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 139.177590] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 139.186264] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.195153] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 139.203825] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.211008] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.217904] device bridge_slave_0 entered promiscuous mode [ 139.237404] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 139.246156] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 139.254275] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.262381] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.269278] device bridge_slave_1 entered promiscuous mode [ 139.291040] 8021q: adding VLAN 0 to HW filter on device bond0 [ 139.297189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 139.305117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 139.312762] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.319101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 139.328270] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 139.338218] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 139.353331] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 139.361625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 139.372497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 139.380523] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.386994] bridge0: port 2(bridge_slave_1) entered forwarding state [ 139.394082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 139.403473] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 139.410224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.417157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.427900] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 139.438627] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 139.459314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 139.468981] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 139.478138] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 139.485178] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 139.492619] team0: Port device team_slave_0 added [ 139.498818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 139.506346] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 139.521271] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 139.527514] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.535144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.545488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.552704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 139.560441] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 139.568063] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 139.575965] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 139.583414] team0: Port device team_slave_1 added [ 139.588909] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 139.598679] 8021q: adding VLAN 0 to HW filter on device bond0 [ 139.608883] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 139.618428] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 139.627493] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 139.635853] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 139.644434] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 139.654358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.661897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.669036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 139.676917] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 139.684517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 139.692621] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 139.700226] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.706656] bridge0: port 1(bridge_slave_0) entered forwarding state [ 139.715688] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 139.722591] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.729991] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 139.737075] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.746097] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 139.764923] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 139.772521] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 139.779494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 139.787105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 139.794818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 139.803611] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 139.811438] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.817810] bridge0: port 2(bridge_slave_1) entered forwarding state [ 139.826815] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 139.836549] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready 04:38:42 executing program 0: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x9, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000e7b0dcc3daa5520d15393464e02ff4091800eb0c280a1d56bb729bd3378032a431db705eb5b2e2b965ac087ecd8645ab029395eb39974ae562cbe55909b8f1f99b9b939000c4bb63a84e2ab946b87fc14b688f5b4c456cb467e285de87dd3c9510a1aadeaf28fb5e710ecf7fdd4240aece1996b95aa33f7a702cf4314043558b94402b9ccfe9622f5aa1809e22cb6a6f516eb5ce41f2f2b733273edb89b06945b3ba545513b0f358d4553053807f609db7928b73b60c04bb9923de8272017f1dc2e6112fd9f7e967fc260299ba5ea9fb0d3fe1befc42f717451d1f630256c08b8afbfa1c09b9eac772977a2b01108d5db00f75c66b7b295e96eb336d63ddf4fd217d929bde6a13695ecfa3aa958341f029c2009e91d2d4279af3cd57059a15b68956aa5aaf53fb12132f110c77a9bb735dd2811ece8f39092950a7e12bfc47a78ccda231002246ec19b8a6376e0c1cff2aa8d30c8c7475bca6780028fcc73e0f46b3c4f3d59e2006f4bb84b5c46b7cc096a6570bb963196a"], &(0x7f0000000140)='syzkaller\x00', 0x1, 0x1ee, &(0x7f00000003c0)=""/251, 0x0, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1cf}, 0x48) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r1, r0, 0xd, 0x2}, 0xd) 04:38:42 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0) [ 139.883904] device hsr_slave_0 entered promiscuous mode [ 139.920559] device hsr_slave_1 entered promiscuous mode [ 139.960883] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 139.968049] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 139.975447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 139.985822] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 139.993894] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.000436] bridge0: port 1(bridge_slave_0) entered forwarding state [ 140.007863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 140.015397] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 140.023937] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 140.034507] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 140.043011] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 140.049065] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 140.057390] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 140.065388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 140.075062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 140.083028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 140.090666] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.097005] bridge0: port 1(bridge_slave_0) entered forwarding state [ 140.104220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 04:38:42 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) fsync(r0) [ 140.112270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 140.119785] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.126208] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.134441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.143852] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 140.152656] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 140.174642] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 140.199433] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 140.215296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 04:38:42 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x50000}]}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x0, 0x0) [ 140.230786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 140.238573] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.245013] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.252522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.262710] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 140.270809] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 140.297484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.305558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.326001] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 140.341936] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 140.367235] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 140.382900] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 140.389200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.410711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.418795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 140.427206] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 140.441437] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 140.450788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 140.459014] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 140.471445] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 140.492005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 140.501508] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 04:38:42 executing program 0: syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/dev\x00') [ 140.512738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 140.532424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 140.549168] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready 04:38:42 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000013, &(0x7f0000000000), 0x4) [ 140.562177] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 140.569899] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 140.577813] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 140.592278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 04:38:42 executing program 0: r0 = socket$inet6(0x10, 0x8000000000003, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000100)="5500000019007f5300fe01b2a4a280930a60ffff00a84302910000003900090008000c00060000f3180015e005000600000000dc1320d54400fba456ab91d400"/85, 0x55}], 0x1}, 0x0) [ 140.610824] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 140.618615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 140.626757] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 140.634795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 140.651680] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 140.659790] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 140.672917] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 140.682727] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 140.691957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 140.699890] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 140.710672] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 140.718158] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 140.730835] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 140.742475] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 140.751278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 140.759140] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 140.767037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 140.775087] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 140.797011] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 140.804490] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 140.841069] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 140.864276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 140.874334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 140.891991] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 140.900593] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 140.916183] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 140.922937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 140.931254] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 140.944534] 8021q: adding VLAN 0 to HW filter on device bond0 [ 140.952800] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 140.961830] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 140.974294] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 140.985578] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 140.997564] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 141.007261] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 141.014323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 141.023914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 141.038456] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 141.046024] 8021q: adding VLAN 0 to HW filter on device team0 [ 141.054617] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 141.071432] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 141.078594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 141.087300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 141.096604] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.103038] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.114222] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 141.125974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 141.134566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 141.144880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 141.166406] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.172844] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.181375] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 141.191664] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 141.202343] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 141.211099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 141.218987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 141.228087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 141.236915] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 141.245086] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 141.255286] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 141.267757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 141.276459] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 141.294311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready 04:38:43 executing program 1: 04:38:43 executing program 0: [ 141.316415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 141.324807] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 141.346460] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 141.354574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 04:38:43 executing program 2: [ 141.369646] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 141.387225] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 141.395875] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 141.442868] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 141.457272] 8021q: adding VLAN 0 to HW filter on device batadv0 04:38:44 executing program 3: 04:38:44 executing program 5: 04:38:44 executing program 4: 04:38:44 executing program 0: 04:38:44 executing program 1: 04:38:44 executing program 2: 04:38:44 executing program 3: 04:38:44 executing program 5: 04:38:44 executing program 0: 04:38:44 executing program 1: 04:38:44 executing program 2: 04:38:44 executing program 4: 04:38:45 executing program 0: 04:38:45 executing program 2: 04:38:45 executing program 1: 04:38:45 executing program 3: 04:38:45 executing program 4: 04:38:45 executing program 5: 04:38:45 executing program 2: 04:38:45 executing program 4: 04:38:45 executing program 1: 04:38:45 executing program 0: 04:38:45 executing program 3: 04:38:45 executing program 5: 04:38:45 executing program 2: 04:38:45 executing program 4: 04:38:45 executing program 3: 04:38:45 executing program 0: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='memory.stat\x00', 0x0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x9, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000e7b0dcc3daa5520d15393464e02ff4091800eb0c280a1d56bb729bd3378032a431db705eb5b2e2b965ac087ecd8645ab029395eb39974ae562cbe55909b8f1f99b9b939000c4bb63a84e2ab946b87fc14b688f5b4c456cb467e285de87dd3c9510a1aadeaf28fb5e710ecf7fdd4240aece1996b95aa33f7a702cf4314043558b94402b9ccfe9622f5aa1809e22cb6a6f516eb5ce41f2f2b733273edb89b06945b3ba545513b0f358d4553053807f609db7928b73b60c04bb9923de8272017f1dc2e6112fd9f7e967fc260299ba5ea9fb0d3fe1befc42f717451d1f630256c08b8afbfa1c09b9eac772977a2b01108d5db00f75c66b7b295e96eb336d63ddf4fd217d929bde6a13695ecfa3aa958341f029c2009e91d2d4279af3cd57059a15b68956aa5aaf53fb12132f110c77a9bb735dd2811ece8f39092950a7e12bfc47a78ccda231002246ec19b8a6376e0c1cff2aa8d30c8c7475bca6780028fcc73e0f46b3c4f3d59e2006f4bb84b5c46b7cc096a6570bb963196a"], &(0x7f0000000140)='syzkaller\x00', 0x1, 0x1ee, &(0x7f00000003c0)=""/251, 0x0, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1cf}, 0x48) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r1, r0, 0xd}, 0xd) bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000100)={r1, r0, 0x8000000000d}, 0xe) socket$kcm(0x11, 0x3, 0x0) 04:38:45 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000980)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') write$cgroup_subtree(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="ff038aa174036ed7e08f93dd8100"], 0xe) 04:38:45 executing program 2: 04:38:45 executing program 5: 04:38:45 executing program 4: 04:38:45 executing program 3: 04:38:45 executing program 2: [ 143.192653] hrtimer: interrupt took 38204 ns 04:38:45 executing program 5: 04:38:45 executing program 4: 04:38:45 executing program 3: [ 143.286295] device nr0 entered promiscuous mode 04:38:45 executing program 0: 04:38:45 executing program 2: 04:38:45 executing program 5: [ 143.499002] device nr0 entered promiscuous mode 04:38:45 executing program 1: 04:38:45 executing program 4: 04:38:45 executing program 3: 04:38:45 executing program 0: 04:38:45 executing program 2: 04:38:45 executing program 5: 04:38:45 executing program 0: 04:38:45 executing program 2: 04:38:45 executing program 3: 04:38:45 executing program 1: 04:38:45 executing program 5: 04:38:45 executing program 3: 04:38:45 executing program 4: 04:38:45 executing program 0: 04:38:45 executing program 2: 04:38:45 executing program 1: 04:38:45 executing program 5: 04:38:45 executing program 4: 04:38:45 executing program 3: 04:38:45 executing program 2: 04:38:46 executing program 0: 04:38:46 executing program 1: 04:38:46 executing program 5: 04:38:46 executing program 3: 04:38:46 executing program 4: 04:38:46 executing program 2: 04:38:46 executing program 1: 04:38:46 executing program 0: 04:38:46 executing program 5: 04:38:46 executing program 3: 04:38:46 executing program 1: 04:38:46 executing program 4: 04:38:46 executing program 0: 04:38:46 executing program 2: 04:38:46 executing program 3: 04:38:46 executing program 4: 04:38:46 executing program 5: 04:38:46 executing program 1: 04:38:46 executing program 0: 04:38:46 executing program 2: 04:38:46 executing program 3: 04:38:46 executing program 2: 04:38:46 executing program 4: 04:38:46 executing program 1: 04:38:46 executing program 5: 04:38:46 executing program 0: 04:38:46 executing program 3: 04:38:46 executing program 3: 04:38:46 executing program 1: 04:38:46 executing program 4: 04:38:46 executing program 2: 04:38:46 executing program 5: 04:38:46 executing program 0: 04:38:46 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0xea3b5d2, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000208, 0x0) 04:38:46 executing program 4: mkdir(&(0x7f0000000080)='./file0\x00', 0x52) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c00359477"]) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='tmpfs\x00', 0x0, 0x0) syslog(0x1, 0x0, 0x0) syz_open_procfs(0x0, 0x0) r0 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000cab000)) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) faccessat(r1, 0x0, 0x0, 0x300) socket(0x10, 0x2, 0x0) setresuid(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) socket(0x10, 0x2, 0x0) socket(0x0, 0x0, 0x0) fchown(0xffffffffffffffff, 0x0, 0x0) 04:38:46 executing program 0: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) recvmmsg(r0, &(0x7f0000005d40)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000180)=""/112, 0x70}], 0x1}}], 0x1, 0x0, 0x0) sendmmsg(r0, &(0x7f000060d000)=[{{0x0, 0x0, &(0x7f0000c38ff0)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1}}], 0x1, 0x0) open(0x0, 0x0, 0x0) 04:38:46 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket(0x100000000000011, 0x2, 0x81) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f000000cc80)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x87ffd) sendfile(r0, r2, 0x0, 0x800000000024) 04:38:46 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() r1 = gettid() kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, &(0x7f0000000040)) 04:38:46 executing program 3: 04:38:46 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x0, 0x8, 0x0, 0x8000000001}, 0x3c) socketpair(0x4, 0x8000f, 0x4, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000980)='/dev/net/tun\x00', 0x20000, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) write$cgroup_subtree(r1, &(0x7f0000000b80)=ANY=[@ANYBLOB='\x00pids \x00io /cpu -cp'], 0x12) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) write$cgroup_subtree(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="ff038aa174036ed7e08f93dd8100"], 0xe) 04:38:46 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0xea3b5d2, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000208, 0x0) [ 144.578911] audit: type=1400 audit(1568954326.755:39): avc: denied { syslog } for pid=7390 comm="syz-executor.4" capability=34 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 04:38:46 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r0, 0x18000000000002a0, 0x1f, 0x0, &(0x7f00000006c0)="b9ff0300000d698cb89e40f088a8d501000000de0500000077fb7f11c72be9", 0x0, 0x100}, 0x28) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 04:38:46 executing program 0: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) recvmmsg(r0, &(0x7f0000005d40)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000180)=""/112, 0x70}], 0x1}}], 0x1, 0x0, 0x0) sendmmsg(r0, &(0x7f000060d000)=[{{0x0, 0x0, &(0x7f0000c38ff0)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1}}], 0x1, 0x0) open(0x0, 0x0, 0x0) [ 144.706849] device nr0 entered promiscuous mode 04:38:46 executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = gettid() r2 = gettid() kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000040)) 04:38:46 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0xea3b5d2, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000208, 0x0) [ 144.728076] overlayfs: filesystem on './file0' not supported as upperdir 04:38:47 executing program 4: mkdir(&(0x7f0000000080)='./file0\x00', 0x52) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c00359477"]) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='tmpfs\x00', 0x0, 0x0) syslog(0x1, 0x0, 0x0) syz_open_procfs(0x0, 0x0) r0 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000cab000)) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) faccessat(r1, 0x0, 0x0, 0x300) socket(0x10, 0x2, 0x0) setresuid(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) socket(0x10, 0x2, 0x0) socket(0x0, 0x0, 0x0) fchown(0xffffffffffffffff, 0x0, 0x0) 04:38:47 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x2c, 0x12, @ip6erspan={{0x10, 0x1, 'ip6erspan\x00'}, {0x18, 0x2, [@IFLA_GRE_REMOTE={0x14, 0x7, @empty}]}}}]}, 0x4c}}, 0x0) 04:38:47 executing program 3: mkdir(&(0x7f0000000080)='./file0\x00', 0x52) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c00359477"]) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='tmpfs\x00', 0x0, 0x0) syslog(0x1, 0x0, 0x0) syz_open_procfs(0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000cab000)) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) faccessat(r0, 0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) fchown(0xffffffffffffffff, 0x0, 0x0) 04:38:47 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00\xd7\x88\x999\x04\xe4ua\x15l\xcc6\x12\xa4\xaa~\x8d\xca\xe4\x98\xe10xffffffffffffffff}) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 04:38:47 executing program 1: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9d11) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCDELDLCI(r1, 0x8981, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) link(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file1\x00') rename(&(0x7f0000000740)='./file0\x00', &(0x7f0000000780)='./file0\x00') [ 145.510408] protocol 88fb is buggy, dev hsr_slave_0 [ 145.515792] protocol 88fb is buggy, dev hsr_slave_1 [ 145.549068] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.558947] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.567423] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 145.577388] EXT4-fs (loop5): bad geometry: block count 1080 exceeds size of device (1 blocks) 04:38:47 executing program 3: r0 = semget$private(0x0, 0x20000000107, 0x0) semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x7fff}, {}], 0x19a, 0x0) semtimedop(r0, &(0x7f0000000080)=[{0x0, 0x2}], 0x1, 0x0) 04:38:47 executing program 5: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x7709, &(0x7f0000000380)='\x00') 04:38:47 executing program 0: syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r0 = memfd_create(0x0, 0x0) prctl$PR_GET_CHILD_SUBREAPER(0x25) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x111080, 0x0) ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, &(0x7f0000000280)={0x0, 0x6000, 0x8, 0x4, 0xe}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setxattr$trusted_overlay_nlink(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='trusted.overlay.nlink\x00', &(0x7f0000000240)={'U+', 0x1}, 0x28, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000028fc8)={0x0, 0x0, 0x0}, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) dup2(0xffffffffffffffff, r0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, 0x0) pipe(0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) 04:38:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, r2}) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0xfffffffffffffffe) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) [ 145.727890] audit: type=1400 audit(1568954327.905:43): avc: denied { map } for pid=7518 comm="syz-executor.5" path="/dev/ashmem" dev="devtmpfs" ino=14976 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 [ 145.830124] protocol 88fb is buggy, dev hsr_slave_0 [ 145.835302] protocol 88fb is buggy, dev hsr_slave_1 [ 146.002324] ================================================================== [ 146.009916] BUG: KASAN: use-after-free in tcp_ack+0x414f/0x4760 [ 146.015983] Read of size 4 at addr ffff888084799d6c by task ksoftirqd/1/17 [ 146.023106] [ 146.024739] CPU: 1 PID: 17 Comm: ksoftirqd/1 Not tainted 4.14.145 #0 [ 146.031334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 146.040821] Call Trace: [ 146.043404] dump_stack+0x138/0x197 [ 146.047031] ? tcp_ack+0x414f/0x4760 [ 146.050915] print_address_description.cold+0x7c/0x1dc [ 146.056207] ? tcp_ack+0x414f/0x4760 [ 146.059942] kasan_report.cold+0xa9/0x2af [ 146.064100] __asan_report_load4_noabort+0x14/0x20 [ 146.069037] tcp_ack+0x414f/0x4760 [ 146.073185] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 146.079069] ? tcp_fastretrans_alert+0x2620/0x2620 [ 146.084005] ? save_trace+0x290/0x290 [ 146.087819] tcp_rcv_established+0x3e9/0x1650 [ 146.092305] ? rt6_check_expired+0xa5/0x160 [ 146.096613] ? tcp_data_queue+0x3730/0x3730 [ 146.100921] ? ip6_dst_check+0x16a/0x2c0 [ 146.104972] tcp_v6_do_rcv+0x417/0x1190 [ 146.108936] tcp_v6_rcv+0x2446/0x2ed0 [ 146.112810] ? save_trace+0x290/0x290 [ 146.116608] ip6_input_finish+0x300/0x15a0 [ 146.120840] ip6_input+0xd5/0x340 [ 146.124304] ? ip6_input_finish+0x15a0/0x15a0 [ 146.128792] ? ipv6_rcv+0x16aa/0x1d20 [ 146.132584] ? ip6_rcv_finish+0x7a0/0x7a0 [ 146.136736] ip6_rcv_finish+0x23f/0x7a0 [ 146.140714] ipv6_rcv+0xe4d/0x1d20 [ 146.144251] ? put_prev_task_stop+0x348/0x400 [ 146.148733] ? ip6_input+0x340/0x340 [ 146.152433] ? __lock_is_held+0xb6/0x140 [ 146.156482] ? check_preemption_disabled+0x3c/0x250 [ 146.161514] ? ip6_make_skb+0x410/0x410 [ 146.165502] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 146.170950] ? ip6_input+0x340/0x340 [ 146.174663] __netif_receive_skb_core+0x1eae/0x2ca0 [ 146.179671] ? trace_hardirqs_on+0x10/0x10 [ 146.184066] ? enqueue_to_backlog+0xcc0/0xcc0 [ 146.188551] ? process_backlog+0x43e/0x730 [ 146.192789] ? find_held_lock+0x35/0x130 [ 146.196870] ? process_backlog+0x23a/0x730 [ 146.201102] ? lock_acquire+0x16f/0x430 [ 146.205063] __netif_receive_skb+0x2c/0x1b0 [ 146.209370] ? __netif_receive_skb+0x2c/0x1b0 [ 146.213870] process_backlog+0x21f/0x730 [ 146.217925] ? finish_task_switch+0x178/0x650 [ 146.222423] net_rx_action+0x490/0xf80 [ 146.226298] ? tasklet_action+0x510/0x510 [ 146.230450] ? napi_complete_done+0x4f0/0x4f0 [ 146.234934] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 146.240374] __do_softirq+0x244/0x9a0 [ 146.244178] ? pci_mmcfg_check_reserved+0x150/0x150 [ 146.249187] ? tasklet_action+0x510/0x510 [ 146.253324] run_ksoftirqd+0x8c/0x1b0 [ 146.257114] smpboot_thread_fn+0x5f4/0x960 [ 146.261422] ? __kthread_parkme+0x117/0x1c0 [ 146.265736] ? sort_range+0x30/0x30 [ 146.269369] kthread+0x319/0x430 [ 146.272734] ? sort_range+0x30/0x30 [ 146.276382] ? kthread_create_on_node+0xd0/0xd0 [ 146.281047] ret_from_fork+0x24/0x30 [ 146.284751] [ 146.286365] Allocated by task 7466: [ 146.289984] save_stack_trace+0x16/0x20 [ 146.293945] save_stack+0x45/0xd0 [ 146.297381] kasan_kmalloc+0xce/0xf0 [ 146.301081] kasan_slab_alloc+0xf/0x20 [ 146.304976] kmem_cache_alloc_node+0x144/0x780 [ 146.309546] __alloc_skb+0x9c/0x500 [ 146.313157] sk_stream_alloc_skb+0xb3/0x780 [ 146.317465] tcp_sendmsg_locked+0xf61/0x3200 [ 146.321856] tcp_sendmsg+0x30/0x50 [ 146.325395] inet_sendmsg+0x122/0x500 [ 146.329181] sock_sendmsg+0xce/0x110 [ 146.332896] SYSC_sendto+0x206/0x310 [ 146.336708] SyS_sendto+0x40/0x50 [ 146.340149] do_syscall_64+0x1e8/0x640 [ 146.344026] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 146.349198] [ 146.350813] Freed by task 7466: [ 146.354081] save_stack_trace+0x16/0x20 [ 146.358055] save_stack+0x45/0xd0 [ 146.361495] kasan_slab_free+0x75/0xc0 [ 146.365371] kmem_cache_free+0x83/0x2b0 [ 146.369334] kfree_skbmem+0x8d/0x120 [ 146.373033] __kfree_skb+0x1e/0x30 [ 146.376646] tcp_remove_empty_skb.part.0+0x231/0x2e0 [ 146.382428] tcp_sendmsg_locked+0x1ced/0x3200 [ 146.386921] tcp_sendmsg+0x30/0x50 [ 146.390449] inet_sendmsg+0x122/0x500 [ 146.394235] sock_sendmsg+0xce/0x110 [ 146.397931] SYSC_sendto+0x206/0x310 [ 146.401662] SyS_sendto+0x40/0x50 [ 146.405099] do_syscall_64+0x1e8/0x640 [ 146.409013] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 146.414208] [ 146.415825] The buggy address belongs to the object at ffff888084799d40 [ 146.415825] which belongs to the cache skbuff_fclone_cache of size 472 [ 146.429177] The buggy address is located 44 bytes inside of [ 146.429177] 472-byte region [ffff888084799d40, ffff888084799f18) [ 146.440949] The buggy address belongs to the page: [ 146.445868] page:ffffea000211e640 count:1 mapcount:0 mapping:ffff8880847990c0 index:0x0 [ 146.453995] flags: 0x1fffc0000000100(slab) [ 146.458219] raw: 01fffc0000000100 ffff8880847990c0 0000000000000000 0000000100000006 [ 146.466086] raw: ffffea0002a68760 ffffea00027546a0 ffff8880a9e81d80 0000000000000000 [ 146.473946] page dumped because: kasan: bad access detected [ 146.479639] [ 146.481248] Memory state around the buggy address: [ 146.486161] ffff888084799c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 146.493506] ffff888084799c80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 146.500851] >ffff888084799d00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 146.508211] ^ [ 146.515047] ffff888084799d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 146.522411] ffff888084799e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 146.529760] ================================================================== [ 146.537101] Disabling lock debugging due to kernel taint [ 146.542596] Kernel panic - not syncing: panic_on_warn set ... [ 146.542596] [ 146.549982] CPU: 1 PID: 17 Comm: ksoftirqd/1 Tainted: G B 4.14.145 #0 [ 146.557690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 146.567132] Call Trace: [ 146.569726] dump_stack+0x138/0x197 [ 146.573371] ? tcp_ack+0x414f/0x4760 [ 146.577082] panic+0x1f2/0x426 [ 146.580280] ? add_taint.cold+0x16/0x16 [ 146.584259] kasan_end_report+0x47/0x4f [ 146.588233] kasan_report.cold+0x130/0x2af [ 146.592466] __asan_report_load4_noabort+0x14/0x20 [ 146.597386] tcp_ack+0x414f/0x4760 [ 146.600911] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 146.606779] ? tcp_fastretrans_alert+0x2620/0x2620 [ 146.611702] ? save_trace+0x290/0x290 [ 146.615507] tcp_rcv_established+0x3e9/0x1650 [ 146.620006] ? rt6_check_expired+0xa5/0x160 [ 146.624318] ? tcp_data_queue+0x3730/0x3730 [ 146.628628] ? ip6_dst_check+0x16a/0x2c0 [ 146.632699] tcp_v6_do_rcv+0x417/0x1190 [ 146.636657] tcp_v6_rcv+0x2446/0x2ed0 [ 146.640446] ? save_trace+0x290/0x290 [ 146.645115] ip6_input_finish+0x300/0x15a0 [ 146.649338] ip6_input+0xd5/0x340 [ 146.652773] ? ip6_input_finish+0x15a0/0x15a0 [ 146.657251] ? ipv6_rcv+0x16aa/0x1d20 [ 146.661033] ? ip6_rcv_finish+0x7a0/0x7a0 [ 146.665163] ip6_rcv_finish+0x23f/0x7a0 [ 146.669123] ipv6_rcv+0xe4d/0x1d20 [ 146.672656] ? put_prev_task_stop+0x348/0x400 [ 146.677137] ? ip6_input+0x340/0x340 [ 146.680844] ? __lock_is_held+0xb6/0x140 [ 146.684892] ? check_preemption_disabled+0x3c/0x250 [ 146.689892] ? ip6_make_skb+0x410/0x410 [ 146.693848] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 146.699282] ? ip6_input+0x340/0x340 [ 146.702982] __netif_receive_skb_core+0x1eae/0x2ca0 [ 146.707984] ? trace_hardirqs_on+0x10/0x10 [ 146.712205] ? enqueue_to_backlog+0xcc0/0xcc0 [ 146.716688] ? process_backlog+0x43e/0x730 [ 146.720907] ? find_held_lock+0x35/0x130 [ 146.724953] ? process_backlog+0x23a/0x730 [ 146.729173] ? lock_acquire+0x16f/0x430 [ 146.733132] __netif_receive_skb+0x2c/0x1b0 [ 146.737440] ? __netif_receive_skb+0x2c/0x1b0 [ 146.741925] process_backlog+0x21f/0x730 [ 146.745973] ? finish_task_switch+0x178/0x650 [ 146.750451] net_rx_action+0x490/0xf80 [ 146.755279] ? tasklet_action+0x510/0x510 [ 146.759432] ? napi_complete_done+0x4f0/0x4f0 [ 146.763917] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 146.769355] __do_softirq+0x244/0x9a0 [ 146.773143] ? pci_mmcfg_check_reserved+0x150/0x150 [ 146.778147] ? tasklet_action+0x510/0x510 [ 146.782365] run_ksoftirqd+0x8c/0x1b0 [ 146.786147] smpboot_thread_fn+0x5f4/0x960 [ 146.790361] ? __kthread_parkme+0x117/0x1c0 [ 146.794665] ? sort_range+0x30/0x30 [ 146.798276] kthread+0x319/0x430 [ 146.801622] ? sort_range+0x30/0x30 [ 146.805229] ? kthread_create_on_node+0xd0/0xd0 [ 146.809896] ret_from_fork+0x24/0x30 [ 146.815202] Kernel Offset: disabled [ 146.818908] Rebooting in 86400 seconds..