[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.28' (ECDSA) to the list of known hosts. 2020/05/13 09:09:08 fuzzer started 2020/05/13 09:09:08 dialing manager at 10.128.0.26:35971 2020/05/13 09:09:08 syscalls: 3035 2020/05/13 09:09:08 code coverage: enabled 2020/05/13 09:09:08 comparison tracing: enabled 2020/05/13 09:09:08 extra coverage: enabled 2020/05/13 09:09:08 setuid sandbox: enabled 2020/05/13 09:09:08 namespace sandbox: enabled 2020/05/13 09:09:08 Android sandbox: /sys/fs/selinux/policy does not exist 2020/05/13 09:09:08 fault injection: enabled 2020/05/13 09:09:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/05/13 09:09:08 net packet injection: enabled 2020/05/13 09:09:08 net device setup: enabled 2020/05/13 09:09:08 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/05/13 09:09:08 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/05/13 09:09:08 USB emulation: /dev/raw-gadget does not exist 09:11:06 executing program 0: r0 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_control\x00', 0x2, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040)) r1 = socket$pppl2tp(0x18, 0x1, 0x1) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000080)={{{@in, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6}}, &(0x7f0000000180)=0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0, 0x0}, &(0x7f0000000200)=0xc) setsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0xffffffffffffffff, r3, r4}, 0xc) r5 = socket(0x21, 0x800, 0x80000001) setsockopt$bt_hci_HCI_FILTER(r5, 0x0, 0x2, &(0x7f0000000280)={0x81, [0xfc000000, 0x9], 0x3}, 0x10) ioctl$USBDEVFS_RESET(0xffffffffffffffff, 0x5514) fsetxattr$security_evm(r0, &(0x7f00000002c0)='security.evm\x00', &(0x7f0000000300)=@v1={0x2, "6f1a36e6e213"}, 0x7, 0x1) ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000340)={0x7fffffff, 0x5, 0x4, 0x40, 0x1, {0x0, 0x2710}, {0x4, 0x4, 0xc7, 0x2, 0xc1, 0x1, '\n}wp'}, 0x0, 0x1, @userptr=0x4, 0x3, 0x0, 0xffffffffffffffff}) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000400)='l2tp\x00') r8 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000440)='/dev/ocfs2_control\x00', 0x509200, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(r6, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x64, r7, 0x800, 0x70bd27, 0x25dfdbfd, {}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x4}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r8}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @dev={0xfe, 0x80, [], 0x18}}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e21}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x20}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0xfe}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x40408d0) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000580), &(0x7f00000005c0)=0x4) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r5, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x1c, r9, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4800) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000740)={0xffffffffffffffff}) sendmsg$TIPC_NL_MON_SET(r10, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x44, 0x0, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x20}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xa4}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x634c0197}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x810) ioctl$SIOCGETNODEID(0xffffffffffffffff, 0x89e1, &(0x7f0000000900)={0x3}) syzkaller login: [ 162.897011][ T7020] IPVS: ftp: loaded support on port[0] = 21 09:11:07 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x0, 0x0) write$P9_RVERSION(r0, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x8, 0x8, '9P2000.u'}, 0x15) write$P9_RWSTAT(r0, &(0x7f0000000080)={0x7, 0x7f, 0x1}, 0x7) r1 = syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0x2, 0x88c800) read$usbmon(r1, 0xfffffffffffffffd, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f0000000100)='io.stat\x00', 0x0, 0x0) write$P9_RVERSION(r2, &(0x7f0000000140)={0x15, 0x65, 0xffff, 0x20, 0x8, '9P2000.u'}, 0x15) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000180)={0x0}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000200)=@assoc_value={r3, 0x100}, 0x8) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ttyprintk\x00', 0x40, 0x0) ioctl$TCSBRK(r4, 0x5409, 0xd26) r5 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vcsu\x00', 0x288001, 0x0) ioctl$VIDIOC_S_CROP(r5, 0x4014563c, &(0x7f00000002c0)={0x9, {0x401, 0x10001, 0xffffff2f, 0x40}}) r6 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dlm-control\x00', 0x800, 0x0) epoll_wait(r6, &(0x7f0000000340)=[{}, {}, {}], 0x3, 0x7) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000380)={0xfff, 0xb, 0x4, 0x0, 0x9d, {0x77359400}, {0x2, 0x2, 0x9, 0x0, 0x1, 0x81, "ab49b915"}, 0x5, 0x3, @offset=0x2, 0xc1, 0x0, 0xffffffffffffffff}) ioctl$EVIOCGVERSION(r7, 0x80044501, &(0x7f0000000400)=""/70) getsockopt$inet6_int(r7, 0x29, 0x3a, &(0x7f0000000480), &(0x7f00000004c0)=0x4) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, &(0x7f0000000580)) [ 163.033710][ T7020] chnl_net:caif_netlink_parms(): no params data found [ 163.112285][ T7020] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.134873][ T7020] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.142933][ T7020] device bridge_slave_0 entered promiscuous mode [ 163.168759][ T7020] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.185831][ T7020] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.206212][ T7020] device bridge_slave_1 entered promiscuous mode [ 163.238995][ T7020] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.252407][ T7020] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 163.287111][ T7020] team0: Port device team_slave_0 added [ 163.288493][ T7150] IPVS: ftp: loaded support on port[0] = 21 [ 163.296230][ T7020] team0: Port device team_slave_1 added [ 163.339890][ T7020] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 163.364821][ T7020] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.395995][ T7020] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 163.422527][ T7020] batman_adv: batadv0: Adding interface: batadv_slave_1 09:11:07 executing program 2: r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x8, 0x101000) ioctl$KVM_S390_INTERRUPT_CPU(r0, 0x4010ae94, &(0x7f0000000040)={0x3f, 0x40, 0x1}) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/mice\x00', 0x2002) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000140)={0x6000, &(0x7f00000000c0), 0x0, r2, 0x9}) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f00000001c0)=@raw={'raw\x00', 0x9, 0x3, 0x2b8, 0xd8, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x220, 0xffffffff, 0xffffffff, 0x220, 0xffffffff, 0x3, &(0x7f0000000180), {[{{@ip={@remote, @remote, 0xffffffff, 0xff, 'sit0\x00', 'ip6tnl0\x00', {}, {0xff}, 0x0, 0x6, 0x23}, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x1, 0x6, 0x6, 'syz0\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@ttl={{0x28, 'ttl\x00'}, {0x1, 0x3}}, @common=@osf={{0x50, 'osf\x00'}, {'syz1\x00', 0x0, 0x5, 0x1}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @random="c249dec93257", 0x3, 0x2, [0x2, 0x19, 0x27, 0x36, 0x33, 0x24, 0x39, 0x3, 0x3b, 0x21, 0x33, 0x15, 0x26, 0x2f, 0x26, 0x1b], 0x2, 0x7, 0x8}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x318) ioctl$SNDRV_PCM_IOCTL_PREPARE(r1, 0x4140, 0x0) r4 = epoll_create1(0x80000) fsetxattr(r4, &(0x7f0000000500)=@random={'user.', '.-\':\x00'}, &(0x7f0000000540)='CLUSTERIP\x00', 0xa, 0x1) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x30, 0xff, 0x0, 0x1, 0x17, 0x4, "f1bcdc0d452a4e8326c86d8c89a3a25b001105dbf21ffe6cbf3d858c83ce7c3a0512e1eb3564db38fc479d013a029700fa45a41753d7ff0c8e6970e1929606fb", "62c3af21788a7ae5faddfc0f61f20e452d982650be5f0886b4b59fcf9e19dcc7425d236f48e7a3736f7fda8275223ba43cf003a4156cbe5fe35d6798285abba0", "2057f7fe5ba6bb36ff6adc90c24a7cf24fdf605cd1fc4b1b91edc39370de6db1", [0x1, 0x76]}) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000680)='/dev/btrfs-control\x00', 0x9c0, 0x0) bind$l2tp6(r5, &(0x7f00000006c0)={0xa, 0x0, 0x6, @local, 0x3, 0x3}, 0x20) r6 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000700)={0x0, @in={{0x2, 0x4e22, @multicast2}}, 0xffff, 0x7, 0x0, 0x8, 0x24, 0x80000000, 0x7f}, 0x9c) r7 = openat$smackfs_cipso(0xffffffffffffff9c, &(0x7f00000007c0)='/sys/fs/smackfs/cipso2\x00', 0x2, 0x0) write$binfmt_misc(r7, &(0x7f0000000800)={'syz0', 'H'}, 0x5) r8 = syz_open_dev$vcsu(&(0x7f0000000840)='/dev/vcsu#\x00', 0x1, 0x101) ioctl$RNDADDTOENTCNT(r8, 0x40045201, &(0x7f0000000880)=0xff) fsetxattr(0xffffffffffffffff, &(0x7f00000008c0)=@known='com.apple.system.Security\x00', &(0x7f0000000900)='#cgroup^!.cpusetwlan1\x00', 0x16, 0x1) [ 163.430144][ T7020] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.458265][ T7020] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 163.578574][ T7020] device hsr_slave_0 entered promiscuous mode [ 163.645452][ T7020] device hsr_slave_1 entered promiscuous mode 09:11:07 executing program 3: prctl$PR_GET_SECCOMP(0x15) r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000040)={0x0, 0x0}) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f00000000c0)={[], 0x7f, 0x401, 0x1, 0x5, 0x400, r1}) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000180)) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x13, &(0x7f0000000200)=0x7, 0x4) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00') sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, r3, 0x824, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x2}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x2}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x40d0}, 0xc0480c0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f0000000380)=[@in={0x2, 0x4e21, @local}, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in6={0xa, 0x4e23, 0x956a, @remote, 0xfffffffb}, @in6={0xa, 0x4e23, 0x800, @empty, 0x5}], 0x68) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000000400)={0x2a, 0x6, 0x0, {0x2, 0x5, 0x1, 0x0, '\''}}, 0x2a) r4 = syz_open_dev$media(&(0x7f0000000440)='/dev/media#\x00', 0xee0c, 0x3433c1) ioctl$VIDIOC_ENUMOUTPUT(r4, 0xc0485630, &(0x7f0000000480)={0x5, "87cb84b3d12b5a5e271338a50dcb19960e39767269c200525cddb244741d6130", 0x3, 0x800, 0x6, 0x20, 0x8}) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/net/pfkey\x00', 0x400, 0x0) ioctl$SG_SET_RESERVED_SIZE(r5, 0x2275, &(0x7f0000000540)=0x1) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000580)={0x1, 0x0, [{0xb, 0x9, 0xfffff000, 0x8, 0x6}]}) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/vga_arbiter\x00', 0x200000, 0x0) getsockopt$inet6_opts(r6, 0x29, 0x37, &(0x7f0000000600)=""/169, &(0x7f00000006c0)=0xa9) bind$inet6(r2, &(0x7f0000000700)={0xa, 0x4e24, 0x6, @mcast1, 0x5}, 0x1c) ioctl$PPPIOCATTACH(r4, 0x4004743d, &(0x7f0000000740)=0x1) [ 163.717406][ T7208] IPVS: ftp: loaded support on port[0] = 21 [ 163.839336][ T7150] chnl_net:caif_netlink_parms(): no params data found [ 164.021572][ T7339] IPVS: ftp: loaded support on port[0] = 21 [ 164.067224][ T7150] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.074307][ T7150] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.105829][ T7150] device bridge_slave_0 entered promiscuous mode [ 164.161872][ T7150] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.176560][ T7150] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.184409][ T7150] device bridge_slave_1 entered promiscuous mode 09:11:08 executing program 4: syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x3, 0x1200) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = semget$private(0x0, 0x3, 0x2a3) semctl$GETVAL(r0, 0x2, 0xc, &(0x7f0000000040)=""/81) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET_DYING(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10424890}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x6, 0x1, 0x3, 0x0, 0x0, {0x3}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8091}, 0x20008051) ioctl$RNDZAPENTCNT(r1, 0x5204, &(0x7f0000000200)=0xfffffffb) r2 = gettid() sendmsg$AUDIT_SET(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x34, 0x3e9, 0x100, 0x70bd28, 0x25dfdbfd, {0x40, 0x0, 0x0, r2, 0x1, 0x400, 0x77, 0x0, 0x1ff}, [""]}, 0x34}, 0x1, 0x0, 0x0, 0x40085}, 0x24008004) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/qat_adf_ctl\x00', 0x424000, 0x0) syz_open_dev$loop(&(0x7f0000000380)='/dev/loop#\x00', 0x3a0189d4, 0x105800) setxattr$security_smack_transmute(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000440)='TRUE', 0x4, 0x2) r4 = dup2(r3, 0xffffffffffffffff) setsockopt$EBT_SO_SET_COUNTERS(r4, 0x0, 0x81, &(0x7f00000004c0)={'nat\x00', 0x0, 0x0, 0x0, [], 0x6, &(0x7f0000000480)=[{}], 0x0, [{}, {}, {}, {}, {}, {}]}, 0xd8) accept$inet(r4, &(0x7f00000005c0)={0x2, 0x0, @private}, &(0x7f0000000600)=0x10) ioctl$VIDIOC_QUERYBUF(r4, 0xc0585609, &(0x7f0000000f80)={0x6, 0x7, 0x4, 0x0, 0x30, {0x0, 0xea60}, {0x1, 0xc, 0x2, 0xf3, 0x81, 0x20, "528274a1"}, 0x7, 0x1, @planes=&(0x7f0000000f40)={0x8b29, 0x1ff, @userptr=0x7fffffff, 0x2}, 0xe14, 0x0, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_STOPDAEMON(r5, 0x0, 0x48c, &(0x7f0000001000)={0x1, 'ip6gretap0\x00', 0x4}, 0x18) r6 = io_uring_setup(0x82f, &(0x7f0000001040)={0x0, 0x0, 0x10, 0x1, 0x9c}) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f00000010c0)=0x3) setsockopt$inet_icmp_ICMP_FILTER(r5, 0x1, 0x1, &(0x7f0000001100)={0xdc1}, 0x4) [ 164.282674][ T7208] chnl_net:caif_netlink_parms(): no params data found [ 164.308148][ T7150] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 164.337639][ T7020] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 164.376460][ T7150] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 164.396775][ T7020] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 164.473426][ T7020] netdevsim netdevsim0 netdevsim2: renamed from eth2 09:11:08 executing program 5: ioctl$SIOCGIFHWADDR(0xffffffffffffffff, 0x8927, &(0x7f0000000000)) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x80200, 0x0) recvmsg$can_raw(r0, &(0x7f0000002680)={&(0x7f0000000080)=@in={0x2, 0x0, @local}, 0x80, &(0x7f0000002580)=[{&(0x7f0000000100)=""/174, 0xae}, {&(0x7f00000001c0)=""/41, 0x29}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/4096, 0x1000}, {&(0x7f0000002200)=""/148, 0x94}, {&(0x7f00000022c0)=""/154, 0x9a}, {&(0x7f0000002380)=""/113, 0x71}, {&(0x7f0000002400)=""/187, 0xbb}, {&(0x7f00000024c0)=""/156, 0x9c}], 0x9, &(0x7f0000002640)=""/14, 0xe}, 0x2040) pipe2(&(0x7f00000026c0)={0xffffffffffffffff}, 0x800) setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000002700), 0x4) clock_getres(0x4, &(0x7f0000002740)) r2 = dup(0xffffffffffffffff) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000002ac0)) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000002b80)={0x0, 0x1, 0x3f, 0xffffffffffffffff, 0x0, &(0x7f0000002b40)={0x990af4, 0x9ea0, [], @p_u32=&(0x7f0000002b00)=0x5}}) write$smackfs_logging(r3, &(0x7f0000002bc0)=0x3, 0x14) sendmsg$AUDIT_USER_TTY(r1, &(0x7f0000002cc0)={&(0x7f0000002c00)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000002c80)={&(0x7f0000002c40)={0x1c, 0x464, 0x0, 0x70bd25, 0x25dfdbfc, "bdbf48a79cff61e0c7", ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x44}, 0x4) r4 = syz_open_dev$vcsu(&(0x7f0000002d00)='/dev/vcsu#\x00', 0x0, 0x100080) ioctl$VIDIOC_SUBDEV_G_EDID(r4, 0xc0285628, &(0x7f0000002d80)={0x0, 0xfffffc00, 0x0, [], &(0x7f0000002d40)=0xf0}) r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r5, 0x84, 0x21, &(0x7f0000002dc0), &(0x7f0000002e00)=0x4) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000002e40)={r4}) r7 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000002ec0)='NLBL_CALIPSO\x00') sendmsg$NLBL_CALIPSO_C_ADD(r6, &(0x7f0000002f80)={&(0x7f0000002e80)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000002f40)={&(0x7f0000002f00)={0x1c, r7, 0x18, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8801}, 0x8090) openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000002fc0)='/sys/fs/smackfs/direct\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000003040)='memory.stat\x00', 0x0, 0x0) [ 164.567265][ T7020] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 164.619265][ T7150] team0: Port device team_slave_0 added [ 164.651564][ T7150] team0: Port device team_slave_1 added [ 164.726281][ T7510] IPVS: ftp: loaded support on port[0] = 21 [ 164.751678][ T7150] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 164.764947][ T7150] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.794879][ T7150] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 164.825474][ T7208] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.832531][ T7208] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.842710][ T7208] device bridge_slave_0 entered promiscuous mode [ 164.853371][ T7208] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.861609][ T7208] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.869631][ T7208] device bridge_slave_1 entered promiscuous mode [ 164.878165][ T7150] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 164.885290][ T7150] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.911427][ T7150] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 164.961063][ T7339] chnl_net:caif_netlink_parms(): no params data found [ 165.038264][ T7150] device hsr_slave_0 entered promiscuous mode [ 165.095169][ T7150] device hsr_slave_1 entered promiscuous mode [ 165.134862][ T7150] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 165.142512][ T7150] Cannot create hsr debugfs directory [ 165.155845][ T7208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.181819][ T7580] IPVS: ftp: loaded support on port[0] = 21 [ 165.227702][ T7208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.271226][ T7208] team0: Port device team_slave_0 added [ 165.283258][ T7208] team0: Port device team_slave_1 added [ 165.332418][ T7208] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 165.340294][ T7208] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.367311][ T7208] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 165.382175][ T7208] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 165.391057][ T7208] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.417861][ T7208] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 165.498697][ T7208] device hsr_slave_0 entered promiscuous mode [ 165.545526][ T7208] device hsr_slave_1 entered promiscuous mode [ 165.604911][ T7208] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 165.612445][ T7208] Cannot create hsr debugfs directory [ 165.713531][ T7339] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.722101][ T7339] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.734565][ T7339] device bridge_slave_0 entered promiscuous mode [ 165.744013][ T7339] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.751572][ T7339] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.759523][ T7339] device bridge_slave_1 entered promiscuous mode [ 165.818861][ T7339] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.877132][ T7339] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.902629][ T7150] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 165.971976][ T7150] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 166.020174][ T7150] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 166.080994][ T7150] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 166.137353][ T7510] chnl_net:caif_netlink_parms(): no params data found [ 166.149994][ T7339] team0: Port device team_slave_0 added [ 166.170376][ T7339] team0: Port device team_slave_1 added [ 166.288592][ T7020] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.296020][ T7339] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 166.302964][ T7339] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 166.329766][ T7339] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 166.348390][ T7339] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 166.355387][ T7339] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 166.382277][ T7339] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 166.429227][ T7510] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.436788][ T7510] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.444384][ T7510] device bridge_slave_0 entered promiscuous mode [ 166.465680][ T7580] chnl_net:caif_netlink_parms(): no params data found [ 166.538444][ T7339] device hsr_slave_0 entered promiscuous mode [ 166.605289][ T7339] device hsr_slave_1 entered promiscuous mode [ 166.644951][ T7339] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 166.652509][ T7339] Cannot create hsr debugfs directory [ 166.659306][ T7510] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.666847][ T7510] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.674487][ T7510] device bridge_slave_1 entered promiscuous mode [ 166.712914][ T7510] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 166.723447][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 166.733238][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 166.766098][ T7510] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 166.793952][ T7510] team0: Port device team_slave_0 added [ 166.808751][ T7208] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 166.859183][ T7020] 8021q: adding VLAN 0 to HW filter on device team0 [ 166.867961][ T7510] team0: Port device team_slave_1 added [ 166.894343][ T7208] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 166.944366][ T7208] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 167.010021][ T7510] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 167.017155][ T7510] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.043677][ T7510] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 167.067224][ T7208] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 167.128678][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 167.137163][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 167.145997][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.153161][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.161864][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 167.170694][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.179179][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.186312][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.194707][ T7510] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 167.202320][ T7510] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.229682][ T7510] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 167.281195][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 167.289363][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 167.326707][ T7580] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.333788][ T7580] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.343561][ T7580] device bridge_slave_0 entered promiscuous mode [ 167.352485][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 167.361651][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 167.370525][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.383994][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 167.405219][ T7580] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.412284][ T7580] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.422659][ T7580] device bridge_slave_1 entered promiscuous mode [ 167.446458][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 167.459167][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.467620][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 167.479573][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 167.488064][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 167.496817][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 167.548782][ T7510] device hsr_slave_0 entered promiscuous mode [ 167.615295][ T7510] device hsr_slave_1 entered promiscuous mode [ 167.656296][ T7510] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.663865][ T7510] Cannot create hsr debugfs directory [ 167.695609][ T7020] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 167.711932][ T7580] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.751678][ T7580] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.815645][ T7580] team0: Port device team_slave_0 added [ 167.853657][ T7580] team0: Port device team_slave_1 added [ 167.897536][ T7150] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.908412][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 167.916616][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 167.930463][ T7339] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 167.974160][ T7339] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 168.027700][ T7339] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 168.078068][ T7580] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.087519][ T7580] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.113793][ T7580] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.134482][ T7580] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.141681][ T7580] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.169450][ T7580] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.185316][ T7339] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 168.230203][ T7020] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.303562][ T7150] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.315483][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 168.323214][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 168.398938][ T7580] device hsr_slave_0 entered promiscuous mode [ 168.485090][ T7580] device hsr_slave_1 entered promiscuous mode [ 168.535155][ T7580] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 168.542701][ T7580] Cannot create hsr debugfs directory [ 168.579409][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 168.590317][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 168.600212][ T2699] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.607372][ T2699] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.615683][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 168.624145][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 168.633493][ T2699] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.640595][ T2699] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.648790][ T2715] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.671241][ T7510] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 168.747125][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 168.757067][ T7510] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 168.787866][ T7510] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 168.843801][ T7208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.864481][ T2715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 168.887224][ T7510] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 168.940959][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 168.950375][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 168.959280][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 168.968015][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 168.976870][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 168.984461][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 168.996257][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 169.004060][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 169.015098][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 169.033954][ T7208] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.078418][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 169.091148][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 169.115051][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 169.123475][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 169.135659][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 169.144039][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 169.156023][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.163045][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.179083][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 169.200771][ T7150] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 169.221207][ T7020] device veth0_vlan entered promiscuous mode [ 169.239453][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 169.252001][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 169.261591][ T8032] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.268740][ T8032] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.276445][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 169.284717][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 169.294772][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 169.302802][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 169.337519][ T2715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 169.382854][ T7020] device veth1_vlan entered promiscuous mode [ 169.395386][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 169.402851][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 169.410666][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 169.425538][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 169.434285][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 169.449547][ T7339] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.466916][ T7150] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.496106][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 169.503822][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 169.513694][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 169.522633][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 169.532297][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 169.541101][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 169.549749][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 169.594452][ T7208] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 169.611986][ T7208] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 169.633158][ T7510] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.647770][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 169.656245][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 169.676239][ T7580] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 169.737775][ T7020] device veth0_macvtap entered promiscuous mode [ 169.753310][ T7339] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.775914][ T7580] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 169.821756][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 169.830207][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 169.838744][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 169.846987][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 169.856650][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 169.884591][ T7580] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 169.909469][ T7020] device veth1_macvtap entered promiscuous mode [ 169.917212][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 169.925537][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 169.934093][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 169.942730][ T8032] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.949858][ T8032] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.958004][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 169.965740][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 169.973110][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 169.981158][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 169.990021][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 170.009228][ T7580] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 170.066167][ T2715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 170.074718][ T2715] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.084148][ T2715] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.091311][ T2715] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.101061][ T2715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 170.114060][ T7208] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.129562][ T7510] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.144761][ T7150] device veth0_vlan entered promiscuous mode [ 170.154601][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 170.168902][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 170.182578][ T7020] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 170.200126][ T2715] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 170.208077][ T2715] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 170.216214][ T2715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 170.224709][ T2715] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 170.234346][ T2715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 170.246953][ T7020] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 170.271969][ T7150] device veth1_vlan entered promiscuous mode [ 170.279524][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 170.288823][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 170.297514][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 170.307380][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.316126][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.324474][ T2732] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.331644][ T2732] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.339420][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 170.348825][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.357293][ T2732] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.364363][ T2732] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.372205][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 170.381006][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 170.389987][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 170.398042][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 170.422073][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 170.432279][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 170.484768][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 170.493827][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 170.506694][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 170.518963][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 170.528754][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 170.540082][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 170.549636][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 170.558608][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 170.616841][ T7339] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 170.671859][ T7208] device veth0_vlan entered promiscuous mode [ 170.693921][ T7510] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 170.704443][ T7510] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 170.716882][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 170.726374][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 170.734623][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 170.743597][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 170.751979][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 170.760700][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 170.769209][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 170.777982][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 170.786734][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 170.795267][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 170.810427][ T7150] device veth0_macvtap entered promiscuous mode [ 170.872942][ T7208] device veth1_vlan entered promiscuous mode [ 170.881081][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 170.894030][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 170.905725][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 170.913605][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 170.923280][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 170.937125][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 170.947706][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 170.959658][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready 09:11:14 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x0, 0x0) [ 171.006847][ T7150] device veth1_macvtap entered promiscuous mode 09:11:15 executing program 0: [ 171.075643][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 171.095421][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 171.103378][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready 09:11:15 executing program 0: [ 171.125765][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 171.134249][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 171.165113][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 09:11:15 executing program 0: [ 171.192212][ T7150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 171.221363][ T7150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 09:11:15 executing program 0: [ 171.234868][ T7150] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.252909][ T7208] device veth0_macvtap entered promiscuous mode [ 171.279244][ T7339] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 171.299651][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 171.312287][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 171.323015][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 171.334356][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready 09:11:15 executing program 0: [ 171.351844][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 171.373176][ T7510] 8021q: adding VLAN 0 to HW filter on device batadv0 09:11:15 executing program 0: [ 171.396057][ T7150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 171.432773][ T7150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.456450][ T7150] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 171.469016][ T7208] device veth1_macvtap entered promiscuous mode [ 171.502811][ T7580] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.515987][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 171.523901][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 171.549031][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 171.647862][ T7208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 171.661469][ T7208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.672507][ T7208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 171.683137][ T7208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.694418][ T7208] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.703012][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.711059][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.719007][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 171.727949][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 171.740010][ T7580] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.820309][ T7208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 171.836669][ T7208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.848077][ T7208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 171.860622][ T7208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 09:11:15 executing program 1: [ 171.887232][ T7208] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 171.941307][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 171.950524][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 171.961979][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 171.971170][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 171.981301][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.990713][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.000232][ T8032] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.007360][ T8032] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.016839][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.025559][ T8032] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.033904][ T8032] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.041087][ T8032] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.111866][ T7339] device veth0_vlan entered promiscuous mode [ 172.122003][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 172.130598][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 172.140183][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 172.149397][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.158828][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.167717][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 172.176479][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 172.185263][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 172.193318][ T8096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 172.286195][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.294187][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 172.309128][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 172.318040][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.329653][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.338896][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.350187][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.424640][ T7339] device veth1_vlan entered promiscuous mode [ 172.460016][ T8311] ================================================================== [ 172.468182][ T8311] BUG: KASAN: slab-out-of-bounds in vsscanf+0x2666/0x2ef0 [ 172.475308][ T8311] Read of size 1 at addr ffff8880919c3286 by task syz-executor.2/8311 [ 172.483578][ T8311] [ 172.485916][ T8311] CPU: 0 PID: 8311 Comm: syz-executor.2 Not tainted 5.7.0-rc5-syzkaller #0 [ 172.494494][ T8311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 172.504538][ T8311] Call Trace: [ 172.507818][ T8311] dump_stack+0x1e9/0x30e [ 172.512155][ T8311] print_address_description+0x74/0x5c0 [ 172.517719][ T8311] ? printk+0x62/0x83 [ 172.521708][ T8311] ? vprintk_emit+0x339/0x3c0 [ 172.526396][ T8311] __kasan_report+0x103/0x1a0 [ 172.531076][ T8311] ? vsscanf+0x2666/0x2ef0 [ 172.535473][ T8311] ? vsscanf+0x2666/0x2ef0 [ 172.539870][ T8311] kasan_report+0x4d/0x80 [ 172.544178][ T8311] ? vsscanf+0x2666/0x2ef0 [ 172.548573][ T8311] ? vsscanf+0x5bf/0x2ef0 [ 172.552881][ T8311] ? sscanf+0x6c/0x90 [ 172.556874][ T8311] ? smk_set_cipso+0x1ac/0x6a0 [ 172.561620][ T8311] ? smk_write_access2+0x1c0/0x1c0 [ 172.566719][ T8311] ? __vfs_write+0xa7/0x710 [ 172.571199][ T8311] ? check_preemption_disabled+0x40/0x240 [ 172.576915][ T8311] ? __this_cpu_preempt_check+0x9/0x20 [ 172.582346][ T8311] ? vfs_write+0x274/0x580 [ 172.586754][ T8311] ? ksys_write+0x11b/0x220 [ 172.591237][ T8311] ? do_syscall_64+0xf3/0x1b0 [ 172.595907][ T8311] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 172.601951][ T8311] [ 172.604264][ T8311] Allocated by task 8311: [ 172.608568][ T8311] __kasan_kmalloc+0x114/0x160 [ 172.613307][ T8311] __kmalloc_track_caller+0x249/0x320 [ 172.618660][ T8311] memdup_user_nul+0x26/0xf0 [ 172.623228][ T8311] smk_set_cipso+0xff/0x6a0 [ 172.627706][ T8311] __vfs_write+0xa7/0x710 [ 172.632010][ T8311] vfs_write+0x274/0x580 [ 172.636239][ T8311] ksys_write+0x11b/0x220 [ 172.640565][ T8311] do_syscall_64+0xf3/0x1b0 [ 172.645078][ T8311] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 172.650942][ T8311] [ 172.653263][ T8311] Freed by task 0: [ 172.656970][ T8311] (stack is not available) [ 172.661793][ T8311] [ 172.664112][ T8311] The buggy address belongs to the object at ffff8880919c3280 [ 172.664112][ T8311] which belongs to the cache kmalloc-32 of size 32 [ 172.677987][ T8311] The buggy address is located 6 bytes inside of [ 172.677987][ T8311] 32-byte region [ffff8880919c3280, ffff8880919c32a0) [ 172.690979][ T8311] The buggy address belongs to the page: [ 172.696631][ T8311] page:ffffea00024670c0 refcount:1 mapcount:0 mapping:0000000048f26b98 index:0xffff8880919c3fc1 [ 172.707010][ T8311] flags: 0xfffe0000000200(slab) [ 172.711831][ T8311] raw: 00fffe0000000200 ffffea0002288988 ffffea00022f7c88 ffff8880aa4001c0 [ 172.720384][ T8311] raw: ffff8880919c3fc1 ffff8880919c3000 000000010000003f 0000000000000000 [ 172.728951][ T8311] page dumped because: kasan: bad access detected [ 172.735394][ T8311] [ 172.737722][ T8311] Memory state around the buggy address: [ 172.743324][ T8311] ffff8880919c3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 172.751363][ T8311] ffff8880919c3200: fc fc fc fc fc fc fc fc 06 fc fc fc fc fc fc fc [ 172.759678][ T8311] >ffff8880919c3280: 06 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 172.767744][ T8311] ^ [ 172.771784][ T8311] ffff8880919c3300: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 172.779867][ T8311] ffff8880919c3380: 00 00 00 00 fc fc fc fc 00 00 04 fc fc fc fc fc [ 172.787922][ T8311] ================================================================== [ 172.795960][ T8311] Disabling lock debugging due to kernel taint [ 172.824940][ T8311] Kernel panic - not syncing: panic_on_warn set ... [ 172.826048][ T7510] device veth0_vlan entered promiscuous mode [ 172.831544][ T8311] CPU: 0 PID: 8311 Comm: syz-executor.2 Tainted: G B 5.7.0-rc5-syzkaller #0 [ 172.847475][ T8311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 172.847479][ T8311] Call Trace: [ 172.847495][ T8311] dump_stack+0x1e9/0x30e [ 172.847506][ T8311] panic+0x264/0x7a0 [ 172.847518][ T8311] ? trace_hardirqs_on+0x30/0x70 [ 172.847530][ T8311] __kasan_report+0x191/0x1a0 [ 172.847540][ T8311] ? vsscanf+0x2666/0x2ef0 [ 172.847548][ T8311] ? vsscanf+0x2666/0x2ef0 [ 172.847555][ T8311] kasan_report+0x4d/0x80 [ 172.847565][ T8311] ? vsscanf+0x2666/0x2ef0 [ 172.847591][ T8311] ? vsscanf+0x5bf/0x2ef0 [ 172.847604][ T8311] ? sscanf+0x6c/0x90 [ 172.847618][ T8311] ? smk_set_cipso+0x1ac/0x6a0 [ 172.847633][ T8311] ? smk_write_access2+0x1c0/0x1c0 [ 172.847642][ T8311] ? __vfs_write+0xa7/0x710 [ 172.847655][ T8311] ? check_preemption_disabled+0x40/0x240 [ 172.847665][ T8311] ? __this_cpu_preempt_check+0x9/0x20 [ 172.847677][ T8311] ? vfs_write+0x274/0x580 [ 172.847688][ T8311] ? ksys_write+0x11b/0x220 [ 172.847705][ T8311] ? do_syscall_64+0xf3/0x1b0 [ 172.847717][ T8311] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 172.848458][ T8311] Kernel Offset: disabled [ 172.954574][ T8311] Rebooting in 86400 seconds..