Warning: Permanently added '[localhost]:56629' (ECDSA) to the list of known hosts. syzkaller login: [ 156.378200][ T42] kauditd_printk_skb: 7 callbacks suppressed [ 156.378821][ T42] audit: type=1400 audit(1595178885.282:42): avc: denied { map } for pid=9274 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/07/19 17:14:45 fuzzer started 2020/07/19 17:14:46 dialing manager at 10.0.2.10:45593 2020/07/19 17:14:46 syscalls: 3205 2020/07/19 17:14:46 code coverage: enabled 2020/07/19 17:14:46 comparison tracing: enabled 2020/07/19 17:14:46 extra coverage: enabled 2020/07/19 17:14:46 setuid sandbox: enabled 2020/07/19 17:14:46 namespace sandbox: enabled 2020/07/19 17:14:46 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/19 17:14:46 fault injection: enabled 2020/07/19 17:14:46 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/19 17:14:46 net packet injection: enabled 2020/07/19 17:14:46 net device setup: enabled 2020/07/19 17:14:46 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/19 17:14:46 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/19 17:14:46 USB emulation: enabled [ 157.486137][ T42] audit: type=1400 audit(1595178886.392:43): avc: denied { integrity } for pid=9293 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 17:15:29 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) [ 201.197775][ T42] audit: type=1400 audit(1595178930.102:44): avc: denied { map } for pid=9296 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=3101 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 17:15:30 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x2301}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:30 executing program 2: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/pid_for_children\x00') ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) [ 202.132842][ T9297] IPVS: ftp: loaded support on port[0] = 21 17:15:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00', {}, {}, 0x0, 0x0, 0x64}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) [ 202.399304][ T9299] IPVS: ftp: loaded support on port[0] = 21 [ 202.725092][ T9297] chnl_net:caif_netlink_parms(): no params data found [ 202.797689][ T9302] IPVS: ftp: loaded support on port[0] = 21 [ 202.935548][ T9304] IPVS: ftp: loaded support on port[0] = 21 [ 202.954151][ T9299] chnl_net:caif_netlink_parms(): no params data found [ 202.994312][ T9297] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.009260][ T9297] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.032660][ T9297] device bridge_slave_0 entered promiscuous mode [ 203.078842][ T9297] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.095597][ T9297] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.112012][ T9297] device bridge_slave_1 entered promiscuous mode [ 203.178776][ T9297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.207939][ T9297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.260637][ T9299] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.277390][ T9299] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.294178][ T9299] device bridge_slave_0 entered promiscuous mode [ 203.324506][ T9297] team0: Port device team_slave_0 added [ 203.340580][ T9297] team0: Port device team_slave_1 added [ 203.361296][ T9299] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.377385][ T9299] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.394987][ T9299] device bridge_slave_1 entered promiscuous mode [ 203.454626][ T9299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.488096][ T9297] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 203.504016][ T9297] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.565943][ T9297] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 203.590847][ T9299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.642110][ T9297] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 203.655085][ T9297] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.702584][ T9297] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 203.738124][ T9299] team0: Port device team_slave_0 added [ 203.782657][ T9299] team0: Port device team_slave_1 added [ 203.816624][ T9302] chnl_net:caif_netlink_parms(): no params data found [ 203.943672][ T9297] device hsr_slave_0 entered promiscuous mode [ 204.042653][ T9297] device hsr_slave_1 entered promiscuous mode [ 204.108179][ T9299] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 204.136828][ T9299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.231998][ T9299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 204.276623][ T9299] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 204.299270][ T9299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.376553][ T9299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 204.424678][ T9304] chnl_net:caif_netlink_parms(): no params data found [ 204.614496][ T9299] device hsr_slave_0 entered promiscuous mode [ 204.691756][ T9299] device hsr_slave_1 entered promiscuous mode [ 204.772020][ T9299] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 204.808656][ T9299] Cannot create hsr debugfs directory [ 204.916757][ T9302] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.945283][ T9302] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.982495][ T9302] device bridge_slave_0 entered promiscuous mode [ 205.024664][ T9302] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.054016][ T9302] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.081704][ T9302] device bridge_slave_1 entered promiscuous mode [ 205.157475][ T9304] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.193325][ T9304] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.222838][ T9304] device bridge_slave_0 entered promiscuous mode [ 205.270562][ T9302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 205.301645][ T9304] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.322931][ T9304] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.350761][ T9304] device bridge_slave_1 entered promiscuous mode [ 205.403282][ T9302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 205.458524][ T9304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 205.513017][ T9304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 205.566216][ T9302] team0: Port device team_slave_0 added [ 205.593659][ T9302] team0: Port device team_slave_1 added [ 205.685746][ T9304] team0: Port device team_slave_0 added [ 205.713120][ T9302] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 205.738184][ T9302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.815202][ T9302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 205.865970][ T9304] team0: Port device team_slave_1 added [ 205.927485][ T9302] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 205.962575][ T9302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.059350][ T9302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 206.131477][ T9304] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 206.147939][ T9304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.196542][ T9304] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 206.244654][ T9304] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 206.256898][ T9304] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.305965][ T9304] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 206.392477][ T9302] device hsr_slave_0 entered promiscuous mode [ 206.480348][ T9302] device hsr_slave_1 entered promiscuous mode [ 206.550026][ T9302] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 206.566639][ T9302] Cannot create hsr debugfs directory [ 206.604439][ T42] audit: type=1400 audit(1595178935.512:45): avc: denied { create } for pid=9297 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 206.612128][ T9297] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 206.677111][ T42] audit: type=1400 audit(1595178935.512:46): avc: denied { write } for pid=9297 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 206.748574][ T42] audit: type=1400 audit(1595178935.512:47): avc: denied { read } for pid=9297 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 206.895488][ T9304] device hsr_slave_0 entered promiscuous mode [ 206.970264][ T9304] device hsr_slave_1 entered promiscuous mode [ 207.030124][ T9304] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 207.059420][ T9304] Cannot create hsr debugfs directory [ 207.098467][ T9297] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 207.206818][ T9297] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 207.302541][ T9297] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 207.450901][ T9299] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 207.509536][ T9299] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 207.613912][ T9299] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 207.695461][ T9299] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 207.907030][ T9302] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 207.994729][ T9302] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 208.082456][ T9302] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 208.156123][ T9302] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 208.227100][ T9304] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 208.341773][ T9304] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 208.452700][ T9304] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 208.572849][ T9304] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 208.746573][ T9299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.810837][ T9297] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.837335][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 208.867099][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 208.895535][ T9299] 8021q: adding VLAN 0 to HW filter on device team0 [ 208.934252][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.954074][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.978777][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.996538][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.037218][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.068788][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.086591][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.110988][ T3047] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.127853][ T3047] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.147708][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.166688][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.188727][ T9297] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.216862][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.238456][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.264417][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.283951][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.298690][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.317160][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.340565][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.360554][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.379424][ T1224] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.393802][ T1224] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.408512][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.438828][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.469082][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.486029][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.503279][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.521571][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.537171][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.560873][ T9302] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.578380][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 209.607878][ T9322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.625567][ T9322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.640004][ T9322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.656068][ T9322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.672152][ T9322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 209.685957][ T9322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 209.702352][ T9322] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 209.722428][ T9304] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.749323][ T9302] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.765651][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 209.783410][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 209.801106][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.816353][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.834354][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 209.851292][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 209.867949][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 209.885059][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 209.906298][ T9297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 209.925306][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 209.944678][ T9304] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.957916][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.974972][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.005845][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.022183][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.036784][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.049970][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.065662][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.079305][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.094322][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.106745][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.122260][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.147092][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.164014][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.180524][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.197096][ T3047] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.207126][ T3047] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.221273][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.246898][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.257939][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.271759][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.286562][ T3047] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.301666][ T3047] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.313302][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 210.323972][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 210.356412][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.376764][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.404868][ T9322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.426996][ T9322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.446276][ T9322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.464255][ T9322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.481281][ T9322] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.515685][ T9297] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 210.547677][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 210.575180][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 210.593442][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.614233][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.630892][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.654599][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.675286][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.694105][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.715847][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.751122][ T9302] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 210.786646][ T9299] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 210.800340][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.817230][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.832672][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.848344][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.886104][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.903386][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.925721][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 210.944098][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 210.966555][ T9304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.999517][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 211.015811][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 211.034958][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 211.054765][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 211.074761][ T9297] device veth0_vlan entered promiscuous mode [ 211.095390][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 211.115567][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 211.144182][ T9302] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.173250][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 211.191252][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 211.208550][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 211.225735][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 211.243641][ T9297] device veth1_vlan entered promiscuous mode [ 211.260431][ T9304] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.303868][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 211.323441][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 211.351610][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 211.379343][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 211.405233][ T9299] device veth0_vlan entered promiscuous mode [ 211.426860][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 211.452549][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 211.491367][ T9322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 211.515839][ T9322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 211.548690][ T9299] device veth1_vlan entered promiscuous mode [ 211.575481][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 211.601347][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 211.619121][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 211.638236][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 211.660961][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 211.683831][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 211.702343][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 211.725938][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 211.746769][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 211.767252][ T9297] device veth0_macvtap entered promiscuous mode [ 211.794327][ T9297] device veth1_macvtap entered promiscuous mode [ 211.816294][ T9302] device veth0_vlan entered promiscuous mode [ 211.863265][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 211.889633][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 211.914210][ T9304] device veth0_vlan entered promiscuous mode [ 211.941298][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 211.975293][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 212.022367][ T9297] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 212.058547][ T9302] device veth1_vlan entered promiscuous mode [ 212.103342][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 212.138946][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 212.174828][ T9297] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.202988][ T9304] device veth1_vlan entered promiscuous mode [ 212.224827][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 212.253834][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 212.281178][ T1224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 212.334622][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 212.353297][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 212.377659][ T9299] device veth0_macvtap entered promiscuous mode [ 212.407392][ T9299] device veth1_macvtap entered promiscuous mode [ 212.600187][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 212.618776][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 212.634776][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 212.657233][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 212.689395][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 212.720349][ T9302] device veth0_macvtap entered promiscuous mode [ 212.747050][ T9299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 212.787035][ T9299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.817532][ T9299] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 212.835398][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 212.856151][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 212.865104][ T0] NOHZ: local_softirq_pending 08 [ 212.878205][ T1221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 212.929456][ T9302] device veth1_macvtap entered promiscuous mode [ 213.112643][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 213.117555][ T42] audit: type=1400 audit(1595178942.022:48): avc: denied { associate } for pid=9297 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 213.152243][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 213.291506][ T9299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 213.343211][ T9299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.405350][ T9299] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 213.473869][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 213.536280][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 213.584752][ T9304] device veth0_macvtap entered promiscuous mode [ 213.637284][ T9297] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 213.651008][ T9302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 213.761303][ T9302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.838123][ T9302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 213.949608][ T9302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.045788][ T9302] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 214.102691][ T9304] device veth1_macvtap entered promiscuous mode [ 214.161193][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 214.208661][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 214.258116][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 214.301432][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 214.345452][ T9329] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. [ 214.552394][ T9329] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. [ 214.600710][ T9302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 214.657494][ T9302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 17:15:43 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) [ 214.709648][ T9302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 214.765305][ T9302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.813007][ T9302] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 214.937598][ T9304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 214.975114][ T9304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.017115][ T9304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 215.075595][ T9304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.117172][ T9304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 215.153395][ T9304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.191122][ T9304] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 215.218838][ T9333] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. [ 215.245675][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 215.268613][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 215.301404][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready 17:15:44 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) [ 215.333872][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 215.445486][ T9304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 215.487205][ T9304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.522646][ T9304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 215.561379][ T9304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.606485][ T9304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 215.644003][ T9304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.682125][ T9304] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 215.703868][ T9336] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:15:44 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) [ 215.777072][ T9339] xt_CT: You must specify a L4 protocol and not use inversions on it [ 215.812296][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 215.836058][ T9339] xt_CT: You must specify a L4 protocol and not use inversions on it [ 215.845293][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 17:15:44 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x2301}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) [ 215.896594][ T9343] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:15:44 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) [ 215.974779][ T9347] xt_CT: You must specify a L4 protocol and not use inversions on it 17:15:44 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x2301}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) [ 216.072171][ T9353] xt_CT: You must specify a L4 protocol and not use inversions on it 17:15:45 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) [ 216.299556][ T9367] xt_CT: You must specify a L4 protocol and not use inversions on it 17:15:45 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00', {}, {}, 0x0, 0x0, 0x64}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:45 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x2301}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:45 executing program 2: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/pid_for_children\x00') ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) 17:15:45 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) 17:15:45 executing program 2: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/pid_for_children\x00') ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) [ 216.365769][ T9377] xt_CT: You must specify a L4 protocol and not use inversions on it 17:15:45 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00', {}, {}, 0x0, 0x0, 0x64}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) [ 216.386406][ T9372] xt_CT: You must specify a L4 protocol and not use inversions on it 17:15:45 executing program 2: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/pid_for_children\x00') ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) 17:15:45 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) 17:15:45 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x2301}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:45 executing program 2: ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) [ 216.462484][ T9383] xt_CT: You must specify a L4 protocol and not use inversions on it [ 216.510571][ T9391] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:15:45 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x2301}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:45 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00', {}, {}, 0x0, 0x0, 0x64}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:45 executing program 2: ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) 17:15:45 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x2301}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:45 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) [ 216.598002][ T9405] xt_CT: You must specify a L4 protocol and not use inversions on it [ 216.627051][ T9408] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:15:45 executing program 2: ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) 17:15:45 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x2301}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:45 executing program 2: r0 = syz_open_procfs$namespace(0xffffffffffffffff, 0x0) ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) 17:15:45 executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00', {}, {}, 0x0, 0x0, 0x64}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:45 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) [ 216.730987][ T9425] xt_CT: You must specify a L4 protocol and not use inversions on it 17:15:45 executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00', {}, {}, 0x0, 0x0, 0x64}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:45 executing program 2: r0 = syz_open_procfs$namespace(0xffffffffffffffff, 0x0) ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) 17:15:45 executing program 2: r0 = syz_open_procfs$namespace(0xffffffffffffffff, 0x0) ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) 17:15:45 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x2301}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) [ 216.782622][ T9429] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:15:45 executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00', {}, {}, 0x0, 0x0, 0x64}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:45 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x2301}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:45 executing program 2: syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/pid_for_children\x00') ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) 17:15:45 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) 17:15:45 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00', {}, {}, 0x0, 0x0, 0x64}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:45 executing program 2: syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/pid_for_children\x00') ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) 17:15:45 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x2301}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) [ 216.913186][ T9451] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:15:45 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00', {}, {}, 0x0, 0x0, 0x64}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:45 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) 17:15:45 executing program 2: syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/pid_for_children\x00') ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) 17:15:45 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, 0x0, 0x0) 17:15:45 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00', {}, {}, 0x0, 0x0, 0x64}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) [ 217.025666][ T9468] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:15:45 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, 0x0, 0x0) 17:15:46 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, 0x0, 0x0) 17:15:46 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, 0x0, 0x0) 17:15:46 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) 17:15:46 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x100000000000600d, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) quotactl(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) 17:15:46 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, 0x0, 0x0) 17:15:46 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x1e0, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x2301}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x240) [ 217.190815][ T42] audit: type=1400 audit(1595178946.092:49): avc: denied { open } for pid=9486 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 17:15:46 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x50, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32={[0x3f, 0x0, 0xfffffffe]}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 17:15:46 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, 0x0, 0x0) 17:15:46 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x1e0, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x2301}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x240) 17:15:46 executing program 0: bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r0, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) 17:15:46 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:46 executing program 0: bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r0, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) 17:15:46 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x1e0, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x2301}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x240) 17:15:46 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:49 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x208, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x3}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268) 17:15:49 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x50, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32={[0x3f, 0x0, 0xfffffffe]}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 17:15:49 executing program 0: bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r0, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) 17:15:49 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @local}, 0x10) r1 = perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x7ffffffffff8, 0x6d777, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x24, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) sendto$inet(r0, 0x0, 0x0, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x9000000) 17:15:49 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x1e0, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00', {}, {}, 0x0, 0x0, 0x64}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x240) [ 220.336559][ T9530] __nla_validate_parse: 3 callbacks suppressed [ 220.336680][ T9530] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:15:49 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x1e0, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00', {}, {}, 0x0, 0x0, 0x64}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x240) [ 220.380000][ T42] audit: type=1400 audit(1595178949.242:50): avc: denied { perfmon } for pid=9528 comm="syz-executor.1" capability=38 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 17:15:49 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0xc01, 0x3, 0x1e0, 0xb8, 0x5002004a, 0x0, 0xb8, 0x0, 0x170, 0x3c8, 0x3c8, 0x170, 0x3c8, 0x3, 0x0, {[{{@ip={@dev, @dev, 0x0, 0x0, 'batadv_slave_1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ip={@broadcast, @rand_addr, 0x0, 0x0, 'erspan0\x00', 'veth0_macvtap\x00', {}, {}, 0x0, 0x0, 0x64}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x240) [ 220.452431][ T42] audit: type=1400 audit(1595178949.242:51): avc: denied { kernel } for pid=9528 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 17:15:49 executing program 0: r0 = socket(0x0, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) [ 220.531451][ T42] audit: type=1400 audit(1595178949.242:52): avc: denied { confidentiality } for pid=9528 comm="syz-executor.1" lockdown_reason="unsafe use of perf" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 17:15:49 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000200)={0x0, 0x480, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) [ 220.657660][ T9553] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:15:49 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000200)={0x0, 0x480, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) [ 221.129385][ T42] audit: type=1400 audit(1595178950.032:53): avc: denied { write } for pid=9528 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 17:15:52 executing program 0: r0 = socket(0x0, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) 17:15:52 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x50, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32={[0x3f, 0x0, 0xfffffffe]}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 17:15:52 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000200)={0x0, 0x480, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) 17:15:52 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @local}, 0x10) r1 = perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x7ffffffffff8, 0x6d777, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x24, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) sendto$inet(r0, 0x0, 0x0, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x9000000) 17:15:52 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000200)={0x0, 0x480, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) [ 223.437471][ T9566] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:15:52 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x50, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32={[0x3f, 0x0, 0xfffffffe]}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 223.469483][ T42] audit: type=1400 audit(1595178952.342:54): avc: denied { read } for pid=9564 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 17:15:52 executing program 0: r0 = socket(0x0, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) 17:15:52 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000200)={0x0, 0x480, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) 17:15:52 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000200)={0x0, 0x480, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) 17:15:52 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000200)={0x0, 0x480, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) [ 223.641856][ T9587] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:15:52 executing program 0: r0 = socket(0x11, 0x0, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) [ 223.711011][ T9595] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:15:53 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000200)={0x0, 0x480, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) 17:15:53 executing program 0: r0 = socket(0x11, 0x0, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) [ 224.244206][ T9601] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:15:55 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x50, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32={[0x3f, 0x0, 0xfffffffe]}}], 0x1c) ptrace$cont(0x7, r0, 0x0, 0x0) 17:15:55 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @local}, 0x10) r1 = perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x7ffffffffff8, 0x6d777, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x24, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) sendto$inet(r0, 0x0, 0x0, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x9000000) 17:15:55 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000200)={0x0, 0x480, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) 17:15:55 executing program 0: r0 = socket(0x11, 0x0, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) 17:15:55 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000200)={0x0, 0x480, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) [ 226.527237][ T9610] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:15:55 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000200)={0x0, 0x480, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) 17:15:55 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) 17:15:55 executing program 3: openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000200)={0x0, 0x480, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) [ 226.604405][ T9623] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:15:58 executing program 3: openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000200)={0x0, 0x480, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) 17:15:58 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x50, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32={[0x3f, 0x0, 0xfffffffe]}}], 0x1c) ptrace$cont(0x7, r0, 0x0, 0x0) 17:15:58 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) 17:15:58 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f00000003c0)={&(0x7f00000001c0)=@in={0x10, 0x2}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c"], 0x30}, 0x0) 17:15:58 executing program 3: openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000200)={0x0, 0x480, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) [ 229.558852][ T9635] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:15:58 executing program 1: perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0xa4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x400000000080803, 0x0) write(r0, &(0x7f0000000240)="241400001a0025f00485bc04fef7001d020b49ff708800008003280008021d0001010000bc71176a36ede498534108e58342fa94a235a2a441f9", 0xfcae) 17:15:58 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, 0x0) 17:15:58 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) 17:15:58 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, 0x0) [ 229.666996][ T9650] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 229.675021][ T9652] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. [ 229.688892][ T9650] netlink: 4608 bytes leftover after parsing attributes in process `syz-executor.1'. [ 229.824363][ T9644] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 229.855593][ T9644] netlink: 4608 bytes leftover after parsing attributes in process `syz-executor.1'. 17:16:01 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, 0x0) 17:16:01 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, 0x0, 0x0) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) 17:16:01 executing program 1: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x4800}}}, 0x24}}, 0x0) 17:16:01 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x50, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32={[0x3f, 0x0, 0xfffffffe]}}], 0x1c) ptrace$cont(0x7, r0, 0x0, 0x0) [ 232.689828][ T9662] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. 17:16:01 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) 17:16:01 executing program 0: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, 0x0, 0x0) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="7800000025000bf40600"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00H'], 0x78}}, 0x0) [ 232.849090][ T9671] ================================================================== [ 232.849737][ T9671] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400 [ 232.849737][ T9671] Write of size 8 at addr ffffc90009621000 by task syz-executor.3/9671 [ 232.849737][ T9671] [ 232.849737][ T9671] CPU: 2 PID: 9671 Comm: syz-executor.3 Not tainted 5.8.0-rc5-syzkaller #0 [ 232.849737][ T9671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 232.849737][ T9671] Call Trace: [ 232.849737][ T9671] dump_stack+0x18f/0x20d [ 232.849737][ T9671] ? bitfill_aligned+0x34a/0x400 [ 232.849737][ T9671] ? bitfill_aligned+0x34a/0x400 [ 232.849737][ T9671] print_address_description.constprop.0.cold+0x5/0x436 [ 232.849737][ T9671] ? lockdep_hardirqs_off+0x66/0xa0 [ 232.849737][ T9671] ? vprintk_func+0x97/0x1a6 [ 232.849737][ T9671] ? bitfill_aligned+0x34a/0x400 [ 232.849737][ T9671] kasan_report.cold+0x1f/0x37 [ 232.849737][ T9671] ? bitfill_aligned+0x34a/0x400 [ 232.849737][ T9671] bitfill_aligned+0x34a/0x400 [ 232.849737][ T9671] sys_fillrect+0x408/0x7a0 [ 232.849737][ T9671] ? sys_fillrect+0x7a0/0x7a0 [ 232.849737][ T9671] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 232.849737][ T9671] bit_clear_margins+0x2d5/0x4a0 [ 232.849737][ T9671] ? bit_bmove+0x210/0x210 [ 232.849737][ T9671] ? fb_get_color_depth+0x11a/0x240 [ 232.849737][ T9671] fbcon_clear_margins+0x1d5/0x230 [ 232.849737][ T9671] fbcon_switch+0xb6e/0x16c0 [ 232.849737][ T9671] ? fbcon_scroll+0x3600/0x3600 [ 232.849737][ T9671] ? fbcon_cursor+0x52b/0x650 [ 232.849737][ T9671] ? kmalloc_array.constprop.0+0x20/0x20 [ 232.849737][ T9671] ? is_console_locked+0x5/0x10 [ 232.849737][ T9671] ? fbcon_set_origin+0x26/0x50 [ 232.849737][ T9671] redraw_screen+0x2ae/0x770 [ 232.849737][ T9671] ? vc_init+0x440/0x440 [ 232.849737][ T9671] ? fb_get_color_depth+0x11a/0x240 [ 232.849737][ T9671] ? fbcon_set_palette+0x3a8/0x490 [ 232.849737][ T9671] fbcon_modechanged+0x575/0x710 [ 232.849737][ T9671] fbcon_update_vcs+0x3a/0x50 [ 232.849737][ T9671] fb_set_var+0xae8/0xd60 [ 232.849737][ T9671] ? fb_blank+0x190/0x190 [ 232.849737][ T9671] ? mark_held_locks+0x9f/0xe0 [ 232.849737][ T9671] ? queue_work_on+0xe6/0x200 [ 232.849737][ T9671] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 232.849737][ T9671] ? trace_hardirqs_on+0x5f/0x220 [ 232.849737][ T9671] ? drm_fb_helper_dirty.isra.0+0x2c4/0x380 [ 232.849737][ T9671] ? fb_get_color_depth+0x11a/0x240 [ 232.849737][ T9671] ? bit_cursor+0xa2a/0x17d0 [ 232.849737][ T9671] ? fb_videomode_to_var+0xf/0x610 [ 232.849737][ T9671] fbcon_switch+0x52c/0x16c0 [ 232.849737][ T9671] ? fbcon_scroll+0x3600/0x3600 [ 232.849737][ T9671] ? fbcon_cursor+0x52b/0x650 [ 232.849737][ T9671] ? kmalloc_array.constprop.0+0x20/0x20 [ 232.849737][ T9671] ? is_console_locked+0x5/0x10 [ 232.849737][ T9671] ? fbcon_set_origin+0x26/0x50 [ 232.849737][ T9671] redraw_screen+0x2ae/0x770 [ 232.849737][ T9671] ? vc_init+0x440/0x440 [ 232.849737][ T9671] ? fb_get_color_depth+0x11a/0x240 [ 232.849737][ T9671] ? fbcon_set_palette+0x3a8/0x490 [ 232.849737][ T9671] fbcon_modechanged+0x575/0x710 [ 232.849737][ T9671] fbcon_update_vcs+0x3a/0x50 [ 232.849737][ T9671] fb_set_var+0xae8/0xd60 [ 232.849737][ T9671] ? fb_blank+0x190/0x190 [ 232.849737][ T9671] ? lock_release+0x8d0/0x8d0 [ 232.849737][ T9671] ? lock_is_held_type+0xb0/0xe0 [ 232.849737][ T9671] ? do_fb_ioctl+0x2f2/0x6c0 [ 232.849737][ T9671] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 232.849737][ T9671] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 232.849737][ T9671] ? trace_hardirqs_on+0x5f/0x220 [ 232.849737][ T9671] do_fb_ioctl+0x33f/0x6c0 [ 232.849737][ T9671] ? fb_set_suspend+0x1a0/0x1a0 [ 232.849737][ T9671] ? tomoyo_execute_permission+0x470/0x470 [ 232.849737][ T9671] ? lock_is_held_type+0xb0/0xe0 [ 232.849737][ T9671] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 232.849737][ T9671] ? do_vfs_ioctl+0x27d/0x1090 [ 232.849737][ T9671] ? __fget_files+0x294/0x400 [ 232.849737][ T9671] fb_ioctl+0xdd/0x130 [ 232.849737][ T9671] ? do_fb_ioctl+0x6c0/0x6c0 [ 232.849737][ T9671] ksys_ioctl+0x11a/0x180 [ 232.849737][ T9671] __x64_sys_ioctl+0x6f/0xb0 [ 232.849737][ T9671] ? lockdep_hardirqs_on+0x6a/0xe0 [ 232.849737][ T9671] do_syscall_64+0x60/0xe0 [ 232.849737][ T9671] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 232.849737][ T9671] RIP: 0033:0x45c049 [ 232.849737][ T9671] Code: Bad RIP value. [ 232.849737][ T9671] RSP: 002b:00007f9781dffc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 232.849737][ T9671] RAX: ffffffffffffffda RBX: 00000000006fb3c0 RCX: 000000000045c049 [ 232.849737][ T9671] RDX: 0000000020000200 RSI: 0000000000004601 RDI: 0000000000000003 [ 232.849737][ T9671] RBP: 00000000004a906e R08: 0000000000000000 R09: 0000000000000000 [ 232.849737][ T9671] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074bf00 [ 232.849737][ T9671] R13: 00007fffde8a0a5f R14: 00007f9781de0000 R15: 0000000000000003 [ 232.849737][ T9671] [ 232.849737][ T9671] [ 232.849737][ T9671] Memory state around the buggy address: [ 232.849737][ T9671] ffffc90009620f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 232.849737][ T9671] ffffc90009620f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 232.849737][ T9671] >ffffc90009621000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 232.849737][ T9671] ^ [ 232.849737][ T9671] ffffc90009621080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 232.849737][ T9671] ffffc90009621100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 232.849737][ T9671] ================================================================== [ 232.849737][ T9671] Disabling lock debugging due to kernel taint [ 232.885828][ T9671] Kernel panic - not syncing: panic_on_warn set ... [ 232.885841][ T9671] CPU: 2 PID: 9671 Comm: syz-executor.3 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 232.885846][ T9671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 232.885879][ T9671] Call Trace: [ 232.886035][ T9671] dump_stack+0x18f/0x20d [ 232.886047][ T9671] ? bitfill_aligned+0x290/0x400 [ 232.886056][ T9671] panic+0x2e3/0x75c [ 232.886065][ T9671] ? __warn_printk+0xf3/0xf3 [ 232.886075][ T9671] ? preempt_schedule_common+0x59/0xc0 [ 232.886083][ T9671] ? bitfill_aligned+0x34a/0x400 [ 232.886093][ T9671] ? preempt_schedule_thunk+0x16/0x18 [ 232.886101][ T9671] ? trace_hardirqs_on+0x55/0x220 [ 232.886111][ T9671] ? bitfill_aligned+0x34a/0x400 [ 232.886119][ T9671] ? bitfill_aligned+0x34a/0x400 [ 232.886126][ T9671] end_report+0x4d/0x53 [ 232.886133][ T9671] kasan_report.cold+0xd/0x37 [ 232.886141][ T9671] ? bitfill_aligned+0x34a/0x400 [ 232.886149][ T9671] bitfill_aligned+0x34a/0x400 [ 232.886158][ T9671] sys_fillrect+0x408/0x7a0 [ 232.886165][ T9671] ? sys_fillrect+0x7a0/0x7a0 [ 232.886176][ T9671] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 232.886184][ T9671] bit_clear_margins+0x2d5/0x4a0 [ 232.886192][ T9671] ? bit_bmove+0x210/0x210 [ 232.886201][ T9671] ? fb_get_color_depth+0x11a/0x240 [ 232.886209][ T9671] fbcon_clear_margins+0x1d5/0x230 [ 232.886217][ T9671] fbcon_switch+0xb6e/0x16c0 [ 232.886226][ T9671] ? fbcon_scroll+0x3600/0x3600 [ 232.886236][ T9671] ? fbcon_cursor+0x52b/0x650 [ 232.886244][ T9671] ? kmalloc_array.constprop.0+0x20/0x20 [ 232.886253][ T9671] ? is_console_locked+0x5/0x10 [ 232.886260][ T9671] ? fbcon_set_origin+0x26/0x50 [ 232.886269][ T9671] redraw_screen+0x2ae/0x770 [ 232.886277][ T9671] ? vc_init+0x440/0x440 [ 232.886285][ T9671] ? fb_get_color_depth+0x11a/0x240 [ 232.886293][ T9671] ? fbcon_set_palette+0x3a8/0x490 [ 232.886300][ T9671] fbcon_modechanged+0x575/0x710 [ 232.886309][ T9671] fbcon_update_vcs+0x3a/0x50 [ 232.886316][ T9671] fb_set_var+0xae8/0xd60 [ 232.886324][ T9671] ? fb_blank+0x190/0x190 [ 232.886334][ T9671] ? mark_held_locks+0x9f/0xe0 [ 232.886348][ T9671] ? queue_work_on+0xe6/0x200 [ 232.886356][ T9671] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 232.886363][ T9671] ? trace_hardirqs_on+0x5f/0x220 [ 232.886374][ T9671] ? drm_fb_helper_dirty.isra.0+0x2c4/0x380 [ 232.886386][ T9671] ? fb_get_color_depth+0x11a/0x240 [ 232.886395][ T9671] ? bit_cursor+0xa2a/0x17d0 [ 232.886402][ T9671] ? fb_videomode_to_var+0xf/0x610 [ 232.886411][ T9671] fbcon_switch+0x52c/0x16c0 [ 232.886421][ T9671] ? fbcon_scroll+0x3600/0x3600 [ 232.886433][ T9671] ? fbcon_cursor+0x52b/0x650 [ 232.886441][ T9671] ? kmalloc_array.constprop.0+0x20/0x20 [ 232.886450][ T9671] ? is_console_locked+0x5/0x10 [ 232.886457][ T9671] ? fbcon_set_origin+0x26/0x50 [ 232.886507][ T9671] redraw_screen+0x2ae/0x770 [ 232.886517][ T9671] ? vc_init+0x440/0x440 [ 232.886526][ T9671] ? fb_get_color_depth+0x11a/0x240 [ 232.886534][ T9671] ? fbcon_set_palette+0x3a8/0x490 [ 232.886543][ T9671] fbcon_modechanged+0x575/0x710 [ 232.886551][ T9671] fbcon_update_vcs+0x3a/0x50 [ 232.886561][ T9671] fb_set_var+0xae8/0xd60 [ 232.886569][ T9671] ? fb_blank+0x190/0x190 [ 232.886577][ T9671] ? lock_release+0x8d0/0x8d0 [ 232.886585][ T9671] ? lock_is_held_type+0xb0/0xe0 [ 232.886597][ T9671] ? do_fb_ioctl+0x2f2/0x6c0 [ 232.886610][ T9671] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 232.886618][ T9671] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 232.886625][ T9671] ? trace_hardirqs_on+0x5f/0x220 [ 232.886634][ T9671] do_fb_ioctl+0x33f/0x6c0 [ 232.886642][ T9671] ? fb_set_suspend+0x1a0/0x1a0 [ 232.886651][ T9671] ? tomoyo_execute_permission+0x470/0x470 [ 232.886660][ T9671] ? lock_is_held_type+0xb0/0xe0 [ 232.886670][ T9671] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 232.886678][ T9671] ? do_vfs_ioctl+0x27d/0x1090 [ 232.886689][ T9671] ? __fget_files+0x294/0x400 [ 232.886698][ T9671] fb_ioctl+0xdd/0x130 [ 232.886706][ T9671] ? do_fb_ioctl+0x6c0/0x6c0 [ 232.886712][ T9671] ksys_ioctl+0x11a/0x180 [ 232.886719][ T9671] __x64_sys_ioctl+0x6f/0xb0 [ 232.886726][ T9671] ? lockdep_hardirqs_on+0x6a/0xe0 [ 232.886734][ T9671] do_syscall_64+0x60/0xe0 [ 232.886742][ T9671] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 232.886791][ T9671] RIP: 0033:0x45c049 [ 232.886830][ T9671] Code: Bad RIP value. [ 232.886834][ T9671] RSP: 002b:00007f9781dffc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 232.886843][ T9671] RAX: ffffffffffffffda RBX: 00000000006fb3c0 RCX: 000000000045c049 [ 232.886848][ T9671] RDX: 0000000020000200 RSI: 0000000000004601 RDI: 0000000000000003 [ 232.886852][ T9671] RBP: 00000000004a906e R08: 0000000000000000 R09: 0000000000000000 [ 232.886857][ T9671] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074bf00 [ 232.886862][ T9671] R13: 00007fffde8a0a5f R14: 00007f9781de0000 R15: 0000000000000003 [ 232.889926][ T9671] Kernel Offset: disabled [ 232.889926][ T9671] Rebooting in 86400 seconds..