[ 136.070074][ T39] audit: type=1400 audit(1594988051.219:41): avc: denied { map } for pid=9689 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:23816' (ECDSA) to the list of known hosts. [ 139.082416][ T39] audit: type=1400 audit(1594988054.239:42): avc: denied { map } for pid=9701 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16525 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/07/17 12:14:14 fuzzer started 2020/07/17 12:14:14 dialing manager at 10.0.2.10:35917 2020/07/17 12:14:14 syscalls: 3205 2020/07/17 12:14:14 code coverage: enabled 2020/07/17 12:14:14 comparison tracing: enabled 2020/07/17 12:14:14 extra coverage: enabled 2020/07/17 12:14:14 setuid sandbox: enabled 2020/07/17 12:14:14 namespace sandbox: enabled 2020/07/17 12:14:14 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/17 12:14:14 fault injection: enabled 2020/07/17 12:14:14 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/17 12:14:14 net packet injection: enabled 2020/07/17 12:14:14 net device setup: enabled 2020/07/17 12:14:14 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/17 12:14:14 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/17 12:14:14 USB emulation: enabled [ 139.698662][ T39] audit: type=1400 audit(1594988054.849:43): avc: denied { integrity } for pid=9718 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 Resetting rate control (2710194 samples) Resetting rate control (2708648 samples) 12:16:58 executing program 0: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000000c0)={0x1000000002, 0x70, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sync() [ 303.469468][ T39] audit: type=1400 audit(1594988218.619:44): avc: denied { map } for pid=9721 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=3118 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 12:16:58 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$sock(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) 12:16:58 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0xe, 0x4, 0x27c, 0xec, 0xc0, 0x154, 0x0, 0x0, 0x2d4, 0x1e8, 0x1e8, 0x1e8, 0x2d4, 0x4, 0x0, {[{{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@unspec=@cgroup0={{0x28, 'cgroup\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x2}}}, {{@ip={@loopback, @remote, 0x0, 0x0, 'batadv0\x00'}, 0x0, 0x70, 0x94}, @REJECT={0x24, 'REJECT\x00'}}, {{@ip={@multicast1, @local, 0x0, 0x0, 'veth0_to_batadv\x00', 'ip6_vti0\x00'}, 0x0, 0x70, 0x94}, @REJECT={0x24, 'REJECT\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x2d8) [ 303.923280][ T9723] IPVS: ftp: loaded support on port[0] = 21 12:16:59 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000260007007e6a3952e9d3280000ffff40", @ANYRES32=r1, @ANYBLOB="00000000ffffffff00010000070001006671"], 0x60}}, 0x0) r2 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000200), 0x10efe10675dec16, 0x0) [ 303.934190][ T9724] IPVS: ftp: loaded support on port[0] = 21 [ 304.028612][ T9726] IPVS: ftp: loaded support on port[0] = 21 [ 304.105519][ T9728] IPVS: ftp: loaded support on port[0] = 21 [ 304.195554][ T9724] chnl_net:caif_netlink_parms(): no params data found [ 304.225254][ T9723] chnl_net:caif_netlink_parms(): no params data found [ 304.348029][ T9723] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.354772][ T9723] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.364289][ T9723] device bridge_slave_0 entered promiscuous mode [ 304.375511][ T9723] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.384074][ T9723] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.393984][ T9723] device bridge_slave_1 entered promiscuous mode [ 304.404461][ T9726] chnl_net:caif_netlink_parms(): no params data found [ 304.433376][ T9724] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.441129][ T9724] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.449598][ T9724] device bridge_slave_0 entered promiscuous mode [ 304.461729][ T9724] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.469665][ T9724] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.478422][ T9724] device bridge_slave_1 entered promiscuous mode [ 304.529277][ T9724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 304.540676][ T9723] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 304.551664][ T9723] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 304.568416][ T9726] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.575397][ T9726] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.583293][ T9726] device bridge_slave_0 entered promiscuous mode [ 304.591625][ T9726] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.598945][ T9726] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.606733][ T9726] device bridge_slave_1 entered promiscuous mode [ 304.615049][ T9724] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 304.663163][ T9726] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 304.676400][ T9726] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 304.688701][ T9723] team0: Port device team_slave_0 added [ 304.696213][ T9723] team0: Port device team_slave_1 added [ 304.712839][ T9723] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 304.719819][ T9723] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.745262][ T9723] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 304.768471][ T9724] team0: Port device team_slave_0 added [ 304.780313][ T9724] team0: Port device team_slave_1 added [ 304.793756][ T9723] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 304.800850][ T9723] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.826406][ T9723] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 304.934886][ T9723] device hsr_slave_0 entered promiscuous mode [ 305.002087][ T9723] device hsr_slave_1 entered promiscuous mode [ 305.046199][ T9728] chnl_net:caif_netlink_parms(): no params data found [ 305.063825][ T9724] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 305.071008][ T9724] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.096539][ T9724] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 305.109562][ T9724] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 305.116978][ T9724] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.148599][ T9724] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 305.166761][ T9726] team0: Port device team_slave_0 added [ 305.176163][ T9726] team0: Port device team_slave_1 added [ 305.199083][ T9726] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 305.205682][ T9726] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.232696][ T9726] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 305.321244][ T9726] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 305.329295][ T9726] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.357900][ T9726] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 305.464151][ T9724] device hsr_slave_0 entered promiscuous mode [ 305.532388][ T9724] device hsr_slave_1 entered promiscuous mode [ 305.581680][ T9724] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 305.590361][ T9724] Cannot create hsr debugfs directory [ 305.703884][ T9726] device hsr_slave_0 entered promiscuous mode [ 305.791824][ T9726] device hsr_slave_1 entered promiscuous mode [ 305.871547][ T9726] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 305.880037][ T9726] Cannot create hsr debugfs directory [ 305.940152][ T9723] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 305.940780][ T39] audit: type=1400 audit(1594988221.089:45): avc: denied { create } for pid=9723 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 305.973420][ T39] audit: type=1400 audit(1594988221.089:46): avc: denied { write } for pid=9723 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 306.002979][ T39] audit: type=1400 audit(1594988221.089:47): avc: denied { read } for pid=9723 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 306.103200][ T9723] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 306.163322][ T9723] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 306.224334][ T9723] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 306.437624][ T9726] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 306.526951][ T9726] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 306.610193][ T39] audit: type=1400 audit(1594988221.759:48): avc: denied { map } for pid=9747 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 306.648072][ T9728] bridge0: port 1(bridge_slave_0) entered blocking state [ 306.659352][ T9728] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.670723][ T9728] device bridge_slave_0 entered promiscuous mode [ 306.735243][ T9724] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 306.795640][ T9746] cron (9746) used greatest stack depth: 23088 bytes left [ 306.809868][ T9726] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 306.905820][ T9726] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 307.041644][ T9728] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.050130][ T9728] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.058925][ T9728] device bridge_slave_1 entered promiscuous mode [ 307.067770][ T9724] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 307.155205][ T9724] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 307.295923][ T9723] 8021q: adding VLAN 0 to HW filter on device bond0 [ 307.317817][ T9728] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 307.332871][ T9728] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 307.352256][ T9724] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 307.427730][ T9726] 8021q: adding VLAN 0 to HW filter on device bond0 [ 307.447095][ T9726] 8021q: adding VLAN 0 to HW filter on device team0 [ 307.482368][ T9726] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 307.497825][ T9726] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 307.534383][ T9726] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 307.568466][ T9726] device veth0_vlan entered promiscuous mode [ 307.584814][ T9726] device veth1_vlan entered promiscuous mode [ 307.608827][ T9726] device veth0_macvtap entered promiscuous mode [ 307.620786][ T9726] device veth1_macvtap entered promiscuous mode [ 307.639202][ T9726] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 307.650442][ T9726] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 307.673247][ T9723] 8021q: adding VLAN 0 to HW filter on device team0 [ 307.716148][ T9723] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 307.727494][ T9723] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 307.752674][ T9723] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 307.779622][ T9723] device veth0_vlan entered promiscuous mode [ 307.789951][ T9723] device veth1_vlan entered promiscuous mode [ 307.810551][ T9723] device veth0_macvtap entered promiscuous mode [ 307.824088][ T9728] team0: Port device team_slave_0 added [ 307.833325][ T9728] team0: Port device team_slave_1 added [ 307.876957][ T9724] 8021q: adding VLAN 0 to HW filter on device bond0 [ 307.891101][ T9724] 8021q: adding VLAN 0 to HW filter on device team0 [ 307.919280][ T9724] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 307.929044][ T9724] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 307.953598][ T9724] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 307.978972][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 307.988029][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 307.995749][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 308.005292][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 308.013505][ T1220] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.020620][ T1220] bridge0: port 1(bridge_slave_0) entered forwarding state [ 308.028925][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 308.037125][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 308.045355][ T1220] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.052039][ T1220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 308.058884][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 308.066830][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 308.074791][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 308.082887][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 308.090476][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 308.098451][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 308.106230][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 308.124002][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 308.132124][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 308.140318][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 308.148096][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 308.155635][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 308.163951][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 308.171907][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 308.182057][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 308.191007][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 308.199606][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 308.208230][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 308.216901][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 308.225385][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 308.233959][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 308.243883][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 308.252124][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 308.260097][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 308.268951][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 308.276298][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 308.284502][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 308.293278][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 308.301737][ T1220] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.308442][ T1220] bridge0: port 1(bridge_slave_0) entered forwarding state [ 308.315804][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 308.324876][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 308.333137][ T1220] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.340170][ T1220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 308.348013][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 308.356897][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 308.365521][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 308.374881][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 308.383503][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 308.392920][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 308.402444][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 308.410806][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 308.421807][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 308.430572][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 308.439635][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 308.447874][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 308.455923][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 308.465148][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 308.474332][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 308.483524][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 308.493113][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 308.502080][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 308.511106][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 308.520724][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 308.530232][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 308.539073][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 308.547894][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 308.556290][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 308.564327][ T1220] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.570983][ T1220] bridge0: port 1(bridge_slave_0) entered forwarding state [ 308.578294][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 308.586201][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 308.594132][ T1220] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.601433][ T1220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 308.608830][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 308.617262][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 308.626080][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 308.634813][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 308.643186][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 308.651103][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 308.659451][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 308.667718][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 308.675357][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 308.683743][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 308.691632][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 308.699058][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 308.705953][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 308.714066][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 308.722465][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 308.729982][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 308.737134][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 308.744486][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 308.752732][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 308.760891][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 308.769143][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 308.777211][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 308.784976][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 308.793047][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 308.800645][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 308.808558][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 308.816319][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 308.823875][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 308.830972][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 308.935213][ T9723] device veth1_macvtap entered promiscuous mode [ 308.961127][ T9728] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 308.972303][ T9728] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 308.997349][ T9728] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 309.008832][ T9728] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 309.015545][ T9728] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 309.039676][ T9728] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 309.114505][ T9728] device hsr_slave_0 entered promiscuous mode [ 309.201861][ T9728] device hsr_slave_1 entered promiscuous mode [ 309.261652][ T9728] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 309.269007][ T9728] Cannot create hsr debugfs directory [ 309.284079][ T9724] device veth0_vlan entered promiscuous mode [ 309.294236][ T9724] device veth1_vlan entered promiscuous mode [ 309.313830][ T9724] device veth0_macvtap entered promiscuous mode [ 309.322615][ T9724] device veth1_macvtap entered promiscuous mode [ 309.335788][ T9724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 309.347006][ T9724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.357265][ T9724] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 309.366892][ T9724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 309.377076][ T9724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.387827][ T9724] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 309.571215][ T9723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 309.582512][ T9723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.593180][ T9723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 309.604153][ T9723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.616678][ T9723] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 309.624724][ T137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 309.632816][ T137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 309.640558][ T137] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 309.648128][ T137] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 309.655238][ T137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 309.663205][ T137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 309.670866][ T137] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 309.679071][ T137] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 309.687195][ T137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 309.695505][ T137] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 309.703836][ T137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 309.712066][ T137] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 309.720258][ T137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 309.728869][ T137] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 309.736685][ T137] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 309.744067][ T137] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 309.916688][ T39] audit: type=1400 audit(1594988225.049:49): avc: denied { associate } for pid=9726 comm="syz-executor.2" name="syz2" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 309.943145][ T9723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 309.953194][ T9723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.963501][ T9723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 309.973348][ T9723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.983960][ T9723] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 310.163163][ T2878] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 310.171012][ T2878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 310.197935][ T9728] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 310.264889][ T9726] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation 12:17:05 executing program 2: 12:17:05 executing program 2: 12:17:05 executing program 2: [ 310.390275][ T9728] netdevsim netdevsim3 netdevsim1: renamed from eth1 12:17:05 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f00000000c0)={0x1f, 0x1001, @fixed}, 0xe) [ 310.439211][ T9728] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 310.543330][ T9728] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 310.639770][ T9728] 8021q: adding VLAN 0 to HW filter on device bond0 [ 310.655870][ T9728] 8021q: adding VLAN 0 to HW filter on device team0 [ 310.686341][ T9728] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 310.703051][ T9728] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 310.722117][ T39] audit: type=1400 audit(1594988225.869:50): avc: denied { open } for pid=9769 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 310.737416][ T9728] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 310.747330][ T39] audit: type=1400 audit(1594988225.869:51): avc: denied { confidentiality } for pid=9769 comm="syz-executor.0" lockdown_reason="unsafe use of perf" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 [ 310.776910][ T9728] device veth0_vlan entered promiscuous mode [ 310.793074][ T9728] device veth1_vlan entered promiscuous mode [ 310.819294][ T9728] device veth0_macvtap entered promiscuous mode [ 310.828837][ T9728] device veth1_macvtap entered promiscuous mode [ 310.845005][ T9728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 310.860108][ T9728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.871027][ T9728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 310.881704][ T9728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.891453][ T9728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 310.901453][ T9728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.912157][ T9728] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 310.921785][ T9728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 310.932348][ T9728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.942137][ T9728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 310.951654][ T9728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.960725][ T9728] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 310.970774][ T9728] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.980559][ T9728] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 311.073139][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 311.080647][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 311.087814][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 311.095876][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 311.103793][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.110443][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 311.117759][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 311.125835][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 311.133742][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 311.140560][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 311.147463][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 311.155510][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 311.163481][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 311.171672][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 311.179698][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 311.196536][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 311.204444][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 311.212503][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 311.220285][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 311.228646][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 311.236457][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 311.243447][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 311.251240][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 311.259588][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 311.267375][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 311.274754][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 311.283675][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 311.291059][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 311.298950][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 311.306987][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 311.315672][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 311.325516][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 311.333880][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 311.342088][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 311.350243][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 311.358817][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 311.366498][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 311.374188][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 311.382172][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 311.390089][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 311.398313][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 311.650593][ T9776] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.3'. 12:17:06 executing program 0: 12:17:06 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xe5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) 12:17:06 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$sock(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) [ 311.717069][ T39] audit: type=1400 audit(1594988226.869:52): avc: denied { perfmon } for pid=9777 comm="syz-executor.2" capability=38 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 311.727201][ T9783] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.3'. [ 311.747274][ T39] audit: type=1400 audit(1594988226.869:53): avc: denied { kernel } for pid=9777 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 12:17:06 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000260007007e6a3952e9d3280000ffff40", @ANYRES32=r1, @ANYBLOB="00000000ffffffff00010000070001006671"], 0x60}}, 0x0) r2 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 12:17:06 executing program 0: 12:17:06 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$sock(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) 12:17:07 executing program 0: [ 311.844702][ T9791] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.3'. 12:17:07 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$sock(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) 12:17:07 executing program 0: r0 = getpid() sched_setattr(r0, &(0x7f0000000280)={0x38, 0x2, 0x0, 0x0, 0x8}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x50000103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 311.896081][ T9797] IPVS: ftp: loaded support on port[0] = 21 [ 311.936440][ T39] audit: type=1400 audit(1594988227.039:54): avc: denied { sys_admin } for pid=9796 comm="syz-executor.0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 12:17:07 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xe5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) 12:17:07 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) sendmmsg$sock(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) 12:17:07 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000260007007e6a3952e9d3280000ffff40", @ANYRES32=r1, @ANYBLOB="00000000ffffffff00010000070001006671"], 0x60}}, 0x0) r2 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 12:17:07 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key(&(0x7f0000000080)='big_key\x00', &(0x7f0000000500)={'syz', 0x0}, &(0x7f0000000200)='_', 0x1, r0) keyctl$update(0x15, r1, 0x0, 0x0) [ 312.040018][ T9810] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.3'. 12:17:07 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) sendmmsg$sock(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) 12:17:07 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) sendmmsg$sock(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) 12:17:07 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000260007007e6a3952e9d3280000ffff40", @ANYRES32=r1, @ANYBLOB="00000000ffffffff00010000070001006671"], 0x60}}, 0x0) r2 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 12:17:07 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$sock(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) [ 312.120355][ T9822] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.3'. [ 312.241909][ T8] tipc: TX() has been purged, node left! 12:17:07 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xe5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) 12:17:07 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$sock(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) 12:17:07 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000260007007e6a3952e9d3280000ffff40", @ANYRES32=r1, @ANYBLOB="00000000ffffffff00010000070001006671"], 0x60}}, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 12:17:07 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key(&(0x7f0000000080)='big_key\x00', &(0x7f0000000500)={'syz', 0x0}, &(0x7f0000000200)='_', 0x1, r0) keyctl$update(0x15, r1, 0x0, 0x0) 12:17:07 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000260007007e6a3952e9d3280000ffff40", @ANYRES32=r1, @ANYBLOB="00000000ffffffff00010000070001006671"], 0x60}}, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 12:17:07 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$sock(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) 12:17:07 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$sock(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) 12:17:07 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000260007007e6a3952e9d3280000ffff40", @ANYRES32=r1, @ANYBLOB="00000000ffffffff00010000070001006671"], 0x60}}, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 12:17:07 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key(&(0x7f0000000080)='big_key\x00', &(0x7f0000000500)={'syz', 0x0}, &(0x7f0000000200)='_', 0x1, r0) keyctl$update(0x15, r1, 0x0, 0x0) 12:17:07 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$sock(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) 12:17:07 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'syz_tun\x00'}) r1 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 12:17:07 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key(&(0x7f0000000080)='big_key\x00', &(0x7f0000000500)={'syz', 0x0}, &(0x7f0000000200)='_', 0x1, r0) keyctl$update(0x15, r1, 0x0, 0x0) 12:17:07 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$sock(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) 12:17:07 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key(&(0x7f0000000080)='big_key\x00', &(0x7f0000000500)={'syz', 0x0}, &(0x7f0000000200)='_', 0x1, r0) keyctl$update(0x15, r1, 0x0, 0x0) 12:17:07 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'syz_tun\x00'}) r1 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 12:17:07 executing program 1: bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) 12:17:07 executing program 2: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f00000000c0)={0x1f, 0x0, @fixed}, 0xe) 12:17:07 executing program 1: bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) 12:17:07 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'syz_tun\x00'}) r1 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 12:17:07 executing program 2: r0 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x7fe}, 0x10) write(r0, &(0x7f0000000280)="1c0000001a009b8a14e5f4070009042400000000ff00000000000000", 0x1e5) recvmmsg(r0, &(0x7f0000002040)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000018c0)=[{&(0x7f00000006c0)=""/197, 0xc5}, {&(0x7f00000007c0)=""/76, 0x4c}, {&(0x7f0000000840)=""/4090, 0xffa}, {&(0x7f0000001e80)=""/9, 0x9}, {&(0x7f0000001880)=""/38, 0x26}], 0x5}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) 12:17:07 executing program 1: bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) 12:17:07 executing program 0: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x28402) write$vhci(r0, &(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) write$vhci(r0, &(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @extended_inquiry_info={{0x2f, 0xfe}, {@none, 0x0, 0x0, "55c8b8", 0x0, 0x0, "9ea01052bba06a62de2c5b16be84fbadb5594633dfb85a5e2e68e554cbc294e98b68594466bec879b5f539d7d8d342a64df438543f92806a5b2e254e318aeed0e5fbc38472f679ab813e51658fe4701c61d1f8bc3eb7093a5a776d95e8c0372e8ec9f82675321bdca00159b916c4a378028f25498fe4a445239308958e460a3f413d221870d71dbf706813edfe690d740c8806fec3c00c19b30a5983e3d486e46c33d5824447f4e0f57bf384c408dfef0fcdb3b91cec3da98a2223b2678918a1369e25549fa451f79faf2eb4af62e1892b8dbb24074b6d344232d4b742371e0f3e5a9cd79b27f737dd5e3552a9b1446c"}}}, 0x101) 12:17:07 executing program 3: socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000260007007e6a3952e9d3280000ffff40", @ANYRES32, @ANYBLOB="00000000ffffffff00010000070001006671"], 0x60}}, 0x0) r0 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 12:17:08 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$sock(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) [ 312.867260][ T9896] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.3'. 12:17:08 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x8, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$sock(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@timestamping={{0x10, 0x1, 0x25, 0xfffffffe}}], 0x10}}], 0x2, 0x0) 12:17:08 executing program 0: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x28402) write$vhci(r0, &(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) write$vhci(r0, &(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @extended_inquiry_info={{0x2f, 0xfe}, {@none, 0x0, 0x0, "55c8b8", 0x0, 0x0, "9ea01052bba06a62de2c5b16be84fbadb5594633dfb85a5e2e68e554cbc294e98b68594466bec879b5f539d7d8d342a64df438543f92806a5b2e254e318aeed0e5fbc38472f679ab813e51658fe4701c61d1f8bc3eb7093a5a776d95e8c0372e8ec9f82675321bdca00159b916c4a378028f25498fe4a445239308958e460a3f413d221870d71dbf706813edfe690d740c8806fec3c00c19b30a5983e3d486e46c33d5824447f4e0f57bf384c408dfef0fcdb3b91cec3da98a2223b2678918a1369e25549fa451f79faf2eb4af62e1892b8dbb24074b6d344232d4b742371e0f3e5a9cd79b27f737dd5e3552a9b1446c"}}}, 0x101) [ 312.925157][ T1573] ================================================================== [ 312.933571][ T1573] BUG: KASAN: slab-out-of-bounds in hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 312.933571][ T1573] Read of size 6 at addr ffff88801d217404 by task kworker/u18:0/1573 [ 312.933571][ T1573] [ 312.933571][ T1573] CPU: 3 PID: 1573 Comm: kworker/u18:0 Not tainted 5.8.0-rc5-syzkaller #0 [ 312.933571][ T1573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 312.933571][ T1573] Workqueue: hci0 hci_rx_work [ 312.933571][ T1573] Call Trace: [ 312.933571][ T1573] dump_stack+0x18f/0x20d [ 312.933571][ T1573] ? hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 313.002070][ T1573] ? hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 313.009631][ T1573] print_address_description.constprop.0.cold+0xae/0x436 [ 313.009631][ T1573] ? lockdep_hardirqs_off+0x66/0xa0 [ 313.009631][ T1573] ? vprintk_func+0x97/0x1a6 [ 313.009631][ T1573] ? hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 313.009631][ T1573] kasan_report.cold+0x1f/0x37 [ 313.009631][ T1573] ? hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 313.053755][ T1573] check_memory_region+0x13d/0x180 [ 313.057517][ T1573] memcpy+0x20/0x60 [ 313.057517][ T1573] hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 313.057517][ T1573] ? clear_pending_adv_report+0xf0/0xf0 [ 313.072307][ T1573] hci_event_packet+0x2828/0x86f5 [ 313.072307][ T1573] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 313.072307][ T1573] ? hci_cmd_complete_evt+0xc6e0/0xc6e0 [ 313.072307][ T1573] ? lock_acquire+0x1f1/0xad0 [ 313.072307][ T1573] ? skb_dequeue+0x1c/0x180 [ 313.072307][ T1573] ? find_held_lock+0x2d/0x110 [ 313.072307][ T1573] ? mark_lock+0xbc/0x1710 [ 313.072307][ T1573] ? mark_held_locks+0x9f/0xe0 [ 313.072307][ T1573] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 313.072307][ T1573] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 313.072307][ T1573] ? trace_hardirqs_on+0x5f/0x220 [ 313.072307][ T1573] ? lockdep_hardirqs_on+0x6a/0xe0 [ 313.072307][ T1573] hci_rx_work+0x22e/0xb10 [ 313.072307][ T1573] process_one_work+0x94c/0x1670 [ 313.072307][ T1573] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 313.072307][ T1573] ? rwlock_bug.part.0+0x90/0x90 [ 313.072307][ T1573] worker_thread+0x64c/0x1120 [ 313.072307][ T1573] ? process_one_work+0x1670/0x1670 [ 313.072307][ T1573] kthread+0x3b5/0x4a0 [ 313.072307][ T1573] ? __kthread_bind_mask+0xc0/0xc0 [ 313.072307][ T1573] ? __kthread_bind_mask+0xc0/0xc0 [ 313.072307][ T1573] ret_from_fork+0x1f/0x30 [ 313.072307][ T1573] [ 313.072307][ T1573] Allocated by task 9908: [ 313.072307][ T1573] save_stack+0x1b/0x40 [ 313.072307][ T1573] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 313.072307][ T1573] __alloc_skb+0xae/0x550 [ 313.072307][ T1573] vhci_write+0xbd/0x450 [ 313.072307][ T1573] new_sync_write+0x422/0x650 [ 313.072307][ T1573] vfs_write+0x59d/0x6b0 [ 313.072307][ T1573] ksys_write+0x12d/0x250 [ 313.072307][ T1573] do_syscall_64+0x60/0xe0 [ 313.072307][ T1573] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 313.072307][ T1573] [ 313.072307][ T1573] Freed by task 9723: [ 313.072307][ T1573] save_stack+0x1b/0x40 [ 313.072307][ T1573] __kasan_slab_free+0xf5/0x140 [ 313.072307][ T1573] kfree+0x103/0x2c0 [ 313.072307][ T1573] skb_release_data+0x6d9/0x910 [ 313.072307][ T1573] napi_consume_skb+0x231/0x370 [ 313.072307][ T1573] free_old_xmit_skbs+0xd5/0x230 [ 313.072307][ T1573] virtnet_poll_tx+0x1e9/0x370 [ 313.072307][ T1573] net_rx_action+0x4a1/0xe60 [ 313.072307][ T1573] __do_softirq+0x34c/0xa60 [ 313.072307][ T1573] [ 313.072307][ T1573] The buggy address belongs to the object at ffff88801d217000 [ 313.072307][ T1573] which belongs to the cache kmalloc-1k of size 1024 [ 313.072307][ T1573] The buggy address is located 4 bytes to the right of [ 313.072307][ T1573] 1024-byte region [ffff88801d217000, ffff88801d217400) [ 313.072307][ T1573] The buggy address belongs to the page: [ 313.072307][ T1573] page:ffffea00007485c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 313.072307][ T1573] flags: 0xfffe0000000200(slab) [ 313.072307][ T1573] raw: 00fffe0000000200 ffffea0000aa8948 ffffea00009e5388 ffff88802c800c40 [ 313.072307][ T1573] raw: 0000000000000000 ffff88801d217000 0000000100000002 0000000000000000 [ 313.072307][ T1573] page dumped because: kasan: bad access detected [ 313.072307][ T1573] [ 313.072307][ T1573] Memory state around the buggy address: [ 313.072307][ T1573] ffff88801d217300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 313.072307][ T1573] ffff88801d217380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 313.072307][ T1573] >ffff88801d217400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 313.072307][ T1573] ^ [ 313.072307][ T1573] ffff88801d217480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 313.072307][ T1573] ffff88801d217500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 313.072307][ T1573] ================================================================== [ 313.072307][ T1573] Disabling lock debugging due to kernel taint [ 313.410602][ T1573] Kernel panic - not syncing: panic_on_warn set ... [ 313.416674][ T1573] CPU: 3 PID: 1573 Comm: kworker/u18:0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 313.416674][ T1573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 313.416674][ T1573] Workqueue: hci0 hci_rx_work [ 313.416674][ T1573] Call Trace: [ 313.416674][ T1573] dump_stack+0x18f/0x20d [ 313.416674][ T1573] ? hci_extended_inquiry_result_evt.isra.0+0x190/0x5e0 [ 313.416674][ T1573] panic+0x2e3/0x75c [ 313.416674][ T1573] ? __warn_printk+0xf3/0xf3 [ 313.416674][ T1573] ? preempt_schedule_common+0x59/0xc0 [ 313.471391][ T1573] ? hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 313.471391][ T1573] ? preempt_schedule_thunk+0x16/0x18 [ 313.471391][ T1573] ? trace_hardirqs_on+0x55/0x220 [ 313.471391][ T1573] ? hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 313.471391][ T1573] ? hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 313.471391][ T1573] end_report+0x4d/0x53 [ 313.471391][ T1573] kasan_report.cold+0xd/0x37 [ 313.471391][ T1573] ? hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 313.471391][ T1573] check_memory_region+0x13d/0x180 [ 313.471391][ T1573] memcpy+0x20/0x60 [ 313.471391][ T1573] hci_extended_inquiry_result_evt.isra.0+0x1be/0x5e0 [ 313.541392][ T1573] ? clear_pending_adv_report+0xf0/0xf0 [ 313.541392][ T1573] hci_event_packet+0x2828/0x86f5 [ 313.541392][ T1573] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 313.541392][ T1573] ? hci_cmd_complete_evt+0xc6e0/0xc6e0 [ 313.541392][ T1573] ? lock_acquire+0x1f1/0xad0 [ 313.541392][ T1573] ? skb_dequeue+0x1c/0x180 [ 313.541392][ T1573] ? find_held_lock+0x2d/0x110 [ 313.541392][ T1573] ? mark_lock+0xbc/0x1710 [ 313.541392][ T1573] ? mark_held_locks+0x9f/0xe0 [ 313.541392][ T1573] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 313.541392][ T1573] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 313.541392][ T1573] ? trace_hardirqs_on+0x5f/0x220 [ 313.541392][ T1573] ? lockdep_hardirqs_on+0x6a/0xe0 [ 313.611747][ T1573] hci_rx_work+0x22e/0xb10 [ 313.611747][ T1573] process_one_work+0x94c/0x1670 [ 313.611747][ T1573] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 313.611747][ T1573] ? rwlock_bug.part.0+0x90/0x90 [ 313.611747][ T1573] worker_thread+0x64c/0x1120 [ 313.611747][ T1573] ? process_one_work+0x1670/0x1670 [ 313.611747][ T1573] kthread+0x3b5/0x4a0 [ 313.611747][ T1573] ? __kthread_bind_mask+0xc0/0xc0 [ 313.611747][ T1573] ? __kthread_bind_mask+0xc0/0xc0 [ 313.611747][ T1573] ret_from_fork+0x1f/0x30 [ 313.611747][ T1573] Kernel Offset: disabled [ 313.611747][ T1573] Rebooting in 86400 seconds..