Warning: Permanently added '[localhost]:50159' (ECDSA) to the list of known hosts. [ 156.672717][ T39] audit: type=1400 audit(1595267328.070:42): avc: denied { map } for pid=9233 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/07/20 17:48:48 fuzzer started 2020/07/20 17:48:48 dialing manager at 10.0.2.10:36075 2020/07/20 17:48:48 syscalls: 3205 2020/07/20 17:48:48 code coverage: enabled 2020/07/20 17:48:48 comparison tracing: enabled 2020/07/20 17:48:48 extra coverage: enabled 2020/07/20 17:48:48 setuid sandbox: enabled 2020/07/20 17:48:48 namespace sandbox: enabled 2020/07/20 17:48:48 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/20 17:48:48 fault injection: enabled 2020/07/20 17:48:48 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/20 17:48:48 net packet injection: enabled 2020/07/20 17:48:48 net device setup: enabled 2020/07/20 17:48:48 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/20 17:48:48 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/20 17:48:48 USB emulation: enabled [ 157.129241][ T39] audit: type=1400 audit(1595267328.530:43): avc: denied { integrity } for pid=9250 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 17:49:33 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad6142134b62f11e931e7d62ead037cd215", 0x88}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) [ 202.910359][ T39] audit: type=1400 audit(1595267374.300:44): avc: denied { map } for pid=9255 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=25682 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 17:49:34 executing program 1: clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0x40046103, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) [ 203.629482][ T9256] IPVS: ftp: loaded support on port[0] = 21 17:49:35 executing program 2: r0 = syz_open_dev$vbi(&(0x7f0000000280)='/dev/vbi#\x00', 0x1, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0x541b, 0x0) [ 203.725398][ T9258] IPVS: ftp: loaded support on port[0] = 21 17:49:35 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}}) write$tun(r1, &(0x7f00000001c0)={@val, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '>{o', 0x9c, 0x11, 0x0, @rand_addr=' \x01\x00', @remote, {[], {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "b7bddabed298e74ca0b8df294ca3c5150f6129419d274149c55091a9d7106e87", "7187aa698fba8b79fa5f091819a2a5557afa665533451bfae338b454bd66c3e31bb9175bd55abb8cb2328fbae039078c", "7bdca16d36e5c701d74e85d83e2f183bf5bbaee24bd0b50febad877e", {"2c97f74e13d9a17ead31b21f5ca9819d", "7a734e418870b5c2b699a923d57a5d98"}}}}}}}}}, 0xd6) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) [ 204.093548][ T9258] chnl_net:caif_netlink_parms(): no params data found [ 204.135251][ T9260] IPVS: ftp: loaded support on port[0] = 21 [ 204.198455][ T9256] chnl_net:caif_netlink_parms(): no params data found [ 204.416541][ T9258] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.432828][ T9258] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.456090][ T9258] device bridge_slave_0 entered promiscuous mode [ 204.484756][ T9258] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.498607][ T9264] IPVS: ftp: loaded support on port[0] = 21 [ 204.505846][ T9258] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.535112][ T9258] device bridge_slave_1 entered promiscuous mode [ 204.550081][ T9256] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.568588][ T9256] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.585064][ T9256] device bridge_slave_0 entered promiscuous mode [ 204.637663][ T9258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 204.658906][ T9256] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.677371][ T9256] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.702814][ T9256] device bridge_slave_1 entered promiscuous mode [ 204.737527][ T9258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 204.783372][ T9256] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 204.833238][ T9258] team0: Port device team_slave_0 added [ 204.852475][ T9256] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 204.897056][ T9258] team0: Port device team_slave_1 added [ 204.969564][ T9258] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 204.986186][ T9258] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.041402][ T9258] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 205.085087][ T9260] chnl_net:caif_netlink_parms(): no params data found [ 205.108004][ T9256] team0: Port device team_slave_0 added [ 205.127159][ T9258] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 205.147969][ T9258] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.210897][ T9258] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 205.255510][ T9256] team0: Port device team_slave_1 added [ 205.289430][ T9256] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 205.307247][ T9256] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.360700][ T9256] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 205.401962][ T9256] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 205.417910][ T9256] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.490732][ T9256] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 205.590440][ T9258] device hsr_slave_0 entered promiscuous mode [ 205.666855][ T9258] device hsr_slave_1 entered promiscuous mode [ 205.849553][ T9256] device hsr_slave_0 entered promiscuous mode [ 205.934631][ T9256] device hsr_slave_1 entered promiscuous mode [ 205.984404][ T9256] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 206.004633][ T9256] Cannot create hsr debugfs directory [ 206.178229][ T9264] chnl_net:caif_netlink_parms(): no params data found [ 206.217068][ T9260] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.237836][ T9260] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.256323][ T9260] device bridge_slave_0 entered promiscuous mode [ 206.276738][ T9260] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.305881][ T9260] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.329413][ T9260] device bridge_slave_1 entered promiscuous mode [ 206.455430][ T9260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.577217][ T9260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.634517][ T9264] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.657816][ T9264] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.682563][ T9264] device bridge_slave_0 entered promiscuous mode [ 206.711900][ T9264] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.731187][ T9264] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.754738][ T9264] device bridge_slave_1 entered promiscuous mode [ 206.789331][ T9260] team0: Port device team_slave_0 added [ 206.835319][ T9260] team0: Port device team_slave_1 added [ 206.884227][ T39] audit: type=1400 audit(1595267378.280:45): avc: denied { create } for pid=9258 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 206.890337][ T9258] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 206.976997][ T39] audit: type=1400 audit(1595267378.280:46): avc: denied { write } for pid=9258 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 207.037076][ T39] audit: type=1400 audit(1595267378.280:47): avc: denied { read } for pid=9258 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 207.108744][ T9264] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.149341][ T9258] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 207.229424][ T9264] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.266673][ T9260] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 207.285837][ T9260] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.351420][ T9260] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 207.390385][ T9258] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 207.495163][ T9258] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 207.591699][ T9260] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 207.626272][ T9260] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.724588][ T9260] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 207.805224][ T9264] team0: Port device team_slave_0 added [ 207.845154][ T9264] team0: Port device team_slave_1 added [ 207.899203][ T9264] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 207.932634][ T9264] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.027026][ T9264] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.062171][ T9264] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.078147][ T9264] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.134295][ T9264] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.157759][ T9256] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 208.240850][ T9256] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 208.347024][ T9256] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 208.447907][ T9256] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 208.617287][ T9260] device hsr_slave_0 entered promiscuous mode [ 208.714588][ T9260] device hsr_slave_1 entered promiscuous mode [ 208.764331][ T9260] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 208.777791][ T9260] Cannot create hsr debugfs directory [ 208.876124][ T9264] device hsr_slave_0 entered promiscuous mode [ 208.924229][ T9264] device hsr_slave_1 entered promiscuous mode [ 209.003906][ T9264] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 209.021545][ T9264] Cannot create hsr debugfs directory [ 209.229477][ T9260] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 209.326921][ T9260] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 209.408740][ T9260] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 209.527742][ T9260] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 209.626534][ T9264] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 209.720506][ T9264] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 209.818667][ T9264] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 209.924411][ T9264] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 210.001953][ T9258] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.040542][ T9282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.069632][ T9282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.101514][ T9256] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.126613][ T9258] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.163604][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.185779][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.213054][ T2853] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.234342][ T2853] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.307947][ T9282] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.347741][ T9282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.370757][ T9282] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.389777][ T9282] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.408564][ T9282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.455844][ T3179] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.473063][ T3179] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.497551][ T9256] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.529449][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.550506][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.575784][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.598995][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.619460][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.647062][ T9284] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.667476][ T9284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.706276][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.725301][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.745384][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.761590][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.783510][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.809080][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.828954][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.855515][ T9260] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.887759][ T3179] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.912615][ T3179] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.943396][ T3179] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.965607][ T3179] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.995616][ T3179] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 211.017252][ T3179] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 211.036103][ T3179] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 211.064221][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.085539][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.113085][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.139019][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 211.158843][ T9260] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.178914][ T9271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 211.197692][ T9271] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 211.225224][ T9271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.250775][ T9271] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.279465][ T9271] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.306813][ T9271] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.347078][ T9271] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.372866][ T9271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.390592][ T9271] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.414518][ T9271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 211.434370][ T9271] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 211.458826][ T9271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 211.482616][ T9271] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 211.509734][ T9258] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 211.531919][ T9256] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 211.562864][ T9282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.578632][ T9282] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.596612][ T9282] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.609540][ T9282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.624720][ T9282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.652113][ T9264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.685419][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 211.706342][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 211.723328][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.746157][ T9264] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.769606][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 211.791742][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 211.811013][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.834369][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.854719][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 211.877714][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.891847][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.907408][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.919253][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.932623][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.952062][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.970665][ T9286] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.992372][ T9256] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.017895][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 212.034514][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 212.052873][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.071467][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.091354][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.107340][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.124501][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 212.139961][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 212.162079][ T9260] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 212.205134][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 212.221733][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 212.238329][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.254555][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.270893][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.290831][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.308587][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 212.322979][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 212.338795][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 212.364890][ T9258] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.385707][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.402027][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.424293][ T9260] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.443477][ T9282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 212.460516][ T9282] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 212.484522][ T9264] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 212.506440][ T9264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 212.523364][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 212.540368][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 212.556102][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 212.572016][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 212.608608][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 212.629673][ T68] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 212.666410][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 212.684061][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 212.699925][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 212.715551][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 212.739728][ T9256] device veth0_vlan entered promiscuous mode [ 212.759638][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 212.777588][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 212.793469][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 212.814913][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 212.841462][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 212.862734][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 212.892962][ T9260] device veth0_vlan entered promiscuous mode [ 212.921592][ T9260] device veth1_vlan entered promiscuous mode [ 212.943359][ T9256] device veth1_vlan entered promiscuous mode [ 212.972817][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 212.991398][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 213.011900][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 213.030624][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 213.059261][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 213.074737][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 213.093512][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 213.115667][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 213.134837][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 213.155180][ T9258] device veth0_vlan entered promiscuous mode [ 213.172705][ T9264] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.198075][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 213.226943][ T9258] device veth1_vlan entered promiscuous mode [ 213.256569][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 213.269933][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 213.287948][ T9256] device veth0_macvtap entered promiscuous mode [ 213.310148][ T9256] device veth1_macvtap entered promiscuous mode [ 213.323215][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 213.336177][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 213.352144][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 213.372139][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 213.386000][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 213.399872][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 213.417452][ T9260] device veth0_macvtap entered promiscuous mode [ 213.437980][ T9260] device veth1_macvtap entered promiscuous mode [ 213.469117][ T9256] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 213.489826][ T9286] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 213.507117][ T9286] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 213.521727][ T9286] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 213.548881][ T9286] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 213.568649][ T9286] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 213.587687][ T9286] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 213.614684][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 213.629055][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 213.645405][ T9264] device veth0_vlan entered promiscuous mode [ 213.657788][ T9258] device veth0_macvtap entered promiscuous mode [ 213.673304][ T9256] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 213.688084][ T9260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 213.707650][ T9260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.726759][ T9260] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 213.742110][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 213.760012][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 213.780698][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 213.802179][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 213.823301][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 213.840697][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 213.859166][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 213.885856][ T9258] device veth1_macvtap entered promiscuous mode [ 213.913245][ T9260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 213.950193][ T9260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.986635][ T9260] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 214.021168][ T3179] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 214.039101][ T3179] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 214.059361][ T3179] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 214.077180][ T9258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 214.098700][ T9258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.120915][ T9258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 214.150501][ T9258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.173594][ T9258] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 214.197453][ T9264] device veth1_vlan entered promiscuous mode [ 214.309464][ T9282] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 214.330527][ T9282] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 214.351265][ T9282] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 214.370683][ T9282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 214.501306][ T9258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 214.534697][ T9258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.558039][ T9258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 214.580574][ T9258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.611236][ T9258] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 214.637359][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 214.655108][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 214.925348][ T39] audit: type=1400 audit(1595267386.320:48): avc: denied { associate } for pid=9256 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 215.150128][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 215.172325][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 215.200122][ T9256] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 215.201306][ T9264] device veth0_macvtap entered promiscuous mode [ 215.315022][ T9264] device veth1_macvtap entered promiscuous mode [ 215.425440][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 215.487025][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 215.565835][ T9264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 215.613458][ T9264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.657691][ T9299] QAT: failed to copy from user. [ 215.664335][ T9264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 215.730042][ T9264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.774951][ T9264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 17:49:47 executing program 2: r0 = syz_open_dev$vbi(&(0x7f0000000280)='/dev/vbi#\x00', 0x1, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0x541b, 0x0) [ 215.824922][ T9264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 17:49:47 executing program 1: clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0x40046103, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) [ 215.879463][ T9264] batman_adv: batadv0: Interface activated: batadv_slave_0 17:49:47 executing program 2: r0 = syz_open_dev$vbi(&(0x7f0000000280)='/dev/vbi#\x00', 0x1, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0x541b, 0x0) 17:49:47 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) umount2(0x0, 0x27) [ 215.919135][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 215.952336][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 216.011391][ T9264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 216.056028][ T9264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.089356][ T9264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 216.115217][ T9264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.139071][ T9264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 216.162989][ T9264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.191771][ T9264] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 216.220626][ T9287] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 216.259264][ T9287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 17:49:49 executing program 2: r0 = syz_open_dev$vbi(&(0x7f0000000280)='/dev/vbi#\x00', 0x1, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0x541b, 0x0) 17:49:49 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='cpuset\x00', 0x0, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000180)='cpuset.memory_spread_slab\x00', 0x2, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f00000003c0)='7', 0x1}], 0x1) 17:49:49 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}}) write$tun(r1, &(0x7f00000001c0)={@val, @void, @eth={@broadcast, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '>{o', 0x9c, 0x11, 0x0, @rand_addr=' \x01\x00', @remote, {[], {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "b7bddabed298e74ca0b8df294ca3c5150f6129419d274149c55091a9d7106e87", "7187aa698fba8b79fa5f091819a2a5557afa665533451bfae338b454bd66c3e31bb9175bd55abb8cb2328fbae039078c", "7bdca16d36e5c701d74e85d83e2f183bf5bbaee24bd0b50febad877e", {"2c97f74e13d9a17ead31b21f5ca9819d", "7a734e418870b5c2b699a923d57a5d98"}}}}}}}}}, 0xd6) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) 17:49:49 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$dlm_monitor(0xffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) open(0x0, 0x0, 0x0) write$P9_RATTACH(0xffffffffffffffff, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x5}) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) 17:49:49 executing program 2: ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0x541b, 0x0) [ 218.390263][ T39] audit: type=1400 audit(1595267389.780:49): avc: denied { open } for pid=9328 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 17:49:49 executing program 2: ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0x541b, 0x0) 17:49:49 executing program 2: ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0x541b, 0x0) 17:49:50 executing program 2: r0 = syz_open_dev$vbi(0x0, 0x1, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0x541b, 0x0) [ 218.511721][ T39] audit: type=1400 audit(1595267389.790:50): avc: denied { confidentiality } for pid=9328 comm="syz-executor.1" lockdown_reason="unsafe use of perf" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 17:49:50 executing program 2: r0 = syz_open_dev$vbi(0x0, 0x1, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0x541b, 0x0) [ 218.684988][ T39] audit: type=1400 audit(1595267390.070:51): avc: denied { perfmon } for pid=9333 comm="syz-executor.0" capability=38 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 218.781661][ T39] audit: type=1400 audit(1595267390.080:52): avc: denied { kernel } for pid=9333 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 218.829645][ T9347] ================================================================== [ 218.831416][ T9347] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400 [ 218.831651][ T9347] Write of size 8 at addr ffffc900099a1000 by task syz-executor.0/9347 [ 218.831654][ T9347] [ 218.831902][ T9347] CPU: 2 PID: 9347 Comm: syz-executor.0 Not tainted 5.8.0-rc6-syzkaller #0 [ 218.831908][ T9347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 218.832019][ T9347] Call Trace: [ 218.832414][ T9347] dump_stack+0x18f/0x20d [ 218.832477][ T9347] ? bitfill_aligned+0x34a/0x400 [ 218.832486][ T9347] ? bitfill_aligned+0x34a/0x400 [ 218.832672][ T9347] print_address_description.constprop.0.cold+0x5/0x436 [ 218.833920][ T9347] ? lockdep_hardirqs_off+0x66/0xa0 [ 218.833920][ T9347] ? vprintk_func+0x97/0x1a6 [ 218.833920][ T9347] ? bitfill_aligned+0x34a/0x400 [ 218.833920][ T9347] kasan_report.cold+0x1f/0x37 [ 218.833920][ T9347] ? bitfill_aligned+0x111/0x400 [ 218.833920][ T9347] ? bitfill_aligned+0x34a/0x400 [ 218.833920][ T9347] bitfill_aligned+0x34a/0x400 [ 218.833920][ T9347] sys_fillrect+0x408/0x7a0 [ 218.833920][ T9347] ? sys_fillrect+0x7a0/0x7a0 [ 218.833920][ T9347] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 218.833920][ T9347] bit_clear_margins+0x2d5/0x4a0 [ 218.833920][ T9347] ? bit_bmove+0x210/0x210 [ 218.833920][ T9347] ? fb_get_color_depth+0x11a/0x240 [ 218.833920][ T9347] fbcon_clear_margins+0x1d5/0x230 [ 218.833920][ T9347] fbcon_switch+0xb6e/0x16c0 [ 218.833920][ T9347] ? fbcon_scroll+0x3600/0x3600 [ 218.833920][ T9347] ? fbcon_cursor+0x52b/0x650 [ 218.833920][ T9347] ? kmalloc_array.constprop.0+0x20/0x20 [ 218.833920][ T9347] ? is_console_locked+0x5/0x10 [ 218.833920][ T9347] ? fbcon_set_origin+0x26/0x50 [ 218.833920][ T9347] redraw_screen+0x2ae/0x770 [ 218.833920][ T9347] ? vc_init+0x440/0x440 [ 218.833920][ T9347] ? fb_get_color_depth+0x11a/0x240 [ 218.833920][ T9347] ? fbcon_set_palette+0x3a8/0x490 [ 218.833920][ T9347] fbcon_modechanged+0x575/0x710 [ 218.833920][ T9347] fbcon_update_vcs+0x3a/0x50 [ 218.833920][ T9347] fb_set_var+0xae8/0xd60 [ 218.833920][ T9347] ? fb_blank+0x190/0x190 [ 218.833920][ T9347] ? lock_release+0x8d0/0x8d0 [ 218.833920][ T9347] ? lock_is_held_type+0xb0/0xe0 [ 218.833920][ T9347] ? lock_release+0x8d0/0x8d0 [ 218.833920][ T9347] ? do_fb_ioctl+0x2f2/0x6c0 [ 218.833920][ T9347] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 218.833920][ T9347] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 218.833920][ T9347] ? trace_hardirqs_on+0x5f/0x220 [ 218.833920][ T9347] do_fb_ioctl+0x33f/0x6c0 [ 218.833920][ T9347] ? fb_set_suspend+0x1a0/0x1a0 [ 218.833920][ T9347] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 218.833920][ T9347] ? trace_hardirqs_on+0x5f/0x220 [ 218.833920][ T9347] ? lockdep_hardirqs_on+0x6a/0xe0 [ 218.833920][ T9347] ? _raw_spin_unlock_irq+0x55/0x80 [ 218.833920][ T9347] ? finish_task_switch+0x147/0x750 [ 218.833920][ T9347] ? finish_task_switch+0x119/0x750 [ 218.833920][ T9347] ? __switch_to+0x4fb/0xe80 [ 218.833920][ T9347] ? __schedule+0x927/0x2250 [ 218.833920][ T9347] ? io_schedule_timeout+0x140/0x140 [ 218.833920][ T9347] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 218.833920][ T9347] ? do_fb_ioctl+0x6c0/0x6c0 [ 218.833920][ T9347] fb_ioctl+0xdd/0x130 [ 218.833920][ T9347] ? do_fb_ioctl+0x6c0/0x6c0 [ 218.833920][ T9347] ksys_ioctl+0x11a/0x180 [ 218.833920][ T9347] __x64_sys_ioctl+0x6f/0xb0 [ 218.833920][ T9347] ? lockdep_hardirqs_on+0x6a/0xe0 [ 218.833920][ T9347] do_syscall_64+0x60/0xe0 [ 218.833920][ T9347] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 218.833920][ T9347] RIP: 0033:0x45c049 [ 218.833920][ T9347] Code: Bad RIP value. [ 218.833920][ T9347] RSP: 002b:00007f1736adec88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 218.833920][ T9347] RAX: ffffffffffffffda RBX: 00000000006fb3c0 RCX: 000000000045c049 [ 218.833920][ T9347] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000004 [ 218.833920][ T9347] RBP: 00000000004a906e R08: 0000000000000000 R09: 0000000000000000 [ 218.833920][ T9347] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074bfa0 [ 218.833920][ T9347] R13: 00007fffca6d020f R14: 00007f1736abf000 R15: 0000000000000003 [ 218.833920][ T9347] [ 218.833920][ T9347] [ 218.833920][ T9347] Memory state around the buggy address: [ 218.833920][ T9347] ffffc900099a0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 218.833920][ T9347] ffffc900099a0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 218.833920][ T9347] >ffffc900099a1000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 218.833920][ T9347] ^ [ 218.833920][ T9347] ffffc900099a1080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 218.833920][ T9347] ffffc900099a1100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 218.833920][ T9347] ================================================================== [ 218.833920][ T9347] Disabling lock debugging due to kernel taint [ 218.843526][ T9347] Kernel panic - not syncing: panic_on_warn set ... [ 218.843816][ T9347] CPU: 2 PID: 9347 Comm: syz-executor.0 Tainted: G B 5.8.0-rc6-syzkaller #0 [ 218.843951][ T9347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 218.843964][ T9347] Call Trace: [ 218.844092][ T9347] dump_stack+0x18f/0x20d [ 218.844102][ T9347] ? bitfill_aligned+0x310/0x400 [ 218.844217][ T9347] panic+0x2e3/0x75c [ 218.844226][ T9347] ? __warn_printk+0xf3/0xf3 [ 218.844238][ T9347] ? preempt_schedule_common+0x59/0xc0 [ 218.844247][ T9347] ? bitfill_aligned+0x34a/0x400 [ 218.844380][ T9347] ? preempt_schedule_thunk+0x16/0x18 [ 218.844388][ T9347] ? trace_hardirqs_on+0x55/0x220 [ 218.844397][ T9347] ? bitfill_aligned+0x34a/0x400 [ 218.844406][ T9347] ? bitfill_aligned+0x34a/0x400 [ 218.844414][ T9347] end_report+0x4d/0x53 [ 218.844421][ T9347] kasan_report.cold+0xd/0x37 [ 218.844430][ T9347] ? bitfill_aligned+0x111/0x400 [ 218.844439][ T9347] ? bitfill_aligned+0x34a/0x400 [ 218.844448][ T9347] bitfill_aligned+0x34a/0x400 [ 218.844457][ T9347] sys_fillrect+0x408/0x7a0 [ 218.844465][ T9347] ? sys_fillrect+0x7a0/0x7a0 [ 218.844481][ T9347] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 218.844493][ T9347] bit_clear_margins+0x2d5/0x4a0 [ 218.844505][ T9347] ? bit_bmove+0x210/0x210 [ 218.844518][ T9347] ? fb_get_color_depth+0x11a/0x240 [ 218.844530][ T9347] fbcon_clear_margins+0x1d5/0x230 [ 218.844541][ T9347] fbcon_switch+0xb6e/0x16c0 [ 218.844553][ T9347] ? fbcon_scroll+0x3600/0x3600 [ 218.844564][ T9347] ? fbcon_cursor+0x52b/0x650 [ 218.844577][ T9347] ? kmalloc_array.constprop.0+0x20/0x20 [ 218.844591][ T9347] ? is_console_locked+0x5/0x10 [ 218.844603][ T9347] ? fbcon_set_origin+0x26/0x50 [ 218.844616][ T9347] redraw_screen+0x2ae/0x770 [ 218.844628][ T9347] ? vc_init+0x440/0x440 [ 218.844641][ T9347] ? fb_get_color_depth+0x11a/0x240 [ 218.844652][ T9347] ? fbcon_set_palette+0x3a8/0x490 [ 218.844664][ T9347] fbcon_modechanged+0x575/0x710 [ 218.844676][ T9347] fbcon_update_vcs+0x3a/0x50 [ 218.844688][ T9347] fb_set_var+0xae8/0xd60 [ 218.844700][ T9347] ? fb_blank+0x190/0x190 [ 218.844712][ T9347] ? lock_release+0x8d0/0x8d0 [ 218.844724][ T9347] ? lock_is_held_type+0xb0/0xe0 [ 218.844735][ T9347] ? lock_release+0x8d0/0x8d0 [ 218.844747][ T9347] ? do_fb_ioctl+0x2f2/0x6c0 [ 218.844760][ T9347] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 218.844773][ T9347] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 218.844784][ T9347] ? trace_hardirqs_on+0x5f/0x220 [ 218.844796][ T9347] do_fb_ioctl+0x33f/0x6c0 [ 218.844809][ T9347] ? fb_set_suspend+0x1a0/0x1a0 [ 218.844821][ T9347] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 218.844832][ T9347] ? trace_hardirqs_on+0x5f/0x220 [ 218.844843][ T9347] ? lockdep_hardirqs_on+0x6a/0xe0 [ 218.844855][ T9347] ? _raw_spin_unlock_irq+0x55/0x80 [ 218.844868][ T9347] ? finish_task_switch+0x147/0x750 [ 218.844880][ T9347] ? finish_task_switch+0x119/0x750 [ 218.844892][ T9347] ? __switch_to+0x4fb/0xe80 [ 218.844904][ T9347] ? __schedule+0x927/0x2250 [ 218.844916][ T9347] ? io_schedule_timeout+0x140/0x140 [ 218.844929][ T9347] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 218.844941][ T9347] ? do_fb_ioctl+0x6c0/0x6c0 [ 218.844953][ T9347] fb_ioctl+0xdd/0x130 [ 218.844965][ T9347] ? do_fb_ioctl+0x6c0/0x6c0 [ 218.844976][ T9347] ksys_ioctl+0x11a/0x180 [ 218.844988][ T9347] __x64_sys_ioctl+0x6f/0xb0 [ 218.844995][ T9347] ? lockdep_hardirqs_on+0x6a/0xe0 [ 218.845003][ T9347] do_syscall_64+0x60/0xe0 [ 218.845011][ T9347] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 218.845018][ T9347] RIP: 0033:0x45c049 [ 218.845020][ T9347] Code: Bad RIP value. [ 218.845024][ T9347] RSP: 002b:00007f1736adec88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 218.845032][ T9347] RAX: ffffffffffffffda RBX: 00000000006fb3c0 RCX: 000000000045c049 [ 218.845037][ T9347] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000004 [ 218.845041][ T9347] RBP: 00000000004a906e R08: 0000000000000000 R09: 0000000000000000 [ 218.845046][ T9347] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074bfa0 [ 218.845050][ T9347] R13: 00007fffca6d020f R14: 00007f1736abf000 R15: 0000000000000003 [ 218.852993][ T9347] Kernel Offset: disabled [ 218.852993][ T9347] Rebooting in 86400 seconds..