syzkaller login: [ 149.597939][ T40] audit: type=1400 audit(1594550309.749:41): avc: denied { map } for pid=9793 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:52932' (ECDSA) to the list of known hosts. [ 152.444717][ T40] audit: type=1400 audit(1594550312.589:42): avc: denied { map } for pid=9805 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16525 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/07/12 10:38:32 fuzzer started 2020/07/12 10:38:33 dialing manager at 10.0.2.10:35659 2020/07/12 10:38:33 syscalls: 3166 2020/07/12 10:38:33 code coverage: enabled 2020/07/12 10:38:33 comparison tracing: enabled 2020/07/12 10:38:33 extra coverage: enabled 2020/07/12 10:38:33 setuid sandbox: enabled 2020/07/12 10:38:33 namespace sandbox: enabled 2020/07/12 10:38:33 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/12 10:38:33 fault injection: enabled 2020/07/12 10:38:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/12 10:38:33 net packet injection: enabled 2020/07/12 10:38:33 net device setup: enabled 2020/07/12 10:38:33 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/12 10:38:33 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/12 10:38:33 USB emulation: enabled [ 153.629320][ T40] audit: type=1400 audit(1594550313.779:43): avc: denied { integrity } for pid=9823 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 10:39:11 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000002b8, 0x0) 10:39:12 executing program 1: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(r0, 0x11, 0x8, 0x10002) [ 192.021778][ T40] audit: type=1400 audit(1594550352.159:44): avc: denied { map } for pid=9825 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=25645 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 10:39:12 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x86a01780, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x122, 0x122, 0x4, [@datasec={0x0, 0x8, 0x0, 0xf, 0x1, [{}, {}, {}, {}, {}, {}, {}, {}], "da"}, @struct={0x0, 0x3, 0x0, 0x4, 0x0, 0x0, [{}, {}, {}]}, @datasec={0x0, 0x8, 0x0, 0xf, 0x1, [{}, {}, {}, {}, {}, {}, {}, {}], '^'}, @struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x0, [{}]}]}, {0x0, [0x0, 0x0]}}, 0x0, 0x140}, 0x20) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x33) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 10:39:13 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7c}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005961e62273faa6884c44827ffe33732b0d27517495db22c369fc01b191533df23e4a10cbd4dfb403d80912aa8ef860dd81e221f886dc0154419e857178e246297048629c6326bfe8f81c360dd7c9efafb9ff34fedbb2ca4d35f6b5f65e8894425d22dce799b0a5d65dee16bffed85ac530e49bbe2cc6e0745578e3d530d91e8213cc3f3aa07295e86df0557be41f4f982eb553b1b9e36d77134f29c57c0db60076f5ab193325dbfa90e0edab3ddb5ed8fa984bb0fcb52ad14988f58de2ecb46c965aee276e5d9d9464ede6deb474604da29f1b7d924c96d8c04e5ff44ca849a436284bc99d4b03487b4c221a26c27228aea193cb831124187765d3c1b162bd4e64b2ca92c22afa1ecff1edecd4de1e8d2c88b2b03ad75e3774a70363ad121331b0988b9fa3fd3bdd1f48369863e3c2bc37067a1fe90d7cc733eb753fc3fbe8fa03ed9c061732486e68b39e02a63cbff4af35dd8a17dd33dfa196911b654e60fa881a77b295a8ed9374cb784e9afcfd308b51b6f00b359d41bfe0240f5aaa9e037891216b4c02291f122c51c1e3291195615f13acdbe142541ba3ba10abca64f1cb9d9c819422bf2cf04699902d8e19a92ec0f2ddae5e7bba1afc6edc2e615a527698f2f84fec0380be7c3eb1ae1576f0e7e88e57dc1c3ff3fa768e84dda015f8fa0ecfba22ade43e667d8cc897bec4921aa03227085a7b6ccf4b17ce6e26b345f1cbc0b16312ec7fc71724fcde39982c720fbad55be728acdc4acb8ce24c6fc3bf21e7f2f9c1916f77d6db064ab7ba34debf9fd2d0dd40b341afc6a1be00d1910c024351e926f30153cadfbeb9110ff0696fde63973c0a1d85e37c34d1842d50af6e53ec269554a7654142"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x18000000000002e0, 0x69, 0x4300, &(0x7f0000000280)="b95b03b700030700009e40f088471fffffe100004000638477fbac14143fe0004301c699da153f02a0e6e380f60104f683317585d7473f1cab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b33", 0x0, 0xfd, 0x6000000000000000}, 0x28) [ 193.471576][ T9827] IPVS: ftp: loaded support on port[0] = 21 [ 193.471638][ T9828] IPVS: ftp: loaded support on port[0] = 21 [ 193.866012][ T9830] IPVS: ftp: loaded support on port[0] = 21 [ 194.089645][ T9832] IPVS: ftp: loaded support on port[0] = 21 [ 194.216160][ T9828] chnl_net:caif_netlink_parms(): no params data found [ 194.294678][ T9827] chnl_net:caif_netlink_parms(): no params data found [ 194.531133][ T9827] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.572367][ T9827] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.607675][ T9827] device bridge_slave_0 entered promiscuous mode [ 194.646583][ T9827] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.672297][ T9827] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.700278][ T9827] device bridge_slave_1 entered promiscuous mode [ 194.765984][ T9830] chnl_net:caif_netlink_parms(): no params data found [ 194.813986][ T9827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 194.858152][ T9827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 194.905674][ T9828] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.927342][ T9828] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.954434][ T9828] device bridge_slave_0 entered promiscuous mode [ 194.985115][ T9828] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.006059][ T9828] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.028272][ T9828] device bridge_slave_1 entered promiscuous mode [ 195.074814][ T9827] team0: Port device team_slave_0 added [ 195.096480][ T9827] team0: Port device team_slave_1 added [ 195.129898][ T9828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 195.159057][ T9828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 195.241672][ T9827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 195.263082][ T9827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 195.418065][ T9827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 195.617415][ T9827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 195.638085][ T9827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 195.713465][ T9827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 195.749866][ T9828] team0: Port device team_slave_0 added [ 195.767336][ T9832] chnl_net:caif_netlink_parms(): no params data found [ 195.786886][ T9830] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.802437][ T9830] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.819929][ T9830] device bridge_slave_0 entered promiscuous mode [ 195.839771][ T9828] team0: Port device team_slave_1 added [ 195.869972][ T9830] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.887825][ T9830] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.918005][ T9830] device bridge_slave_1 entered promiscuous mode [ 196.071292][ T9827] device hsr_slave_0 entered promiscuous mode [ 196.138780][ T9827] device hsr_slave_1 entered promiscuous mode [ 196.225837][ T9828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 196.239893][ T9828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.293876][ T9828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 196.326329][ T9830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 196.360310][ T9830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 196.383315][ T9828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 196.397463][ T9828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.451761][ T9828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 196.515182][ T9832] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.537985][ T9832] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.557979][ T9832] device bridge_slave_0 entered promiscuous mode [ 196.589019][ T9830] team0: Port device team_slave_0 added [ 196.600656][ T9832] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.614633][ T9832] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.634169][ T9832] device bridge_slave_1 entered promiscuous mode [ 196.739416][ T9828] device hsr_slave_0 entered promiscuous mode [ 196.807278][ T9828] device hsr_slave_1 entered promiscuous mode [ 196.877198][ T9828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 196.898583][ T9828] Cannot create hsr debugfs directory [ 196.920593][ T9830] team0: Port device team_slave_1 added [ 196.976575][ T9830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 196.991392][ T9830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.050660][ T9830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 197.080373][ T9830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 197.097691][ T9830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.148915][ T9830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 197.171656][ T9832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.199778][ T9832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.258318][ T9832] team0: Port device team_slave_0 added [ 197.275620][ T9832] team0: Port device team_slave_1 added [ 197.369160][ T9830] device hsr_slave_0 entered promiscuous mode [ 197.467263][ T9830] device hsr_slave_1 entered promiscuous mode [ 197.537244][ T9830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 197.561856][ T9830] Cannot create hsr debugfs directory [ 197.650160][ T9832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 197.669048][ T9832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.728719][ T9832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 197.769584][ T9832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 197.784479][ T9832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.838784][ T9832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 198.040411][ T9832] device hsr_slave_0 entered promiscuous mode [ 198.119617][ T9832] device hsr_slave_1 entered promiscuous mode [ 198.178934][ T9832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 198.195051][ T9832] Cannot create hsr debugfs directory [ 198.273566][ T40] audit: type=1400 audit(1594550358.419:45): avc: denied { create } for pid=9827 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 198.280406][ T9827] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 198.332257][ T40] audit: type=1400 audit(1594550358.419:46): avc: denied { write } for pid=9827 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 198.391474][ T40] audit: type=1400 audit(1594550358.429:47): avc: denied { read } for pid=9827 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 198.485488][ T9827] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 198.552598][ T9827] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 198.622317][ T9827] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 198.745160][ T9828] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 198.832062][ T9828] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 198.892549][ T9828] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 198.971005][ T9828] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 199.052849][ T9830] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 199.121720][ T9830] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 199.181440][ T9830] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 199.282647][ T9830] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 199.375042][ T9832] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 199.441050][ T9832] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 199.509404][ T9832] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 199.623647][ T9832] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 199.782231][ T9827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.834984][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.850015][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.883601][ T9827] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.005875][ T9828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.024133][ T9830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.036868][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.054034][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.075190][ T3144] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.089076][ T3144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.125132][ T9847] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 200.151198][ T9832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.166442][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.196639][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.233495][ T2852] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.255210][ T2852] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.290973][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.306770][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.321871][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.345383][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.363249][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.394369][ T9830] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.410640][ T9828] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.424063][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.441293][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.461861][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.483630][ T9832] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.517562][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.534993][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.553731][ T3193] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.583842][ T3193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.608360][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.628989][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.646151][ T3193] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.659858][ T3193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.673760][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.689659][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.706714][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.723623][ T3193] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.736264][ T3193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.751478][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.768742][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.787910][ T3193] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.803030][ T3193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.816703][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.832320][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.848996][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.864778][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.881321][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 200.896475][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 200.910325][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.924468][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.941834][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.957561][ T3193] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.970373][ T3193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.991517][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.007588][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.039683][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.056405][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.072957][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.089281][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.104046][ T3144] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.117073][ T3144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.131437][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.150816][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.166511][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.181508][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.214641][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.230984][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.247544][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.264637][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.281093][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.298295][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.316192][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.331944][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.347365][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.365580][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.381528][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.397529][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.413750][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.435144][ T9832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 201.468759][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.485929][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.503187][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.519430][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.536597][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.577387][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.602284][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.620452][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.638307][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.655853][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.676599][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.695513][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.712397][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 201.728322][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 201.755398][ T9830] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 201.772356][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.791721][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.812810][ T9828] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 201.835823][ T9828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 201.856832][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.878680][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.902192][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 201.926103][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 201.952102][ T9832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.999783][ T9827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.032064][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 202.054724][ T3193] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 202.092267][ T9828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.138647][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 202.178719][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 202.222671][ T9830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.271369][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 202.290709][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 202.309179][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 202.325310][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 202.342999][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 202.360532][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 202.417916][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 202.443711][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 202.465232][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 202.481202][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 202.510717][ T9832] device veth0_vlan entered promiscuous mode [ 202.536672][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 202.559880][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 202.585044][ T9828] device veth0_vlan entered promiscuous mode [ 202.602386][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 202.618535][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 202.635272][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 202.654219][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 202.671926][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 202.686607][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 202.702116][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 202.723381][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 202.744151][ T9827] device veth0_vlan entered promiscuous mode [ 202.777700][ T9828] device veth1_vlan entered promiscuous mode [ 202.794039][ T9832] device veth1_vlan entered promiscuous mode [ 202.816604][ T9830] device veth0_vlan entered promiscuous mode [ 202.832620][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 202.848952][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 202.868215][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 202.889689][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 202.907343][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 202.930064][ T9827] device veth1_vlan entered promiscuous mode [ 202.977360][ T9830] device veth1_vlan entered promiscuous mode [ 203.021352][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 203.037891][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 203.058950][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 203.076346][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 203.094035][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 203.111363][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 203.131543][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 203.159569][ T9828] device veth0_macvtap entered promiscuous mode [ 203.182349][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 203.200542][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 203.217187][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 203.236079][ T9828] device veth1_macvtap entered promiscuous mode [ 203.256131][ T9827] device veth0_macvtap entered promiscuous mode [ 203.280997][ T9830] device veth0_macvtap entered promiscuous mode [ 203.297995][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 203.323693][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 203.344411][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 203.367546][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 203.388004][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 203.406091][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 203.428395][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 203.455372][ T9827] device veth1_macvtap entered promiscuous mode [ 203.479849][ T9830] device veth1_macvtap entered promiscuous mode [ 203.518163][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 203.541738][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 203.568139][ T9832] device veth0_macvtap entered promiscuous mode [ 203.593308][ T9832] device veth1_macvtap entered promiscuous mode [ 203.640280][ T9827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 203.661523][ T9828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 203.691286][ T9828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.720816][ T9828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 203.743389][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 203.765914][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 203.785791][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 203.806336][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 203.831644][ T9830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 203.857282][ T9830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.885358][ T9830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 203.916055][ T9830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.945539][ T9830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 203.981339][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 204.006064][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 204.033772][ T9828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.054647][ T9827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 204.081821][ T9827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.108242][ T9827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.127794][ T9832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 204.154253][ T9832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.179536][ T9832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 204.203499][ T9832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.224523][ T9832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 204.247584][ T9832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.273976][ T9832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 204.295219][ T9830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 204.333567][ T9830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.372638][ T9830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 204.415640][ T9830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.443911][ T9830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.461678][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 204.482507][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 204.500225][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 204.520177][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 204.537973][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 204.559010][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 204.577493][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 204.602047][ T1212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 204.639770][ T9832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 204.662428][ T9832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.684507][ T9832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 204.706723][ T9832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.727915][ T9832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 204.752341][ T9832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.773437][ T9832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.801404][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 204.824162][ T3144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 205.340679][ T40] audit: type=1400 audit(1594550365.489:48): avc: denied { associate } for pid=9828 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 205.532195][ T9828] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 205.949891][ T40] audit: type=1400 audit(1594550366.089:49): avc: denied { open } for pid=9862 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 206.105541][ T40] audit: type=1400 audit(1594550366.099:50): avc: denied { perfmon } for pid=9862 comm="syz-executor.3" capability=38 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 10:39:26 executing program 1: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fallocate(r0, 0x11, 0x8, 0x10002) 10:39:26 executing program 2: sendmsg$FOU_CMD_GET(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000200)={0xa, 0x14e24}, 0x1c) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) [ 206.276522][ T40] audit: type=1400 audit(1594550366.099:51): avc: denied { kernel } for pid=9862 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 206.363770][ T40] audit: type=1400 audit(1594550366.099:52): avc: denied { confidentiality } for pid=9862 comm="syz-executor.3" lockdown_reason="unsafe use of perf" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 [ 206.423411][ T40] audit: type=1400 audit(1594550366.149:53): avc: denied { prog_load } for pid=9862 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 10:39:26 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000002c0)=""/5, 0x5}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0xfe, &(0x7f0000000300)="f7f249b9740c9e57f4f22a160500000032a5b60a00008024c30e478947d190ac00000000000000000000000000000000663697ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4b0d8b9aad9c9ba4c998db2f64eb12c07af20200169c864e1d5f8179cba2e431126de0592738cb993815a7d1b1ce34144ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f06be4b2e2b0cd0e93e41c330f70401e3d96f546e65fab4fae51bb32a6f3ca61632d15b0c3af16efd23907d097227db763548378b342df9dd9e6eafcdc1f5fad3342f713feaf3ba64aa39dd0f83426f2b332c9c77d1b6dc3f26ded1611f86"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 206.485251][ T40] audit: type=1400 audit(1594550366.149:54): avc: denied { bpf } for pid=9865 comm="syz-executor.2" capability=39 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 10:39:26 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xa1, &(0x7f0000000400)="c4fe910c6786cec96ddb5322addee07bee6333b5cacd891969b71832cb470c94d61fb500000000000000a4a455f4c9fd98a568097aa4acd6ecd74d473fdd43b9693122311ae02ee3d3f8fbe0a10fff4bbaef7cd058ec3a54a90a11c890a73cef2d28533220798a2b01800000000000007bd8d700000000000000ce072623193c8ff31a4502a85559ca5fbc21ae2b0927eced00b121edcfdeff5287fd5ac653e58e"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 206.753755][ T40] audit: type=1400 audit(1594550366.899:55): avc: denied { prog_run } for pid=9862 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 10:39:27 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000002b8, 0x0) 10:39:27 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x4e, &(0x7f0000000300)="c4fe910c6786cec96ddb5322addee07bee6333b5cacd891969b71832cb470c94d61f0014dca7712c225da4a455f4c9fd98a568097aa4acd6ecd74d473fdd43b9693122311ae02ee3d3f8fbe0a10f"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 10:39:27 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7c}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005961e62273faa6884c44827ffe33732b0d27517495db22c369fc01b191533df23e4a10cbd4dfb403d80912aa8ef860dd81e221f886dc0154419e857178e246297048629c6326bfe8f81c360dd7c9efafb9ff34fedbb2ca4d35f6b5f65e8894425d22dce799b0a5d65dee16bffed85ac530e49bbe2cc6e0745578e3d530d91e8213cc3f3aa07295e86df0557be41f4f982eb553b1b9e36d77134f29c57c0db60076f5ab193325dbfa90e0edab3ddb5ed8fa984bb0fcb52ad14988f58de2ecb46c965aee276e5d9d9464ede6deb474604da29f1b7d924c96d8c04e5ff44ca849a436284bc99d4b03487b4c221a26c27228aea193cb831124187765d3c1b162bd4e64b2ca92c22afa1ecff1edecd4de1e8d2c88b2b03ad75e3774a70363ad121331b0988b9fa3fd3bdd1f48369863e3c2bc37067a1fe90d7cc733eb753fc3fbe8fa03ed9c061732486e68b39e02a63cbff4af35dd8a17dd33dfa196911b654e60fa881a77b295a8ed9374cb784e9afcfd308b51b6f00b359d41bfe0240f5aaa9e037891216b4c02291f122c51c1e3291195615f13acdbe142541ba3ba10abca64f1cb9d9c819422bf2cf04699902d8e19a92ec0f2ddae5e7bba1afc6edc2e615a527698f2f84fec0380be7c3eb1ae1576f0e7e88e57dc1c3ff3fa768e84dda015f8fa0ecfba22ade43e667d8cc897bec4921aa03227085a7b6ccf4b17ce6e26b345f1cbc0b16312ec7fc71724fcde39982c720fbad55be728acdc4acb8ce24c6fc3bf21e7f2f9c1916f77d6db064ab7ba34debf9fd2d0dd40b341afc6a1be00d1910c024351e926f30153cadfbeb9110ff0696fde63973c0a1d85e37c34d1842d50af6e53ec269554a7654142"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x18000000000002e0, 0x69, 0x4300, &(0x7f0000000280)="b95b03b700030700009e40f088471fffffe100004000638477fbac14143fe0004301c699da153f02a0e6e380f60104f683317585d7473f1cab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b33", 0x0, 0xfd, 0x6000000000000000}, 0x28) 10:39:27 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}) [ 207.144935][ T9902] ================================================================== [ 207.146152][ T9902] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400 [ 207.146194][ T9902] Write of size 8 at addr ffffc90009c71000 by task syz-executor.2/9902 [ 207.146197][ T9902] [ 207.146323][ T9902] CPU: 0 PID: 9902 Comm: syz-executor.2 Not tainted 5.8.0-rc4-syzkaller #0 [ 207.146329][ T9902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 207.146388][ T9902] Call Trace: [ 207.146521][ T9902] dump_stack+0x18f/0x20d [ 207.146532][ T9902] ? bitfill_aligned+0x34a/0x400 [ 207.146540][ T9902] ? bitfill_aligned+0x34a/0x400 [ 207.146551][ T9902] print_address_description.constprop.0.cold+0x5/0x436 [ 207.147127][ T9902] ? lockdep_hardirqs_off+0x66/0xa0 [ 207.147127][ T9902] ? vprintk_func+0x97/0x1a6 [ 207.147127][ T9902] ? bitfill_aligned+0x34a/0x400 [ 207.147127][ T9902] kasan_report.cold+0x1f/0x37 [ 207.147127][ T9902] ? bitfill_aligned+0x34a/0x400 [ 207.147127][ T9902] bitfill_aligned+0x34a/0x400 [ 207.147127][ T9902] sys_fillrect+0x408/0x7a0 [ 207.147127][ T9902] ? sys_fillrect+0x7a0/0x7a0 [ 207.147127][ T9902] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 207.147127][ T9902] bit_clear_margins+0x2d5/0x4a0 [ 207.147127][ T9902] ? bit_bmove+0x210/0x210 [ 207.147127][ T9902] ? fb_get_color_depth+0x11a/0x240 [ 207.147127][ T9902] fbcon_clear_margins+0x1d5/0x230 [ 207.147127][ T9902] fbcon_switch+0xb6e/0x16c0 [ 207.147127][ T9902] ? fbcon_scroll+0x3600/0x3600 [ 207.147127][ T9902] ? fbcon_cursor+0x52b/0x650 [ 207.147127][ T9902] ? kmalloc_array.constprop.0+0x20/0x20 [ 207.147127][ T9902] ? is_console_locked+0x5/0x10 [ 207.147127][ T9902] ? fbcon_set_origin+0x26/0x50 [ 207.147127][ T9902] redraw_screen+0x2ae/0x770 [ 207.147127][ T9902] ? vc_init+0x440/0x440 [ 207.147127][ T9902] ? fb_get_color_depth+0x11a/0x240 [ 207.147127][ T9902] ? fbcon_set_palette+0x3a8/0x490 [ 207.147127][ T9902] fbcon_modechanged+0x575/0x710 [ 207.147127][ T9902] fbcon_update_vcs+0x3a/0x50 [ 207.147127][ T9902] fb_set_var+0xae8/0xd60 [ 207.147127][ T9902] ? fb_blank+0x190/0x190 [ 207.147127][ T9902] ? lock_release+0x8d0/0x8d0 [ 207.147127][ T9902] ? lock_is_held_type+0xb0/0xe0 [ 207.147127][ T9902] ? do_fb_ioctl+0x2f2/0x6c0 [ 207.147127][ T9902] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 207.147127][ T9902] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 207.147127][ T9902] ? trace_hardirqs_on+0x5f/0x220 [ 207.147127][ T9902] do_fb_ioctl+0x33f/0x6c0 [ 207.147127][ T9902] ? fb_set_suspend+0x1a0/0x1a0 [ 207.147127][ T9902] ? tomoyo_execute_permission+0x470/0x470 [ 207.147127][ T9902] ? lock_is_held_type+0xb0/0xe0 [ 207.147127][ T9902] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 207.147127][ T9902] ? do_vfs_ioctl+0x27d/0x1090 [ 207.147127][ T9902] ? __fget_files+0x294/0x400 [ 207.147127][ T9902] fb_ioctl+0xdd/0x130 [ 207.147127][ T9902] ? do_fb_ioctl+0x6c0/0x6c0 [ 207.147127][ T9902] ksys_ioctl+0x11a/0x180 [ 207.147127][ T9902] __x64_sys_ioctl+0x6f/0xb0 [ 207.147127][ T9902] ? lockdep_hardirqs_on+0x6a/0xe0 [ 207.147127][ T9902] do_syscall_64+0x60/0xe0 [ 207.147127][ T9902] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 207.147127][ T9902] RIP: 0033:0x45c939 [ 207.147127][ T9902] Code: Bad RIP value. [ 207.147127][ T9902] RSP: 002b:00007f6a6b681c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 207.147127][ T9902] RAX: ffffffffffffffda RBX: 000000000074bf00 RCX: 000000000045c939 [ 207.147127][ T9902] RDX: 0000000020000200 RSI: 0000000000004601 RDI: 0000000000000003 [ 207.147127][ T9902] RBP: 00000000006f9940 R08: 0000000000000000 R09: 0000000000000000 [ 207.147127][ T9902] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6a6b6826d4 [ 207.147127][ T9902] R13: 00000000000002fe R14: 00000000006ed9c0 R15: 00000000004ac5d2 [ 207.147127][ T9902] [ 207.147127][ T9902] [ 207.147127][ T9902] Memory state around the buggy address: [ 207.147127][ T9902] ffffc90009c70f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 207.147127][ T9902] ffffc90009c70f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 207.147127][ T9902] >ffffc90009c71000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 207.147127][ T9902] ^ [ 207.147127][ T9902] ffffc90009c71080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 207.147127][ T9902] ffffc90009c71100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 207.147127][ T9902] ================================================================== [ 207.147127][ T9902] Disabling lock debugging due to kernel taint [ 207.160300][ T9902] Kernel panic - not syncing: panic_on_warn set ... [ 207.160340][ T9902] CPU: 0 PID: 9902 Comm: syz-executor.2 Tainted: G B 5.8.0-rc4-syzkaller #0 [ 207.160345][ T9902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 207.160391][ T9902] Call Trace: [ 207.160514][ T9902] dump_stack+0x18f/0x20d [ 207.160526][ T9902] ? bitfill_aligned+0x260/0x400 [ 207.160534][ T9902] panic+0x2e3/0x75c [ 207.160543][ T9902] ? __warn_printk+0xf3/0xf3 [ 207.160553][ T9902] ? preempt_schedule_common+0x59/0xc0 [ 207.160560][ T9902] ? bitfill_aligned+0x34a/0x400 [ 207.160569][ T9902] ? preempt_schedule_thunk+0x16/0x18 [ 207.160577][ T9902] ? trace_hardirqs_on+0x55/0x220 [ 207.160585][ T9902] ? bitfill_aligned+0x34a/0x400 [ 207.160592][ T9902] ? bitfill_aligned+0x34a/0x400 [ 207.160599][ T9902] end_report+0x4d/0x53 [ 207.160605][ T9902] kasan_report.cold+0xd/0x37 [ 207.160613][ T9902] ? bitfill_aligned+0x34a/0x400 [ 207.160621][ T9902] bitfill_aligned+0x34a/0x400 [ 207.160629][ T9902] sys_fillrect+0x408/0x7a0 [ 207.160636][ T9902] ? sys_fillrect+0x7a0/0x7a0 [ 207.160647][ T9902] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 207.160656][ T9902] bit_clear_margins+0x2d5/0x4a0 [ 207.160663][ T9902] ? bit_bmove+0x210/0x210 [ 207.160673][ T9902] ? fb_get_color_depth+0x11a/0x240 [ 207.160680][ T9902] fbcon_clear_margins+0x1d5/0x230 [ 207.160688][ T9902] fbcon_switch+0xb6e/0x16c0 [ 207.160696][ T9902] ? fbcon_scroll+0x3600/0x3600 [ 207.160706][ T9902] ? fbcon_cursor+0x52b/0x650 [ 207.160713][ T9902] ? kmalloc_array.constprop.0+0x20/0x20 [ 207.160722][ T9902] ? is_console_locked+0x5/0x10 [ 207.160729][ T9902] ? fbcon_set_origin+0x26/0x50 [ 207.160739][ T9902] redraw_screen+0x2ae/0x770 [ 207.160747][ T9902] ? vc_init+0x440/0x440 [ 207.160754][ T9902] ? fb_get_color_depth+0x11a/0x240 [ 207.160761][ T9902] ? fbcon_set_palette+0x3a8/0x490 [ 207.160769][ T9902] fbcon_modechanged+0x575/0x710 [ 207.160777][ T9902] fbcon_update_vcs+0x3a/0x50 [ 207.160784][ T9902] fb_set_var+0xae8/0xd60 [ 207.160791][ T9902] ? fb_blank+0x190/0x190 [ 207.160798][ T9902] ? lock_release+0x8d0/0x8d0 [ 207.160808][ T9902] ? lock_is_held_type+0xb0/0xe0 [ 207.160817][ T9902] ? do_fb_ioctl+0x2f2/0x6c0 [ 207.160837][ T9902] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 207.160844][ T9902] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 207.161007][ T9902] ? trace_hardirqs_on+0x5f/0x220 [ 207.161017][ T9902] do_fb_ioctl+0x33f/0x6c0 [ 207.161026][ T9902] ? fb_set_suspend+0x1a0/0x1a0 [ 207.161035][ T9902] ? tomoyo_execute_permission+0x470/0x470 [ 207.161058][ T9902] ? lock_is_held_type+0xb0/0xe0 [ 207.161069][ T9902] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 207.161078][ T9902] ? do_vfs_ioctl+0x27d/0x1090 [ 207.161090][ T9902] ? __fget_files+0x294/0x400 [ 207.161100][ T9902] fb_ioctl+0xdd/0x130 [ 207.161109][ T9902] ? do_fb_ioctl+0x6c0/0x6c0 [ 207.161116][ T9902] ksys_ioctl+0x11a/0x180 [ 207.161123][ T9902] __x64_sys_ioctl+0x6f/0xb0 [ 207.161131][ T9902] ? lockdep_hardirqs_on+0x6a/0xe0 [ 207.161138][ T9902] do_syscall_64+0x60/0xe0 [ 207.161146][ T9902] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 207.161152][ T9902] RIP: 0033:0x45c939 [ 207.161154][ T9902] Code: Bad RIP value. [ 207.161158][ T9902] RSP: 002b:00007f6a6b681c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 207.161165][ T9902] RAX: ffffffffffffffda RBX: 000000000074bf00 RCX: 000000000045c939 [ 207.161170][ T9902] RDX: 0000000020000200 RSI: 0000000000004601 RDI: 0000000000000003 [ 207.161174][ T9902] RBP: 00000000006f9940 R08: 0000000000000000 R09: 0000000000000000 [ 207.161178][ T9902] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6a6b6826d4 [ 207.161182][ T9902] R13: 00000000000002fe R14: 00000000006ed9c0 R15: 00000000004ac5d2 [ 207.167052][ T9902] Kernel Offset: disabled [ 207.167052][ T9902] Rebooting in 86400 seconds..