[ 40.359509] audit: type=1800 audit(1573925607.513:32): pid=7477 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 41.026324] audit: type=1800 audit(1573925608.253:33): pid=7477 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.169' (ECDSA) to the list of known hosts. 2019/11/16 17:33:35 fuzzer started syzkaller login: [ 48.518200] kauditd_printk_skb: 2 callbacks suppressed [ 48.518247] audit: type=1400 audit(1573925615.743:36): avc: denied { map } for pid=7664 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/11/16 17:33:37 dialing manager at 10.128.0.105:46261 2019/11/16 17:33:37 syscalls: 2545 2019/11/16 17:33:37 code coverage: enabled 2019/11/16 17:33:37 comparison tracing: enabled 2019/11/16 17:33:37 extra coverage: extra coverage is not supported by the kernel 2019/11/16 17:33:37 setuid sandbox: enabled 2019/11/16 17:33:37 namespace sandbox: enabled 2019/11/16 17:33:37 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/16 17:33:37 fault injection: enabled 2019/11/16 17:33:37 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/16 17:33:37 net packet injection: enabled 2019/11/16 17:33:37 net device setup: enabled 2019/11/16 17:33:37 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/16 17:33:37 devlink PCI setup: PCI device 0000:00:10.0 is not available 17:36:58 executing program 0: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x10001, 0x800) r0 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x100000000, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) r1 = accept$nfc_llcp(r0, &(0x7f0000000080), &(0x7f0000000100)=0x60) ioctl$sock_SIOCGSKNS(r1, 0x894c, &(0x7f0000000140)) syz_mount_image$ceph(&(0x7f0000000180)='ceph\x00', &(0x7f00000001c0)='./file0\x00', 0x9, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000200)="d16626e8d8235bd5082ed30427167628120914892c4c16a40b863961118a5e6ecfdb3194fdda5767580dd0bd3ed08ccb1cd324d0530281592af5054b503cb0200edcbe8c6cb1fcac4c76cb7a0c9ba7cd977f15e70c50d7c3716fe3b155e5f124d4ce69985583c76372d1e7ef5c96918377ed9ee8f49b901d310591a10b9af07fd20df211e560df4d99991491", 0x8c, 0x8}], 0x12840, &(0x7f0000000300)='/dev/video#\x00') ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4008550d, &(0x7f0000000340)) setxattr$trusted_overlay_nlink(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='trusted.overlay.nlink\x00', &(0x7f0000000400)={'U+', 0x3}, 0x28, 0x0) r2 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000440)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r2, 0x4020565b, &(0x7f0000000480)={0x0, 0xfffffffc, 0x2}) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r0, 0x10f, 0x84, &(0x7f00000004c0), &(0x7f0000000500)=0x4) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000540)={0x30, 0x5, 0x0, {0x0, 0x5, 0x7f}}, 0x30) openat$cuse(0xffffffffffffff9c, &(0x7f0000000580)='/dev/cuse\x00', 0x2, 0x0) clock_gettime(0x0, &(0x7f00000005c0)={0x0, 0x0}) clock_settime(0x2, &(0x7f0000000600)={r3, r4+10000000}) lsetxattr(&(0x7f0000000640)='./file0\x00', &(0x7f0000000680)=@known='com.apple.FinderInfo\x00', &(0x7f00000006c0)='/dev/video0\x00', 0xc, 0x1) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r0, 0x800443d3, &(0x7f0000000700)={{0x5, 0x5, 0xe9, 0x81, 0x8, 0x7d}, 0x1, 0x3, 0x8}) r5 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000740)='caif0\x00', 0x10) socketpair(0x4, 0x4, 0x4, &(0x7f0000000780)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r6, 0x6, 0x16, &(0x7f00000007c0)=[@timestamp, @window={0x3, 0x3, 0x6}, @timestamp, @window={0x3, 0xf000, 0x800}, @window={0x3, 0x3, 0x1}, @mss={0x2, 0x7}, @timestamp], 0x7) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000800)=0x4, 0x4) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r7, 0x84, 0xc, 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(r2, 0x801c581f, &(0x7f0000000840)={0x3ff, 0x7ff, 0x8, 0x3f}) r8 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000880)='/dev/dlm-control\x00', 0x400, 0x0) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r8, 0x110, 0x4, &(0x7f00000008c0)=0x1, 0x4) pipe2$9p(&(0x7f0000000900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RAUTH(r9, &(0x7f0000000940)={0x14, 0x67, 0x2, {0x38, 0x0, 0x3}}, 0x14) write$P9_RCREATE(r8, &(0x7f0000000980)={0x18, 0x73, 0x1, {{0x80}, 0x8}}, 0x18) bind(0xffffffffffffffff, &(0x7f00000009c0)=@vsock={0x28, 0x0, 0x2710, @my=0x1}, 0x80) [ 251.021007] audit: type=1400 audit(1573925818.243:37): avc: denied { map } for pid=7681 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14996 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 251.104720] IPVS: ftp: loaded support on port[0] = 21 [ 251.208053] chnl_net:caif_netlink_parms(): no params data found 17:36:58 executing program 1: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2) ioctl$PIO_SCRNMAP(r0, 0x4b41, &(0x7f0000000040)="13db15af63ef0747657ae26aa726fc87a51b5eafba13e685ae55b1d1521473f7cdb340b808ef63bad3e9adf3f3264b6f45037d1f30c97fbfd1468821f4ef58656d67ba757adf10511c06a778e42ed54cdb3847dc403b15061723c1f7002fa9495be34d1cf5025c8bd8bd1a0d7a5d37226199865080b760f12cf44fb8fa717a1dabfa2f186ba9f7301674db9269d1ee12e8ded09305ebb7de8f9d4a1a61561f16643b934af78a01e3f48d123a2852b6e868685ef808") recvmmsg(0xffffffffffffffff, &(0x7f0000005b80)=[{{&(0x7f0000000140)=@nfc_llcp, 0x80, &(0x7f0000000600)=[{&(0x7f00000001c0)=""/205, 0xcd}, {&(0x7f00000002c0)}, {&(0x7f0000000300)=""/14, 0xe}, {&(0x7f0000000340)=""/16, 0x10}, {&(0x7f0000000380)}, {&(0x7f00000003c0)=""/244, 0xf4}, {&(0x7f00000004c0)=""/54, 0x36}, {&(0x7f0000000500)=""/55, 0x37}, {&(0x7f0000000540)=""/7, 0x7}, {&(0x7f0000000580)=""/118, 0x76}], 0xa, &(0x7f00000006c0)=""/43, 0x2b}, 0x8001}, {{&(0x7f0000000700)=@can, 0x80, &(0x7f0000002c00)=[{&(0x7f0000000780)=""/67, 0x43}, {&(0x7f0000000800)=""/4096, 0x1000}, {&(0x7f0000001800)=""/221, 0xdd}, {&(0x7f0000001900)=""/229, 0xe5}, {&(0x7f0000001a00)=""/185, 0xb9}, {&(0x7f0000001ac0)=""/126, 0x7e}, {&(0x7f0000001b40)=""/96, 0x60}, {&(0x7f0000001bc0)=""/11, 0xb}, {&(0x7f0000001c00)=""/4096, 0x1000}], 0x9, &(0x7f0000002cc0)=""/104, 0x68}, 0xfffeffff}, {{&(0x7f0000002d40)=@ll={0x11, 0x0, 0x0}, 0x80, &(0x7f0000004180)=[{&(0x7f0000002dc0)}, {&(0x7f0000002e00)=""/57, 0x39}, {&(0x7f0000002e40)=""/40, 0x28}, {&(0x7f0000002e80)=""/114, 0x72}, {&(0x7f0000002f00)=""/89, 0x59}, {&(0x7f0000002f80)=""/234, 0xea}, {&(0x7f0000003080)=""/24, 0x18}, {&(0x7f00000030c0)=""/4096, 0x1000}, {&(0x7f00000040c0)=""/143, 0x8f}], 0x9, &(0x7f0000004240)=""/4096, 0x1000}, 0x1ff}, {{&(0x7f0000005240)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f00000053c0)=[{&(0x7f00000052c0)=""/86, 0x56}, {&(0x7f0000005340)=""/106, 0x6a}], 0x2, &(0x7f0000005400)=""/134, 0x86}, 0x2}, {{&(0x7f00000054c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, &(0x7f0000005640)=[{&(0x7f0000005540)=""/212, 0xd4}], 0x1, &(0x7f0000005680)=""/24, 0x18}, 0xfff}, {{0x0, 0x0, &(0x7f0000005780)=[{&(0x7f00000056c0)=""/167, 0xa7}], 0x1, &(0x7f00000057c0)=""/87, 0x57}}, {{&(0x7f0000005840)=@ipx, 0x80, &(0x7f0000005ac0)=[{&(0x7f00000058c0)=""/87, 0x57}, {&(0x7f0000005940)=""/188, 0xbc}, {&(0x7f0000005a00)=""/188, 0xbc}], 0x3, &(0x7f0000005b00)=""/96, 0x60}, 0xce18}], 0x7, 0x0, 0x0) getsockname$packet(r0, &(0x7f0000005dc0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000005e00)=0x14) getsockname$packet(0xffffffffffffffff, &(0x7f0000005f00)={0x11, 0x0, 0x0}, &(0x7f0000005f40)=0x14) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000005fc0)={'erspan0\x00', 0x0}) getsockname$packet(r0, &(0x7f0000006000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000006040)=0x14) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000006080)={'vxcan1\x00', 0x0}) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f00000062c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000006280)={&(0x7f00000060c0)={0x19c, 0x0, 0x884f4a5bbc264e4c, 0x70bd29, 0x25dfdbfd, {}, [{{0x8, 0x1, r1}, {0xbc, 0x2, [{0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0x8, 0x4, 0x405f}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x401}}}]}}, {{0x8, 0x1, r5}, {0xbc, 0x2, [{0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r8}}}]}}]}, 0x19c}, 0x1, 0x0, 0x0, 0x1}, 0x0) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x0) openat$vimc2(0xffffffffffffff9c, &(0x7f0000006300)='/dev/video2\x00', 0x2, 0x0) fcntl$F_GET_RW_HINT(r3, 0x40b, &(0x7f0000006340)) r9 = openat$null(0xffffffffffffff9c, &(0x7f0000006380)='/dev/null\x00', 0x20a000, 0x0) getsockopt$inet_pktinfo(r9, 0x0, 0x8, &(0x7f00000063c0)={0x0, @multicast1, @loopback}, &(0x7f0000006400)=0xc) pread64(0xffffffffffffffff, &(0x7f0000006440)=""/147, 0x93, 0x0) fcntl$setlease(r2, 0x400, 0x1) utimes(&(0x7f0000006500)='./file0\x00', &(0x7f0000006540)={{0x77359400}}) ioctl$VT_OPENQRY(r9, 0x5600, &(0x7f0000006580)) r10 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000065c0)='/selinux/status\x00', 0x0, 0x0) ioctl$EVIOCGKEYCODE(r10, 0x80084504, &(0x7f0000006600)=""/157) r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000006700)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000006840)={&(0x7f00000066c0)={0x10, 0x0, 0x0, 0x41d0a0c}, 0xc, &(0x7f0000006800)={&(0x7f0000006740)={0xa8, r11, 0x8, 0x70bd29, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x48, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x9, @remote, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x5, @loopback, 0x3}}}}]}, @TIPC_NLA_NET={0x4c, 0x7, [@TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x400}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xffffffff}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0xc0880}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000006880)={0x401, 0x6, 'client0\x00', 0xffffffff80000000, "cce6b3859bd69e41", "15acc78f0b88521111897097802d637267571ea74829422f0c9246ace78c340c", 0x7, 0x4}) syz_open_dev$dmmidi(&(0x7f0000006940)='/dev/dmmidi#\x00', 0x3, 0x200000) ioctl$EVIOCGBITKEY(0xffffffffffffffff, 0x80404521, &(0x7f0000006980)=""/198) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000006a80)={0x0}, &(0x7f0000006ac0)=0xc) move_pages(r12, 0x2, &(0x7f0000006b00)=[&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil], &(0x7f0000006b40)=[0x2, 0x7, 0x98, 0x3, 0x3, 0x401, 0x200, 0x7, 0xfff], &(0x7f0000006b80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(0xffffffffffffffff, 0xc0505350, &(0x7f0000006bc0)={{0x69, 0x2}, {0x40, 0xb}, 0x800, 0x4, 0x40}) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000006c40)='/proc/thread-self/attr/current\x00', 0x2, 0x0) ioctl$sock_TIOCINQ(r2, 0x541b, &(0x7f0000006c80)) [ 251.254719] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.262400] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.270468] device bridge_slave_0 entered promiscuous mode [ 251.279598] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.286388] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.294789] device bridge_slave_1 entered promiscuous mode [ 251.335306] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 251.354968] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 251.376405] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 251.384288] team0: Port device team_slave_0 added [ 251.390183] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 251.398818] team0: Port device team_slave_1 added [ 251.404687] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 251.408313] IPVS: ftp: loaded support on port[0] = 21 [ 251.412428] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready 17:36:58 executing program 2: getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)) epoll_create(0x5) r0 = getpgid(0x0) getpgid(r0) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x0, 0x1}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000140)={r2, 0x40, 0x2, [0x1000, 0x8000]}, &(0x7f0000000180)=0xc) r3 = syz_open_dev$audion(&(0x7f00000001c0)='/dev/audio#\x00', 0x21, 0x4001) sendto$x25(r3, &(0x7f0000000200)="2f67dd854993ab58cb2fd1ebce756b4dfe78c09feef754ad9eb8f21e621b7ff18429c3215240d05905d7c090bbc23f07836b11b81bcc1eff09443eebc0c60625224686826b60acf56b799cce2bde10c1f311b69e35b1103e1f224fc900772919721a32c8ff94e0f6dce18234dd89db394f8a5dee3b455f4528aa7cfed4730f8074aed8c7c1a8813b632162c00a2fac4a04", 0x91, 0x4002000, &(0x7f00000002c0)={0x9, @null=' \x00'}, 0x12) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dlm_plock\x00', 0xf0000, 0x0) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer\x00', 0x80000, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000380)={r4, r5, 0x3, 0x1}, 0x10) r6 = syz_open_dev$sndpcmp(&(0x7f00000003c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0x280600) ioctl$TIOCSTI(r6, 0x5412, 0x9) r7 = syz_open_dev$dmmidi(&(0x7f0000000400)='/dev/dmmidi#\x00', 0xffff, 0x2000) ioctl$UI_SET_EVBIT(r7, 0x40045564, 0x18) r8 = add_key$keyring(&(0x7f0000000500)='keyring\x00', &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) request_key(&(0x7f0000000440)='encrypted\x00', &(0x7f0000000480)={'syz', 0x2}, &(0x7f00000004c0)='+%em0usereth1md5summime_type:\x00', r8) syz_open_dev$ndb(&(0x7f0000000580)='/dev/nbd#\x00', 0x0, 0x200000) ioctl$FS_IOC_FSSETXATTR(r6, 0x401c5820, &(0x7f00000005c0)={0x8001, 0x1f, 0x18c6, 0x7fffffff, 0x7fff}) rmdir(&(0x7f0000000600)='./file0\x00') r9 = syz_open_dev$mice(&(0x7f0000000640)='/dev/input/mice\x00', 0x0, 0x0) ioctl$TUNSETOFFLOAD(r9, 0x400454d0, 0x7) setsockopt$RDS_GET_MR(r1, 0x114, 0x2, &(0x7f00000007c0)={{&(0x7f0000000680)=""/213, 0xd5}, &(0x7f0000000780), 0x40}, 0x20) ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000800)={'sit0\x00', 0x2000}) r10 = openat(0xffffffffffffffff, &(0x7f0000000840)='./file0/file0\x00', 0x3e230bd6f588857b, 0x220) ioctl$VIDIOC_ENUMAUDIO(r10, 0xc0345641, &(0x7f0000000880)={0x1000, "0b760fa7a6d774f6b221e121827f5303c85e998ebfdbded8daa3028d3b53375b", 0x1}) r11 = creat(&(0x7f00000008c0)='./file0/file0\x00', 0x22) write$FUSE_NOTIFY_RETRIEVE(r11, &(0x7f0000000900)={0x30, 0x5, 0x0, {0x0, 0x3, 0x0, 0x1}}, 0x30) [ 251.495495] device hsr_slave_0 entered promiscuous mode [ 251.532884] device hsr_slave_1 entered promiscuous mode [ 251.573416] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 251.582025] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 251.602828] audit: type=1400 audit(1573925818.823:38): avc: denied { create } for pid=7682 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 251.632981] audit: type=1400 audit(1573925818.823:39): avc: denied { write } for pid=7682 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 251.657285] audit: type=1400 audit(1573925818.823:40): avc: denied { read } for pid=7682 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 251.711609] IPVS: ftp: loaded support on port[0] = 21 17:36:58 executing program 3: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000040)={0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000080)=0x2c) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000000c0)={r2, 0x4e, "bed451142e9e29d2ac0a6d176a5d59476830b6cb600a9a116f4f76454093ea7c1fd2848710f058077417494f3819369994c2695493c9ce695867bdd0cebd0f7d0dd0832dd34783863cada53b0b64"}, &(0x7f0000000140)=0x56) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000180)) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000280)='/proc/capi/capi20\x00', 0x8000, 0x0) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r3, 0x81785501, &(0x7f00000002c0)=""/186) r4 = open(&(0x7f0000000380)='./file0\x00', 0x121101, 0x200) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000003c0)={0x0, 0x0, 0xffffffffffffffff}) r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snapshot\x00', 0x1, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000440)={r5, 0x0, r7}) r8 = syz_open_dev$amidi(&(0x7f0000000480)='/dev/amidi#\x00', 0x6, 0x4100) write$P9_RMKDIR(r8, &(0x7f00000004c0)={0x14, 0x49, 0x2, {0x104, 0x1, 0x1}}, 0x14) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000500)={{0x8000000000000000, 0x3a386d1e7f324d33, 0x7, 0x2, 0x6}, 0x4, 0x1, 0x4}) getresuid(&(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600)) mount$overlay(0x0, &(0x7f0000000640)='./file0\x00', &(0x7f0000000680)='overlay\x00', 0x200000, &(0x7f00000006c0)={[{@index_on='index=on'}], [{@fsmagic={'fsmagic', 0x3d, 0x5}}]}) r9 = syz_open_dev$audion(&(0x7f0000000700)='/dev/audio#\x00', 0x7fff, 0x4000) setsockopt$IP_VS_SO_SET_TIMEOUT(r9, 0x0, 0x48a, &(0x7f0000000740)={0x8d35, 0x214a, 0x7f}, 0xc) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r10 = dup2(r3, r4) setsockopt$inet_tcp_TLS_TX(r10, 0x6, 0x1, &(0x7f0000000780)=@ccm_128={{0x303}, "7144f0132e80346d", "168d32a0fa1d67b1685df616b1b638cc", "e29de575", "434b8630470cd4e1"}, 0x28) r11 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000007c0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r11, 0x84, 0x6f, &(0x7f0000000880)={r1, 0x68, &(0x7f0000000800)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e20, @empty}, @in6={0xa, 0x4e20, 0x1, @remote, 0x2}, @in={0x2, 0x4e23, @remote}, @in6={0xa, 0x4e22, 0x200, @remote, 0x7}]}, &(0x7f00000008c0)=0x10) ioctl$EXT4_IOC_GROUP_ADD(r6, 0x40286608, &(0x7f0000000900)={0x4, 0x1, 0x1f, 0x6, 0x1, 0x9}) r12 = socket$netlink(0x10, 0x3, 0xe1c9a97510316dd2) getsockopt$SO_TIMESTAMP(r12, 0x1, 0x40, &(0x7f0000000940), &(0x7f0000000980)=0x4) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r3, 0x6, 0x15, &(0x7f00000009c0)=0x2c, 0x4) write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f0000000a00)={0xf, 0x1f, 0x1, 0x7}, 0xf) r13 = syz_open_dev$media(&(0x7f0000000a40)='/dev/media#\x00', 0x2, 0x2000) r14 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000ac0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r13, &(0x7f0000000c80)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x2000004}, 0xc, &(0x7f0000000c40)={&(0x7f0000000b00)={0x104, r14, 0x800, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x10001}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xffffc9ac}, @IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'dh\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x10, 0x8}}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}]}, @IPVS_CMD_ATTR_DAEMON={0x4c, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0xfff7}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0xfc}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bond_slave_0\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x9}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip6erspan0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x9}]}, @IPVS_CMD_ATTR_DAEMON={0x18, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syz_tun\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7ff}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x800}]}, 0x104}, 0x1, 0x0, 0x0, 0x10000000}, 0x4) [ 251.726673] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.733212] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.740159] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.746859] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.955006] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 251.961132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 252.010849] chnl_net:caif_netlink_parms(): no params data found [ 252.024276] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 252.038754] chnl_net:caif_netlink_parms(): no params data found 17:36:59 executing program 4: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xa8, 0xa8, 0x3, [@func={0x4, 0x0, 0x0, 0xc, 0x3}, @fwd={0x7}, @volatile={0x6, 0x0, 0x0, 0x9, 0x3}, @var={0x3, 0x0, 0x0, 0xe, 0x4, 0x1}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x3, 0x4}]}, @struct={0xe, 0x3, 0x0, 0x4, 0x0, 0x2, [{0x7, 0x5}, {0xf, 0x1, 0xff}, {0x6, 0x3, 0xf9}]}, @ptr={0x2, 0x0, 0x0, 0x2, 0x4}, @restrict={0x3, 0x0, 0x0, 0xb, 0x3}, @volatile={0xb, 0x0, 0x0, 0x9, 0x4}, @fwd={0xa}]}, {0x0, [0x61]}}, &(0x7f0000000100)=""/220, 0xc3, 0xdc, 0x1}, 0x20) membarrier(0x10, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001600)={0x0, @multicast1, @dev}, &(0x7f0000001640)=0xc) recvmmsg(0xffffffffffffffff, &(0x7f0000005d00)=[{{&(0x7f0000001680)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, 0x80, &(0x7f0000002cc0)=[{&(0x7f0000001700)=""/76, 0x4c}, {&(0x7f0000001780)=""/80, 0x50}, {&(0x7f0000001800)=""/78, 0x4e}, {&(0x7f0000001880)=""/249, 0xf9}, {&(0x7f0000001980)=""/4096, 0x1000}, {&(0x7f0000002980)=""/167, 0xa7}, {&(0x7f0000002a40)=""/211, 0xd3}, {&(0x7f0000002b40)=""/137, 0x89}, {&(0x7f0000002c00)=""/36, 0x24}, {&(0x7f0000002c40)=""/65, 0x41}], 0xa, &(0x7f0000002d80)=""/142, 0x8e}, 0x4}, {{&(0x7f0000002e40)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f0000004040)=[{&(0x7f0000002ec0)=""/181, 0xb5}, {&(0x7f0000002f80)=""/4096, 0x1000}, {&(0x7f0000003f80)=""/136, 0x88}], 0x3, &(0x7f0000004080)=""/231, 0xe7}, 0x9}, {{&(0x7f0000004180)=@can, 0x80, &(0x7f0000004500)=[{&(0x7f0000004200)=""/191, 0xbf}, {&(0x7f00000042c0)=""/22, 0x16}, {&(0x7f0000004300)=""/194, 0xc2}, {&(0x7f0000004400)=""/181, 0xb5}, {&(0x7f00000044c0)=""/57, 0x39}], 0x5, &(0x7f0000004580)=""/56, 0x38}, 0x8001}, {{&(0x7f00000045c0)=@xdp, 0x80, &(0x7f00000059c0)=[{&(0x7f0000004640)=""/178, 0xb2}, {&(0x7f0000004700)=""/44, 0x2c}, {&(0x7f0000004740)=""/108, 0x6c}, {&(0x7f00000047c0)=""/27, 0x1b}, {&(0x7f0000004800)=""/182, 0xb6}, {&(0x7f00000048c0)=""/192, 0xc0}, {&(0x7f0000004980)=""/49, 0x31}, {&(0x7f00000049c0)=""/4096, 0x1000}], 0x8}, 0x9}, {{&(0x7f0000005a40)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000005bc0)=[{&(0x7f0000005ac0)=""/100, 0x64}, {&(0x7f0000005b40)=""/102, 0x66}], 0x2, &(0x7f0000005c00)=""/228, 0xe4}, 0xac}], 0x5, 0x40000146, &(0x7f0000005e40)={0x0, 0x1c9c380}) sendmsg$nl_route(r1, &(0x7f0000005f40)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x846ca43866cff8f4}, 0xc, &(0x7f0000005f00)={&(0x7f0000005e80)=@getlink={0x78, 0x12, 0x918, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, r2, 0x10000, 0x200}, [@IFLA_AF_SPEC={0x10, 0x1a, [{0x4, 0x7}, {0x4, 0x7}, {0x4, 0x7}]}, @IFLA_EVENT={0x8, 0x2c, 0x3}, @IFLA_BROADCAST={0xc, 0x2, @local}, @IFLA_WEIGHT={0x8, 0xf, 0x800}, @IFLA_PROMISCUITY={0x8, 0x1e, 0x8}, @IFLA_LINKMODE={0x8, 0x11, 0x51}, @IFLA_MASTER={0x8, 0xa, r3}, @IFLA_IFALIAS={0x14, 0x14, 'veth1_to_bridge\x00'}]}, 0x78}, 0x1, 0x0, 0x0, 0x40001}, 0x1000) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000005f80)='/proc/self/attr/current\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r0, 0xc008551b, &(0x7f0000005fc0)={0x0, 0x4, [0x7]}) ioctl$NBD_SET_FLAGS(r1, 0xab0a, 0x7) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000006000)='/dev/snapshot\x00', 0x20080, 0x0) setsockopt$CAN_RAW_ERR_FILTER(r4, 0x65, 0x2, &(0x7f0000006040), 0x4) ioctl$ION_IOC_ALLOC(r4, 0xc0184900, &(0x7f0000006080)={0x3, 0x16, 0x1, 0xffffffffffffffff}) fcntl$F_SET_RW_HINT(r5, 0x40c, &(0x7f00000060c0)=0x2) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000006100)='/dev/zero\x00', 0x800, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r6, 0xc028ae92, &(0x7f0000006140)={0x1000}) r7 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000006180)='/dev/dlm-monitor\x00', 0x400, 0x0) ioctl$EVIOCGABS3F(r7, 0x8018457f, &(0x7f00000061c0)=""/4096) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f00000071c0)='/dev/vcs\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r8, 0xc080661a, &(0x7f0000007200)={{0x6, 0x0, @identifier="6989d70a784181b82a8dab2266dbf348"}}) r9 = fcntl$dupfd(r0, 0x203, 0xffffffffffffffff) write$FUSE_NOTIFY_DELETE(r9, &(0x7f0000007280)={0x2e, 0x6, 0x0, {0x2, 0x3, 0x5, 0x0, '!$9[@'}}, 0x2e) r10 = syz_open_dev$mice(&(0x7f0000007300)='/dev/input/mice\x00', 0x0, 0x0) symlinkat(&(0x7f00000072c0)='./file0\x00', r10, &(0x7f0000007340)='./file0\x00') setsockopt$ARPT_SO_SET_ADD_COUNTERS(r9, 0x0, 0x61, &(0x7f0000007380)={'filter\x00', 0x4}, 0x68) ioctl$MON_IOCH_MFLUSH(r7, 0x9208, 0x6) getsockname$packet(r9, &(0x7f0000008940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000008980)=0x14) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000008a80)={&(0x7f00000089c0)={0x1d, r11}, 0x10, &(0x7f0000008a40)={&(0x7f0000008a00)=@can={{0x1, 0x1, 0x1}, 0x7, 0x2, 0x0, 0x0, "e2399128a499eba3"}, 0x10}, 0x1, 0x0, 0x0, 0x1840}, 0x8800) r12 = openat$null(0xffffffffffffff9c, &(0x7f0000008ac0)='/dev/null\x00', 0x0, 0x0) ioctl$NBD_DO_IT(r12, 0xab03) ioctl$CAPI_GET_MANUFACTURER(0xffffffffffffffff, 0xc0044306, &(0x7f0000008b00)) [ 252.056521] IPVS: ftp: loaded support on port[0] = 21 [ 252.132779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 252.142736] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.166494] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.184231] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 252.195636] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 252.201737] 8021q: adding VLAN 0 to HW filter on device team0 [ 252.213443] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.219816] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.236889] device bridge_slave_0 entered promiscuous mode [ 252.260337] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 252.269334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 252.286440] IPVS: ftp: loaded support on port[0] = 21 [ 252.296191] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 252.308284] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.314736] bridge0: port 1(bridge_slave_0) entered forwarding state 17:36:59 executing program 5: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x482000, 0x0) write$P9_RRENAMEAT(r0, &(0x7f0000000040)={0x7, 0x4b, 0x2}, 0x7) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4) uname(&(0x7f00000000c0)=""/49) r1 = epoll_create1(0x180000) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000100)={0x90001002}) r2 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x1, 0x604000) write$P9_RUNLINKAT(r2, &(0x7f0000000180)={0x7, 0x4d, 0x1}, 0x7) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/capi/capi20ncci\x00', 0x2, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@initdev, @in=@dev}}, {{@in6=@empty}, 0x0, @in=@local}}, &(0x7f0000000300)=0xe8) r4 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000340)='/dev/video1\x00', 0x2, 0x0) ioctl$VIDIOC_QUERY_DV_TIMINGS(r4, 0x80845663, &(0x7f0000000380)) r5 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCOUTQ(r5, 0x5411, &(0x7f0000000440)) lsetxattr$trusted_overlay_upper(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='trusted.overlay.upper\x00', &(0x7f0000000500)={0x0, 0xfb, 0x8a, 0xb, 0x1, "51b835b2cc0bbbe62918a9551acfbb28", "83cf6618c785faf370a5a079cbc87c68e1b8559971397f029d1bee5e3c1710d0e69a724c65848decc17d8d1eb43eea8e237ef3f99bfd03b36c17fee21973e0bd415bf5911a44e6e72589c42fc81f4d14bc70130ec6b8c5cc8dc23cfe1bcc84c7139272fa08934414f4b48702a66817e6b6bc5e2a28"}, 0x8a, 0x1) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000600)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r3, &(0x7f00000008c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0xc633b8019fafa7f8}, 0xc, &(0x7f0000000880)={&(0x7f0000000640)={0x224, r6, 0x2, 0x70bd2a, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x10c, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x59b8bb48}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1000}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_MEDIA={0x10, 0x5, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}]}, @TIPC_NLA_LINK={0x94, 0x4, [@TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffff2e0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_MON={0x54, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x81}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x64}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x326}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}]}]}, 0x224}, 0x1, 0x0, 0x0, 0x4041010}, 0x88080) setsockopt$ax25_int(r2, 0x101, 0x9, &(0x7f0000000900)=0x3, 0x4) r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000940)='/dev/btrfs-control\x00', 0x20000, 0x0) ioctl$USBDEVFS_CLEAR_HALT(r7, 0x80045515, &(0x7f0000000980)={0x5, 0x1}) prctl$PR_GET_TIMERSLACK(0x1e) r8 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$FS_IOC_GETVERSION(r8, 0x80087601, &(0x7f00000009c0)) r9 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000a00)='/selinux/enforce\x00', 0x200000, 0x0) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r9, 0xc0845658, &(0x7f0000000a40)={0x0, @bt={0x9, 0x3, 0x0, 0x7, 0x7, 0x11, 0x9, 0x80000000, 0x5, 0x8, 0x8001, 0x0, 0x5, 0x0, 0xbf70812d79392cdc, 0x40}}) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000b00)={0x0, 0x38, "b5e45119b2f75eb426bb907245a5195c814e0d74d4046273a2eb69308e531271da3d8cdf397bc73dda95ad0e0a46504c9900e25866500abd"}, &(0x7f0000000b40)=0x40) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000b80)={r10, 0x492, 0x2, 0x2}, &(0x7f0000000bc0)=0x10) clone(0x20000, &(0x7f0000000c00)="5c3bd785da41226d5e98b2844b26a73eb6fe73a66d411ee61f72b96ef478ee5186d84c5c2d4736a956c8c9e1d4b0ff562be6c3e131751b854f5b8bf6303d257b43903a974a5fd373941b09c5db9e95b016823b487b589fddfabcf0b6bd0fd985b0a86cf2015626313e731569b0dea1280f02bbd36071bd08e8643b4d6138a44bf6bbffdf7bbb5d7363d39559639ce3f7bebe7a5e38c07d8624f4ac2a1fa076890103e465c8f8cd9f4bffb9ce0b7e99", &(0x7f0000000cc0), &(0x7f0000000d00), &(0x7f0000000d40)="823c56ae14600e3d3870989f1ac346142ffe2769d05ba1df0a76bed66eaa8b4fc6242865aa5ad3f6057cf79af24d612cdba4c34c93e11d1c9c0bdafe65910343aaa2e3b0e2f3fdb625a87b2f750e4b86439fbc7694405fc550e8aa5f2b192165c4e2299b4778e32996662d27bad215496004ec3ac0344cb8bab9971708dab5b9d41b5c9e428fccea5d091e5490e165a33650e773accdedc0184aae0c92799fdde1fc7889f750b9b26a703ba0b5edd4f4b4b36f99d2bf1a2d3794b701a4ac36e9147ee1e37d976789d4712f57ea84722b4552c4f6fba6adb5cd") r11 = syz_open_dev$radio(&(0x7f0000000e40)='/dev/radio#\x00', 0x2, 0x2) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r11, 0x84, 0x16, &(0x7f0000000e80)={0x5, [0xfff, 0x3f, 0x7, 0x1000, 0x8000]}, 0xe) [ 252.335367] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.341771] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.351418] device bridge_slave_1 entered promiscuous mode [ 252.361963] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 252.389220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 252.401272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 252.409452] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.415885] bridge0: port 2(bridge_slave_1) entered forwarding state [ 252.443707] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.450103] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.459891] device bridge_slave_0 entered promiscuous mode [ 252.468440] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 252.487399] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 252.497594] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 252.516838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 252.525314] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.531686] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.540280] device bridge_slave_1 entered promiscuous mode [ 252.561134] IPVS: ftp: loaded support on port[0] = 21 [ 252.579592] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 252.592493] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 252.603754] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 252.619723] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 252.636956] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 252.656034] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 252.664231] team0: Port device team_slave_0 added [ 252.669488] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 252.677483] team0: Port device team_slave_0 added [ 252.684984] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 252.692171] team0: Port device team_slave_1 added [ 252.697641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 252.705586] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 252.713775] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 252.727459] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 252.735303] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 252.743617] team0: Port device team_slave_1 added [ 252.751174] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 252.759080] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 252.767099] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 252.775918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 252.784130] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 252.793966] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 252.811736] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 252.829869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 252.837640] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 252.846068] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 252.876365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 252.883950] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 252.914855] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 252.920957] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 252.985653] device hsr_slave_0 entered promiscuous mode [ 253.024403] device hsr_slave_1 entered promiscuous mode [ 253.105475] device hsr_slave_0 entered promiscuous mode [ 253.152898] device hsr_slave_1 entered promiscuous mode [ 253.193732] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 253.203128] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 253.230023] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 253.240013] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 253.282308] chnl_net:caif_netlink_parms(): no params data found [ 253.298578] chnl_net:caif_netlink_parms(): no params data found [ 253.314016] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 253.327768] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 253.336987] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 253.345247] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 253.374094] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 253.380844] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 253.406643] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.413202] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.420207] device bridge_slave_0 entered promiscuous mode [ 253.431287] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.438950] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.448019] device bridge_slave_1 entered promiscuous mode [ 253.478426] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 253.528312] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.535611] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.542890] device bridge_slave_0 entered promiscuous mode [ 253.558787] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 253.569886] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 253.580825] audit: type=1400 audit(1573925820.803:41): avc: denied { associate } for pid=7682 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 253.582822] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.616137] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.625015] device bridge_slave_1 entered promiscuous mode [ 253.648125] chnl_net:caif_netlink_parms(): no params data found [ 253.718697] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.741207] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 253.759397] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready 17:37:01 executing program 0: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000002c0)) ioctl$PPPIOCSDEBUG(0xffffffffffffffff, 0x40047440, &(0x7f0000000300)=0x5bb) socket(0xb, 0x0, 0xf4) keyctl$revoke(0x3, 0x0) r0 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x8}, 0x10) write(r0, &(0x7f0000000280)="1c0000001a009b8a14e5f4070009042400000000ff00000000000000", 0x1e5) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='cdg\x00', 0x4) recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000008, 0x12, &(0x7f00000001c0)={0x77359400}) syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00') sendmsg$FOU_CMD_DEL(0xffffffffffffffff, 0x0, 0x0) [ 253.768242] team0: Port device team_slave_0 added [ 253.821596] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 253.836111] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 253.847621] team0: Port device team_slave_1 added [ 253.858565] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 253.885337] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.891857] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 253.909836] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 253.938467] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 253.946668] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.953539] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.960797] device bridge_slave_0 entered promiscuous mode [ 253.968766] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.975788] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.983122] device bridge_slave_1 entered promiscuous mode [ 253.993866] hrtimer: interrupt took 41075 ns [ 254.007308] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 254.015246] team0: Port device team_slave_0 added [ 254.025590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 254.032848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 254.041395] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 254.050976] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 254.059345] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 254.065803] 8021q: adding VLAN 0 to HW filter on device team0 [ 254.126190] device hsr_slave_0 entered promiscuous mode [ 254.163016] device hsr_slave_1 entered promiscuous mode 17:37:01 executing program 0: dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_S_FMT(r0, 0x40045612, &(0x7f00000001c0)={0x2}) memfd_create(0x0, 0x0) [ 254.213195] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 254.220490] team0: Port device team_slave_1 added [ 254.231859] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 254.244419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 254.253643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 254.264485] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 254.270611] 8021q: adding VLAN 0 to HW filter on device team0 [ 254.283558] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 254.300020] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready 17:37:01 executing program 0: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000002c0)) ioctl$PPPIOCSDEBUG(0xffffffffffffffff, 0x40047440, &(0x7f0000000300)=0x5bb) socket(0xb, 0x0, 0xf4) getpid() keyctl$revoke(0x3, 0x0) r0 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x8}, 0x10) write(r0, &(0x7f0000000280)="1c0000001a009b8a14e5f4070009042400000000ff00000000000000", 0x1e5) recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000008, 0x12, &(0x7f00000001c0)={0x77359400}) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000280)={&(0x7f0000000000), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x20005840) [ 254.308469] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 254.330744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 254.340605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 254.350225] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.356651] bridge0: port 1(bridge_slave_0) entered forwarding state [ 254.364549] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 254.375072] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 254.383669] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 254.391810] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 254.454490] device hsr_slave_0 entered promiscuous mode [ 254.504146] device hsr_slave_1 entered promiscuous mode [ 254.542812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 254.550689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 254.558850] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.565249] bridge0: port 1(bridge_slave_0) entered forwarding state [ 254.572845] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 254.580942] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 254.590549] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 254.599216] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 254.607129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 254.615379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 254.623242] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.630069] bridge0: port 2(bridge_slave_1) entered forwarding state [ 254.644037] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 254.656481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 254.668975] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 254.676868] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 254.687001] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 254.701456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 254.709491] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 254.717251] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.723649] bridge0: port 2(bridge_slave_1) entered forwarding state [ 254.730865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 254.741075] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 254.755767] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 254.767873] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 254.776299] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 254.784017] team0: Port device team_slave_0 added [ 254.790228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 254.798876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready 17:37:02 executing program 0: mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) tkill(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r4, &(0x7f0000000040), 0x1c) [ 254.806725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 254.829474] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 254.846996] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 254.865019] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 254.878165] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 254.885934] team0: Port device team_slave_1 added [ 254.892289] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 254.899830] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 254.908071] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 254.915915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 254.938192] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 254.946501] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 254.956981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 254.968039] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 255.003787] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 255.011326] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 255.021514] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 255.029180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 255.039996] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 255.048298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 255.056031] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 255.073677] 8021q: adding VLAN 0 to HW filter on device bond0 [ 255.082175] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 255.101032] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 255.108670] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 255.118772] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 255.129656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 255.140152] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 255.154212] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 255.170318] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 255.198631] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 255.218721] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 255.226238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 255.234422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 255.241496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 255.256112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 255.270872] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 255.277417] 8021q: adding VLAN 0 to HW filter on device team0 17:37:02 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) memfd_create(0x0, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, 0x0) ioctl$TIOCEXCL(r1, 0x540c) r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000000)={0x0, 0xfffffffffffffffa, 0x4, {0x2, @raw_data="f79dd9524c61a7945790ca039664a46fa42cebdb98d059820d5a05496951095404dc369b487724b2cff745d5d908c9f0ea97b24954fbbd2f2ec1168573f130109611459c0df2733e93be33680e0e1fa26ffc8b668ecb501a181f33f5f0ee6b24d43cac905e9d1d35204a1084bd03ee2a4976b814f77784ab1a762ea8ed910b2b9dd87991ab05725ba663e0e4e37f7583203f4e144fdce1d512a0a3a0c2f611c52f4a9f9fc5f87d3258c77dd06c829e577151783ee64c56779e260d180578c6980e0d09c002f75222"}}) ioctl$VIDIOC_S_FMT(r2, 0x40045612, &(0x7f00000001c0)={0x2}) close(r2) memfd_create(0x0, 0x0) r3 = syz_open_dev$media(&(0x7f0000000100)='/dev/media#\x00', 0x5, 0x0) sendmsg$TIPC_NL_BEARER_ADD(r3, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x40) socket$caif_seqpacket(0x25, 0x5, 0x0) r4 = open(&(0x7f00000005c0)='./file0\x00', 0x200c2, 0x0) write$RDMA_USER_CM_CMD_BIND(r4, 0x0, 0x0) [ 255.306083] device hsr_slave_0 entered promiscuous mode [ 255.343177] device hsr_slave_1 entered promiscuous mode [ 255.367884] ================================================================== [ 255.375477] BUG: KASAN: use-after-free in v4l2_ctrl_grab+0x159/0x160 [ 255.381964] Read of size 8 at addr ffff888095b68420 by task syz-executor.0/7739 [ 255.389413] [ 255.390105] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 255.391054] CPU: 1 PID: 7739 Comm: syz-executor.0 Not tainted 4.19.84 #0 [ 255.398578] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 255.404552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.404619] Call Trace: [ 255.404702] dump_stack+0x197/0x210 [ 255.404722] ? v4l2_ctrl_grab+0x159/0x160 [ 255.404775] print_address_description.cold+0x7c/0x20d [ 255.404791] ? v4l2_ctrl_grab+0x159/0x160 [ 255.404806] kasan_report.cold+0x8c/0x2ba [ 255.404842] ? vidioc_querycap+0x110/0x110 [ 255.404858] __asan_report_load8_noabort+0x14/0x20 [ 255.404871] v4l2_ctrl_grab+0x159/0x160 [ 255.404886] ? vidioc_querycap+0x110/0x110 [ 255.404900] vicodec_stop_streaming+0x158/0x1a0 [ 255.404914] ? vicodec_return_bufs+0x220/0x220 [ 255.404966] __vb2_queue_cancel+0xb1/0x790 [ 255.404988] ? vidioc_querycap+0x110/0x110 [ 255.405028] ? dev_debug_store+0x110/0x110 [ 255.405044] vb2_core_queue_release+0x28/0x80 [ 255.405058] vb2_queue_release+0x16/0x20 [ 255.405072] v4l2_m2m_ctx_release+0x2d/0x40 [ 255.405086] vicodec_release+0xc0/0x120 [ 255.405102] v4l2_release+0xf9/0x1a0 [ 255.405138] __fput+0x2dd/0x8b0 [ 255.405160] ____fput+0x16/0x20 [ 255.405193] task_work_run+0x145/0x1c0 [ 255.405235] exit_to_usermode_loop+0x273/0x2c0 [ 255.405254] do_syscall_64+0x53d/0x620 [ 255.405290] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 255.405302] RIP: 0033:0x45a669 [ 255.405316] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 255.405324] RSP: 002b:00007ff3a5c4dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 255.405339] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 000000000045a669 [ 255.405347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 255.405356] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 255.405364] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3a5c4e6d4 [ 255.405373] R13: 00000000004fb3f2 R14: 00000000004d36b8 R15: 00000000ffffffff [ 255.405393] [ 255.405419] Allocated by task 7739: [ 255.405432] save_stack+0x45/0xd0 [ 255.405444] kasan_kmalloc+0xce/0xf0 [ 255.405455] __kmalloc_node+0x51/0x80 [ 255.405484] kvmalloc_node+0x68/0x100 [ 255.405497] v4l2_ctrl_new.part.0+0x214/0x1450 [ 255.405509] v4l2_ctrl_new_std+0x22d/0x360 [ 255.405520] vicodec_open+0x1a8/0xb30 [ 255.405532] v4l2_open+0x1b2/0x360 [ 255.405560] chrdev_open+0x245/0x6b0 [ 255.405588] do_dentry_open+0x4c3/0x1210 [ 255.405601] vfs_open+0xa0/0xd0 [ 255.405614] path_openat+0x10d7/0x45e0 [ 255.405626] do_filp_open+0x1a1/0x280 [ 255.405638] do_sys_open+0x3fe/0x550 [ 255.405651] __x64_sys_openat+0x9d/0x100 [ 255.405664] do_syscall_64+0xfd/0x620 [ 255.405677] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 255.405681] [ 255.405687] Freed by task 7739: [ 255.405699] save_stack+0x45/0xd0 [ 255.405711] __kasan_slab_free+0x102/0x150 [ 255.405723] kasan_slab_free+0xe/0x10 [ 255.405732] kfree+0xcf/0x220 [ 255.405743] kvfree+0x61/0x70 [ 255.405755] v4l2_ctrl_handler_free+0x4a8/0x7e0 [ 255.405767] vicodec_release+0x6b/0x120 [ 255.405778] v4l2_release+0xf9/0x1a0 [ 255.405789] __fput+0x2dd/0x8b0 [ 255.405801] ____fput+0x16/0x20 [ 255.405812] task_work_run+0x145/0x1c0 [ 255.405826] exit_to_usermode_loop+0x273/0x2c0 [ 255.405838] do_syscall_64+0x53d/0x620 [ 255.405851] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 255.405855] [ 255.405865] The buggy address belongs to the object at ffff888095b68400 [ 255.405865] which belongs to the cache kmalloc-256 of size 256 [ 255.405878] The buggy address is located 32 bytes inside of [ 255.405878] 256-byte region [ffff888095b68400, ffff888095b68500) [ 255.405883] The buggy address belongs to the page: [ 255.405894] page:ffffea000256da00 count:1 mapcount:0 mapping:ffff88812c3f07c0 index:0x0 [ 255.405907] flags: 0x1fffc0000000100(slab) [ 255.405925] raw: 01fffc0000000100 ffffea000254ad48 ffffea00023909c8 ffff88812c3f07c0 [ 255.405941] raw: 0000000000000000 ffff888095b68040 000000010000000c 0000000000000000 [ 255.405947] page dumped because: kasan: bad access detected [ 255.405951] [ 255.405955] Memory state around the buggy address: [ 255.405966] ffff888095b68300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 255.405977] ffff888095b68380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 255.405988] >ffff888095b68400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 255.405993] ^ [ 255.406004] ffff888095b68480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 255.406014] ffff888095b68500: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 255.406019] ================================================================== [ 255.406023] Disabling lock debugging due to kernel taint [ 255.464516] Kernel panic - not syncing: panic_on_warn set ... [ 255.464516] [ 255.858535] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.19.84 #0 [ 255.866744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.876092] Call Trace: [ 255.878677] dump_stack+0x197/0x210 [ 255.882292] ? v4l2_ctrl_grab+0x159/0x160 [ 255.886488] panic+0x26a/0x50e [ 255.889669] ? __warn_printk+0xf3/0xf3 [ 255.893548] ? v4l2_ctrl_grab+0x159/0x160 [ 255.897798] ? preempt_schedule+0x4b/0x60 [ 255.901935] ? ___preempt_schedule+0x16/0x18 [ 255.906360] ? trace_hardirqs_on+0x5e/0x220 [ 255.910670] ? v4l2_ctrl_grab+0x159/0x160 [ 255.914807] kasan_end_report+0x47/0x4f [ 255.918769] kasan_report.cold+0xa9/0x2ba [ 255.922903] ? vidioc_querycap+0x110/0x110 [ 255.927135] __asan_report_load8_noabort+0x14/0x20 [ 255.932048] v4l2_ctrl_grab+0x159/0x160 [ 255.936023] ? vidioc_querycap+0x110/0x110 [ 255.940242] vicodec_stop_streaming+0x158/0x1a0 [ 255.944910] ? vicodec_return_bufs+0x220/0x220 [ 255.949493] __vb2_queue_cancel+0xb1/0x790 [ 255.953723] ? vidioc_querycap+0x110/0x110 [ 255.957949] ? dev_debug_store+0x110/0x110 [ 255.962172] vb2_core_queue_release+0x28/0x80 [ 255.966654] vb2_queue_release+0x16/0x20 [ 255.970706] v4l2_m2m_ctx_release+0x2d/0x40 [ 255.975014] vicodec_release+0xc0/0x120 [ 255.978976] v4l2_release+0xf9/0x1a0 [ 255.982676] __fput+0x2dd/0x8b0 [ 255.985940] ____fput+0x16/0x20 [ 255.989205] task_work_run+0x145/0x1c0 [ 255.993094] exit_to_usermode_loop+0x273/0x2c0 [ 255.997662] do_syscall_64+0x53d/0x620 [ 256.001547] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 256.006730] RIP: 0033:0x45a669 [ 256.009911] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 256.028796] RSP: 002b:00007ff3a5c4dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 256.036497] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 000000000045a669 [ 256.043753] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 256.051007] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 256.058260] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3a5c4e6d4 [ 256.065514] R13: 00000000004fb3f2 R14: 00000000004d36b8 R15: 00000000ffffffff [ 256.074024] Kernel Offset: disabled [ 256.077645] Rebooting in 86400 seconds..