[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 40.079607] audit: type=1800 audit(1575977041.251:33): pid=7397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 40.101874] audit: type=1800 audit(1575977041.251:34): pid=7397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 43.163646] audit: type=1400 audit(1575977044.341:35): avc: denied { map } for pid=7570 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.78' (ECDSA) to the list of known hosts. 2019/12/10 11:24:11 fuzzer started [ 49.850645] audit: type=1400 audit(1575977051.021:36): avc: denied { map } for pid=7579 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/12/10 11:24:12 dialing manager at 10.128.0.105:41259 2019/12/10 11:24:12 syscalls: 2684 2019/12/10 11:24:12 code coverage: enabled 2019/12/10 11:24:12 comparison tracing: enabled 2019/12/10 11:24:12 extra coverage: extra coverage is not supported by the kernel 2019/12/10 11:24:12 setuid sandbox: enabled 2019/12/10 11:24:12 namespace sandbox: enabled 2019/12/10 11:24:12 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/10 11:24:12 fault injection: enabled 2019/12/10 11:24:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/10 11:24:12 net packet injection: enabled 2019/12/10 11:24:12 net device setup: enabled 2019/12/10 11:24:12 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/10 11:24:12 devlink PCI setup: PCI device 0000:00:10.0 is not available 11:27:19 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x8000000200000000, 0x100000800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, &(0x7f000000a000)) [ 237.959249] audit: type=1400 audit(1575977239.131:37): avc: denied { map } for pid=7596 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=4269 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 238.085495] IPVS: ftp: loaded support on port[0] = 21 11:27:19 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r0) dup2(r2, r1) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCSIFBR(r1, 0x8941, 0x0) [ 238.224910] chnl_net:caif_netlink_parms(): no params data found [ 238.290400] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.299226] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.308147] device bridge_slave_0 entered promiscuous mode [ 238.318054] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.331323] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.338775] device bridge_slave_1 entered promiscuous mode [ 238.354423] IPVS: ftp: loaded support on port[0] = 21 11:27:19 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) io_setup(0x7fff, 0x0) r1 = open(0x0, 0x0, 0x0) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000001480), 0x0, 0x0, 0x0) ioctl$TUNSETSNDBUF(r1, 0x400454d4, &(0x7f0000000040)=0x919) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0xfffffec6) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f0000000680)) [ 238.382849] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 238.407929] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 238.458344] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 238.468872] team0: Port device team_slave_0 added [ 238.489469] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 238.497855] team0: Port device team_slave_1 added [ 238.512311] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 238.546763] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready 11:27:19 executing program 3: r0 = syz_open_dev$loop(&(0x7f00000004c0)='/dev/loop#\x00', 0x0, 0x105082) memfd_create(0x0, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) [ 238.614658] device hsr_slave_0 entered promiscuous mode [ 238.651970] device hsr_slave_1 entered promiscuous mode [ 238.692493] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 238.699715] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 238.714256] IPVS: ftp: loaded support on port[0] = 21 [ 238.723636] chnl_net:caif_netlink_parms(): no params data found [ 238.817432] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.824243] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.833823] device bridge_slave_0 entered promiscuous mode [ 238.843250] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.849610] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.859627] device bridge_slave_1 entered promiscuous mode [ 238.878621] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.885126] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.892035] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.898376] bridge0: port 1(bridge_slave_0) entered forwarding state 11:27:20 executing program 4: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x76, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0xfe) write$binfmt_elf64(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="ed8ed24112ccba9ecbaea5e8dd24f24b3ac273c81c2b7c8c5b06d007e4c0072fab72c7d711beb15f4313966fe3a4fa21e76fc4d05e107ac82d5e075205917f03000000030b6daa6e72ad000000610000000000000001a25a382e"], 0x5a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0xa198) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)={0x24, r2, 0x0, 0x70bd2b, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x10, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblc\x00'}]}]}, 0x24}}, 0x800) [ 238.945115] IPVS: ftp: loaded support on port[0] = 21 [ 238.955907] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 239.035894] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 239.108830] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 239.141521] team0: Port device team_slave_0 added [ 239.161829] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 239.174110] IPVS: ftp: loaded support on port[0] = 21 [ 239.181987] team0: Port device team_slave_1 added [ 239.194926] chnl_net:caif_netlink_parms(): no params data found [ 239.207609] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 239.239917] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 239.246300] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.258861] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready 11:27:20 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c0045002, &(0x7f00000000c0)=0x800) read$FUSE(r0, &(0x7f0000000380), 0x313) [ 239.299991] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 239.309033] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.327264] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.335013] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 239.388685] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 239.439282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 239.457224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 239.472608] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 239.478874] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.532510] device hsr_slave_0 entered promiscuous mode [ 239.570923] device hsr_slave_1 entered promiscuous mode [ 239.631839] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 239.638714] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.646980] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.654151] device bridge_slave_0 entered promiscuous mode [ 239.662753] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 239.684505] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 239.693861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 239.702966] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 239.710940] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.717283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.725260] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.733607] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.741122] device bridge_slave_1 entered promiscuous mode [ 239.778823] chnl_net:caif_netlink_parms(): no params data found [ 239.802493] IPVS: ftp: loaded support on port[0] = 21 [ 239.810215] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 239.820859] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 239.851073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.858979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 239.869032] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.875518] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.886133] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 239.929197] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 239.937570] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.944416] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.952033] device bridge_slave_0 entered promiscuous mode [ 239.965492] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 239.973128] team0: Port device team_slave_0 added [ 239.978258] chnl_net:caif_netlink_parms(): no params data found [ 239.993725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 240.002430] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.008789] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.016046] device bridge_slave_1 entered promiscuous mode [ 240.029593] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 240.037422] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 240.046574] team0: Port device team_slave_1 added [ 240.055837] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 240.066064] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 240.079802] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 240.110714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 240.120066] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 240.129637] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 240.141655] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 240.223748] device hsr_slave_0 entered promiscuous mode [ 240.261101] device hsr_slave_1 entered promiscuous mode [ 240.301918] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 240.309694] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 240.318018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 240.325981] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 240.334698] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 240.342573] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.348932] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.356326] device bridge_slave_0 entered promiscuous mode [ 240.367214] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.373869] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.381000] device bridge_slave_1 entered promiscuous mode [ 240.402454] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 240.413784] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 240.421608] team0: Port device team_slave_0 added [ 240.427798] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 240.438742] team0: Port device team_slave_1 added [ 240.446574] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 240.461889] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 240.470304] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 240.479163] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 240.489119] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 240.518093] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 240.526192] team0: Port device team_slave_0 added [ 240.532757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 240.540495] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 240.554907] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 240.602959] device hsr_slave_0 entered promiscuous mode [ 240.653427] device hsr_slave_1 entered promiscuous mode [ 240.691911] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 240.699307] team0: Port device team_slave_1 added [ 240.706624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 240.714662] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 240.746553] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 240.760466] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 240.769076] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 240.777164] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 240.792547] chnl_net:caif_netlink_parms(): no params data found [ 240.807819] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 240.815449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 240.823364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 240.837023] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 240.843400] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 240.875628] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 240.888664] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 240.942507] device hsr_slave_0 entered promiscuous mode [ 240.980976] device hsr_slave_1 entered promiscuous mode [ 241.022784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.029082] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 241.049284] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 241.055880] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 241.070041] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 241.077775] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 241.084827] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 241.100186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.112503] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 241.121643] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.128013] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.136276] device bridge_slave_0 entered promiscuous mode [ 241.143864] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.150243] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.157909] device bridge_slave_1 entered promiscuous mode [ 241.178562] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 241.189282] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 241.198904] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 241.205179] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.216055] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 241.222894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 241.229806] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 241.237208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 241.244441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 241.255551] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 241.267785] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 241.275393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 241.283723] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 241.291846] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.298177] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.307405] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 241.326999] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 241.336142] team0: Port device team_slave_0 added [ 241.344301] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 241.353463] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 241.367110] audit: type=1400 audit(1575977242.541:38): avc: denied { associate } for pid=7598 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 241.387482] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.405822] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 241.412547] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.419512] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 241.427181] team0: Port device team_slave_1 added [ 241.435222] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 241.443495] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 241.452954] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 241.461184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 241.469043] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 241.485548] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.492945] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.509909] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 241.533459] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 241.549264] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 241.560404] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 241.568831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 241.578720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 241.586560] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.592987] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.600125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 241.608634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 241.615787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 241.625026] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 241.683987] device hsr_slave_0 entered promiscuous mode [ 241.721151] device hsr_slave_1 entered promiscuous mode [ 241.761851] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 241.769249] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 241.776452] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 241.784337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 241.792330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 241.799888] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.806288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.815355] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 241.822575] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.833931] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 241.843168] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 241.853829] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 241.862316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 241.872369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 241.881892] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.888255] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.895244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 241.903905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 241.911745] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 241.921700] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 241.932143] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 241.942794] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 241.951746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 241.958847] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 241.966305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 241.974694] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 241.982937] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.989296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.997467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 242.005602] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 242.018981] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 242.029543] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 242.039965] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 242.048417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 242.058114] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 242.066444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 242.075317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 242.085507] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 242.094070] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 242.108843] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 242.117344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 242.125505] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 242.133264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 242.141524] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 242.149624] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 242.159196] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 242.168756] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 242.183100] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 242.195831] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready 11:27:23 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) socketpair(0x2, 0x800, 0x80, &(0x7f0000000200)={0xffffffffffffffff}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000b80)=ANY=[@ANYBLOB="2400000011000d0400"/18, @ANYRES32=r2], 0x2}}, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000240)={@mcast1, 0x4e, r2}) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x1001000004e23, 0x0, @loopback}, 0x1c) r3 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r3, 0x29, 0x22, &(0x7f0000000040)=r3, 0x52d) r4 = accept(r3, &(0x7f00000000c0)=@nfc_llcp, &(0x7f0000000140)=0x80) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4e20, 0x3a, @ipv4={[], [], @multicast2}, 0x1}, 0x1c) listen(r0, 0x7ffd) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r5, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0xfffffc01, @loopback}], 0xffffffffffffffe7) r6 = socket$inet6(0xa, 0x80003, 0x6b) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000040)={'TPROXY\x00'}, &(0x7f0000000080)=0x1e) ioctl(r6, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071") write(r5, &(0x7f0000000100), 0x1ede5) r7 = accept(r0, 0x0, 0x0) shutdown(r7, 0x2) [ 242.220646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 242.236586] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 242.251694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 242.260069] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 242.268364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 242.276598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 242.285353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 242.296938] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 242.307753] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready 11:27:23 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10) r1 = socket$l2tp(0x18, 0x1, 0x1) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f00000003c0)=@fragment, 0x8) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x0, @mcast2}, 0x1c) connect$l2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0xffff, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) semget$private(0x0, 0x6, 0xedd7b6e59ce97bfa) [ 242.327069] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 242.344193] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 242.363619] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 11:27:23 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0x80) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$unix(0x1, 0x10004000000002, 0x0) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000356000)=0x1, 0x36d) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) sendmsg$TIPC_CMD_GET_LINKS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x2}}, 0x0) r4 = open(&(0x7f0000000040)='./file0\x00', 0x244082, 0x141) ioctl$KDGETMODE(r4, 0x4b3b, &(0x7f0000000080)) ioctl$VIDIOC_S_CROP(r4, 0x4014563c, &(0x7f0000000040)={0x9, {0x1c7550a2, 0x80000001, 0x40, 0xdb}}) [ 242.378120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 242.393973] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 242.403971] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 242.416629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 242.430497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 242.444610] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 242.463212] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 242.469316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 242.482869] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 242.488936] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 242.505825] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 242.519896] 8021q: adding VLAN 0 to HW filter on device bond0 [ 242.529008] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 242.541440] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 242.548572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 242.556437] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 242.568851] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 242.579083] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 242.587541] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 242.594816] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 242.602538] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 242.609268] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 242.616478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 242.624173] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 242.636075] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.656973] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 242.663808] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.673902] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 242.685110] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 242.706262] 8021q: adding VLAN 0 to HW filter on device bond0 [ 242.723893] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready 11:27:23 executing program 1: r0 = socket$xdp(0x2c, 0x3, 0x0) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x8012, r0, 0x0) r1 = memfd_create(&(0x7f0000000000)='Elo(#securitylo\x00\xb1\x03N\xed\xc6[hL\xb7rC\xd0=\'\xd9\xab\x86\xd9\xc7', 0x8000000004) ftruncate(r1, 0x200000) r2 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x14204, 0x0) read(r2, &(0x7f0000000240)=""/211, 0xd3) [ 242.732147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 242.746685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 242.768940] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.771969] audit: type=1400 audit(1575977243.941:39): avc: denied { map } for pid=7651 comm="syz-executor.1" path="socket:[29525]" dev="sockfs" ino=29525 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=socket permissive=1 [ 242.775391] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.821519] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 11:27:24 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000680)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = inotify_init1(0x0) r2 = dup2(r1, r0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_CAPBSET_DROP(0x18, 0x0) ioctl$TIOCGPTPEER(r2, 0x5441, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x244082, 0x141) r4 = getuid() ioctl$SIOCAX25ADDUID(r3, 0x89e1, &(0x7f00000000c0)={0x3, @null, r4}) ioctl$KDGETMODE(r3, 0x4b3b, &(0x7f0000000080)) r5 = open(&(0x7f0000000040)='./file0\x00', 0x244082, 0x141) ioctl$KDGETMODE(r5, 0x4b3b, &(0x7f0000000080)) r6 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$TIOCNXCL(r6, 0x540d) creat(0x0, 0x0) creat(0x0, 0x0) getsockopt$CAN_RAW_RECV_OWN_MSGS(0xffffffffffffffff, 0x65, 0x4, 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) [ 242.837578] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 242.858250] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 242.868693] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 242.884801] hrtimer: interrupt took 46196 ns [ 242.886961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 242.898194] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 242.913103] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.920163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.929810] QAT: Invalid ioctl 11:27:24 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$KVM_GET_TSC_KHZ(0xffffffffffffffff, 0xaea3) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) socket$inet6(0xa, 0x400000000001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) r2 = socket(0x10, 0x2, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x244082, 0x141) ioctl$KDGETMODE(r3, 0x4b3b, &(0x7f0000000080)) ioctl$SOUND_MIXER_WRITE_VOLUME(r3, 0xc0044d12, &(0x7f0000000080)=0x6) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) getpid() ioctl$sock_SIOCSPGRP(r2, 0x8902, 0x0) socket(0x10, 0x2, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x30000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000040)={0x4, 0x0, 0x0, 0x1, 0x0, 0x5}) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x10001) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625df083002000000408478c2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f61eeaa8b6639ce7f16a3785445d8f244f6be479ffffffffff8756ea7d486588272169d8b90f1d7106f5776ff894e3472e2b8811e658a49a0eba9b9d6a05995f5ed199fcf8722be75fa42c080601d48e799be8"], 0x9f) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) [ 242.937061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 242.937779] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 242.937875] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 242.968358] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 242.988218] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 242.998928] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 243.017127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 243.029091] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 243.036263] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 243.048270] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 243.067186] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 243.082596] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 243.091197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 243.099026] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 243.107300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 243.114844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 243.125819] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 243.136063] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 243.158833] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 243.166067] 8021q: adding VLAN 0 to HW filter on device team0 [ 243.193553] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 243.208528] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 243.220514] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 243.237252] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 243.253895] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 243.268167] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 243.285429] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 243.305624] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 243.317947] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 243.335063] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 243.341472] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 243.350198] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 243.352888] FAT-fs (loop1): Filesystem has been set read-only [ 243.366531] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 243.374447] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 243.390272] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 11:27:24 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$KVM_GET_TSC_KHZ(0xffffffffffffffff, 0xaea3) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) socket$inet6(0xa, 0x400000000001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) r2 = socket(0x10, 0x2, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x244082, 0x141) ioctl$KDGETMODE(r3, 0x4b3b, &(0x7f0000000080)) ioctl$SOUND_MIXER_WRITE_VOLUME(r3, 0xc0044d12, &(0x7f0000000080)=0x6) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) getpid() ioctl$sock_SIOCSPGRP(r2, 0x8902, 0x0) socket(0x10, 0x2, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x30000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000040)={0x4, 0x0, 0x0, 0x1, 0x0, 0x5}) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x10001) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625df083002000000408478c2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f61eeaa8b6639ce7f16a3785445d8f244f6be479ffffffffff8756ea7d486588272169d8b90f1d7106f5776ff894e3472e2b8811e658a49a0eba9b9d6a05995f5ed199fcf8722be75fa42c080601d48e799be8"], 0x9f) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) [ 243.408922] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 243.429590] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 243.439107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 243.452123] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 243.459980] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.466365] bridge0: port 1(bridge_slave_0) entered forwarding state [ 243.473415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 243.481685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 243.489213] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.495598] bridge0: port 2(bridge_slave_1) entered forwarding state [ 243.502894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 243.515670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 243.524121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 243.532544] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 243.540795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 243.548797] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 243.557478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 243.565271] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 243.573175] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 243.581139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 243.595652] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 243.619689] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 243.661184] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 243.668521] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 243.692045] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 243.727045] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 243.755972] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 11:27:25 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r2, 0x29, 0x22, &(0x7f0000000040)=r2, 0x52d) r3 = socket$kcm(0xa, 0x2, 0x11) r4 = open(&(0x7f0000000040)='./file0\x00', 0x244082, 0x141) ioctl$KDGETMODE(r4, 0x4b3b, &(0x7f0000000080)) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r4, 0x84, 0x12, &(0x7f0000000080)=0x3, 0x4) setsockopt$sock_attach_bpf(r3, 0x29, 0x22, &(0x7f0000000040)=r3, 0x52d) signalfd4(r3, &(0x7f0000000100), 0x8, 0xc0000) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xe, 0x3, &(0x7f0000000040)=@framed={{0x15, 0xa, 0x0, 0x0, 0x0, 0x61, 0x10, 0x74}}, &(0x7f0000000400)='GPL\x04\x9c5\x14\xbfw-\xa0z\xe8.vY\n6\xf6I>\xc1\xab\x91\xb3\x97\xe4*\xbf\x1e\xa6\xcd\x8c\xd7t\'\xfc\x9a\x9e+qe\xf5+A\a\xbf\bP\xd8\x99\xdcR\xd0\"\xe3>Uo\xb2\xe3\xf3\x9a<\xde\x1f\xcaSd\x037\xec\x95aF\xbd\xbf\xcb\x11Pp\x19V1\xde]!\xa5\xea\x9ec\x8c+\xdbx\xa5\x01\xcaKn\xa3\x13\xd8%h\xf98,,?o\xab\xa6\xb4\xeeTy;N\xd2m\xae>R\"P)\xbb*\xc0\x00\x7fwuL?#\xce\xda\x98\t\xb9\xa9hJ\x94\n\xbc\xaa\x8c\xfc\xc7\x13>\xc4\"\xe9\xc88\x881\x8dA\xe9\xa4\x93\xf0\x19_\xe2Y\x96Q\xb8\x95\x04\xf5\xdb\xa1F%\xce#f\xf3=\x95\xdb\xa9/\x86ry\xca\xbfJ\xce\xdd\xc8Z\x8a\xf7\xa0\xfah\xd7g\xceQ6\xb9\xd0\xd1D\x90Cy\xb6\xbf4\xc2\x98\x86f\x97\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00qV\xf5\x9d~\v\xd0\x01\xddnDc\x81\xce\x98pay\xfeE!W\xc6\x9e\x8d~\x98\xd1\x11\xee\xf9\x87\x15\x04\xd4\a\x05\x8dr\xdb\x06\xc4\\\x10\xb5PQ\xdb\xa8^\x13[\x15y^\xd1\xffq\xaaO!\xe1IB\x16\x94\xd7\xe7(<}r\x97\xc3,=\xf2\x7f\xe9F\xd6\b!\xb8H\x90c-\x9c\xa57\xc0\xb2vm\x18\xb5\xf9>\x10\xfb\xf3\xa3\xe9\xcd\xca\xc2\xfe\xcfh\x86\x99}\xeen\x1f\xaf\x9c\xf4_\f\x91\xc0\x89\x82<\x8bS|\\t\x16\xda.\x85\x88\xaf\xfe\x8a\'-\xdc\xcaZ\xc4\xd2\xc6\x12\x98\xa5\xdc\xcb\xdc\xe4\x84\xd7\xe9i_\xeb\xa0|\xda@e\xcd\xb8\x12s\xe59z\x81P0\xab\xf4$4\xb4\xc1yI\xc6eU\x92L\x94\xbdG_+\t\xcfp\x11\xa8\xabt\xad\x89\xef\xa9y\xe0\x89', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x30a}, 0x14) [ 243.842474] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 243.854600] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 243.862840] FAT-fs (loop1): Filesystem has been set read-only [ 243.870386] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 243.890518] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 243.914878] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 243.925755] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 243.937180] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 243.943868] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 243.951647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 243.959166] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 243.976313] audit: type=1400 audit(1575977245.151:40): avc: denied { prog_load } for pid=7681 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 244.006869] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 244.028413] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 244.035495] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 244.048431] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 244.063009] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 244.078586] audit: type=1400 audit(1575977245.191:41): avc: denied { prog_run } for pid=7681 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 244.080827] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 244.137301] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 11:27:25 executing program 2: r0 = gettid() r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) prctl$PR_SET_PTRACER(0x59616d61, r0) write$binfmt_script(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="23040010"], 0x4) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/status\x00', 0x0, 0x0) read$fb(r2, &(0x7f0000000100)=""/20, 0x14) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x202f00, 0x0) ioctl$PERF_EVENT_IOC_RESET(r3, 0x2403, 0x0) close(r1) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) fstatfs(r2, &(0x7f00000001c0)=""/189) 11:27:25 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x4, 0x5, 0x0, 0x4000000000000000}, 0xb31d237638840f6f) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x2a) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)=0x8) r5 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x60000) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r5, 0x6, 0x1d, &(0x7f0000000100), &(0x7f0000000180)=0x14) write$binfmt_elf64(r4, &(0x7f0000000000)=ANY=[@ANYRESDEC], 0xfd14) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, 0x0) socket(0x0, 0x1a6273f2b2e289f7, 0x0) socket(0x0, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r6 = open(&(0x7f0000000040)='./file0\x00', 0x244082, 0x141) ioctl$KDGETMODE(r6, 0x4b3b, &(0x7f0000000080)) ioctl$KDDELIO(r6, 0x4b35, 0x30f1) mount$fuse(0x0, 0x0, &(0x7f0000000940)='fuse\x00', 0x0, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) close(r3) [ 244.435181] audit: type=1400 audit(1575977245.611:42): avc: denied { create } for pid=7706 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 244.530104] audit: type=1400 audit(1575977245.611:43): avc: denied { write } for pid=7706 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 244.561244] audit: type=1400 audit(1575977245.611:44): avc: denied { read } for pid=7706 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 11:27:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$KVM_GET_TSC_KHZ(0xffffffffffffffff, 0xaea3) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) socket$inet6(0xa, 0x400000000001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) r2 = socket(0x10, 0x2, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x244082, 0x141) ioctl$KDGETMODE(r3, 0x4b3b, &(0x7f0000000080)) ioctl$SOUND_MIXER_WRITE_VOLUME(r3, 0xc0044d12, &(0x7f0000000080)=0x6) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) getpid() ioctl$sock_SIOCSPGRP(r2, 0x8902, 0x0) socket(0x10, 0x2, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x30000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000040)={0x4, 0x0, 0x0, 0x1, 0x0, 0x5}) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x10001) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625df083002000000408478c2fdffe8cd918b035041291559f3ee3a46069062af9680d512f4d8a5c51817c3ff01a1f61eeaa8b6639ce7f16a3785445d8f244f6be479ffffffffff8756ea7d486588272169d8b90f1d7106f5776ff894e3472e2b8811e658a49a0eba9b9d6a05995f5ed199fcf8722be75fa42c080601d48e799be8"], 0x9f) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 11:27:26 executing program 0: r0 = open(&(0x7f0000000040)='./file0\x00', 0x244082, 0x141) ioctl$KDGETMODE(r0, 0x4b3b, &(0x7f0000000080)) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000200)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0], 0x6, 0x5, 0x8, 0x2}) r1 = socket$inet6(0xa, 0x5, 0x0) ioctl$sock_bt_hci(r0, 0x400448e1, &(0x7f00000002c0)="24a51bd376882b203fd643ea93036ff66acd1df7c2d0f06f6238d1cd0d9889418c90bf6ddb43912c1a20aeb5437eb7ed5cf68d6450bc1ec81b1f4f58a2781f65e0d166f3e3604f4d11a416f585d8c87f210d23a5343059549b9c1945a4a45ddab2ac6bd1ff5ed52c2e2e7e455cfd48c18c228ff8b43a54fb744f792418eef7fee7315f1ae2c511f7b75bf26de67e8b0a6afe4a1dbbe0c8ebbb814e4f09cb437003a729c8c31d99780305b98be17af49733c82d5ca68fd6eb4bfb3305a4dd443a1d2580e848d4072dfd7606331da1cb") ioctl(r1, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071") r2 = socket$inet6(0xa, 0x3, 0x4000000000084) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) sendmsg(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="ba02000000000000001c857b02adc2f2", 0x10}], 0x1}, 0x0) 11:27:26 executing program 4: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x76, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0xfe) write$binfmt_elf64(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="ed8ed24112ccba9ecbaea5e8dd24f24b3ac273c81c2b7c8c5b06d007e4c0072fab72c7d711beb15f4313966fe3a4fa21e76fc4d05e107ac82d5e075205917f03000000030b6daa6e72ad000000610000000000000001a25a382e"], 0x5a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0xa198) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)={0x24, r2, 0x0, 0x70bd2b, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x10, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblc\x00'}]}]}, 0x24}}, 0x800) 11:27:26 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x22, &(0x7f0000000040)=r1, 0x52d) r2 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r2, 0x29, 0x22, &(0x7f0000000040)=r2, 0x52d) r3 = dup3(r1, r2, 0x80000) ioctl$KVM_HYPERV_EVENTFD(r0, 0x4018aebd, &(0x7f0000000100)={0x2, r3}) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x400, 0x0) getegid() setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000080)=[@timestamp, @timestamp, @mss={0x2, 0x3f}, @sack_perm, @sack_perm], 0x5) r6 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r6, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r4, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) sendmmsg(r6, &(0x7f0000000140), 0x0, 0x0) r7 = open(&(0x7f0000000040)='./file0\x00', 0x244082, 0x141) ioctl$KDGETMODE(r7, 0x4b3b, &(0x7f0000000080)) getsockname$inet6(r7, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev}, &(0x7f00000001c0)=0x1c) 11:27:26 executing program 0: syz_emit_ethernet(0x0, &(0x7f0000000000)=ANY=[], 0x0) kexec_load(0x1, 0x2, &(0x7f0000001080), 0xa0000) 11:27:26 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000740)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c96ef15640cf8bc693f5ec9154a614f0400000000000000016598578744ec74540722a910af916429f33c047f88127d19a042b3e8f99ffba79e9ef678f641f1f7f4270ba9867067b74515bab0db5fc04e81ea03210a957dd4131b475a6825ed0234cd3da775ef1ed78ae41338346c4aa5691432b91d910f931ccfff722c1105e34a5ab6cef9fa139808c2996e5f75faaed77d8a8a7bc8b518265c9b7160f8dd5005f1fb252329a6ce14d9bbb713c5c9fc3c9a9b518e8770f6b6329ba520b9afacab10baa883ea9b4aa53544e405d58522656241b2607a44f73ec98905f804baaabad2e0182e8011f8a8fd85b8bbe2795e32baaf5b6965ccddc8a1f13763f41e017904fc47ee5f46ac9a33ea0956b71e1f6c156545"], 0x15) r2 = dup(r1) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000400)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x2}}}, 0xa0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400041c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4000000000000}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0) mknod$loop(&(0x7f00000004c0)='./file0/file0\x00', 0x1100, 0x0) ioctl$SIOCAX25ADDUID(r2, 0x89e1, &(0x7f0000000000)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xee00}) [ 245.397593] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 245.406122] FAT-fs (loop1): Filesystem has been set read-only [ 245.412734] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF 11:27:26 executing program 1: ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(0xffffffffffffffff, 0x80dc5521, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, &(0x7f0000a8a000)) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x7a, &(0x7f000059aff8), 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) getsockname$packet(r2, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4800000010000d07cdd87d345d28000000000000", @ANYRES32, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="aaf200000700"/19], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)}, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000009c0)=ANY=[@ANYBLOB="0000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080ff0f00002b0a00000000000000000000000000000104000000000000060000000000000000000000000000000000000000000000000000000000000000020000080000000001000000000000c1ffffffffffffff0f0000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cfc7f07b00"/772]) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x36e, &(0x7f00000000c0)={&(0x7f0000000980)=ANY=[]}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 11:27:26 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x22, &(0x7f0000000040)=r1, 0x52d) r2 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r2, 0x29, 0x22, &(0x7f0000000040)=r2, 0x52d) r3 = dup3(r1, r2, 0x80000) ioctl$KVM_HYPERV_EVENTFD(r0, 0x4018aebd, &(0x7f0000000100)={0x2, r3}) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x400, 0x0) getegid() setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000080)=[@timestamp, @timestamp, @mss={0x2, 0x3f}, @sack_perm, @sack_perm], 0x5) r6 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r6, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r4, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) sendmmsg(r6, &(0x7f0000000140), 0x0, 0x0) r7 = open(&(0x7f0000000040)='./file0\x00', 0x244082, 0x141) ioctl$KDGETMODE(r7, 0x4b3b, &(0x7f0000000080)) getsockname$inet6(r7, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev}, &(0x7f00000001c0)=0x1c) 11:27:26 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x22, &(0x7f0000000040)=r1, 0x52d) r2 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r2, 0x29, 0x22, &(0x7f0000000040)=r2, 0x52d) r3 = dup3(r1, r2, 0x80000) ioctl$KVM_HYPERV_EVENTFD(r0, 0x4018aebd, &(0x7f0000000100)={0x2, r3}) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x400, 0x0) getegid() setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000080)=[@timestamp, @timestamp, @mss={0x2, 0x3f}, @sack_perm, @sack_perm], 0x5) r6 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r6, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r4, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) sendmmsg(r6, &(0x7f0000000140), 0x0, 0x0) r7 = open(&(0x7f0000000040)='./file0\x00', 0x244082, 0x141) ioctl$KDGETMODE(r7, 0x4b3b, &(0x7f0000000080)) getsockname$inet6(r7, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev}, &(0x7f00000001c0)=0x1c) 11:27:26 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) munlockall() setreuid(0x0, r1) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b70000001f0100000000000095000000000000000000005c013ac482d4f43fde52485905c71ca3b1e22136e91e1468d5444ac4ffbdbac13f8194fdbaec3f54f9e3992dc8c38e9b6ef6432d2c2abfecb6fa516dbf447c7a72483b8ee4733997c74ab6f8eef1ef20b8cf"], &(0x7f0000003ff6)='OPL\x00', 0x1, 0xb579, &(0x7f000000cf3d)=""/195}, 0x48) [ 245.920136] syz-executor.1 (7749) used greatest stack depth: 22224 bytes left 11:27:28 executing program 3: socket$nl_generic(0x10, 0x3, 0x10) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) openat$ptmx(0xffffffffffffff9c, 0x0, 0x10000, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200000000, 0x80000000000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x6) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000080)) r2 = open(&(0x7f0000000040)='./file0\x00', 0x244082, 0x141) ioctl$KDGETMODE(r2, 0x4b3b, &(0x7f0000000080)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x68, r4, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x0, @media='ib\x00'}}}}, 0x68}}, 0x0) sendmsg$TIPC_CMD_RESET_LINK_STATS(r2, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xef9fd9586a19e418}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, r4, 0x100, 0x70bd29, 0x40, {{}, 0x0, 0x410c, 0x0, {0xc, 0x14, 'syz0\x00'}}, ["", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000888}, 0x4) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') write$P9_RFLUSH(r0, &(0x7f00000003c0)={0x7, 0x6d, 0x1}, 0x7) sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x54, 0x0, 0x18a0, 0x70bd27, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0xc, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_MON={0x34, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xb230}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6100}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xd4}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x6be2fee381b1033a) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 11:27:28 executing program 5: epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000040)) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = syz_open_procfs(0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x20002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000240), 0x12}, 0x0, 0x3, 0x0, 0x4, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000002c0), 0x0) getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f0000000300), &(0x7f0000000380)=0x80) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') r1 = socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$dri(0x0, 0x81, 0x10000) ioctl$RTC_EPOCH_SET(r0, 0x4008700e, 0x401) creat(0x0, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) inotify_init() getegid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'vxcan1\x00', 0x0}) bind$packet(r2, &(0x7f0000000100)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="20006d8d000011004d400100000000bc553e58ef2d0c458ec2870187c7f9571b38590f80ffe357858e7840b3cdc2b65069aa6486598dc7e9b07a82ab62853dff5e4c5f593915027ea21770af56a555e58408162bade363cb5faa6d8c43f991d6c64ec752b49ce4f11ddbdee2", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x25c}}, 0x0) 11:27:28 executing program 1: ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(0xffffffffffffffff, 0x80dc5521, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, &(0x7f0000a8a000)) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x7a, &(0x7f000059aff8), 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) getsockname$packet(r2, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4800000010000d07cdd87d345d28000000000000", @ANYRES32, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="aaf200000700"/19], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)}, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000009c0)=ANY=[@ANYBLOB="0000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080ff0f00002b0a00000000000000000000000000000104000000000000060000000000000000000000000000000000000000000000000000000000000000020000080000000001000000000000c1ffffffffffffff0f0000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cfc7f07b00"/772]) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x36e, &(0x7f00000000c0)={&(0x7f0000000980)=ANY=[]}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 11:27:28 executing program 4: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x76, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0xfe) write$binfmt_elf64(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="ed8ed24112ccba9ecbaea5e8dd24f24b3ac273c81c2b7c8c5b06d007e4c0072fab72c7d711beb15f4313966fe3a4fa21e76fc4d05e107ac82d5e075205917f03000000030b6daa6e72ad000000610000000000000001a25a382e"], 0x5a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0xa198) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)={0x24, r2, 0x0, 0x70bd2b, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x10, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblc\x00'}]}]}, 0x24}}, 0x800) 11:27:28 executing program 2: r0 = gettid() r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) prctl$PR_SET_PTRACER(0x59616d61, r0) write$binfmt_script(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="23040010"], 0x4) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/status\x00', 0x0, 0x0) read$fb(r2, &(0x7f0000000100)=""/20, 0x14) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x202f00, 0x0) ioctl$PERF_EVENT_IOC_RESET(r3, 0x2403, 0x0) close(r1) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) fstatfs(r2, &(0x7f00000001c0)=""/189) 11:27:28 executing program 0: ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000080)={0x20024e, 0x20000000209, 0x0, 0xffffffffffffffff}) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000080)={0x10000, 0x20000000209, 0x0, 0xffffffffffffffff}) r4 = dup2(r2, r3) r5 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, &(0x7f0000000080)={0x10000, 0x20000000209, 0x0, 0xffffffffffffffff}) r8 = dup2(r6, r7) ioctl$ION_IOC_ALLOC(r8, 0xc0184900, &(0x7f0000000080)={0x20024e, 0x20000000209, 0x0, 0xffffffffffffffff}) r10 = dup2(r5, r9) ioctl$ION_IOC_ALLOC(r10, 0xc0184900, &(0x7f0000000000)={0x9cf0000008, 0x9, 0x0, 0xffffffffffffffff, 0x8}) r12 = socket(0x10, 0x80002, 0x0) r13 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000d40)='/dev/dlm_plock\x00', 0x800, 0x0) r14 = socket$inet6(0xa, 0x3, 0x6) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8, 0x810, r14, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r14, 0x29, 0x20, &(0x7f0000000080)={@loopback, 0x800, 0x0, 0x100000003, 0x1, 0x0, 0x1, 0x400000000}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r14, 0x29, 0x20, &(0x7f0000000300)={@mcast2, 0x10000, 0x0, 0x102, 0x8000003}, 0x20) connect$inet6(r14, &(0x7f0000000500)={0xa, 0x0, 0x40f7, @mcast2, 0x7ff}, 0x9) r15 = syz_open_procfs(0x0, &(0x7f0000000600)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r14, r15, &(0x7f0000000240)=0x202, 0x4000000000dc) r16 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140)='nbd\x00') r17 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/net/pfkey\x00', 0x2fe69cacd3446647, 0x0) ioctl$KVM_S390_UCAS_UNMAP(r17, 0x4018ae51, &(0x7f0000000400)={0x10000000008000, 0x7ff, 0x2}) r18 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r18, 0x29, 0x22, &(0x7f0000000040)=r18, 0x52d) sendmsg$NBD_CMD_RECONFIGURE(r15, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100010b8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYPTR64=&(0x7f00000003c0)=ANY=[@ANYRES16=r18], @ANYBLOB="050c27bd7000ffdbdf2503000000"], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$NBD_CMD_CONNECT(r13, &(0x7f0000000e40)={&(0x7f0000000d80)={0x10, 0x0, 0x0, 0x81800004}, 0xc, &(0x7f0000000e00)={&(0x7f0000000dc0)={0x14, r16, 0x800, 0x70bd28, 0x25dfdbfc}, 0x14}}, 0x10) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400040}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r16, 0x4, 0x70bd28, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x8}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x80}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x2000c040) sendmsg$NBD_CMD_DISCONNECT(r12, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x22048002}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000a8d58935665993e29fb68e93b8c4615e33fb84cf6ef289adae0a05f4117836d90e489f343172693317d442a11fff6730359ef8631928f9d39930083634f3a28a45cc015dadde84d4441a557a9cc8811a7b9e90ed53aa27e01ba49e3830aaa1a56f30259f73228d8b77e1d6cc49bda800045d37b9544b5be397ee4d81f4", @ANYRES16=r16, @ANYBLOB="88002dbd7000fcdbdf2502000000"], 0x313}, 0x1, 0x0, 0x0, 0x8000}, 0x6000081) r19 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) r20 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r20, 0xc0184900, &(0x7f0000000080)={0x10000, 0x20000000209, 0x0, 0xffffffffffffffff}) r22 = dup2(r20, r21) ioctl$ION_IOC_ALLOC(r22, 0xc0184900, &(0x7f0000000080)={0x20024e, 0x20000000209, 0x0, 0xffffffffffffffff}) r24 = dup2(r19, r23) ioctl$ION_IOC_ALLOC(r24, 0xc0184900, &(0x7f0000000000)={0x9cf0000008, 0x9, 0x0, 0xffffffffffffffff, 0x8}) r25 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) r26 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r26, 0xc0184900, &(0x7f0000000080)={0x10000, 0x20000000209, 0x0, 0xffffffffffffffff}) dup2(r26, r27) r28 = dup2(r25, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r28, 0xc0184900, &(0x7f0000000000)={0x9cf0000008, 0x20, 0x0, r11, 0x8}) sendmsg$NBD_CMD_CONNECT(r10, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x90, r16, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x10a}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xd83b}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7}, @NBD_ATTR_SOCKETS={0x2c, 0x7, [{0x8, 0x1, r24}, {0x8, 0x1, r28}, {0x8, 0x1, r1}, {0x8}, {0x8, 0x1, r4}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x17a000000000}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000000}, 0x80800) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x64, r16, 0x104, 0x70bd2a, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SOCKETS={0xc, 0x7, [{0x8}]}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x101}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x4}, @NBD_ATTR_SERVER_FLAGS={0xc}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}]}, 0x64}, 0x1, 0x0, 0x0, 0x20040044}, 0x4008000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r29 = socket$inet6(0xa, 0x400000000001, 0x0) close(r29) r30 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r30, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x10e6, @loopback, 0x9}], 0x1c) connect$inet6(r30, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r31 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) setsockopt$inet_sctp6_SCTP_MAXSEG(r29, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={0x0, 0x839}, 0x8) ftruncate(r31, 0x200004) sendfile(r29, r31, 0x0, 0x80001d00c0d0) connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) [ 247.332276] audit: type=1400 audit(1575977248.501:45): avc: denied { map } for pid=7769 comm="syz-executor.0" path="socket:[30793]" dev="sockfs" ino=30793 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=rawip_socket permissive=1 [ 247.357117] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7773 comm=syz-executor.5 11:27:28 executing program 2: r0 = gettid() r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) prctl$PR_SET_PTRACER(0x59616d61, r0) write$binfmt_script(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="23040010"], 0x4) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/status\x00', 0x0, 0x0) read$fb(r2, &(0x7f0000000100)=""/20, 0x14) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x202f00, 0x0) ioctl$PERF_EVENT_IOC_RESET(r3, 0x2403, 0x0) close(r1) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) fstatfs(r2, &(0x7f00000001c0)=""/189) [ 247.500910] protocol 88fb is buggy, dev hsr_slave_0 [ 247.506331] protocol 88fb is buggy, dev hsr_slave_1 11:27:28 executing program 3: socket$nl_generic(0x10, 0x3, 0x10) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) openat$ptmx(0xffffffffffffff9c, 0x0, 0x10000, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200000000, 0x80000000000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x6) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000080)) r2 = open(&(0x7f0000000040)='./file0\x00', 0x244082, 0x141) ioctl$KDGETMODE(r2, 0x4b3b, &(0x7f0000000080)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x68, r4, 0x5, 0x0, 0x0, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x0, @media='ib\x00'}}}}, 0x68}}, 0x0) sendmsg$TIPC_CMD_RESET_LINK_STATS(r2, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xef9fd9586a19e418}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, r4, 0x100, 0x70bd29, 0x40, {{}, 0x0, 0x410c, 0x0, {0xc, 0x14, 'syz0\x00'}}, ["", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000888}, 0x4) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') write$P9_RFLUSH(r0, &(0x7f00000003c0)={0x7, 0x6d, 0x1}, 0x7) sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x54, 0x0, 0x18a0, 0x70bd27, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0xc, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_MON={0x34, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xb230}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6100}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xd4}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x6be2fee381b1033a) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 11:27:28 executing program 1: syz_mount_image$iso9660(&(0x7f0000000ac0)='iso9660\x00', &(0x7f0000000b00)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000f80)=ANY=[@ANYRESHEX]) 11:27:28 executing program 5: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x1242024, &(0x7f00000000c0)=ANY=[@ANYBLOB='gid=', @ANYRESHEX, @ANYBLOB="0600ff9bbb5a3d24db7f88c3c8bcec8f8221f3dd29f056be3458520d3264957716c9516ff8a5a3b8403a8d075150c6d1c068489dbffc0e23d7dfc9cc16f30884ed553452ef37134f9cc80474b0c0cdd875ee00168f01a078ef9f237510ab"]) bind$can_raw(0xffffffffffffffff, &(0x7f0000000080), 0x10) 11:27:28 executing program 2: r0 = gettid() r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) prctl$PR_SET_PTRACER(0x59616d61, r0) write$binfmt_script(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="23040010"], 0x4) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/status\x00', 0x0, 0x0) read$fb(r2, &(0x7f0000000100)=""/20, 0x14) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x202f00, 0x0) ioctl$PERF_EVENT_IOC_RESET(r3, 0x2403, 0x0) close(r1) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) fstatfs(r2, &(0x7f00000001c0)=""/189) [ 247.730689] audit: type=1800 audit(1575977248.901:46): pid=7781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16564 res=0 11:27:29 executing program 0: ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000080)={0x20024e, 0x20000000209, 0x0, 0xffffffffffffffff}) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000080)={0x10000, 0x20000000209, 0x0, 0xffffffffffffffff}) r4 = dup2(r2, r3) r5 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, &(0x7f0000000080)={0x10000, 0x20000000209, 0x0, 0xffffffffffffffff}) r8 = dup2(r6, r7) ioctl$ION_IOC_ALLOC(r8, 0xc0184900, &(0x7f0000000080)={0x20024e, 0x20000000209, 0x0, 0xffffffffffffffff}) r10 = dup2(r5, r9) ioctl$ION_IOC_ALLOC(r10, 0xc0184900, &(0x7f0000000000)={0x9cf0000008, 0x9, 0x0, 0xffffffffffffffff, 0x8}) r12 = socket(0x10, 0x80002, 0x0) r13 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000d40)='/dev/dlm_plock\x00', 0x800, 0x0) r14 = socket$inet6(0xa, 0x3, 0x6) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8, 0x810, r14, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r14, 0x29, 0x20, &(0x7f0000000080)={@loopback, 0x800, 0x0, 0x100000003, 0x1, 0x0, 0x1, 0x400000000}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r14, 0x29, 0x20, &(0x7f0000000300)={@mcast2, 0x10000, 0x0, 0x102, 0x8000003}, 0x20) connect$inet6(r14, &(0x7f0000000500)={0xa, 0x0, 0x40f7, @mcast2, 0x7ff}, 0x9) r15 = syz_open_procfs(0x0, &(0x7f0000000600)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r14, r15, &(0x7f0000000240)=0x202, 0x4000000000dc) r16 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140)='nbd\x00') r17 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/net/pfkey\x00', 0x2fe69cacd3446647, 0x0) ioctl$KVM_S390_UCAS_UNMAP(r17, 0x4018ae51, &(0x7f0000000400)={0x10000000008000, 0x7ff, 0x2}) r18 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r18, 0x29, 0x22, &(0x7f0000000040)=r18, 0x52d) sendmsg$NBD_CMD_RECONFIGURE(r15, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100010b8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYPTR64=&(0x7f00000003c0)=ANY=[@ANYRES16=r18], @ANYBLOB="050c27bd7000ffdbdf2503000000"], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$NBD_CMD_CONNECT(r13, &(0x7f0000000e40)={&(0x7f0000000d80)={0x10, 0x0, 0x0, 0x81800004}, 0xc, &(0x7f0000000e00)={&(0x7f0000000dc0)={0x14, r16, 0x800, 0x70bd28, 0x25dfdbfc}, 0x14}}, 0x10) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400040}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r16, 0x4, 0x70bd28, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x8}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x80}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x2000c040) sendmsg$NBD_CMD_DISCONNECT(r12, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x22048002}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000a8d58935665993e29fb68e93b8c4615e33fb84cf6ef289adae0a05f4117836d90e489f343172693317d442a11fff6730359ef8631928f9d39930083634f3a28a45cc015dadde84d4441a557a9cc8811a7b9e90ed53aa27e01ba49e3830aaa1a56f30259f73228d8b77e1d6cc49bda800045d37b9544b5be397ee4d81f4", @ANYRES16=r16, @ANYBLOB="88002dbd7000fcdbdf2502000000"], 0x313}, 0x1, 0x0, 0x0, 0x8000}, 0x6000081) r19 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) r20 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r20, 0xc0184900, &(0x7f0000000080)={0x10000, 0x20000000209, 0x0, 0xffffffffffffffff}) r22 = dup2(r20, r21) ioctl$ION_IOC_ALLOC(r22, 0xc0184900, &(0x7f0000000080)={0x20024e, 0x20000000209, 0x0, 0xffffffffffffffff}) r24 = dup2(r19, r23) ioctl$ION_IOC_ALLOC(r24, 0xc0184900, &(0x7f0000000000)={0x9cf0000008, 0x9, 0x0, 0xffffffffffffffff, 0x8}) r25 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) r26 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r26, 0xc0184900, &(0x7f0000000080)={0x10000, 0x20000000209, 0x0, 0xffffffffffffffff}) dup2(r26, r27) r28 = dup2(r25, 0xffffffffffffffff) ioctl$ION_IOC_ALLOC(r28, 0xc0184900, &(0x7f0000000000)={0x9cf0000008, 0x20, 0x0, r11, 0x8}) sendmsg$NBD_CMD_CONNECT(r10, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x90, r16, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x10a}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xd83b}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7}, @NBD_ATTR_SOCKETS={0x2c, 0x7, [{0x8, 0x1, r24}, {0x8, 0x1, r28}, {0x8, 0x1, r1}, {0x8}, {0x8, 0x1, r4}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x17a000000000}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000000}, 0x80800) sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x64, r16, 0x104, 0x70bd2a, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SOCKETS={0xc, 0x7, [{0x8}]}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x101}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x4}, @NBD_ATTR_SERVER_FLAGS={0xc}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}]}, 0x64}, 0x1, 0x0, 0x0, 0x20040044}, 0x4008000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r29 = socket$inet6(0xa, 0x400000000001, 0x0) close(r29) r30 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r30, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x10e6, @loopback, 0x9}], 0x1c) connect$inet6(r30, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r31 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) setsockopt$inet_sctp6_SCTP_MAXSEG(r29, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={0x0, 0x839}, 0x8) ftruncate(r31, 0x200004) sendfile(r29, r31, 0x0, 0x80001d00c0d0) connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) 11:27:29 executing program 5: set_mempolicy(0x8003, &(0x7f0000000300)=0x75f, 0x9) syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x1, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000340)='-vboxnet0\x00]\xea\xb0\xe2N\xc6c\x05\x8d\xb5\xc0\n\xad\x0f#+\x17\xd6A\xf4\xdf\x1b\xf9~\x8e\"\r\xff\xbb\xb0\xc3\x86\x97\xaf\xf8\x7f*\xfc\xfd\xe7\xcc\xbc\xddI.\xc3\x9aQ\xc8\x8e8U\xdaX\x06\x92\x1d\xbd\x10\xf9\xe8q\x00\xddr>\xd7\x9f\xf8r\xeeE\xa83K\xf60 \x7f\xcd\xac\x86\x9eT*\xf7\a^L,\x98\xa2(2,\x8c*\xff\x8aA\xa1\x153\x15\b\xcb\xf7\xefw\xa6\xc7c@\xb5\x9b\xdc$`3]\xf9.\xcf\x00', 0x0) ftruncate(r0, 0x1000000) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x22, &(0x7f0000000040)=r1, 0x52d) sendfile(r1, r0, &(0x7f00000000c0)=0x8000, 0xeefffdef) 11:27:29 executing program 1: r0 = socket$inet(0x2, 0x200000002, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000000c0)={{{@in=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@empty}}, 0xe8) r3 = open(&(0x7f0000000040)='./file0\x00', 0xc2882, 0x141) ioctl$KDGETMODE(r3, 0x4b3b, &(0x7f0000000080)) ioctl$VIDIOC_SUBDEV_S_FMT(r3, 0xc0585605, &(0x7f0000000040)={0x1, 0x0, {0x88, 0x7, 0x2017, 0x0, 0x5, 0x2, 0x1, 0x7}}) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e21, @broadcast}], 0x10) 11:27:29 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0xc, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="8500000000000000540000000000000095000000000000000ceb18212f8c84b5cc95d480828d58dbab90f557f61741b2ff7b53486516ad5b12c7889f4a1fd43b5dfca1c5753943723172b4181181b5f84a1b50c8bd77f30e1e66f3f875b6c6618371556ec409c26f5a2de0f5afda117ee57a21e1ec7c84edf98efb313cb37a437cf17b6d2cdeea43cb7b88e0905665504209f5159b41014164d3953287ef546e4d4a"], &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040), 0xfffffffffffffeb7}, 0x48) 11:27:29 executing program 4: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x76, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0xfe) write$binfmt_elf64(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="ed8ed24112ccba9ecbaea5e8dd24f24b3ac273c81c2b7c8c5b06d007e4c0072fab72c7d711beb15f4313966fe3a4fa21e76fc4d05e107ac82d5e075205917f03000000030b6daa6e72ad000000610000000000000001a25a382e"], 0x5a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendfile(r0, r0, &(0x7f00000001c0), 0xa198) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)={0x24, r2, 0x0, 0x70bd2b, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x10, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblc\x00'}]}]}, 0x24}}, 0x800) 11:27:29 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x6, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x9, 0x5c}}, &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x78) 11:27:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) recvmmsg(r0, &(0x7f0000000540), 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x169, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000780)={@in={{0x2, 0x0, @local}}, 0x0, 0x9, 0x2, "a77760f5a7645bc43c241d69912dda0c63c2a66726f8cfafd6c8fe2c98de7ba44947a79015f0fe57917cb62a93987a938fdedfce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a179"}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) r1 = syz_open_dev$sndpcmp(0x0, 0x0, 0x0) syz_open_dev$audion(0x0, 0x0, 0x0) getpid() write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, 0x0, 0x0) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsu\x00', 0x2002, 0x0) accept$netrom(r2, &(0x7f0000000080)={{0x3, @rose}, [@bcast, @remote, @rose, @null, @null, @rose, @netrom, @bcast]}, &(0x7f0000000140)=0x48) recvmsg(r0, &(0x7f0000000240)={0x0, 0xfffffffffffffd83, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x5801}], 0x1, 0x0, 0xf080}, 0x100) pipe(0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$IP_VS_SO_SET_DEL(r1, 0x0, 0x484, &(0x7f00000001c0)={0x0, @broadcast, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x04\x00', 0x0, 0x0, 0x68}, 0x2c) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) fanotify_mark(0xffffffffffffffff, 0x0, 0x20, 0xffffffffffffffff, 0x0) r3 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x202, 0x0) r4 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r4, 0x29, 0x22, &(0x7f0000000040)=r4, 0x52d) ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000200)={0x0, r4, 0x8, 0x7, 0xfdc, 0xff}) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 11:27:29 executing program 5: mkdir(0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x244082, 0x141) ioctl$KDGETMODE(r0, 0x4b3b, &(0x7f0000000080)) ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000080)) r1 = getpid() sched_setscheduler(r1, 0x0, &(0x7f0000000380)) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x20000, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0xff, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x400}}, 0x0, 0xffffffff7fffffff, r2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet6(0xa, 0x400000000001, 0x0) close(r4) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ptrace$setsig(0x4203, r1, 0x7fff, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x6011}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f00000006c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6\xf23F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0_\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\xa9\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&k\x80K\xd1>\xa6\xff(\xb1\x01\xe7\xa5\xce-A\xb0\xec\x190r-q\x83\xb3mN\x91\'\xc5\xf8\xfe\x18\x16\xb7R6\xa9R\xf4H\xa7\x84\x98\xfc\xf9\xa6\xd6\x8d\xa7\xd5_\xc0\x93\xde\x1f`\xff\xcf\xe1)N\x85&\x8b\x06I\xa2\x13\x02\x00\x00\x00\x00\x00\x00\x00[\xae5\x82}\xb7h!\xd9\xce\xe9\x06\b\rs^\x8d\x14\xc1\x97m@6\x1d\xfc\x92@-\xb6\xe5N\x84\xbc\xc0\x1f\xfbI\'M\xdd\xc6*\x06&\f\b\xa6\x92)D}\x87\x80\xea\xb9l\x80H\xea\x82o6\xfa)\x15\xdc@\xf4\x86\xd6_\xf9+/Q\xd5\x8a;\x8b\xe1\x1d\xd0\xec\x8ek\xdb\xa8\xf3Ir\xdb1`B&\xe8A\xd1\xea\xb4$5%aL\xc1\xbd\x91\xc3\x90\x06i <1\xaa\"\xd5\xbb\xe9\xc7SX\xbfm{>\xd4\xc3(E[\xb0J13\xbbG\x8a\xb4\x8aMs\x9f\xcf\xb8g\xab\x12\x8cj\x95}\xb1\bc\xc4u\xf4\xe2\x88\xfa\xde\xec\xdf\xb9\x98\x84\x028\xd9_n\x9f\x86\x88\xe6\x15b\x01]\x01a\xe7\xb9\xb0\xbdk\xaa\xa1\xc1') r6 = open(&(0x7f0000000180)='./bus\x00', 0x143042, 0x0) ftruncate(r6, 0x200004) ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x35bc3) r7 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$NS_GET_NSTYPE(r7, 0xb703, 0x0) sendfile(r4, r6, 0x0, 0x80001d00c0d0) 11:27:29 executing program 3: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000265000)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x22, &(0x7f0000000040)=r1, 0x52d) sendmsg$inet(r1, &(0x7f0000001580)={&(0x7f0000000000)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10, &(0x7f0000001480)=[{&(0x7f0000000040)="ada290a6b6114f33a8a6959f7fdb1b1f70c4a40b6e8976d7abdc366e43c0c9026351a8c73fc72a13d947241a73643150370023a129bd765f009f744c4d1451eea5443d50f77a355606f49944268137c7e0ab1c420e178f00417032d8e8", 0x5d}, {&(0x7f00000000c0)="3bfbb64b3cd26c644550df4a6be796f0bc4b67d73b38d357ba54c3cec7358ade4d68615daa31eb43565d357917e89e3ab63817766b7d9d26deb4f1a075bfa9dfad51b3db1b3ce6ccdb14ac947ff2f3eb4630b9b997fcd07ded2227fb928b41db68e5ff0586c4f155808cfbc097fb383ab33a7185c4bbac2fc102c7b8dbb6d243bea0d4", 0x83}, {&(0x7f00000015c0)="5e595b6f781fdf6a0d250568c2cf93e48d4a162bf951a4a242364d5fb54dbb266be025df0943078172d0dff93cfcd0206872887c98d8d03d047fd064e6dc728124323195be30c5f0725dc02e9b426df5dfa276fe0ad42515e6344a269839847ad7327c8374a46eed1da962fefa97b7ed558ad2320ea27665f65becfd1cd48925e01a21123bdf7bb0fca7ec4beb4ee2a5b93377c98bf78ca3aaa7e0ddbef7ba27aecfa657b13908f7ea7dd4b995c2121d3b552b5a1a00aa83880f6df39dbc4f5e783f8639b62d48994b131a562092", 0xce}, {&(0x7f0000000280)="0a5ea5d36215267972023bf684edc4c123c124bc024aee2f5881c9567213e10a3105408d58cd890600c4fa5fb20b866652796bd2e4d14882a86755cf59457dab2a3f36bf319503cd9a172e324d740d9a047cd1567c42c8e1a61643497c566cf28c86ded8749ef3ae7f112939232a159fdbb8b0b53c6c94e0ecca867851beff6bef23caa24450554df1c7859fbf449d371b55e61b039f57f3a06b29490d3d308eecd91997a026634bca4bf3a5b0a90721fe3068d18d7d9184671f90088b5e00fc8cf758807f9f44b260f894132a160cb8927b9be4fe5cbdf4e2a8047fe7b43186af6e1aa3fe4d5ae58fc2110a8c3c4874424ac59e4081e24b69ba8a36acd4de5fbab0b9119e2a991c870ed0a25c65a289345a3ef03f49ac1735bd6a1231bdc01b7b7784f38437d5cc7cc1e32601a4fe24618f3ab9a4406cc4bd38dc70ca30a8ad45076b0c48a37b2730fa1b30eb962c49863eebca3f2489ee13cad1e7ca49448b8827a4cce80783a4498c1649d04047c17319829f6f70d62d61ba83affddfd64561de806991f33ed79f8d9e30e7201d59c75f9ce981ae5e7a525a895433a4d1e84e474f38c0a5e18d40ff21760533a811b3cbe35d9f2299332ac388ef76d11179a97bc941a2cb811055cc066d7a0c82322e22b589456f12a2738e93d78020f5af2f908570091342f23f09413d03628c640333e2bf11ec6b04488ebca9c27a92d24674586715a6783e3766d75ec0d1b4f980ccec988d4e274008d2fa1f84021ed600fde5357ce2f454f7137b61cd586b90c1d329bdfc7b2153a03656a5391ee05450bba93a6327c87c32b0d698bf29a8e8337ebd9954e1ef8e41861aad660f8536a82c124de0669dfbf14ec056d48e0b674cace3a616d637dc2512e2895cb14a78c6b3a6da6df977d6f25b1935bb844629bfcdb0643ad975e73ff45cf87664cb4798fd1ecd7f847cf892818dd6c9413ed6651f9dcb7a888688a484499dcc7126359892a458fb92d0194454fcac1a8b70ed315a3106ad37ab6edbdc44582b79787256f8c4f9da9abc0469f92e531b1e58110515ac880f6007e25e68534e7a34f0783d1dca83e57437354f3b336c53c99b9002af46e6e5a72adf5ec86e62bcc0cd40f0d94c6b37d10187399de5253591bbb0519ce2e4923ad6d6fdfc926315fedf1bfedc77270b5660b115b240e3e18193229e165aeabc46733236bce6826c9e886299ec905cc4edfe769d122877130999b991e61c52978d7dd3b85b61f11495aa86dfd1a067deeca3b39d0938e42d5ad6ab08016c4a1ad9bd340fcecbe46564318c312ad9f908b500a6e25a24488ea2ad528684c85ef209728fc3646857200dccc7fd09ec86d3fe2cd014bbcd19de1333994e1a3113c8d2c031d3c704fa8bf1d0d2cbb2c3c2f9ec0f4afb790c2c7848d33fd1f2e245a838150f5ef34d62f8ed07a658544d6c2ef1ee47e27fdf58822346a443217a6aa57ea861f9d82ba93d6542450ccbf0e9b167b880ab6435e96e3ff3fb62a66392da4a747415cd7566452b40ea41d70cebf7d42d16df3e3a96c5a162e34ee19b8913765aa93fd25c035d7353d997f77d6f903484aa990e1aa6532198092e85851dabeb2e07489731ad7a31df99b7761c99348be174e634bc2e4a7f256c5a088f9ce2ff3f44eaf4ae72020daf2767b23bd072e355efe5e6678b0e0e4d650befc42ddaf744412cfd078b5813d9557e98d2a8c48f0564de83ba3de62b741973e0b0035d0ada52e2f7442acb298cfa4cf4f49f0c40a9b28cedfdbf7ed21b90a07c16fe9b6fd34e3f58718290438f6b3cf0c062ca2431a790ebca17a337c36cc6f61fc8f5b57993cc2b1dabcaa958de37e77975fd7598ecb6f6844535ae5274a03dd19d205dd5935cf0bc6063e6b149f4269f3d2c974ede6d442191859d3c4600ed601b4cfeb78b7e338db4cbb61aa000186580fd4aacaae4723fafccf9045689dedd6216bb14e2720770d767216289e37bf0bdefac7368a42ebc673e35e23136995aaed40b61df717997d22c2a9b2448d1309bf343b055f72bd78ff395304d3dc19cf816e5158cabcb68d42a9770e6519b4b881bd96de25455741b94f1cd6a3c9bea69364162bdbf3f75ced291b254ea13478eef00be785b1bdb7285a2d495fbb93f0e78ca74b88158d16323af5e4cbb79751eb49c15b6a863a100253e9615f0044eb36b3db4f40bf943eb246ffec076b27df3c722858e4e9a44fbbffd42a6f868fb4248bda76bb4bbf00f3706811e266300cb8930a7d10c691c34a93626833cd76c477641a6acd1bba6197e8c43959a4e5a8e0c3a46990a5d8b10d8115a5dc17a830bffa6aca582101c7c140f3f112279c78fcacf3bc046a8f1de175a1dc42f460dcb07642189351a9502927f1f2409428552830121411dab0f5c748f0de906e35a44124eecf027532e3403476fc745bb312c2d9a90ae9ac672bcf5c2a19f6bd7b9f67449e0b67a8503ef4d748b85e158351ff417b549f17c6ec04ef8fd0d5d7ab02a8e2f44a96c0a8ede8034c93c47378ab2f1ceb9599ee8e4df717014693b7fa75016f8de42b3b0eff914fe9414aec2ad124270a19278c6362a16998872a026b5dbfea175688593c410244cf88f9bec080882f16f3458b27a6ee25296219b3d619b3a5d7ee72a7eecad7838a26273fd3a376ba7e937989bd2495042f90a8cba164f4486cd13c4270955b930ef91453af080819792639b0656512b6783df4ff417e8ec9f6298b1020854c5c8a412ebce83396255428ecd57ab1b9fcfc52012695ed1513a8ca074ab5fda128e2f0d026b64588fbef8d1626603fa2e089ef8a6231e48e8417d03b60a9ed9de574b841a5c94a9a3e8b285e436ed41242fa6c11e3b070a2b56f626c2884e9beae91c45df8d15a36d3f843cd444998174b08206fde42fa097075b652507bc0e76e25766058608c32a83db329828cb83eae169d1b0992be353a52e61d2ed9409bbc9ee7386e8b4a5dcbd1ad084610549b2f9e1f449dafb80d2f6a9f08c2a169e1e409e519b115c16384f13274acb7e11ec0e4e9267c2b0a5741f9cf430dc86f7b94e026fbd0aaddd72c9141cad0923c953fcd6e7fa417c383d2803471e8b168d57ad86aa424fbfa11894716f01cd37b18beb4ce0e95816f97b0902144a747029a8e3655f6e6cf86b0c98d497fe00bb37eb6decf088857763fe3b647be17fe3180a6d19c0726db2e8172302c3aba8e9b534fc1c7aca28279b0dc471e79f7a3980c14454b004a48e8a0b4d9714d1d2e5c22af8d223293ad127f15a2fac8f02789dc9e378c7c12e115c3b28b6f52c98c4b2d01782c23dbf7d7c0c0a3955b79b1718f876674a29e6b920fb09ef20dd40aee301b8d74bed361242d4206687db123f867d7b35292bd38cec4f8c5048d9700a870f33aadad04262720e1691c7d739c592108123fd5415d4f31616b214ba66069d9041c0a39572e5ac7fe7329aaf721948154c8b72d40249ff29ad5c5cfa99faf9dfedce21e8a4ebf9ff977b9bedee7bafea2d4ebfde238f82a164409bb01cbec16ca1edf21a84bc3cf2d9ab98bf07567568dbfe322b7805f8fb919fff8237d00f808e4c69b48a559e8779bbb3c6b4fcaf7ed80e08494e628af150533f3f4a95d850866466196275dfc598ed0cc031adf8515906d48f8d9260e6ea2c911393fda7a667dc1eeae076f99eb82b6c00ca72a3091c9c9c1fd2692064bf8f1e8ca5dd3b489f37868631f0e476f230b2a92bdb98cd1efeb6d803d98081585d3bcb7494b3360082330d5b7324f4aaf17650957f816a6699b061d8058cf6e94829efa3bdaf747952d39780f92899457784024f70c1677eb5478c4917c1699ab8b7fbb5bbcc42f640d44ccf831cf6d39ee986103818397e3e6a3244ba234912bec6676cff67bd39bfb6828ec904a13d597077361477106f10aafcc7622e0606f559a2e3d0aa713fc3f973a8b04320fed9bd8b99c527bc06388fb8742b6d32f9e9bd81fd66889bcab9f8606048dd93f4649db3b0743dbbb5e6d2d312ce81779930eb0c7c6999653d4a8e5a06f1919c4a650d10f7ab0814c0274f8c9cc88d1ca17bd615ea7fa69f269767c4466e77e5d6a72f99c5259e809c4f3b2a14bbfc320e0702858eee06919f4127f0aa2acbdbb005ec3e44125d97afc744611eb8af4caaa01d0e15484f99ec29d76fde551296303f00c406bcb625dbc37cb950a0f432896654c5b033717a3ec9a27d9f8cebe2d02193c93a3b3948781f6ca8d8bcd2a9461c775a9198474be4590fac95b7c939dad996ff2cff0fe8e03714cb5782e01a545214d77ed4a4b9d112a61de174e11538a0a5cbbc2be6f6fcb197fcbda7d9f07d5ad3578592a5158b282133a36e2b05ae94d7abfcad51b5e989981befe2e942d48f14ba7171e0dfa9a70057904ec05b2332eff363f1d2746470760660feec233b49e845e1062b966029dcd9e13b5007d854428b1299fd7fae2ee1b527d15fc73915e6792f9d7525e403699e9ff481951f1ac734328640609774d1b5830b11b50742197f3becb9c574ceb224d81757677717a0e881b9516c358948a9d9ffbad2264ecba5a24105555d624aada93516e7623b0f80a149009078f5a2a5571f0e443f0bed085eee723acaab2dc81bfdb17d9abc6d0dd91202aee594bae8b221adb38204c83abddc74893bb4ce94c47f1b2691d9556447403c236e189ff035a3dd7bceef9c5a86886edc37d1fd677fda9ead8f66e1e38f9ecc2354f55a65eec7b73dc374fb43ab636a8a759f0c26e5f484279c44074bcee8824ff054a3c8b9bf54c7517cd4d3c30d6211375de31eb6a31febfcf9d5810a09c332cff0e151054f6e49f196d53ff19a35c739a68e41fd0464542cd6c896ee6d592b0bb6d77b6d216b1ac50b27449eccec7eaa25cfd7a614a85b1b1453102b440079ecc45a4fec6633f8e34e2c8b67275878039c4e8f1750e5907955e890cb40c1a2a5998c5e69a66725ee65c09e6ea7daa0d2a0e54dd022fabe4a2c49321abb8621020e0d4b80cb495b1db8cb835529abefd7bc04993ec5b8ddf282c8cff77301504db76d1f34b9b1a48ce69e0697b9bb7bed11953e7c2185ad9d61b9d795c0d0e6fca479d6235283e4ca06c0727cd6eab07d63a2ef1cb80191175a742843bb4c4bc2896b63a9c60ed87ab11c862073a253629671853c9ad48d67f64790feaa035fc2cf5aa1c690949d46d0515a13af1f4f5af02385bf30541cddc841d1ec424f1e51d1c27e23e74738e341913a08ce4c03d20b0d67c92d7c8f4cb5fe8a35704050ee212b2fd69338e3a5035a341757da61a3c99e3b8b3d6e0c4c25d93e2465a706a6e452756077181ea65fcf172d4065a6a50e372b53ea3b873fb699f325af077215a3556858e1d7020163ac851ed480faefb433e662d732c173bda04c3ca795e0781f66dd98f997de2cbd286b10fcc95fb2976517554ba014e09b664050984a337090b6ed5d8a65c5b88b6917c507fa9a912a6c95d3d4cf1ea137149a857e85cf45374c5511ca6b8395e0953104b74488ff901d2fe2c5eca0b1cf1564c65d96106c0186a7291916a37c0450ce186c863b31c036da7b643e240328b4e0f9dfd37344b556124d766e1891d90ced3557cdc5be5df8a772a70ee37deb8c60238a1e3c5776d3c7261ef4cd0b2088c297988278aed140e2d3f57f35dd7b84643edb89a951851aa38bf9865fa22265cbd95a2de0ad3525507ac4cb44f56ff5bd84876b705d7d89a54dbf04019267fa38bf112db297e47afc7d003df3165473d7c91f4e6dbe4904", 0x1000}, {&(0x7f0000001280)="cf160f9f480874951f987dc7ae7e2e7e8a1034144df3abd29e6ef83ef6cebdbd708f7aa13ad5e72b381cd456dd870f5849b0f101be84d34c29fca99f75ec601d30ecd76dba69c3306e5c8c4ad08a1bc9a75e055eaf8ca50607923f6db052e9946a798650d6ad1e81d88421023f02c8afc7b40435dbe58fe95383dfab975a2cfe49082bc49b30b7e39050d7e7a573cb4e08867305024f", 0x96}, {&(0x7f0000001340)="8f4e2ac0a16e818088949971add4c5de80d2c9fc0f62fbab5cc452b1876c9bf84447087206726892c6052fd598145d2ae39a750bdad4e0166427e4f4520d29787eb16fb34937c1fdaf8587a9fe8cd08a3e7c6be453d2ca4e51b691f230a800621bd4c2145090b6e4e3f671898b2ea380f1375c858f5cbba31c3be9de6d6e1c9cc57dcf3c0ef6469c3070032c7b341178447c306a49b9f945b04513945f84ef9d4ec02a", 0xa3}, {&(0x7f0000001400)="e65a4a139d86dc58534718b1dc85d8c493dea3aa78baf7115911e77cf2276983b3a7d41c2ecac0886e65b92aa485059d89a94a15ed90264568b54914d8ef9d8d2d747f406d4da1ed8984e4ad4b416a2ffc1ceb3f3f5e20af3cb3d688233cb63d36d19e6708370606ed", 0x69}], 0x7, &(0x7f0000001500)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x40}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x3}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7}}], 0x48}, 0x0) sendmmsg(r0, &(0x7f000000a780)=[{{0x0, 0x0, 0x0}}, {{&(0x7f00000037c0)=@tipc=@name={0x1e, 0x2, 0x0, {{0x0, 0xff7f}}}, 0x80, 0x0}}], 0x2, 0x0) 11:27:29 executing program 1: socketpair$unix(0x1, 0x80000000003, 0x0, &(0x7f0000000100)={0x0, 0x0}) r1 = timerfd_create(0x0, 0x0) pipe(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x302000, 0x0) syz_open_dev$cec(&(0x7f0000000440)='/dev/cec#\x00', 0x0, 0x2) r2 = open(&(0x7f0000000040)='./file0\x00', 0x244082, 0x141) ioctl$KDGETMODE(r2, 0x4b3b, &(0x7f0000000080)) ioctl$VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000000)={0x1, 0x1, 0x4, 0x200000, {0x0, 0x2710}, {0x1, 0x2, 0xf7, 0xea, 0x5, 0x9, "832c8715"}, 0x5, 0x0, @offset=0x2, 0x4}) r3 = syz_open_dev$cec(0x0, 0x0, 0x2) ioctl$IOC_PR_PREEMPT(r3, 0x40046109, &(0x7f0000000080)={0xd0}) poll(&(0x7f0000000140)=[{r1}, {r0, 0xa104}], 0x2, 0xfff) 11:27:29 executing program 3: epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000040)) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_procfs(0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000002c0), 0x0) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) dup(r2) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000003c0)={'vxcan1\x00', 0x0}) bind$packet(r5, &(0x7f0000000100)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @local}, 0x14) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) getdents64(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x20}, 0x1, 0x0, 0x0, 0x24068151}, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000140)='cpuset.memory_spread_slab\x00', 0x2, 0x0) read$snddsp(0xffffffffffffffff, &(0x7f0000000180)=""/33, 0x21) [ 248.633782] device bridge_slave_1 left promiscuous mode [ 248.686315] bridge0: port 2(bridge_slave_1) entered disabled state 11:27:29 executing program 1: openat$kvm(0xffffffffffffff9c, 0x0, 0x81d00, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, 0x0) r1 = socket$kcm(0xa, 0x3, 0x73) ioctl$sock_ifreq(r1, 0x8922, &(0x7f00000014c0)={'bond0\x00', @ifru_flags=0x6dbbce78125ac468}) socket$kcm(0xa, 0x0, 0x73) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f00000014c0)={'bond0\x00', @ifru_flags}) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, &(0x7f0000000000)={0x7, 0x1ff, 0x3f, 0x3, 0x3}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_GET_REGS(r0, 0x8090ae81, &(0x7f0000000040)) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) [ 248.784339] device bridge_slave_0 left promiscuous mode [ 248.789882] bridge0: port 1(bridge_slave_0) entered disabled state 11:27:30 executing program 0: mkdir(&(0x7f0000000180)='./bus\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mount$overlay(0x400002, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65312c6d657489956f70793d6f6e2c00"]) [ 249.007736] overlayfs: unrecognized mount option "met‰•opy=on" or missing value [ 249.204318] ================================================================== [ 249.204402] BUG: KASAN: slab-out-of-bounds in vcs_scr_readw+0xc2/0xd0 [ 249.204415] Read of size 2 at addr ffff8880a5445400 by task syz-executor.2/7863 [ 249.204419] [ 249.204435] CPU: 1 PID: 7863 Comm: syz-executor.2 Not tainted 4.19.88-syzkaller #0 [ 249.204445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 249.204450] Call Trace: [ 249.204555] dump_stack+0x197/0x210 [ 249.204574] ? vcs_scr_readw+0xc2/0xd0 [ 249.204594] print_address_description.cold+0x7c/0x20d [ 249.204612] ? vcs_scr_readw+0xc2/0xd0 [ 249.204627] kasan_report.cold+0x8c/0x2ba [ 249.204648] __asan_report_load2_noabort+0x14/0x20 [ 249.204661] vcs_scr_readw+0xc2/0xd0 [ 249.204708] vcs_write+0x646/0xcf0 [ 249.204739] ? vcs_size+0x240/0x240 [ 249.204767] __vfs_write+0x114/0x810 [ 249.204782] ? vcs_size+0x240/0x240 [ 249.204797] ? kernel_read+0x120/0x120 [ 249.204814] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 249.204829] ? __inode_security_revalidate+0xda/0x120 [ 249.204846] ? avc_policy_seqno+0xd/0x70 [ 249.204858] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 249.204873] ? selinux_file_permission+0x92/0x550 [ 249.204891] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 249.204905] ? security_file_permission+0x89/0x230 [ 249.204923] ? rw_verify_area+0x118/0x360 [ 249.204941] vfs_write+0x20c/0x560 [ 249.204961] ksys_write+0x14f/0x2d0 [ 249.204978] ? __ia32_sys_read+0xb0/0xb0 [ 249.204994] ? do_syscall_64+0x26/0x620 [ 249.205043] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 249.205058] ? do_syscall_64+0x26/0x620 [ 249.205080] __x64_sys_write+0x73/0xb0 [ 249.205098] do_syscall_64+0xfd/0x620 [ 249.205118] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 249.205130] RIP: 0033:0x45a6f9 [ 249.205145] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 249.205155] RSP: 002b:00007f77ba211c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 249.205169] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a6f9 [ 249.205178] RDX: 00000001000001bd RSI: 0000000020002300 RDI: 0000000000000004 [ 249.205187] RBP: 000000000075c118 R08: 0000000000000000 R09: 0000000000000000 [ 249.205196] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f77ba2126d4 [ 249.205205] R13: 00000000004cbbaf R14: 00000000004e5858 R15: 00000000ffffffff [ 249.205225] [ 249.205231] Allocated by task 1: [ 249.205246] save_stack+0x45/0xd0 [ 249.205258] kasan_kmalloc+0xce/0xf0 [ 249.205269] __kmalloc+0x15d/0x750 [ 249.205281] vc_do_resize+0x262/0x14a0 [ 249.205294] vc_resize+0x4d/0x60 [ 249.205331] fbcon_init+0x1062/0x1b00 [ 249.205344] visual_init+0x337/0x620 [ 249.205356] do_bind_con_driver+0x549/0x8c0 [ 249.205370] do_take_over_console+0x449/0x590 [ 249.205383] do_fbcon_takeover+0x116/0x220 [ 249.205395] fbcon_event_notify+0x1786/0x1dba [ 249.205412] notifier_call_chain+0xc2/0x230 [ 249.205428] blocking_notifier_call_chain+0x94/0xb0 [ 249.205463] fb_notifier_call_chain+0x25/0x30 [ 249.205477] register_framebuffer+0x61d/0xa70 [ 249.205517] vga16fb_probe+0x711/0x825 [ 249.205579] platform_drv_probe+0x93/0x160 [ 249.205592] really_probe+0x4a0/0x650 [ 249.205604] driver_probe_device+0x103/0x1b0 [ 249.205618] __device_attach_driver+0x225/0x290 [ 249.205651] bus_for_each_drv+0x16c/0x1f0 [ 249.205663] __device_attach+0x237/0x350 [ 249.205676] device_initial_probe+0x1b/0x20 [ 249.205688] bus_probe_device+0x1f7/0x2a0 [ 249.205707] device_add+0xb42/0x1760 [ 249.205721] platform_device_add+0x366/0x6f0 [ 249.205735] vga16fb_init+0x15f/0x1d6 [ 249.205751] do_one_initcall+0x107/0x78c [ 249.205771] kernel_init_freeable+0x4d4/0x5c8 [ 249.205789] kernel_init+0x12/0x1c4 [ 249.205800] ret_from_fork+0x24/0x30 [ 249.205804] [ 249.205810] Freed by task 0: [ 249.205813] (stack is not available) [ 249.205817] [ 249.205827] The buggy address belongs to the object at ffff8880a5444140 [ 249.205827] which belongs to the cache kmalloc-8192 of size 8192 [ 249.205840] The buggy address is located 4800 bytes inside of [ 249.205840] 8192-byte region [ffff8880a5444140, ffff8880a5446140) [ 249.205845] The buggy address belongs to the page: [ 249.205857] page:ffffea0002951100 count:1 mapcount:0 mapping:ffff88812c315080 index:0x0 compound_mapcount: 0 [ 249.205871] flags: 0xfffe0000008100(slab|head) [ 249.205890] raw: 00fffe0000008100 ffffea0002991c08 ffffea0002907b08 ffff88812c315080 [ 249.205906] raw: 0000000000000000 ffff8880a5444140 0000000100000001 0000000000000000 [ 249.205912] page dumped because: kasan: bad access detected [ 249.205915] [ 249.205920] Memory state around the buggy address: [ 249.205930] ffff8880a5445300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 249.205941] ffff8880a5445380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 249.205951] >ffff8880a5445400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 249.205956] ^ [ 249.205967] ffff8880a5445480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 249.205978] ffff8880a5445500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 249.205983] ================================================================== [ 249.205988] Disabling lock debugging due to kernel taint [ 249.206988] Kernel panic - not syncing: panic_on_warn set ... [ 249.206988] [ 249.207007] CPU: 1 PID: 7863 Comm: syz-executor.2 Tainted: G B 4.19.88-syzkaller #0 [ 249.207015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 249.207018] Call Trace: [ 249.207036] dump_stack+0x197/0x210 [ 249.207052] ? vcs_scr_readw+0xc2/0xd0 [ 249.207064] panic+0x26a/0x50e [ 249.207080] ? __warn_printk+0xf3/0xf3 [ 249.207097] ? vcs_scr_readw+0xc2/0xd0 [ 249.207113] ? preempt_schedule+0x4b/0x60 [ 249.207127] ? ___preempt_schedule+0x16/0x18 [ 249.207141] ? trace_hardirqs_on+0x5e/0x220 [ 249.207157] ? vcs_scr_readw+0xc2/0xd0 [ 249.207170] kasan_end_report+0x47/0x4f [ 249.207185] kasan_report.cold+0xa9/0x2ba [ 249.207202] __asan_report_load2_noabort+0x14/0x20 [ 249.207215] vcs_scr_readw+0xc2/0xd0 [ 249.207229] vcs_write+0x646/0xcf0 [ 249.207249] ? vcs_size+0x240/0x240 [ 249.207268] __vfs_write+0x114/0x810 [ 249.207281] ? vcs_size+0x240/0x240 [ 249.207295] ? kernel_read+0x120/0x120 [ 249.207309] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 249.207323] ? __inode_security_revalidate+0xda/0x120 [ 249.207338] ? avc_policy_seqno+0xd/0x70 [ 249.207350] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 249.207364] ? selinux_file_permission+0x92/0x550 [ 249.207379] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 249.207392] ? security_file_permission+0x89/0x230 [ 249.207407] ? rw_verify_area+0x118/0x360 [ 249.207421] vfs_write+0x20c/0x560 [ 249.207437] ksys_write+0x14f/0x2d0 [ 249.207452] ? __ia32_sys_read+0xb0/0xb0 [ 249.207466] ? do_syscall_64+0x26/0x620 [ 249.207479] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 249.207492] ? do_syscall_64+0x26/0x620 [ 249.207508] __x64_sys_write+0x73/0xb0 [ 249.207522] do_syscall_64+0xfd/0x620 [ 249.207538] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 249.207547] RIP: 0033:0x45a6f9 [ 249.207560] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 249.207567] RSP: 002b:00007f77ba211c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 249.207580] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a6f9 [ 249.207588] RDX: 00000001000001bd RSI: 0000000020002300 RDI: 0000000000000004 [ 249.207595] RBP: 000000000075c118 R08: 0000000000000000 R09: 0000000000000000 [ 249.207603] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f77ba2126d4 [ 249.207611] R13: 00000000004cbbaf R14: 00000000004e5858 R15: 00000000ffffffff [ 249.208964] Kernel Offset: disabled [ 249.968979] Rebooting in 86400 seconds..