Warning: Permanently added '[localhost]:22927' (ECDSA) to the list of known hosts. [ 181.001117][ T40] audit: type=1400 audit(1594654724.932:42): avc: denied { map } for pid=10018 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16525 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/07/13 15:38:45 fuzzer started 2020/07/13 15:38:46 dialing manager at 10.0.2.10:38591 2020/07/13 15:38:46 syscalls: 3166 2020/07/13 15:38:46 code coverage: enabled 2020/07/13 15:38:46 comparison tracing: enabled 2020/07/13 15:38:46 extra coverage: enabled 2020/07/13 15:38:46 setuid sandbox: enabled 2020/07/13 15:38:46 namespace sandbox: enabled 2020/07/13 15:38:46 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/13 15:38:46 fault injection: enabled 2020/07/13 15:38:46 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/13 15:38:46 net packet injection: enabled 2020/07/13 15:38:46 net device setup: enabled 2020/07/13 15:38:46 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/13 15:38:46 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/13 15:38:46 USB emulation: enabled [ 182.659353][ T40] audit: type=1400 audit(1594654726.592:43): avc: denied { integrity } for pid=10035 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 15:39:29 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/netfilter\x00') unlinkat(r0, &(0x7f0000000000)='./file0\x00', 0x0) [ 226.137438][ T40] audit: type=1400 audit(1594654770.062:44): avc: denied { map } for pid=10039 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=25639 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 227.324252][T10040] IPVS: ftp: loaded support on port[0] = 21 15:39:31 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r3, 0x40186f40, 0x76006e) ioctl$VIDIOC_ENUMAUDOUT(r3, 0xc0345642, &(0x7f00000000c0)={0xffffffff, "57c4d7db8f5c0e8012b2d91bcb2994d5e1eab4f421f46917761185cfa5e1d2a6", 0x3}) ioctl$ASHMEM_GET_SIZE(0xffffffffffffffff, 0x40186f40, 0x76006e) ioctl$EVIOCSKEYCODE(r2, 0x40084504, &(0x7f0000000000)=[0x0, 0x81]) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) close(0xffffffffffffffff) [ 228.236007][T10040] chnl_net:caif_netlink_parms(): no params data found 15:39:32 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000180)={{0x97}}) [ 228.857281][T10043] IPVS: ftp: loaded support on port[0] = 21 [ 228.871292][T10040] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.950986][T10040] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.997454][T10040] device bridge_slave_0 entered promiscuous mode [ 229.051308][T10040] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.083008][T10040] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.117208][T10040] device bridge_slave_1 entered promiscuous mode [ 229.221767][T10040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 229.403533][T10040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 229.476987][T10040] team0: Port device team_slave_0 added [ 229.498636][T10040] team0: Port device team_slave_1 added [ 229.573890][T10040] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 229.577439][T10049] IPVS: ftp: loaded support on port[0] = 21 15:39:33 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000200)={[], [{@seclabel='seclabel'}]}) [ 229.594151][T10040] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.694314][T10040] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 229.768842][T10040] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 229.795943][T10040] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.919146][T10040] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 230.069620][T10043] chnl_net:caif_netlink_parms(): no params data found [ 230.192663][T10040] device hsr_slave_0 entered promiscuous mode [ 230.290077][T10040] device hsr_slave_1 entered promiscuous mode [ 230.384776][T10051] IPVS: ftp: loaded support on port[0] = 21 [ 230.524520][T10043] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.544964][T10043] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.570800][T10043] device bridge_slave_0 entered promiscuous mode [ 230.631984][T10043] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.707404][T10043] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.756085][T10043] device bridge_slave_1 entered promiscuous mode [ 230.858249][T10049] chnl_net:caif_netlink_parms(): no params data found [ 230.945057][T10043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 231.004942][T10043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 231.192658][T10043] team0: Port device team_slave_0 added [ 231.295925][T10043] team0: Port device team_slave_1 added [ 231.320616][T10051] chnl_net:caif_netlink_parms(): no params data found [ 231.456212][ T40] audit: type=1400 audit(1594654775.392:45): avc: denied { create } for pid=10040 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 231.460772][T10043] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 231.532049][ T40] audit: type=1400 audit(1594654775.392:46): avc: denied { write } for pid=10040 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 231.552831][T10043] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 231.552843][T10043] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 231.627079][ T40] audit: type=1400 audit(1594654775.392:47): avc: denied { read } for pid=10040 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 231.818010][T10043] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 231.836771][T10043] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 231.924014][T10043] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 231.966961][T10040] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 232.055288][T10049] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.078490][T10049] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.117897][T10049] device bridge_slave_0 entered promiscuous mode [ 232.219575][T10040] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 232.335302][T10049] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.370176][T10049] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.398406][T10049] device bridge_slave_1 entered promiscuous mode [ 232.473530][T10040] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 232.632412][T10049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 232.692233][T10051] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.725510][T10051] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.750503][T10051] device bridge_slave_0 entered promiscuous mode [ 232.790921][T10040] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 232.946080][T10043] device hsr_slave_0 entered promiscuous mode [ 233.070069][T10043] device hsr_slave_1 entered promiscuous mode [ 233.139386][T10043] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 233.171714][T10043] Cannot create hsr debugfs directory [ 233.195347][T10049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.220874][T10051] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.244826][T10051] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.276137][T10051] device bridge_slave_1 entered promiscuous mode [ 233.370045][T10051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.403964][T10049] team0: Port device team_slave_0 added [ 233.458590][T10051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.491063][T10049] team0: Port device team_slave_1 added [ 233.577237][T10049] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 233.598399][T10049] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.701253][T10049] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 233.744773][T10049] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 233.768048][T10049] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.864682][T10049] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 233.915448][T10051] team0: Port device team_slave_0 added [ 233.968191][T10051] team0: Port device team_slave_1 added [ 234.103480][T10049] device hsr_slave_0 entered promiscuous mode [ 234.180203][T10049] device hsr_slave_1 entered promiscuous mode [ 234.279247][T10049] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 234.314449][T10049] Cannot create hsr debugfs directory [ 234.340887][T10051] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 234.369377][T10051] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.448248][T10051] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 234.535696][T10051] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 234.558370][T10051] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.635056][T10051] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 234.862616][T10051] device hsr_slave_0 entered promiscuous mode [ 234.940167][T10051] device hsr_slave_1 entered promiscuous mode [ 235.009387][T10051] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 235.038729][T10051] Cannot create hsr debugfs directory [ 235.071777][T10043] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 235.193821][T10043] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 235.281891][T10043] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 235.414505][T10043] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 235.769571][T10040] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.816642][T10051] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 235.883319][T10051] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 235.992814][T10051] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 236.096041][T10051] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 236.196525][T10049] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 236.303073][T10049] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 236.371775][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 236.392913][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 236.424754][T10040] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.446332][T10049] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 236.526464][T10049] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 236.621003][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 236.639458][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 236.658132][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.672746][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.719994][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 236.740211][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 236.764874][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.781586][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.796677][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.860148][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 236.899592][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 236.930668][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 236.964275][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 236.993991][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 237.027677][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 237.057853][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.086816][T10043] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.108460][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 237.123666][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 237.160585][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 237.176776][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 237.196240][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 237.213305][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 237.230628][T10040] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 237.251267][T10051] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.283409][T10043] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.335557][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.365962][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.384834][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.399464][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.416601][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 237.441531][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 237.486197][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 237.512326][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 237.529444][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 237.550199][ T3033] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.569616][ T3033] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.591481][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 237.614337][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 237.638197][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 237.659935][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.683153][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 237.703652][T10051] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.736296][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 237.755434][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.772602][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.789978][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.808080][ T2857] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.824187][ T2857] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.840172][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 237.860098][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 237.878255][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 237.897631][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 237.914997][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 237.931540][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.095587][ T2857] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.122888][ T2857] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.170090][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 238.366417][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 238.391254][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 238.412889][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 238.435122][T10043] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 238.469968][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 238.489930][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 238.508826][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.534103][T10049] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.550275][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 238.586155][T10040] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 238.608450][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 238.626248][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 238.648653][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 238.670572][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 238.698414][T10051] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 238.721834][T10051] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 238.755972][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 238.774817][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 238.794679][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 238.813564][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 238.842842][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 238.886802][T10043] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 238.910929][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 238.926524][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 238.945976][T10049] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.973245][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 238.991302][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 239.010233][ T1219] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.025341][ T1219] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.042135][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 239.059423][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 239.078102][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 239.103624][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.121392][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 239.138757][ T1219] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.153123][ T1219] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.167411][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 239.200080][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 239.216192][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 239.232481][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 239.252302][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 239.269612][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 239.288704][T10051] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 239.320709][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 239.339573][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 239.356033][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 239.378756][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 239.423427][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 239.446890][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 239.471009][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 239.498985][T10043] device veth0_vlan entered promiscuous mode [ 239.515389][T10067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 239.532435][T10067] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 239.550741][T10067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 239.573457][T10067] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 239.607292][T10049] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 239.640858][T10049] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 239.676967][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 239.698248][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 239.716081][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 239.733033][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 239.754128][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 239.784345][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 239.809732][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 239.825633][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 239.856567][T10043] device veth1_vlan entered promiscuous mode [ 239.879515][T10040] device veth0_vlan entered promiscuous mode [ 239.923112][T10040] device veth1_vlan entered promiscuous mode [ 239.949443][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 239.969985][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 239.990098][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 240.008567][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 240.035545][T10051] device veth0_vlan entered promiscuous mode [ 240.057061][T10051] device veth1_vlan entered promiscuous mode [ 240.081966][T10067] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 240.102175][T10067] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 240.119640][T10067] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 240.147151][T10049] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 240.172351][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 240.193246][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 240.215819][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 240.255098][T10043] device veth0_macvtap entered promiscuous mode [ 240.274591][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 240.301877][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 240.329450][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 240.358399][T10040] device veth0_macvtap entered promiscuous mode [ 240.388694][T10043] device veth1_macvtap entered promiscuous mode [ 240.417538][T10040] device veth1_macvtap entered promiscuous mode [ 240.454291][T10043] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 240.490191][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 240.522199][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 240.540046][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 240.557556][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 240.577181][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 240.596013][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 240.614159][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 240.635519][T10051] device veth0_macvtap entered promiscuous mode [ 240.658508][T10040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 240.684487][T10040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.714686][T10040] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 240.738786][T10067] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 240.762547][T10067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 240.787372][T10067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 240.810697][T10067] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 240.838460][T10067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 240.871015][T10043] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 240.898157][T10040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 240.939531][T10040] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.970308][T10040] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 240.991899][T10051] device veth1_macvtap entered promiscuous mode [ 241.012297][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 241.034162][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 241.053851][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 241.076980][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 241.099571][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 241.301121][T10066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 241.321371][T10066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 241.349439][T10066] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 241.374332][T10066] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 241.508613][T10049] device veth0_vlan entered promiscuous mode [ 241.834706][T10051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 241.872726][ T40] audit: type=1400 audit(1594654785.802:48): avc: denied { associate } for pid=10040 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 241.896806][T10051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.032199][T10051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 242.085262][T10051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.144376][T10051] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 242.283386][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 242.322905][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 242.360440][T10049] device veth1_vlan entered promiscuous mode [ 242.366959][T10040] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 242.428237][T10049] device veth0_macvtap entered promiscuous mode [ 242.520069][T10051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 242.563896][T10051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.611571][T10051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 242.729670][T10051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.843971][T10051] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 242.890145][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 242.976970][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 243.045766][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 243.106944][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 243.151492][ T3033] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 243.172897][T10076] ubi0: attaching mtd0 [ 243.210488][T10049] device veth1_macvtap entered promiscuous mode [ 243.317742][T10076] ubi0: scanning is finished [ 243.333917][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 243.406720][T10076] ubi0: empty MTD device detected 15:39:47 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/netfilter\x00') unlinkat(r0, &(0x7f0000000000)='./file0\x00', 0x0) [ 243.728987][T10049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 243.928428][T10049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.007643][T10049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 244.030097][T10076] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) 15:39:48 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000740)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x5, 0x400, 0x0, {0x0, 0x2710}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "a4ef08f666c5d148"}}, 0x48}}, 0x0) [ 244.081417][T10049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.161200][T10049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 244.217457][T10076] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 244.217465][T10076] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 244.217472][T10076] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 244.217478][T10076] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 244.217484][T10076] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 244.217494][T10076] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1657388612 [ 244.217502][T10076] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 244.219775][T10082] ubi0: background thread "ubi_bgt0d" started, PID 10082 [ 244.223834][T10077] ubi: mtd0 is already attached to ubi0 [ 244.257326][T10049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.576955][T10049] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 244.694180][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 244.762489][ T1219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready 15:39:48 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r3, 0x40186f40, 0x76006e) ioctl$VIDIOC_ENUMAUDOUT(r3, 0xc0345642, &(0x7f00000000c0)={0xffffffff, "57c4d7db8f5c0e8012b2d91bcb2994d5e1eab4f421f46917761185cfa5e1d2a6", 0x3}) ioctl$ASHMEM_GET_SIZE(0xffffffffffffffff, 0x40186f40, 0x76006e) ioctl$EVIOCSKEYCODE(r2, 0x40084504, &(0x7f0000000000)=[0x0, 0x81]) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) close(0xffffffffffffffff) 15:39:48 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x21, 0x0, @buffer={0x0, 0x74, &(0x7f0000000000)=""/116}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 244.884422][T10049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 244.935030][T10049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.937673][T10093] ubi: mtd0 is already attached to ubi0 15:39:48 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x21, 0x0, @buffer={0x0, 0x74, &(0x7f0000000000)=""/116}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 244.982805][T10049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 15:39:49 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x21, 0x0, @buffer={0x0, 0x74, &(0x7f0000000000)=""/116}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 245.062962][T10049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.110840][T10049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 245.156181][T10049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.185912][T10049] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 245.213928][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 245.241572][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 15:39:49 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x21, 0x0, @buffer={0x0, 0x74, &(0x7f0000000000)=""/116}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) 15:39:49 executing program 1: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000040), 0x10) 15:39:49 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000180)={{0x97}}) 15:39:49 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000200)={[], [{@seclabel='seclabel'}]}) 15:39:49 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000180)={{0x97}}) 15:39:49 executing program 0: ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x21, 0x0, @buffer={0x0, 0x74, &(0x7f0000000000)=""/116}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) 15:39:49 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000200)={[], [{@seclabel='seclabel'}]}) 15:39:49 executing program 1: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000040), 0x10) 15:39:49 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000180)={{0x97}}) 15:39:50 executing program 0: ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x21, 0x0, @buffer={0x0, 0x74, &(0x7f0000000000)=""/116}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) 15:39:50 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000200)={[], [{@seclabel='seclabel'}]}) 15:39:50 executing program 2: ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000180)={{0x97}}) 15:39:50 executing program 1: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000040), 0x10) 15:39:50 executing program 0: ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x21, 0x0, @buffer={0x0, 0x74, &(0x7f0000000000)=""/116}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) 15:39:50 executing program 2: ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000180)={{0x97}}) 15:39:50 executing program 3: mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000200)={[], [{@seclabel='seclabel'}]}) 15:39:50 executing program 1: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000040), 0x10) 15:39:50 executing program 0: r0 = syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x21, 0x0, @buffer={0x0, 0x74, &(0x7f0000000000)=""/116}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) 15:39:50 executing program 2: ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000180)={{0x97}}) 15:39:50 executing program 3: mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000200)={[], [{@seclabel='seclabel'}]}) 15:39:50 executing program 1: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000040), 0x10) 15:39:50 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000180)={{0x97}}) 15:39:50 executing program 1: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000040), 0x10) 15:39:50 executing program 3: mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000200)={[], [{@seclabel='seclabel'}]}) 15:39:50 executing program 0: r0 = syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x21, 0x0, @buffer={0x0, 0x74, &(0x7f0000000000)=""/116}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) 15:39:50 executing program 1: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000040), 0x10) 15:39:50 executing program 0: r0 = syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x21, 0x0, @buffer={0x0, 0x74, &(0x7f0000000000)=""/116}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) 15:39:50 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000180)={{0x97}}) 15:39:50 executing program 3: mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000200)={[], [{@seclabel='seclabel'}]}) 15:39:50 executing program 0: syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x21, 0x0, @buffer={0x0, 0x74, &(0x7f0000000000)=""/116}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) 15:39:50 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000180)={{0x97}}) 15:39:50 executing program 3: mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000200)={[], [{@seclabel='seclabel'}]}) 15:39:50 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000040), 0x10) 15:39:50 executing program 0: syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x21, 0x0, @buffer={0x0, 0x74, &(0x7f0000000000)=""/116}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) 15:39:50 executing program 2: openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000180)={{0x97}}) 15:39:50 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000040), 0x10) 15:39:50 executing program 0: syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x21, 0x0, @buffer={0x0, 0x74, &(0x7f0000000000)=""/116}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) 15:39:50 executing program 3: mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000200)={[], [{@seclabel='seclabel'}]}) 15:39:50 executing program 2: openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000180)={{0x97}}) 15:39:50 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000040), 0x10) 15:39:50 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000200)={[], [{@seclabel='seclabel'}]}) 15:39:50 executing program 2: openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000180)={{0x97}}) 15:39:50 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) 15:39:50 executing program 1: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000040), 0x10) 15:39:50 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000200)={[], [{@seclabel='seclabel'}]}) 15:39:50 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, 0x0) 15:39:50 executing program 1: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000040), 0x10) 15:39:50 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) 15:39:50 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, 0x0) 15:39:50 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, &(0x7f0000000100)='bpf\x00', 0x0, &(0x7f0000000200)={[], [{@seclabel='seclabel'}]}) 15:39:50 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, 0x0) 15:39:50 executing program 1: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000040), 0x10) 15:39:50 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) 15:39:50 executing program 2: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000180)) 15:39:50 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000500)={0x0, 0x0, 0x21, 0x0, @buffer={0x0, 0x74, &(0x7f0000000000)=""/116}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) 15:39:50 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000200)={[], [{@seclabel='seclabel'}]}) 15:39:50 executing program 1: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, 0x0, 0x0) 15:39:50 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000500)={0x0, 0x0, 0x21, 0x0, @buffer={0x0, 0x74, &(0x7f0000000000)=""/116}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) 15:39:50 executing program 1: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, 0x0, 0x0) 15:39:51 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000500)={0x0, 0x0, 0x21, 0x0, @buffer={0x0, 0x74, &(0x7f0000000000)=""/116}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) 15:39:51 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000200)=0x7f) 15:39:51 executing program 1: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, 0x0, 0x0) 15:39:51 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000200)=0x7f) 15:39:51 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000200)={[], [{@seclabel='seclabel'}]}) 15:39:51 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x21, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 247.336401][ C2] sd 0:0:0:0: [sg0] tag#4 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s 15:39:51 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000200)=0x7f) 15:39:51 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 247.377222][ T40] audit: type=1400 audit(1594654791.312:49): avc: denied { open } for pid=10291 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 247.386899][ C2] sd 0:0:0:0: [sg0] tag#4 CDB: opcode=0x6a (reserved) 15:39:51 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000200)={[], [{@seclabel='seclabel'}]}) [ 247.498202][ T40] audit: type=1400 audit(1594654791.342:50): avc: denied { perfmon } for pid=10291 comm="syz-executor.1" capability=38 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 15:39:51 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000200)=0x7f) [ 247.507973][ C2] sd 0:0:0:0: [sg0] tag#4 CDB[00]: 6a 89 7b 9e c6 f0 25 11 f0 78 a2 79 0f e9 21 43 15:39:51 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x21, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 247.580178][ T40] audit: type=1400 audit(1594654791.342:51): avc: denied { kernel } for pid=10291 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 15:39:51 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, 0x0) 15:39:51 executing program 2: ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000200)=0x7f) [ 247.606511][ C2] sd 0:0:0:0: [sg0] tag#4 CDB[10]: e6 17 03 df b9 94 5c 2f cd 27 cc 13 cb 42 e3 0b [ 247.606526][ C2] sd 0:0:0:0: [sg0] tag#4 CDB[20]: 02 [ 247.717744][ C2] sd 0:0:0:0: [sg0] tag#5 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s 15:39:51 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x0, 0x0) 15:39:51 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000500)={0x53, 0x0, 0x21, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000340)="6a897b9ec6f02511f078a2790fe92143e61703dfb9945c2fcd27cc13cb42e30b02", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 247.730232][ T40] audit: type=1400 audit(1594654791.342:52): avc: denied { confidentiality } for pid=10291 comm="syz-executor.1" lockdown_reason="unsafe use of perf" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 [ 247.754343][ C2] sd 0:0:0:0: [sg0] tag#5 CDB: opcode=0x6a (reserved) [ 247.754362][ C2] sd 0:0:0:0: [sg0] tag#5 CDB[00]: 6a 89 7b 9e c6 f0 25 11 f0 78 a2 79 0f e9 21 43 [ 247.754377][ C2] sd 0:0:0:0: [sg0] tag#5 CDB[10]: e6 17 03 df b9 94 5c 2f cd 27 cc 13 cb 42 e3 0b [ 247.754391][ C2] sd 0:0:0:0: [sg0] tag#5 CDB[20]: 02 [ 247.813147][ C3] sd 0:0:0:0: [sg0] tag#7 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 247.915782][ C3] sd 0:0:0:0: [sg0] tag#7 CDB: opcode=0x6a (reserved) [ 247.915803][ C3] sd 0:0:0:0: [sg0] tag#7 CDB[00]: 6a 89 7b 9e c6 f0 25 11 f0 78 a2 79 0f e9 21 43 [ 247.915820][ C3] sd 0:0:0:0: [sg0] tag#7 CDB[10]: e6 17 03 df b9 94 5c 2f cd 27 cc 13 cb 42 e3 0b [ 247.915835][ C3] sd 0:0:0:0: [sg0] tag#7 CDB[20]: 02 [ 247.942646][T10294] ================================================================== [ 247.944776][T10294] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400 [ 247.944896][T10294] Write of size 8 at addr ffffc900091b1000 by task syz-executor.1/10294 [ 247.944898][T10294] [ 247.945749][T10294] CPU: 3 PID: 10294 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 247.945888][T10294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 247.945917][T10294] Call Trace: [ 247.946476][T10294] dump_stack+0x18f/0x20d [ 247.946563][T10294] ? bitfill_aligned+0x34a/0x400 [ 247.946572][T10294] ? bitfill_aligned+0x34a/0x400 [ 247.946741][T10294] print_address_description.constprop.0.cold+0x5/0x436 [ 247.948531][T10294] ? lockdep_hardirqs_off+0x66/0xa0 [ 247.948774][T10294] ? vprintk_func+0x97/0x1a6 [ 247.948788][T10294] ? bitfill_aligned+0x34a/0x400 [ 247.948796][T10294] kasan_report.cold+0x1f/0x37 [ 247.949100][T10294] ? bitfill_aligned+0x34a/0x400 [ 247.949118][T10294] bitfill_aligned+0x34a/0x400 [ 247.949125][T10294] sys_fillrect+0x408/0x7a0 [ 247.949125][T10294] ? sys_fillrect+0x7a0/0x7a0 [ 247.949125][T10294] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 247.949125][T10294] bit_clear_margins+0x2d5/0x4a0 [ 247.949125][T10294] ? bit_bmove+0x210/0x210 [ 247.949125][T10294] fbcon_clear_margins+0x1d5/0x230 [ 247.949125][T10294] fbcon_switch+0xb6e/0x16c0 [ 247.949125][T10294] ? fbcon_scroll+0x3600/0x3600 [ 247.949125][T10294] ? fbcon_cursor+0x52b/0x650 [ 247.949125][T10294] ? kmalloc_array.constprop.0+0x20/0x20 [ 247.949125][T10294] ? is_console_locked+0x5/0x10 [ 247.949125][T10294] ? fbcon_set_origin+0x26/0x50 [ 247.949125][T10294] redraw_screen+0x2ae/0x770 [ 247.949125][T10294] ? vc_init+0x440/0x440 [ 247.949125][T10294] ? fb_get_color_depth+0x11a/0x240 [ 247.949125][T10294] ? fbcon_set_palette+0x3a8/0x490 [ 247.949125][T10294] fbcon_modechanged+0x575/0x710 [ 247.949125][T10294] fbcon_update_vcs+0x3a/0x50 [ 247.949125][T10294] fb_set_var+0xae8/0xd60 [ 247.949125][T10294] ? fb_blank+0x190/0x190 [ 247.949125][T10294] ? lock_release+0x8d0/0x8d0 [ 247.949125][T10294] ? lock_is_held_type+0xb0/0xe0 [ 247.949125][T10294] ? lock_release+0x8d0/0x8d0 [ 247.949125][T10294] ? do_fb_ioctl+0x2f2/0x6c0 [ 247.949125][T10294] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 247.949125][T10294] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 247.949125][T10294] ? trace_hardirqs_on+0x5f/0x220 [ 247.949125][T10294] do_fb_ioctl+0x33f/0x6c0 [ 247.949125][T10294] ? fb_set_suspend+0x1a0/0x1a0 [ 247.949125][T10294] ? tomoyo_execute_permission+0x470/0x470 [ 247.949125][T10294] ? lock_is_held_type+0xb0/0xe0 [ 247.949125][T10294] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 247.949125][T10294] ? do_vfs_ioctl+0x27d/0x1090 [ 247.949125][T10294] ? __fget_files+0x294/0x400 [ 247.949125][T10294] fb_ioctl+0xdd/0x130 [ 247.949125][T10294] ? do_fb_ioctl+0x6c0/0x6c0 [ 247.949125][T10294] ksys_ioctl+0x11a/0x180 [ 247.949125][T10294] __x64_sys_ioctl+0x6f/0xb0 [ 247.949125][T10294] ? lockdep_hardirqs_on+0x6a/0xe0 [ 247.949125][T10294] do_syscall_64+0x60/0xe0 [ 247.949125][T10294] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 247.949125][T10294] RIP: 0033:0x45c939 [ 247.949125][T10294] Code: Bad RIP value. [ 247.949125][T10294] RSP: 002b:00007f2d2ce2bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 247.949125][T10294] RAX: ffffffffffffffda RBX: 000000000074bfa0 RCX: 000000000045c939 [ 247.949125][T10294] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000004 [ 247.949125][T10294] RBP: 00000000006f9940 R08: 0000000000000000 R09: 0000000000000000 [ 247.949125][T10294] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2d2ce2c6d4 [ 247.949125][T10294] R13: 00000000000002fe R14: 00000000006ed9c0 R15: 00000000004ac5d2 [ 247.949125][T10294] [ 247.949125][T10294] [ 247.949125][T10294] Memory state around the buggy address: [ 247.949125][T10294] ffffc900091b0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 247.949125][T10294] ffffc900091b0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 247.949125][T10294] >ffffc900091b1000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 247.949125][T10294] ^ [ 247.949125][T10294] ffffc900091b1080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 247.949125][T10294] ffffc900091b1100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 247.949125][T10294] ================================================================== [ 247.949125][T10294] Disabling lock debugging due to kernel taint [ 247.954934][T10294] Kernel panic - not syncing: panic_on_warn set ... [ 247.954978][T10294] CPU: 3 PID: 10294 Comm: syz-executor.1 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 247.954984][T10294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 247.955015][T10294] Call Trace: [ 247.955151][T10294] dump_stack+0x18f/0x20d [ 247.955164][T10294] ? bitfill_aligned+0x300/0x400 [ 247.955360][T10294] panic+0x2e3/0x75c [ 247.955382][T10294] ? __warn_printk+0xf3/0xf3 [ 247.955394][T10294] ? preempt_schedule_common+0x59/0xc0 [ 247.955403][T10294] ? bitfill_aligned+0x34a/0x400 [ 247.955542][T10294] ? preempt_schedule_thunk+0x16/0x18 [ 247.955552][T10294] ? trace_hardirqs_on+0x55/0x220 [ 247.955561][T10294] ? bitfill_aligned+0x34a/0x400 [ 247.955569][T10294] ? bitfill_aligned+0x34a/0x400 [ 247.955576][T10294] end_report+0x4d/0x53 [ 247.955584][T10294] kasan_report.cold+0xd/0x37 [ 247.955593][T10294] ? bitfill_aligned+0x34a/0x400 [ 247.955602][T10294] bitfill_aligned+0x34a/0x400 [ 247.955611][T10294] sys_fillrect+0x408/0x7a0 [ 247.955618][T10294] ? sys_fillrect+0x7a0/0x7a0 [ 247.955669][T10294] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 247.955679][T10294] bit_clear_margins+0x2d5/0x4a0 [ 247.955688][T10294] ? bit_bmove+0x210/0x210 [ 247.955698][T10294] fbcon_clear_margins+0x1d5/0x230 [ 247.955707][T10294] fbcon_switch+0xb6e/0x16c0 [ 247.955716][T10294] ? fbcon_scroll+0x3600/0x3600 [ 247.955728][T10294] ? fbcon_cursor+0x52b/0x650 [ 247.955737][T10294] ? kmalloc_array.constprop.0+0x20/0x20 [ 247.955746][T10294] ? is_console_locked+0x5/0x10 [ 247.955753][T10294] ? fbcon_set_origin+0x26/0x50 [ 247.955762][T10294] redraw_screen+0x2ae/0x770 [ 247.955770][T10294] ? vc_init+0x440/0x440 [ 247.955778][T10294] ? fb_get_color_depth+0x11a/0x240 [ 247.955786][T10294] ? fbcon_set_palette+0x3a8/0x490 [ 247.955794][T10294] fbcon_modechanged+0x575/0x710 [ 247.955802][T10294] fbcon_update_vcs+0x3a/0x50 [ 247.955809][T10294] fb_set_var+0xae8/0xd60 [ 247.955818][T10294] ? fb_blank+0x190/0x190 [ 247.955826][T10294] ? lock_release+0x8d0/0x8d0 [ 247.955834][T10294] ? lock_is_held_type+0xb0/0xe0 [ 247.955840][T10294] ? lock_release+0x8d0/0x8d0 [ 247.955850][T10294] ? do_fb_ioctl+0x2f2/0x6c0 [ 247.955861][T10294] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 247.955869][T10294] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 247.955876][T10294] ? trace_hardirqs_on+0x5f/0x220 [ 247.955885][T10294] do_fb_ioctl+0x33f/0x6c0 [ 247.955893][T10294] ? fb_set_suspend+0x1a0/0x1a0 [ 247.955902][T10294] ? tomoyo_execute_permission+0x470/0x470 [ 247.955911][T10294] ? lock_is_held_type+0xb0/0xe0 [ 247.955922][T10294] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 247.955930][T10294] ? do_vfs_ioctl+0x27d/0x1090 [ 247.955941][T10294] ? __fget_files+0x294/0x400 [ 247.955950][T10294] fb_ioctl+0xdd/0x130 [ 247.955957][T10294] ? do_fb_ioctl+0x6c0/0x6c0 [ 247.955963][T10294] ksys_ioctl+0x11a/0x180 [ 247.956002][T10294] __x64_sys_ioctl+0x6f/0xb0 [ 247.956009][T10294] ? lockdep_hardirqs_on+0x6a/0xe0 [ 247.956018][T10294] do_syscall_64+0x60/0xe0 [ 247.956027][T10294] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 247.956084][T10294] RIP: 0033:0x45c939 [ 247.956087][T10294] Code: Bad RIP value. [ 247.956091][T10294] RSP: 002b:00007f2d2ce2bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 247.956098][T10294] RAX: ffffffffffffffda RBX: 000000000074bfa0 RCX: 000000000045c939 [ 247.956103][T10294] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000004 [ 247.956107][T10294] RBP: 00000000006f9940 R08: 0000000000000000 R09: 0000000000000000 [ 247.956111][T10294] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2d2ce2c6d4 [ 247.956115][T10294] R13: 00000000000002fe R14: 00000000006ed9c0 R15: 00000000004ac5d2 [ 247.964032][T10294] Kernel Offset: disabled [ 247.964032][T10294] Rebooting in 86400 seconds..