syzkaller login: [ 65.357086][ T38] audit: type=1400 audit(1575256694.865:41): avc: denied { map } for pid=7933 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:55292' (ECDSA) to the list of known hosts. [ 67.048063][ T38] audit: type=1400 audit(1575256696.555:42): avc: denied { map } for pid=7943 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16525 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2019/12/02 03:18:16 fuzzer started 2019/12/02 03:18:17 dialing manager at 10.0.2.10:40377 2019/12/02 03:18:17 syscalls: 2617 2019/12/02 03:18:17 code coverage: enabled 2019/12/02 03:18:17 comparison tracing: enabled 2019/12/02 03:18:17 extra coverage: extra coverage is not supported by the kernel 2019/12/02 03:18:17 setuid sandbox: enabled 2019/12/02 03:18:17 namespace sandbox: enabled 2019/12/02 03:18:17 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/02 03:18:17 fault injection: enabled 2019/12/02 03:18:17 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/02 03:18:17 net packet injection: enabled 2019/12/02 03:18:17 net device setup: enabled 2019/12/02 03:18:17 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/02 03:18:17 devlink PCI setup: PCI device 0000:00:10.0 is not available 03:18:36 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\xdf\xf2\x02x\x1a\x9cu\xa1\x1b\xdaN\x1c\xef\xe9\nJ\x93\xf2\xee\xe8W\xcd\xc4\xadG\x17e\xf1\xd7\xda\xf7\xa1\xcf\x1f\xa4\xd3\xe32\xa0\x8c\xd4\xd0\x9a\xbb\xe15\xf2E`\xc9SX7\x02HG\xbd.p\xf4m\x8a\xd5u\x9c\x8c\xc0\x1b\x11\xd1.C(R\x16B5_\x1cVY,M\x83x\x89\xbe\xfb\xa5\x99\x99s\xea(D\x8d0\xec\x06\x1d\xe4\x9fw\xe7\x06\x11m\xcfL\x10HW\xf3\xf7\xee_\",\a\'\x11;\x85\x8a\x80S\v\x90\xab\x13\xe4\xc93\x96\x16\'\xdc\xecq\xcdQ\x8d\xec\xe0 \x13\xbd\x1a\x1f0\xcf\xe0\n\xeds\x85\xf2\x7f\xf1\xa4\x1fam\xc7\x12\x90\xf1Z\xbf\x15\xf7t+!}B\x15\a\x13\xbf\xa7\x05\xb1M\x89\xd5\xc43\x94\x84,\xeeFw\xc8\xe7\xa9\x9a\xbe\x0f\x80\xb9\xef\xafg2\xd0\x11\x94\b`\x8apREK*\x19zq\xbcRZ\xb2\xfc#*\xdaG5}\xc0y\xb5B\xa1Aa=\xde\xb4W\xdbC\x82f\xbb\xa12\x8b\x96J\xfa.\xf3mekE\xa0\xf2\xcd\x89\xe3\x99\x9c', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x6db6e559) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000012c0)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\xdf\xf2\x02x\x1a\x9cu\xa1\x1b\xdaN\x1c\xef\xe9\nJ\x93\xf2\xee\xe8W\xcd\xc4\xadG\x17e\xf1\xd7\xda\xf7\xa1\xcf\x1f\xa4\xd3\xe32\xa0\x8c\xd4\xd0\x9a\xbb\xe15\xf2E`\xc9SX7\x02HG\xbd.p\xf4m\x8a\xd5u\x9c\x8c\xc0\x1b\x11\xd1.C(R\x16B5_\x1cVY,M\x83x\x89\xbe\xfb\xa5\x99\x99s\xea(D\x8d0\xec\x06\x1d\xe4\x9fw\xe7\x06\x11m\xcfL\x10HW\xf3\xf7\xee_\",\a\'\x11;\x85\x8a\x80S\v\x90\xab\x13\xe4\xc93\x96\x16\'\xdc\xecq\xcdQ\x8d\xec\xe0 \x13\xbd\x1a\x1f0\xcf\xe0\n\xeds\x85\xf2\x7f\xf1\xa4\x1fam\xc7\x12\x90\xf1Z\xbf\x15\xf7t+!}B\x15\a\x13\xbf\xa7\x05\xb1M\x89\xd5\xc43\x94\x84,\xeeFw\xc8\xff\x03\x00\x00\x00\x00\x00\x00\xafg2\xd0\x11\x94\b`\x8apREK*\x19zq\xbcRZ\xb2\xfc#*\xdaG5}\xc0y\xb5B\xa1Aa=\xde\xb4W\xdbC\x82f\xbb\xa12\x8b\x96J\xfa.\xf3mekE\xa0\xf2\xcd\x89\xe3\x99\x9c', 0x275a, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_udp_int(r2, 0x11, 0x66, 0x0, &(0x7f0000000100)) [ 86.728631][ T38] audit: type=1400 audit(1575256716.235:43): avc: denied { map } for pid=7966 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=3079 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 03:18:36 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) [ 86.863496][ T7967] IPVS: ftp: loaded support on port[0] = 21 [ 86.914590][ T7969] IPVS: ftp: loaded support on port[0] = 21 [ 86.945080][ T7967] chnl_net:caif_netlink_parms(): no params data found [ 86.978208][ T7967] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.984983][ T7967] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.992240][ T7967] device bridge_slave_0 entered promiscuous mode [ 86.999349][ T7967] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.006101][ T7967] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.013152][ T7967] device bridge_slave_1 entered promiscuous mode [ 87.028457][ T7967] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.039154][ T7967] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.060101][ T7967] team0: Port device team_slave_0 added [ 87.067768][ T7967] team0: Port device team_slave_1 added [ 87.095522][ T7969] chnl_net:caif_netlink_parms(): no params data found [ 87.162388][ T7967] device hsr_slave_0 entered promiscuous mode [ 87.230591][ T7967] device hsr_slave_1 entered promiscuous mode [ 87.306485][ T7969] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.313543][ T7969] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.320421][ T7969] device bridge_slave_0 entered promiscuous mode [ 87.331791][ T7969] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.338830][ T7969] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.346544][ T7969] device bridge_slave_1 entered promiscuous mode [ 87.368466][ T7969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.368899][ T38] audit: type=1400 audit(1575256716.875:44): avc: denied { create } for pid=7967 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 87.377148][ T7967] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 87.400695][ T38] audit: type=1400 audit(1575256716.875:45): avc: denied { write } for pid=7967 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 87.400712][ T38] audit: type=1400 audit(1575256716.875:46): avc: denied { read } for pid=7967 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 87.493838][ T7969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.502959][ T7967] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.556067][ T7967] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.625459][ T7967] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.694085][ T7969] team0: Port device team_slave_0 added [ 87.701320][ T7969] team0: Port device team_slave_1 added [ 87.782488][ T7969] device hsr_slave_0 entered promiscuous mode [ 87.820599][ T7969] device hsr_slave_1 entered promiscuous mode [ 87.860550][ T7969] debugfs: Directory 'hsr0' with parent '/' already present! [ 87.870350][ T7967] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.870399][ T7967] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.884947][ T7967] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.891374][ T7967] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.916139][ T7969] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 87.972243][ T7969] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.032678][ T7969] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.152656][ T33] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.171153][ T33] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.184687][ T7969] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.308287][ T7967] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.325497][ T1205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 88.333239][ T1205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 88.344275][ T7967] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.355182][ T1205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 88.363758][ T1205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 88.372179][ T1205] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.378978][ T1205] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.392632][ T7969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.400669][ T1205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 88.408999][ T1205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 88.418225][ T1205] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.425383][ T1205] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.439847][ T7975] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 88.447922][ T7975] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 88.454878][ T7975] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 88.464605][ T7969] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.473607][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 88.482116][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.490827][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.499240][ T7973] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 88.509429][ T1205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 88.517769][ T1205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 88.526176][ T1205] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.533085][ T1205] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.540030][ T1205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 88.548736][ T1205] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.557786][ T1205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 88.565583][ T1205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 88.574118][ T1205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 88.582488][ T1205] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.589320][ T1205] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.601908][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 88.610139][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 88.618346][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 88.630073][ T7967] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 88.640979][ T7967] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 88.652976][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 88.661016][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 88.668983][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 88.677484][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.686309][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.694727][ T7977] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 88.707304][ T7975] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 88.715365][ T7975] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.730899][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 88.739044][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 88.747593][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 88.754890][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 88.762259][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 88.771361][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 88.780442][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 88.789559][ T7967] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.802204][ T38] audit: type=1400 audit(1575256718.315:47): avc: denied { associate } for pid=7967 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 88.807540][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 88.831345][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 88.842943][ T7969] 8021q: adding VLAN 0 to HW filter on device batadv0 03:18:38 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:38 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:38 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:38 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) 03:18:38 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") r1 = socket$inet6(0xa, 0x3, 0x7) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:38 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") r1 = socket$inet6(0xa, 0x3, 0x7) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:38 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") r1 = socket$inet6(0xa, 0x3, 0x7) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:38 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x4}], 0x18}], 0x146, 0x0) 03:18:38 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:38 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:38 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) exit(0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:38 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:38 executing program 1: socket$inet6(0xa, 0x3, 0x6b) r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:38 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:39 executing program 1: r0 = socket$inet6(0xa, 0x0, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:39 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) exit(0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:39 executing program 1: r0 = socket$inet6(0xa, 0x0, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:39 executing program 1: r0 = socket$inet6(0xa, 0x0, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:39 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:40 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) exit(0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:40 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:40 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:40 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:41 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) exit(0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:41 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:41 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:41 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, 0x0, 0x0) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:42 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, 0x0, 0x0) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, 0x0, 0x0) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:42 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:42 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:42 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)=[@op={0x18, 0x29, 0x37}], 0x18}], 0x146, 0x0) 03:18:42 executing program 0: mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, 0xffffffffffffffff, 0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, 0x0, 0x0, 0x0) 03:18:42 executing program 0: mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, 0xffffffffffffffff, 0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, 0x0, 0x0, 0x0) 03:18:42 executing program 0: mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, 0xffffffffffffffff, 0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, 0x0, 0x0, 0x0) 03:18:42 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0), 0x0, 0x0) 03:18:42 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0), 0x0, 0x0) 03:18:42 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0), 0x0, 0x0) 03:18:42 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0}], 0x1, 0x0) 03:18:42 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0}], 0x1, 0x0) 03:18:42 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0}], 0x1, 0x0) 03:18:42 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, 0xffffffffffffffff, 0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)}], 0x1, 0x0) 03:18:42 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, 0xffffffffffffffff, 0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)}], 0x1, 0x0) 03:18:42 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, 0xffffffffffffffff, 0x0) futex(0x0, 0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0xff00, 0x0, 0x0, &(0x7f0000002780)}], 0x1, 0x0) 03:18:42 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:18:42 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:18:42 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6b) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0815b5055e0bcfe87b3071") r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000200)={0x2, 0x1004e20, @loopback}, 0x10) connect$inet(r1, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000038c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 03:18:42 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 93.000730][ T8185] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 03:18:42 executing program 1: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet6_tcp(0xa, 0x1, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000005c0)={'\x04\x00\x00\x00\x00\x00\x00\x002\x00\x10\x00', 0xd803}) dup3(0xffffffffffffffff, r2, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000840)={{{@in=@broadcast, @in=@dev}}, {{@in=@loopback}, 0x0, @in6}}, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e539841431a}) write(r1, &(0x7f00000001c0), 0xfffffef3) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f00000001c0), 0xfffffef3) read(r4, &(0x7f0000000200)=""/250, 0x50c7e3e3) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0xffffffff}, 0x0, &(0x7f0000000140)={0x1ff, 0xfffffffffffffffe}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r6 = gettid() ptrace$setopts(0x4206, r6, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)) getpgid(0xffffffffffffffff) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r7 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r7, 0x0, 0x0) sendmmsg(r7, &(0x7f0000000240), 0x400000000000052, 0x0) 03:18:42 executing program 0: ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, 0x0) ioctl$TCSETAW(0xffffffffffffffff, 0x5407, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x107fffffff) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) syz_open_procfs(0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x879, 0x0) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) fcntl$setpipe(r1, 0x407, 0x0) setsockopt$sock_void(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) [ 93.148543][ T8197] ================================================================== [ 93.156517][ T8197] BUG: KASAN: slab-out-of-bounds in pipe_write+0xe30/0x1000 [ 93.158286][ T8197] Write of size 8 at addr ffff888024c0efa8 by task syz-executor.0/8197 [ 93.158286][ T8197] [ 93.158286][ T8197] CPU: 1 PID: 8197 Comm: syz-executor.0 Not tainted 5.4.0-syzkaller #0 [ 93.176421][ T8197] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 93.176421][ T8197] Call Trace: [ 93.176421][ T8197] dump_stack+0x197/0x210 [ 93.176421][ T8197] ? pipe_write+0xe30/0x1000 [ 93.176421][ T8197] print_address_description.constprop.0.cold+0xd4/0x30b [ 93.176421][ T8197] ? pipe_write+0xe30/0x1000 [ 93.176421][ T8197] ? pipe_write+0xe30/0x1000 [ 93.176421][ T8197] __kasan_report.cold+0x1b/0x41 [ 93.176421][ T8197] ? pipe_write+0xe30/0x1000 [ 93.176421][ T8197] kasan_report+0x12/0x20 [ 93.176421][ T8197] __asan_report_store8_noabort+0x17/0x20 [ 93.176421][ T8197] pipe_write+0xe30/0x1000 [ 93.176421][ T8197] new_sync_write+0x4d3/0x770 [ 93.176421][ T8197] ? new_sync_read+0x800/0x800 [ 93.176421][ T8197] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 93.176421][ T8197] ? security_file_permission+0x8f/0x380 [ 93.176421][ T8197] __vfs_write+0xe1/0x110 [ 93.176421][ T8197] vfs_write+0x268/0x5d0 [ 93.273873][ T8197] ksys_write+0x220/0x290 [ 93.273873][ T8197] ? __ia32_sys_read+0xb0/0xb0 [ 93.273873][ T8197] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 93.290827][ T8197] ? do_syscall_64+0x26/0x790 [ 93.290827][ T8197] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 93.301540][ T8197] ? do_syscall_64+0x26/0x790 [ 93.301540][ T8197] __x64_sys_write+0x73/0xb0 [ 93.310288][ T8197] do_syscall_64+0xfa/0x790 [ 93.310288][ T8197] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 93.310288][ T8197] RIP: 0033:0x45a759 [ 93.310288][ T8197] Code: bd b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 93.342886][ T8197] RSP: 002b:00007f54b6d56c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 93.342886][ T8197] RAX: ffffffffffffffda RBX: 000000000072bf00 RCX: 000000000045a759 [ 93.362663][ T8197] RDX: 00000000fffffef3 RSI: 00000000200001c0 RDI: 0000000000000004 [ 93.372412][ T8197] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 93.372412][ T8197] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f54b6d576d4 [ 93.381534][ T8197] R13: 00000000004ae831 R14: 00000000006f7bb0 R15: 00000000ffffffff [ 93.381534][ T8197] [ 93.381534][ T8197] Allocated by task 8201: [ 93.381534][ T8197] save_stack+0x23/0x90 [ 93.381534][ T8197] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 93.381534][ T8197] kasan_kmalloc+0x9/0x10 [ 93.381534][ T8197] __kmalloc+0x163/0x770 [ 93.381534][ T8197] pipe_fcntl+0x3f7/0x8e0 [ 93.381534][ T8197] do_fcntl+0x255/0x1030 [ 93.381534][ T8197] __x64_sys_fcntl+0x16d/0x1e0 [ 93.381534][ T8197] do_syscall_64+0xfa/0x790 [ 93.381534][ T8197] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 93.381534][ T8197] [ 93.381534][ T8197] Freed by task 8069: [ 93.381534][ T8197] save_stack+0x23/0x90 [ 93.381534][ T8197] __kasan_slab_free+0x102/0x150 [ 93.381534][ T8197] kasan_slab_free+0xe/0x10 [ 93.381534][ T8197] kfree+0x10a/0x2c0 [ 93.381534][ T8197] __free_fdtable+0x62/0x80 [ 93.381534][ T8197] put_files_struct+0x253/0x2f0 [ 93.381534][ T8197] exit_files+0x83/0xb0 [ 93.381534][ T8197] do_exit+0x8b5/0x2ef0 [ 93.381534][ T8197] do_group_exit+0x135/0x360 [ 93.381534][ T8197] get_signal+0x47c/0x24f0 [ 93.381534][ T8197] do_signal+0x87/0x1700 [ 93.381534][ T8197] exit_to_usermode_loop+0x286/0x380 [ 93.381534][ T8197] do_syscall_64+0x676/0x790 [ 93.381534][ T8197] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 93.381534][ T8197] [ 93.381534][ T8197] The buggy address belongs to the object at ffff888024c0ef80 [ 93.381534][ T8197] which belongs to the cache kmalloc-64(17:syz0) of size 64 [ 93.381534][ T8197] The buggy address is located 40 bytes inside of [ 93.381534][ T8197] 64-byte region [ffff888024c0ef80, ffff888024c0efc0) [ 93.381534][ T8197] The buggy address belongs to the page: [ 93.381534][ T8197] page:ffffea0000930380 refcount:1 mapcount:0 mapping:ffff88807147e540 index:0xffff888024c0e000 [ 93.381534][ T8197] raw: 00fffe0000000200 ffffea0000ad9048 ffff888027eaa238 ffff88807147e540 [ 93.381534][ T8197] raw: ffff888024c0e000 ffff888024c0e000 0000000100000018 0000000000000000 [ 93.381534][ T8197] page dumped because: kasan: bad access detected [ 93.381534][ T8197] [ 93.381534][ T8197] Memory state around the buggy address: [ 93.381534][ T8197] ffff888024c0ee80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 93.381534][ T8197] ffff888024c0ef00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 93.381534][ T8197] >ffff888024c0ef80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 93.381534][ T8197] ^ [ 93.381534][ T8197] ffff888024c0f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 93.381534][ T8197] ffff888024c0f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 93.381534][ T8197] ================================================================== [ 93.381534][ T8197] Disabling lock debugging due to kernel taint [ 93.649281][ T8197] Kernel panic - not syncing: panic_on_warn set ... [ 93.655889][ T8197] CPU: 1 PID: 8197 Comm: syz-executor.0 Tainted: G B 5.4.0-syzkaller #0 [ 93.658631][ T8197] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 93.658631][ T8197] Call Trace: [ 93.658631][ T8197] dump_stack+0x197/0x210 [ 93.658631][ T8197] panic+0x2e3/0x75c [ 93.658631][ T8197] ? add_taint.cold+0x16/0x16 [ 93.658631][ T8197] ? pipe_write+0xe30/0x1000 [ 93.658631][ T8197] ? preempt_schedule+0x4b/0x60 [ 93.658631][ T8197] ? ___preempt_schedule+0x16/0x18 [ 93.658631][ T8197] ? trace_hardirqs_on+0x5e/0x240 [ 93.658631][ T8197] ? pipe_write+0xe30/0x1000 [ 93.658631][ T8197] end_report+0x47/0x4f [ 93.658631][ T8197] ? pipe_write+0xe30/0x1000 [ 93.658631][ T8197] __kasan_report.cold+0xe/0x41 [ 93.658631][ T8197] ? pipe_write+0xe30/0x1000 [ 93.658631][ T8197] kasan_report+0x12/0x20 [ 93.658631][ T8197] __asan_report_store8_noabort+0x17/0x20 [ 93.658631][ T8197] pipe_write+0xe30/0x1000 [ 93.658631][ T8197] new_sync_write+0x4d3/0x770 [ 93.658631][ T8197] ? new_sync_read+0x800/0x800 [ 93.658631][ T8197] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 93.658631][ T8197] ? security_file_permission+0x8f/0x380 [ 93.658631][ T8197] __vfs_write+0xe1/0x110 [ 93.658631][ T8197] vfs_write+0x268/0x5d0 [ 93.658631][ T8197] ksys_write+0x220/0x290 [ 93.658631][ T8197] ? __ia32_sys_read+0xb0/0xb0 [ 93.658631][ T8197] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 93.658631][ T8197] ? do_syscall_64+0x26/0x790 [ 93.658631][ T8197] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 93.658631][ T8197] ? do_syscall_64+0x26/0x790 [ 93.658631][ T8197] __x64_sys_write+0x73/0xb0 [ 93.658631][ T8197] do_syscall_64+0xfa/0x790 [ 93.658631][ T8197] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 93.658631][ T8197] RIP: 0033:0x45a759 [ 93.658631][ T8197] Code: bd b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 93.658631][ T8197] RSP: 002b:00007f54b6d56c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 93.658631][ T8197] RAX: ffffffffffffffda RBX: 000000000072bf00 RCX: 000000000045a759 [ 93.658631][ T8197] RDX: 00000000fffffef3 RSI: 00000000200001c0 RDI: 0000000000000004 [ 93.658631][ T8197] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 93.658631][ T8197] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f54b6d576d4 [ 93.658631][ T8197] R13: 00000000004ae831 R14: 00000000006f7bb0 R15: 00000000ffffffff [ 93.658631][ T8197] Kernel Offset: disabled [ 93.658631][ T8197] Rebooting in 86400 seconds..