syzkaller login: [ 178.785244][ T38] audit: type=1400 audit(1589329396.611:41): avc: denied { map } for pid=9386 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:52083' (ECDSA) to the list of known hosts. [ 182.255785][ T38] audit: type=1400 audit(1589329400.081:42): avc: denied { map } for pid=9399 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16524 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/05/13 00:23:20 fuzzer started 2020/05/13 00:23:20 dialing manager at 10.0.2.10:38275 2020/05/13 00:23:20 syscalls: 3017 2020/05/13 00:23:20 code coverage: enabled 2020/05/13 00:23:20 comparison tracing: enabled 2020/05/13 00:23:20 extra coverage: enabled 2020/05/13 00:23:20 setuid sandbox: enabled 2020/05/13 00:23:20 namespace sandbox: enabled 2020/05/13 00:23:20 Android sandbox: /sys/fs/selinux/policy does not exist 2020/05/13 00:23:20 fault injection: enabled 2020/05/13 00:23:20 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/05/13 00:23:20 net packet injection: enabled 2020/05/13 00:23:20 net device setup: enabled 2020/05/13 00:23:20 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/05/13 00:23:20 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/05/13 00:23:20 USB emulation: /dev/raw-gadget does not exist [ 183.098058][ T38] audit: type=1400 audit(1589329400.921:43): avc: denied { integrity } for pid=9416 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 00:24:13 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(cast6)\x00'}, 0x58) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept(r0, 0x0, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha512\x00'}, 0x58) [ 236.311255][ T38] audit: type=1400 audit(1589329454.131:44): avc: denied { map } for pid=9421 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=2107 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 00:24:14 executing program 1: ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000240)='./bus\x00', 0x0) r1 = creat(&(0x7f0000000240)='./bus\x00', 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$P9_RFSYNC(0xffffffffffffffff, 0x0, 0x0) lseek(r1, 0x7ffffc, 0x0) write$binfmt_elf64(r1, &(0x7f0000000700)=ANY=[@ANYBLOB], 0x1a0) fallocate(r0, 0x100000003, 0x0, 0x80019c) lsetxattr(0x0, &(0x7f0000000100)=@known='com.apple.FinderInfo\x00', &(0x7f0000000140)='-].[system\x00', 0xb, 0x0) 00:24:14 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$sock_int(r0, 0x1, 0x4, 0x0, &(0x7f0000000240)) [ 237.198258][ T9425] IPVS: ftp: loaded support on port[0] = 21 [ 237.198327][ T9423] IPVS: ftp: loaded support on port[0] = 21 00:24:15 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x129, &(0x7f0000000140)="94a4b04e04000000000000002b615ac5ee9a8f8cbeaf99cfc4dedd20494d4b895b5804ef58d7cee1761cd167fd6e40d0b1eb346f19367f420083cff2dc39f3cc1e564cd165167d6872a0cdd716000000e1d60bef63eaef5d00001c5449c865576d0cfefa36566d4c68b24ec011e163f2975244707780d868116111aeed76c195ae235abe61f83eb11f66b75e0ac88835a0846e7ca26973c47f1a5545c3b153470a3452f072db58a754cb474f2ae91cc4f81b809362b35b1c9f5160a11e99dc5124129d069c182255545139ff639bd6762d26876757255a29f33019de57449f184fc79330d4c42a8d80732b4744aa59b92dafe7dacf4173699f2d3681d18f716185eca90eae300ca24c486bfea87fa2c90f59fcd1c9b226ca1aa1702d8b2e29400300dcea938e6d4ff7"}}], 0x1c) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x33) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) [ 237.490370][ T9427] IPVS: ftp: loaded support on port[0] = 21 [ 237.765121][ T9423] chnl_net:caif_netlink_parms(): no params data found [ 237.807440][ T9425] chnl_net:caif_netlink_parms(): no params data found [ 237.913863][ T9430] IPVS: ftp: loaded support on port[0] = 21 [ 238.086252][ T9423] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.108244][ T9423] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.141394][ T9423] device bridge_slave_0 entered promiscuous mode [ 238.193864][ T9423] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.214508][ T9423] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.240381][ T9423] device bridge_slave_1 entered promiscuous mode [ 238.312255][ T9427] chnl_net:caif_netlink_parms(): no params data found [ 238.331012][ T9425] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.352216][ T9425] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.378127][ T9425] device bridge_slave_0 entered promiscuous mode [ 238.441559][ T9423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 238.471365][ T9425] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.495801][ T9425] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.512182][ T9425] device bridge_slave_1 entered promiscuous mode [ 238.548189][ T9423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 238.599604][ T9425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 238.634723][ T9425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 238.663687][ T9423] team0: Port device team_slave_0 added [ 238.688633][ T9423] team0: Port device team_slave_1 added [ 238.760661][ T9425] team0: Port device team_slave_0 added [ 238.784653][ T9423] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 238.806395][ T9423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 238.896815][ T9423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 238.937243][ T9423] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 238.973485][ T9423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.055512][ T9423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 239.099458][ T9425] team0: Port device team_slave_1 added [ 239.224256][ T9427] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.245364][ T9427] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.275257][ T9427] device bridge_slave_0 entered promiscuous mode [ 239.302686][ T9425] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 239.326153][ T9425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.410306][ T9425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 239.453441][ T9425] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 239.483818][ T9425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.624465][ T9425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 239.682341][ T9430] chnl_net:caif_netlink_parms(): no params data found [ 239.728043][ T9427] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.752524][ T9427] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.785807][ T9427] device bridge_slave_1 entered promiscuous mode [ 239.871648][ T9423] device hsr_slave_0 entered promiscuous mode [ 239.923456][ T9423] device hsr_slave_1 entered promiscuous mode [ 240.035365][ T9427] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 240.066751][ T9427] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 240.185715][ T9425] device hsr_slave_0 entered promiscuous mode [ 240.252503][ T9425] device hsr_slave_1 entered promiscuous mode [ 240.312174][ T9425] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 240.332228][ T9425] Cannot create hsr debugfs directory [ 240.408100][ T9427] team0: Port device team_slave_0 added [ 240.448385][ T9427] team0: Port device team_slave_1 added [ 240.527180][ T9427] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 240.553782][ T9427] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.679763][ T9427] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 240.737292][ T9427] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 240.771080][ T9427] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.906523][ T9427] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 240.986716][ T9430] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.026430][ T9430] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.073576][ T9430] device bridge_slave_0 entered promiscuous mode [ 241.117331][ T9430] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.157526][ T9430] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.208785][ T9430] device bridge_slave_1 entered promiscuous mode [ 241.427935][ T9427] device hsr_slave_0 entered promiscuous mode [ 241.522506][ T9427] device hsr_slave_1 entered promiscuous mode [ 241.592259][ T9427] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 241.633717][ T9427] Cannot create hsr debugfs directory [ 241.670818][ T9430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 241.726664][ T9430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 241.795894][ T9430] team0: Port device team_slave_0 added [ 241.830833][ T9430] team0: Port device team_slave_1 added [ 241.860115][ T9430] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 241.884163][ T9430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 241.956736][ T9430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 241.997181][ T9430] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 242.011705][ T9430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 242.104008][ T9430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 242.334760][ T9430] device hsr_slave_0 entered promiscuous mode [ 242.382694][ T9430] device hsr_slave_1 entered promiscuous mode [ 242.442154][ T9430] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 242.461215][ T9430] Cannot create hsr debugfs directory [ 242.500683][ T38] audit: type=1400 audit(1589329460.321:45): avc: denied { create } for pid=9423 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 242.510348][ T9423] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 242.570120][ T38] audit: type=1400 audit(1589329460.321:46): avc: denied { write } for pid=9423 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 242.656815][ T38] audit: type=1400 audit(1589329460.321:47): avc: denied { read } for pid=9423 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 242.786275][ T9423] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 242.904270][ T9423] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 243.010364][ T9423] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 243.176730][ T9425] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 243.265210][ T9425] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 243.381252][ T9425] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 243.474587][ T9425] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 243.603689][ T9427] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 243.707442][ T9427] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 243.786185][ T9427] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 243.896869][ T9427] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 243.999626][ T9430] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 244.106141][ T9430] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 244.189115][ T9430] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 244.286367][ T9430] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 244.618940][ T9423] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.699013][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.740023][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.809221][ T9423] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.889178][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 244.967742][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 245.013807][ T1248] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.051650][ T1248] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.107069][ T9425] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.155478][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 245.225817][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 245.280032][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 245.326581][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.374599][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.465261][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 245.519831][ T9425] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.557220][ T9430] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.600153][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.644334][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 245.694911][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 245.763622][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 245.825536][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 245.894941][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 245.959704][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 246.004056][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 246.041246][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 246.083668][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 246.123760][ T3263] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.172585][ T3263] bridge0: port 1(bridge_slave_0) entered forwarding state [ 246.228596][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 246.316360][ T9427] 8021q: adding VLAN 0 to HW filter on device bond0 [ 246.363590][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 246.419004][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 246.463228][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 246.507935][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 246.564409][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 246.595274][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 246.627437][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.654703][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 246.675362][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 246.695621][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 246.736235][ T9430] 8021q: adding VLAN 0 to HW filter on device team0 [ 246.766965][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 246.787757][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 246.835381][ T9427] 8021q: adding VLAN 0 to HW filter on device team0 [ 246.856915][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 246.883814][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 246.909362][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 246.935905][ T1248] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.956362][ T1248] bridge0: port 1(bridge_slave_0) entered forwarding state [ 246.981015][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 247.017502][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 247.051448][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 247.098950][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 247.150310][ T9452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 247.202422][ T9452] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 247.259266][ T9452] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.302290][ T9452] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.357047][ T9447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 247.377148][ T9447] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 247.415300][ T9447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 247.454513][ T9447] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 247.499432][ T9447] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.534569][ T9447] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.567367][ T9447] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 247.607359][ T9447] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 247.676984][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 247.699012][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 247.720972][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 247.747327][ T3263] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.774204][ T3263] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.801340][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 247.825061][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 247.847032][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 247.875278][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 247.909093][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 247.939788][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 247.964398][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 247.988373][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 248.014698][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 248.053363][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 248.076656][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 248.104926][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 248.129179][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 248.171353][ T9423] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 248.211720][ T9425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 248.257336][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 248.283995][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 248.315656][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 248.350933][ T9430] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 248.391233][ T9430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 248.436255][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 248.462807][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 248.478927][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 248.493399][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 248.509805][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 248.532132][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 248.547962][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 248.562469][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 248.580541][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 248.602974][ T9447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 248.620460][ T9447] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 248.648012][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 248.665859][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 248.678410][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 248.689713][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 248.705402][ T9425] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 248.725394][ T9430] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 248.746168][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 248.760696][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 248.792429][ T9427] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 248.805591][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 248.835936][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 248.872831][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 248.894552][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 248.928798][ T9423] device veth0_vlan entered promiscuous mode [ 248.947076][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 248.962359][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 248.991528][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 249.013261][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 249.070559][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 249.087888][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 249.106185][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 249.121738][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 249.146392][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 249.165776][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 249.199881][ T9425] device veth0_vlan entered promiscuous mode [ 249.234319][ T9430] device veth0_vlan entered promiscuous mode [ 249.256265][ T9423] device veth1_vlan entered promiscuous mode [ 249.275652][ T9447] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 249.298574][ T9447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 249.318044][ T9447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 249.345875][ T9447] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 249.368419][ T9447] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 249.399944][ T9425] device veth1_vlan entered promiscuous mode [ 249.424455][ T9427] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 249.441071][ T9430] device veth1_vlan entered promiscuous mode [ 249.513122][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 249.546747][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 249.584051][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 249.616483][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 249.651006][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 249.680088][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 249.703295][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 249.731423][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 249.761323][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 249.792923][ T9430] device veth0_macvtap entered promiscuous mode [ 249.823929][ T9425] device veth0_macvtap entered promiscuous mode [ 249.866370][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 249.914630][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 249.948038][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 249.974157][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 249.999229][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 250.023183][ T9423] device veth0_macvtap entered promiscuous mode [ 250.057246][ T9423] device veth1_macvtap entered promiscuous mode [ 250.092238][ T9430] device veth1_macvtap entered promiscuous mode [ 250.116271][ T9425] device veth1_macvtap entered promiscuous mode [ 250.165554][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 250.192695][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 250.216894][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 250.237534][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 250.257771][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 250.276607][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 250.295821][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 250.327758][ T9423] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 250.349831][ T9427] device veth0_vlan entered promiscuous mode [ 250.367179][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 250.390106][ T62] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 250.417134][ T9430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 250.454489][ T9430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.481315][ T9430] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 250.504209][ T9423] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 250.525458][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 250.546812][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 250.564822][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 250.580913][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 250.598734][ T9430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 250.621339][ T9430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.644188][ T9430] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 250.668129][ T9425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 250.687876][ T9425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.706764][ T9425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 250.727661][ T9425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.749005][ T9425] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 250.764208][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 250.777445][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 250.790537][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 250.803629][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 250.833423][ T9427] device veth1_vlan entered promiscuous mode [ 250.863910][ T9425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 250.892816][ T9425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.915097][ T9425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 250.937579][ T9425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.959908][ T9425] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 251.097876][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 251.119370][ T1248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 251.465890][ T38] audit: type=1400 audit(1589329469.291:48): avc: denied { associate } for pid=9430 comm="syz-executor.3" name="syz3" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 251.943720][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 251.977001][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 252.010810][ T9427] device veth0_macvtap entered promiscuous mode [ 252.062387][ T9427] device veth1_macvtap entered promiscuous mode [ 252.150435][ T9427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 252.207127][ T9427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.270529][ T38] audit: type=1400 audit(1589329470.091:49): avc: denied { open } for pid=9454 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 252.306460][ T9427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 252.424836][ T38] audit: type=1400 audit(1589329470.091:50): avc: denied { confidentiality } for pid=9454 comm="syz-executor.0" lockdown_reason="unsafe use of perf" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 [ 252.460364][ T9427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.549181][ T9427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 252.587361][ T9427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.634819][ T9427] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 252.706468][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 252.727709][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready 00:24:30 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0xb8, 0x0, 0x0, 0xb8, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xb8}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2}}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @remote}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x10c) [ 252.750378][ T3263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 252.778969][ T9427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 252.804446][ T9427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.824853][ T9475] ipt_CLUSTERIP: Please specify destination IP [ 252.842266][ T9427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 00:24:30 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0xb8, 0x0, 0x0, 0xb8, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xb8}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2}}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @remote}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x10c) [ 252.880880][ T9427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.905563][ T9427] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 252.925001][ T9482] ipt_CLUSTERIP: Please specify destination IP [ 252.936787][ T9427] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 00:24:30 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(cast6)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) sendmsg$xdp(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001580)="e356820d7a96391e5eab295bdb2badfbcb99846942591ea812a51adbeaba35dcd75a817d8f406ea40fd7b96cbaf6ddd2e3029452339a4e5eba2aff55c10bac67f5e8d479378c9a8f9ee376145f388b93ffefae5dbe5f79ec371635a643a0df2d39af7eddfa307afe9c1530b858e0adea6c93e51fbbd36a60537dd40548af695904cb34cf5ea88513854211b8ef8befe33b621f1e44a4f9b5b954aa9a79500506881c855a1a9c0c02f28ed5663183e2b0ac9258284275a804044ec0b8ce67b27487f07b24254fdf613f7b10f41b326a57b309b6b0f4fc3f8415e248b80a2871f9b786c16b728c6ff9f1ba8accd2f9479f32a97041f2c1a0823d367b984e1e0df680f4a73812f32d574c9fbba12ed8cc68fcf4e290d5b9a2b2e3b300df2df4f5aae742e92023b4c7895df375179759fafd254149bc22365392b433c302a1be1b534f5997c3beeaec6b9660a87dea7ca4cadf02f92426bfe3cea185a7b8e5a7c7e21817dec0e3ae093aa0790f3287fd25c5d385f3dda43b1df5ffb238cd3bffb9400bfd6877dd3af7c8caea3bd889ddf20b", 0x190}], 0x1}, 0x0) recvmsg(r1, &(0x7f0000000040)={0x0, 0xfffffffffffffefb, &(0x7f000000b600)=[{&(0x7f0000002e80)=""/167, 0x7a10}], 0x1}, 0x0) [ 252.968760][ T9427] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 252.992789][ C1] hrtimer: interrupt took 251517 ns [ 253.007871][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 253.036222][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 00:24:30 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000240)='./bus\x00', 0x0) r1 = creat(&(0x7f0000000240)='./bus\x00', 0x0) openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$P9_RFSYNC(0xffffffffffffffff, 0x0, 0x0) lseek(r1, 0x7ffffc, 0x0) write$binfmt_elf64(r1, &(0x7f0000000700)=ANY=[], 0x1a0) fallocate(r0, 0x100000003, 0x0, 0x80019c) lsetxattr(0x0, 0x0, &(0x7f0000000140)='-].[system\x00', 0xb, 0x0) [ 253.170266][ T9484] ------------[ cut here ]------------ [ 253.180797][ T9484] refcount_t: addition on 0; use-after-free. [ 253.198870][ T9484] WARNING: CPU: 3 PID: 9484 at lib/refcount.c:25 refcount_warn_saturate+0x169/0x1e0 [ 253.202241][ T9484] Kernel panic - not syncing: panic_on_warn set ... [ 253.202241][ T9484] CPU: 3 PID: 9484 Comm: syz-executor.3 Not tainted 5.7.0-rc5-syzkaller #0 [ 253.202241][ T9484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 253.202241][ T9484] Call Trace: [ 253.202241][ T9484] dump_stack+0x188/0x20d [ 253.301605][ T9484] ? refcount_warn_saturate+0xc0/0x1e0 [ 253.301605][ T9484] panic+0x2e3/0x75c [ 253.326174][ T9484] ? add_taint.cold+0x16/0x16 [ 253.341521][ T9484] ? __probe_kernel_read+0x188/0x1d0 [ 253.345426][ T9484] ? __warn.cold+0x14/0x35 [ 253.345426][ T9484] ? refcount_warn_saturate+0x169/0x1e0 [ 253.345426][ T9484] __warn.cold+0x2f/0x35 [ 253.345426][ T9484] ? irq_work_queue+0xc3/0x100 [ 253.345426][ T9484] ? refcount_warn_saturate+0x169/0x1e0 [ 253.345426][ T9484] report_bug+0x27b/0x2f0 [ 253.412080][ T9484] do_error_trap+0x12b/0x220 [ 253.412080][ T9484] ? refcount_warn_saturate+0x169/0x1e0 [ 253.412080][ T9484] do_invalid_op+0x32/0x40 [ 253.412080][ T9484] ? refcount_warn_saturate+0x169/0x1e0 [ 253.412080][ T9484] invalid_op+0x23/0x30 [ 253.412080][ T9484] RIP: 0010:refcount_warn_saturate+0x169/0x1e0 [ 253.412080][ T9484] Code: 06 31 ff 89 de e8 17 d8 dc fd 84 db 0f 85 36 ff ff ff e8 da d6 dc fd 48 c7 c7 00 5c 72 88 c6 05 b3 3f ee 06 01 e8 af 11 ae fd <0f> 0b e9 17 ff ff ff e8 bb d6 dc fd 0f b6 1d 98 3f ee 06 31 ff 89 [ 253.412080][ T9484] RSP: 0018:ffffc90002ea79e0 EFLAGS: 00010286 [ 253.412080][ T9484] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 253.412080][ T9484] RDX: 00000000000041a4 RSI: ffffffff815ce641 RDI: fffff520005d4f2e [ 253.412080][ T9484] RBP: 0000000000000002 R08: ffff88805d07c280 R09: ffffed1005a266a9 [ 253.412080][ T9484] R10: ffff88802d133547 R11: ffffed1005a266a8 R12: ffffffff899735c0 [ 253.412080][ T9484] R13: ffff8880131df050 R14: ffff88801d2f9158 R15: ffff88801d2f9150 [ 253.412080][ T9484] ? vprintk_func+0x81/0x17e [ 253.412080][ T9484] crypto_mod_get+0xc6/0xf0 [ 253.412080][ T9484] crypto_spawn_alg.isra.0+0xa8/0x110 [ 253.412080][ T9484] crypto_spawn_tfm2+0x19/0xb0 [ 253.412080][ T9484] ? cryptd_skcipher_init_tfm+0xe0/0xe0 [ 253.412080][ T9484] cryptd_hash_init_tfm+0x3c/0x120 [ 253.412080][ T9484] ? cryptd_skcipher_init_tfm+0xe0/0xe0 [ 253.412080][ T9484] crypto_create_tfm+0x163/0x2f0 [ 253.412080][ T9484] crypto_alloc_tfm+0x100/0x340 [ 253.412080][ T9484] cryptd_alloc_ahash+0x101/0x200 [ 253.412080][ T9484] ? cryptd_aead_queued+0x70/0x70 [ 253.412080][ T9484] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 253.412080][ T9484] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 253.412080][ T9484] ? __kmalloc+0x62f/0x7a0 [ 253.412080][ T9484] ? crypto_create_tfm+0x79/0x2f0 [ 253.412080][ T9484] ? down_read_nested+0x420/0x420 [ 253.412080][ T9484] ? ghash_async_exit_tfm+0x40/0x40 [ 253.412080][ T9484] ghash_async_init_tfm+0x21/0x100 [ 253.412080][ T9484] ? ghash_async_exit_tfm+0x40/0x40 [ 253.412080][ T9484] ? crypto_create_tfm+0x163/0x2f0 [ 253.412080][ T9484] ? crypto_spawn_tfm2+0x60/0xb0 [ 253.412080][ T9484] ? crypto_gcm_init_tfm+0x3d/0x260 [ 253.412080][ T9484] ? crypto_rfc4106_init_tfm+0x1b0/0x1b0 [ 253.412080][ T9484] ? crypto_aead_init_tfm+0x138/0x1a0 [ 253.412080][ T9484] ? crypto_create_tfm+0xd5/0x2f0 [ 253.412080][ T9484] ? crypto_alloc_tfm+0x100/0x340 [ 253.412080][ T9484] ? aead_release+0x50/0x50 [ 253.412080][ T9484] ? aead_bind+0x69/0x170 [ 253.412080][ T9484] ? alg_bind+0x260/0x530 [ 253.412080][ T9484] ? security_socket_bind+0x82/0xb0 [ 253.412080][ T9484] ? __sys_bind+0x20e/0x250 [ 253.412080][ T9484] ? __ia32_sys_socketpair+0xf0/0xf0 [ 253.412080][ T9484] ? __x64_sys_clock_gettime+0x165/0x240 [ 253.963983][ T9484] ? __ia32_sys_clock_settime+0x260/0x260 [ 253.963983][ T9484] ? trace_hardirqs_off_caller+0x55/0x230 [ 253.963983][ T9484] ? __x64_sys_bind+0x6f/0xb0 [ 253.963983][ T9484] ? lockdep_hardirqs_on+0x463/0x620 [ 253.963983][ T9484] ? do_syscall_64+0xf6/0x7d0 [ 253.963983][ T9484] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 253.963983][ T9484] Kernel Offset: disabled [ 253.963983][ T9484] Rebooting in 86400 seconds..