[?25l[?1c7[ ok 8[?25h[?0c. [ 33.488031] audit: type=1800 audit(1555884065.456:33): pid=6999 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 33.512252] audit: type=1800 audit(1555884065.456:34): pid=6999 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.586609] random: sshd: uninitialized urandom read (32 bytes read) [ 36.980971] audit: type=1400 audit(1555884068.956:35): avc: denied { map } for pid=7173 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 37.034323] random: sshd: uninitialized urandom read (32 bytes read) [ 37.687435] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.125' (ECDSA) to the list of known hosts. [ 43.334398] random: sshd: uninitialized urandom read (32 bytes read) 2019/04/21 22:01:15 fuzzer started [ 43.529011] audit: type=1400 audit(1555884075.496:36): avc: denied { map } for pid=7182 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 45.179804] random: cc1: uninitialized urandom read (8 bytes read) 2019/04/21 22:01:18 dialing manager at 10.128.0.105:43303 2019/04/21 22:01:18 syscalls: 2434 2019/04/21 22:01:18 code coverage: enabled 2019/04/21 22:01:18 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/04/21 22:01:18 extra coverage: extra coverage is not supported by the kernel 2019/04/21 22:01:18 setuid sandbox: enabled 2019/04/21 22:01:18 namespace sandbox: enabled 2019/04/21 22:01:18 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/21 22:01:18 fault injection: enabled 2019/04/21 22:01:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/21 22:01:18 net packet injection: enabled 2019/04/21 22:01:18 net device setup: enabled [ 47.712476] random: crng init done 22:03:33 executing program 5: 22:03:33 executing program 0: 22:03:33 executing program 3: 22:03:33 executing program 1: [ 181.175070] audit: type=1400 audit(1555884213.146:37): avc: denied { map } for pid=7182 comm="syz-fuzzer" path="/root/syzkaller-shm023810955" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 22:03:33 executing program 4: 22:03:33 executing program 2: [ 181.208529] audit: type=1400 audit(1555884213.176:38): avc: denied { map } for pid=7200 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13624 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 182.110252] IPVS: ftp: loaded support on port[0] = 21 [ 182.427844] chnl_net:caif_netlink_parms(): no params data found [ 182.435098] IPVS: ftp: loaded support on port[0] = 21 [ 182.488461] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.495243] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.502450] device bridge_slave_0 entered promiscuous mode [ 182.513970] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.520555] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.536432] device bridge_slave_1 entered promiscuous mode [ 182.563873] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.573152] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.591707] IPVS: ftp: loaded support on port[0] = 21 [ 182.604619] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.613692] team0: Port device team_slave_0 added [ 182.626728] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.634109] team0: Port device team_slave_1 added [ 182.639743] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.657021] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.762538] device hsr_slave_0 entered promiscuous mode [ 182.830327] device hsr_slave_1 entered promiscuous mode [ 182.913319] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 182.931804] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 182.938614] chnl_net:caif_netlink_parms(): no params data found [ 182.958524] IPVS: ftp: loaded support on port[0] = 21 [ 182.996828] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.003412] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.010410] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.016981] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.097202] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.103858] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.111711] device bridge_slave_0 entered promiscuous mode [ 183.118622] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.125071] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.132592] device bridge_slave_1 entered promiscuous mode [ 183.149395] chnl_net:caif_netlink_parms(): no params data found [ 183.206083] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.219620] IPVS: ftp: loaded support on port[0] = 21 [ 183.230608] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.237086] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.244622] device bridge_slave_0 entered promiscuous mode [ 183.256078] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.270807] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.277189] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.284428] device bridge_slave_1 entered promiscuous mode [ 183.315307] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 183.321734] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.349421] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.356741] team0: Port device team_slave_0 added [ 183.365385] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.372684] team0: Port device team_slave_1 added [ 183.378167] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.386463] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.395899] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 183.412141] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.432942] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.440956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.449149] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.456325] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.463494] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 183.476158] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 183.482304] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.520244] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.527545] team0: Port device team_slave_0 added [ 183.535921] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.543223] team0: Port device team_slave_1 added [ 183.582131] device hsr_slave_0 entered promiscuous mode [ 183.620425] device hsr_slave_1 entered promiscuous mode [ 183.673456] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 183.682371] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.696328] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.712786] IPVS: ftp: loaded support on port[0] = 21 [ 183.742531] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 183.749801] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.758934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.766580] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.773077] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.782259] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.790667] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.812695] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.820711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.828620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.836340] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.842705] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.868053] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.922454] device hsr_slave_0 entered promiscuous mode [ 183.960394] device hsr_slave_1 entered promiscuous mode [ 184.000424] chnl_net:caif_netlink_parms(): no params data found [ 184.009823] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 184.025754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.036356] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 184.052398] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 184.091653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.102803] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 184.139177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.147638] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.158063] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 184.172550] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 184.191856] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.198972] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.208793] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.216617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 184.226218] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.246491] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.257303] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 184.275513] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.283872] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.291751] device bridge_slave_0 entered promiscuous mode [ 184.304402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 184.312250] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 184.322818] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 184.328874] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 184.336120] chnl_net:caif_netlink_parms(): no params data found [ 184.344298] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.351455] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.358884] device bridge_slave_1 entered promiscuous mode [ 184.403563] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.413418] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.427252] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 184.471952] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.496350] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 184.504035] team0: Port device team_slave_0 added [ 184.509701] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.517844] team0: Port device team_slave_1 added [ 184.524291] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.575132] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.581960] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.588916] device bridge_slave_0 entered promiscuous mode [ 184.595917] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.602390] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.609382] device bridge_slave_1 entered promiscuous mode [ 184.624179] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.657398] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.672789] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.683788] 8021q: adding VLAN 0 to HW filter on device bond0 22:03:36 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x20011, r2, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x2, 0x0, 0x1000, &(0x7f0000003000/0x1000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 184.745445] device hsr_slave_0 entered promiscuous mode [ 184.793401] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 184.808538] device hsr_slave_1 entered promiscuous mode [ 184.820537] audit: type=1400 audit(1555884216.786:39): avc: denied { map } for pid=7235 comm="syz-executor.1" path="/dev/sg0" dev="devtmpfs" ino=15585 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:scsi_generic_device_t:s0 tclass=chr_file permissive=1 [ 184.860993] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 184.869147] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 184.878955] chnl_net:caif_netlink_parms(): no params data found 22:03:36 executing program 1: [ 184.913763] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 184.927902] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready 22:03:36 executing program 1: [ 184.953964] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.962939] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.975321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.987130] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready 22:03:37 executing program 1: [ 184.999953] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.007115] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 185.019336] team0: Port device team_slave_0 added 22:03:37 executing program 1: 22:03:37 executing program 1: [ 185.057018] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 185.074410] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.085560] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 185.093772] team0: Port device team_slave_1 added [ 185.099959] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.136438] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.144011] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.151310] device bridge_slave_0 entered promiscuous mode [ 185.161078] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 185.167508] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 185.176171] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 185.185899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.193194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.200257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.207966] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.215830] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.222249] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.229705] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.237782] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.246151] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.253659] device bridge_slave_1 entered promiscuous mode [ 185.281334] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.291523] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 185.300707] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.311783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.322887] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.330655] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.337033] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.357854] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 185.364051] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.380738] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 185.391244] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 185.409192] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 185.443907] device hsr_slave_0 entered promiscuous mode [ 185.470381] device hsr_slave_1 entered promiscuous mode [ 185.517183] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 185.524366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.532278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.539935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.548726] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.557855] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 185.571614] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 185.578840] team0: Port device team_slave_0 added [ 185.584591] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 185.591986] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 185.599278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.608397] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.616140] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.622514] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.629861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.640261] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.647541] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 185.655983] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 185.663354] team0: Port device team_slave_1 added [ 185.668893] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.676819] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 185.684835] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 185.695516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.703431] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.711134] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.717472] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.724574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.733030] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.743095] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 185.766879] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 185.774146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.782540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 185.790343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 185.802347] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 185.814796] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 185.864150] device hsr_slave_0 entered promiscuous mode [ 185.920423] device hsr_slave_1 entered promiscuous mode [ 185.973187] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 185.980884] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 185.988251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.996293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.004031] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.013320] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 186.022986] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.033641] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 186.039701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.048517] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 186.055732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.063896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.072062] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.083451] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 186.091079] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.100477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.118242] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 186.131413] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 186.141184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.148882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.167156] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 186.173441] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.183343] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 186.192797] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 186.203525] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.216298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.224296] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.232479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.241233] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.249653] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.262491] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 186.268583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.279247] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 186.296715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.305049] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.313898] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.320310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.337420] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 186.352720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.366943] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.375322] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 186.394117] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.403495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.412734] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.421624] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.428167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.438536] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 186.453050] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 186.469639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.493058] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 186.500573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.525613] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 186.536170] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 186.542800] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.549663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.558747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.567321] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 186.578347] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.586992] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 186.597802] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 186.606265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.614521] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 22:03:38 executing program 2: [ 186.622339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.630934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.638806] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.645249] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.652872] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.670494] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.679150] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.685559] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.704669] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 186.715567] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 186.725887] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 186.735009] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.746069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.753742] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.761664] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.769499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.783067] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 186.791905] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 186.802460] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 186.809559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.817341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.824604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.832759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.840753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.851127] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 186.859007] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 186.869427] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 186.878758] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 186.885545] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.893645] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 186.905128] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 186.911677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.918663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.926474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.934254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.942124] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.949647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.958071] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.965824] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.975873] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 186.987789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.995762] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.003509] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.010204] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.017205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.027878] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 187.044854] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 187.052539] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 187.059292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.068076] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.075805] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.082202] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.089217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.097344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.106951] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 187.119197] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 187.129135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.136926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.145053] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.155194] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.165013] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 187.171775] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.181186] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 187.190928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.204351] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 187.217389] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 187.224970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.233609] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.242255] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.251646] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 187.263671] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.274510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.284019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.303643] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 187.311933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.319545] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.334244] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 187.341441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.349072] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.361668] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 187.367755] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.388095] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 187.400721] 8021q: adding VLAN 0 to HW filter on device batadv0 22:03:39 executing program 0: 22:03:40 executing program 3: 22:03:40 executing program 5: 22:03:40 executing program 1: 22:03:40 executing program 2: 22:03:40 executing program 4: 22:03:40 executing program 0: 22:03:40 executing program 4: 22:03:40 executing program 2: 22:03:40 executing program 0: 22:03:40 executing program 5: 22:03:40 executing program 1: 22:03:40 executing program 3: 22:03:40 executing program 0: 22:03:40 executing program 1: 22:03:40 executing program 4: 22:03:40 executing program 5: 22:03:40 executing program 2: 22:03:40 executing program 3: 22:03:40 executing program 1: 22:03:40 executing program 4: 22:03:40 executing program 0: 22:03:40 executing program 5: 22:03:40 executing program 2: 22:03:40 executing program 3: 22:03:40 executing program 1: 22:03:40 executing program 4: 22:03:40 executing program 5: 22:03:40 executing program 3: 22:03:40 executing program 0: 22:03:40 executing program 2: 22:03:40 executing program 5: 22:03:40 executing program 0: 22:03:40 executing program 2: 22:03:40 executing program 1: 22:03:40 executing program 4: 22:03:40 executing program 3: 22:03:40 executing program 5: 22:03:40 executing program 1: 22:03:40 executing program 2: 22:03:40 executing program 0: 22:03:40 executing program 4: 22:03:40 executing program 3: 22:03:40 executing program 5: 22:03:41 executing program 2: 22:03:41 executing program 1: 22:03:41 executing program 0: 22:03:41 executing program 1: 22:03:41 executing program 5: 22:03:41 executing program 3: 22:03:41 executing program 4: 22:03:41 executing program 2: 22:03:41 executing program 0: 22:03:41 executing program 3: 22:03:41 executing program 2: 22:03:41 executing program 4: 22:03:41 executing program 5: 22:03:41 executing program 1: 22:03:41 executing program 0: 22:03:41 executing program 3: 22:03:41 executing program 2: 22:03:41 executing program 4: 22:03:41 executing program 1: 22:03:41 executing program 0: 22:03:41 executing program 3: 22:03:41 executing program 2: 22:03:41 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCFLSH(r0, 0x5452, 0x70c000) 22:03:41 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0adc1f123c123f319bd070") r1 = syz_open_procfs(0x0, &(0x7f0000000140)='oom_score_adj\x00') sendfile(r1, r1, 0x0, 0x10000000000443) 22:03:41 executing program 1: clone(0x3106001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x40000000, 0x0) r0 = gettid() tkill(r0, 0x22) tkill(r0, 0x0) 22:03:41 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) recvmmsg(r0, &(0x7f0000003480)=[{{0x0, 0x0, &(0x7f0000002700)=[{&(0x7f0000001240)=""/75, 0x4b}], 0x1}}], 0x1, 0x0, 0x0) shutdown(r0, 0x0) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000e40), 0x4) 22:03:41 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x2) ioctl$VIDIOC_ENUM_DV_TIMINGS(0xffffffffffffffff, 0xc0945662, 0x0) setsockopt$inet_int(r0, 0x0, 0xca, &(0x7f0000000000), 0x10) 22:03:41 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000080)) 22:03:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f00000001c0)=[@acquire], 0x0, 0x0, 0x0}) close(r0) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0xc, 0x0, &(0x7f00000000c0)=[@clear_death], 0x0, 0x0, 0x0}) 22:03:41 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x20000, 0x0) r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, 0x0) shutdown(r0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @remote, 0x7}], 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x9}, 0x1c) mincore(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000000)={0x6, 0x0, 0x0, 0x85e1, 0x0, 0x0, 0x0, 0x1}) openat$vhci(0xffffffffffffff9c, 0x0, 0x246) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0) write$P9_RLERRORu(0xffffffffffffffff, 0x0, 0x0) openat$vhci(0xffffffffffffff9c, 0x0, 0x0) 22:03:41 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1800008912, &(0x7f00000001c0)="1098ce66000000007be070") r1 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr="e05143b87b69db714387344cfcc1e729"}, 0x1c) [ 189.554767] audit: type=1400 audit(1555884221.526:40): avc: denied { set_context_mgr } for pid=7425 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 22:03:41 executing program 4: r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x101000) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000240)='/dev/vcs#\x00', 0x4, 0x230200) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) close(0xffffffffffffffff) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, 0x0, &(0x7f0000000340)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$SIOCX25SDTEFACILITIES(r0, 0x89eb, &(0x7f00000000c0)={0x10000, 0x200, 0xffffffffffffffff, 0x2, 0x3, 0x4, 0x17, "12bfd37162994acbb6ff6c2b64b007e76e6e7538", "944641ad903f6f0b2417b73767bf8128a7e40984"}) syz_genetlink_get_family_id$tipc2(0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x3, 0x7, 0x9, 0x101, 0x0, 0x4, 0x1, 0x0, 0x800, 0x2, 0x12000000, 0xe0b0, 0xff, 0x6ef6, 0x5, 0x8001, 0x0, 0x4, 0x8, 0x7ff, 0xfffffffffffffffb, 0x1, 0x8, 0x2, 0x5, 0x6, 0x1, 0x8, 0x9, 0x8000, 0x80000000, 0x1, 0x8, 0x4, 0x10001, 0x1, 0x0, 0x0, 0x1, @perf_config_ext={0x9f, 0x1}, 0x10982, 0x100000000, 0x4, 0x8, 0x400, 0x9, 0x6}, 0x0, 0xf, r1, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe4000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000400)="66b9800000c00f326635000400000f300fc71e4425749e66b8eab9ffdd0f23d80f21f86635400000100f23f866b8ef6700000f23c00f21f8663501000f000f23f866b9860b000066b80300000066ba000000000f306666660fd5ef66b8ca9300000f23d00f21f86635100000010f23f8ba6100ec66b80d0000000f23d00f21f866351000000e0f23f8", 0x89}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r1, 0xc040564b, 0x0) [ 189.611552] binder: BINDER_SET_CONTEXT_MGR already set [ 189.628593] binder: 7433:7440 ioctl 40046207 0 returned -16 [ 189.639504] binder: 7433:7440 BC_CLEAR_DEATH_NOTIFICATION death notification not active 22:03:41 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000200)='cpuacct.usage_percpu\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x2, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$kcm(0x2, 0x3, 0x2) gettid() openat$cgroup_subtree(r1, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffff9c, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0xc0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)}}, 0x10) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000700)={'bond0\x00', @local}) [ 189.684620] hrtimer: interrupt took 48917 ns [ 189.694240] syz-executor.5 (7445) used greatest stack depth: 23624 bytes left 22:03:41 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0x8, &(0x7f00000004c0)='\n') r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) shutdown(r0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x0, 0x0, @remote, 0x1}], 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x9}, 0x1c) mincore(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) write$P9_RLERRORu(0xffffffffffffffff, 0x0, 0x0) 22:03:41 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x1ff, 0x0) mmap(&(0x7f0000008000/0xe000)=nil, 0xe000, 0x0, 0x24012, r0, 0x0) [ 189.719706] audit: type=1400 audit(1555884221.686:41): avc: denied { create } for pid=7446 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 189.724723] syz-executor.5 (7438) used greatest stack depth: 23056 bytes left 22:03:41 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x4000, 0x0) 22:03:41 executing program 1: connect$inet6(0xffffffffffffffff, 0x0, 0x0) clone(0x3102001ff4, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f0000000080)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dccc402318c0a") r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) shutdown(r0, 0x0) exit_group(0x0) 22:03:41 executing program 5: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x14, 0x0, &(0x7f0000000200)=[@register_looper, @clear_death={0x630c}], 0x0, 0x0, 0x0}) [ 189.866957] audit: type=1400 audit(1555884221.686:42): avc: denied { write } for pid=7446 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 22:03:41 executing program 3: r0 = socket$unix(0x1, 0x4000000001, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000780)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) close(r1) 22:03:41 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x805, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x10000000000011) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 22:03:41 executing program 1: syz_open_dev$binder(&(0x7f00000008c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x802) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) ptrace$poke(0x5, 0x0, &(0x7f0000000280), 0x3) [ 189.995659] binder: 7476:7481 ERROR: BC_REGISTER_LOOPER called without request 22:03:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040), &(0x7f0000000080)=0xc) [ 190.040964] binder: 7476:7481 ERROR: BC_ENTER_LOOPER called after BC_REGISTER_LOOPER [ 190.049162] audit: type=1400 audit(1555884221.776:43): avc: denied { read } for pid=7446 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 190.086177] binder: 7476:7481 unknown command 0 22:03:42 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/protocols\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000100)=""/244, 0xf4}], 0x1, 0x76) [ 190.101481] input: syz1 as /devices/virtual/input/input5 [ 190.119072] binder: 7476:7481 ioctl c0306201 200000c0 returned -22 [ 190.145313] binder: 7476:7494 ERROR: BC_REGISTER_LOOPER called without request [ 190.158406] audit: type=1400 audit(1555884221.916:44): avc: denied { map } for pid=7460 comm="syz-executor.2" path="/dev/bus/usb/001/001" dev="devtmpfs" ino=15485 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file permissive=1 [ 190.210511] input: syz1 as /devices/virtual/input/input6 [ 190.232960] binder: 7476:7494 ERROR: BC_ENTER_LOOPER called after BC_REGISTER_LOOPER [ 190.241637] binder: 7476:7494 unknown command 0 [ 190.270230] binder: 7476:7494 ioctl c0306201 200000c0 returned -22 22:03:42 executing program 4: openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x3da, 0x0) 22:03:42 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x44000, 0x0) 22:03:42 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c64, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000200)) ioctl$KVM_GET_PIT2(r1, 0x8070ae9f, &(0x7f00000002c0)) 22:03:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x800000000000001, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040), &(0x7f0000000080)=0xc) 22:03:42 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x805, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x10000000000011) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 22:03:42 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write(0xffffffffffffffff, 0x0, 0x0) [ 190.616511] input: syz1 as /devices/virtual/input/input7 22:03:42 executing program 5: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) 22:03:42 executing program 2: syz_execute_func(&(0x7f00000006c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") clone(0x84007bf7, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() mknod(&(0x7f00000000c0)='./file0\x00', 0x1142, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) ptrace(0x10, r0) creat(&(0x7f0000000100)='./file0\x00', 0x0) select(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) ptrace(0x11, r0) 22:03:42 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x1ff, 0x0) mmap(&(0x7f0000008000/0xe000)=nil, 0xe000, 0x0, 0x24012, r0, 0x0) mremap(&(0x7f0000014000/0x1000)=nil, 0x1002, 0x2000, 0x3, &(0x7f0000008000/0x2000)=nil) 22:03:42 executing program 0: r0 = socket$inet(0x2, 0x3, 0x1c) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xe) ioctl$TCSETSW(r1, 0x5423, &(0x7f0000000040)) 22:03:42 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, 0x0, 0x0) clone(0x3102001ff4, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) shutdown(r1, 0x0) exit_group(0x0) 22:03:42 executing program 1: 22:03:42 executing program 5: 22:03:42 executing program 3: 22:03:42 executing program 1: 22:03:42 executing program 0: 22:03:42 executing program 4: 22:03:42 executing program 1: 22:03:42 executing program 5: 22:03:45 executing program 2: 22:03:45 executing program 3: 22:03:45 executing program 0: 22:03:45 executing program 1: 22:03:45 executing program 4: 22:03:45 executing program 5: 22:03:45 executing program 1: 22:03:45 executing program 3: 22:03:45 executing program 5: 22:03:45 executing program 0: 22:03:45 executing program 4: 22:03:45 executing program 2: 22:03:45 executing program 1: 22:03:45 executing program 5: 22:03:45 executing program 4: 22:03:45 executing program 0: 22:03:45 executing program 3: 22:03:45 executing program 2: 22:03:45 executing program 1: 22:03:45 executing program 4: 22:03:46 executing program 0: 22:03:46 executing program 5: 22:03:46 executing program 3: 22:03:46 executing program 2: 22:03:46 executing program 1: 22:03:46 executing program 4: 22:03:46 executing program 0: 22:03:46 executing program 5: 22:03:46 executing program 4: 22:03:46 executing program 1: 22:03:46 executing program 2: 22:03:46 executing program 3: 22:03:46 executing program 0: 22:03:46 executing program 5: 22:03:46 executing program 1: 22:03:46 executing program 4: 22:03:46 executing program 2: 22:03:46 executing program 3: 22:03:46 executing program 0: 22:03:46 executing program 1: 22:03:46 executing program 2: bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x40000, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) alarm(0x2) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x400000, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x8, 0x11, &(0x7f0000008640)=ANY=[@ANYBLOB="1800000000000000000000000000000061151000000000009500000000000000c017675f450b6da7aa42f823afe225fa806838c5d02b1296051c3a2348322780993842f96385998cecbb44881262fdee93fed3ac6540bf9315a15989134cc7964047ab833acc809897f44ce565cda0640ae9e990f205943967d01bd6cf7bcfe9b5143c514469f65ccf068c7a00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) getpeername$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000080)=0x14) recvmmsg(r0, &(0x7f0000008500)=[{{&(0x7f0000000140)=@can, 0x80, &(0x7f00000000c0)=[{&(0x7f00000001c0)=""/4096, 0x1000}, {&(0x7f00000011c0)=""/192, 0xc0}, {&(0x7f0000001280)=""/230, 0xe6}, {&(0x7f0000001380)=""/84, 0x54}], 0x4, &(0x7f0000001400)=""/131, 0x83}, 0x5}, {{&(0x7f00000014c0)=@alg, 0x80, &(0x7f0000001800)=[{&(0x7f0000001540)=""/183, 0xb7}, {&(0x7f0000001600)=""/56, 0x38}, {&(0x7f0000001640)=""/32, 0x20}, {&(0x7f0000001680)=""/247, 0xf7}, {&(0x7f0000001780)=""/96, 0x60}], 0x5}, 0x5}, {{&(0x7f0000001840)=@isdn, 0x80, &(0x7f0000003b00)=[{&(0x7f00000018c0)=""/173, 0xad}, {&(0x7f0000001980)=""/4096, 0x1000}, {&(0x7f0000002980)=""/64, 0x40}, {&(0x7f00000029c0)=""/95, 0x5f}, {&(0x7f0000002a40)=""/62, 0x3e}, {&(0x7f0000002a80)=""/4096, 0x1000}, {&(0x7f0000003a80)=""/122, 0x7a}], 0x7, &(0x7f0000003b40)=""/4096, 0x1000}, 0x10001}, {{0x0, 0x0, &(0x7f0000005e80)=[{&(0x7f0000004b40)=""/69, 0x45}, {&(0x7f0000004bc0)=""/254, 0xfe}, {&(0x7f0000004cc0)=""/138, 0x8a}, {&(0x7f0000004d80)=""/137, 0x89}, {&(0x7f0000004e40)=""/4096, 0x1000}, {&(0x7f0000005e40)=""/58, 0x3a}], 0x6}, 0x9}, {{&(0x7f0000005ec0)=@isdn, 0x80, &(0x7f00000072c0)=[{&(0x7f0000005f40)=""/68, 0x44}, {&(0x7f0000005fc0)=""/4096, 0x1000}, {&(0x7f0000006fc0)=""/137, 0x89}, {&(0x7f0000007080)=""/40, 0x28}, {&(0x7f00000070c0)=""/202, 0xca}, {&(0x7f00000071c0)=""/206, 0xce}], 0x6, &(0x7f0000007300)=""/1, 0x1}}, {{&(0x7f0000007340)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f00000084c0)=[{&(0x7f00000073c0)=""/82, 0x52}, {&(0x7f0000007440)=""/65, 0x41}, {&(0x7f00000074c0)=""/4096, 0x1000}], 0x3}, 0x7}], 0x6, 0x2000, 0x0) fstat(r2, &(0x7f00000085c0)) bind$alg(r0, &(0x7f0000bf6000)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) r3 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x800) 22:03:46 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000080), 0x0) 22:03:46 executing program 4: openat$cuse(0xffffffffffffff9c, &(0x7f0000000200)='/dev/cuse\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x2, 0x0) prctl$PR_MCE_KILL_GET(0x22) ioctl$KVM_TPR_ACCESS_REPORTING(r0, 0xc028ae92, &(0x7f0000000580)={0x7ff, 0x4}) syz_open_dev$audion(&(0x7f0000000400)='/dev/audio#\x00', 0x9, 0x200) ioctl$SG_GET_VERSION_NUM(r0, 0x2282, &(0x7f0000000100)) r1 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x38, 0x0) ioctl$VIDIOC_OVERLAY(0xffffffffffffffff, 0x4004560e, &(0x7f00000000c0)) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e20, @multicast1}, @in6={0xa, 0x4e21, 0x1f, @empty, 0x20000}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e20, @rand_addr=0xfffffffffffffc00}, @in={0x2, 0x4e23, @loopback}, @in={0x2, 0x4e24, @remote}, @in={0x2, 0x4e24, @multicast1}, @in={0x2, 0x4e22, @multicast1}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xa}}, @in6={0xa, 0x4e21, 0x1, @empty, 0x2}], 0xb8) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000001c0)={0x3}) connect(r1, &(0x7f0000000340)=@sco={0x1f, {0xb158, 0x10001, 0x5, 0x4, 0xffffffffe28eb869, 0x7}}, 0xfffffffffffffec8) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r0, 0x118, 0x1, &(0x7f00000003c0)=0x100, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x11, 0x802, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'team0\x00\n\x00L9\xc8\x815#\x8a\x8b'}) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000240)={'team0\x00\xfd\xff\xff\xff\xc0\xfe\x03\x00\x02\xff', 0x4bfd}) 22:03:46 executing program 3: mkdir(&(0x7f0000000080)='./file1\x00', 0x0) r0 = open$dir(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) rmdir(&(0x7f0000000100)='./file1\x00') fchdir(r0) write$evdev(0xffffffffffffffff, &(0x7f0000057fa0), 0x12b9e2f2) clone(0x2000006102001fbc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file1/../file0\x00', 0x0, 0x0) 22:03:46 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect(r0, &(0x7f0000000180)=@in={0x2, 0x0, @multicast1}, 0xf) 22:03:46 executing program 3: syz_open_dev$binder(&(0x7f00000008c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x802) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper={0x40406301}], 0x1, 0x500000000000000, &(0x7f0000000b80)='\x00'}) 22:03:46 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x11, &(0x7f0000000140), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 22:03:46 executing program 1: clone(0x3106001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x40000000, 0x0) r0 = gettid() openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0) tkill(r0, 0xc) 22:03:46 executing program 0: r0 = socket$inet6(0xa, 0x80000000080003, 0x20000000003a) getsockopt$inet6_mreq(r0, 0x29, 0x21, 0x0, &(0x7f0000000340)) 22:03:46 executing program 2: socket$inet(0x2, 0x3, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7be070") r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x1c, 0x2, 0x1, 0xffffffffffffffff, 0x0, 0x0, {}, [@typed={0x8, 0x2, @pid}]}, 0x1c}}, 0x0) [ 194.625510] device team0 entered promiscuous mode [ 194.646326] binder: 7661:7669 got reply transaction with no transaction stack [ 194.654658] device team_slave_0 entered promiscuous mode [ 194.683397] device team_slave_1 entered promiscuous mode 22:03:46 executing program 1: r0 = socket(0x22, 0x2, 0x4) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, 0x0, 0x0) [ 194.690341] binder: 7661:7669 transaction failed 29201/-71, size 0-0 line 2709 [ 194.718397] binder: 7661:7669 ioctl c0306201 20000100 returned -14 [ 194.724896] 8021q: adding VLAN 0 to HW filter on device team0 22:03:46 executing program 0: syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={[{@grpjquota='grpjquota'}]}) [ 194.753047] audit: type=1400 audit(1555884226.726:45): avc: denied { create } for pid=7671 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 194.753413] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 194.793466] binder: 7661:7685 got reply transaction with no transaction stack [ 194.804274] binder: 7661:7685 transaction failed 29201/-71, size 0-0 line 2709 [ 194.812487] device team0 left promiscuous mode 22:03:46 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00') sendfile(r1, r2, 0x0, 0x10000000000443) [ 194.831411] device team_slave_0 left promiscuous mode [ 194.851565] device team_slave_1 left promiscuous mode [ 194.861366] binder: 7661:7685 ioctl c0306201 20000100 returned -14 [ 194.895620] ================================================================== [ 194.901395] audit: type=1400 audit(1555884226.726:46): avc: denied { write } for pid=7671 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 194.903493] BUG: KASAN: global-out-of-bounds in strscpy+0x20e/0x2c0 [ 194.903511] Read of size 8 at addr ffffffff8677b2a0 by task syz-executor.0/7690 [ 194.903514] [ 194.903527] CPU: 0 PID: 7690 Comm: syz-executor.0 Not tainted 4.14.113 #3 [ 194.903534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.903539] Call Trace: [ 194.903556] dump_stack+0x138/0x19c [ 194.903571] ? strscpy+0x20e/0x2c0 [ 194.970253] print_address_description.cold+0x5/0x1dc [ 194.975461] ? strscpy+0x20e/0x2c0 [ 194.979020] kasan_report.cold+0xaf/0x2b5 [ 194.983195] __asan_report_load8_noabort+0x14/0x20 [ 194.988145] strscpy+0x20e/0x2c0 [ 194.991536] prepare_error_buf+0x94/0x1aa0 22:03:47 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mincore(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000000)={0x6, 0x0, 0x0, 0x85e1, 0x0, 0x6, 0x0, 0x1}) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f00000012c0)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff81"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 194.995795] ? lock_downgrade+0x6e0/0x6e0 [ 194.999964] ? scnprintf_le_key+0x600/0x600 [ 195.004397] ? __lock_acquire+0x5f9/0x45e0 [ 195.008678] __reiserfs_warning+0x9f/0xb0 [ 195.012866] ? reiserfs_printk+0xd0/0xd0 [ 195.017744] ? trace_hardirqs_on+0x10/0x10 [ 195.017763] reiserfs_parse_options+0x153e/0x1820 [ 195.017780] ? find_held_lock+0x35/0x130 [ 195.017793] ? reiserfs_sync_fs+0xe0/0xe0 [ 195.017808] ? trace_hardirqs_on+0x10/0x10 [ 195.036314] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 195.046153] ? lockdep_init_map+0x9/0x10 [ 195.050243] ? debug_mutex_init+0x2d/0x5a [ 195.050262] reiserfs_fill_super+0x461/0x2b20 [ 195.050282] ? finish_unfinished+0x1010/0x1010 [ 195.050302] ? snprintf+0xa5/0xd0 [ 195.050317] ? set_blocksize+0x270/0x300 [ 195.050328] ? ns_test_super+0x50/0x50 [ 195.050342] mount_bdev+0x2c1/0x370 [ 195.050350] ? finish_unfinished+0x1010/0x1010 [ 195.050363] get_super_block+0x35/0x40 [ 195.050373] mount_fs+0x9d/0x2a7 [ 195.050389] vfs_kern_mount.part.0+0x5e/0x3d0 [ 195.050404] do_mount+0x417/0x27d0 [ 195.064332] ? retint_kernel+0x2d/0x2d [ 195.064355] ? copy_mount_string+0x40/0x40 [ 195.064370] ? __sanitizer_cov_trace_pc+0x29/0x60 [ 195.064383] ? copy_mount_options+0x1fe/0x2f0 [ 195.064397] SyS_mount+0xab/0x120 [ 195.064409] ? copy_mnt_ns+0x8c0/0x8c0 [ 195.124196] do_syscall_64+0x1eb/0x630 [ 195.128286] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 195.133232] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 195.138606] RIP: 0033:0x45b69a [ 195.141836] RSP: 002b:00007ff55d343a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 195.149638] RAX: ffffffffffffffda RBX: 00007ff55d343b40 RCX: 000000000045b69a [ 195.157010] RDX: 00007ff55d343ae0 RSI: 0000000020000040 RDI: 00007ff55d343b00 [ 195.164285] RBP: 0000000000000000 R08: 00007ff55d343b40 R09: 00007ff55d343ae0 [ 195.171746] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003 [ 195.179291] R13: 00000000004c782d R14: 00000000004dd880 R15: 00000000ffffffff [ 195.190312] [ 195.191937] The buggy address belongs to the variable: [ 195.197217] __func__.31266+0x980/0x3a60 [ 195.201269] [ 195.202903] Memory state around the buggy address: [ 195.207854] ffffffff8677b180: fa fa fa fa 00 03 fa fa fa fa fa fa 00 00 00 00 [ 195.215492] ffffffff8677b200: 00 06 fa fa fa fa fa fa 00 03 fa fa fa fa fa fa [ 195.223057] >ffffffff8677b280: 00 00 00 00 06 fa fa fa fa fa fa fa 00 03 fa fa [ 195.230686] ^ [ 195.235562] ffffffff8677b300: fa fa fa fa 00 00 00 00 05 fa fa fa fa fa fa fa [ 195.243049] ffffffff8677b380: 00 03 fa fa fa fa fa fa 00 00 00 01 fa fa fa fa [ 195.250412] ================================================================== [ 195.258132] Disabling lock debugging due to kernel taint [ 195.263863] Kernel panic - not syncing: panic_on_warn set ... [ 195.263863] [ 195.272118] CPU: 0 PID: 7690 Comm: syz-executor.0 Tainted: G B 4.14.113 #3 [ 195.275974] kobject: 'bluetooth' (ffff8880802b7b80): kobject_add_internal: parent: 'virtual', set: '(null)' [ 195.280796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.280800] Call Trace: [ 195.280819] dump_stack+0x138/0x19c [ 195.280830] ? strscpy+0x20e/0x2c0 [ 195.280837] panic+0x1f2/0x438 [ 195.280844] ? add_taint.cold+0x16/0x16 [ 195.280859] kasan_end_report+0x47/0x4f [ 195.280867] kasan_report.cold+0x136/0x2b5 [ 195.280878] __asan_report_load8_noabort+0x14/0x20 [ 195.280885] strscpy+0x20e/0x2c0 [ 195.280897] prepare_error_buf+0x94/0x1aa0 [ 195.280908] ? lock_downgrade+0x6e0/0x6e0 [ 195.280931] ? scnprintf_le_key+0x600/0x600 [ 195.305037] kobject: 'hci1' (ffff88805de761e8): kobject_add_internal: parent: 'bluetooth', set: 'devices' [ 195.306406] ? __lock_acquire+0x5f9/0x45e0 [ 195.306419] __reiserfs_warning+0x9f/0xb0 [ 195.306431] ? reiserfs_printk+0xd0/0xd0 [ 195.312367] kobject: 'hci1' (ffff88805de761e8): kobject_uevent_env [ 195.313175] ? trace_hardirqs_on+0x10/0x10 [ 195.317387] kobject: 'hci1' (ffff88805de761e8): fill_kobj_path: path = '/devices/virtual/bluetooth/hci1' [ 195.321572] reiserfs_parse_options+0x153e/0x1820 [ 195.321587] ? find_held_lock+0x35/0x130 [ 195.321595] ? reiserfs_sync_fs+0xe0/0xe0 [ 195.321604] ? trace_hardirqs_on+0x10/0x10 [ 195.321646] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 195.321659] ? lockdep_init_map+0x9/0x10 [ 195.328262] kobject: 'rfkill4' (ffff888096906ca8): kobject_add_internal: parent: 'hci1', set: 'devices' [ 195.330830] ? debug_mutex_init+0x2d/0x5a [ 195.330844] reiserfs_fill_super+0x461/0x2b20 [ 195.330856] ? finish_unfinished+0x1010/0x1010 [ 195.330870] ? snprintf+0xa5/0xd0 [ 195.330883] ? set_blocksize+0x270/0x300 [ 195.330893] ? ns_test_super+0x50/0x50 [ 195.330904] mount_bdev+0x2c1/0x370 [ 195.330912] ? finish_unfinished+0x1010/0x1010 [ 195.330930] get_super_block+0x35/0x40 [ 195.330939] mount_fs+0x9d/0x2a7 [ 195.330951] vfs_kern_mount.part.0+0x5e/0x3d0 [ 195.330971] do_mount+0x417/0x27d0 [ 195.337468] kobject: 'rfkill4' (ffff888096906ca8): kobject_uevent_env [ 195.339283] ? retint_kernel+0x2d/0x2d [ 195.339300] ? copy_mount_string+0x40/0x40 [ 195.339316] ? __sanitizer_cov_trace_pc+0x29/0x60 [ 195.344193] kobject: 'rfkill4' (ffff888096906ca8): fill_kobj_path: path = '/devices/virtual/bluetooth/hci1/rfkill4' [ 195.347989] ? copy_mount_options+0x1fe/0x2f0 [ 195.348008] SyS_mount+0xab/0x120 [ 195.348018] ? copy_mnt_ns+0x8c0/0x8c0 [ 195.348034] do_syscall_64+0x1eb/0x630 [ 195.363330] kobject: 'rfkill4' (ffff888096906ca8): kobject_uevent_env [ 195.366692] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 195.366709] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 195.366716] RIP: 0033:0x45b69a [ 195.366725] RSP: 002b:00007ff55d343a88 EFLAGS: 00000206 [ 195.373080] kobject: 'rfkill4' (ffff888096906ca8): fill_kobj_path: path = '/devices/virtual/bluetooth/hci1/rfkill4' [ 195.378283] ORIG_RAX: 00000000000000a5 [ 195.378289] RAX: ffffffffffffffda RBX: 00007ff55d343b40 RCX: 000000000045b69a [ 195.378294] RDX: 00007ff55d343ae0 RSI: 0000000020000040 RDI: 00007ff55d343b00 [ 195.378298] RBP: 0000000000000000 R08: 00007ff55d343b40 R09: 00007ff55d343ae0 [ 195.378303] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003 [ 195.378309] R13: 00000000004c782d R14: 00000000004dd880 R15: 00000000ffffffff [ 195.383319] Kernel Offset: disabled [ 195.615213] Rebooting in 86400 seconds..