[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.356236] audit: type=1800 audit(1556757636.198:33): pid=7021 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 38.378763] audit: type=1800 audit(1556757636.198:34): pid=7021 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 41.407786] random: sshd: uninitialized urandom read (32 bytes read) [ 41.757712] audit: type=1400 audit(1556757639.598:35): avc: denied { map } for pid=7193 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 41.827918] random: sshd: uninitialized urandom read (32 bytes read) [ 42.535025] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.45' (ECDSA) to the list of known hosts. [ 48.200780] random: sshd: uninitialized urandom read (32 bytes read) 2019/05/02 00:40:46 fuzzer started [ 48.411745] audit: type=1400 audit(1556757646.258:36): avc: denied { map } for pid=7204 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 50.332450] random: cc1: uninitialized urandom read (8 bytes read) 2019/05/02 00:40:49 dialing manager at 10.128.0.105:39807 2019/05/02 00:40:49 syscalls: 2434 2019/05/02 00:40:49 code coverage: enabled 2019/05/02 00:40:49 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/05/02 00:40:49 extra coverage: extra coverage is not supported by the kernel 2019/05/02 00:40:49 setuid sandbox: enabled 2019/05/02 00:40:49 namespace sandbox: enabled 2019/05/02 00:40:49 Android sandbox: /sys/fs/selinux/policy does not exist 2019/05/02 00:40:49 fault injection: enabled 2019/05/02 00:40:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/05/02 00:40:49 net packet injection: enabled 2019/05/02 00:40:49 net device setup: enabled [ 53.104887] random: crng init done 00:43:12 executing program 5: r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x5, 0x400) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e23, 0x6, @local, 0x4}, @in6={0xa, 0x4e24, 0x54, @local, 0x534}], 0x48) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f00000000c0)) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x22000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000180)={0x290, r1, 0x820, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x20, 0x6, [@TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x100}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xffffffffffffff09}]}, @TIPC_NLA_MEDIA={0xec, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7a33}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff}]}]}, @TIPC_NLA_LINK={0xc8, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffe01}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x54, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x101}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x22}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fffffff}]}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7fff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xefff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}]}, @TIPC_NLA_LINK={0x70, 0x4, [@TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xc45f}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x940d}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xdeb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}]}, @TIPC_NLA_NODE={0x1c, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1ff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x290}}, 0x4040000) ioctl$VIDIOC_QUERYSTD(r0, 0x8008563f, &(0x7f00000004c0)) ioctl$VIDIOC_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000500)={0x0, 0x0, [], {0x0, @bt={0x4, 0xc69d, 0x1, 0x3, 0x78, 0x10000, 0xee96, 0x3, 0x8001, 0x7, 0x8, 0x1ff, 0x100000000, 0x0, 0x10, 0x10}}}) ioctl$VIDIOC_G_CTRL(r0, 0xc008561b, &(0x7f00000005c0)={0x1, 0xf2}) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000600)=0x1ff, 0x4) syz_genetlink_get_family_id$tipc2(&(0x7f0000000640)='TIPCv2\x00') ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000680)={0x3, 0x3a714f77, 0x1000, 0xdaef, 0x2, @discrete={0x2, 0x7}}) r2 = gettid() migrate_pages(r2, 0x9, &(0x7f00000006c0)=0x7, &(0x7f0000000700)=0x8) bind$vsock_dgram(r0, &(0x7f0000000740)={0x28, 0x0, 0x2711, @reserved}, 0x10) getpeername$unix(r0, &(0x7f0000000780), &(0x7f0000000800)=0x6e) migrate_pages(r2, 0x4, &(0x7f0000000840)=0x9, &(0x7f0000000880)=0x4) ioctl$DRM_IOCTL_AGP_ACQUIRE(r0, 0x6430) r3 = syz_open_dev$cec(&(0x7f00000008c0)='/dev/cec#\x00', 0x0, 0x2) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000900)={0x4}) write$FUSE_INIT(r0, &(0x7f0000000940)={0x50, 0xfffffffffffffffe, 0x6, {0x7, 0x1d, 0xfff, 0x400, 0xffff, 0xe43, 0xffff, 0x40}}, 0x50) kcmp(r2, r2, 0x7, r3, r0) linkat(r3, &(0x7f00000009c0)='./file0\x00', r0, &(0x7f0000000a00)='./file0\x00', 0x400) bind$isdn(r0, &(0x7f0000000a40)={0x22, 0x81, 0x6, 0x5, 0x5}, 0x6) setpgid(r2, r2) ioctl$TCSETXF(r3, 0x5434, &(0x7f0000000a80)={0x0, 0x5, [0xff, 0x2, 0x27, 0x2, 0x8], 0x9}) llistxattr(&(0x7f0000000ac0)='./file0\x00', &(0x7f0000000b00)=""/38, 0x26) write$cgroup_int(r3, &(0x7f0000000b40)=0x71, 0x12) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000000e00)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000bc0)={0x1d0, r1, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0xa8, 0x5, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffffd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd91}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NODE={0x20, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffffffffffd}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x1fd}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}]}, @TIPC_NLA_NET={0x3c, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xffffffff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7f}]}, @TIPC_NLA_LINK={0x18, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}]}, @TIPC_NLA_LINK={0x74, 0x4, [@TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xc1e}]}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x40004}, 0x20008800) finit_module(r0, &(0x7f0000000e40)='/dev/cec#\x00', 0x2) socket$inet(0x2, 0xa, 0x5) 00:43:12 executing program 2: r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="03875b007d5ad9073d24062a55a8c5ef99952216fa3b885c8a27b4c05e4c309c05beef586094cfb7b1248c6ddfb45ba339eb355171eb10b78ae2c0bafa8ed296ac211c80d2917a1c77fe7fe9c05fbb2188a569216eb671e0a82f4dd3038ab6a7190db6c0357e114965550cf9e76cdf0128e9aa7fc70850780f8ccb6f8af670a6604d29c01a74c982c2bde8fc000913aca17f524c1275030a2ea251b16e827e0a5e234346", 0xa4, 0xfffffffffffffffa) keyctl$read(0xb, r0, &(0x7f0000000140)=""/245, 0xf5) r1 = add_key(&(0x7f0000000240)='dns_resolver\x00', &(0x7f0000000280)={'syz', 0x2}, &(0x7f00000002c0)="7354cfa5013689ec2d97dd119c50432da91eb71dfa570eb3082f64d9a62d6f1a328f0858f69859c3c75687fb5ae5ab18d339321d5a9a506624b3db8957fc54dd5e26deaa126cb804b08574d4516dc0bfb14bf23179c3dd364b112aa2fb506f5b0ec68b0576b18212b99eb76cddb8d9889deb40225740ef517e755f905942163ad512ddf01eee30c7397d122db519167b7fab1e5ce8f48b7c95ec3caf62fd6ad1701c614ac0d769eba4f6615219e880b646bbdb1ef8cc82fdbdf6aa0d0607bc14bcd4a9fb6b26527450becd52335614c4280a24adca57686939c857bd0d368b7b19a2333de30534dedc87fce17f7caf5ec546ee29d1da8267d2a7e206e363bd8ac1b603bea29a530c820a84dbd6ecd93cb437391564f938379fe0e9b5b085dd293ffc17bcd2fad06d0a8994c67d04e90c7929e6d38432b0e440855bd17f7d8363815b9eb96723a3f59ece7d27c770519a1a8981ae5d0982653f98f6150c47da3e2f170fcf238aaccf147a32b40245a77ff8bccf9da338a0626e80d41ab6d65e438ae0ada56c8582c38ecd025f4fe48f3b1b423e1e9ff4f06e6a88f7c0730a8b0a36d35021e443f509d76ef479d36828c07a360bfadfe2ee64272c53eb79cea8df027657e1dce724e3918cad5c3293749bc81877e2e7a178c35f61765734f4110f52faa1d0cfe7d83afbb3e5cebb8d204cdad5c4bce34d26a2954e67a411cc50b2e97ced0737879ab8e6e3f1485bf05ca5f7a1b72ba84d1a1a15d3829367a15b633324de99628eb953ab6963ab729882dd3352a8b83b2546e3e30d93c368ceb5588ff83444f7c77982ab1ecdc0da75b26fe31f4d4795c9971f80b1d9be7f826cc4efe92e83e5e7f6b0fc1caa92665075835de7350a26323eb4fe7954d8e17160d90f0115c635fcfc67b8f67c2eff62ee317cbcfd0740bceba7776957595ba4c1ed62f9ed518b58f9a0f3de5d482e33ca3c552804cae4c27a411a0210efc942c33686063b82ac62f5a703de9830a4535645cb4399ae22cc39a358f01d069f48cd4aada50896d11868b141728e2c714b6f90ba705689c55b646d27376347cc265f91683b1f84934c39ca99f6a1818c9282966dc59ae5d4b98558ae91f1f74f17041979a09d2252fac16ad9e326b6ea7c66836e57d2a9f1cbf8f21c032770e2fe139b8067908cbd7004236adfef123f182d7b9e7d22051f792f4b2a8d24b12398ff7425e6def0e2e9d61a2a048dafab58bf20fc28fe937c1e1e9691e5d25a17437ab48074a30704f79f483d923fd1ddcb7eda03f5d49af8e6e13ced14c7fbab83c66f8d1b76652ae3b18a76f4911ec9ad3edb76e4a84a5a0dbd3839e9f46a900972f95465f7285590918ebb4db6133570c2bcf356a4debb4cc56328d7f94f060297e12578e90534a490c7705b4f6deb2e84e88cecc4a88ac286d33a38330136fc55a6630b923accba643bdb1cb136b0f4e6dac87436ff6781b160f7ece21a4f3471850dc5a677cdf99c16e55ced238ac4b3cd31f18384c3cabe21cc503a5aaafb8bb97e0f28a290c906f3a601d1e2fe034bee70442373d9e4139972d18300de90ca16f78c85598db931152f1bd580a1803df615dd11863dfc04eceeac98f45106bcf245dbc261223671cafff49145f39921ad06282ddf2c4bda8256d155a89f93230dd2383acb6171698c5abad4a2705ef3a98fdb620c2ec203323c4fb310a136712ec5a5678e3250beba55e47c5aba058dd0e089701e5a93458f080f259784964ad1bd081cdadbb7b47d59a406f9b2f434149e237f29c21f4c0730c8b5ab11ac1ce7e2793d4f00846379b1978161350039abcf68d676fd46fc7f3dec0b7a78742b6de003f6e3625c29b53e901d866ea57a3cc8a673c843069cf50702638d6c570e61733a87559c2c7cff935a7caba51a8c462ad498edfdf5362d2b09499d085d94b42a90c9b6c012afac9013521092612637db917259121212e0a720122498a69ab797b3006480ff67ddcf14638370b88a2a4a1884b32d1b298dce266574440735a11496b4eb4f316f456145e495c0cc0ec28bf43d594591bd931a7f6bf83a70d219906dcc45f505dc2d37c9ff5e6960576e57c339e4ac51e64f9f273f949d34b90d4483917515f9dc822248e1036302704ec692a214c1bdf4a19221a0b17d7964c22f1588aa0d73aac2fcc1e77e58508892cb8bc4975dbdbc9c63a601116aa8f98d11c7902b078ed5b7ccf3ff41eb3a301ec385e2b13028c0528d38e023880587a0b4b1aca76dd3ce0d50576f4ebbf1409b4d37e2121722ffb637c65bb2a8fbc0ef52bc0f65a861301249dc40f992ef375c28619030387172a799722ea24503e634fc82084053af29f73c95449de94c73cba91b37c32e3f20332d096f0d7efb71083972ba157d330fd08e9f0963778ff5a6e637098ecf63cbe217e545c2258be3054f114dca1377a7ecaeef000d797767e8f6a1f30a42f9f1cadacfbe516525539d4919255c1a1d1ce644316c322ebfe1c0367162bdc1f07c325477f0809686104386015d04862a4a4f5c67c311107022f49e9221b76c10a6e711b0d288b5ca7e4d383319f7e81b771181e000bb17f878da1781e5ebbf4d1dddc7f28b83d7360ced26df5fbe69e5a51af693329318bd1925c334db6ec7b9dbfed5050381fbd7d823158b87e3967a9cb04eb82891b2e1a78f5828330daba4e16dfe5557b96ebd5c18601e44f38d6227b137b7f99d47bf40afda704b4c47efa431f9a022b0f5f7ade6063070d4f0aa3fb48ea9b515280b429cddd260b70ab4603ad9d83d12c10c432037afeecaa17e105bf66af5d7244cc2bf97c16b60dd25574e0dc11498b3142fff9bf6067409a9d7c0df3d532e09ef4f9db5cdcd527744aaea0da9a5b13a6360f656ea5cb2ef3135de77380db14da4499b37c35ba39544bd64cec860fd81e289b2616ad717bc483eddb0100f3be90c38d5117217c549cf6b1739c0749ef0d005bd5da8f6fbe59bcf3f26a8f5ee864884d380c8f4217b5d86383c9745af0c7d7f493a4cdee8e2727bd8c0bc845cd1846aa4aed923e4a0531700574fca933aac6fb856e9543b9b815cad61fe9742f39edb1f9d43d0751b4db4b4ea18da82a2cf5ff5608718b81f15fcf58869eedea13693fb1ee84388f6ef61767aea5c5e11e8fb9458ed3709193ac6aa171ad2cf01f8686c81c7e0273b1325a9cd250c3bdb0a80bf419f02be10061c94e4515efee427e0d81ad2ba35b42add04ca4f4bd12a7bf789106fe34a858614398a170d1c402f0a472e60792c15ba134dc3bcfb323c31aa98ac858e6e1a3c316c54ced5d975e9ca805455741911ad1319ad6f6274603ca981ef37ce32e365b6b049a6f3a35dd2913b2fc066b8ec61cd24b717298b75978b0bd4ddcd7b4bc6ace29fffa855202f711ddb5c044af989598d889345392650d2a3d7c8d10b00186599e0570be18bb286863a3cd41388b95f249fec826e79008c02fffd01395ac167ab471cabf33fbcf423293cf6e072fb14d2fb8beaeab57a59a886a5cbda0393a0af2fa37b0e3fb87753bd8cfae3aefaa8c5ff6ed3408d5d10c98ac5bb6d8963c55d60c6c253fa1bb95b308ceb49adb4371634060153f5920de6098ba6aae0f3de6cae7f6473dc6c17d55b7027eefee6c1ee12c829ce28844f41f61d2a1aab26150ab7b9941f7ffff0415a18e66b94718b3e2d696789eea5e865775bc97ec3e96df357009d6b63b0d95f4fbc8a45768e4fc45aee572d06bec9e7268c7355e9223f445cc4c87730be32c3cf2f8162bf092a7baafffd2a38a9e2d388b274c09337660a9e97ce2e465f26e315ef8e1adb6c309e5955f6fcb29170e42e3137baaf58f985cc94db08b7fdd30ccbf41f7d97e0f9a3428cccb871be052f700724d952edd3d48e7fe7bc6f201e0881a98a6c2d1b93f7fffa36b6bbae71ce3d11c795640aa80ac396b1c7de687dae0c5b3bd6bb3e17b0763b4965235a101ae248450b5eaaaac08023e4a389898d2ccf4d139d9a416a59560ade755cd70170c293794028c590d808e4972ac791f0d009d744662ed0cfe32fc3f47029ffbf31e15cd6f672b1066f8f8b674cb0ce7e023832907da8a0ee3842a3d2c8e75b39e9ce33070fcc8bc8dadb670b985d1105f7489fb8890ffc6f030157f705a8da57df495d9e9b9ff1757f4a80d97313022a3728fccb866ea7511479000c2f6af0e1151be321727f911c79454df853ce43cd9fa594e9241b7c7cb19cf620509f4209a7ea986f6a4343c398a3ebe2ece8e3dce08c74521d62ac7b5c68d3b90e0d41c3f5d053b58a8592b4744f0bdcc2684135ab0a11254f4fc32e47f645052ac76b6a7cac0d95959723e95fcc212f8821177e3a56d929b707727ca54b6a0e9a1ee33114d29b2716303af19afcd2191d2ed32bbefcbc76273bd18a9046db242587d85a7b96c444cec9f42e30aaf217ef8be25af0becda684abaac83a7691de5ddebeb4888ddfdd7071860c9cb8a617af35fe31955af52105f68d79daa20536341cac52fc1573b963af250626bd96777605991bb2f730c9330d2b2fa2e8b10ac719fb68a293f27b8e6fdc9aa814176b70df434f30d2a5299800cf5576689c7aff12972bf32b18ead2465bc1d975656e500fd206d8d76cfa2f746ebe6e98a1151a96cbb664930035e555c8b719f43601ff6d3324d8e55f6d90f6b6310eca45078e54d82663dd42ccd4a84948fbdcd24ebc289a783570cb8b2c7691c72cec98daa1472747ee427ab27ca5da470a2433277dba3cebb3be5c085532c431f0943388d5cc9fa268cfc352da32e3db4d27f8a2038d058666d7d29bff0ce1a4a46cf3573a499cfd3d3903d9042e556a485d5b3568e66bea83d5a17c77b2dbdf63a7961c7387366ef328d4364aca866581be3a2ffdc60d7d5cd359dae8347f0836e9b106a075c5cafd0fce263ce5139abf2e4ffdba9597fea1d42370232f5d14dc4be6df52cc192d1d64d9b5f523c8aa31dd7335d711188f7493e4a1facfb55ec3316d6a172a66b24f3676079a20eaed08ee7115291dc003df615f87a48da7dd311900656cef4e4940bc06d1ec22132f775bc399d5d12178cbf8c666e75124fae5f2fc22eeff314262cde036ce6f3a2a6a17ce85c3842308d363949815282037afdede4134be7d32bc0673e78de8e63980fb70f6f016014bac7af513a29e612bd2932c22696ef88133746c673223f54071c69c7b7952c7d7531662bbe076aafab5b26bf5534b1780bd1efdb8acb1a375dc35c1b34a47b2f56bb09ffb711b5517ac5ce25fb7d5208914201827a4dc62b0b32801a19283d0b589cab552d1e6ad4e11500daddb79491f8c80b193e1aa3cfacc8362961551fdaf871385dfab829ca34c3614a852846314a4e74d47511fd6db1b59a8e370b04619aa7f00aa15c5508dd5baf9382e25856296d2dceef780274ff148847145af3f7f1be5e59fd1bc78899714d5c3ab6dfd14a4e4e298ac4312fd704a604c31c105091acec810aa3d2ea8c20c2de81b8e3b879bd4987aeededf392be5e0ddaf67e356171b7304de431af503c503fe4ac93d6428ee46c9bbebe75c08a4e1e94a03e62df2feff98dec4ea222c09a13dc2a199b619cec9de60babeb51fe8dae9b09036cb3e192652ea71e393090fbd967feae91bc52f03792e55f7a33ea4fee6ecbc5c8760e6bb18338580061da6803beb2f800eee8ca3ba802750f5ac6c8675934764cdf52dfc2946bc8aa0a262a0d51d4cc0f1d85c49cfa932e81e618666116e5f01c0e8fdc2357cd0280cc5cd604959367b4328", 0x1000, r0) keyctl$link(0x8, r0, r1) r2 = syz_open_dev$vcsa(&(0x7f00000012c0)='/dev/vcsa#\x00', 0x0, 0x200000) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000001300)={'veth1_to_bridge\x00', 0x600}) r3 = memfd_create(&(0x7f0000001340)='*selinux\x00', 0x1) setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f0000001380)=@bpq0='bpq0\x00', 0x10) ioctl$int_out(r2, 0x2, &(0x7f00000013c0)) syz_emit_ethernet(0xdd, &(0x7f0000001400)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @local, [{[{0x9100, 0x5, 0x9, 0x4}], {0x8100, 0xfaab, 0x8}}], {@generic={0x897f, "d0e87c4649fbd235ce0818ee5539fa8f64c2e6a96d19ae67de0781f26d94fd2a0ea72dc3f3d1b200b43bd0aa648f7a06aead81369595ba42a5178f80ca366ac76854e53e8ffccc4eee3b29c6f1cdb922f98db306d424514783302b2106a81862d9c1abc821ecf2e5a9dbe93266d56416eb1ccf412ba17757bbebff49957a44e61de68fe916e000256611de80db35c66ef3cc29eb040edeca78223c787260c8d2932c18e6b0a7e94d24aa5a4f6287fc6e3d293b0d657069d4465d5f3db3e07bb49b3138d9a059f5"}}}, 0x0) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000001500)={0x0, 0x0, 0x0, 0x7fff, 0x44, 0x0, 0x6, 0x1c, 0x0, "e5ac59d79d90fc0d7dcc09f7bebe1c9f7a0ba5268a0b46cd80e6ec408801712ddd5616af51f991ee866018c4e2e00b36c0b06166e3aaf3fd6e4541b22955bce7", "74dbd9758a84db0e44b7def855c5ad2a92795078eae55f84dc84fe91ffeb886e1854126c3b12308dfc652cb2254bf3fb6ef7e59a276920a2ee2fa83eeee041ef", "6af876063a1345cf1abf7d3b7692fa96d606eb065aa4f18510e2a2873a792ad3", [0x4, 0x8191]}) getsockopt$ARPT_SO_GET_INFO(r2, 0x0, 0x60, &(0x7f0000001600)={'filter\x00'}, &(0x7f0000001680)=0x44) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) llistxattr(&(0x7f00000016c0)='./file0\x00', &(0x7f0000001700)=""/230, 0xe6) clock_gettime(0x0, &(0x7f0000001800)={0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r2, 0x402c5342, &(0x7f0000001840)={0x100000000, 0x3, 0x4, {r5, r6+30000000}, 0x1, 0x2}) keyctl$setperm(0x5, r1, 0xffffffff) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f00000018c0)=0x2400000, 0x4) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001940)='TIPCv2\x00') sendmsg$TIPC_NL_NET_GET(r2, &(0x7f0000001a80)={&(0x7f0000001900), 0xc, &(0x7f0000001a40)={&(0x7f0000001980)={0xa0, r7, 0x0, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x88, 0x4, [@TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffffe}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xba}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3f5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xce}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000000}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MEDIA={0x4}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4040800}, 0x4845) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x40013, r2, 0x37) prctl$PR_GET_FPEXC(0xb, &(0x7f0000001ac0)) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000001bc0)={0x0, 0x0}, &(0x7f0000001c00)=0xc) lstat(&(0x7f0000001c40)='./file0/file0\x00', &(0x7f0000001c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_unix(&(0x7f0000001b00)='./file0\x00', &(0x7f0000001b40)='./file0\x00', &(0x7f0000001b80)='9p\x00', 0x2000, &(0x7f0000001d00)={'trans=unix,', {[{@aname={'aname', 0x3d, 'veth1_to_bridge\x00'}}, {@msize={'msize', 0x3d, 0x81}}, {@access_client='access=client'}], [{@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@dont_hash='dont_hash'}, {@fowner_eq={'fowner', 0x3d, r8}}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@uid_eq={'uid', 0x3d, r9}}]}}) r11 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000001dc0)='/dev/vga_arbiter\x00', 0x2, 0x0) syz_open_dev$midi(&(0x7f0000001e00)='/dev/midi#\x00', 0xffffffff, 0x80) setsockopt$bt_BT_POWER(r11, 0x112, 0x9, &(0x7f0000001e40)=0x101, 0x1) setfsgid(r10) ioctl$KIOCSOUND(r2, 0x4b2f, 0x4) 00:43:12 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x200000, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000040)={0x0, 0x23, "9e7fa7661b9df6813f7670e28b605a5fa5f4f5a872eaf972166ca5bd6247a0c453a04e"}, &(0x7f0000000080)=0x2b) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000000c0)={r1, 0x80000000}, 0x8) r2 = accept4$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000140)=0x14, 0x80800) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000240)={{{@in6=@empty, @in6=@empty, 0x4e24, 0x0, 0x4e22, 0x0, 0xa, 0xa0, 0xa0, 0x3c, r3, r4}, {0x9, 0x2, 0x6, 0x1, 0x40000000000, 0x7fff, 0x2, 0x101}, {0x81, 0x7, 0x7}, 0x8001, 0x6e6bba, 0x3, 0x0, 0x3, 0x2}, {{@in6=@empty, 0x4d5, 0x6f}, 0xa, @in6=@initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x0, 0x7, 0x0, 0x2, 0xb3, 0x7, 0x24000000000}}, 0xe8) r5 = syz_open_dev$radio(&(0x7f0000000340)='/dev/radio#\x00', 0x1, 0x2) ioctl$VT_OPENQRY(r5, 0x5600, &(0x7f0000000380)) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000003c0)={{{@in=@empty, @in=@loopback, 0x4e22, 0x7, 0x4e20, 0x9, 0xa, 0xa0, 0xa0, 0x2f, r3, r4}, {0x20, 0xffffffffffff0a0c, 0x8, 0x0, 0x12c, 0xfffffffffffffffc, 0xffff, 0x2}, {0x9, 0x80000000, 0x3}, 0x3, 0x6e6bb4, 0x0, 0x0, 0x1, 0x3}, {{@in=@local, 0x4d4, 0xff}, 0xa, @in6=@loopback, 0x3503, 0x1, 0x1, 0x9, 0x0, 0x1ff, 0x3f}}, 0xe8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000004c0)={0x101}, 0x1) arch_prctl$ARCH_SET_CPUID(0x1012, 0x1) readv(r2, &(0x7f0000000680)=[{&(0x7f0000000500)=""/107, 0x6b}, {&(0x7f0000000580)=""/25, 0x19}, {&(0x7f00000005c0)=""/174, 0xae}], 0x3) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000006c0)={0x0}, &(0x7f0000000700)=0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000007c0)={0x0, r5, 0x0, 0xc, &(0x7f0000000780)='/dev/radio#\x00', 0xffffffffffffffff}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000800)={r6, r0, 0x0, 0xc, &(0x7f0000000740)='/dev/radio#\x00', r8}, 0x30) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) ioctl$FS_IOC_RESVSP(r7, 0x40305828, &(0x7f0000000840)={0x0, 0x0, 0xffffffffffff8000, 0x9}) signalfd4(r7, &(0x7f0000000880)={0x7}, 0x8, 0x80800) ioctl$SIOCX25SDTEFACILITIES(r0, 0x89eb, &(0x7f00000008c0)={0x7, 0x7f, 0x6, 0x7, 0x100000000, 0x21, 0x1d, "c07c2c9ed224b13833c8deb7aa5ce6cd5ad9987c", "2c019cf75c739e49722b5341ba87e918e5c3186e"}) ioctl$SIOCX25SDTEFACILITIES(r0, 0x89eb, &(0x7f0000000900)={0x10001, 0x2, 0x9, 0x8001, 0x4, 0x7, 0x26, "be50431aa6d57c7f6bb071819de78ca1ae120b00", "62a55d9f13c56a7db9161962590a508496e824bb"}) r9 = pkey_alloc(0x0, 0x1) pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, r9) setsockopt$sock_int(r5, 0x1, 0x1d, &(0x7f0000000940)=0x8, 0x4) ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000980)) iopl(0xffff) ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000b00)={0x0, 0x3, 0x3, [], &(0x7f0000000ac0)={0x9b0b7f, 0xd0, [], @string=&(0x7f0000000a80)=0x7}}) openat$cgroup(r0, &(0x7f0000000b40)='syz0\x00', 0x200002, 0x0) readv(r0, &(0x7f0000000d00)=[{&(0x7f0000000b80)=""/29, 0x1d}, {&(0x7f0000000bc0)=""/89, 0x59}, {&(0x7f0000000c40)=""/161, 0xa1}], 0x3) membarrier(0x0, 0x0) r10 = semget(0x3, 0x3, 0x362) semctl$GETALL(r10, 0x0, 0xd, &(0x7f0000000d40)=""/57) 00:43:12 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x4, 0x400000) ioctl$TCSETXW(r0, 0x5435, &(0x7f0000000040)={0x80000000, 0x37f, [0xfff, 0xff, 0x7f, 0xfffffffffffffffd, 0x42], 0x6}) ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x7d) ioctl$FIBMAP(r0, 0x1, &(0x7f00000000c0)=0x4) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000100)={0x100000000, 0x6, 0x6, 0x8, 0x10000, 0x1}) setsockopt$inet_tcp_buf(r0, 0x6, 0x1e, &(0x7f0000000140)="aa20801f10854377bc3a5c1d38b3c7e746ae24558626511e04b37607c1723fd3184f448b6d7c18d6143c3bfa8b0027e3edb88d4c021e03f8", 0x38) r1 = fcntl$dupfd(r0, 0x406, r0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) r2 = socket$isdn_base(0x22, 0x3, 0x0) read$FUSE(r1, &(0x7f0000000180), 0x1000) r3 = add_key(&(0x7f0000001180)='asymmetric\x00', &(0x7f00000011c0)={'syz', 0x3}, &(0x7f0000001200)="8f5c6f3a4aff0c241e7258014a9407eb4f1413da71ad064506f7807c7805e907a71b057ff71748dc3f5f92831d96853ff1a9986da68d9c257ffe08f0d6ff694aca6a4da60cfa64ba178b4dfcd73ce02e27f4e62529900e3ca66f685f2ad7a94818f538498a58f51fa3ab62006983b0260c5b87acf838fcef8b0ddf900a3156aeead8c878f93fd1232c3c964d062fe0e8d2c646", 0x93, 0xfffffffffffffffe) keyctl$instantiate(0xc, r3, 0x0, 0x0, 0xfffffffffffffffb) ioctl$DRM_IOCTL_ADD_BUFS(r0, 0xc0206416, &(0x7f00000012c0)={0x7fff, 0x1f, 0x1f, 0x1f, 0x1, 0x9}) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x6) pwritev(r0, &(0x7f00000017c0)=[{&(0x7f0000001300)="9d848dca56900a650697a2c092467cc7af1ee20697150ce5f69d17a105de7aec87ba9b81a3e7071a9c789011fac16c7af8d3720244b76f671ab50e9f186d14a8a9c0ca2795e20e8595db030887", 0x4d}, {&(0x7f0000001380)="435cebdb39ec6740426986d6641c1ac1c40dca08e11f3006fe7bdf04f437302b57cfba7b0dd3d7435b57edcc6ec76cb60cf3578be02659bf31e5d0caa253bdd21ca44d645b94d5038b52f66252cc4f510a290a36d6db500dcb9251efc3f933ead3c6ebd7a6a85b2bf90359d74c83a40ad53f13f2c6057a1578684bc8f0af7e6f973da14fbe8a284129095b40b13f648a620442d2c0217265bccff3a6dc16af1afcd46fe40674b5c47683018a564772ac", 0xb0}, {&(0x7f0000001440)="7abfdf554ea0326f3fdd2666b9ed39be83653ec2ae5478beae8355f299c649cc998d752da35a1fbf504c265f99fc0dfd133dde44255250407758a8e5c2001e249106f82d76288df5e1b767b2a01525d9a13cd21d08119602e6f5403299b2615fe3e1f043429ca887d0af44de8e6a7941af74548697656676dbda9b9c92f05a70ab846c883e400591805bca37a6000cff7baa537f5b09c6edbb19b6669743c9aa936a5214527b903cfd096dd2ce492172e776356ed32a621890e06c92a19161621057a5b04c01f86da4a1b6d14b17d0a4cd09515276ecb5487aefe496a398274bdef62df3876b01b2a359a677ae14baf962766b8373cf3f8019", 0xf9}, {&(0x7f0000001540)="5b1335d05e70145446cfa7dab0752e0feaa6a5af1ca6fc75a254cf135812a46dea33bd314704362294ee27edc4fe96245cb878561071fbb3f6bffa696cf994399096eb90998fba8273140227608144b7e89defe2b601668ef368664efebf08b55025a2f02f324637249fb456952d7207e1b89467f7f9eed63ae0b4498daf2a30664806fbe4977c6e2210f678709d47159466635cb463f3d3a2f34fa5aa", 0x9d}, {&(0x7f0000001600)="e067cb33955eb9d814370dcf75616666aaf42ea5e47fd19356bb0167a01a242f96dc132a5306a73c6c4f09660cc81097ea714bdd70e42ee80ba3eec4db6c0d6cde3e6f5c85f46310845cbc7feaceadb6b248e68ca672cc307eda6163056fa8f781d81ff1d03dc6784f06212f4413e6237122", 0x72}, {&(0x7f0000001680)="07cb404d49297e26331a39e52ab99775212111ee0ba097030790130427d50cf0d12c774c9e49689e0363208660fb4a1631e4616fc6b3a14682a9ae366406cf970d457ff8f6168d7da7f4f11dc69669a19556b52e26d8a62c2525c2a38ae426566df4f48b9c5d62daea200ccd2a842df46d26913059a005", 0x77}, {&(0x7f0000001700)="c32d73461938c2dba2c172516ed0", 0xe}, {&(0x7f0000001740)="16b38af463ac906afc", 0x9}, {&(0x7f0000001780)="5d12a0108806406c6f677cc1e9ab3af3c4b59300180b541287d4c3142ffe43d116e5f8b29a101dc39fa88c3fa2d3c5e5", 0x30}], 0x9, 0x75) keyctl$assume_authority(0x10, r3) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000001880)='/proc/thread-self/attr/current\x00', 0x2, 0x0) ioctl$TIOCGSID(r1, 0x5429, &(0x7f00000018c0)) write$binfmt_elf64(r0, &(0x7f0000001900)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x3, 0x0, 0xffffffffffffffb1, 0xfffffffffffffff7, 0x3, 0x7, 0x8001, 0x330, 0x40, 0x310, 0x63279f87, 0x1, 0x38, 0x1, 0x0, 0x3, 0xdb8}, [{0x3, 0x8, 0x6, 0x1, 0x8001, 0x7490, 0x7ff, 0x7ff}], "61700e7cc54681959ef0211d512bc30cff2aed9e5a1804dfa9f3444eb7c49ab1ef15", [[], [], [], [], []]}, 0x59a) bind$unix(r0, &(0x7f0000001ec0)=@abs={0x1, 0x0, 0x4e20}, 0x6e) ioctl$KVM_GET_XCRS(r1, 0x8188aea6, &(0x7f0000001f40)={0x5, 0x5, [{0xff, 0x0, 0x5}, {0x5, 0x0, 0x1}, {0x9, 0x0, 0x7ff}, {0x4, 0x0, 0x1}, {0x8, 0x0, 0x80000001}]}) ioctl$DRM_IOCTL_INFO_BUFS(r1, 0xc0106418, &(0x7f0000001fc0)={0x8, 0x7, 0x7, 0x1ff, 0x4, 0xb1ce}) ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000002000)={0xffffffffffffffff, 0x38ae000000000000, 0xf80b}) umount2(&(0x7f0000002040)='./file0\x00', 0x4) lsetxattr(&(0x7f0000002080)='./file0\x00', &(0x7f00000020c0)=@known='trusted.overlay.nlink\x00', &(0x7f0000002100)='\x00', 0x1, 0x3) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000002140)={0x0, @broadcast, @empty}, &(0x7f0000002180)=0xc) bind$x25(r1, &(0x7f00000021c0)={0x9, @remote={[], 0x1}}, 0x12) ioctl$EVIOCGABS3F(r1, 0x8018457f, &(0x7f0000002200)=""/72) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000002280)={0x4, 0x0, 0x1, 0x0, 0x4, 0x5}) fadvise64(r2, 0x18, 0x8001, 0x0) 00:43:12 executing program 3: r0 = creat(&(0x7f0000000000)='\x00', 0x8) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', 0x0, 0x10}, 0x10) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f00000000c0)={0x80000010}) ioctl$KVM_HYPERV_EVENTFD(r0, 0x4018aebd, &(0x7f0000000100)={0x2, r0, 0x1}) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000200)={{{@in=@local, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@ipv4}}, &(0x7f0000000300)=0xe8) mount$9p_rdma(&(0x7f0000000140)='127.0.0.1\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x20002, &(0x7f0000000340)={'trans=rdma,', {'port', 0x3d, 0x4e24}, 0x2c, {[{@sq={'sq', 0x3d, 0xa0000}}, {@sq={'sq', 0x3d, 0x1000}}, {@rq={'rq'}}, {@common=@posixacl='posixacl'}, {@common=@cache_none='cache=none'}, {@sq={'sq', 0x3d, 0x95}}], [{@dont_hash='dont_hash'}, {@appraise_type='appraise_type=imasig'}, {@smackfstransmute={'smackfstransmute'}}, {@euid_eq={'euid', 0x3d, r2}}]}}) fstatfs(r1, &(0x7f0000000440)=""/91) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f00000004c0)={0x0, 0x0, [], @bt={0x3, 0x0, 0x10001, 0xffffffffffffffe1, 0xfff, 0x1, 0x36e70e9b1f0584bb, 0x1}}) ioctl$SIOCX25SCUDMATCHLEN(r0, 0x89e7, &(0x7f0000000580)={0x1b}) finit_module(r1, &(0x7f00000005c0)='vmnet0,\x00', 0x1) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f0000000600)={0x0, 0xaaec, 0x1, 0x1}) getgroups(0x2, &(0x7f0000000680)=[0x0, 0xffffffffffffffff]) fchownat(r0, &(0x7f0000000640)='./file0\x00', r2, r3, 0xd00) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f00000006c0)={{0x1, 0x4}, {0x4, 0x100000001}, 0x8, 0x3, 0x3}) ioctl$BLKGETSIZE(r0, 0x1260, &(0x7f0000000740)) ioctl$KDMKTONE(r0, 0x4b30, 0x1) r4 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000780)='/dev/mixer\x00', 0x283, 0x0) setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f00000007c0)=0x4, 0x2) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000800)={{0x0, 0x0, 0x9, 0x0, 0x5}}) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000840)={0x0, 0xd57b}, &(0x7f0000000880)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f00000008c0)={0x0, 0x5}, &(0x7f0000000900)=0x8) getsockopt$inet_sctp6_SCTP_STATUS(r4, 0x84, 0xe, &(0x7f0000000940)={r5, 0x7fffffff, 0xffffffffffff8001, 0x2dea, 0x8000, 0x7f, 0x400, 0x3f5, {r6, @in6={{0xa, 0x4e21, 0x1f, @empty, 0x8001}}, 0x8, 0x80, 0x6000000000000000, 0x0, 0x100000001}}, &(0x7f0000000a00)=0xb0) sendto$ax25(r4, &(0x7f0000000a40)='d', 0x1, 0xc004, &(0x7f0000000a80)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x7}, [@null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}, 0x48) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000b00)={0x9, {{0xa, 0x4e21, 0x0, @mcast1, 0x9}}, 0x0, 0x7, [{{0xa, 0x4e22, 0x10001, @rand_addr="57bb3b5d7f258e9b88922ff2faae0645", 0x3}}, {{0xa, 0x4e23, 0x3, @mcast1, 0x7}}, {{0xa, 0x4e24, 0x401, @dev={0xfe, 0x80, [], 0x12}, 0xfffffffffffff0d5}}, {{0xa, 0x4e24, 0x6, @loopback, 0xba8}}, {{0xa, 0x4e24, 0x885, @mcast2, 0x6}}, {{0xa, 0x4e21, 0x40, @mcast1, 0x5ae}}, {{0xa, 0x4e20, 0x5, @dev={0xfe, 0x80, [], 0x1a}, 0x401}}]}, 0x410) chmod(&(0x7f0000000f40)='./file0\x00', 0x2) getdents64(r4, &(0x7f0000000f80)=""/21, 0x15) connect$inet6(r4, &(0x7f0000000fc0)={0xa, 0x4e21, 0x7, @empty, 0x1}, 0x1c) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000001000)=0x7, 0x4) ioctl$SNDRV_TIMER_IOCTL_TREAD(r4, 0x40045402, &(0x7f0000001040)) getpeername$inet(r4, &(0x7f0000001080)={0x2, 0x0, @broadcast}, &(0x7f00000010c0)=0x10) 00:43:12 executing program 4: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x140, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000040)='security\x00') r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r1, 0x800, 0x70bd2a, 0x25dfdbfe, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4) write$binfmt_elf64(r0, &(0x7f00000001c0)={{0x7f, 0x45, 0x4c, 0x46, 0x7f, 0x400, 0x80000000, 0x5, 0x800, 0x3, 0x0, 0x8d7, 0x1c1, 0x40, 0x2df, 0x9, 0x8, 0x38, 0x2, 0x4, 0x6, 0x8}, [{0x60000000, 0x9, 0x0, 0xf8400000, 0x0, 0x10000, 0x3}, {0x60000001, 0xfffffffffffffffc, 0x1f, 0x7, 0xfff, 0x2, 0xffff, 0x9}], "7a7ad00cefe6296745e91e112d80e0b9b30464d455fedb3f5c25e70c65d63fe53bb99e70fb1ad68ed85385375d6a8c79fc6323af0e1b72c1adc86ecfbcb6818417acb56fa693a1530ebf5f6d14966a8e7be316357a37e99edf58e3d6ef91d2d4b58661cfd3122b4aa22fcdedd129156095ff6d24cdd03fbfbac85654405ff58f502e3a792da186e385464a11fba752aee14e561e2f759ecdb6"}, 0x149) r2 = getegid() getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000400)={{{@in6, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in=@empty}}, &(0x7f0000000500)=0xe8) mount$9p_virtio(&(0x7f0000000340)='/proc/self/net/pfkey\x00', &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x2025, &(0x7f0000000540)={'trans=virtio,', {[{@noextend='noextend'}, {@dfltgid={'dfltgid', 0x3d, r2}}, {@access_client='access=client'}, {@loose='loose'}], [{@context={'context', 0x3d, 'unconfined_u'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'selinux,\'em1{#-'}}, {@fowner_eq={'fowner', 0x3d, r3}}]}}) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f00000006c0)={&(0x7f0000000600), 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x30, r1, 0x318, 0x70bd2b, 0x25dfdbfc, {{}, 0x0, 0x4101, 0x0, {0x14, 0x17, {0x0, 0xffffffffffffffff, @l2={'eth', 0x3a, 'lo\x00'}}}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x4091}, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000700)='/dev/ptmx\x00', 0x84000, 0x0) fsetxattr$trusted_overlay_redirect(r4, &(0x7f0000000740)='trusted.overlay.redirect\x00', &(0x7f0000000780)='./file0\x00', 0x8, 0x1) ioctl$VIDIOC_DBG_G_REGISTER(r0, 0xc0385650, &(0x7f00000007c0)={{0x3, @addr=0x8}, 0x8, 0xbec, 0x3ff}) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x6) getsockopt$inet6_int(r0, 0x29, 0x57, &(0x7f0000000800), &(0x7f0000000840)=0x4) ioctl$IOC_PR_RESERVE(r0, 0x401070c9, &(0x7f0000000880)={0x1000, 0x55f, 0x1}) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f00000008c0)={0x3, "3ca932"}, 0x4) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f0000000900)) ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000000940)) bind$nfc_llcp(r0, &(0x7f0000000980)={0x27, 0x0, 0x0, 0x7, 0x1000, 0xfffffffffffffffa, "5a47ef8aa6bc9f56c9de6fa74bb752f99a00a4d623a8dbeae5b432c90445eb3155b039286d984aa36e22118cf58d7ff350c9cbf3eb943d728425a2e8b171f9", 0xc}, 0x60) r5 = syz_open_dev$vbi(&(0x7f0000000a00)='/dev/vbi#\x00', 0x3, 0x2) setsockopt$RXRPC_SECURITY_KEYRING(r0, 0x110, 0x2, &(0x7f0000000a40)='access=client', 0xd) r6 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000a80)='/proc/self/attr/exec\x00', 0x2, 0x0) getsockname$inet6(r0, &(0x7f0000000ac0)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000b00)=0x1c) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000b40)=@req={0x7, 0x7, 0x400, 0xcf}, 0x10) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000b80)={0x7, 0x1, 0x9, 0x7, 0x18, 0x80, 0x2, 0xe3, 0x2, 0x4, 0x4, 0x400}) ioctl$EXT4_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000bc0)=0x1) getsockopt$inet_sctp_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000c00)={0x0, 0x3, 0x5882, 0xfffffffffffffffd}, &(0x7f0000000c40)=0x10) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r5, 0x84, 0x13, &(0x7f0000000c80)={r7, 0x7}, &(0x7f0000000cc0)=0x8) ioctl$IMGETCOUNT(r0, 0x80044943, &(0x7f0000000d00)) read$rfkill(r4, &(0x7f0000000d40), 0x8) [ 194.664591] audit: type=1400 audit(1556757792.508:37): avc: denied { map } for pid=7204 comm="syz-fuzzer" path="/root/syzkaller-shm063213288" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 194.726438] audit: type=1400 audit(1556757792.568:38): avc: denied { map } for pid=7220 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13813 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 195.430225] IPVS: ftp: loaded support on port[0] = 21 [ 195.778932] chnl_net:caif_netlink_parms(): no params data found [ 195.788593] IPVS: ftp: loaded support on port[0] = 21 [ 195.845842] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.852543] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.863603] device bridge_slave_0 entered promiscuous mode [ 195.874373] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.880817] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.887849] device bridge_slave_1 entered promiscuous mode [ 195.910699] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 195.919827] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 195.941082] IPVS: ftp: loaded support on port[0] = 21 [ 195.962945] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 195.970967] team0: Port device team_slave_0 added [ 195.978678] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 195.986121] team0: Port device team_slave_1 added [ 195.994010] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 196.017039] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 196.059000] chnl_net:caif_netlink_parms(): no params data found [ 196.101985] device hsr_slave_0 entered promiscuous mode [ 196.140262] device hsr_slave_1 entered promiscuous mode [ 196.225079] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 196.243442] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 196.272116] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.278545] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.285329] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.291725] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.311921] IPVS: ftp: loaded support on port[0] = 21 [ 196.391477] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.397845] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.404928] device bridge_slave_0 entered promiscuous mode [ 196.414268] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.421276] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.428247] device bridge_slave_1 entered promiscuous mode [ 196.434646] chnl_net:caif_netlink_parms(): no params data found [ 196.475483] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 196.496476] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 196.535379] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 196.544777] IPVS: ftp: loaded support on port[0] = 21 [ 196.545214] team0: Port device team_slave_0 added [ 196.573771] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.580558] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.587427] device bridge_slave_0 entered promiscuous mode [ 196.594166] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 196.601890] team0: Port device team_slave_1 added [ 196.609990] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 196.618648] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 196.629208] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.635712] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.643288] device bridge_slave_1 entered promiscuous mode [ 196.670416] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 196.679387] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 196.773128] device hsr_slave_0 entered promiscuous mode [ 196.820384] device hsr_slave_1 entered promiscuous mode [ 196.863314] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 196.873502] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 196.880646] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 196.888118] team0: Port device team_slave_0 added [ 196.896917] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 196.904122] team0: Port device team_slave_1 added [ 196.909748] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.927777] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.970906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.984338] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 196.995526] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 197.025894] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 197.033223] chnl_net:caif_netlink_parms(): no params data found [ 197.080878] IPVS: ftp: loaded support on port[0] = 21 [ 197.088499] device hsr_slave_0 entered promiscuous mode [ 197.140472] device hsr_slave_1 entered promiscuous mode [ 197.180799] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 197.187959] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 197.247953] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 197.265733] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 197.271952] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.289001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.297339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.326096] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 197.356320] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.363271] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.372010] device bridge_slave_0 entered promiscuous mode [ 197.378827] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.386067] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.393836] device bridge_slave_1 entered promiscuous mode [ 197.426057] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 197.436353] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 197.449083] chnl_net:caif_netlink_parms(): no params data found [ 197.465517] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 197.473249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 197.482702] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 197.490495] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.496893] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.504259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 197.512718] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 197.520408] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.526762] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.541378] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 197.555834] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 197.596244] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 197.607665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 197.617214] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 197.624545] team0: Port device team_slave_0 added [ 197.656425] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 197.663918] team0: Port device team_slave_1 added [ 197.684762] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 197.704845] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 197.713466] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 197.729976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 197.740312] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 197.812285] device hsr_slave_0 entered promiscuous mode [ 197.850337] device hsr_slave_1 entered promiscuous mode [ 197.893559] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 197.902872] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 197.909936] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 197.917208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 197.925003] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 197.933119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 197.940879] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 197.948437] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 197.956814] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.963311] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.970641] device bridge_slave_0 entered promiscuous mode [ 198.017719] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.025377] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.032349] device bridge_slave_1 entered promiscuous mode [ 198.051563] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 198.060950] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 198.069829] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 198.081498] chnl_net:caif_netlink_parms(): no params data found [ 198.115898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 198.126203] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 198.135872] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 198.145863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.153866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.186254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 198.194238] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 198.203789] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 198.209798] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 198.223796] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 198.231287] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 198.238538] team0: Port device team_slave_0 added [ 198.244717] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.251596] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.258511] device bridge_slave_0 entered promiscuous mode [ 198.265465] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.272238] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.279120] device bridge_slave_1 entered promiscuous mode [ 198.303849] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 198.311334] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 198.319105] team0: Port device team_slave_1 added [ 198.324887] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 198.334237] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 198.343474] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 198.361704] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 198.368970] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.375524] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 198.383656] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.392047] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 198.405950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.413701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.420860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.427659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.493767] device hsr_slave_0 entered promiscuous mode [ 198.550506] device hsr_slave_1 entered promiscuous mode [ 198.590880] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 198.612815] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 198.621266] team0: Port device team_slave_0 added [ 198.627030] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 198.634355] team0: Port device team_slave_1 added [ 198.644661] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 198.652598] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 198.669227] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 198.677463] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 198.684042] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.697794] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 198.704025] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.713014] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 198.762314] device hsr_slave_0 entered promiscuous mode [ 198.810615] device hsr_slave_1 entered promiscuous mode [ 198.864613] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 198.873454] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 198.886649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 198.894352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 198.902393] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.908728] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.915629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 198.923897] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 198.931886] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.938232] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.946442] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 198.954246] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 198.962173] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 198.970287] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 198.987698] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 199.002313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.013287] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 199.019604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.028846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.037413] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.043818] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.052709] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 199.061866] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.069637] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.077540] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.083892] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.095311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 199.109362] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 199.118313] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 199.126137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.133876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.144312] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.155293] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 199.164977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.178675] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 199.192439] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.198566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.206635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.213657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.222938] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 199.230618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.238397] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.248488] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 199.259042] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 199.267011] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 199.274170] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.282349] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.289785] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.297587] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.308386] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 199.317023] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.326539] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 199.337330] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 199.344425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.353144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.372783] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 199.381619] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 199.391989] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 199.408222] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 199.417117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.425564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.434370] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.440944] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.448561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.457134] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.468932] audit: type=1400 audit(1556757797.308:39): avc: denied { create } for pid=7253 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 199.474461] syz-executor.5 uses obsolete (PF_INET,SOCK_PACKET) [ 199.494808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.506826] audit: type=1400 audit(1556757797.308:40): avc: denied { write } for pid=7253 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 199.531374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.538888] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 199.548581] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 00:43:17 executing program 5: r0 = open(&(0x7f0000000040)='./file0\x00', 0x40000, 0x100) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10080}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="150e2a05c60005b700050003000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x800) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r3 = socket$inet6(0xa, 0x802, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x8800, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @local}, 0x1c) dup3(r2, r3, 0x0) [ 199.549492] audit: type=1400 audit(1556757797.308:41): avc: denied { read } for pid=7253 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 199.556256] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 199.598501] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 199.616369] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 199.630993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.639614] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.647389] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.653808] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.661047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 199.668601] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 199.677271] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 199.684719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.698178] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 199.714932] 8021q: adding VLAN 0 to HW filter on device bond0 00:43:17 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x3e1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040), 0x4) ioctl(0xffffffffffffffff, 0x8000001000008912, &(0x7f0000000180)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)) r2 = socket$rds(0x15, 0x5, 0x0) accept4(r2, 0x0, 0x0, 0x800) [ 199.727398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.755034] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.769081] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.778330] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 199.778996] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 199.786950] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 199.808258] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.826444] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 199.835097] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.847075] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.859082] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.869951] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.878747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.886762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.911121] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready 00:43:17 executing program 5: r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x103000, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='mime_type)vboxnet1,$trusted\xee,vmnet1keyring.posix_acl_access\x00', 0xffffffffffffff9c}, 0x10) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000003c0)={0x30, 0x5, 0x0, {0x0, 0x5, 0x0, 0x6}}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r1) mkdir(&(0x7f0000000240)='./control\x00', 0x0) rmdir(&(0x7f0000000080)='./control\x00') ioctl$TCSETA(0xffffffffffffffff, 0x5406, &(0x7f00000002c0)={0x5, 0x0, 0xffff, 0x7e43, 0x0, 0x2, 0x0, 0x0, 0x2}) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB=',\x00']) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, &(0x7f0000048000), 0x0) r2 = gettid() get_robust_list(r2, &(0x7f0000000640)=&(0x7f0000000600)={&(0x7f0000000580)={&(0x7f0000000540)}, 0x0, &(0x7f00000005c0)}, &(0x7f0000000680)=0x18) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r3 = syz_open_dev$amidi(&(0x7f00000004c0)='/dev/amidi#\x00', 0x3, 0x418101) sendfile(r0, r3, &(0x7f0000000500), 0x6) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}}, &(0x7f0000000180)) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x2000001, 0x100000000000031, 0xffffffffffffffff, 0x0) tkill(r2, 0x1000000000016) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$llc_int(r4, 0x10c, 0x3, &(0x7f0000000000), 0x4) connect$llc(r4, &(0x7f0000000080)={0x1a, 0x304, 0x7, 0x4, 0x2, 0x82, @local}, 0x10) [ 199.934230] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 199.962495] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.971880] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 199.977966] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.986177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.994483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.003146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.015040] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.022769] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.032767] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 200.038846] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.057409] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 200.065103] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 200.075270] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 200.085135] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 200.093748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.102008] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.109865] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 200.118503] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 200.126411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.134766] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.142855] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.149342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.157630] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 200.175656] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 200.183133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 200.192123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.206273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.215591] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.222052] bridge0: port 1(bridge_slave_0) entered forwarding state 00:43:18 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x20200, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000100)={@ipv4={[], [], @remote}, 0x2, 0x0, 0x3, 0x1, 0x1105}, 0x20) syz_execute_func(&(0x7f0000000040)="b12b91cd806666660fe337d0d0c44179fd8df96d6dc1c7c7e4c653fb0fc4014c5868f4a95ff9c44149f2168f4808eebce00000802000c421fc51c1ea01efc48192558dc3c366450f186746f3f10faee47c7c730f5726400f0d18c401fe5ff6e3df646736676666430fefb3000000000804f4f30f1a1254111d54111d00") [ 200.234250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 200.242859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 200.255529] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 200.268164] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 200.278175] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 200.291512] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 200.297612] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 200.309833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.318215] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.327117] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.333613] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.341285] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.349270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.357205] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.363734] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.377582] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 200.388387] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 200.401874] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 200.409134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.418224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.428338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 00:43:18 executing program 0: sched_setaffinity(0x0, 0x8, &(0x7f0000000540)=0x5) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x40000, 0xfff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1, 0x0, 0x8}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000100)=0xc) sched_setaffinity(r2, 0x8, &(0x7f0000000200)=0x5e24) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000001c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_create(0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240), 0x100000000000018c, 0x0) ioctl$RTC_PLL_GET(0xffffffffffffffff, 0x80207011, &(0x7f0000000180)) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) [ 200.437478] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 200.447621] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 200.469758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 00:43:18 executing program 2: r0 = shmget(0x2, 0x4000, 0x7c000201, &(0x7f0000ffa000/0x4000)=nil) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x400, 0x0) shmat(r0, &(0x7f0000a00000/0x600000)=nil, 0x4000) shmctl$IPC_RMID(r0, 0x0) [ 200.494327] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 200.517965] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 200.527595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.566502] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.576177] hrtimer: interrupt took 28053 ns [ 200.611175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.619335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 00:43:18 executing program 0: syz_execute_func(&(0x7f00000004c0)="c4e379614832074a2be91c0b980f05f7a6aae28920aec4a37bf0c50141e2e922ebc4a2fd1ceb262f43ca070064d11bc421fa6f3d136c0000c4222d901c22d2dec461dc57b1e67d0b252e42de19fa0040dbe1490f5ab09a000000682f160f41fe4cbec5c54d0f2c718f56c4010cc69b000000000e4b6868ee22c1afcc9df8c482e59c8a0008000010c483057f6e3e5340b26736440fd836c4a31149a00700000024c422a18e7f35642666420fe7503b6c1fed6c1feda827c4a2a9095351647168c4c19dfb96f88e0000943a56288836670fe0a9f27f00009ad60404c421875dcc53ef768b8b8b27c4a27949d926430faefae1d8463107383baa32d467460f33390082826a78106f65030000004074d266413a010fc442fd2121b19b9b0020f2f1a1c9000000001adddd411171f200594fdc62c9c402cdae4df80ff2219ad0818194d804092ddd8f0b00470f0f71498e007bf208f5266766450f3824d141e9040000002e3264074636cc4683b9080000000dc4e27d0ed2c461f9d7d6b2aad9c7d26c1bf378473e40d9f50f001e0000a858e943fbc42119da3c5eb0b000430fc4c17c77cee5c5629c0521f95a1717474cf9f2400f118b7b000000c421f15a0cdac403f96ca1000080201000d59745080000000000e0ed2828754464650f1b8800000081412f653e460f5619690dd5c4c1cdc28a0000000000c4c36742a5c4027918d5c401d973fe0cc4c1adfe31c4424d3e48898020") [ 200.661225] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.668474] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.706049] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 200.727419] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 200.734214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.742790] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 00:43:18 executing program 2: r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000000080)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$binfmt_elf32(r0, &(0x7f00000015c0)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYRES16]], 0x5b8b0a79) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 200.754347] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 200.764735] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 200.774510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.783052] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.791665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 200.799544] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 200.813516] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 200.826470] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 200.843181] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 200.855100] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 200.865101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 200.873408] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 200.886730] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 200.898013] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 200.906500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 200.918091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 200.927196] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 200.939461] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 200.947205] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 200.964889] ================================================================== [ 200.972556] BUG: KASAN: use-after-free in refcount_inc_not_zero+0xd3/0xe0 [ 200.975625] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 200.979536] Read of size 4 at addr ffff888086803d80 by task kworker/u4:1/22 [ 200.992839] [ 200.992960] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 200.994472] CPU: 1 PID: 22 Comm: kworker/u4:1 Not tainted 4.14.114 #4 [ 201.007128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.007193] Workqueue: tipc_rcv tipc_recv_work [ 201.021149] Call Trace: [ 201.023842] dump_stack+0x138/0x19c [ 201.027499] ? refcount_inc_not_zero+0xd3/0xe0 [ 201.032164] print_address_description.cold+0x7c/0x1dc [ 201.037474] ? refcount_inc_not_zero+0xd3/0xe0 [ 201.042085] kasan_report.cold+0xaf/0x2b5 [ 201.046267] __asan_report_load4_noabort+0x14/0x20 [ 201.051226] refcount_inc_not_zero+0xd3/0xe0 [ 201.055675] refcount_inc+0x16/0x40 [ 201.059347] tipc_subscrb_rcv_cb+0x61d/0xa80 [ 201.063803] tipc_receive_from_sock+0x28a/0x4e0 [ 201.068548] ? trace_hardirqs_on+0x10/0x10 [ 201.072804] ? tipc_send_work+0x5a0/0x5a0 [ 201.076993] ? process_one_work+0x787/0x1610 [ 201.081432] ? __lock_is_held+0xb6/0x140 [ 201.085528] ? check_preemption_disabled+0x3c/0x250 [ 201.090582] tipc_recv_work+0x8b/0xf0 [ 201.094422] process_one_work+0x868/0x1610 [ 201.098692] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 201.103386] worker_thread+0x5d9/0x1050 [ 201.107384] kthread+0x31c/0x430 [ 201.110776] ? process_one_work+0x1610/0x1610 [ 201.115283] ? kthread_create_on_node+0xd0/0xd0 [ 201.119983] ret_from_fork+0x3a/0x50 [ 201.123710] [ 201.125352] Allocated by task 22: [ 201.128817] save_stack_trace+0x16/0x20 [ 201.132819] save_stack+0x45/0xd0 [ 201.136272] kasan_kmalloc+0xce/0xf0 [ 201.139993] kmem_cache_alloc_trace+0x152/0x790 [ 201.144672] tipc_subscrb_connect_cb+0x46/0x160 [ 201.149352] tipc_accept_from_sock+0x280/0x470 [ 201.153954] tipc_recv_work+0x8b/0xf0 [ 201.157769] process_one_work+0x868/0x1610 [ 201.162019] worker_thread+0x5d9/0x1050 [ 201.166012] kthread+0x31c/0x430 [ 201.169409] ret_from_fork+0x3a/0x50 [ 201.173132] [ 201.174776] Freed by task 5: [ 201.177813] save_stack_trace+0x16/0x20 [ 201.181815] save_stack+0x45/0xd0 [ 201.185294] kasan_slab_free+0x75/0xc0 [ 201.189198] kfree+0xcc/0x270 [ 201.192339] tipc_subscrb_put+0x27/0x30 [ 201.196355] tipc_subscrb_release_cb+0x20/0x30 [ 201.201057] tipc_close_conn+0x179/0x210 [ 201.205133] tipc_send_work+0x470/0x5a0 [ 201.209149] process_one_work+0x868/0x1610 [ 201.213410] worker_thread+0x5d9/0x1050 [ 201.217413] kthread+0x31c/0x430 [ 201.220798] ret_from_fork+0x3a/0x50 [ 201.224509] [ 201.226136] The buggy address belongs to the object at ffff888086803d80 [ 201.226136] which belongs to the cache kmalloc-96 of size 96 [ 201.238660] The buggy address is located 0 bytes inside of [ 201.238660] 96-byte region [ffff888086803d80, ffff888086803de0) [ 201.250322] The buggy address belongs to the page: [ 201.255332] page:ffffea00021a00c0 count:1 mapcount:0 mapping:ffff888086803000 index:0x0 [ 201.263895] flags: 0x1fffc0000000100(slab) [ 201.268287] raw: 01fffc0000000100 ffff888086803000 0000000000000000 0000000100000020 [ 201.276207] raw: ffffea00024968e0 ffffea00025e72a0 ffff8880aa8004c0 0000000000000000 [ 201.284097] page dumped because: kasan: bad access detected [ 201.289843] [ 201.291472] Memory state around the buggy address: [ 201.296427] ffff888086803c80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 201.303805] ffff888086803d00: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 201.311191] >ffff888086803d80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 201.318611] ^ [ 201.322011] ffff888086803e00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 201.329392] ffff888086803e80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 201.336757] ================================================================== [ 201.344146] Disabling lock debugging due to kernel taint [ 201.349709] Kernel panic - not syncing: panic_on_warn set ... [ 201.349709] [ 201.357093] CPU: 1 PID: 22 Comm: kworker/u4:1 Tainted: G B 4.14.114 #4 00:43:19 executing program 2: syz_open_dev$sndtimer(0x0, 0x0, 0xfffffffffffffffe) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = creat(&(0x7f00000004c0)='./file0\x00', 0x0) write$cgroup_type(r1, 0x0, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000000)=""/143, 0x0) fallocate(r0, 0x11, 0x0, 0xd000000) [ 201.364895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.369508] kobject: 'loop2' (ffff8880a491b6e0): kobject_uevent_env [ 201.374286] Workqueue: tipc_rcv tipc_recv_work [ 201.374293] Call Trace: [ 201.374310] dump_stack+0x138/0x19c [ 201.374326] ? refcount_inc_not_zero+0xd3/0xe0 [ 201.387349] kobject: 'loop2' (ffff8880a491b6e0): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 201.387914] panic+0x1f2/0x438 [ 201.387922] ? add_taint.cold+0x16/0x16 [ 201.387941] kasan_end_report+0x47/0x4f [ 201.416811] kasan_report.cold+0x136/0x2b5 [ 201.421075] __asan_report_load4_noabort+0x14/0x20 [ 201.426018] refcount_inc_not_zero+0xd3/0xe0 [ 201.430446] refcount_inc+0x16/0x40 [ 201.434089] tipc_subscrb_rcv_cb+0x61d/0xa80 [ 201.438519] tipc_receive_from_sock+0x28a/0x4e0 [ 201.443214] ? trace_hardirqs_on+0x10/0x10 [ 201.447479] ? tipc_send_work+0x5a0/0x5a0 [ 201.451640] ? process_one_work+0x787/0x1610 [ 201.456072] ? __lock_is_held+0xb6/0x140 [ 201.460232] ? check_preemption_disabled+0x3c/0x250 [ 201.465291] tipc_recv_work+0x8b/0xf0 [ 201.469112] process_one_work+0x868/0x1610 [ 201.473367] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 201.478076] worker_thread+0x5d9/0x1050 [ 201.482076] kthread+0x31c/0x430 [ 201.485457] ? process_one_work+0x1610/0x1610 [ 201.486418] audit: type=1800 audit(1556757799.198:42): pid=7320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=16532 res=0 [ 201.489964] ? kthread_create_on_node+0xd0/0xd0 [ 201.489977] ret_from_fork+0x3a/0x50 [ 201.514202] Kernel Offset: disabled [ 201.526434] Rebooting in 86400 seconds..